Months after the $81-million cyber heist from Bangladesh Bank’s account at the Federal Reserve Bank of New York, the world’s major central banks have assembled a task force to look into international standards to counter cyber attacks.
According to Reuters, the world’s major central banks – through the Committee on Payments and Market Infrastructures (CPMI) of the Bank for International Settlements (BIS) – have launched a task force aimed at setting up an inter-bank transfer standard for the bank members to adopt.
BIS represents 60 central banks from around the world. These central banks, including People’s Bank of China, Bank of Japan, Bank of England and the Federal Reserve System of the United States, hold nearly 95% of world’s gross domestic product (GDP).
The $81-million heist from Bangladesh Bank’s account at the Federal Reserve Bank of New York in February this year is one of the reasons behind the establishment of the task force, Reuters reported.
In a press statement, BIS said that the aim of the task force is “look into the security of wholesale payments” involving banks and other financial institutions.
CPMI Chairman Benoît Cœuré said, “Recent incidents of cyber fraud are of significant concern for the central banking community, and we are working to make sure there are adequate checks and balances in place at each stage of the payments process.”
Atiur Rahman, former governor of the Bangladesh central bank who resigned after the $81-million heist, told The New York Times that the heist was a result of a “systemic failure.”
“If you want to take $500 out of your account in the U.S., you’ll be asked several questions,’’ Mr. Rahman told the New York Times. He added that the New York Fed “should have immediately called someone in Bangladesh — the governor or someone.”
When U.S. Congresswoman Carolyn Maloney asked the Federal Reserve Bank of New York about its policy regarding large transfers from the accounts of foreign central banks, the Federal Reserve Bank of New York replied that “every payment that is executed by the New York Fed on behalf of our central bank account-holders results in an advice being issued to the account-holder indicating that its instructions have been carried out.”
The Federal Reserve Bank of New York added:
It is the responsibility of the account-holder to review such notices. We do not have a policy of “reconfirming” payment instructions from central banks unless there is a fatal formatting error or a manual review, either prior to or after payment execution, gives us a reason to inquire about the nature or purpose of an instruction.
What happened to the $81-million heist money?
The $81 million was initially transferred to four accounts at the Rizal Commercial Banking Corporation (RCBC), a Philippine bank. The stolen money was then withdrawn and transferred to three casinos in the Philippines.
In May this year, during a Philippine Senate hearing into the cyber heist, casino operator Kam Sin Wong claimed to have received $35 million of the heist money. He, however, returned only $15 million.
In July this year, a court in Manila forfeited the $15-million money surrendered by Wong in favor of the Central Bank of the Philippines.
In August this year, John Gomes, Ambassador of Bangladesh to the Philippines told reporters, “We are very hopeful that we will get the total $81 million. The reason is I got a commitment from the president (Philippine President Rodrigo Duterte) himself.”
On 19 September 2016, a Manila court ordered the Central Bank of the Philippines to return the forfeited $15 million from Wong to the Bangladesh central bank.
As reported by Reuters, FireEye – the cyber security company hired by the Bangladesh central bank – placed the blame on a sophisticated third party for the cyber attack. Accordingly, six types of malware were used to infect the computer systems of the central bank of Bangladesh.
Images from iStock/kelvinjay and Shutterstock.