A Forgotten Risk in AML Compliance
We here at AML Partners have followed with great interest the cyberheist perpetrated at the Central Bank of Bangladesh earlier this year. It’s a story that not only involves a Central Bank but also the ultra-secure SWIFT messaging system and the vaunted New York Fed.
And according to a recent Wall Street Journal feature, one of the risk elements that resulted in the theft of $102 million was something classic in the industry: Bankers’ hours, a situation complicated by the international nature of the banking.
According to the investigation, cyber criminals had been inside the Central Bank’s computer system for some time, and they had captured passwords and identified transfer processes. The thieves initiated the transfers late on a Thursday afternoon New York time, which was Friday morning in Bangladesh—where Friday and Saturday are the weekend.
IT staff who check in on the Central Bank system on weekends found that they could not get the system running, a glitch apparently created by the thieves. By Saturday in Bangladesh, IT staff had the system running again and they saw the messages regarding suspicious activity from the Fed, at which point recovery efforts began.
Questions abound, and a lot of authorities here and abroad continue to investigate. One of the big questions is why the Fed, sensing suspicious activity even though the transfers looked legitimate, did not delay the transfers entirely until it received a response from Bangladesh.
No doubt those Fed processes and procedures will be analyzed and upgraded. And Central Banks like the one in Bangladesh likely need to upgrade their cyber security and overall vigilance. But it’s interesting to see that the cyber element of this massive theft depended heavily on the traditional complications of international time zones, calendar differences, and bankers’ hours to make the tech so powerful.
SURETY Eco, the AML Software Ecosystem
If you’d like to learn more about the revolutionary ‘Comply on the Fly’ options built into SURETY Eco, call us today. Eco’s integration of CDD/KYC, Transaction Monitoring with optional 314a, and Sanctions Screening delivers a seamless integration of end-to-end AML Compliance.