OCBC Hit With S$330 Million Additional Cap Requirement After Phishing Scam

OCBC Hit With S$330 Million Additional Cap Requirement After Phishing Scam

by May 27, 2022

The Monetary Authority of Singapore (MAS) has imposed an additional capital requirement of approximately S$330 million on OCBC Bank.

The regulator said that this move was in response to the deficiencies in the bank’s response to a wave of spoofed SMS phishing scams in December 2021.

OCBC made S$13.7 million ($10.1 million) in goodwill payouts to customers who had fallen prey to the SMS phishing scam in January this year.

The bank is now required to apply a multiplier of 1.3 times to its risk-weighted assets for operational risk.

This translates to an additional amount of approximately S$330 million in regulatory capital based on reported financial statements as at 31 March 2022.

Following the scams, OCBC engaged an independent firm to review its systems and processes.

Deficiencies were noted in the bank’s mitigation of identified risks, pre- and post-transaction controls, incident management and complaints handling, resulting in delays in containment measures and customer response time.

The deficiencies identified are in line with MAS’ assessment and the bank is in the process of addressing them.

The additional capital requirement imposed takes into consideration actions taken by OCBC to strengthen its controls and its approach to resolving customer complaints following the incident.

MAS added that these additional capital requirement will be reviewed when it is satisfied that OCBC has addressed all deficiencies identified in the review.

Marcus Lim

Marcus Lim

Marcus Lim, Assistant Managing Director (Banking and Insurance) at MAS said,

“Financial institutions have a duty to put in place robust measures to prevent, detect and respond to scams. This means ensuring that their controls remain effective against evolving scam tactics, and prompt actions are taken as soon as a scam is detected.


Consumers must also remain vigilant against persistent attempts by scammers to deceive them into divulging their log-in credentials or initiating transfers themselves. MAS is working closely with the industry and other agencies to further strengthen our collective defences against scams.”