OCBC hit by $330m extra capital requirement for phishing scam

SINGAPORE - Singapore's central bank said it has asked Oversea-Chinese Banking Corp Ltd (OCBC) to keep an additional $330 million in capital for operational risk after hundreds of its customers were hit by an SMS phishing scam in December.

"OCBC is required to apply a multiplier of 1.3 times to its risk-weighted assets for operational risk. This translates to an additional amount of approximately $330 million in regulatory capital," the Monetary Authority of Singapore (MAS) said in a statement on Thursday (May 26).

OCBC, Singapore's second-largest lender, said reported losses from the scam amounted to S$13.7 million, mostly in December. The bank made goodwill payouts of the entire amount to victims of the scam, which affected 790 customers.

"Financial institutions have a duty to put in place robust measures to prevent, detect and respond to scams," said Marcus Lim, assistant managing director for banking and insurance, at the MAS.

OCBC said an independent consultant reviewed the bank's anti-scam systems and processes and concluded that there was no cyberattack on its IT systems.

"The SMS phishing attacks impersonating OCBC in December 2021 was unprecedented in that the tactics reached a level of realism not seen in previous phishing scams," Group CEO Helen Wong said in a statement.

"While we took various actions in December to stem the scam, we should have responded faster and better to early signs of the attacks," she said. 

ALSO READ: First youth linked to OCBC scams a secret society member, involved in 2 other cases