The recent cyberattack at SBM Bank (Mauritius) Ltd.'s Indian unit is credit negative, Moody's said.
The rating agency said Oct. 10 that the cyber breach highlights the elevated operational risks and challenges that the bank faces in its attempt to expand in bigger markets such as India.
SBM Holdings Ltd. reported the cyberfraud Oct. 3, a day after the attack, and noted a potential loss of up to US$14 million.
The bank was able to recover about 80% of the stolen funds, which minimizes financial losses, Moody's said. Efforts to recover the funds are ongoing and the bank will seek compensation through a claim to its insurance company. Moody's expects this to further reduce losses.
The rating agency estimates the negative effect of the fraud to be around 9% of the bank's annualized net profit for 2018, or about 1% of its common equity Tier 1 capital. It also expects the incident to have minimal impact on the lender's underlying financial position and credit profile.
However, elevated credit losses related to a one-off international impaired exposure in the first half will negatively impact the bank's full-year results, the rating agency added.
The bank received a license to operate a subsidiary in India in January, making it the first foreign bank to receive such a license.