Singapore's OCBC hit by $240m extra capital requirement for phishing scam

Visual from the OCBC website. August 2015

Singapore‘s central bank said it has asked Oversea-Chinese Banking Corp Ltd (OCBC) to keep an additional S$330 million ($240 million) in capital for operational risk after hundreds of its customers were hit by an SMS phishing scam in December.

OCBC is required to apply a multiplier of 1.3 times to its risk-weighted assets for operational risk. This translates to an additional amount of approximately S$330 million in regulatory capital,” the Monetary Authority of Singapore (MAS) said in a statement on Thursday.

OCBC, Singapore‘s second-largest lender, said reported losses from the scam amounted to S$13.7 million, mostly in December. The bank made goodwill payouts of the entire amount to victims of the scam, which affected 790 customers.

“Financial institutions have a duty to put in place robust measures to prevent, detect and respond to scams,” said Marcus Lim, assistant managing director for banking and insurance, at the MAS.

OCBC said an independent consultant reviewed the bank‘s anti-scam systems and processes and concluded that there was no cyber attack on its IT systems.

“The SMS phishing attacks impersonating OCBC in December 2021 was unprecedented in that the tactics reached a level of realism not seen in previous phishing scams,” Group CEO Helen Wong said in a statement.

“While we took various actions in December to stem the scam, we should have responded faster and better to early signs of the attacks,” she said.

Reuters 

Bring stories like this into your inbox every day.

Sign up for our newsletter - The Daily Brief
Subscribe to Newsletter

This is your last free story for the month. Register to continue reading our content