Bangladesh Has Made No Arrests in Central Bank Heist

Nearly two months after the cyber theft of U.S. $81 million from Bangladesh’s central bank, Bangladeshi finance officials and police say they have not identified any suspects in the country’s largest-ever heist.

Mirza Abdullahel Baki, a superintendent at the Criminal Investigation Department (CID) and member of a police team probing the theft of the money from the Bangladesh Bank (BB) on Feb. 4, said the team hoped to travel to the Philippines – where the stolen money ended up being wired – to question banking officials and other suspects there.

“Once we have received permission from the court, followed by the government, we will fly to Manila as part of our investigation,” Baki told BenarNews.

Elsewhere, the Philippine government is questioning at least one person to determine how some of the money ended up in accounts held by local casinos.

While testifying before Philippine lawmakers on Tuesday, casino junket operator Kim Wong – who has been linked to the theft of money from the Bangladesh Bank – blamed two fellow Chinese businessmen for channeling money into the Philippines.

Wong told the Philippine Senate Committee that two Chinese nationals, Sua Hua Gao and an associate identified as Mr. Ding, brought the money to his casino with the help of banker Maia Deguito, according to Agence France-Presse.

Wong expressed his willingness to return $4.63 million to the Bangladeshi government, according to the media reports. He said Gao had been a casino agent for almost eight years and that Gao had introduced him to Ding, a businessman from Macau.

Deguito, a former branch manager of the Manila-based Rizal Commercial Banking Corp. (RCBC), had been asking him to open an account in her branch, Wong testified.

Wong said he and Gao met with Deguito in his office at the Midas Hotel and Casino in Manila sometime in May 2015. Five accounts were opened in the RCBC bank branch managed by Deguito. The first transactions occurred just after the Feb. 4 theft, AFP reported.

Information deleted from BB computers

The record theft – in which hackers tried to steal up to $1 billion of Bangladeshi central bank money held in its account at the Federal Reserve Bank of New York – led to the resignation of Bangladesh Bank Gov. Atiur Rahman earlier this month and the sacking of two of his deputies.

Mohammed Farashuddin, a former governor of the central bank who is leading the investigation, told BenarNews that the theft could not have happened “without the collusion of Bangladesh Bank officials.”

In recent weeks, Bangladesh’s Financial Intelligence Unit and the Philippine Anti-Money Laundering Council have been working to trace the stolen money, the CID’s Baki said.

No one has been arrested because information regarding payment orders made for multiple wire transfers from the account at the New York Fed was deleted from Bangladesh Bank computers, Baki told BenarNews.

In other developments, the central bank has appointed barrister Ajmalul Hossain to explore the possibility of filing a lawsuit against the New York Fed for its role in the wire transfers, according to Bangladeshi Attorney General Mahbubey Alam.

Earlier, a spokesperson for the New York Fed said there was no proof that its system had been breached.

“Look, it is very difficult to recover the goods once a thief has taken those out of your house. What I can say is that we can recover the stolen money with the help of the international community and the international tools to recover the stolen money. We need time to do so,” Alam told BenarNews.

Congresswoman demands answers

The theft came to the light through a report published by a Philippine newspaper on Feb. 29.

On its Facebook page, the central bank said that thieves hacked its cyber system and placed 35 payment orders with the New York Fed, using its exclusive SWIFT code, which is used for international wire transfers between banks. Five orders involving U.S. $101 million were processed automatically.

Of that amount, U.S. $81 million went to five accounts at an RCBC bank branch in the Philippines, while the remaining $20 million went to a bank account in Sri Lanka held by a local NGO.

The RCBC bank released the money to five accounts opened in May 2015, according to Philippine media. The money went to a casino in the Philippines.

In New York, officials with the Federal Reserve Bank stopped processing other payment orders totaling U.S. $850 million because the hackers misspelled the word “foundation” in wire transfers destined for Sri Lanka.

Alerted by the New York Fed, the Sri Lankan central bank stopped these other payments and returned the $20 million to the Bangladesh Bank account.

Last week, U.S. congresswoman Carolyn Maloney sent a letter to the Federal Reserve Bank demanding answers about its role in the case.

Maloney asked why the Fed blocked 30 of the fraudulent transfer orders, but did not block the first five even after it had requested reconfirmation for all orders.

“This brazen heist from the Bangladesh central bank’s account at the New York Fed threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions,” Maloney said in a news release issued March 22.

“We need a thorough investigation to determine how these criminals were able to manipulate the system so that banks and financial institutions can institute standards that will prevent hackers and cyber criminals from siphoning money out of accounts like those held at the New York Fed again.”

A spokeswoman for the New York Fed later said the bank would work with Maloney’s office to arrange a time to talks, according to reports.

And in Sri Lanka, immigration officials in that country last week slapped a travel ban on six directors of the NGO whose account was used for the transfer, bdnews24.com reported.