.svg)
The Monetary Authority of Singapore has taken further action against OCBC Bank, raising its capital limits after some of its customers were victims of a phishing scam.
MAS, the city state’s financial watchdog, has imposed an additional capital requirement of approximately S$330m on OCBC Bank over deficiencies in its response to a raft of spoofed SMS phishing scams in December 2021.
OCBC is now required to apply a multiplier of 1.3 times to its risk-weighted assets for operational risk.
“Financial institutions have a duty to put in place robust measures to prevent, detect and respond to scams. This means ensuring that their controls remain effective against evolving scam tactics and prompt actions are taken as soon as a scam is detected,” said Marcus Lim, assistant managing director at MAS.
Consumers must also remain vigilant against persistent attempts by scammers to deceive them into divulging their log-in credentials or initiating transfers themselves, he continued. “MAS is working closely with the industry and other agencies to further strengthen our collective defences against scams.”
The additional capital requirement imposed takes into consideration actions taken by OCBC to strengthen its controls and its approach to resolving customer complaints following the incident.
It will be reviewed when MAS is satisfied that OCBC has addressed all deficiencies identified in the review.
A total of S$13.7m was lost in the recent spate of phishing scams involving OCBC Bank, according to local press reports. This was up from the S$8.5m sum that the bank first reported in December.
In addition, the number of customers believed to be affected came to 790.
Following the scams, OCBC engaged an independent firm to review its systems and processes.
Deficiencies were found in the bank’s mitigation of identified risks, pre- and post-transaction controls, incident management and complaints handling, resulting in delays in containment measures and customer response time.
The deficiencies identified are in line with the authority’s own assessment and the bank is in the process of addressing them, MAS has said.
OCBC’s chief executive, Helen Wong, said in a statement: “As digital banking becomes a way of life in today’s world, scammers are using increasingly well-orchestrated tactics to convince, mislead and steal. Therefore, the integrated defences that a bank must have in place to prevent, detect and respond to scams are expected by customers.”
“The SMS phishing attacks impersonating OCBC in December 2021 was unprecedented in that the tactics reached a level of realism not seen in previous phishing scams,” she continued. “While we took various actions in December to stem the scam, we should have responded faster and better to early signs of the attacks."
This is not the first instance where MAS has taken action like this.
In February this year, the Monetary Authority of Singapore raised capital requirements for DBS Bank by S$930m following the widespread unavailability of the retail institution’s digital banking services in November last year.
