RBI Fines 36 Banks For Not Complying With Directions On SWIFT Messaging System
The Reserve Bank of India imposed penalties totalling Rs 71 crore on 36 banks for not complying with its directions on operational controls in the SWIFT system, the messaging network allegedly misused to perpetrate India’s largest banking fraud.
The penalties were imposed on several public, private and foreign banks between Jan. 31 and Feb. 25, with the fines ranging from Rs 1 crore to Rs 4 crore, according to a central bank statement. Among the banks fined are Bank of Baroda, Indian Bank, BNP Paribas, Dena Bank, Deutsche Bank, ICICI Bank Ltd., IDBI Bank and State Bank of India.
SWIFT—Society for World Interbank Financial Telecommunication System—is a global messaging network used by financial institutions to securely transmit information and instructions. Punjab National Bank, India’s second-largest public sector lender, had in February last year revealed that nearly Rs 14,000 crore were fraudulently transferred from a branch in Mumbai using SWIFT. The transactions weren’t spotted as the lender’s core banking system was not connected with the messaging network.
That prompted the RBI to reiterate its August 2016 circular asking banks to link their core systems with SWIFT and also put in place operational controls suggested by the regulator. But the RBI found that banks have not complied with certain regulations.
The central bank’s assessment of 50 banks, according to the circular, found violation of one or more directions related to:
- Direct creation of payment messages in the SWIFT environment.
- Implementation of straight-through processing between core banking or accounting System and SWIFT.
- Ensuring that users entering/passing/authorising the transactions in core banking system were different from those operating in SWIFT environment.
- Independent reconciliation of logs generated from SWIFT with corresponding entry passed in the CBS/accounting system.
- Introduction of an additional layer of approval for all payment messages exceeding a particular threshold.
- Nostro reconciliation on T+1/T+5 basis.
As per the RBI’s norms on operational controls, banks have to ensure that the employees operating the SWIFT system are different from those managing the core banking system in case the integration between the two was still pending or if the final transactions were performed only on SWIFT. Banks have to create a separate vertical of SWIFT administrators.