Two years have gone by since the Bangladesh Bank cyber heist, but Bangladesh could not bring back the major chunk of the $81 million wired to the Philippines from BB's account with the New York Fed.
Also, the Criminal Investigation Department (CID) has yet to complete its investigation into the transnational crimes, one of the world's biggest cyber thefts ever reported.
As part of the probe, the CID sought information from several countries about the suspects, but only the Philippines has responded so far.
The BB is now considering suing Manila-based Rizal Commercial Banking Corporation (RCBC), known as Rizal Bank, as a last resort to retrieve the money.
On February 4, 2016, hackers broke into the BB's systems and generated 70 fake payment orders for the Federal Reserve Bank of New York to draw about $1.94 billion.
While the NY Fed's security system flagged the payment orders, five of them fell through, and $101 million against them was released. Of the amount, $81 million was wired to the Philippines (RCBC branch in Manila) and $20 million to Sri Lanka.
Sri Lanka sent back the entire sum immediately after the heist was exposed while Philippines sent back $14.54 million in November, 2016, meaning $66.46 million are yet to be retrieved from the Philippines.
SLOW PACE IN RETRIEVING MONEY
Amid huge uproar, the BB governor, several ministers and MPs visited the US and and the Philippines as part of their effort to bring back the money.
Initially, the Philippines authorities also cooperated, initiating legal steps against the RCBC and some individuals.
But BB officials said they found lacking in the Philippines' efforts lately.
Contacted, SK Sur Chowdhury, ex-deputy governor of the BB and currently an adviser at the central bank, said bringing back money took time.
“But our effort to retrieve the money is on,” he said.
BB Governor Fazle Kabir told reporters on January 29 that several cases were now pending with courts in the Philippines, and the process for bringing back over $7 million was nearly complete.
A joint team of the BB and the CID left for the Philippines on January 29 to complete the formalities in this regard.
Of the $66.46 millions yet to be retrieved, the Philippines authorities could trace $47.2 million, now in possession of several individuals and companies and the matter is now pending with different courts and authorities, according to BB sources.
Holders of the rest of the money ($19.26 million) could not be traced, they said.
Of the $47.2 million traced, $29 million were transferred to a Manila-based casino -- Solaire -- from the RCBC. A court froze the casino account and the case is now pending before the Supreme Court, they said.
Another $17 million remains in the account of Philrem Service Corporation, a money remittance company. This matter too is pending before a court.
The remittance firm has been used as a “cleaning house” to hide the trail of $81 million looted from the BB, according to a Reuters' report in April 2016.
Philrem muddied the process and washed the stolen funds via a web of transfers and currency conversions around Philippine bank accounts, before moving it into Manila casinos and junket operators, it added.
Philrem has denied any wrongdoing.
PREPARATION ON TO SUE RIZAL
Bangladesh will claim the $19.26 million in untraced money from Rizal as it was transferred via the bank, BB officials said.
The Philippines Central Bank has already fined the RCBC $21 million as it found irregularities in its money transaction linked to the heist, they said.
Bangladesh will sue Rizal if it does not send back the money, officials said, adding, preparations in this regard were underway.
NY Fed and SWIFT, the messaging system through which fund transfer requests were made, will help Bangladesh in this regard.
Under international money laundering laws, Bangladesh has to file the case within three years of the heist, BB officials said.
“So we will file the case within this year if Rizal Bank does send back the money,” said a BB official, asking not to be named.
“We will claim more money from Rizal Bank if we do not get back the money from the individuals and companies after the cases are disposed of,” he said.
The BB may file the case with a New York court as the money was transferred from there.
NO ACTION AT BB
Mohammed Farashuddin, head of the three-member committee that probed the theft, said they submitted the report in May last year, but the government did not publish the report.
“Had the government published the report and taken steps as per our recommendations, retrieving the money would have been easier,” said Farashuddin, also a former governor of the BB.
In August last year, Finance Minister AMA Muhith said the government was not publishing the report as a case was pending with a court in the Philippines.
Ministry officials said the report may be publish on completion of the investigation.
US-based FireEye had conducted a forensic investigation into the heist. The BB handed its report over to the investigators.
The BB governor said they did not take any action in line with the probe report of Farashuddin-led committee and did not publish the report so as not to influence the ongoing investigations at home and abroad.
“We will take action about implementing the recommendations after the report is published,” he added.
CID officials said they could not complete the investigation as they did not get response from other countries whose citizens were allegedly involved in the heist.
“It is difficult to say when we will be able to submit the charge sheet,” said Molla Nazrul Islam, Special Superintendent of CID, who is coordinating the team probing the case.
“The case involves transnational crimes and criminals from different countries are involved. We have to exchange correspondences with different countries, which takes time,” he said.
Citizens from eight to nine countries, including the Philippines, Sri Lanka, China and Japan, are involved, he said.
Investigators sent letters to those countries, seeking particulars of some 40 suspects in the last 10 months. No countries, except the Philippines, have responded.
“We are trying to get information from other countries through our embassies there,” Nazrul said.
“People from Bangladesh -- inside and outside of Bangladesh Bank -- may have assisted in the hacking. We are investigating the heist keeping this in our mind,” he said, but declined to give any details.
As the hackers used sophisticated tools to break into BB's payment systems, the BB has taken up a major remediation plan involving around Tk 200 crore to strengthen its security system.
It has already purchased some sophisticated tools but they have not been installed yet, BB officials said.
For this reason, the BB continues to follow its three-stage payment system, which it had introduced to communicate with NY Fed following the heist.
The BB governor said the remediation plan would be implemented by June.