Scam-hit PNB put in place 3-tier authentication system for SWIFT process

Facing flak over the nearly Rs 126 billion scam, Punjab National Bank today said it has put in place a three-tier authentication system for SWIFT transaction and is in the process of installing a "superior" software system. The fraud, the biggest in the Indian banking sector, is alleged to have been perpetrated by way of fraudulent Letters of Understanding (LoUs) and misuse of authentication for SWIFT transactions by some bank officials. In a detailed filing to the NSE, the state-owned lender said the Audit Committee of the Board (ACB) has suggested external audit of all branches at regular intervals. Lapses at multiple fronts, including supervisory and audit, are among the factors being blamed for the scam. However, the bank today said, "the way these fraudulent transactions were committed by some employees in connivance of beneficiary was not within the scope of overall direct supervision of the ACB". Appropriate directions have been given to urgently integrate SWIFT with CBS (Core Banking System) and other remedial measures connected to overall audit functions of the bank, it added. "A three-level authentication has been implemented in the bank regarding SWIFT authentication and terminal at Head Office/ Zonal Office would be provided to monitor transactions immediately. "A third level re-authorisation of all financial messages by putting an additional tier at SWIFT Centre, Mumbai, has been implemented wherein payment messages are re-authorised only after cross checking authentication of transactions in CBS and thereafter allowed to pass through SWIFT Gateway server with effect from February 12, 2018," the filing said. The bank made an announcement about the fraud on February 13. Besides, the bank said a "superior" software system has been installed and is in testing phase.

This would enable the bank at mid-office and head office to view transactions of all branches through one administration. "The core banking system earlier in Finacle 7 has now been upgraded to Finacle 10 on January 29, 2018. Need based access is available for authorised users at various levels based on user profile, to view transactions of a required branch or a group of branches", the filing said. In the wake of the scam, accounting firm BDO was appointed on February 27 to carry out a forensic audit and its report is expected in three months.