Mumbai : Faced with rising instances of cyber-attacks on banks, the Reserve Bank of India (RBI) is considering imposing curbs on services or products offered by banks where cyber frauds have taken place due to failure of internal systems, an industry source said.
The curbs will be in addition to the monetary penalties, the source said.
“The intention of fine is to make a statement, not to debilitate the institution. When a bank is already hit by fraud and facing financial losses, it makes no sense to impose a heavy fine. In these cases, restricting products they offer or stopping them from offering some services may be a more effective step,” the source said.
In the alleged $2-billion fraud at Punjab National Bank, some employees of the lender, along with companies promoted by Nirav Modi and Mehul Choksi, had exploited the lack of connect between Worldwide Interbank Financial Telecommunication and core banking system, owing to weak audit systems.
The source noted that in such a case in which a bank was already reeling under losses due to a fraud, it was better to impose curbs on services rather than hurt its business by imposing a huge fine.
Recently, Pune-based Cosmos Co-operative Bank was a victim of a cyberattack involving fraudulent transfer of over Rs 94 crore through a malware attack and cloning of the bank’s Rupay and Visa debit cards.
National Payments Corp of India, which promotes Rupay cards, said its systems were fully secure, and that the fraud at Cosmos Cooperative Bank was due to issues with the bank’s information technology environment.
Currently, the RBI imposes a monetary penalty on banks not complying with its rules.
In October 2017, the RBI had slapped a Rs 6 crore penalty on YES Bank for not complying with the central bank’s rules on loan classification and delaying reporting an information security incident involving the bank’s automated teller machines.
In case a bank has faced a fraud due to a technology issue or system gap, its services directly linked to this could be curbed, including payments or remittances, especially offshore, the source said.
Other options being considered are disallowing banks from offering any fresh export related business.
Similarly, in case of issues at an overseas branch, apart from local supervisory strictures, the RBI could consider a review of existing global operations or even stop further offshore expansion, the source said.
“This is more effective, as it forces the institution to rectify their systems and show it to RBI that they are now in full compliance, so that they can offer those products or services again,” the source said.
