The RBI sent out the advisories detailing what banks
should do to prevent a Bangladesh Bank-heist like incident.
One important advisory was to migrate to Finacle 10 directly from Finacle 7 used that time. Finacle, developed by Infosys, is a core banking system (CBS), which links all branches and functionalities of a bank together.
Bankers say Finacle 7 had to be linked with SWIFT by an external bridging software, whereas, Finacle 10 has the functionality to integrate SWIFT inside the CBS.
moved to Finacle 10 after that. State Bank of India and private sector banks were among the early birds. Those who required time used the bridging software.
Banks also updated the regulator about their progress, while PNB misled.
“… this was essentially an operational failure at our second-largest public sector bank,” said RBI Governor Urjit Patel in a speech on March 14.
PNB has only now fully started migrating to Finacle 10, three months after the bank was defrauded ~130 billion by Nirav Modi through fake letters of undertaking (LoU) issued by a few officials at PNB’s Brady House branch in Mumbai,
On Tuesday, the first working day of the financial year, PNB completed its first phase of implementation of SWIFT integration with CBS.
“Two successful transactions took place in SWIFT messaging system after its integration with CBS on Tuesday. We plan to scale up the integration every Monday and will fully integrate all the processes before April 30,” said a senior executive at PNB.
The bank is also in the process of upgrading its CBS to Finacle 10 and has said that the software upgradation has happened across its 7,000 branches.
In one of its advisories, the RBI had warned to keep a tab on SWIFT message originators.
In any global SWIFT transfer, there are three people involved – a maker, a checker and then a verifier who authorises the transactions. The RBI advisory had mentioned that at least one of the three should be outside the same premises.
In case of PNB, it turns out that all were done by one individual, or in collusion with others who sit in the same Brady House branch in Mumbai.
Most critically, there are several messaging types available in SWIFT. So, for example, if the ‘maker’ clicks 103, it throws up a specific format with pre-specified fields that needs to be filled up with specific information. The Indian banks, however, prefers to use messaging types ending with 9. This is a suffix for customised messaging, without any pre-specified fields. Since the details are not collated in a standard format, it is also therefore, hard to audit.
The RBI in its advisory warned banks not to use customised messages unless absolutely necessary, said bankers. Most LoUs issued by PNB officials to Nirav Modi companies were customised.
PNB executives said the bank had initiated the Financle upgrade one-and-a-half-years back, which involved various rounds of testing, end-user trainings, and various mock drills. The final roll-out was completed on January 26. Though Finacle 10 did not automatically integrate SWIFT with CBS, it had the compatibility to do so, unlike the previous versions of Finacle.
“We expect the Finacle 10 system to stabilise in three months. Normally it takes six months to stabilise. There are some teething problems, but we have been preparing for the upgrade since last one-and-a-half years. So, we are confident,” said another PNB executive.