RBI has been warning lenders on possible misuse of SWIFT; it has finally fined 36 banks for negligence

Much before the ₹14,000 crore letters of undertaking (LoU) scam came to light at the Punjab National Bank in 2018, the Reserve Bank of India (RBI) — first in August 2016 and twice later — cautioned the banks about the possible misuse of the SWIFT infrastructure and directed them to implement safeguards.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is the global messaging software that enables financial entities to send and receive information about financial transactions in a secure, standardised and reliable environment.

Despite repeated warnings, the PNB fraud, touted to be among the biggest in the industry, happened. This prompted the banking regulator to again remind banks on February 20, 2018 (the PNB scam came to light on February 14) about the possible misuse of SWIFT.

Even the PNB scam failed to wake up banks. As a result, the regulator came down heavily on the banks, imposing monetary penalty on 36 banks, including the State Bank of India, ICICI Bank and the Yes Bank — to name a few — for failing to implement the safeguard which was mainly integrating the SWIFT infrastructure with Core Banking Solution (CBS) within a time frame.

Fines were imposed, starting from ₹1 crore and up to ₹4 crore so far. The Banking Regulation Act allows the RBI to impose a maximum penalty of ₹1 crore for a single breach. So, if a bank had been fined ₹4 crore, it must have breached four norms.

“[The] February 20 circular was an outcome of what happened in the PNB scam. The scam is mainly due to people and process failure not so much a technology failure. It is not that someone hacked into the system. So, the February 20 guidelines were mainly about people and process and though there were some technology tweaking that the banks had to do, the major one had been sending messages from the core banking system,” said Romit Dasgupta, founder and MD, Globsyn 3rd.Life, a fintech firm.

There are four possibilities as to why the banks were penalised, experts said. One is for not maintaining the timeline though many of them have complied with the norms now. Another is, since the CBS was required to be integrated with SWIFT, the question is whether CBS was equipped for this. Which means compliance was required from third-party vendors and their lack of readiness also could have led to delays. Third, even if the third-party software was ready, the bank may not have used it effectively. And, finally, there could be some small banks who may be not have started the process.

But the RBI has taken serious note. This is probably the first time that so many banks had been penalised for missing a deadline. “One thing is clear. RBI has not come down this heavily on banks in recent times. This is a signal to some of the banks that are used to a different pace,” Mr. Dasgupta said.

In April 2017, under former RBI Governor Urjit Patel, the RBI had set up an enforcement department. The idea was to centrally speed up regulatory compliance.

The purpose was to separate those who oversaw possible rule breaches and those who decided on punitive actions so that the enforcement process operated fairly and was evidence based.

“Now, all the penalty powers are processed through one single department. The department essentially was set up to identify actionable violations. It follows a consistent, rule-based policy for enforcement,” central banking sources indicate.

FATF - what lies ahead

Sources said the RBI action may not go down well with the global inter-governmental agency Financial Action Task Force (FATF) during the country assessment. At present, the fourth round of assessment is going on and India is likely to be assessed soon. The FATF reviews anti-money laundering, combating the financing of terrorism policies of countries, the compliance of financial institutions of these countries and the supervisory effectiveness in enforcing them. Questions will be asked as to why banks are so reluctant to comply with regulatory directions on an important issue such as international wire transfer mechanism, a source said.

Queries may also be raised as to why the regulator was unable to make lenders comply with its directions in a time-bound manner and as to what steps the regulator is taking so that such incidents do not recur.