The governor of the Bangladesh central bank has resigned over a $101m cyber theft from the bank’s accounts with the New York Federal Reserve last month.
Atiur Rahman offered his resignation to Sheikh Hasina, Bangladesh’s prime minister, “for the sake of my country” after an audacious electronic raid that constitutes one of the biggest bank robberies in history.
The thieves attempted to send about $1bn to various accounts on February 4, but a transfer to Sri Lanka aroused suspicion and most of the transactions were stopped. Officials at Bangladesh Bank say $20m was recovered from Sri Lanka, but $81m made it to the Philippines and has yet to be found.
Mr Rahman’s resignation came as a probe into the heist began in the Philippine senate, where officials are calling for anti-money laundering legislation to be broadened to cover casinos.
Initial investigations in the Philippines suggest that much of the money flowed from Bangladesh Bank’s New York account to four accounts with Rizal Commercial Banking Corporation in Manila.
Julia Bacay Abad, executive director of the Philippines’ Anti-Money Laundering Council (AMLC), said some $50m found its way to two casino groups. She named them as Eastern Hawaii Leisure and Bloomberry Resorts, which is owned by billionaire Enrique Razon. RCBC, Eastern Hawaii and Bloomberry could not immediately be reached for comment.
Ms Abad added that more than $30m of the funds was handed over in cash to a man in Manila.
Tuesday’s testimonies raised fresh questions over the vigilance of Philippine banks, with officials pointing out that all four RCBC accounts had been registered using fake addresses.
“Is it not standard practice of your bank to verify the identity of an account holder when they open an account?” Teofisto Guingona, who led Tuesday’s inquiry, asked representatives from RCBC.
Emmanuel Dooc, a lawyer for the AMLC, said the country urgently needed regulatory reform. “The lesson we learnt from this is unmistakable — we have to put more teeth in our laws,” he said. “There are gaping holes in our laws.”
Cyber-thieves are believed to have deployed computer “malware” in their attempt to clone authorisation codes to make the transfers.
Worried central bank officials and commercial bankers across Asia are eager to know exactly how the theft succeeded, particularly if it turns out that the criminals had no one on the inside to help them with authorisation code and succeeded with the malware attack alone.
Dhaka said it would set up a four-member committee to investigate the theft. Bangladesh Bank has already hired experts from Mandiant, part of the FireEye cyber security group, to investigate the incident.
FireEye declined to comment on the Bangladesh Bank case but said attempted cyber crimes on banks and big corporations were multiplying.
“If you look at banks around the world and definitely here in Asia, they are basically facing increasingly sophisticated cyber attacks,” said Bryce Boland, the company’s chief technology officer for the Asia-Pacific. “There’s a lot that banks can do to improve their ability to prevent these things.”
Mr Rahman resigned after AMA Muhith, the finance minister, accused the central bank of being “very incompetent”. The central bank’s slowness in announcing the theft, which took nearly a month to come to light, particularly angered Bangladeshi government officials. “I am very unhappy about the handling of the matter by Bangladesh Bank,” said Mr Muhith. “Bangladesh Bank authorities did not inform [us] of the matter.”
The government has appointed Fazley Kabir, chairman of state-owned Sonali Bank and a former finance secretary, as the new governor of Bangladesh Bank.
Ms Hasina called Mr Rahman’s resignation “a courageous move” and “a rare instance of moral strength and courage” and paid tribute to his work in helping to develop the Bangladesh economy. The mild-mannered Mr Rahman, who was due to retire in five months, rose from a humble background and in recent years focused his attention on climate change, environmental issues and “sustainable development”.
Mr Muhith last week said Dhaka was considering filing a case against the New York Fed, whose officials “cannot avoid their responsibility in any way”, he said.
But a spokesperson for the New York Fed said its systems were not hacked and the transfers were made after it followed protocol. “To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised,” it said.
Get alerts on Bangladesh when a new story is published