The $2-billion fraud at Punjab National Bank (PNB) involving jeweller Nirav Modi has prompted the Reserve Bank of India (RBI) to read the riot act to banks to bolster their fraud prevention and detection framework. The central bank has directed all banks to implement as many as 29 measures \u2014 from creating an alert system by June 30 on breach of any control limits to linking of SWIFT system (which was abused by some PNB employees causing the fraud) with Privileged User Management Systems as well as core banking solutions (CBS) \u2014 within set deadlines. It has warned that \u201cany lapse on the part of the banks in ensuring compliance with the aforesaid requirements would attract strict enforcement action\u201d. In a letter to chiefs of all scheduled commercial banks, the RBI said the fraud \u201cindicates ineffective implementation of the prescribed control at the levels of business unit, risk management and audit function\u201d. \u201cCompliance with clearly-articulated regulatory\/supervisory instructions on a vital subject such as SWIFT has not been ensured by many banks. Against this backdrop, there is a need for a thorough review and reinforcement of fraud prevention and detection frameworks in place in the banks,\u201d the RBI said in its February 20 letter, reviewed by FE. The regulator also stressed it had flagged potential misuse of SWIFT and issues relating to cyber security controls in its confidential circulars sent to banks in August and November 2016. Banks have been directed to implement as many as 23 measures immediately, and two each by March 31, April 30 and June 30. The letter suggests various checks and balances for banks, covering a wide spectrum of their operations \u2014 from daily transactions to security alerts to HR initiatives. For instance, it asked banks to set up a system by June 30 to generate alert on breach of any control limits as well as any on other unusual feature in transactions. Similarly, banks have to create by March 31 an additional layer of approval for all payment messages exceeding a particular threshold. Until SWIFT is linked with CBS by latest by April 30, no SWIFT message will be created without ensuring the underlying transaction is duly reflected in the CBS. Similarly, the regulator has asked banks to exercise control over sending payment messages to banks with which the Nostro account is maintained. It said a limit on the payments that had individuals as beneficiaries would be determined, above which the correspondent bank will be asked to seek confirmation from the remitting banks before effecting payment. This control would be in place by March 31, 2018, it said. The SWIFT system was misused by some officials at PNB to issue letters of undertaking (typically credit guarantees) to firms of Modi and his uncle Mehul Choksi without making corresponding entries in the bank\u2019s CBS in a bid to escape tighter scrutiny, which led to the biggest fraud in the country\u2019s banking history. Finance minister Arun Jaitley has already slammed auditors, bank management and regulators for the inability to detect the fraud at PNB on time and said laws would be further tightened, if required, to punish fraudsters. The central bank has also set up a panel in February, headed by its former board member YH Malegam, to look at the divergence in asset classification and provisions reported by banks and those interpreted by the RBI\u2019s auditors. The committee will also examine the increasing instances of fraud in the banking system.