Outsourcing of jobs by global financial institutions to Indian shores has come under scanner, with the perpetrators of a $45 million worldwide ATM heist apparently breaching computer systems of a payment processing firm in India for their con job.
According to charges filed by the US federal prosecutors here, eight persons have been indicted for participating in two worldwide cyberattacks culminating into a huge $45 million being withdrawn fraudulently from ATMs across the world in a matter of few hours earlier this year.
The modus operandi for the heist included hacking into computer systems of payment processing companies -- one in the US and another in India -- to compromise the account details of prepaid card account customers of two banks (one in the UAE and another in Muscat). This was followed by unlimited withdrawals from ATMs across the world.
This is the fourth major instance in less than a year when outsourcing of key jobs by global financial conglomerates to India has found a mention by global regulatory or enforcement agencies for wrong reasons, including for ineffective controls against suspicious transactions, a global rate rigging scandal, money laundering risks and now a huge swindle operation.
Late last year, a joint probe by British and Swiss regulators found key controls for "detection of suspicious trading activity" failed at an India outsourcing unit, contributing to $2.3 billion loss caused by a rogue trader of global banking giant UBS.
Months before that, outsourcing of key oversight jobs by two global banks -- HSBC and Standard Chartered -- to India had come under the regulatory scanner in the US and UK for ineffective controls against suspicious transactions.
The latest case of an apparent breach of systems at offshoring units in India has come to the fore despite outsourcing of key financial jobs to India continuing to remain under regulatory scanner in the US and the UK.
As per an advisory issued by the UK financial market regulator FCA (Financial Conduct Authority) about offshore centres of British banks, the "financial crime training in India needs to be better supported by financial crime teams in the UK."
The FCA said that "fake CVs, inconsistent references, and previous employers being reluctant to provide references or share data were common in India. India does not have the electronic database infrastructure in place to allow fast, effective checking of the bona fides of individuals. So firms need to apply a wide range of strategies to fill this gap."
The US Federal Deposit Insurance Corporation's Advisory Committee on Systemic Resolution has also listed data and operational centres in India among the top-priority jurisdiction for monitoring of potential risks at SIFIs (Systemically Important Financial Institutions).