Podcast | Digging Deeper: Nirav Modi is caught, but has banking sector caught up with SWIFT?

MAHADEVAN | RAKESH SHARMA Moneycontrol Contributors

Swift – except for the few people in the area of financial transactions very few others knew about SWIFT, let alone what it was all about. It was with the unravelling of Nirav Modi’s manipulation of SWIFT in his scamming of Punjab National Bank that we, at least in India, came to grips with SWIFT. Nirav Modi is back in the news, so now is as good a time as any to examine the method that was at the heart of the Rs 13,000 crore scam. All you need to know about SWIFT is what we dig deep into on this edition of Digging Deeper with Moneycontrol with me Rakesh Sharma.

Even though it entered our consciousness only in the recent past, SWIFT has been around for decades. SWIFT is the acronym for Society for Worldwide Interbank Financial Telecommunications. Its expansion makes it pretty much self-explanatory. It is a system, or network, that enables communications making financial transactions easy across banks and across locations. It succeeded Telex, which was the earlier system based on teleprinters. Telex, though, had quite a few problems. It was operated manually, and so data that was entered was prone to human error. Further, there was little security built into the system, which made it rather undependable when sensitive financial information needed to be transmitted. So, a group of banks got together to find a better alternative to Telex in 1973. Hence was born SWIFT, headquartered in Brussels.

Since its inception, SWIFT has become more or less universal, and has been accepted by more than 3500 financial institutions in more than 200 countries. Messages sent over the network are protected by the security of encryption, which makes it a much safer alternative to Telex. Besides, in today’s computerized and automated world, there is little chance of human error in the processing and transmission of financial inputs.

So, how does SWIFT tie in with the Nirav Modi Imbroglio? To understand, we need to understand how SWIFT works. It kind of follows the pattern that we have all become familiar with where personal banking transactions are concerned. There are numbers and codes and other security features that enable us to transact safely and electronically. SWIFT uses unique identification codes and account numbers to make it possible to make financial transactions across countries. Similar to the IFSC codes of bank branches that are required to make transactions between savings accounts, international transactions require the SWIFT code. A SWIFT code is also required to borrow from international bank accounts.

As you can see, SWIFT is virtually indispensable where international financial transactions are concerned. And, though security has been built into the system in the form of encryption, the network, like all computerized networks, is susceptible to hacking through external or internal agents, or a combination of both. In the case of Bangladesh’s central bank, from which $81 million was stolen, external hackers were responsible. In the case of Nirav Modi, it also required the assistance of people in the banking system, and the process was long-winded and involved manipulation of various instruments.

The Nirav Modi case highlights the problem inherent in the SWIFT network, and how given the right – or wrong – circumstances, the system could be tampered with to bypass the built-in safeguards. A detailed look at the process would be instructive.

It is important to remember here that SWIFT is only messaging system, as specified by the T, which stands for Telecommunications. For a system to fail, there have to be weaknesses in it that can be exploited. In the Nirav Modi case, there was laxness in implementation in different components of the banking transaction system. Apart from SWIFT, which has come into focus following the disclosure of the scam, other instruments such as LoU and CBS have also been in the mix.

Employees of Punjab National Bank were instrumental in issuing Letters of Understanding, or LoUs in favour of Nirav Modi’s various businesses, on the basis of which Modi could get loans from the international branches of Indian banks. Exporters are routinely given credit in connection with the shipment of goods, and Modi was given this credit for the import of pearls for his jewellery businesses.

LoU, or Letter of Understanding, is a document that a bank issues. It is in essence a guarantee of the creditworthiness of a person or an agency. In short, the bank, by issuing an LoU, states that it guarantees the borrower’s credentials and takes upon itself the liability of the repayment of any loan and interest the client might renege on. If everything is done right and the process of due diligence is followed, there is little to worry about, except for the usual risks that would apply.

In the case of Nirav Modi, the system had weaknesses and there were also interlopers to take undue advantage of these. The process of issuing LoUs was circumvented, and the system was tampered with, which affected the sharing of information.

Employees at the Brady House branch of Punjab National Bank issued LoUs fraudulently to international branches of Indian banks, which made it possible for Nirav Modi’s jewellery businesses to get credit from these banks. But it was not as simple as that. To avoid detection or the possibility of red flags being raised, the corrupt employees also bypassed the CBS, or Core Banking System, where the LoUs would have had to be documented. CBS is a central database which records, or at least, is meant to record, details of all the financial transactions of bank branches, and also the entire credit history of all account holders. So, none of these suspicious activities were registered, making detection more difficult.

Further, they also were involved in breach of trust, whereby they accessed the SWIFT system and were guilty of unauthorized sharing of the SWIFT password with outsiders. This became possible because the CBS was not linked to SWIFT, and hence the SWIFT data had to be manually input. Primarily, this need for manual intervention was what made it possible for corruption to creep in.

As a result, Nirav Modi was afforded credit, and was able to take out loans, which he should not have been. It was a simple matter of unauthorized access to the SWIFT password, but the point that the case highlighted was that there was no facility to crosscheck or cross-reference, or a secondary level of security, preferably at the other end of the transaction, to catch the foul.

It is, of course, apparent that without internal corruption and manipulation of the system, this couldn’t have happened. Every now and then, an instance of overreach in, or manipulation of, the banking system shows up its weaknesses, which leads to disastrous consequences, and this was perhaps the biggest of them all where the Indian banking system is concerned.

Anyway, what the Nirav Modi case meant was a Rs 11,400 crore in the balance sheet of Punjab National Bank. To put this in perspective, the net worth of the bank in 2017 was Rs 43,164 crore. Or, the amount PNB received through the bank recapitalization scheme of the government was Rs 5,473.

And that, in a nutshell, is the story of one of the biggest basket of bad loans.

Of course, the government has responded to the shock of the PNB crisis. While this began the process of how to set the system right, the investigation has also shown that the LoUs were issued for a duration of one years, whereas according to the rules of Reserve Bank of India, it should not have been for more than 90 days.

As both the cases mentioned above show, the problem lies more with the implementation, or lack of it, in the case of individual banks rather than with the SWIFT system itself. After the Bangladesh bank hack, the people at the helm of SWIFT introduced a two-factor authentication system, which also mandates stronger passwords. It has also launched a Customer Security Programme, which helps client banks investigate security issues.

However, the fact remains that unless the individual banks and banking systems also ramp up their security to match, there will always remain the risk of an attack. A broken system that requires manual intervention to send information to the SWIFT is a throwback to the earlier Telex system, and is an invitation for disaster.

In the immediate aftermath of the Nirav Modi scam, the Reserve Bank of India instructed Indian banks to put in measures to tighten security to prevent such manipulations. This included ensuring that all SWIFT messages were sent only after first verifying that the transaction had been entered in the CBS. This was to be followed by the logical integration of CBS with SWIFT, obviating the need for manual intervention. A system was also to be put in place which would immediately flag anything unusual in a transaction and lenders were to continually square off payment messages every couple of hours. Another immediate consequence was that LoUs, which were an easy, quick and cheap way to transact across national boundaries were banned, making it time-consuming for both financial institutions and for customers to disburse and gain access to funds.

However, by the end of August, 2018 not enough seemed to have been done, because the RBI felt constrained to issue show cause notice to 25 banks as to why the security measures hadn’t yet been implemented.

The response from the banks following this doesn’t seem to have been quick enough because the RBI proceeded to penalize almost 20 banks, to the tune of nearly Rs 40 crore, including State Bank of India and ICICI Bank over their non-compliance with rules regarding SWIFT.

Most of the offending banks, since then, say they have set things right.

The thing is this. The system cannot work in a vacuum. It is for the constituents, especially in a crisis like the one Nirav Modi precipitated, for things to come back together and work seamlessly. Individual responsibility plays a big role in this. Whether it is SWIFT or RBI, they can only set the rules. It is for the other to follow. Hopefully, there won’t be an opportunity for another Nirav Modi to emerge.