Bangladesh seeks recovery of millions routed to murky accounts in Philippines
Hashing out liability in financial crimes involving cyber-heists and their money launderers remains a relatively new legal field, and Bangladesh continues to try to navigate it in order to recover $66 million of the $100 million stolen in a brazen money-transfer heist in early 2016.
Reuters reported this week on a settlement reached between Ecuadora’s Banco del Austro and Wells Fargo related to a fraudulent transfer of $12 million processed by Wells Fargo in 2015. While that settlement is sealed and neither of the parties are commenting, the Reuters report notes that it may provide a pathway to recovery of at least some of the remaining $66 million sought by the Central Bank of Bangladesh.
Industry watchers will no doubt recall the shock of the initial report of the $100 million heist from the Central Bank, a heist that featured infiltration of the bank’s systems and use of its heavily-secured SWIFT network to send out transfer requests for hundreds of millions of dollars. The New York Fed processed one of the requests to send millions to RCBC, a bank in Manila. From there, the money disappeared into fraudulent accounts and into casinos in the Philippines.
An international investigation has not yielded any convictions, and various recriminations have bounced among the various players, including the Central Bank itself, the New York Fed, the Philippines, the SWIFT network, and especially RCBC.
The Central Bank of Bangladesh has especially implicated RCBC and its failure to freeze the stolen funds before they were routed out of fraudulent customer accounts at RCBC and into the murky and untraceable casino accounts in the Philippines. However, the Central Bank of Bangladesh was the one hacked, probably with insider help, and it was a breakdown of safeguards in that bank that gave the cyber thieves that initial access. Regardless, they maintain that institutions along the transfer chain should have stopped or delayed the transfers.
Reuters notes that Bangladesh authorities acknowledge that they are looking at the Banco del Austro settlement to see whether it provides a path for their own recovery of funds. RCBC has asserted that it was simply the beneficiary bank and was not responsible for authorizing the initial transaction or providing access to the hackers. There are also questions of jurisdiction and which nations’ laws would apply given the international trail of the heist.
With the rise in hacking/heist attempts and the incredibly high dollar value of the attempts, financial institutions are eager not only to boost their defenses against fraudulent transfer attempts but also to understand where liability and risk lie in the event of a successful heist. Themost recent cyber attacks using the SWIFT network occurred this year at the Malaysian Central Bank, which has said it successfully stopped the fraudulent transfers.
________________________
Global RegTech Platform with end-to-end AML/CTF
The stakes and complexity of global eGRC requirements rise every year, and AML Partners’ RegTech One (TM) is your one-platform solution to every eGRC need. Contact us today to explore how our end-to-end AML Ecosystem SURETY Eco and the SURETY modules –powered by the RegTech One platform–can transform the efficiency and effectiveness of your unique AML Compliance efforts. SURETY Eco includes fully integrated modules for CDD/KYC on-boarding, behavior/transaction monitoring, and sanctions screening. And AML Partners simplifies your end-to-end fully integrated AML Compliance efforts even further with an optional Subpoena Search module for FinCEN 314a and similar subpoena searches. Contact us today to learn more or schedule a demo of SURETY Eco, the AML Ecosystem powered by the RegTech One platform. With extraordinary configurability and built for API extensibility, the RegTech One platform powers not only an end-to-end AML ecosystem but also CECL workflows, vendor management, cyber risk workflows, FCPA workflows, and so much more.
