Bangladesh eyes set­tle­ment in US cy­ber heist suit

Kuwait Times - - International -

NEW YORK: An Ecuado­rian bank and Wells Fargo have reached an out-of-court set­tle­ment over a 2015 cy­ber heist, pro­vid­ing a pos­si­ble prece­dent for the Bangladesh cen­tral bank’s planned suit to re­cover $66 mil­lion still lost in one of the world’s big­gest such cases. A suit by Ecuador’s Banco del Aus­tro against Wells Fargo & Co was qui­etly set­tled in Fe­bru­ary, less than a month be­fore a trial date was set, and the US district court in Man­hat­tan sealed all dis­cus­sions, ac­cord­ing to court doc­u­ments. No other ma­jor me­dia has re­ported the set­tle­ment. Wells Fargo did not com­ment on the set­tle­ment, and a rep­re­sen­ta­tive for Banco del Aus­tro could not be im­me­di­ately reached. Banco had sought to hold Wells re­spon­si­ble for au­tho­riz­ing the fraud­u­lent trans­fer of $12 mil­lion from its ac­count in 2015.

Hack­ers breached Bangladesh Bank’s sys­tems in early 2016 and tricked the Fed­eral Re­serve Bank of New York into send­ing as much as $81 mil­lion to ac­counts at Rizal Com­mer­cial Bank­ing Corp (RCBC) in the Philip­pines. The ac­counts were held in fake names and most of the money dis­ap­peared into casi­nos in Manila. Some of the funds were re­cov­ered but about $66 mil­lion re­mains un­traced. No one has been crim­i­nally charged for the heist de­spite an in­ter­na­tional in­ves­ti­ga­tion and two years of fin­ger-point­ing among Bangladesh, Philip­pines, the Fed and the SWIFT com­mu­ni­ca­tion net­work that was used.

Bangladesh Bank has threat­ened to sue Manila-based RCBC, and any le­gal fall­out could set a prece­dent amid a rash of elec­tronic heists at fi­nan­cial in­sti­tu­tions around the world. “This is a tricky is­sue. We can’t re­veal our strat­egy. But yes we are re­view­ing each and ev­ery case, in­clud­ing the Ecuador one,” Bangladesh Bank’s deputy gover­nor Abu Hena Mohd. Razee Has­san said in a re­cent in­ter­view. While Bangladesh has not taken any le­gal ac­tion, bankers and lawyers saw the cy­ber-heist suit by Banco against Wells Fargo as a test for any op­tions avail­able to Bangladesh.

They said the set­tle­ment could sig­nal that Wells com­pen­sated Banco in some way, a pos­si­bly en­cour­ag­ing sign for Bangladesh Bank, But it could still strug­gle to get a hear­ing in the United States and prove that Manila-based RCBC had a con­trac­tual obli­ga­tion to freeze the stolen funds. “There are an aw­ful lot of rea­sons for peo­ple to set­tle (and) there are all sorts of laws that may or may not ap­ply,” said Peter Jaffe, a se­nior as­so­ciate at Wash­ing­ton-based law firm Fresh­fields Bruck­haus Deringer LLP. “RCBC was not the one that was hacked. Some­one may think that RCBC should have done some­thing dif­fer­ent when it saw money com­ing through its ac­counts, but that is not re­ally a cy­ber se­cu­rity is­sue at that point,” Jaffe said. “I don’t think you would nec­es­sar­ily look to cy­ber se­cu­rity law (or US com­mer­cial code) to de­ter­mine ... obli­ga­tions and rights.”

Obli­ga­tion un­clear

At is­sue is the New York Uni­form Com­mer­cial Code, which says a bank that is tricked by thieves must re­im­burse the cus­tomer, un­less it can prove it used a mu­tu­ally-agreed pro­to­col for ver­i­fy­ing the pay­ment mes­sages. The cus­tomer could counter that the se­cu­rity pro­to­col was not “com­mer­cially rea­son­able.” In 2016, the judge re­jected an at­tempt by Wells to dis­miss Banco’s al­le­ga­tions be­cause the Man­hat­tan court could not rule that use of SWIFT’s se­cu­rity sys­tem alone was enough.

Bangladesh has a cor­re­spon­dent-bank­ing con­tract with the New York Fed, which has re­peat­edly stressed that each of its for­eign clients has agreed that it can rely on SWIFT pro­to­cols. The pay­ment mes­sages it re­ceived from the hack­ers in Fe­bru­ary 2016 were ver­i­fied by SWIFT and di­rected the Fed to send much of the funds to RCBC. It is un­clear what obli­ga­tion RCBC has to Bangladesh Bank and whether US law would ap­ply. The Philip­pine bank said it had re­ceived ad­vice from lawyers in the United States that it had “strong and valid” de­fenses against any suit by Bangladesh Bank.

“There is no act at­trib­ut­able to RCBC which caused the loss or the theft from Bangladesh Bank,” it said in a state­ment yes­ter­day. “We re­it­er­ate that RCBC was merely a ben­e­fi­ciary bank, mean­ing, the pay­ment in­struc­tions which are al­leged to have been the re­sult of hack­ing were not ex­e­cuted by it.” In the im­me­di­ate wake of the heist, Bangladesh’s cen­tral bank had threat­ened to sue the New York Fed and SWIFT, though re­la­tions have since warmed and the pair have com­mit­ted to help re­cover the funds. The Fed and SWIFT, which has since strength­ened its se­cu­rity pro­to­cols, de­clined to com­ment on im­pli­ca­tions of the Banco-Wells set­tle­ment.

Fi­nan­cial firms around the world have re­viewed de­fenses af­ter a rash of cy­ber heists in­volv­ing SWIFT, the lat­est tar­get­ing Malaysia’s cen­tral bank. Bangladesh’s min­is­ter of state for for­eign af­fairs, Mo­hammed Shahriar Alam, said in a re­cent in­ter­view that the cen­tral bank is de­ter­mined to be re­im­bursed and that prepa­ra­tions are at a “fi­nal stage” for a suit. “It’s ob­vi­ous that we will be fil­ing a case,” likely in the United States, he said while in New York. “There are frus­tra­tions in Bangladesh about it. But to­gether we should have done bet­ter by now.”—Reuters

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.