Long before the Rs 11,400 crore Punjab National Bank (PNB) scam jolted India, Reserve Bank of India had warned about the abuse of the SWIFT interbank network for "unauthorized transfer of funds". A letter from the central bank in August 2016 has emerged on the back of the government's stinging assessment that "supervisory failure" facilitated India's biggest banking fraud.
- RBI warned banks about abuse of SWIFT interbank network
- Nirav Modi fraud went undetected for years
- RBI circular advised banks to set up Cyber Security Framework
The RBI's letter was dated August 3, exactly a month before economist Raghuram Rajan's term ended.
The PNB, the country's second biggest government bank, discovered last month that its officials at a branch in Mumbai helped celebrity jeweller Nirav Modi and others by issuing fake guarantees or Letters of Undertaking to get loans from banks overseas.
The fraud went undetected for years as one of the officials shared his password to the SWIFT network with Nirav Modi's employees and also didn't record the transactions in the books. The bank says its core banking solutions were not integrated with SWIFT, so there was no internal alert on the transactions. The fake guarantees were routed to the foreign bank branches through the SWIFT system.
It was way back in 2016 that the RBI appeared to have forewarned banks about the abuse of SWIFT, after an attempt was made to swindle another government bank, the Union Bank of India. SWIFT (Society for Worldwide Interbank Financial Telecommunications) is a messaging system used by banks across the world to send information and instructions in an encrypted format through a secure channel.
RBI's five-page letter asked banks to have the SWIFT infrastructure comprehensively audited for malicious software activities. "Appropriate steps may also be taken to rectify malicious activity and to patch vulnerabilities if any," it said.
Banks were also asked to "strengthen control over payment instructions sent to banks and reconcile transactions in real time so that any abnormality is noticed immediately."
The letter suggested that banks introduce a "second level of approval" for payment messages beyond a limit that could be decided internally. Banks were asked to see if SWIFT messages could be reconciled with payment messages "every one to two hours" for stronger vigilance.
RBI's version follows the government's sharp assessment that the failure to detect the fraud raises questions about the central bank's "efficacy of supervision to detect and check systemic failure".
According to a Reuters report, the government wrote to RBI: "Either the framework designed by RBI to prevent and detect such frauds is inadequate or RBI is unable to ensure its effective implementation."