The Federal Reserve Bank of New York has asked the Philippines’ central bank to help Bangladesh Bank recover the $81 million that was stolen by hackers in February from its account held at the Fed, boosting Dhaka’s efforts to retrieve the money.
In a letter sent on June 23, New York Fed General Counsel Thomas Baxter asked Elmore O. Capule, general counsel for the central bank of the Philippines, “to take all appropriate steps in support of Bangladesh Bank’s efforts to recover and return its stolen assets.”
In the letter, which has been seen by Reuters, Baxter also wrote that the payment instructions that led to four money transfers to beneficiary accounts at the Manila-based Rizal Commercial Banking Corp (RCBC) were authenticated using a “commercially reasonable security procedure,” but that they were issued by persons using stolen credentials.
Bangladesh Bank has also agreed to share with the Fed a report into the heist that was prepared by U.S. cybersecurity firm FireEye, said a source close to the Bangladesh central bank with direct knowledge of the decision. Officials in the United States have been asking for that for some weeks.
The New York Fed had no immediate comment on the letter nor on the FireEye report.
Bangladesh Bank spokesman Subhankar Saha could not immediately be contacted for comment outside regular business hours.
The Philippines’ central bank said it would not comment in a case in which there were ongoing investigations. RCBC said in a statement the bank supported the efforts of Bangladesh Bank in recovering funds from “the parties who ultimately received them.”
After going to RCBC, the money was mostly laundered through the Philippines’ casino industry and now the trail has gone cold.
Almost six months have passed since hackers broke into the Bangladesh central bank’s computer systems and sought to transfer away as much as $951 million – eventually managing to steal $81 million in one of the biggest-ever cyberheists. Most of that money is still missing and the culprits have not been identified.
There has also been friction between Bangladesh Bank, the New York Fed and payments network SWIFT, over which the payment instructions were issued. But relations seem to be improving to an extent, at least between the New York Fed and Dhaka.
A source close to Bangladesh Bank who has direct knowledge of the recovery process said some Bangladesh Bank officials will fly to Manila next week in an attempt to hasten the recovery.
The source said Baxter’s letter was an indication that the Fed was now working with Bangladesh Bank after initially holding the South Asian bank responsible for the heist.
Bangladesh Bank Governor Fazle Kabir told reporters on Tuesday that his Philippine counterpart had nearly completed an investigation into how the $81 million wound up at RCBC, and that he hoped for the swift return of the stolen funds. Kabir also said he hoped the Philippine authorities would hold RCBC responsible for disbursing the stolen funds that landed in accounts there.
RCBC has blamed the manager of the branch where the funds were transferred.
“We had these rogue employees or officers that were able to do these things,” Cesar Virata, corporate vice chairman of RCBC, told Reuters this week. “It can happen to any bank.”
He added: “I think the Bangladesh government should find out first who was responsible for remitting their funds.”
In another sign of improving cooperation between Bangladesh Bank and the New York Fed, a team of officials from Bangladesh will hold meetings with Fed officials in New York between Aug. 15 and Aug. 19, according to two sources in Dhaka.
The “technical” meeting will discuss more about the heist and look at processes to be put in place to prevent such events from happening in future, said the source close to Bangladesh Bank.
A New York Fed official who requested anonymity said the goal of the meeting “is to understand what happened, what remediation steps have been taken by Bangladesh Bank to meet its contractual obligations, and to begin a path to normalize operations.”
The initial FireEye report submitted to Bangladesh Bank in March and seen by Reuters had blamed a sophisticated third party for the attack and had identified around 35 “compromised” Bangladesh Bank assets.