How did the Punjab National Bank (PNB) scam work?
Diamond merchant Nirav Modi has been accused of siphoning off funds worth about ₹11,500 crore from the public sector bank, PNB. A key element of the scam is the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a messaging network that connects banks and other financial institutions across the world. Among other things, a bank that is part of SWIFT can use the system to convey credit instruments called letters of undertaking (LoUs) to other banks located overseas. An LoU is simply a request made to another bank in the SWIFT network to loan money to a client. The bank that issues the LoU essentially guarantees the bank that receives the LoU request that it stands by the creditworthiness of the borrower. That is, in case of a default, the bank that issued the LoU stands liable to compensate the bank that made the loan to the borrower. PNB alleges that employees at one of its branches in Mumbai issued fraudulent LoUs that were not authorised by its management. This allegedly allowed Mr. Modi's companies to obtain loans from the overseas branches of various Indian banks.
Why did it happen?
PNB’s internal information systems were not seamlessly linked to SWIFT. It is claimed that the huge fund transfers made via SWIFT to Mr. Modi’s companies by a few PNB employees went undetected for many years. Many critics, however, contend that the fraud is not simply a matter of the failure of PNB’s internal control system. Instead, they blame flaws in the ownership of public sector banks. In fact, the PNB scam came to light only after a whistle-blower exposed it.
Is this the first time?
No. SWIFT has been gamed by miscreants on a number of occasions. In 2016, there was a cyber-heist of $81 million from Bangladesh’s central bank. Russia’s central bank recently reported that $6 million was stolen from a Russian bank last year by exploiting the SWIFT system. Even the Reserve Bank of India stated this week that it had privately warned Indian banks about the prospect of misuse of SWIFT at least three times since August 2016.