RBI starts audit of 'SWIFT' transactions of all banks

Reserve Bank of India (RBI) has begun investigating the SWIFT system transactions of all banks. The central bank has directed all banks to submit details of all such transactions undertaken from January 2015 to the latest date.

The SWIFT platform -- the abbreviation for Society for Worldwide Interbank Financial Telecommunications -- and letters of undertaking (LoUs) are the two channels that were compromised by PNB employees to funnel money out of the bank into the accounts of the diamantaires Nirav Modi and his maternal uncle Mehul Choksi, the owner of the Gitanjali group of companies.

Cross-border transactions are facilitated through the SWIFT infrastructure that works on a system of codes.

Banks, meanwhile, have clamped down on issuing LoUs or offering any non-fund based limits without adequate security.

RBI is also expected to issue instructions to Punjab National Bank (PNB) on the need to fulfill its obligations on the LoUs.

Banks are in the process of collecting the information of all transactions on the SWIFT system and reconciling with its core banking system (CBS). While some banks have already submitted the data, the others are in the process of completing it.

A senior banker said, "The central bank wants to check if there are any unreported SWIFT transactions that escaped the SWIFT system and sitting as a liability for any bank. So all banks have been asked to submit SWIFT transactions for the past three years."

A typical SWIFT transaction involves checks at three levels, a maker, checker and a verifier. The transaction is initiated by the maker, authenticated by the checker and authorised by the verifier. In the case of PNB all three passwords, of the maker, checker and the verifier, were with Gokulnath Shetty, the then deputy manager at the Brady House branch of PNB, a post he held on for seven years until he retired in July 2017. Having an officer of his rank in one location for more than three years was in contravention of the regulations, which stipulate officers are transferred every three or five years.

A senior PNB official said, "In specialised positions, we retain people if they are capable of discharging their functions without any problems."

As recent as February 7, City Union Bank reported to the stock exchanges that its SWIFT system, too, had come under a cyberattack recently. "On February 7, it was found that three fraudulent remittances had gone through our SWIFT system to our correspondent banks, which were not initiated from our bank's end," the bank said. Hackers tried to transfer nearly $2 million in these transactions.

SWIFT is also taking proactive steps for improving information sharing between its customers. A SWIFT spokesperson told DNA Money in an email statement, "To be clear, there is no indication that the SWIFT network has ever been compromised. When a case of potential fraud in a customer's environment is reported to us, we offer our assistance to the affected user to help secure its environment."

ON A STANDSTILL

• Banks, meanwhile, have clamped down on issuing LoUs or offering any non-fund based limits without adequate security.
   
• RBI is also expected to issue instructions to Punjab National Bank on the need to fulfill its obligations on the LoUs.