The RCBC scandal is much bigger than anyone realizes

Ben D. Kritz

Ben D. Kritz

BY now, the chain of events that ended with $81 million in funds belonging to the Bangladesh Bank vanishing in the Philippines by way of RCBC bank and the Solaire casino seems to be fairly well understood, but is raising as many questions as it does answers.

The investigation, such as it is, has focused primarily on one Maia Deguito, the branch manager of the Jupiter St., Makati branch of RCBC, a couple of her subordinates at the Jupiter St. branch, and a couple of mysterious Chinese individuals, William So Go and a certain Weikang Xu.

It is clear, however, that the case involves a much larger conspiracy, and has some frightening implications for not only the Philippines, but other countries as well.

Soft targets
The conspiracy’s choice of countries – Bangladesh, the Philippines, and Sri Lanka – is not surprising. All three countries have a large volume of cross-border financial transactions in the form of remittances, and all three countries are accustomed to moving large individual transactions in the form of development funds and loan receipts and payments. All three also have a reputation for being rather porous in terms of defenses against money-laundering.

Some have expressed surprise that the thieves would target a “poor” country like Bangladesh, but because of remittances – about $15.8 billion in 2015 – and export receipts from its garment industry, Bangladesh actually has large foreign reserves, about $28 billion. The Philippines, with about $81 billion in foreign reserves, would be a much more tempting target, but compared with Bangladesh, whose central bank has had a number of corruption and technical problems throughout the years, Philippine reserves are generally perceived as being more secure. Sri Lanka’s central bank, which has made a number of improvements since the end of that country’s civil war, probably falls somewhere between the other two in terms of its perceived security.

Investigators should consider the commonalities among all three countries, because it is obvious that the conspiracy, whatever it is, has actors in all three places.

Fast company
One of those commonalities is very likely to be one or more business interests, whether companies or individuals, with a presence in all three places, and the clues to that might start here in the Philippines. Putting together conversations with a number of people either currently or formerly involved in the local banking industry with the growing volume of investigative reporting being done on the scandal – primarily from the Wall Street Journal, the Dhaka Tribune and other media outlets in Bangladesh, Reuters, the Associated Press, and an excellent report from the Financial Times ( over the weekend – leads to an interesting hypothesis.

In order to carry out that theft, the conspiracy needed three things: Access to the central bank, which would be the source of the funds; access to a commercial bank to facilitate the transfer of the funds through secure systems, and collectors with the capability to launder large sums quickly. Bangladesh satisfied the first requirement; according to the network security firm FireEye, its central bank’s systems were penetrated sometime around January 16. Whether that was a pure hack from outside or had the assistance of someone inside the central bank is something the Bangladesh authorities are still trying to work out. The Philippines and Sri Lanka both satisfied the second requirement through RCBC here and Pan-Asia Bank in Sri Lanka, and also satisfied the third requirement; Sri Lanka, like the Philippines, also has a large network of remittance and foreign exchange dealers, as well as casinos.

The choice of RCBC has mystified some here, as the bank, at least since about 1998 when it did run into various problems largely as a consequence of the sort of widespread recklessness that led to the Asian financial crisis, has had a perfectly ordinary, clean reputation up until now. Banking insiders, however, have pointed out a rather interesting development in RCBC’s recent history: After Lorenzo Tan was named the head of RCBC in early 2007, the bank went to considerable lengths to cultivate business among the Filipino-Chinese commercial crowd in Binondo (that was supposedly about the same time the Chinese characters above the “RCBC” on the bank’s signage began to appear). While the vast majority of the people in that community are completely honest, respectable businesspeople, it is no secret that there are a number who are not, which can put someone in a high-risk business like banking in a delicate position, having to balance the highly-personalized Chinese manner of doing business with keeping people and transactions sufficiently at arm’s-length and within the bounds of accepted procedure.

People who have worked with or are otherwise well-acquainted with Mr. Tan have pointed out two things about the man that are not necessarily bad characteristics, but could be highly problematic in the wrong environment: He is said to excel at personalizing business relations, and he is described as having a somewhat loose, delegative style of management. Again, these are not necessarily flaws and are actually great advantages in many ways, and certainly do not imply any guilt on his part in the current scandal.

But they do highlight how a very plausible scenario of how things broke down at RCBC might have played out. Anyone who has done business in the Philippines has had the same experience; getting things done is greatly helped by ‘knowing the boss,’ who can cut through a lot of procedural hassle with a mere word to his subordinates. A sharp operator can take advantage of this; it might begin with a small favor here and there—a transaction that might be just a little bit irregular or on the edge of propriety is smoothed over by the president—and then another, and another, until soon enough, the subordinates don’t even bother to clear it with the boss, because the client in question has always been endorsed.

And then at some point comes the money shot, the big and completely off-the-gauge transaction that would raise all sorts of red flags somewhere else. It might even make the functionaries uneasy; but because the boss has always cleared this guy, he must have okayed this, or would anyway if asked about it, and in fact, might even get upset if his underlings question the propriety of his ‘good friend’ again. And so a lowly branch manager, who in any other situation would not even be close to having the authority to clear $81 million worth of fund movements (as one of my investment banker contacts pointed out, it was actually $320 million or more, as the money moved at least four times), simply pushes it through, believing that it has the blessing of the man at the top, when in reality the man at the top may be completely unaware of it, and might be horrified if he knew.

They’re still out there
To what degree the conspiracy might have actually infiltrated the Bangladesh Bank, RCBC, and Pan-Asia—whether or not people on the inside are actually a part of it—is something investigators will still have to figure out; but as can be seen, all they needed was access and not an actual physical presence, and despite the uproar of the scandal, that access really hasn’t been curtailed yet. Properly connecting the dots in RCBC’s part in the scandal will map the relationships that made the theft possible, and the chances are very good that map will connect all three countries at a number of different points.

The concerned authorities better do that soon, because even though the bulk of $951 million the thieves attempted to steal was blocked, $81 million by any definition is still a successful outcome to the operation. Seeing how the authorities responded simply helps the conspiracy hone its tactics – if it were me, I would be very encouraged by the fact it took Bangladesh Bank almost four days to even discover the theft, three weeks for the Philippines to move to freeze the questionable accounts, and more than a month for network experts to figure out how the Bangladesh systems were compromised. I would try it again, and I’d be willing to bet the conspiracy, whoever they are, will as well; and if they do, $81 million is likely to look like bus fare compared with what they could steal the next time.

* * *

A correction of a point in my previous column (“Uncomfortable truths about the RCBC scandal,” March 19): I had written that Roberto Ongpin had been removed from a position at Development Bank of the Philippines because of accusations—which were the basis of a case that was eventually thrown out due to lack of merit —over a questionable loan deal. Mr. Ongpin did not have a position at DBP, but was simply named as having a part in the behest loan case. He instead relinquished his stake at PBCom (his group had acquired the bank in 2011) in 2013 due to an unfavorable decision by the central bank—technically, his election to the board was “deferred” by regulators—which was made because the DBP case was not yet resolved at that point. I apologize for the error and any confusion it may have caused.


Please follow our commenting guidelines.


  1. Maia knew that the specific accounts were inactive for almost a year and that all of a sudden, these accounts are getting a huge amount of money. She even mentioned that she was really waiting for these transactions to happen. Now how can she not be one of the guilty ones?

  2. Mr. Kritz thank you for writing this article. it enabled me to understand the bigger picture and commonalities of the 3 countries in terms of banking systems.

    We just received a good rating as a place to invest and then something like this happens. then elections is nearby. swoosh!

  3. Barbara emelatik on

    Jusko, parang ginisa mo sarili mo Sa sarili mong oil dequito , hahaha para kang nag hukay Ng pag lilibingan mo.

  4. Mr. Fritz
    You insinuated that “knowing the Boss” is the way to do business in the Philippines.
    But you may not understand that even in the Philippines, opening fictitious bank accounts is against the law! Falsifying bank account and forging signatures are criminal. And pushing for transfer of funds to PhilRem despite stop order and to deliver to casinos are definitely way out.
    These actions by the branch manager Deguito is obviously criminal and way beyond special treatment of a friend of the Boss.
    Don’t you think??

  5. Hacking of banks happens a lot, but, its unheard of to have a bank insider who could do such a Yeoman job like Ms. Maia Deguito.
    That’s why most hackers end up failing (no money withdrawn).
    No one has the resources to prosecute every hacker.
    This case in the Philippines is one of its kind.
    Ms. Deguito is most instrumental in this crime.
    You definitely have the attention of the Treasury, FBI, CIA and NSA.

  6. Paul Dela Costa on

    You’ve been EXPECTING deposits for more than a year for an inactive account. 1 year na inactive ang account tapos bigla nalang may papasok na malaking pera? And you let it off that easily?

    • Paul Dela Costa on

      You have been misleading everyone with your statements, Maia Deguito. Moreover, you’re putting yourself deeper into the ground.

  7. You have described the possible scenario in the workings between the top (L. Tan) and the branch manager. In the senate hearings the Chief Legal of RCBC claimed that the bank commission was only 2M. Bank’s spread on foreign exchange transaction is far larger than that – unless it was a negotiated rate. if it was a negotiated rate who negotiated? and who approved?
    Another point, if there is a stop order at the head office, the account is locked and the branch manager cannot override the system.

  8. Of course, it is a much bigger scandal. A scheme like this involving almost a $1Billion could not be pulled off by a few computer hackers. Especially, having been able to move the money all over the world, and being able to withdraw it in cash. The possibility of hacking the system is a lot easier than being able to withdraw all the money from a bank. Banks have a lot of strict policies and procedures when it comes to safeguarding the money of their clients. But of course, when there is collusion, all those protocols could no longer function. Controls become useless when those who are supposed to safeguard it are the ones breaking it. Similar to the security alarm being turned off by the security guard, or similar to the bank manager of a bank delivering a bag of money to the robbers who are waiting in their getaway car. Once again, dishonesty and greed played an important role in this crime.

  9. I think this is a much more fair and well thought-out follow-up to the previous article about “Uncomfortable Truths”. Congratulations to Mr. Kritz.

    It is highly plausible that Mr. Lorenzo Tan, in his desire to revitalize and energize the sleepy old management at RCBC (Mr. Tan replaced that old dinosaur, Cesar Virata as CEO), dispensed with red tape and regulations that seemingly hindered business. It is also highly plausible that, in order to gain access to highly-valued Chinese accounts, subordinates were instructed to do away with procedural hassles. Action agad! That is what bank clients want. Expecially Chinese-Filipino clients who are always busy trying to make the next buck. While this emphasis on action could be good for bringing in business, it could also be a two-edged sword. It could bring in sleazebags and swindlers. Money launderers, smugglers and gamblers. The scenario is very plausible. Delegation is also very important to getting things done. But the significance of delegation can boomerang back on the executive, especially in the Philippine setting, as many subordinates are apt to take this to extreme. We have a culture of pleasing our bosses, even under daunting circumstances. It could well be that Mr. Lorenzo Tan, in his zeal to energize RCBC, unwittingly created a culture of recklessness and impunity within the bank.

  10. Amnata Pundit on

    951 BILLION Dollars is more than enough to tempt even a highly paid president of a Philippine bank.

  11. Lourdes P. Cuamag on

    we are, also, recent victims of “PHISHING & PHARMING”, METROBANK BRANCH, BANKEROHAN BRANCH, DAVAO CITY. BSP, DOJ, OOC well informed. these skilled thieves… they will just hiberbate for awhile… then attack again. better go back to a piggy bank mode, safer.

  12. The AMLAC knows that the Philippines is one of the top destination of “Hot” money. Why did they not be vigilant instead of allowing themselves to be made busy with political operations against administration personalities. That questionable $81million could not have pass thru their knowledge.