By Dennis Jay Santos and Kamran Reza Chowdhury
One day after a former Filipina banker was convicted and sentenced for her role in an $81 million theft three years ago from Bangladesh’s central bank, Bangladeshi officials on Friday urged their Philippine counterparts to speed up filing cases against others implicated in the world’s largest cyber heist.
Asad Alam Siam, Dhaka’s ambassador to the Philippines, made the appeal following a Metro Manila court’s ruling against defendant Maia Santos Deguito, a former branch manager of the Rizal Commercial Banking Corp. (RCBC), a Philippine bank.
Deguito was sentenced to four to seven years in prison for each of eight counts of money laundering – the equivalent of 32 and 56 years in prison – and ordered to pay a fine of $109 million (5.68 billion Philippine pesos or 9.1 billion Bangladesh taka). Her conviction by the Makati City Regional Trial Court Branch 149 was the first handed down in connection with the theft that targeted Bangladesh’s central bank and was pulled off through electronic transactions spanning three Asian countries and the United States.
“There is another case being handled by DOJ against six other RCBC officials. We hope that this case could be expedited and could go to trial soon,” Siam said in a statement, referring to the Philippine Department of Justice.
In Dhaka, Serajul Islam, a central bank executive director and spokesman, said Thursday’s verdict and sentencing did not end the case.
“The court has punished the RCBC manager – we have nothing to say about the punishment. But punishing an individual is not enough,” he told BenarNews. “We have been trying our best to recover the stolen money.”
“A team from the central bank has gone to the United States to file a lawsuit against the Federal Reserve. I cannot exactly tell you the date, but the suit should be filed before Feb. 5.”
In the heist, about $101 million (8.45 billion taka) was stolen from the Bangladesh Bank – the country’s central bank – on Feb. 4, 2016, with $81 million (4.2 billion pesos or 6.77 billion taka) sent to the RCBC bank in the Philippines, while the remaining $20 million (1 billion pesos or 1.6 billion taka) went to a bank in Sri Lanka, authorities said.
The Sri Lanka funds were recovered along with a little less than $10 million surrendered by casino junket operator Kim Wong to the Philippines Anti-Money Laundering Council on three separate occasions in March and April 2016.
Bangladesh central bank officials said thieves hacked its cyber system and placed payment orders through its account at the New York Federal Reserve using an exclusive SWIFT code allowing international wire transfers between banks. The thieves had placed 35 payment orders in an effort to steal up to $1 billion (83.6 billion taka), but only five cleared because a spelling error froze the others.
The robbery came to light in a report in a Philippine newspaper on Feb. 29, more than three weeks after it occurred.
On Friday, a Bangladeshi police official told BenarNews that investigators had sought information from 11 countries regarding the cyber heist and were investigating whether North Korea was involved.
“We have had meetings with the [U.S.] FBI, which handed over evidence of North Korea’s involvement in the heist. We are still examining the evidence,” said the official who requested anonymity. “We are not certain whether the North Korean hackers were involved, but what I can say is the spyware used in the hacking was used by the hackers in China, Korea and Hong Kong.”
The IP address of the computer used in the hacking was from Egypt, the official said.
“We wrote to Egypt through the Interpol several times. The Egyptian government informed us that the IP address was of a commercial computer. We do not have the necessary information to track the computer,” the official said.
Meanwhile, Mohammed Farashuddin, a former governor of Bangladesh’s central bank who headed the government probe on the heist, blamed RCBC.
“The Philippines court jailed the RCBC manager and handed down financial punishment for the heist. The RCBC’s chief executive stepped down over the incident. So, the involvement of the RCBC is clearly proved, but they have yet to file any other cases though three years have elapsed,” Farashuddin told Benar News.
He said he submitted a report that pinned the blame on RCBC.
“On the morning of Feb. 8, (2016), both Bangladesh Bank and the Federal Reserve Bank sent instructions to the RCBC not to disburse the money. But the RCBC made the payment at noon the same day,” he said.
“We should sue the RCBC,” Farashuddin said.
He also blamed the U.S. for its role.
“The Federal Reserve Bank has some faults, too. It will not be a bad decision if Bangladesh Bank sues the Federal Reserve, but it would be better if we sue the RCBC with the support from the Federal Reserve Bank,” he said.
In the Philippines, defense attorney Demetrio Custodio accused Filipino financial regulators and the courts of using Deguito as a scapegoat.
“She could not have done this on her own. A bank the size of RCBC could not have allowed a lowly bank officer to have planned this, so there are others involved,” Custodio said, adding that his client would appeal the case and remains free pending the appeal.
RCBC spokeswoman Thea Daep, on the other hand, said the verdict proved that the bank was not involved.
“The conviction is consistent with the bank’s position that it is the victim in this situation and that Ms. Deguito is a rogue employee,” Daep said in a statement.
Jeoffrey Maitem in Cotabato City, Philippines, contributed to this report.