Conduct thorough probe

US Congress member presses New York Fed for answers on $101m BB heist
Carolyn B Maloney

US Congresswoman Carolyn B Maloney has raised some serious questions about the New York Federal Reserve Bank's actions regarding the $101-million heist from the Bangladesh Bank account.

In a letter to New York Fed President William Dudley on Tuesday, Maloney said the brazen heist from the BB account threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions.

“We need a thorough investigation to determine how these criminals were able to manipulate the system so that banks and financial institutions can institute standards that will prevent hackers and cyber criminals from siphoning money out of accounts like those held at the New York Fed again,” said the Congresswoman.

Maloney is a ranking member of the House Financial Services Subcommittee on capital markets and government-sponsored enterprises as well as a senior member of the House Oversight and Government Reform Committee.

On February 4, cyber criminals sent 35 orders via the SWIFT financial messaging system to transfer roughly $951 million from the BB account with the New York Fed to a number of private accounts in other countries.

The New York Fed executed five of the orders, transferring a total of $101 million to four private accounts in the Philippines and one to the account of a non-governmental organisation in Sri Lanka.

The Fed didn't carry out the remaining 30 transfer orders, involving a total of $850 million, and instead sought reconfirmation from the BB.

The $20 million transfer to the Sri Lankan account was halted when a correspondent bank questioned a misspelling in the transfer instructions.

However, four transfers, totalling $81 million, to private accounts in the Philippines were successfully executed, and the criminals appear to have laundered the money through local Philippine casinos.

Maloney questioned why the New York Fed blocked 30 of the 35 fraudulent transfer orders, but not the first five transfer orders.

She also inquired why the Fed didn't wait till it received reconfirmation from the BB before executing the first five orders, as the Fed had already requested reconfirmation from the BB for all 35 transfer orders.

“Is it appropriate to rely solely on authentication from SWIFT for outgoing payments from the accounts of foreign central banks? Are additional authentication protocols necessary to prevent this kind of cyber theft in the future?” she asked.

“Why did the New York Fed block the last 30 transfer orders, but not the first five orders? What was it about the last 30 transfer orders that raised the New York Fed's suspicions?”

Maloney requested a confidential briefing from the Fed staff to get answers to the lingering questions.

The New York Fed provides banking services to approximately 250 foreign central banks and other official institutions.

Foreign central banks open accounts with the New York Fed to accommodate international monetary transactions, settle their US dollar obligations, and hold their foreign reserves.

Through these accounts, the Fed provides foreign central banks with payments services that allow them to send and receive US dollars through the Fedwire Funds Service.

According to the Fed, for outgoing payments, foreign official account holders send it payment instructions by authenticated SWIFT, and it executes payments through Fedwire.

In the case of the transfers from the BB account, the New York Fed stated that the payment instructions in question were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols.

Quoting press reports, the US politician said the New York Fed requested reconfirmation from the BB of all 35 transfer orders, but executed the first five transfer orders without receiving any reconfirmation.

“Why did the New York Fed request reconfirmation from Bangladesh Bank, but not wait until it received reconfirmation before executing the first five transfer orders?

“What is the New York Fed's policy regarding reconfirmations of large transfers from the accounts of foreign central banks, and was that policy followed in this case?

“Why did the New York Fed not question the apparent misspelling in the $20 million transfer order to the Sri Lankan account, as a correspondent bank did?”

In order to better understand these important issues, “I respectfully request a confidential briefing from the appropriate staff at the New York Fed”, she said.

This incident highlights a number of issues that warrant careful attention, she added.

The BB has said it was denied prompt responses from the intermediary banks and due diligence from the New York Fed, and suggested there was a major lapse on the part of the Fed.

Besides, three New York-based intermediary banks -- Citibank, Bank of New York Mellon and Wells Fargo -- were sluggish in their responses to the central bank's desperate pleas to stop the fund transfers, according to a central bank document.

The BB also plans to seek legal advice from lawyers in New York to ascertain the Fed's liabilities in the theft and establish grounds for claiming compensation.