The Monetary Authority of Singapore (MAS) has imposed an additional capital requirement of around SGD 330 million on OCBC Bank.
The city-state’s regulatory authority noted that this latest move was in response to the deficiencies in the banking institution’s response to a set of “spoofed” SMS phishing scams in December of last year.
OCBC made SGD 13.7 million (appr. $10.1 million) in goodwill payouts to clients who had become victims of the SMS phishing scam in January 2022.
The banking institution is now being required to apply a multiplier of 1.3x to its risk-weighted assets for operational risk.
This comes out to an additional amount of about SGD $330 million in regulatory capital based on reported financial statements as at 31 March 2022.
Following such scams and fraudulent activities, OCBC engaged an independent company in order to thoroughly review its systems and routine processes.
Deficiencies have reportedly been identified in the bank’s mitigation of key risks, pre- and post-transaction controls, incident management and complaints handling, leading to delays in containment measures as well as customer response time.
The deficiencies identified are in line or consistent with MAS’ assessment and the banking institution is now in the process of addressing them.
The additional capital requirement imposed reportedly takes into consideration actions taken by OCBC in order to enhance its existing controls and its approach to addressing customer complaints following the incident.
MAS also mentioned that these additional capital requirement will be reviewed when it is satisfied that OCBC has addressed all such deficiencies identified in the review.
Marcus Lim, Assistant MD (Banking and Insurance) at MAS, stated:
“Financial institutions have a duty to put in place robust measures to prevent, detect and respond to scams. This means ensuring that their controls remain effective against evolving scam tactics, and prompt actions are taken as soon as a scam is detected.”
Lim added:
“Consumers must also remain vigilant against persistent attempts by scammers to deceive them into divulging their log-in credentials or initiating transfers themselves. MAS is working closely with the industry and other agencies to further strengthen our collective defences against scams.”