Court orders seizure of $81mn from Philippines' RCBC over 2016 Bangladesh reserve heist

A Dhaka court has ordered the “seizure” of $81 million from Philippines’ Rizal Commercial Banking Corporation in connection with the 2016 hacking and theft of Bangladesh’s foreign reserves from the Federal Reserve in New York.

At a press briefing on Sunday, Criminal Investigation Department (CID) chief Additional Inspector General Mohammad Sibgat Ullah said the order was issued by Dhaka’s Senior Special Judge’s Court following a petition by the CID.

He expressed hope that the stolen funds would be returned soon.

The CID earlier announced the court’s decision in a statement, but Shibgat later clarified during the briefing that the funds are yet to be seized.

According to him, the order was issued under the Money Laundering Prevention Act 2012 (amended in 2015) after the CID petitioned based on evidence and information obtained through a mutual legal assistance request to the Philippine government.

The CID chief said investigations found that RCBC’s then president and CEO Lorenzo Tan, Jupiter branch manager Maia Santos Deguito, and several other officers were involved in opening five fake accounts through which the stolen funds were channelled.

In the $101 million heist, Bangladesh was able to recover $20 million from Sri Lanka and $68,000 from RCBC in February 2016. Another $14 million was retrieved through separate efforts.

“Now we are seeking the full $81 million from RCBC, which the court has ordered to be seized,” Sibgat said.

He added that steps are being taken with the relevant authorities in Bangladesh and the Philippines to implement the court’s order.

According to the CID, the recovery process will proceed under the framework of the United Nations Convention Against Transnational Organised Crime (UNTOC), relevant Philippine laws, and guidelines issued by the Financial Action Task Force (FATF), in line with the latest court order.

An estimated $101 million had been stolen from the Bangladesh Bank’s account at the Fed in February 2016 using 35 fake SWIFT payment instructions.

Of this amount, an estimated $81 million is believed to have been transferred to the Philippines.One of these messages attempted to transfer $20 million to a “fake” non-government organisation (NGO) in Sri Lanka, but it was blocked at the last minute due to suspicion over a spelling mistake.

The remaining four payment instructions transferred $81 million to four accounts opened with “fake information” at the Jupiter Street branch of the RCBC in the Philippines’ Makati City.

Shortly afterwards, the money was withdrawn from the bank and put into three casinos in the form of pesos, the local currency of the Philippines, through the Philrem remittance company.

Although $15 million was eventually recovered from the owner of one casino and handed over to the Bangladesh government, there has been little progress in recovering the rest since then. After changing hands at the gambling tables, there was little trace of where it had gone.

Under the circumstances, Bangladesh Bank filed a case against RCBC in a New York court for the theft of reserve funds.

The case, filed on May 27, 2020 against 20 individuals and organisations, accuses them of money laundering, theft, embezzlement, aiding or abetting such activities, fraud, and aiding or abetting fraud.

In February last year, the New York court allowed the continuation of the case, though four defendants were later removed due to lack of personal jurisdiction.

Bangladesh Bank said the defendants had enlisted the help of “unknown North Korean hackers” in the theft. Malware such as NESTEG and MACTRAC was used by the hackers to breach Bangladesh Bank’s SWIFT network, enabling the transfer of money from the New York Fed to RCBC accounts in New York and the Philippines.

The US court case noted that RCBC and its senior officials had full control over the accounts. Despite knowing the nature of the transactions, they allowed the accounts to be opened, large sums to be transferred, and later permitted the accounts to be closed.

The cyber heist, one of the largest in history, caused worldwide attention when it became public in early February 2016. Bangladeshis learned of the theft a month later through a Philippine newspaper report.

The concealment of the matter led to criticism, forcing the resignation of the then governor Atiur Rahman and triggering a major reshuffle at the central bank.

The entry of the stolen funds into the Philippines prompted an investigation by the country’s Senate Committee. Evidence of involvement led RCBC to dismiss its branch manager. The Philippine central bank fined RCBC $19.1 million for failing to prevent money laundering.

In a separate case, RCBC branch manager Maia Santos Deguito was convicted in 2019 on eight counts of money laundering. She is also named as a defendant in Bangladesh Bank’s case.

A case was also filed in Bangladesh regarding the theft. On Mar 15, 2016, Zubair Bin Huda, deputy director of Accounts and Budgeting at Bangladesh Bank, lodged a complaint with Motijheel police. The case was filed under the Money Laundering Prevention Act and the Information and Communication Technology Act, but no individual was directly charged.

In Bangladesh, a case over the reserve heist was filed on Mar 15, 2016, by Zubair Bin Huda, central bank joint director of Accounts and Budgeting at Motijheel Police Station.

The case, lodged under the Money Laundering Prevention Act and the Information and Communication Technology Act, did not name any suspect.

The CID chief said the local investigation is ongoing and nearing completion, with the chargesheet expected to be submitted soon.

He clarified that the New York court case is separate and not linked to CID’s investigation.