Banking CRM: Lessons from The Bangladesh Heist

CRM Solutions, Banking CRM Software

When USD 101 million were stolen from the central bank of Bangladesh in February 2016, the whole world paid attention. The enormity of the heist deepened when it was revealed that the actual target was  USD 1 billion. It was a clear demonstration of the enormous threat of cyber attacks to disrupt banking services, be it of an individual private bank or that of a sovereign country.

Banks can take lessons from this episode to safeguard customer assets.

The modus operandi

Investigations revealed that the hackers smartly drained (fake) dormant accounts by sending synchronized digital transactions orders. Worse, the safeguards that were (supposedly) in place did not raise any red alerts for the sheer value of transactions or (many) spelling errors. The hackers even had unhindered access to the physical IT infrastructure of the Bank. These attackers used the local administration to install software on the SWIFT systems. All this is not a good advertisement for any bank's competence. 

So let's learn:
Banking CRM has evolved to be smart, agile and intuitive. This recent episode has lessons which can be imbibed in CRM for banking

1. Rethink KYC process

A bank's KYC process should be more than just ticking the boxes. Keeping paper records just for namesake doesn't improve credentials. Digital or eKYC helps in a quicker documentation. It also helps to weed out suspicious elements at the start. Setting alerts in CRM in Banking will help remind executives to keep KYC information up to date. 

2. Carry compliance checks in real time

The sad thing is that most businesses still carry out compliance clearance manually. For any compliance to be effective, it should use real-time approach. CRM solutions now have seamless integration with credit rating bodies and other regulatory bodies that gauge credit risk in real time.

3. Secure privileged account credentials

High Networth Individuals park their funds and more critically, trust with their banks. Validate their trust in your banking systems by securing their credentials. Start with access to critical IT infrastructure. Next, include domain credentials, endpoints, and any other that provide access to the system. 

By centrally securing this, the heist criminals could not have been able to access the credentials needed to reach the systems or carry out any fraudulent transactions. Even if they could have gotten the credentials using key-logging malware, credential rotation could have rendered compromised data invalid.

4. Get algorithms in place

More algorithms mean more codes to tinker with. By implementing a code-less architecture CRM, banks can eliminate the risk of codes getting contaminated. Having an agile, scalable architecture will also reduce resource spend by almost 30%.  

5. Carry out scenario based compliance

Banks should take a proactive approach when it comes to identifying risks and compliance. When it comes to risks, compliance should go beyond the regulations. This bank heist shows that threats to banks are increasingly becoming serious. Compliance must, therefore, be able to adapt to different scenarios and risk situations.

100% precaution does not mean 0% risk.

With proper policies and tools imbibed in your CRM software, this chances of this event recurring could be mitigated. Your banking mechanism should be integrated, innovative, and thorough for the security of customers' finance to be effective.