MANILA • It is a financial whodunit for the digital era: US$81 million (S$110 million) of Bangladesh's money vanished last month after it was electronically transferred out of the country's account at the Federal Reserve Bank of New York.
As officials around the world search for the money and place blame, the caper is highlighting what looks like a weak point in the global financial system that allowed the money to get by regulators: the murky banking system of the Philippines.
The country's investigators are now looking into how the money came to be transferred to that Pacific nation - and what happened to it afterwards. The trip, which appears to jump from Philippine banks to the country's lightly regulated casinos and then to points unknown, touches on a number of pressure points where United States officials and experts say the country is vulnerable to potential corruption and money laundering.
Specifically, they point to its casino industry, which is exempt from many of the anti-money-laundering requirements in the Philippines. The Philippines also retains what one US official once called some of the world's toughest bank secrecy laws, recalling a time before the rise of concerns about terrorism financing and tax evasion.
"They picked us to launder this money because our system is full of loopholes," Mr Sergio Osmena III, a senator who leads a committee on banks and financial institutions, said in an interview on Wednesday. "We have been trying to amend these laws for decades, but we can't get it through Congress."
Already the theft - one of the largest digital crimes in history - has caused ripples round the globe.
According to a person familiar with the investigation, the cyber thieves hid their tracks by installing malware that manipulated a printer at the Bangladesh Bank to hide evidence. Earlier, two central bank officials filed a police report that said a computer and printer the bank uses to order Swift wire transfers was manipulated so that the authorities could not see records of outgoing transfer requests or receipts confirming that they had been received.
Bangladeshi officials have blamed their counterparts at the New York Fed, but the latter said the transfer requests came through official channels and that any security breach most likely came from Bangladesh.
Officials who run the global Swift money transfer system said its systems had not been breached and that the matter was an internal issue at the Bangladesh Bank.
In the Philippines, lawmakers this week questioned employees of local banks that had processed the transfers - including bank manager Maia Santos Deguito at Rizal Commercial Banking Corp (RCBC) - who declined to answer questions and cited their rights against self-incrimination.
But senators yesterday began a classified session to hear the testimony of Ms Deguito, who approved fund transfers at the centre of the theft, after she agreed to speak behind closed doors. Her colleague, Mr Romualdo Agarrado, told the parliamentary investigation yesterday that Ms Deguito helped move the money as she feared for her life. This was denied by Ms Deguito.
At this point, it is unclear exactly what went wrong and where the system broke down. But the people behind the theft made mistakes and tripped alarms.
Early last month, the thieves requested that more than US$100 million be transferred out of Bangladesh's New York Fed account. On one request, they misspelled "foundation" as "fandation", putting a halt to about US$20 million they tried to move to Sri Lanka.
Mr Osmena said the operators of the casinos involved were invited to testify at yesterday's Senate hearing to try to trace the money. "The casinos here in the Philippines are a black hole," he said. "Once the money goes in there, it is gone."
NEW YORK TIMES, BLOOMBERG, REUTERS