BY GORETHY KENNETH
The hacking of the Finance Department’s financial management systems is still being felt three weeks later, with many government service providers saying commercial banks are not honouring government cheques being presented.
It appears the reason the cheques are not being honoured is because the Bank of Papua New Guinea does not want to accept electronic files from the Department of Finance and put its own system at risk of similar attacks.
But a senior Department of Finance official told the Post-Courier the issue about the malware attack has been dealt with sufficiently to allow business continuity, but the hold-up is with the Bank of Papua New Guinea’s reluctance to accept electronic files, including the important cheque usage reports (CRUs) from the department.
This has prompted service providers to ask if the government is broke, but the Finance Department said that is not the case.
It has been three weeks since the malware attack and the BPNG has refused to accept electronic files from the government since then.
The central bank has advised the Post-Courier that they will not divulge such sensitive information, but said they have given their requirements, which the Finance Department has not complied with, thus, the delay in the bank not accepting the cheque usage reports and other electronic files from the department.
“The issue is they (central bank) will not accept the cheque usage reports because the finance system was attacked and they are scared their systems will be attacked as well,” a senior Finance Department official told the Post-Courier.
“However, Finance has already taken measures to ensure that its newly restored infrastructure is clean enough and more secured than the BPNG ICT system.
“BPNG are purposely delaying the digital exchange of CURs so service providers can present their cheques to the commercial banks.
“Service providers such as those providing services for COVID-19 to the Department of Health cannot bank their cheques due to BPNG not allowing CURs from being sent to them by the Department of Finance.”
Cheque usage reports are normally sent to the banks by government departments and agencies that use the IFMS.
Since the IFMS was hacked three weeks ago, that system has been brought to a standstill.
The Department of Finance has since taken steps to set up and operate an isolated financial system that can be accessed from Vulupindi House to allow staff to work because of the looming 2022 budget presentation this month.
Finance Secretary Dr Ken Ngangan also told the Post-Courier instead that cheque writing in the “temporary safe” environment at Vulupindi is going well.
He said all agencies coming in turn to write cheques and they have complied with the requirements and that is going well.
“We have now increased computer access so things are better,” Dr Ngangan said.
“A lot of cheques are written but cannot be presented and cleared by BPNG and alternative arrangements for districts and provinces are going well as well.”
Dr Ngangan said he has written a letter to BPNG outlining the bank’s request for information on the details of the malware attack, the work undertaken to assess, rectify and ensure business continuity and the processes in place to enable cheque usage reports, priority cheque clearance reports, EFT files and other files to be accepted by Bank of PNG.
“I firstly want to stress the urgency of restoring business continuity and that the current decision by the Bank of PNG to not accept digital information and therefore, enable clearance of government cheques is untenable,” Dr Ngangan wrote to BPNG Governor Loi Bakani.
“My understanding is that Bank of PNG officers are waiting on a decision from yourself that enables our department to commence discussions at officer level on acceptable methods of transfer.
“As detailed in the November 10, 2021, letter, the department has introduced new protocols that mitigate from further attacks.
“There is no immediate risk from a malware attack emanating from the Department of Finance’s digital files to the bank under the new environment.
“I also understand that the Bank of PNG has the capability of being able to scan any digital files transferred from the Department of Finance and, to date, there has been no identified malware.
“It is important that we work together to resolve this as a matter of priority and seek your usual and urgent co-operation on this matter.”
Meanwhile, as a follow-up last night with Bank South Pacific regarding instances of commercial bank dishonouring cheques. Bank South Pacific Financial Limited CEO Robin Fleming maintained the issue existed between both the department and Central Bank.
“BSP has had no cause to dishonour government cheques and we understand this is more an information security issue that is being resolved by Department of Finance and Bank of PNG,” he said.