http://www.sundaytimes.lk/111016/BusinessTimes/bt31.html
Some 681 incidents of potential cyber threats were reported in Sri Lanka thus far this year, for the period from February to July, according to officials. This was a significant increase over 2010’s total of 151 incidents. However, the majority of 2011’s reports were due to the opening of fake accounts (accounts opened using another’s identity or pictures) and/or hijacked accounts (655) which occurred in the case of free e-mail providers like Gmail, Hotmail, etc. and/or social networking like Facebook. These incidents were usually resolved by the person in question making a request for that account to be closed, according to information provided by the Sri Lanka Computer Emergency Response Team (SL CERT), a subsidiary of the state-run Information and Communication Technology Agency, whose mandate is to protect the country from all cyber security threats. The organisation is a member of the 26-country Asia Pacific CERT as well as FIRST, a 400-member public private international organisation that also comprises most of the top software companies worldwide.
SL CERT’s data also showed that the threat of fake accounts is a growing one as there were only 80 such incidents in 2010, and none the year before. On the other hand, other types of incidents mostly remained below or close to 2010 levels. These included malware (viruses), phishing (automated targeted emails, SMSs, Skype, faxes and other channel abuse where users are directed to malicious sites), abuse of or infringing on the privacy of personal online accounts, defacement of websites, scams such as Green Card lottery emails, etc., threatening or hate mail, and unauthorised access at places of business.
One malware incident was reported in 2011, to date, compared to five such incidents during the whole of 2010, and SL CERT noted that these were resolved by recovering the damaged systems. There were three phishing incidents reported this year, as opposed to six in 2010, which SL CERT dealt with in conjunction with Internet Service Providers (ISPs), international CERTs, etc. Further, there were five scams reported, down from 10 in 2010, and eight website defacements in 2010 as well as in 2011 thus far. The latter was handled through recovery of the websites.
Incidents of threatening or hate mail are low in 2011 with two reported thus far. This is in comparison to 12 in 2010. SL CERT handled these by getting ISPs to issue warnings to the mail’s sender. Also, there were two incidents of abuse of personal accounts and five incidents of unauthorised access of company information, compared to 20 and 10, respectively, the year before, with some of these incidents being forwarded to the Criminal Investigation Department (CID) of the Sri Lanka Police for their criminal actions.
Meanwhile, according to SL CERT Chief Executive Lal Dias, while there have been increased incidents of cyber threats, these correspond to international trends and Sri Lankans should not too alarmed, but should take due precautions. He also pointed out that threat levels for the international financial community were more severe than locally as 90% of all transactions in the West happened online or electronically with this avenue tapped significantly less locally. However, he did reveal that the biggest area of electronic crime in Sri Lanka was bank card fraud.
Speaking of Sri Lanka’s national infrastructure protection cyber strategy, the strategy which protects the country’s automated infrastructure such as power, telecommunications, etc., he indicated that Sri Lanka was “defensive” rather than “offensive” as SL CERT’s mandate was protection, and, as such, an “offensive” approach was not needed.
Mr. Dias also suggested that, while the local financial sector was more than capable of handling cyber threats that cropped up, SL CERT was in the process of setting up a CERT for the financial sector in conjunction with the local Central Bank. This being done to share any vulnerabilities that come up with the entire industry. CERTs were also being set up for local telcos, education and armed forces.
http://www.sundaytimes.lk/110612/BusinessTimes/bt29.html
Sri Lanka’s oldest finance company The Finance Company (TFC) will focus on hire purchase, leasing and pawning as well as land sales to take it back to profitability, according to its Chief Executive Kamal Yatawara. Additionally, the company’s fourth quarter financials reported its net loss for the period had fallen by 3% year-on-year to negative Rs. 2.07 billion while its net loss for the 12 months to end-March 2011 had dropped by 14% year-on-year to negative Rs. 3.68 billion.
A former Ceylinco Group subsidiary which experienced a run on deposits following allegations of fraud at a number of Ceylinco Group firms, TFC was put under management of the Merchant Bank of Sri Lanka (MBSL) by the country’s Central Bank, a caretaker arrangement which ended as of February 2011 following Rs. 3.6 billion in capital raised in January 2011 (40 million voting shares at Rs. 40 each and 100 million non-voting shares at Rs. 20 each). The installation of a new board of directors by the Central Bank was also necessitated after MBSL’s exit.
Elaborating on the loss incurred for the 2011 Financial Year (FY11), Mr. Yatawara noted that it also included “Rs. 1.4 billion provided for fall in value of the assets held by the company, recovery of which is doubtful. The shareholders funds were negative by Rs.3. 488 billion as at 31st March 2011.”
Mr. Yatawara also revealed that, by “[leveraging] the advantage of wide reach and established goodwill amongst the long standing large customer base both in urban and rural Sri Lanka, the deposit intake too has recorded increased volumes.”
The company’s interim, unaudited FY11 financials also showed marked decreases in investments in real estate, housing, hire purchase, vehicle, equipment and property leases as well as its loan burden for its easy payment, housing and fixed deposits products; while more liquid assets, including cash in hand and balances with banks and investments in government securities, bank deposits and dealing securities, were all privy to marked increases. Also going up, by almost three-fold, the company’s exposure to pawning, whereas the line item “amounts due from customers” fell by close to half.
http://www.sundaytimes.lk/110116/BusinessTimes/bt15.html
An alleged US$ 67.2 million scam involving Citibank India’s branch in Gurgaon, near New Delhi, may ultimately prove to be a major setback for all foreign banks awaiting entry to the restrictive Indian market, where foreign banks make up just 0.4% of th industry, reports the Wall Street Journal. This is because the scandal comes at a time when Indian regulators are deciding whether to allow greater expansion of foreign banks into the country, which had 18 foreign banks waiting to enter as of last year.
This scam, valued at between US$ 67.2 million, or US$89 million (4 billion Indian rupees), which was the amount reported by the Press Trust of India; was purportedly thought up by Shivraj Puri, Citibank’s Gurgaon-based Relationship Manager for high net worth clients. Mr. Puri, it was reported, used a mixture of forgery and bribes to attract nearly 20 high net worth individuals, some of who were promised 18% returns and shown forged documents proving the soundness of potential investments. It also roped in 18-20 corporates, where executives were paid commissions of as much as US$ 4 million which was allegedly the case with Sanjay Gupta, Chief Finance Officer of the Hero Group, which has links to Hero Honda, one of the top motorcycle manufacturers in India.
In fact, according to the Press Trust of India, one third of the amount garnered from the scam was attributable to high net worth individuals and others with the balance from the Hero Group, where two other employees other than Mr. Gupta have also been implicated.
Mr. Puri had then allegedly siphoned off these funds into as many as 18 Citibank India accounts opened in the name of family members, which were then used to invest in the derivatives market through stockbrokers Religare and Bonanza, both of whom are also being investigated for violating trading practices and anti money laundering regulations.
Amidst all this is a lawsuit filed by the Managing Director of venture capitalists Helion Advisors, Sanjeev Aggarwal, who claims that his entire savings of US$ 7 million was co-opted by Mr. Puri and this was due to a “systemic failure” in the bank. His complaint has also named a number of Citibank India brass and even, in a surprising turn of events, Citigroup’s global Indian-born Chief Executive Vikram Pandit and even its Chairman and others. According to India’s Business Standard newspaper, Mr. Aggarwal’s complaint has accused criminal conspiracy, cheating, breach of trust and fraud in handling his accounts. The newspaper also says the fraud was discovered a month before it was reported by Citibank to police at the end of December 2010. He has also publicly stated that Citibank India executives had allegedly contacted him to work out a “settlement” which had not been pursued by the bank.
Currently, local police are questioning a number of employees of Citibank India as well as seeking Mr. Puri’s family members for questioning in relation to these events. Mr. Puri and Mr. Gupta are being held in custody. Additionally, as of January 12 story by the Pioneer, no high net worth investors, other than Mr. Aggarwal, have approached the police despite losses amounting to significant sums, a situation which has once again raised the spectre of money laundering. Meanwhile, investigations are also ongoing by the regulator, the Reserve Bank of India, and the Securities and Exchange Board of India.
http://www.sundaytimes.lk/100718/BusinessTimes/bt15.html
SL must double credit flow to achieve target growth
By Jagdish Hathiramani
Sri Lanka would have to double its present credit flow from US$ 1.5 trillion to US$ 3 trillion to achieve its target income per capita of US$ 4,000, according to Priyantha Fernando, a Deputy Governor of the Central Bank of Sri Lanka and Chairman of the country’s Credit Information Bureau (CRIB).
Announcing that the CRIB was now ready to move to a second stage of operations which would offer more value added products, after an upgrade begun in 2005; he also revealed that there were 3 million entities recorded in the organisation’s database. He also revealed that on average 5,000 credit reports were supplied daily, a figure which recently peaked at 7,000 a day. Consumers could request these from banks or even online for a minimum fee.
Also according to Mr. Fernando, moveable assets such as livestock, agricultural equipment, etc. accounted for 70% of the collateral for Sri Lanka’s small and medium enterprises (SMEs). Meanwhile, according to Tony Lythgoe, Head of Financial Infrastructure for the Global Credit Bureau Programme of the International Finance Company of the World Bank, 99% of all business globally fell into the SMEs or micro finance categories while this was closer to 89% in USA.
Indicating that better access to credit for SMEs and Micro Finance Institutions (MFIs) were shown to create employment, he however also suggested that the growth of micro finance was causing an over indebtedness bubble. This was witnessed recently in Pakistan where the opening of a credit bureau documented that micro finance customers in the country had, on average, 2.6 credit facilities each.
Mr. Lythgoe also noted that the role of credit bureaus such as Sri Lanka’s CRIB should be to facilitate broader and fairer access to credit as well as lower the cost of credit for good borrowers. It should also provide information to prevent over indebtedness by making lenders aware of borrowers’ capacity to service debt and improve lenders’ profitability by helping lower operation costs as well as provide proactive tools such as credit scoring, etc.
He also suggested that barriers to credit reporting for MFIs included customer identification (and address verification), IT constraints (connectivity, lack of data automation), process (data collection, application processing, credit risk management), value proposition (high costs of reports, unproven benefits, viability of bureau), experienced specialists such as credit officers, CRMs and regulators, and apathy stemming from over indebtedness, sustainability and the future credibility of the industry.
Mr. Lythgoe also showcased the ideal model of a credit bureau and the features it would provide including the ability to track individuals across multiple companies for a complete credit history as well as the incorporation of data from utility and telecom companies to be used as risk early warning signs, and value additions such as the enquiry log that would showcase customers’ credit enquiry footprint including credit hunger and credit stress factors.
He also noted that a recent meeting he had had with local telecom companies suggested that they would all be willing to share information with the CRIB and also join the bureau, a public private partnership under the purview of the country’s Central Bank. This is to facilitate access to consumer credit information and improve collections while also target postpaid offerings, that are much higher value products, toward better consumers.
Both Mr. Fernando’s and Mr. Lythgoe’s comments were made at a presentation entitled “Credit Reporting and beyond”, organised by the CRIB. Also speaking at the presentation, V. Narasimhan, Chief Operating Officer of Dun & Bradstreet South Asia Middle East, the organisation tasked with the CRIB’s recent upgrade, revealed that the local bureau had currently figures of approximately 6.2 million credit facilities held by 3.4 million entities, encompassing both consumers and corporates. Further, the CRIB’s estimate for the number of credit reports to be issued this year was 1.34 million, up from 866,000 in 2009 and 836,000 in 2008. The fees for credit reports, as per the CRIB’s website, are Rs. 750/- for information about corporates and Rs. 500/- for information about consumers.
Mr. Narasimhan also outlined the roll-out time-line of the products that would be available as part of the CRIB’s second stage: bulk-oriented, offline and cost-effective batch processing and instantaneous, online live processing (already available); automated email alerts that track changes in consumer profile and credit facilities (available in three months); and bureau scoring of customers’ credit worthiness as a numerical expression, business intelligence-centred portfolio monitoring reports, fraud reporting and a secure transaction and collateral registry (available in six to twelve months).
Jagdish Hathiramani's Portfolio 