Punjab National Bank, in the eye of a storm after a couple of employees issued unauthorized credit guarantees worth $2 bln to clients, said it has put in place procedural and technological changes required to prevent a repeat of the incident.
Two key technical changes being implemented are a revamp of the way the bank conducts business over the SWIFT system — used for international banking — and the upgrade of the Bank’s core banking software to the latest version.
The rogue employees of the bank were able to use SWIFT — an international telecom network of banks — to send the credit guarantees for their ‘clients’ without taking permission from their superiors.
The bank’s authentication and verification systems failed to catch these transactions.
Since SWIFT transactions not involving fund flows, like the issue of guarantees, were not entered into the core banking software, the scam remained undetected for several years.
The bank on Monday said all SWIFT transactions are now reflected in the core banking software, supplied by Infosys, and an additional layer of procedural checks has also been implemented from Feb 12.
“A three level authentication has been implemented in the bank regarding SWIFT authentication and a terminal at head office or zonal office would be provided to monitor transactions immediately,” the bank said.
“A 3rd level re-authorization of all financial messages by putting an additional tier at SWIFT Centre Mumbai, has been implemented, wherein payment messages are re-authorized, only after cross checking authentication of transaction in CBS (core banking software) and thereafter, allowed to pass through SWIFT Gateway server with effect from 12.02.2018,” PNB said.
It also said the core banking software, Infosys Finacle 7, is being upgraded to Finacle 10 and testing has been going on from 29 January.
“It is a superior system and would enable the bank at mid office and head office to view transactions of all branches through one administration… Need based access is available for authorized users at various levels based on user profile to view transactions of a required branch or a group of branches and related MIS (management information system) as required.”