Union Bank of India
09:22
Showing posts with label Union Bank of India. Show all posts
Showing posts with label Union Bank of India. Show all posts
Sunday, 28 November 2021
Friday, 3 September 2021
Tuesday, 19 January 2021
Wednesday, 8 May 2019
Union Bank of India
07:55
Government may soon invite Punjab National Bank, Union Bank, Bank of India and other Public Sector Banks to discuss merger plan
Government may soon invite Punjab National Bank, Union Bank, Bank of India and other Public Sector Banks to discuss merger plan
With the three-way merger of Bank of Baroda (BOB), Vijaya Bank and Dena Bank coming into effect earlier this month, the Centre seems ready to take another step towards fewer public sector banks. Significantly, such a move is not dependent on the outcome of the general elections since the Congress Party is sold on the Modi government's plan for merging public sector banks (PSBs). Its election manifesto speaks of a maximum of eight state-run lenders with a national presence.
"The government is soon likely to invite select lenders for discussion on a second round of PSB merger," a finance ministry official told The Economic Times, adding that the banks to be called may include Punjab National Bank (PNB), Union Bank of India and Bank of India (BOI). According to the source, some merger activity is on the cards around second or third quarter of the current fiscal year, and if the banks are not able to give options then the alternate mechanism (AM) group can make suggestions.
Moreover, for round two the Centre is not fixated on a tripartite merger along the lines of the BOB-Dena Bank-Vijaya Bank merger that created the country's third-largest lender and reduced the PSB count to 18. This merger was the first step in the consolidation of the public sector banking industry as recommended by the Narasimham Committee in 1991. "We will be looking at various combinations. It has to be organic, besides we will like some of these large banks to further consolidate their balance sheets in the first two quarters," the Finance Ministry official added.
The buzz last month suggested a merger between PNB, Syndicate Bank and Indian Overseas Bank was being weighed and before that, in February, speculation was rife about a possible PNB-Punjab & Sind Bank-Oriental Bank of Commerce merger. Clearly, any possible merger on the cards is likely to be centred around PNB, the country's second largest lender. The bank's managing director and chief executive Sunil Mehta told the daily last week that PNB has now made a turnaround and can consider offers for acquiring other lenders.
But the big question is whether it is an opportune time to step up bank amalgamation. Senior BOB officials previously told PTI that the test case merger will take two years for completion. So there's no dearth of industry watchers who say that it would be prudent to wait for the stabilisation of the BOB-Dena Bank-Vijaya Bank merger before moving ahead.
Furthermore, the health of the PSBs being considered for round two also needs to be considered. The RBI took Bank of India out from its Prompt Corrective Action (PCA) framework just three months ago while Union Bank of India and PNB are also reportedly in early recovery stage.
Source:AIPNBSF
Wednesday, 19 April 2017
Union Bank of India
08:26
How Union Bank was hacked and got its money back
How Union Bank was hacked and got its money back
Union Bank of India recently fell prey to hacking—robbing the lender of $171 million—but the hackers made a silly mistake
Mumbai: It was just another Friday for the hundreds of office goers who were jostling with each other to get to their own work places in and around the corporate office of the Union Bank of India at Nariman Point in Mumbai. Even those queuing up in the early hours at the cash counters across the 4,233 branches and 7,946 ATMs of the bank spread across India, were calmly going about their tasks— depositing money or withdrawing cash.
However, those early hours of 21 July 2016, were going to be anything but ordinary for the chairman and managing director of Union Bank, Arun Tiwari, who also sits in the corporate office—the Union Bank Bhavan. Happily going about his routine tasks of reading newspapers, sipping a cup of tea and updating himself of the goings-on in the bank, Tiwari was just settling in when his phone rang.
He still remembers the time. “It was around 10.30am when I was informed that an unidentified hacker was attempting to swindle us of $171 million (about Rs1,100 crore at today’s rates) from our Nostro account.” A Nostro account is an account that a bank holds in a foreign currency in another bank.
All hell should have broken loose. But Tiwari, who insists that he is a “non-technical” person kept his cool. “The thing uppermost in my mind was that I had to quickly get onto the money trail and recover the money.”
That was easier said than done. By the time the Union Bank official in the treasury department, who was reconciling the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payments for the day realized that an amount of $171 million had already been debited from the dollar account of the bank without his authorization, the money had travelled far and wide.
The money had found its way to accounts in two banks in Cambodia—the Canadia Bank Plc and RHB IndoChina Bank Ltd, besides the Siam Commercial Bank in Thailand, Bank Sinopac in Taiwan, and a bank in Australia. These funds were routed by Citibank New York and JP Morgan Chase New York, which hold UBI’s foreign exchange accounts.
Even as Tiwari informed the Reserve Bank of India (RBI), the ministry of external affairs and Gulshan Rai, director general of the Indian Computer Emergency Response Team (CERT-In), to apprise them of the matter and take advice, he simultaneously sent a terse message instructing all the staff at Union Bank Bhavan that “a whole floor on that building was to be cordoned off, and that all staff members working to solve this problem would only leave after the matter was resolved”.
“Inspection investigation was done by CERT-In, RBI, our own team,” Tiwari recalls, adding that he also appointed consulting firm EY “the same night”. EY said “as far operations are concerned, you are ahead of time. Whatever was required to be done, as a non-technical person, has already been done.”
How did it exactly happen?
First, the bank had to know what exactly had gone wrong and how the hackers got access to Union Bank’s servers. Did an insider assist in the task or was it a breach by an external device?
It appears, it was neither. Rather, it was an email from a very authentic source— (RBI)—with an attachment. “This email was sent to a few email IDs, and some of them were from customer care, e-banking and some were addressed to individuals too. It might have happened even before 20 July,” Tiwari recalls.
Kartik Shinde, partner, advisory services, EY, recalls receiving a call at 10pm that night. “Which PSU (public sector undertaking) bank in India has that ability to take that call? I know of two-three others, who started evaluating vendors, took prices from them. UBI said start the work and we will give whatever the fees. You need to have someone authoritative in the bank like the chairman who will take the call saying that I will take the necessary approvals from CVC (Central Vigilance Commission) and all others but get this analysis done sooner because the more time you spent analysing it, you are giving more lead time for attackers to cover up their tracks, to get out of the system,” he said.
It wasn’t that Union Bank was the specific target. Shinde insists that “I wouldn’t say it was a random pick. If I have to break into this network, I will send the payload or malware to all employees. It doesn’t matter who clicks on the link. The hacker simply wants to access the system from where he will do the transaction.”
This is also what happened in Union Bank’s case. The “phishing”—an attempt to obtain sensitive information such as usernames, passwords and other financial details by pretending to be a trustworthy entity—mails were sent to 15 email IDs. “Three people reported that the email was suspicious to the IT security. The other Union Bank employees were “technically-savvy” persons. They noticed that although the email address said @rbi.org.in, it had an attachment that a zip file. Within the zip file, there was a dot (xer) file and not a dot pdf file, which is why they reported it as suspicious,” Shinde said.
Unfortunately, one of the “not-so-tech-savvy” Union Bank officials fell prey to the phishing email and clicked on the link which released the malware that went viral on the bank’s servers. The hackers would have got their way and swindled the cash but for a silly mistake they made, according to Shinde.
When a bank does a SWIFT transaction during the day, they typically get a reconciliation report the next day and all the corresponding banks send them the “end-of-the-day balance” report the following morning.
When Union Bank got it from the originating bank, they saw a difference of $170 million and that alerted them because of one mistake—the hackers deleted the six entries they had made.
“That’s why we say it’s quite similar to the Bangladesh online heist (theft of $81 million from the central bank of Bangladesh in February 2016). If they had not deleted the entries, it would have taken some more time for the bank to realise that there are fraudulent transactions,” Shinde explained.
Every bank runs a reconciliation process at the end of the day. The malware that infected the central bank of Bangladesh, too, had a component which manipulated the SWIFT’s prt file. The prt file is a print file which usually prints the report of transactions for that day.
For instance, if the report shows 106 transactions when they have actually done only 100 transactions, the discrepancy will come to light. This is one reason why the hackers deleted the six transactions in the Union Bank episode.
However, this is also the reason that the hack was discovered.
So what did Union Bank do?
Shinde recalls some RBI officials being there when the forensics began.
“The CBI (Central Bureau of Investigation) had not come yet. The cybercrime cell officials were there. Traditional police mentality was it must be some insider,” Shinde said.
Even a First Information Report (FIR) was filed almost a month after the incident, according to Tiwari.
“It took us sometime to zero down on the fact that the attack was similar to what happened in the Bangladesh case,” Shinde explained.
EY officials went about doing an analysis of the server and “some network forensics”. They, thus, narrowed down on the systems involved. “Imaging takes 48 hours, indexing takes 24 hours. For instance, when you put a system to do imaging of the disk, it takes two days for a 2 terrabyte (TB) hard disk. There is a lot of time lag that happens. We had a tough time facing the regulators and security officers. It was a high-pressure environment. RBI used to call us every day, asking us what happened. We had to tell them that analysis takes time,” Shinde said.
The problem, according to Shinde, is that EY had access only to a “limited set of logs”.
Organizations, according to Shinde, typically keep logs in the system for a period of 2-4 months and not for 1-2 years. The reason is also that the data is humongous.
“If someone had the ability to analyse a two-year log, you’d have different answers coming out. It’s very difficult. So attribution of zeroing down on a particular geography is very difficult.”
In UBI’s case, the UBI employee was sitting in the Mumbai office. But he could have been anywhere. Given that networks of most organizations are flat, SWIFT networks are not segregated—one computer can reach the other computer very easily, according to Shinde. The objective of the attacker is to infect anyone and then start searching for critical systems within the network. In technical terms, it’s called lateral movement, Shinde explained.
After analyzing the problem with the “limited resources” on hand, Union Bank delinked its “380-odd SWIFT pan-India connections” in a bid to centralize operations. “Then we created space in this building (Union Bank Bhavan), and had around 40 hotline operators manning the phones. I had told them that nobody will leave till such time that this is put in place and tested,” Tiwari explained.
The ploy worked. As regulation necessitates, Union Bank informed the exchanges on 22 July that “…there was an attempted cyber incidence in USD Nostro Account of the bank. The money trail was promptly traced and movement of funds was blocked. Resultantly, there is no loss caused to the bank”.
“What pains me —in cricket, we call this a late run. The headlines (referring to reports that appeared a year after the heist) are screaming as if this happened yesterday,” Tiwari rued.
He added, “We had, and have, concurrent manual checks too. In all these kinds of heists, money is lost or partly retrieved. Credence must be given that we did not lose a single cent. We recovered about 70% of the money within 24 hours. The last tranche of $30 million took me 50-60 hours because of a legal process.”
But isn’t prevention better than cure?
Union Bank, according to the 22 July press statement to the exchanges, added that a cybersecurity forensic audit was being done to “identify, plug any gaps and strengthen the system. “There is no impact on the Bank’s operations,” the note concluded.
The question that begs an answer—one which even Tiwari could not answer satisfactorily—is who was to blame for the lapse: Union Bank or SWIFT?
Kiran Shetty, CEO of SWIFT India, insisted that “SWIFT’s system has not been compromised. We have not got a cyber report from Union Bank or any forensic report from them. The investigation is closely held by them. In most cases, when cyber attacks happen, people are not forthcoming with information. We have not been exposed to full details.”
“Globally, there are controls and principles we are defining. We are revisiting the vendors that we have in terms of our connection. We have never been compromised. We are only doing pieces to further strengthen the evolution of our system. We are doing roadshows across five cities in India along with the Indian Banks Association talking about cyber security controls, cyber hygiene, etc,” Shetty said.
Shetty, though, acknowledged that “cyber threat is real and is growing”. According to him, the pace of digitization that we have seen in the last decade and at a more accelerated pace, requires the same level of investment on the cyber side as well. The regulator (RBI), he added, has introduced regulations around a CISO (chief information and security officer) directly reporting to the board. There is also a customer security programme where “we are now mandating 27 controls, of which 16 are mandates and 11 are advisory. If you don’t have 16, we will start reporting to the regulator.”
Implementation of all these regulations will have to be done by the end of the year.
Even Tiwari expressed his inability to share a copy of the forensics report. “I cannot share further details because even I don’t have a copy,” he said.
Tiwari, however, pointed out that the measures his bank has undertaken after the incident last July included the “most stringent filtering, awareness of employees, whitelisting (proactive security technique that only allows a limited set of approved programs to run while blocking the others), BIOS passwords (to prevent external devices from accessing computers and servers) and engagement with regional office levels constantly”.
He added, though, that even as the bank was fortifying its IT platform “trying to see how to make your processes efficient”, he would not rule out future cyber attacks.
“We have put the best IT guys on the jobs and even a CISO but the fact is that however many locks you put on the door, a burglary can still take place. The point is to remain alert and put measures in place, which we have done already,” Tiwari insisted.
Shinde concurred that cyber crimes are well thought and well researched most of the times. Even when EY does cyber attack simulations, the first part is the reconnaissance phase.
“It’s like in any war on an attack, you first do a thorough reconnaissance on the target to see how weak they are, what controls are there, who to target first, what are the avenues for entry, how many avenues are there,” Shinde explained.
Shinde added that one can easily pick up and sniff out email addresses from employees putting news on groups, public forums.
“It’s possible that Union Bank, too, could have been targeted via a reconnaissance exercise. This is just one bank which has come out in the open. We don’t know how many banks are there who have gone through the same incident and not reported it to the regulator,” Shinde said, concluding, “Even if you fix everything, you cannot rule out the chance that it will not happen again. In UBI’s case, they responded faster. Today, the response time is critical.”
Incidents of hacking in recent times
—Federal prosecutors are investigating North Korea’s possible role in a SWIFT hack that resulted in the theft of $81 million from the central bank of Bangladesh in February 2016, according to a 15 April report in the New York Times. Security researchers found that traces of code used in the Bangladesh theft had been used in a cyber attack against Sony in 2014, which the Obama administration and security experts blamed North Korean hackers for carrying out, the report added. Soon after RBI asked Indian banks to immediately put in place a cyber security policy.
—Card data of 3.2 million customers was stolen between 25 May and 10 July in 2016 from a network of Yes Bank Ltd ATMs managed by Hitachi Payment Services Pvt. Ltd.
—Axis Bank reported cyber security breach in October 2016; malware found in its server; no monetary loss reported.
—Bank of Maharashtra lost Rs25 crore when a bug in the Unified Payments Interface (UPI) system allowed people to send money without having the necessary funds in their accounts earlier this year.
—On 8 April SBI ATM in Odisha spews out cash without any card being swiped. Physical malware attack suspected in these ATMs.
Source:Live Mint
Sunday, 9 April 2017
Union Bank of India
07:48
UNION BANK OF INDIA WINS IBA BANKING TECHNOLOGY AWARDS 2015-16
UNION BANK OF INDIA WINS IBA BANKING TECHNOLOGY AWARDS 2015-16
Mumbai : Union Bank of India Wins two Banking Technology Awards from IBA (Indian Bank’s Association) in Best Financial Inclusion Initiatives (Winner) and Best Technology Bank of the year (Runner). Bank’s Chairman and Managing Director Shri Arun Tiwari received the award from Padma Vibhushan Dr. Raghunath Mashelkar, President, Global Research Alliance & Dr. Viral V. Acharya, Deputy Governor, Reserve Bank of India at the glittering award function organized by IBA at Mumbai.
Source:Forevernews
Friday, 10 February 2017
Union Bank of India
08:04
NPCI expects all public sector banks to join BHIM by February-end
NPCI expects all public sector banks to join BHIM by February-end
New Delhi: With the aim to scale up the usage of Bharat Interface for Money or BHIM, the National Payments Corp. of India (NPCI) is working to ensure that all the public sector banks (PSBs) are integrated to the app by the end of this month.
“The PSBs which will go live very soon on the platform are Corporation Bank, Punjab and Sindh Bank and five associates of State Bank of India. We are working with these seven banks to ensure that all of them are a part of the platform by the end of this month,” said A. P. Hota, managing director & chief executive officer, NPCI, in a statement.
Currently, 37 banks are already integrated to BHIM including PSBs like State Bank of India, Bank of India, Bank of Baroda and Union Bank of India. With the seven banks joining the platform very soon, all the PSBs will be a part of BHIM’s interface.
“Since the customer base of PSBs is very large, their participation in BHIM is of crucial importance for the success of this app. We are confident that once all PSBs are a part of BHIM, the user base will jump multiple times,” said Hota.
The app was launched on December 30 by Prime Minister Narendra Modi to promote digital transactions using the Unified Payments Interface (UPI), a bank-to-bank fund transfer system backed by internet and smartphones, using phone numbers linked to banks.
According to NPCI, till 31 January, 13.8 million customers downloaded the app out of which 3.6 million customers have linked the app to their bank account.
“The gap in the number of app downloads and the number of customers linking the app to their bank account has been because it is observed that most of these customers have downloaded BHIM without checking if their bank is active on the platform,” the statement added.
Last month, a new version 1.2 was launched with additional features like ‘Pay to Aadhaar Number’, and spam report’. The new version also has seven new languages apart from English and Hindi.
Source:BusinessFortnight
Source:BusinessFortnight
Sunday, 4 October 2015
Union Bank of India
19:39
Bank of India, Union Bank issue preferential shares worth Rs.3534 cr to Govt
Bank of India, Union Bank issue preferential shares worth Rs.3534 cr to Govt
Public sector lenders Bank of India and Union Bank of India have issued equity shares worth Rs.2,455 crore and Rs.1,079 crore, respectively, to the government on preferential basis for capital infusion.
“Consequent to the receipt of capital funds from government to the tune of Rs.1,079.99 crore, the bank has on 30 September 2015 issued and allotted 51,662,281 shares at an issue price of Rs.209.05 per equity share on preferential basis,” Union Bank said in a BSE filing on Saturday.
In a separate filing, Bank of India said it has allotted 127,004,655 equity shares to government on 30 September 2015. “Consequently, shareholding of government has increased from 64.43% to 70.13% and correspondingly, the non-government shareholding has decreased from 35.57% to 29.87%,” it added.
Bank of India will get a capital infusion of Rs.2,455 crore by way of increased government shareholding.
In August, the government had decided to infuse Rs.20,088 crore in 13 public sector banks, including State Bank of India, Punjab National Bank, IDBI Bank, Canara Bank and Corporation Bank. The government has laid out a road map for Rs.70,000 crore of capital infusion in public sector banks over four years. Of this, Rs.25,000 crore is marked for 2015-16 and 2016-17 each and Rs.10,000 crore for 2017-18 and 2018-19 each.
It is estimated that public sector banks will require capital of Rs.1.80 trillion over four years. Of this, banks will have to raise Rs.1.10 trillion from the market. As of now, the public sector banks are adequately capitalized and meeting all the Basel-III and RBI norms. However, the government wants to adequately capitalize all the banks to keep a safe buffer over and above the minimum norms of Basel-III.
Source :BankingUpdates.
Sunday, 30 August 2015
Union Bank of India
11:26
United Bank of India looks to bring down gross NPA below Rs 6000 cr
United Bank of India looks to bring down gross NPA below Rs 6000 cr
Kolkata-headquartered United Bank of India (UBI) would make efforts to bring the absolute gross NPA figures below Rs 6,000 crore by the end of the fiscal, a top official of the bank said.
"Our main aim will be to lower the absolute gross NPA level below Rs 6,000 crore by the end of the financial year", MD and CEO of UBI P Srinivas said.
The gross NPA level in percentage terms was around 9.5 per cent. "We will have to bring it between 7.5-8 per cent", Srinivas told reporters on the sidelines of FICCI Banking Conclave here today.
However, there would be some addition to NPAs, he said.
When asked if the bank would sell bad assets to asset reconstruction companies (ARCs), Srinivas said this would happen only when a good value is secured.
He added that the bank is hopeful of getting capital from the government, adding that it had sought Rs 500 crore.
Else, the bank had also drawn up alternative fund-raising plans as well, he said.
On its exposure to the beleaguered Electrosteel Castings, Srinivas said talks are on to find a new promoter. "We hope to get a new promoter by September this year. SBI is talking to some of them and this is being discussed internally", he said.
Source :Bankupdates.
Source :Bankupdates.
