MAS slaps S$330m add'l capital requirement at OCBC after phishing fiasco

The review found deficiencies in the bank’s risk mitigation and incident management.

The Monetary Authority of Singapore (MAS) has imposed an additional S$330m (approximately US$240m) in capital requirements on OCBC Bank after deficiencies in the bank’s response to the SMS phishing scams in December 2021.

An independent firm engaged by OCBC to review its systems and processes noted deficiencies in the bank’s mitigation of identified risks, pre- and post-transaction controls, incident management and complaints handling. This reportedly resulted in delays in containment issues and customer response time.

The deficiencies named were in line with MAS’ own assessment. OCBC is reportedly in the process of adjusting them.

MAS will review the additional capital requirements when the regulator “is satisfied that OCBC has addressed all deficiencies identified in the review.”