Dhaka / Bloomberg
Bangladeshâ€™s Central Bank has suggested the Federal Reserve Bank of New York had a â€œmajor lapseâ€ in allowing hackers to transfer $101 million in transactions that it later flagged as suspicious, according to an internal document seen by Bloomberg.
The document, dated March 13, sheds new light on Bangladesh Bankâ€™s interpretation of a cyber heist in which hackers tried to steal nearly $1 billion last month.
It outlines the strategy for recouping the stolen cash, including possible legal measures, and doesnâ€™t appear to include input from anyone outside the central bank.
It also shows the New York Fed and Bangladesh put in place greater security measures on transfers immediately after the theft.
In early February, the Federal Reserve Bank of New York blocked 30 transactions from Bangladeshâ€™s account valued at $850 million because of a lack of beneficiary details, according to the Bangladesh Bank
document. However, the New York Fed allowed another five transactions to go through â€œwhich they subsequently flagged for due diligence review,” it says.
â€œWe view this as a major lapse on the part of FRB NY,” the document says, referring to the New York Fed. Bangladesh is engaging legal counsel in New York City â€œto establish precise grounds of initiating lawsuit claiming recompense,” it says.
New York Fed spokeswoman Andrea Priest said they arenâ€™t commenting beyond a statement earlier this month. The instructions to make the payments from the account of Bangladeshâ€™s central bank followed standard protocols and were authenticated by the SWIFT message system used by financial institutions, a Fed spokeswoman said on March 8.
Subhankar Saha, spokesman for Bangladesh Bank, said he wonâ€™t comment on any internal document or any part of the investigation.
Investigators are still trying to determine the masterminds of the heist. Earlier this month Bangladesh Finance Minister Abul Maal Abdul Muhith said the Fed was responsible for the stolen funds.
Weekend phone calls
About $81 million ended up in the Philippines and most has disappeared. Philippine authorities have accused a branch manager at Rizal Commercial Banking Corp. of laundering money, a charge she has denied. Another $20 million sent to Sri Lanka was returned by Pan Asian Banking Corp. after it spotted a spelling error in the beneficiaryâ€™s name and flagged that to Bangladesh authorities.
The suspect transfers were made on Thursday, Feb. 4. Bangladeshâ€™s central bank â€” with limited staffing on the Friday-Saturday weekend â€” didnâ€™t detect the fraud until two days later, in part because of a printer error. It also received two SWIFT messages from the New York Fed dated Feb.
4 â€œmentioning about â€˜doubtfulâ€™ Payment Instructions,” according to the
On February 6, Bangladesh Bank immediately contacted SWIFT about the issue and was advised to â€œcordon off” the local server while damage assessments were carried out, according to the document. Bank also called the New York Fed on a phone number that appeared on its website, but couldnâ€™t connect with anyone, it said. Central bank officials sent four e-mails and a fax to the New York Fed to try and get them to stop payment, it said.