The Bangladesh Bank authorities finally filed a case over last month’s digital heist of $101 million from its account with the Federal Reserve Bank of New York yesterday.
On behalf of the central bank, its Joint Director (accounts and budgeting department) Jubair Bin Huda filed the case against unidentified people with Motijheel police around 4pm. Later the case was transferred to the Criminal Investigation Department (CID), which has an economic crime squad to deal with such issues.
The case was filed under section 4 of the Money Laundering Prevention Act 2012 (amended 2015), section 54 of the Information Technology Act 2006 and section 379 of the Code of Criminal Procedure, Anowar Hossain, deputy commissioner of DMP’s Motijheel division, told the Dhaka Tribune.
The plaintiff said that Bangladesh Bank had already appointed an international-standard forensic team for fair investigation, and was in touch with the New York Fed and the Anti-Money Laundering Council of the Philippines.
“It took some time to file the FIR because an investigation by local and international experts is under way, and we were trying to ensure that the transferred money can be brought back,” the case says.
“Like all other days, all the officials of ‘Back Office of the Drilling Room’ left the premises at 8:03pm on February 4 after completing work. As per the rule of SWIFT transactions, the acknowledgement/confirmation messages of successful transactions of February 4 were supposed to be printed on February 5 in the printer kept in the SWIFT room.
“I went to office on at 8:45am on February 5 and Assistant Director Rafiq Ahmed Majumder enter the SWIFT room at 10:30am, to collect the printed documents of the previous day. But he noticed that the messages were not printed automatically even though it was logged in with the SWIFT server.
“In such a situation, we tried to complete the printing manually but failed. Since such glitches were registered earlier too, we thought that it was a regular problem. I asked other officers verbally to keep trying to solve the issue and update me before I left the office around 11:15am.
“Later I learnt that the officers decided to solve the problem the next day as it was a Friday and left the office around 12:30pm.
“On February 6, I went to office at 9am and tried to solve the printing problem along with other officials. But we noticed that the existing SWIFT software was not opening and whenever attempted, it was giving a notification on the monitor ‘A file is missing or changed’ and showing a file ‘norff.exe’ with a folder path.
“Getting such notification, we crosschecked the problem with the Test Server and were able to open the software at 12:30pm in an alternative way. But the printing problem could not be solved till then. Then I informed the matter to Deputy General Manager Jaker Hossain and General Manager Md BH Khan. Based on their verbal permission, I was able to conduct the printing work manually.”
The plaintiff said: “While sorting the printed messages, it was noticed that the Federal Reserve Bank of New York sent some queries in three different messages. The first massage having 12 queries on 12 transactions was received by our system at 10:24am on February 5, but we could print it around 12:30pm on February 6.
“The two other messages were received at 12:08pm on February 6. In one of them, they had queries about four transactions and about 30 transactions in the other. They sought reconfirmation from us about the 30 transactions and further clarification about the four others.
“If Bangladesh Bank sends any message using its system, a copy of the acknowledgement message remains in the server and if the receiving bank executes the payment, it sends separate debit confirmation for each of the payments and a statement comprising summary of all the statements.
“However, after the incident, we did not find any acknowledgement or debit confirmation of the messages in the system. Although there was an instance of a statement, it was corrupted and so could not be read. At that time, we only had a transaction list sent by the Federal Reserve Bank of New York having only transaction references and amounts.”
The FIR states that they then contacted with the case manager of SWIFT authorities through case number 10522926. “We apprehend that there was a massive problem in the SWIFT system and requested them to look into the matter.
“Realising the importance of an ineffective SWIFT system, we sent an email to Federal Reserve Bank of New York at 1:30pm of February 6 requesting them to temporarily suspend payment processing for all unauthorised payments. A copy of the email was also sent to the bank through fax,” the case statement says.
The Bangladesh Bank authorities frequently tried to communicate with the Federal Reserve Bank of New York over the phone on the day, but failed as it was weekly holiday.
“On February 7, we took an initiative to launch the backup server of the SWIFT system with the help of the SWIFT authorities and resumed it at 6:15pm on February 8. The authorities again tried to communicate with Federal Reserve Bank of New York on the day, but failed as it was Sunday, a weekly holiday.
On February 8, we tried to initiate the regular server upon approval from the authorities concerned. Although the SWIFT system came into effect at 8am, it was ready for sending messages at 12 noon,” the FIR says.
After analysing the log record of the server, “we got some information about four unauthorised messages at 4:30pm and sent “stop payment requests” to six banks – Federal Reserve Bank of New York, USA; Rizal Commercial Banking Corporation (RCBC), the Philippines; Bank of New York Mellon, NY, USA; Citi Bank NA, NY, USA; Wells Fargo Bank, NY, USA; and Pan Asia Banking Corporation (PABC), Sri Lanka.
“We found that $81m was illegally laundered from the Federal Reserve Bank of New York to the RCBC using the four messages while $20m to the PABC using one message. It seemed to be money laundering,” the case says.
The “stop payment request” was sent to the banks from 5pm to 6pm on February 8. The Bangladesh Bank authorities also requested the SWIFT authorities to send their on-site-support and on-site investigation teams to Dhaka.
Meanwhile, the PABC of Sri Lanka stopped payment of $20m to the ultimate beneficiary in accordance with the “stop payment request” and returned the money to the Federal Reserve Bank of New York later.
The “stop payment request” was also sent by the Federal Reserve Bank of New York to its three intermediary banks – Bank of New York Mellon; City Bank NA NY; and Wells Fargo Bank, NY – asking not to finish the payment of $81m.
Even though the three intermediary banks had sent the message to the RCBC, the amount was transferred to the accounts of the ultimate beneficiaries through its Jupiter Street branch of Makati City.
Under the circumstances, Bangladesh Bank sought help from the Philippines central bank, Bangko Sentral ng Pilipinas, to get back the money.
To speed up the process, a two-member team was also sent to the Philippines on February 14. The Philippines central bank handed over the investigation to the Anti-Money Laundering Council (AMLC) of the country.
The ALMC confirmed that to investigate the crime they needed a court order and advised Bangladesh Bank to prepare necessary documents for submission before the court.
After completing all procedures, a Philippines court issued an order to freeze the accounts of the ultimate beneficiaries at three branches of the RCBC and ordered an investigation.
When contacted, Mirza Abdullahel Baqui, special superintendent of the Organised Crime Unit of the CID, said that they had learnt about filling of the case “but it will take some time” to reach the desk due to some legal procedures.
“However, we are looking into the issues. We already held a meeting with some top experts to conduct the investigation,” Baqui, who is coordinating the investigation process, told the Dhaka Tribune, yesterday.