Central bank accused of concealing ‘everything it could’
Rizal Commercial Banking Corp. (RCBC) on Tuesday accused Bangladesh Bank of covering-up its faults in last year’s multibillion-dollar cyberheist, responding to a government minister’s threat to “wipe out” the Philippine lender.
In a statement on Tuesday, the RCBC claimed the theft was an inside job and that Bangladesh was attempting to redirect attention by maligning the Yuchengco-owned bank.
Bangladesh’s finance minister, Abul Maal A. Muhit, said on Saturday that a lawsuit would be filed against RCBC, which was used to channel $81 million out of $101 million stolen in February 2016 from the Bangladeshi central bank’s account with the Federal Reserve Bank of New York.
Just $18 million of the $81 million, which laundered in Philippine casinos, has been recovered.
RCBC, which insists that it was also a victim, was slapped with a P1-billion fine last year by the Bangko Sentral ng Pilipinas for failing to comply with banking laws and regulations.
“The Bangladesh Bank has taken a decision … We haven’t so far taken any steps as the Philippines government was taking care of it,” Muhith said in Dhaka.
“But it seems Rizal bank has been playing delinquent. We want to wipe out Rizal bank from the world,” Reuters quoted him as saying,
RCBC called the statements “extremely irresponsible” and said Bangladesh should be compelled to disclose findings that would be crucial in the global fight against cybercrime.
“At least from five reports — SWIFT; FireEye, an international cyber security outfit; Bangladesh’s own finance minister; its government-appointed panel; and a Bangladeshi expert — point to a conclusion that somebody inside BB (Bangladesh Bank) would have made the heist possible,” RCBC said.
It also claimed that Bangladesh Bank had no firewall to protect its system and used second-hand $10 switches, making the bank vulnerable to hackers. Hackers conducted trial runs in January last year but apparently the monetary authority did nothing to protect its system, RCBC added.
The lender added that based on reports, Bangladesh Bank had terminated its contract with FireEye. The Bangladeshi expert also disappeared.
“Bangladesh police investigated some BB people but only for negligence. Up to now, we do not know if anybody has been taken to court,” RCBC said.
“BB should stop making RCBC its scapegoat. RCBC has revealed everything it legally could to the Senate and to the Bangko Sentral ng Pilipinas; BB, however, has concealed everything it could. The contrast is telling,” it added.
On the issue that Bangladesh Bank wants RCBC to return the missing money, the lender replied: “If it was stolen by your own people, why ask us? We are actually a victim of BB’s negligence.”
RCBC said it received the funds in good faith because the transactions were cleared and authenticated by the
New York Fed and SWIFT, whose secure communications system is used by banks all over the world.
Three global banks — Citibank, New York Mellon and Wells Fargo — remitted the funds to RCBC.
“These organizations are among the most sophisticated in the world and their remittances are accepted as a matter of course”,” it said.
RCBC said Bangladesh Bank belatedly requested that the funds be frozen via an ordinary email, not the Code Red message banks use to raise an alarm.
“This resulted in their message being bunched with thousands of ordinary messages RCBC receives from all other banks all over the world each day. Had they sent a Code Red, we would have caught it,” RCBC said, adding that Bangladesh Bank did not reach out in any other way.
Hackers sought to steal around $2 billion from the Bangladesh Bank’s account but the New York Fed managed to block all but five transactions worth $101 million. Of the amount, $20 million (since recovered) went to Sri Lanka and $81 million was deposited in fictitious accounts at an RCBC branch in Makati City.
Money laundering charges have been filed against the RCBC branch’s manager, Maia Deguito, who claims the transactions were cleared by top RCBC officials. The bank’s president, Lorenzo Tan, and its treasurer, Raul Tan, resigned in the wake of the scandal.