PNB fraud: PAC calls top officials of ED, Customs for briefing
As the over Rs 11,000-crore Punjab National Bank fraud unfolds, the underlying technology that enabled the money transfer has been in the limelight.
Here is a look at some of the underlying technologies that enable such cross border money transfers.
SWIFT stands for the Society for Worldwide Interbank Financial Telecommunications, a messaging system used by banks the world over to send information and instructions in an encrypted format through a secure channel.
It is a messaging system, and does not hold money or manage accounts.
Modifying an Investopedia example, this is how it works:
Suppose a customer of say, a State Bank of India branch in New Delhi wants to send money to her friend who has an account at a Citibank branch in London.
The person in New Delhi needs to provide the SBI branch with his friend’s account number and Citibank’s unique SWIFT code for its London branch. SBI will send a payment transfer SWIFT message to the Citibank branch over the secure SWIFT network.
Once Citibank receives the SWIFT message about the incoming payment, it will clear and credit the money to the London friend’s account.
A core banking system is a software that supports the daily transactions and accounts within a bank internally. It lets customers perform basic transactions from any member branch office of the bank.
Punjab National Bank uses a core banking software product called Finacle, developed by Infosys Ltd, which provides services across consumer banking, corporate banking, trade finance, customer analytics, wealth management etc. Different banks use different components of Finacle or any other software for their banking needs.
The Nirav Modi puzzle
In this case, jeweller Nirav Modi’s group companies managed to get a Letter of Undertaking from the Punjab National Bank’s Brady House branch in Mumbai. LoUs are issued by one bank to branches of other banks, based on which foreign branches offer loans or credit to buyers. This was routed to the foreign bank branches through the SWIFT system.
While PNB and experts have said the person or persons colluding with Modi’s companies managed to bypass the core banking software, Moneycontrol asked experts whether this is at all possible.
“It is quite possible to bypass the core banking system, because SWIFT is like any other payment system, like a NEFT or RTGS, and how the two are connected depends entirely on the bank,” said an official with a private sector bank, who did not wish to be named.
Prof Rahul De, Chairperson at the Centre for Software & Information Technology Management at the Indian Institute of Management, Bangalore also said SWIFT and core banking are two separate systems, but SWIFT is under the control of bank managers and follows the broad guidelines of exchange laid out by the Reserve Bank of India.
“If you transfer money from the foreign branch of a bank, it does not get to your account automatically,” he said, adding that “some amount of manual intervention is required for approving and clearing the transaction before the money gets transferred to your account. That is where some fraud has been conducted.”
However, it is not that there is absolutely no point where SWIFT and core banking join hands.
According to an expert in cybercrime and banking systems who did not wish to be named, most banks follow a routine of monthly reconciliation between SWIFT and core banking transactions.
The LoU has to be entered into the core banking system as credit, and not just when the foreign bank branch claims that money.
“This process is normally automated, but the person involved in the bank branch in the fraud went behind the system to ensure that the entry was either not made or they reconciled one LoU by offsetting it with another LoU to some other bank’s branch,” he explained.
In any case, all experts Moneycontrol spoke to agreed the fraud, staggering as it is, is a case of exploiting a gap in the existing system, and more a crime using technology than cybercrime itself.