What changed
RBI issued a specific alert about a fraud involving M/s Ahaana Computers, a sole proprietor firm, at a cooperative bank in Tamil Nadu. The fraud exploited unfettered vendor access under an Annual Maintenance Contract and total bank dependency on the firm for computer operations.
What it means for you
Banks must reassess IT outsourcing risks, especially vendor access rights and staff training. The case highlights dangers of poor housekeeping, lack of periodic balancing, and inadequate controls. Lenders should ensure in-house staff can operate systems independently to avoid vendor lock-in.
What you must do
- Review all IT outsourcing contracts to limit vendor access to only necessary functions.
- Train bank staff on software operations to reduce dependency on external vendors.
- Strengthen internal controls, including periodic book balancing and housekeeping checks.
- Exercise caution when dealing with M/s Ahaana Computers or similar sole proprietor IT firms.
Who it affects
All banks with IT outsourcing arrangements, Cooperative banks relying on external software vendors, Bank IT and risk management teams
What specific fraud is RBI alerting about?
A fraud by M/s Ahaana Computers, a sole proprietor firm, at a cooperative bank in Tamil Nadu, due to unfettered access under an AMC and total bank dependency on the firm.
What key controls failed in this case?
Staff lacked knowledge of software operations, controls were inadequate, housekeeping was poor, and periodic balancing of books was not conducted.
What should banks do to prevent similar frauds?
Review IT outsourcing controls, limit vendor access, train staff on system operations, and ensure regular internal checks like book balancing.