‘Bankers’ Hours’ an AML Compliance risk?

A Forgotten Risk in AML Compliance

We here at AML Partners have followed with great interest the cyberheist perpetrated at the Central Bank of Bangladesh earlier this year. It’s a story that not only involves a Central Bank but also the ultra-secure SWIFT messaging system and the vaunted New York Fed.

And according to a recent Wall Street Journal feature, one of the risk elements that resulted in the theft of $102 million was something classic in the industry: Bankers’ hours, a situation complicated by the international nature of the banking.

According to the investigation, cyber criminals had been inside the Central Bank’s computer system for some time, and they had captured passwords and identified transfer processes. The thieves initiated the transfers late on a Thursday afternoon New York time, which was Friday morning in Bangladesh—where Friday and Saturday are the weekend.

IT staff who check in on the Central Bank system on weekends found that they could not get the system running, a glitch apparently created by the thieves. By Saturday in Bangladesh, IT staff had the system running again and they saw the messages regarding suspicious activity from the Fed, at which point recovery efforts began.

Questions abound, and a lot of authorities here and abroad continue to investigate. One of the big questions is why the Fed, sensing suspicious activity even though the transfers looked legitimate, did not delay the transfers entirely until it received a response from Bangladesh.

No doubt those Fed processes and procedures will be analyzed and upgraded. And Central Banks like the one in Bangladesh likely need to upgrade their cyber security and overall vigilance. But it’s interesting to see that the cyber element of this massive theft depended heavily on the traditional complications of international time zones, calendar differences, and bankers’ hours to make the tech so powerful.


RegTechONE platform: Complete AML Compliance and KYC solution with no-code workflows, full integration

With AML Partners’ platform technology for RegTech, updating and upgrading your AML and eGRC software solutions is easier, faster, and much less expensive. Contact us today to explore how platform technology and our end-to-end AML Ecosystem powered by the RegTechONE platform–can transform the efficiency and effectiveness of your unique AML Compliance efforts. RegTechONE software for AML Compliance includes fully integrated modules for CDD KYC software for on-boardingbehavior and transaction monitoring software, and sanctions screening software for comprehensive AML screening. And AML Partners simplifies your end-to-end fully integrated AML Compliance efforts even further with an optional Subpoena Search module for FinCEN 314a and similar subpoena searches. Contact us today to learn about our proof-of-concept option or schedule a demo of RegTechONE, the AML software ecosystem. With extraordinary configurability and built for API extensibility, the RegTechONE AML software platformpowers not only an end-to-end AML software solution but also vendor managementAML client lifecycle managementeKYC Golden RecordsPerpetual KYC, and so much more.