Punjab National Bank’s fund transfer scam was made through weaker SWIFT mechanism in India. Click here to know more
India need to take effective measures to address the issues with SIFT mechanism.
What is SWIFT?
Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a secure financial message carrier.
The SWIFT is a global member-owned cooperative that is headquartered in Brussels, Belgium.
It was founded in 1973 by a group of 239 banks from 15 countries which formed a co-operative utility to develop a secure electronic messaging service and common standards to facilitate cross-border payments.
It transports messages from one bank to its intended bank recipient, it carries an average of approximately 26 million financial messages each day.
How does SWIFT work?
In order to use its messaging services, customers need to connect to the SWIFT environment.
There are several ways of connecting to it
Directly through permanent leased lines, the Internet, or SWIFT’s cloud service (Lite2)
Indirectly through appointed partners
Messages sent by SWIFT’s customers are authenticated using its specialised security and identification technology.
Its core role is to provide a secure transmission channel so that Bank A knows that its message to Bank B goes to Bank B and no one else.
Bank B, in turn, knows that Bank A, and no one other than Bank A, sent, read or altered the message en route.
Banks need to have checks in place before actually sending messages.
What happened in PNB case?
In the PNB case, one of its biggest failures was the missing link between SWIFT and the bank’s backend software.
This allowed fraudulent use of a key credit instrument letters of understanding or a loan request to another bank through the SWIFT network to transfer funds.
The loophole in the software framework of the bank was the patchy implementation of its Core Banking Solution (CBS) and its non-linkage with SWIFT.
What are the regulations made in SWIFT?
SWIFT established the customer security programme (CSP) in early 2016 to support customers in the fight against a growing cyber threat.
SWIFT published a detailed description of the mandatory and advisory customer security controls and made it critical customers prioritise the security network.
This framework describes a set of controls for its customers to implement on their local infrastructure.
What is India’s stand in this regard?
After the fraud, PNB adopted strict SWIFT controls, it has also created a separate unit to reauthorize most messages sent over SWIFT by branches.
Many other banks are expected to fast-track the integration between SWIFT and their backend systems.
To strengthen internal controls, the RBI has set April 30 as an “outer limit” for all public sector banks to integrate SWIFT with core banking solutions.
Indian banks need to adopt the best practices to protect end-to-end transaction ecosystem within their firms, including payments, securities trade and treasury.
