One week ago, we documented the Hollywood-esque theft of $100 million from accounts held at the NY Fed and belonging to the central bank of Bangladesh.
In many ways, the heist was elegantly planned and executed and in others it was comically amateurish.
Here are the basics: On February 5, Bill Dudley's New York Fed was allegedly “penetrated” when “hackers” (of supposed Chinese origin) stole $100 million from accounts belonging to the Bangladesh central bank. The money was then channeled to the Philippines where it was sold on the black market and funneled to “local casinos” (to quote AFP). After the casino laundering, it was sent back to the same black market FX broker who promptly moved it to “overseas accounts within days.”
Basically, hackers got ahold of Bangladesh’s SWIFT codes and bombarded the NY Fed with requests for funds from the country’s FX reserves. Mercifully, the Fed declined to clear separate transfers worth some $870 million, but not before $100 million got away.
Four transfer requests totaling $81 million went through, but a fifth was held up when whoever was making the request tried to have $20 million sent to an imaginary NGO called Shalika Foundation but accidentally spelled “foundation” as “fandation.”
According to the Philippine Daily Inquirer, the money was routed to three casino bank accounts via the Jupiter Street, Makati City, branch of Rizal Commercial Banking Corp. The country’s gaming regulator was investigating.
Now, we get new details on what is a truly fascinating story.
First, we learn that the hackers who spelled “foundation” wrong weren’t the only ones to do something silly. The requests came in on a Friday, which is notable because as WSJ writes, “Friday is the weekend in Bangladesh and the central bank’s offices were closed.”
So, “the fact that the money was being wired to personal bank accounts in the Philippines rang alarm bells,” but apparently, the fact that it was a weekend did not.
Still, there were people at the office.
In fact, it was a printer error that tipped Bangladesh off to the scam. “Zubair Bin Huda, a joint director of Bangladesh Bank, found the printer tray empty when he looked on the morning of Feb. 5 for confirmations of SWIFT financial transactions that are normally printed automatically overnight,” Bloomberg reports. “Because it was a Friday -- a weekend in Muslim-majority Bangladesh -- Huda left the office around 11:15 a.m. and asked his colleagues to help fix the problem [but] it took them more than 24 hours before they could manually print the receipts, which revealed dozens of questionable transactions that sent the bank racing to stop cash from leaving its account with the Federal Reserve Bank of New York to the Philippines, Sri Lanka and beyond.”
As the story goes, Huda came into the office on Saturday and found a flashing message on the terminal connecting to the SWIFT system that read: “A file is missing or changed.” Finally, once Huda managed to get the things up and running his team found “receipts show[ing] the Federal Reserve Bank of New York sent back queries to Bangladesh Bank against 46 payment orders in different messages,” Bloomberg recounts.
Well at that point, it was panic time but because it was Saturday, no one was home at the NY Fed.
Anyway, the crack squad at the Philippine anti-money laundering agency has determined that someone needs to check out the branch manager at the bank where the money ended up. That manager is one Maia Santos Deguito. “[She] is a key player here because if you don’t have the cooperation of the branch manager, this could not have been done,” Senator Serge Osmena, vice chairman of the country’s blue ribbon committee, which investigates major issues, told reporters on Wednesday.
That’s correct. It’s also “slightly” suspicious that the CCTV cameras at the branch weren’t working when the money was withdrawn. Rizal wouldn’t immediately comment on the CCTV “issue.”
Deguito decided to essentially plead to fifth in a hearing and it’s easy to understand why. She apparently ignored requests from the Bangladesh central bank to stop the transfers.
After the money left the bank it went to two casinos and "a man of Chinese origin," according to Reuters.
"$29 million ended up in an account of Solaire, a casino resort owned and operated by Bloombery Resorts Corp which is controlled by Enrique Razon, the Philippines' fifth-richest man in 2015, a further $21 million went to an account of Eastern Hawaii Leisure Co., a gaming firm in northern Philippines," and that, according to Teofisto Guingona, head of the Philippine Senate's anti-corruption committee, is where "the paper trails ends" because "casinos are not covered by the country's anti-money laundering laws."
So what of the mysterious "Chinese" man? Well, we don't know. All we know is that he ended up receiveing $30 million in cash in three deliveries via an FX broker called Philrem Service Corp which of course wouldn't talk to Reuters.
Meanwhile, Bangladesh’s central-bank governor, Atiur Rahman - this poor guy...
... took the fall, saying he "took moral responsibility" for the loss. He resigned after seven years at the bank.
We're sure that any day now, Bill Dudley will set up a small table in his back yard, surround himself with reports sitting in the grass, and fall on his sword as well. After all, it's his "moral responsibility."
(Bangladesh... hmmm... is that some place we can see from the roof at 33 Liberty?)