The Philippines bank through which $81 million stolen from Bangladesh’s central bank was channeled in February said on Tuesday that the central bank was responsible for the heist, and so any liability should not be passed on.
Manila-based Rizal Commercial Banking Corp. (RCBC) was responding to comments by a Bangladeshi investigator that some Bangladesh Bank officials deliberately exposed its computer systems and enabled hackers to steal the money from its account at the Federal Reserve Bank of New York.
Bangladesh Bank had been demanding that RCBC compensate it for the loss, blaming it for ignoring red flags.
RCBC said it did nothing wrong.
“The statement of the Bangladesh investigator indicating acts of criminal negligence on the part of certain Bangladesh Bank officials validates what RCBC had been saying all along, and that is that Bangladesh Bank’s own acts are the cause of its own loss,” RCBC’s lawyer Thea Daep told Reuters.
“They cannot pass on liability to RCBC that had nothing to do with the theft of the funds.”
Daep said RCBC would study legal options to see if Bangladesh Bank can be sued in court for making the accusations.
Bangladesh Bank spokesman Subhankar Saha could not be reached for comment on a public holiday.
Senior Bangladesh police officer Mohammad Shah Alam, who is leading Bangladesh’s investigation into one of the world’s biggest cyber heists, told Reuters on Monday some central bank officials had knowingly created vulnerabilities in the bank’s connection to the SWIFT global messaging and payments system.
They had worked with some foreigners, Alam said, without giving details.
Alam said investigators were trying to find out how the mid-ranking officials were connected to the hackers and whether they benefited financially from the heist. He said arrests were likely soon.
In early February, the unidentified hackers used the SWIFT network to send fake orders requesting the transfer of nearly $1 billion from Bangladesh Bank’s account at the New York Fed.
Many of the transfer orders were blocked or reversed, but, after a series of oversights and miscommunications, the New York Fed ultimately sent $81 million to four fake accounts in a branch of RCBC.
Most of the funds then disappeared into Manila’s loosely regulated casino industry.
Only around $15 million of the loot has been returned to Bangladesh.