Germany’s state-owned development bank KfW, which gained publicity for erroneously transferring hundreds of millions of euros to Lehman Brothers Holdings Inc. the day the U.S. firm filed for bankruptcy, has done it again.
KfW in February mistakenly transferred more than 5 billion euros ($5.4 billion) to four banks because of a technical glitch that repeated single payments multiple times, according to people familiar with the matter. The total amount transferred was as high as about 6 billion euros, said one of the people, who like the others asked not to be identified because the matter is private.
“KfW has detected the system’s incorrect behavior very early in the process, immediately mitigated the unwanted action and started the necessary process of analyzing the causes,” the bank said in an emailed statement. “The mistake was rapidly identified and eliminated, and the amounts overpaid were successfully demanded back. We regret that during works on the systems, this incident could happen due to human error owing to a configuration mistake.”
The incident serves as a reminder of an ill-timed payment of more than 300 million euros KfW made to Lehman Brothers in September 2008, just as the U.S. investment bank filed for bankruptcy. At the time, the German lender failed to refresh its counterparty check that would have prevented it from processing the regular transaction. The transfer turned into a political scandal in Germany, with newspaper Bild calling KfW “Germany’s dumbest bank.”
Such errors expose a broader security risk banks face because outdated technology, an issue Germany’s financial watchdog BaFin has recently highlighted. BaFin, which has conducted a special audit at KfW, has imposed a capital surcharge for the bank after finding that its information technology systems were inadequate, according to people familiar with the matter.
Oliver Struck, a spokesman for BaFin, declined to comment.
The technology shortcomings are especially alarming because of an increase of hacker attacks on financial institutions. In January, Lloyds Banking Group Plc was hit by a cyber-attack that disrupted online services for customers. A hacking group dubbed “Anonymous” last year attacked at least eight monetary authorities, including the Dutch Central Bank, the Bank of Greece, and the Bank of Mexico, people familiar with the matter have said.