The president of Philippines-based Rizal Commercial Banking Corp (RCBC) has resigned despite being cleared by an internal investigation into the bank's connection with the $81 million Bangladesh Bank hacking scandal.
The Philippine Senate in investigating how millions of dollars stolen from an account held by the Bangladesh Central Bank with the New York Fed allegedly ended up being deposited in a RCBC branch.
The money appears to have then made its way into the hands of casinos and gambling operators in Manila. About $15 million has since been recovered from a Chinese casino boss.
Having carried out an investigation into its own conduct, RCBC has cleared president Lorenzo Tan, who has nevertheless resigned, saying: "I take full moral responsibility for this sad incident in the history of the bank."
Meanwhile, Reuters reports that in the years ahead of the hack, the New York Fed looked into the risk of such an attack happening but decided that it was unlikely.
Citing numerous sources, Reuters says that senior staffers were concerned that old tech and lax security at some central banks might leave accounts with the Fed vulnerable to cybercrooks.
Among the potential vulnerabilities discussed was the Swift network, which is coming under renewed criticism from Bangladesh. Swift technicians introduced vulnerabilities when they connected the network to Bangladesh's new real-time gross settlement (RTGS) system, Mohammad Shah Alam, the head of the criminal investigation department of the Bangladesh police told Reuters.
The failures meant that the Swift network at the central bank was widely accessible, including remote access with only a password, police told Reuters. Swift has declined to comment.
Update:
Swift has broken its silence, issuing a strongly worded statement on the allegations:
"Swift rejects the false, inaccurate and misleading allegations made by Bangladesh Bank and Bangladesh Police's Criminal Investigation Department (CID) officials to Reuters. The accusations have no basis in fact.
"Swift was not responsible for any of the issues cited by the officials, or party to the related decisions. As a Swift user like any other, Bangladesh Bank is responsible for the security of its own systems interfacing with the Swift network and their related environment - starting with basic password protection practices - in much the same way as they are responsible for their other internal security considerations.
"Swift looks forward to the meeting with Bangladesh Bank and New York Federal Reserve Bank officials in Basel on 10th May, when the bank’s security issues and these baseless allegations will be discussed. Swift will not comment further ahead of that meeting."