SWIFT was in limelight after it was used to conduct fraud worth Rs 11,000 crore (now risen to Rs 14,000 crore) at Punjab National Bank (PNB) unearthed on February 14 this year
Banks will have to comply with 16 security principles of SWIFT technology by December 2018 to avoid being reported to the Reserve Bank of India (RBI).
SWIFT, short for Society for Worldwide Interbank Financial Telecommunications, is a messaging system that enables banks and financial institutions worldwide to send and receive information about financial transactions via encrypted codes making the transactions secure.
“We are able to see the emerging trends now and basis that we have come up with security principles which is customer security programme. Any bank (across the globe) that wants to connect with SWIFT has to mandatorily comply with 16 security principles and we gave them time till December 2017… Now, we have given them time till December 2018 to comply with the gaps,” said Kiran Shetty, CEO, regional head, India and subcontinent, at SWIFT India Domestic Services Private Ltd.
If they do not comply by December 2018, we will report it to the regulators, he told Moneycontrol in an interaction.
The messaging platform was recently in limelight after it was used to conduct fraud worth Rs 11,000 crore (now risen to Rs 14,000 crore) at the Punjab National Bank (PNB) unearthed on February 14 this year.
SWIFT operates in 200 countries and is present in India for 25 years. In India, SWIFT has set up a data infrastructure company as per RBI’s rule that disallows any domestic data to leave the country.
On June 3, SWIFT updated the Customer Security Controls Policy document, which sets out SWIFT's policy with regards to the Customer Security Controls Framework, a set of security controls — 16 mandatory and 11 advisory — that set a security baseline for banks.
These standard security principles include governance structures, confidentiality of customer data, integration of mechanisms, validation of messages and monitoring and planning of changes to customer configurations and message service infrastructure.
In the PNB case, group companies of the now notorious and absconding jeweler Nirav Modi and his uncle Mehul Chokshi colluded with PNB officials of Brady House, Mumbai branch to seek fraudulent Letters of Undertaking (LoUs) bypassing the SWIFT platform, which was not linked to the bank’s core banking solutions.
This, despite the RBI warning banks three times since August 2016.
According to Shetty, they want to maintain basic hygiene from their side through the standard principles and every year as the cyber threat evolves, they will keep upgrading those principles with better versions. And each year they will demand attestation from banks.
“That is what we have got now as a duty to get the best practices even though we are not impacted… We do not have control over what controls the institution puts and we do not have legal control over it,” Shetty said.
To explain it with an example, he says, “We are like an Airbus airplane. It is taken by a Jet, an American and a Turkish airline. After several security checks, once the plane takes off and somewhere in transit, if a passenger turns out to be a terrorist, you don’t blame the airplane… That is what happened to us. We are deployed by all and we can be hit by a cyber-attack or a fraud and we cannot be blamed for that error.”
Among the recent innovations at SWIFT is the global payments innovation (GPI), launched in 2016, now live with over 60 banks globally; almost five in India have signed up to utilize the technology. ICICI Bank is already live.
GPI enables cross-border payments in seconds along with online real-time information tracker end-to-end to bring in more visibility, speed and transparency.“Our main agenda is to help reduce paper and provide solutions around digital. We are like a Bombay-Pune expressway that is ready to take (digital) traffic on it,” Shetty ends, touching the most-troubled nerve – physical traffic problem – of India’s financial capital.