TOKYO -- The ATM card fraud involving Bank of Yokohama raises the issue of how thoroughly Japanese banks supervise subcontractors managing their core banking systems.
Police said Wednesday that they have arrested a former official at the bank's system management subcontractor, Fujitsu Frontech. According to Bank of Yokohama, the employee acquired personal information, including PINs, from 44 banks, credit card companies and other financial institutions. The suspect allegedly withdrew a total of 24 million yen ($234,000) from 48 accounts illegally.
In Japan, this marks the third incident in which an employee at a system management subcontractor siphoned funds from deposits using personal information obtained through their jobs. The first was at Sendai Bank in 2006, followed by a 2012 case at a group of regional banks.
Behind the latest incident are slipshod practices at the subcontractor and a lack of oversight.
The suspect, a 46-year-old man, belonged to a team that investigates ATM glitches. He acquired PINs, or personal identification numbers, from the bank through NTT Data. According to Fujitsu Frontech President Bunmei Shimojima, PINs are "not necessarily required information" for getting to the bottom of ATM malfunctions.
Bank of Yokohama has an outsourcing contract with NTT Data but not with Fujitsu Frontech. Oversight tends to become lax when it comes to subcontractors of subcontractors, or even further down the pyramid.
The fraud is also tied to an industrywide issue. Regional banks rushed to outsource system management in the 2000s amid pressure to improve their financial standings as they cleaned up bad loans. The Bank of Yokohama reduced systems personnel at the parent to about 30. Outsourcing took place so rapidly that strict rules for supervising subcontractors have not been established.
A Financial Services Agency official expressed concern that similar cases of fraud could take place since banks have similar approaches to systems management.