The Great Bangladesh Central Bank Heist


By chempo

This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment instructions from Central Bank of Bangladesh to the Federal Reserve Bank NY  on Feb 4 to request transfers of US$1 billion. The Feds executed 1 payment of US$20mm to a bank in Sri Lanka and 4 payments of US$81mm to a bank in Philippines before they realized something was wrong and stopped payment.



(What is known as at 16 Mar 2016):

  • 15 May 2015 – 4 US$ a/cs opened at RCBC, Jupiter Branch purportedly by, Michael Francis Cruz, Jessie Christopher Leprosa, Enrique Vasquez and Alfred Santos Vergara.
  • 1 Feb 2016 – US$ a/c purportedly opened by William So Go.
  • 4 Feb 2016 – US Federal Reserve Bank received 35 SWIFT payment instructions from Bangladesh Central Bank (BCB) for payments totaling US$951mm. The Feds executed 1 payment (US$20mm) to a Sri Lanka bank, and 4 payments totaling US$81mm to RCBC. Then they suspended payments.
  • 5 Feb 2016 — (Friday – BCB closed) – RCBC saw the US$81mm inward remittances and applied the funds accordingly to the 4 beneficiary a/cs.
  • 8 Feb 2015 (Monday – RCBC closed for Chinese New Year holiday) –BCC messaged RCBC to stop payment.
  • 9 Feb 2016 – BCB resend messages to RCBC.
  • 11 Feb 2016 – BCB called Bangko Sentral president, Anti-Money Laundering Commission started investigation.
  • 19 Feb 2016 – NBI, Pangcor start investigation
  • 22 Feb 2016 – RCBC Jupiter Br manager Maria Deguito allegedly had meeting with William Go
  • 29 Feb 2016 – PDI broke the news.
  • 1 Mar 2016 – Court of Appeals issues orders to RCBC, East-West Bank, BDO & PNB to freeze a/cs.
  • 8 Mar 2016 – The Daily Star (in Bangladesh) broke the news
  • 11 Mar 2016 – Immigration stopped RCBC Jupiter Branch Manager departure at airport
  • 15 Mar 2016 – Philippines Senate conduct inquiry.


Was BCB hacked?:

Bank hackings have been in the manner of hackers gaining access to a bank’s system and having customers’ information and passwords (using methods like phishing) with which they then use to access the victims’ account and execute payments on the banks’ payment application, to their own designated account, mostly a fictitious vendor account. They do not need, and possibly cannot, break a bank’s encrypted data.  If BCB had been hacked, then it’s of an entirely new mode in that they actually executed SWIFT payments.

BCB hackers would need to study in stealth the central bank’s activities. To do this they need to plant a malware. If it’s a keylogger malware, the virus will record all keystrokes info and relay that to the hacker. If it’s a RAT (remote administrative tool) virus, the hackers monitor in realtime on their offsite screens. The forensic sleuths now at the bank say there was a malware planted in January 2016. It is unlikely this malware is the culprit because it is simply too short a time for hackers to study the system.  Perhaps the hackers had gained access much earlier and already covered their tracks well.

Was the SWIFT system at BCB hacked? SWIFT is a very secure system and is practically impossible to hack into. Under normal banking operations, it is almost impossible for a hacker to execute the SWIFT payments. In almost all banks, dedicated workstations would be used for SWIFT payments and this would sit in a physically secured room. All the payments can only be released by 2 authorized personnel (high level authorized signatories) each having one half of a 16 digit password (which is changed regularly). All messages are encrypted. SWIFT has a concentrator in every country that they operate in. All banks’ SWIFT workstations are connected by leased line to the concentrator. From there the data gets into SWIFT IP-network to either Brussel or US offices.

The only way hackers could access the SWIFT workstation is if there is internet access, either directly or indirectly. A good bank would have disabled the wifi, disk drive and USB of the SWIFT workstation to prevent mis-use. Some banks may have a SWIFT and inhouse system integration to facilitate auto-SWIFT message preparation, (an application to download payment transactions from inhouse banking system into the SWIFT system thus avoiding manual preparation) in which case the work station would be connected to their server, and exposed to the corporate network with internet access. Transaction volume is low for a central bank compared to a commercial bank so it is unlikely for BCB to have an integration application. It’s an issue of cost.

The BCB payment instructions had to be sent when the SWIFT machines are online, which means probably just before the close of business on Feb 4. It could be MT101 (batched payments) or MT103 (single payments). When the bank sends a SWIFT message, the system sends an “ack”, acknowledgement or confirmation. This “ack” determines the legal responsibility of SWIFT to deliver the message to the intended party. Thus during the day, when the printers start throwing out these “ack”, surely BCB would have been alerted.

This is why all banks in the world are waiting to understand how the hacking could have been done.

It is my belief there is a high probability that there was no hacking but an inside job.  Another give-away of employee complicity is the payments made references to actual ongoing infrastructure projects in the country.


Mis-handling at BCB:

I find two things that point to management incompetence. Firstly, the central bank kept the government in total ignorance of the heist.  They correctly contacted RCBC immediately on Feb 8, which was a holiday in Philippines, and followed up on Feb 9. But it was through a SWIFT message that betrays a lack of urgency. The BCB President called up Bangko Sentral president Tetengco Feb 11 about 7pm for assistance. The Bangladesh Finance Minister learned of the loss from the media one month after the incident.  Secondly, why did the BCB keep a US$1 billion sitting idle in a current account?  At the very least it should be in overnight deposits.

BCB and Bangladesh Finance Minister displayed embarrassing ignorance of banking practices when they said they will sue the Feds for negligence in releasing the first 5 payments totaling US$101mm. The Feds, as the paying bank, owes no legal obligation to ensure payments are in order. Their job is to make sure payments are properly executed as instructed so long as the order for payment is authentic. And the 35 payment orders were authentic SWIFT messages. It was not a case of someone recreating a look alike.

Note on Stop payment orders:

There is something most people do not understand. If you issue a cheque to A and then you place a stop payment order, your bank will act on it if the cheque has not been cleared. That’s straight forward. But if the cheque has been cleared, there is no legal basis for you to claim the return of the funds directly from A’s bank (say BDO). To BDO, your payment to A is a valid one because the cheque has cleared. But your request to BDO puts them in a very difficult position. They have now been ‘put on notice’. If your issue with A is a commercial one, it has nothing to do with them. If they freeze the funds and A issues cheques thinking they have the funds and BDO bounce those cheques, A may sue BDO. But if it’s a criminal issue and BDO release the funds to A, the bank may be called to answer for the consequences.

Another eg – If you make an ATM transfer to a wrong account and you rush to the bank to report that and ask them to reverse the entries, sorry, not so fast Jose. Your bank will need to go and ask the party that received that error transfer and have their approval to return the funds to you. That is because your ATM transfer was a valid one.

In the case of BCB, the circumstances are fairly obvious –  a crime has been committed. It would be incumbent on RCBC to heed the freeze order immediately.


International payments:

All banks in the world maintain operating accounts with banks located in the city where the currency is settled. For US$ all banks maintain accounts with other banks in New York city. These NY banks are known as the correspondent banks of those banks that operate those accounts. For example RCBC’s US$ correspondent is Wachovia Bank NY.

The US$ payment flows initiate from remitting bank (BCB) to their NY correspondent (Feds), to beneficiary bank’s correspondent bank (Wachovia NY) to beneficiary bank (RCBC) to designated branch (Jupiter Br) and to ultimate beneficiaries’s a/cs. (Sometimes, there may be a few more intermediaries).

As I mentioned in the previous US Debt article, no US$ currency left the US. In the Fed’s system, BCB’s a/c got debited and Wachovia NY a/c got credited. In Wachovia NY books they debit Reserve at Feds, credit Vostro (RCBC) a/c. In RCBC books they debit Nostro (Wachovia NY) a/c and credit customers’ a/cs.


Federal Reserve Bank :

The Feds raised the alarm when they saw the numerous payments to private individuals. It is not in the nature of central banks to make such payments. I applaud the Feds employees for their alertness.  Those are quality employees. Bangladesh is 10 hours ahead of New York, so BCB was closed by the time the Feds smelled something fishy.  So it means the Feds stopped payment on their own accord on Feb 4 and then inform BCB on next Bangladesh business day Monday Feb 7. This kind of situation puts the paying banker on the spot. They had to make a decision that carries certain risks. What if the payments were all legitimate? The Feds would have to pay compensating interest to recipient banks for 3 days.

The paying banker, in this case the Feds, owes no duty of responsibility to BCB so long as the payment instruction are authenticated, which in this case, they were. It is never the job of the paying banker to interpret and decide if payments are correct, if that were so, their job becomes untenable.

The Feds’ action of stopping payment is not a contractual obligation, but simply being a prudent and responsible bank. Instead of suing the Feds, BCB should be eternally grateful to the Americans for saving them US$870mm.

What I would like to know is – are there other recipient banks apart from RCBC and Pan Asia (the Sri Lanka bank)? If so, there are other scums in some other banks elsewhere. If not, then it’s absolutely unimaginable that almost US$1 billion could have been planned to be laundered through the casinos in Philippines.


The spelling mistake that stopped a bank heist:

The payment of US$20mm to Sri Lanka was stopped because the beneficiary name was spelt incorrectly. Media reports are wishy-washy here. My guess is that the beneficiary bank is Pan Asia Banking Corp and the beneficiary is Shalika Foundation. Deutsche Bank must be Pan Asia’s US$ correspondent.  The SWIFT payment indicated beneficiary name as “Shalika Fandation” so Pan Asia could not apply the payment because account name differs. They could have let it pass (because the a/c number must apparently be correct), but in view of the large sum, they prudently with-hold payment. Pan Asia would have reverted to remitting bank (BCB) for instructions, so on Monday Feb 7, all hell broke loose in Dhaka.

Notice that this scenario is different from the Feds. Here the payment is authenticated and the beneficiary bank has to apply the funds to the correct ultimate beneficiary. In the Feds case, the payments were authenticated and their responsibility is only to pay to the correct correspondent banks – they do not concern themselves with the beneficiary bank and ultimate beneficiaries.

BCB-RCBCWho’s minding the store at RCBC:

The Remittance Dept at HQ is concerned basically with the paperwork and routing the flows to the various branches. They can in no way be considered as approving the transactions. How could they understand who the customers are and what those remittances represent?  However, Feb 5 morning must have stirred some excitement in the Dept when they saw 4 remittances in $ millions.  They most probably picked up the phone to pre-advise the branch about the huge remittances.

The responsibility for understanding the transaction falls on the front-office officials. They are the ones who know the customers and who has intimate knowledge of the accounts. They are the ones who process the transactions and apply the proceeds. That responsibility falls squarely on the Branch Manager.  That does not mean that on Feb 5 morning when they look at the remittance forms they knew it was money laundering. However, put the facts together, the Branch Manager could not have arrived at any other conclusion other than that something was not correct. The facts were :

  • The 4 US$ accounts have been dormant for 1 year.
  • The a/cs were opened at the same time, similarly dormant, and now re-activated at the same time.
  • The funds came from the same remitter.
  • The remitter is a central bank (there is unlikely and Filipino has any dealings with a central bank at the individual level)
  • The sums are extremely huge.
  • At this stage, the Branch Manager should have suspended the transactions and reported up the line for further instructions.

Q1 – Did HO Inward Remittance Dept call the branch, and if so, what was the Branch Manager’s response?

Q2 — Did Branch manager call up HO? If so, who was called, and what was the response?

In the hackers’ world there is a term called “zero day”. It refers to the possibility of a bug in the system that has yet to be recovered and will pop up one day. So process weaknesses are something like that. Somewhere in the link may cause a problem by some incident which has never been experienced before.  At which point (by whom?) should unusual transactions be alerted, and to who? Obviously, it should be the POI – point of inception (Inward Remittance Dept). What’s unusual – this is where experience comes in, but obviously large transactions would be one of them. The final responsibility for decisions of course lies with top management, but there should be a designated management level personnel who will take it off the FOI and do some preliminary investigation work. The internal audit manager would be a good candidate.


The inward remittance process at RCBC HO:

Operational procedures differ from bank to bank but in general, it should basically be similar. On Feb 5 morning, the HO Inward Remittance Dept would firstly tally their currency receipts and report to the Treasury Manager. Secondly, arrange to pay ultimate beneficiaries accordingly. If these beneficiaries are in branches, they make inter-branch transfers and forward the inward remittance to branches for action.

Separately, the HO Reconciliation Dept would sort through the previous day’s (Feb 4) transactions and confirm the balances in their correspondent bank’s balances or investigate discrepancies.

Ordinarily, top executives do not know anything of the hundreds of thousands of transactions they handle each day in the bank.  Thus RCBC top management would know nothing of what transpired on Feb 5. The management level that would be the first to know something was amiss is the Treasury Manager because the Inward Remittance reported unusually large total US$ receipts, further confirmed by the Reconciliation Dept that they had large balances overnight in their US$ correspondent a/c. Whether the Treasury Manager will report to the CEO depends on circumstances. In money centers like Hongkong, Tokyo, London, Singapore or NY, US81mm is nothing exciting. At RCBC it probably mattered and it would have been reported up higher, as an exception, not necessarily anything wrong, because the remittances may probably be legitimate.

The unusual large balance in the Nostro a/c would have been advised by another source.  Wachovia NY’s Relationship Management Manager would have called up the RCBC Correspondent Manager or if not available, the Treasury Manager, to advise them they had a huge overnight balance in the float. The reason is this represents un-utilised idle funds and it is also often due to some mistakes. If RCBC did not receive this call, they have a lousy correspondent.

So in all likelihood, top management should have been made been aware of the huge sums of dollars on Feb 5 morning. The question to ask is :

Q – Were the top management informed of the huge sum of $ received on morning of Feb 5? If so, who reported to who and what was the management’s response?


The inward remittance process at RCBC Jupiter Branch:

– Normal process should have been :

Upon receipt of inward remittances advice from the HO, the branch would apply the funds. HO a/c would be debited and customers a/cs credited. If the remittance advice indicate that beneficiary be informed, the branch will call up their customers and tell them your funds have arrived. And that would be end of the inward remittance flow.

– What actually happened :

The funds were credited to US$ a/cs  of 4 unknown private individuals and then immediately reversed and 15% remitted to a remittance company (Philrem), the balance credited to the US$ a/c of William So Go  which was hastily opened on Feb 1, 3 days prior to the heist in Dhaka. Go’s a/cs were subsequently debited on Feb 5 and Feb 9 to Philrem which will go on to execute the last mile delivery of the stolen money.

Original inward remittance US$80,882000 were credited to the 4 private individuals US$ a/cs (varying amounts for each one) on Feb 5 and taken out as follows:

1.1. Feb 5 – US$ 22,735,000 debited from the 4 US$ a/cs and credited to Go’s a/c.

1.2. Feb 9 – US$ 42,932,000 debited from the 4 US$ a/cs and credited to Go’s a/c.

1.3. Feb 9 — US$ 15,215,000 debited from the 4 US$ a/cs and remitted to Philrem (to their a/c at which bank we do not know, possibly at RCBC Greenhills – my guess)

Of the US$ 65,667,000 transferred to Go’s a/c, the payments and receipts made :

2.1. Feb 5    – US$      500,000  Payment re FX 1

2.2. Feb 5    – US$ 40,200,000  Payment re FX 1

2.3. Feb 9    – US$ 20,000 000  Payment re FX 2

2.3. Feb 9   – (US$ 13,000,000) Receipt re FX 3

2.4 . Feb 10 – US$ 17,968,000  Payment re FX 4

All the US$ were remitted to Philrem, (to their a/c at which bank we do not know (possibly at RCBC Greenhills – my guess). FX 1,2 & 4 were remittances to Philrem with instructions to convert to peso and pay certain beneficiaries. According to Philrem, the transactions were all via verbal instructions from the branch manager. In other words, there was no FX trade done in RCBC.

FX 3 is the exception. Philrem did an actual FX trade with RCBC Treasury. RCBC sell peso/buy US$ with Philrem. FX trade involves several entries, for clarity we ignore them. It resulted in Go’s US$ a/c being debited, and Peso Cash a/c credited. We do not know from where Philrem paid RCBC, and we also do not where RCBC delivered the peso cash to (probably Philrem picked it up at Jupiter Br).

FX 3 is telling. Philrem said her instructions came from Treasury. In a FX deal, both counter-parties will instruct each other where they want their funds delivered. But this is funny, as Treasury sold the pesos, it was also telling Philrem where to deliver the peso to. It should be Philrem telling RCBC where they (Philrem) want to receive the pesos! Was there Treasury involvement in the whole affair? The answer is not necessarily. Retail FX originated from the branch. It is the originating dept who provides the Treasury all the instructions.

FX 3 is very troubling in this way. It involves the Treasury Manager, the Settlements Manager and the Chief Cashier and the sum we are talking about is 600,000,000 pesos. Hell, it even involved the Bangko Sentral. I can find no reason to explain how this could not have caused a ripple of excitement enough to reach RCBC top management’s ears. How did the Chief Cashier explain to the Bangko Sentral when they requisite for this huge amount of cash?

According to Philrem, they delivered this 600,000,000 pesos in several tranches from Feb 5-13. I think she got the dates wrong. It must be from date of FX 3, Feb 9, to Feb 13. There were 4 banking days here, so most likely Philrem had to deliver in 4 tranches because RCBC broke the cash requisition with Sentral Bangko to 4 tranches for 150,000,000 pesos each day to avoid scrutiny. Even then, the central bank would have queried at the large amount. The only way to avoid scrutiny was for the Chief Cashier to build up the cash hoard over several days (if so, I’m assuming it started on Feb 1, the day Go’s US$ a/c was opened at the branch). Had this happened, the Treasury Manager would most definitely be aware. Heaven forbid that that really happened because it screams COMPLICITY!!!

The detailed book-keeping may tell something. How could they execute FX 3 where the US$ is received in one day (Go’s a/c debited US$13mm on Feb 9), and the pesos delivered over several days?

Q1 – Were all the withdrawals properly documented? Did customers sign withdrawal slips in the branch?

Q2 – Were all outward remittances properly documented? Did customers sign remittance forms in the branch? Who authorized them? Were the large amounts in excess of the branch manager’s signing authority? If so, which higher authority counter-signed them?

Q3 – Where did all the US$ remittances to Philrem go to? Was it to Philrem’s a/c at other banks or at RCBC Greenhills?

Q3 – Who was the $/peso FX dealer in RCBC who handled FX 3? Did the Treasury Manager approve the trade?

Q4 – What was the response of the Chief Cashier? How did he requisite the 600,000,000 pesos.

Q5 – Did Bangko Sentral notice anything of RCBC’s cash requisition Feb 9 to Feb 13 ?

I could go on and ask tens of other questions. I would recommend a full audit of FX 3 alone.


BCB-cashPhilrem Services Corp :

It is an established remittances company operating in a few countries. It handles about 100,000 transactions per month average US$500 each. So average turnover is US$50mm per month.  (Don’t know if this is world-wide or just Philippines). Remittance companies work in close partnership with banks. Philrem CEO M/s Bautista was squirmish when asked how long was Philrem’s relationship with RCBC. It was 2 years, then 5 years then 3-5 years? She can’t remember.

Philrem remitted in the following manner (a/cs at which bank, we don’t know):

  • Feb 5   Php   665,000,000 in 4 tranches to casino Solaire a/c Bloomberry (Kim Wong’s company)
  • Feb 9   Php        8,000,000 === do ===
  • Feb 10 Php    800,000,000 === do ===
  • Feb 10 Php 1,000,000,000 in 2 tranches to Eastern Hawaii Leisure Corp

Payments to Weikang Xu (casino junket operator) were in cash in various tranches between Feb 5-13. Total cash paid:

  • Php 600,000,000 (From FX 3?)
  • US$  18,000,000

Q1 – Where did Philrem park the US$ remittances remitted by RCBC Jupiter? With which bank did Philrem do the FX deal to convert to pesos? Was it also done with RCBC? Investigators should follow this trail.

Asked if she knew Kim Wong and Weikang Xu, Philrem boss M/s Bautista said dismissively she was introduced probably once or twice to Kim Wong, and met Weikang Xu only once.

Asked about how she does her cash delivery, she said the first few times she delivered herself, and most times by messenger. That’s contradicting her meeting him only once. For those kind of deliveries, short of an armored car you probably needed 2 security guards!

She disclosed woefully that RCBC has closed all Philrem and other related personal accounts. RCBC indicated they are willing to disclose the reasons why if Philrem would sign a full disclosure release letter.

Philrem processes as described by M/s Bautista conveyed absolute cavalier and lessez faire attitudes when everybody knows that in Philippines when it comes to cash transactions, it is anything but. According to her, instructions from RCBC were verbal via telcon, cash deliveries by messengers. That may well be so. In the underground dark business, transactions are often without evidence. Unfulfilled obligations end in some dark alleyways. Her giggling, squirmish and girlish outward demeanor at the inquiry seemed to me more like a fox throwing crumbs to confuse the hound on its trail.

The foxhound tells me that investigation into the money laundry part should be directed towards where it’s noose is pointing – Philrem. That was my immediate feeling, the Senate inquiry reinforced it.

This is a remittance company and it seems they do black market FX transactions.  In the murky shadow money changer and remittance business, millions and millions of $ are moved around the world unrecorded and untracked. They operate out of little holes in the wall but their volume is shocking. That they have the muscles to do this type of deals indicates a vast network. A certain William Saunders moved billions of pesos worth of gold via this conduit some 30 years ago.

Where did the US$13mm cash that they delivered to Weikang XU came from? The whole population of Manila money changers could have run out of dollars those few days! Surely they couldn’t have got hold of those amount of cash in those few short days? It must have been planned somehow because it needed sourcing, logistics, guarantees or banking lines, etc. In other words….COMPLICITY.


Branch Manager complicity?:

M/s Maya Santos-Deguito’s complicity is a certainty. It’s just a question of whether she was taking instructions from higher up in the organization and if so, who. It is incomprehensible that she did not realize something was wrong with the 4 remittances.  Her failed holiday trip to Japan with husband and wife can certainly be construed as a flight attempt. Who in their proper mind would go for a holiday at such a time?

Is Mrs Deguito the sole insider, did she feel confident she could pull it off without higher management awareness?  We would be insulting her intelligence to think that she believed so.

She has indicated that top management up to CEO knew everything, which she later recanted, saying that what she meant was she assumed top management is aware. She has mentioned that she is just a small guy and that the remittances were approved by HO Remittance Dept – this was just a blame game, as I indicated above, Remittance Dept was merely doing paper-routing work. She has indicated the CEO recruited here from another bank 2 years ago, which was rebuffed by the CEO as he had no hand in personnel recruitment. This bank heist scheme may or not have involved an insider at the remitting bank side, but it definitely required an insider at the recipient bank side. She was not co-operative in the inquiry but pledged to tell-all in an executive (private) Senate hearing.

One critical point – The CCTV at the branch conveniently malfunctioned Feb 4. Was that to protect players who obviously visited the branch, or to protect the branch manager?


RCBC top management complicity?

With unabated breath we await the outcome of the various investigations that are ongoing. It is incredulous that any top level management could be complicit in something like this, knowing full well that the funds will be traced to RCBC easily. But then again, Philippines is full of such audacities.

These questions may provide some tell-tale signs :

Q1. Did the Treasury Manager report the huge cash, to whom and what were the re-actions?

Q2. Was there a huge reconciliation item in the US$ nostro a/c on close of business Feb 4? (If there is’nt, it meant Treasury was expecting the huge remittances and they utilized those funds, (such as place it out interbank overnight which is what they would have done ordinarily) meaning someone else obviously knew what was happening.

Q3. Who handled the SWIFT message of Feb 8 from BCB in the morning of Feb 9? Who passed the message to who and what was recipients response? (Lots of payments on Feb 9 could have been prevented!!). This is where a big fish could be caught.

An investigation into FX 3 would probably provide some answers.


The 4 US a/cs:

(Michael Francis Cruz, Jessie Christopher Legrosa, Enrique Vasquez, Alfred Santos Vergara).

These a/cs were opened 1 year ago and has been dormant ever since. Invitations to attend the Senate inquiry were in vain and revealed they do not reside at the given addresses. These are of course ghost a/cs, their sole purpose was to break the inward remittances into smaller amounts to avoid attention.


William So Go complicity?

Mrs Deguito is acquainted with Go who is a customer of a bank she previously worked for. She said the a/c opening by Go was done outside bank premises, which banks sometimes do for valued customers. This is more an exception than a rule. Go has vehemently denied that the a/c was his and that signatures were falsified. He said Mrs Deguito met with him on Feb 22 where she offered him Php 20m to officially close down the a/c. She has denied this. I think Go shot himself in the foot here.

AMLC’s explanation at the inquiry consistently referred to “Go remitted xxx US$ to Philrem” which I think she was just referring to Go’s a/c being debited for the transfers out. Philrem consistently said instructions came from branch manager except for FX 3 which came from Treasury.

Q: If the a/c is fictitious, why would Mrs Deguito plead with Go to close the a/c? She could just as easily close down the a/c herself if it’s a fictitious a/c.


Senate inquiry:

“The time has come, the Walrus said, to talk of many things”

This is so typical of Philippines , all talk and no action. There are so many investigations going on — Anti-Money Laundering Commission, National Bureau of Investigation, RCBC and Casinos. The interest of the state would be better served to allow AMLC to do their work and collate all info from the other investigations, all out of the public eye until such time when their work can be publicized. A public Senate inquiry serves no purpose :

  • Many personalities will declare Philippines version of the 5th amendment and clam up.
  • Others cannot contribute because of Banking secrecy laws
  • This inquiry will not end in legislation because they do not have enough time.
  • It’s only benefit will be crooks of all sorts who will learn of Philippines’ banking processes and weaknesses. (Much like disclosing military tactics in the Mamasapano inquiry)

If it is in aid of legislation, dear senators, do the following :

  • Pass the amendment to the anti-money laundering act to include casinos.
  • Whilst you are at it, include also NGOs, charities, money changers, remittance companies (these organizations have often been used to launder money as well).
  • Amend the banking secrecy act, stop the law from protecting the crooks.

If it is in aid of legislation, there was one bright moment. Senator Recto noted it took AMLC a long time till Mar 1 to obtain a court order to freeze accounts and he asked “Is there anything we can do?”. AMLC explained it has to do with “ex-parte” issues they needed to collect sufficient evidence. Unfortunately, this question will be buried by all the showmanship.


Philippine Daily Inquirer:

No, No, don’t worry, they are not complicit. It’s strange that PDI had the scoop and broke the story on Feb 29. Bangladesh and NY were able to contain the story pending investigation, but Filipinos have loose tongues. The PDI story did not explode on the world – was it because no international agency reads Philippines media? It only became world news when BBC and Reuters carried the news Mar 2 or 3.



There is no doubt M/s Deguito is in the center of the storm and a possibility there are some others in RCBC who are privy to and participated in the misdeeds.  In the scheme of things, the branch manager was designed to take the fall.

We do not know where the US850mm remittances that the Feds stopped were destined. That the 5 payments that went through arrived in Sri Lanka and Philippines is no coincidence. Both countries are weak in their anti-money laundering regulations in as much as casinos are not covered. Both have several casinos operating in the land.

All law abiding citizens actually do not need banking secrecy legislation. That is because all banks have a fiduciary relationship with their customers. Just like a doctor does not divulge patient info, nor a reporter his source, so too a banker his customers’ info. Philippines has a banking secrecy act that protects the crooks. Many are the times we have witnessed investigative officials rendered inutile by banks that refuse to provide critical information. Banking secrecy is fine, but where it comes to criminal investigations, the law must be on the side of those who uphold the law. An amendment is long overdue to override banking secrecy in the event of a criminal investigation. This will be a tough act for a lower and upper house full of legislators who themselves are tainted. Blame dwells on the voters who put them there.

In Philippines the legal process is always the stumbling block. It always guarantees the crime busters arriving at the stables long after the horses have bolted. Mayor Jun Jun’s suspension was effected after several months giving him time to shred all documentary evidences. In this case, AMLC swing into action the moment Tetangco received the call from the BCB president on the evening of Feb 11. It was only Mar 1 that AMLC was able to secure freeze orders from the Court of Appeals. By then, old mother Hubbard discovered the cupboard was bare.

There is fear this incident may lead to Philippines being put back on the TAFT gray list again. Banks all over the world may not want to deal with Philippines remittance companies if they are not linked with foreign banks. The repercussion is increased cost for remittances by OFWs. Strange that this immediate impact possibility is quick to draw the ire of OFW associations, but voting in the wrong candidates that may damage Philippines in credit agency ratings with wider implications for the country do not resonate with the same segment of the population.

Bank heist and money laundering syndicates are a breed of extremely intelligent criminals. We need to work on the ex-parte proceedings. The war is lost if judges are not prepared to wake up in the middle of the night in their pajamas to sign search or arrest warrants or freeze orders, on the basis of their prosecutors’ judgment and recommendation that time is of essence, but instead prefer to dwell on legal decorums, on evidences or other proofs or witnesses or authentic documents or affidavits, or proper notarization.

Great train robbers will know this is a good place to be.


(Note: This article was updated to incorporate new info out of the Senate inquiry Mar 15. A lot of numbers were floating in the senate hall and I’m sure all those tuned in would have got lost in those numbers, particularly its relationship to FX conversion. I sorted through the numbers to present a  meaningful picture of the money trail).


546 Responses to “The Great Bangladesh Central Bank Heist”
  1. Awesome, just AWESOME, article, chempo. Thanks!!!

    “That the 5 payments that went through arrived in Sri Lanka and Philippines is no coincidence. Both countries are weak in their anti-money laundering regulations in as much as casinos are not covered. Both have several casinos operating in the land.”

    I heard Korean and Japanese syndicates run the casinos over there, so these foreign criminal enterprise, I assume, actively lobby (read bribe) politicians to keep gov’t minders at bay?

    • karlgarcia says:

      according to one legislator,during his trip to Macau,he discovered that casinos are not inluded in the Anti money laundering act.And he also said that casinos lobbied not to be included here.

      “It was Manila Representative Amado Bagatsing, then chairman of the House Games and Amusement Committee, who proposed the exclusion of the casinos amid lobbying by casino operators.

      ABS-CBN News went through the transcripts of the plenary deliberations on House Bill 6565.

      During the period of interpellations and debate at the plenary on December 4, 2012, Bagatsing said: “Let me just manifest that this representation is the chairman of the games and amusement committee, and this representation through this committee was given a position paper by the gaming industry where they would like this representation to propound their anxieties, their fears, so that their fears will be properly addressed.”

      Bagatsing told the plenary that in a trip to Macau, he discovered that Macau’s casinos are not covered by anti-money laundering laws.

      “Let me rephrase or let me state the kind of question I asked of this big operator. I asked them: ‘How is the anti-money laundering act doing here in Macau?’ I got the biggest surprise of my life when in jest the person answered: ‘What AMLA?’ In other words, ang tanong ko sa kanila – ano ba ang pangyayari dito sa AMLA dito sa inyo, sa Macau. At ang sagot sa akin, anong AMLA?

      “Are these countries seriously following what is being agreed upon?”

      Bagatsing also told the plenary that the casinos had a position paper questioning the proposed inclusion of the casinos in the AMLA coverage. ”

      • karl,

        How’d this AMLA thing come about? Was this purely to oblige American and 1st World interests, or was this generated locally over there? This looks more like something post-9/11 to target terrorists, hence zero focus on economic free zones and casinos. Am I right?

        manuelbuencamino says:
        March 18, 2016 at 11:22 pm
        (4) Funny how JPE, in the first hearing, tried to delink casinos to money laundering. He kept asking, could this have been prevented if casinos were included in the AMLA? He kept repeating that it should have been stopped by the banks. Thankfully the AMLA lady showed exactly why the whole thing became attractive precisely because casinos were not covered. JPE changed topic after that.

        In the second hearing JPE asked who Kim Wong was. Didn’t he know that Kim Wong is a licensed casino-hotel operator in the Cagayan Special Economic Zone and reportedly also own licenses to operate online gambling out of CSEZ.

        CSEZ can issue gambling or gaming licenses. Before CSEZ came into existence, only Pagcor could issue gaming licenses.

        Online gaming over here is now under the microscope, more on taxation than policing, what are the online gaming laws over there? I remember this CSEZ involved in car and other smuggling activities—- is this still a no-man’s land?

        • karlgarcia says:

          On the timeline layed down by Irineo by year 2000,we were already blacklisted by the FATF,
          So the AMLA law of 2001 was expedited I think.

    • Harry Tan says:

      The gravity, impact and implication of this incident cannot be discounted because the integrity of the Philippine financial system is at stake here. The actors (FRB NY, BCB, etc.) are multinational. And this, of course, has rippled already to the global scene.

      Do us proud AMLC, BSP, DOJ/NBI/PNP and, ohh my, dear Senate on how you would untangle this international cyber heist knot. The 100+ million Filipinos are watching and so are the billion eyeballs in the world economy. Hopefully after the dusts settled, the Philippine financial institutions are strengthened and renewed/increased trust dawns on our banks and quasi-banks.

      (Thank you for this superb article, Chempo!)

      • Yes… some stuff I have found out googling… if there are inaccuracies please let me know as this is a totally new topic for me and my goal is to increase our knowledge of the subject:

        1974: bank secrecy introduced by Marcos… seems he wanted to attract money.

        1990: FATF is founded in Paris (Financial Action Task Force)

        2000: say the Philippines is in the June 2000 report.

        2001: RA 9160 is passed (anti-money laundering act) I have seen during quick googling/browsing that “Jose Velarde” case may have played a role.. Delia Rajas also? 🙂

        2003: I have found that there were improvements but the act I have not found yet.

        2013: Aquino signs a further law based on FATF pressure, evading blacklist for the 3rd time – RA 10168 is mentioned here.

        RA 10365 is also what I find googling. Still putting stuff together this are preliminary findings.

        • Harry Tan says:

          Hehe. Nice historical stuff you dug up from binging google, sir Irineo.

          Likes your McArthur blog series, by the way. Debunks some of my false notions about Gen. McArthur and increased my insights of Phl in WW2.

        • karlgarcia says:

          ra 9194

          • karlgarcia says:

            ra 10167


                AMLA amendments to take effect this month
                By Prinz P. Magtulis (The Philippine Star) | Updated April 5, 2013 – 12:00am

                MANILA, Philippines – Amendments to the “dirty money” law which expanded its covered institutions and crimes are set to take effect this month.

                Republic Act (RA) 10365, which amended certain provisions of the Anti-Money Laundering Act (AMLA) of 2001, was signed into law by President Aquino last Feb. 15. The law will take effect 15 days after publication in a newspaper or by April 19.

                It was among the measures enacted for the Philippines to avoid getting blacklisted by the Financial Action Task Force (FATF), a global anti-money laundering watchdog.

                Since then, FATF has kept the Philippines under its grey list, which signified commitment to pass reforms. Being blacklisted would have meant higher financial transaction costs, especially for Filipinos abroad.

                The Paris-based FATF has scheduled an “on-site visit” to inspect if AMLA reforms are being implemented accordingly. A total of three laws- including RA 10365 – have been passed to address FATF concerns.

                Under RA 10365, foreign exchange corporations, money changers, pre-need and insurance companies were included in covered firms required to report transactions of P500,000 and above to the Anti-Money Laundering Council (AMLC).

              • Click to access updates%20on%20the%20implementation%20of%20laws%20%28as%20of%20july%2010,%202014%29.pdf


                (Signed Into Law JUNE 18, 2012)

                This law allows the Court of Appeals to issue a freeze order on a monetary instrument or property upon verified ex parte petition by the Anti-Money Laundering Council (AMLC) and after determination of probable cause. The freeze order shall be for a period of 20 days unless extended by the court. The court should act on the petition within 24 hours upon filing. A person whose account has been frozen may file a motion to lift the freeze order, and the court must resolve this motion before the end of the 20-day period. Only the Supreme Court may issue a temporary restraining order or a writ of injunction against any freeze order.

                RA 10167 also allows the AMLC to inquire into or examine any particular deposit or investment upon order of any competent court subject to certain qualifications.

                The Court of Appeals shall act on the application to inquire into or examine any deposit or investment with any banking (or related) institution within 24 hours from filing of the application.

                question: why did it take from February 11 to March 1 to get the freeze order?

    • chempo says:

      Thanks Lance.
      Dont know about Koreans n Japs, but I wonder did Trump do anything similar?

      • I’m still reading, and re-reading this piece, chempo, I finally ended up printing it out, so I can bring it around with me to peruse over.

        Trump’s on record over here whining about how every year he’s audited by the IRS, so I’m pretty sure he’s clean. It’s public knowledge he’s done business with the mob, but the mob is pervasive in the East coast.

        The casinos I’d be concerned with are not those owned by corporations, but Indian tribes. But I think those guys are pretty much run by corporations, ie. outsourced by Indian tribes, Native Indians just sit back and enjoy the fruits of their land (not sure).

        When it comes to money laundering over here, it’s the Mexican groceries and fast food chains that are of concern. Mysteriously they seem to be doubly profitable, but most importantly they cut cost (many times better deals than Wal-mart), driving legit competition away.

        So money laundering is a big concern here as well. And with Mexico fast becoming Nigeria (drug cartels now into gas/oil theft), Donald Trump’s wall is sounding mighty reasonable 😉 .

        • chempo says:

          Wow Lance, you really print it huh? Don’t know if Joe has any printing policies, joke lang.

          Fast food chains into money laundering — I’m sure you don’t mean Mcdonalds, KFCs and all those big names, but rather the small Mexican types. I can see your point on Mexican grocs, etc.. With all those drug coming from south of the border, ya money laundering sure seems a big big problem.

      • josephine l. macuha says:

        on our way to a Corregidor tour, the tour guide was being funny and said that if you want WW111 to erupt you should put Koreans and Japanese together. He is just being funny. I wonder why is that. I am not so history savvy.

        • sonny says:

          Ms Macuha, there is a very strong love-hate relationship between Koreans and Japanese. Less of love. Yet both are ethnically related.

          • R.Hiro says:

            Japan brutally colonized Korea way back when… Primordial reason why the South developed quickly was to catch up with Japans development after the war. Quite a number of Koreans wore the Japanese uniform and fought with them against the Philippines right here.

    • “It is my belief there is a high probability that there was no hacking but an inside job. Another give-away of employee complicity is the payments made references to actual ongoing infrastructure projects in the country.”


      What’re the chances of Filipino managers working inside Bangladesh Central Bank (or in their IT staff)?

      • edgar lores says:

        LCpl_X, You are beginning to sound like MRP. I resent that.

        • We’re all sleuthing here, edgar. Every possibility should be considered. If there’s a Filipino-connection… then there’s a Filipino-connection, if not, not.

          • edgar lores says:

            Fuck you. You are being racist.

            • If chempo states that Central Banks don’t hire non-nationals (ie., Filipinos) then I’ll rest my case, but the question needs to be posed, and it’s not racist to chase down leads, ie. ask questions.

              • edgar lores says:

                No, the question does not need to be posed? Where are your manners?

              • Where are yours? It’s a fair question, edgar. You’re being emotional. I don’t know why.

              • edgar lores says:


                Of course, I am being emotional. And If you do not understand why… let me explain.

                This is a cross-cultural blog mainly about the Philippines. You come as a guest… as I do.

                While JoeAm is the owner of the house, he has made it plain that he loves the country and, to a certain extent, has adopted it as his own.

                So in certain respects, if not many respects, this is a Filipino house — nay, a Filipino home.

                Then here you come in and you ask, “Are Filipinos employed by the Central Bank of Bangladesh?”

                What is the implication of your question?

                To me, the implication is that you think Filipinos employed in Bangladesh are in cahoots with Filipinos in the Philippines.

                To me, as a nationalist, the implication is that you think all Filipinos are crooks.

                Do you get that? Do you understand?

                You come into a Filipino home with mostly Filipino guests… and in effect you say, “You are all criminals, scum of the earth.”

                I gave you a warning when I said I resented your question. You chose to ignore my warning. It should have set off alarm bells in your system.

                Did you think even before you posed the question? It does not require an astute an analyst as chempo to answer the question: would the central bank of a country hire non-nationals to run its primary financial facility?

                Did not the thought enter your mind?

                So my advice would be for you to think first before opening your mouth… or hitting the keys on the keyboard.

                You are so impulsive here… as over there on the matter of Jim Paredes.

              • Joe America says:

                I do think the idea that if a crime was committed and money came to the Philippines, we ought to surmise a Filipino is probably behind the crime is a bit offensive. There are a lot of crooks around the world, and there are a lot of honest Filipinos. Why the need to judge before the facts are out? Just wait for the facts.

              • Why the need to judge before the facts are out? Just wait for the facts.


                But we’re playing detectives here, it’s what we’ve always done, and have enjoyed everyone’s perspectives since, why is this suddenly “offensive”? Unless edgar’s a bank manager working for a foreign bank, this should’ve been just another day, with us brainstorming angles. Right?

              • “You are all criminals, scum of the earth.”

                Not even close to my question, edgar. As for offense, I think looking to be offended and saying something truly offensive, are two different things. Here you’re looking to be offended. You’re loading my question, with your own baggage.

                Aren’t you even a smidge curious if there are Filipinos working in the BCB? And if the thought entered your mind, are you seriously going to take offense (at yourself)? C’mon. Again it’s a fair question, end of story.

                Jim Paredes on the other thread, I’m still game to continue though, if you’re game.

              • edgar lores says:

                My last word on this: you failed to apply Occam’s razor.

            • mercedes santos says:

              Cool it Edgar, there’s a slight dent of truth in what this militar is saying. First people have been taught well by their masters 😉

              • “there’s a slight dent of truth in what this militar is saying.”

                Thanks, mercedes! Exactly, I’m not saying anything Filipinos aren’t already thinking.

              • edgar lores says:

                Sorry, Mercedes, i think you are wrong here… and I am even sorrier that you would side with LCpl-X on this matter.

              • Joe America says:

                I don’t think Filipinos are thinking that. I think most would be offended at the rather unkind prejudgment.

              • Joe America says:

                It reminds me of the old 50’s American rhetoric that all blacks are sex-mad and all Mexicans are lazy. All Filipinos are crooks. It is discriminatory. I think that is the reason for Edgar’s harsh reaction.

              • “It reminds me of the old 50’s American rhetoric that all blacks are sex-mad and all Mexicans are lazy. All Filipinos are crooks.”


                I didn’t say All Filipinos are crooks, you’re leveling racial profiling on me, when I was doing criminal profiling, ie. if the criminals in the Philippines involved were Filipinos (Chinese-Filipinos, or otherwise) that there is a likelihood that the “insider/s” in Bangladesh may also be Filipinos– how many Filipino bank managers work for foreign banks?

              • LCpl_X

                You did sound like MRP back there. Am as nationalist as sir edgar,…please don’t let MRP’s persistent downgrading of his former countrymen rub off on you, you did remarked that he’s your hero here….Joe’s right….multinational hackers are out there, to single out Filipinos in your question is offensive and unfair. That’s part of the reason why when I don’t have that much time to rebut MRP, I just skip his rant against us by scrolling down, down, down…he has lots of those rants sometimes.

                With MRP, you and Omar – do I think it’s Filipino bashing time?

                Other than that, I appreciate your articles and comments here.

              • Mary,


                re MRP, the guy is using satire and parody. In my mind both he and Wil are on the same plane. He’s funny as hell, because there’s truth. Remember my biggest detractor here is mercedes, with her on-liners— the fact that she’s not offended (she’s been offended with everything else… ) is something.

              • Re my Filipino bashing time remark above, I need to clear Omar on the list..I apologize… speed reading technique failed on me there..I think it’s time for me to use my eye glass, something I keep postponing. Again my apology.

              • You’re welcome.

                Will and MRP on the same plane? Hardly. Will’s comments are oozing with positiveness, love and tolerance.

              • omar millar says:

                i would assume you are referring to me Mary Grace. Apology accepted. All in a day’s work.

              • “Will and MRP on the same plane?”


                Same plane, just different ends— in that both use emotions first, then reason, to make their points (like infected packets).

      • Joe America says:

        Highly unlikely. Word coming out of Bangladesh is that it is an inside job, as chempo deduced, and info from the Philippines is that Wong appears to be the mastermind in the Philippine shenanigans. The branch manager was a tool.

      • chempo says:

        Guys, I’m certain Lance don’t mean it as an affront, seeing his sensible contributions here. It may not be politically correct, but blunt straight talking American style sometimes do rub whilst it is not the intention. I like to think we are all above that.

        As to the question, Bangladesh is a poor country with low level salaries, I don’t think smart Filipino IT or banking executives would go there, and low level clerical staff is difinitely out of the question.

        If hackers were involved, I think it would be the Russian or Chinese types because it is not your usual bank hacking genre. Sorry, don’t mean to put down Filipino hacking capabilities, it’s just that I think the organisational part is something that Russians and Chinese have.

        • chempo, Thanks.

          Filipinos can be found in Africa, and throughout SE Asia, and the Mid-East, so there’s still that chance. But I’ll go with your take on this.

          • Edgar Lores says:

            Still a chance, hey? There’s that underhanded smear again.

            • I said, “still that chance”— that a Filipino(s) is complicit, based on the fact that Filipinos make up the world’s bureaucrats (along with Indians).. Basically, I have a theory and I’m sticking to it, edgar (with no malice aforethought). Call it a hunch.

              • edgar lores says:

                Did you read the article? Of course, at least one Filipino is complicit – Deguito.

              • I’m talking about in Bangladesh, edgar.

              • edgar lores says:


                You keep qualifying your answers.

                Explain this to me. On the Jim Paredes issue, you maintain that love of family and love of country should be congruent. And you deny you slander Jim Paredes although it’s on record.

                Here on this heist issue, when I exhibit love of country and countrymen by objecting to your wholesale presumption that Filipinos are behind this, you describe my reaction as “baggage.”

                So, which is which? Is love of country baggage?

                There is no consistency in the principles upon which you rest your arguments.

              • edgar,

                Let’s not bring love of country here, this is a personal issue for you (evidence: mercedes‘ statement, ie. INTERPRETATION).

                As for the heist, when criminal groups take on a score, they’re usually connected culturally, shared experience, same neighborhood, same cell block, etc. A diverse criminal group (ie. Bangladeshi, Chinese, Sri Lankan, Filipino, Russian, etc.) is possible, but my money’s on same nationality. Again, not meant to offend, just a hunch.

              • edgar lores says:


                If you are not able to answer my questions, say so. Don’t hide behind Mercedes’ skirts.

                But enough already.

              • I answered it. I answered slander (back in said thread). I answered why I thought a Filipino would be involved. All answered.

              • AGAIN. Not “sneering at Filipinos” (you just admitted pride at the thought of Filipino involvement in the heist, hypocrisy? so offense here is arbitrary, but you don’t mind that), but interpretations differ (evidence: mercedes), to each his own, so you’re entitled to your opinion, edgar (no harm, no foul, duly noted, no apologies from my end, slate cleaned).

              • Edgar Lores says:


                Slate is NOT cleaned. You posed a thoughtless and tactless question.

                And remember your underhanded smear? That showed real prejudice.

              • Again, edgar, that’s according to you. Hence it’s a personal thing. Let’s return to being reasonable, I like that edgar a lot better 😉 .

              • edgar lores says:


                What you did was pure and simple racial profiling.

              • It’s criminal profiling, and I explained why it’s criminal profiling. Will you also take offense at the fact that I’m now interested in the INC angle of all this, as per manuelbuencamino‘s post below? Why or why not? If no, What’s the diff?

                Again, you’re looking to be offended, so some introspection is in order on your side, not mine, edgar (I’ve been consistent, this is aberration for you).

              • edgar lores says:

                The criminal profiling is racial! Exactly my point.

                No, I am not offended by your INC angle, as I do am not one. It depends on your presumptions and what you say. Just be careful. There are INC commenters in this blog.

          • chempo says:

            In the interest of the Original Question, Irineo linked way below a Bloomberg report that point to hacking. Seems the SWIFT served was connected to corporate network after all. The forensic slueths said this is a high level hacking group they have been tracking for some time. A very organised criminal hacking group — so definitey Russian or Chinese.

            No Filipinos involved, so the discussion is moot.

            • I blame you for this, chempo! j/k 😉

              “It is my belief there is a high probability that there was no hacking but an inside job. Another give-away of employee complicity is the payments made references to actual ongoing infrastructure projects in the country.”



              “The forensic slueths said this is a high level hacking group they have been tracking for some time.”

              So if I said, Filipinos were definitely involved since this was a “high-level hacking group”, that would be construed as flattery, and not offense? j/k, guys. 😉

              Thanks for the tit-for-tat, edgar.

            • edgar lores says:

              Chempo, thanks. Actually, I was going to be perversely proud if the suspicions about Filipino masterminding was borne out. This would have been the biggest bank heist in all history. (Central Bank of Iraq 2003 – $920M?)

              • caliphman says:

                Boys, boys down with the hackles already. Its a bit incongruous since many of us here are OFW’s discussing a Singaporean’s gripping CSI type article in a Yank’s Filipino blogsite and the latter is where the drama should remain. We are all friendlies here so lets cut each other some slack. Pass the cyber popcorn and lets see if we can unravel more of this international whodunnit.

              • edgar lores says:

                You are not offended by the thoughtless and tactless presumption of LCpl_X?

              • caliphman says:

                Edgar, coming from a Yank I do not know, I probably would be. I have had worse fights with Lance before but I know he is no racist. He is a young whippersnapper who could stand to be more respectful of his elders and because he has a lot of smarts, he doesnt pay attention to how he says things. Sorry Lance, but just telling it like it is, just the way you do 🙂

              • sonny says:

                Amen to that caliphman. In medio stat virtus (right/truth/virtue is somewhere in-between), some wise man once said.

              • “Actually, I was going to be perversely proud if the suspicions about Filipino masterminding was borne out.”

                You can’t feign offense and take solace in pride of the same thing, edgar. That’s hypocrisy. Be reasonable now.

              • edgar lores says:

                The operative word there is “perversely” not “proud.”

                Now you are compounding your error by accusing me of hypocrisy.

                My conviction is total that you offended Filipinos by your presumption.

                And I am not the only one offended.

              • “He is a young whippersnapper who could stand to be more respectful of his elders and because he has a lot of smarts,”

                Well I guess that’s another component to this discussion, isn’t it? If I could see you guys in all your gloried wrinkles, I’d probably exhibit more deference, but we’re interacting purely on mental levels not physical (though I’d like to think I’ve been very respectful).

                But this is about matters of principle here, and no one’s convinced me that what I’m saying is wrong— the semen thing, I can understand, offensive (but that’s matters of experience, ie. something taboo to you, isn’t to me) my point there was solid (issues of viscosity notwithstanding 😉 ).

                If we were a bunch of detectives in a room and every idea that surfaces up was shot down as “offensive”, we’d never get anywhere.

              • “And I am not the only one offended.”

                Agreed. But everyones either lukewarm to tepid, or like caliphman dubious to apathetic, coming from a Yank I do not know, I probably would be.”.

                Which is weird because you’re usually the one with the levelest head among us. So if others have given me the benefit of the doubt, “I have had worse fights with Lance before but I know he is no racist.”, why can’t you edgar? We’ve been interacting for quite a while now.

                So I’m convinced this is a personal matter. Don’t take it out on me. Deal with this personal matter, don’t plaster it on me (as the straw-man here) and let’s move on. You’ve not convinced me and you’re not getting an apology from me.

                Again, it was a valid question to ask.

              • butod says:

                I can just as easily get riled up by anything that smacks of bigotry, but I’d have to give LCpl_X a pass in this case. His first comment (and the first entry) is a dead giveaway of his underlying theory here — that transnational crime syndicates tend to be organized along ethnic/national lines, e.g. the Chinese, Mexican, etc. connections.

                And given how the diaspora gives us such a diffuse global footprint (heck, Pinoy migrant workers are bound to be found even in the most obscure “stan” countries — Kurdistan, Krgystan, Uzbekistan, etc.), it’s not completely unreasonable to imagine that a number of Filipino OCWs might be working or had at least worked in BCB, unless Bangladeshi nationalist provisions in fact restrict foreign employment. Tie that up with the RCBC scandal here, and it does stand to reason from a foreigner’s eyes that a Filipino connection MAYBE in place. As soldier boy has said so himself, he’s just playing detective going on a hunch, and being too PC when doing so is never a good start for unraveling cases.

                That said, do I think Pinoys were involved beyond borders in this case, let alone masterminded the whole enterprise? Nope, simply because OFWs (especially professionals) tend to behave themselves abroad, thankful enough to get reasonably high-paying jobs to risk all in single-score, extremely high-risk/high-return crime capers. If anything, OFWs grown familiar with (and relieved by) order and a functional rule of law in their host countries are the first ones to get preachy about proclaiming the Pinoy’s vaunted predilection for cutting corners as a myth.

              • Edgar Lores says:

                Edgar: “Did you think even before you posed the question? It does not require an astute an analyst as chempo to answer the question: would the central bank of a country hire non-nationals to run its primary financial facility?”

                Chempo: “As to the question, Bangladesh is a poor country with low level salaries, I don’t think smart Filipino IT or banking executives would go there, and low level clerical staff is difinitely out of the question.”

                I will now emphasize: It would be extraordinary for the central bank of a country to hire non-nationals. I think a central bank may hire non-nationals as consultants. It certainly would be a matter of a high security risk for such a bank to have non-nationals working as operational staff in the sensitive inner sanctums of the IT department.

                That Filipinos are employed in almost every country on Earth is irrelevant. And to posit that Filipinos work or have worked in the Bangladesh central bank in sensitive positions is pure speculation.

                I would rather rely on the proven analysis of a Chempo than a Butod.

              • Thanks for the support, butod. 🙂

              • “And to posit that Filipinos work or have worked in the Bangladesh central bank in sensitive positions is pure speculation.”

                Hence the word hunch, edgar. 😉

              • butod says:

                Sheesh, ease up on the casual shade there. No one’s stopping you from going full-on General Luna on Lance’s ass, but don’t go guilt-hijacking others to feel the same way.

                Wasn’t even defending Lance per se — nor denigrating you — with the comment, was just offering my own 2 cents for where he was likely coming from with his original question, given his first ever comment. Chempo’s explanation about the low probability of foreigners getting employed in a central bank came much later, and even then the tit-for-tat continued, so I thought my own perspective might help.

                And do take note that I did qualify towards the end that I don’t believe in any Filipino grand crime caper angle here, not out of some faux-racial pride that it’s completely beneath Pinoys to be so inclined, but simply as a matter of rational choice.

                As you speak for yourself, please allow others to find their own voices as well.

              • edgar lores says:

                Thank you for your 2 cents and perspective. And please allow me to rebut your 2 cents.

                Where did I “guilt-hijack?”

                I did note your conclusion… which is my conclusion as well.

              • butod says:

                That you actually sounded baffled that Caliphman didn’t take offense, and that you had to leave a rather ornery remark for me when I agreed that I myself didn’t feel slighted, is rather telling.

                Anyway, again, I’m not here to defend Lance or pick a fight with you, I just really thought his question was asked in pursuit of some conspiracy theory (which I shot down), not as a slur. Even Chempo didn’t see it that way, and simply answered the question as straightforwardly as his deduction allowed.

                Which I honestly thought could have been put to rest there and then (and Lance did attempt to end it there by thanking Chempo), except that the tit-for-tat just kept escalating, so…

              • edgar lores says:


                I asked Caliphman, who was playing peace maker, if he was not offended. It was not out of perplexity or confusion but genuine curiosity. I was not “guilt-hijacking” him. And his reply was frank and balanced.

                What specifically is my ornery remark to you?

              • butod says:

                Yikes, where and when do you get off? Sige na nga, wala na…you olreydi…peace out. O ‘lika na, decompress na tayo. Inhale…exhale…

              • edgar lores says:

                Thank you.

      • maru0907 says:

        I find myself angry at this comment. It implies that Filipinos are the perpetrators of this heist. On the other hand I wonder do the Filipino criminal gone this sophisticated?

        • BFD says:

          But in all fairness, even the Bangladesh government said that it’s impossible for it to be hacked so it’s an inside job between their Central Bank officials with the highest security clearance that made it possible to effect a cross border transfer. So the “hypothesis” of LCpl_X falls flat on its face.

  2. Mariano Renato Pacifico says:

    Chempo, are you a journalist? Very good reporting! You amaze me! CONGRATULATIONS! You covered the beginning to the end.

    • karlgarcia says:

      Forensics is your favorite topic,I am sure you liked it.

    • edgar lores says:

      “M/s Maya Santos-Deguito’s complicity is a certainty. It’s just a question of whether she was taking instructions from higher up in the organization and if so, who.”

      “I do not credit AMLC on $81.0M fiasco. I credit those that spotted erroneous spellings. In the end it will be Bank Manager DeGuito at fault. A scapegoat.”

      So, Mariano, is Deguito just a scapegoat?

    • chempo says:

      Thanks MRP. coming from you, that’s really something.
      No I’m not a journalist. My background is international banking operations, accounting and audit. Dabbled in some small biz which fizzled. Spent some time in sales — actually loved it, the events, trade fairs. Like most of the people here, have an interest in current affairs.
      I did’nt go to UP.

      • stpaul says:

        Thank you Sir Chempo for your detailed analysis. Truly alarming is the timing of the SWIFT instruction which was Feb5th wherein BCB was close and request to freeze which was Feb8th, wherein RCBC was close as well. They timed it so that the money could be released immediately despite any freeze order.

        • chempo says:

          All banking scams are timed perfectly, almost always over weekends and holidays. It will also almost always at a time of heightened activity over the counter, ie peak hours. Also it will always be almost closing time when staff are in a hurry to close up thus less alert.
          The timing is never co-incidental.

  3. karlgarcia says:

    You never cease to amaze!

    • Harry Tan says:

      Wow, Chempo! Very detailed and informative write-up. Superb research. Article as great as this is wanting in the major broadsheets. Ang galing mo!

      Thank you…

    • Harry Tan says:

      “Bangladesh is the 20th most-cyber attacked country, according to a real time cyber threat [2] map developed by Kaspersky Lab, an international software security company.” [1]

      Philippines is the 16th most attacked country.


      • andrewlim8 says:

        At first, this reminded me of the zero day virus Stuxnet, which was most probably released by US/Israeli interests to disable Iranian nuclear centrifuges. Kaspersky was instrumental in breaking down/identifying this malware. But that did not leave any identifiable persons involved.

        It was just released into the “wild”.

        This one involves so many human actors, from the RCBC (branch and top mgt), Philrem, shadowy Chinese businessmen, etc.

        So I am more inclined to go with chempo’s theory that this was an elaborate inside job, involving Bangladeshi insiders in their Central Bank/Finance Ministry. On our side, recruitment into the caper was handled by the shadowy Chinese businessmen, with the usual enticement of a monetary share. There was no malware.

        • karlgarcia says:

          Shareware then.

          • andrewlim8 says:

            No. As chempo demonstrated, the usual physical configuration of the SWIFT system is pretty secure. The only weak link is the one you cannot do away with – the human factor.

            This ties into the “cover stories” provided for the reason for payments to the ghost account holders – consultancy fees, loan repayments, etc – all for real projects currently underway in Bangladesh.

            Who is in the best position to provide these cover stories?

            • karlgarcia says:

              I was joking about the usual enticement of monetary share.

            • andrewlim8 says:

              @chempo, @karl garcia

              After reading up on international financial news websites about this caper, it may be possible for both scenarios to have happened – malware was uploaded by a Bangladeshi insider, for use by the hacking group outside.

              But I still agree that the scenario that a totally unknown hacking group from the outside did it without any Bangladeshi participation is unlikely.

              In any case, the more interesting part is the local one, obviously.

    • chempo says:

      Thanks Karl.
      You can lodge this in the Philippines conspiracy section of the library, together with Ninoy assassination, Fertiliser Fund, and countless others.

  4. Wilfredo G. Villanueva says:

    The world is watching. Not a boxer’s victory, not a beauty title or titles, not good singers, not a well-educated and English-speaking work force here and abroad, no not those. Not even a million Pacquiao victories can erase what money launderers and RCBC as a whole did to Bangladesh. The country is almost a twin of the Philippines—an emerging economy subject to vagaries of weather, recovered from a severe drought in the seventies, poor but struggling to break free from poverty just like us. USD81 million lost by hacking. That’s widow’s mite. The world is watching. Not too much talk, please, Senators of the realm. Let’s not play politics again, until the issue dies down and Bangladesh is left with an empty bag, issue unresolved as usual, lost in rhetoric and political grandstanding and one-upmanship. Do everything you can to give justice to the poor country. It’s in the Bible, about the widow’s mite and misleading the innocents. Woe unto you, Senate, if you flub this. Kick ass, jail ’em. It’s your time to shine, or forever stay in the region where there is weeping and gnashing of teeth.

    • not a small contribution given cheerfully by one who can ill afford it….not given cheerfully but snatched by evil cyber criminals…can those criminals kill to complete their heist? De Quito initially said she had to do it or she and her family will be killed, (probably the reason why she attempted to bring her husband and son to Japan)…only to recant, probably threatened more severely…meanwhile a recently resigned RCBC customer service staff exposed in an ABS CBN radio interview with Noli de Castro just this morning that allegedly, she personally witnessed William Go withdrew money from the RCBC Jupiter branch account opened by de Quito…what gives?…totally different from the story Go gave in the Senate hearing where he claimed de Quito confessed that she used Go without his knowledge.that he is not maintaining an account there..the Senate, the NBI, the government has a tough job to do…Will, you are totally correct, the whole world is watching…and poor de Quito is being blamed all by her lonesome by the RCBC president and officials


        MANILA – A former employee of the Rizal Commercial Banking Corp. (RCBC) is standing by her embattled boss, Jupiter branch manager Maia Santos-Deguito, putting herself at odds with the higher-ups of the country’s fifth largest bank.

        Speaking to dzMM, former RCBC Jupiter-Makati branch senior customer relationship officer Angela Torres debunked the statements made by her former colleague, customer service head Romualdo Agarrado.

        Agarrado said in a Senate hearing on Thursday that P20-million from the supposed bank account of businessman William Go was loaded into the car of the bank manager on February 5, contrary to Torres’ claim that it was loaded into the businessman’s Lexus car.

        Torres, however, refuted this because she personally handed over the money and asked Go to indicate receipt of the cash.

        ”Totoo naman po na si William Go ang kumuha ng pera kasi ako po mismo ang nagpa-sign sa kanya,” she said in the interview.

        Torres’ former boss Deguito was put under the spotlight after it was discovered that four accounts whose holders were found to be fictitious were used in moving into the Philippine banking system $81 million stolen from the central bank of Bangladesh’s account at the Federal Reserve Bank of New York.

        The four accounts, opened in May last year, remained inactive until February 5 this year, when $81 million was infused into them.

        The funds were later consolidated into the dollar account of Go, who has denied knowing anything about the account.

        The $81 million eventually ended up in two casinos: Solaire Resort and Casino, Eastern Hawaii Leisure Co. Around $30 million in cash also went to casino junket operator Weikang Xu, in what some senators say is a clear case of money laundering using casinos, which are exempted from the Anti-Money Laundering Act.

        READ: Junket operator got 780,000 banknotes in laundering scam

        During Thursday’s Senate hearing, Maria Cecilia Fernandez-Estavillo, head of RCBC’s legal and regulatory affairs, testified that an internal investigation revealed that the dollar and peso accounts of Go in the bank’s Jupiter-Makati branch were fake.

        ”We did an internal verification and the signatures of his peso and dollar accounts do not seem to match his other signatures in his other account in [RCBC] Trinoma,” Estavillo said.

        • chempo says:

          Mary, if what AMLC has uncovered are correct, then both Torres and Agarado are wrong. There was no peso cash going out of the branch. All peso deliveries were done by Philrem. ., Except for FX 3 arranged by HO Treasury, but the peso went to Philrem for onward delivery to Weikang XU. What is the motive of Torres and Agarado?

          Every time there is a fraud case, as well as in all those PDAF cases, the excuse of forged signatures props up. Investigators will be so dumb to even to pay attention to this. Of course signatures will be different 100%. If one has crookery on mind when opening a/cs, would one be stupid to sign with their actual signatures? Whenever this forged signature excuse crops up I view it as I’m sure MRP would.

          • Am thinking, 81 million dollars came in, did all of that go out through Philrem?…nothing was left for those who let their names be used to open the accounts in exchange for “commissions”…for inward and outward remittances…something they can withdraw when they close the accounts used.


        MANILA – The camp of Rizal Commercial Banking Corp. (RCBC) Jupiter branch manager Maia Santos-Deguito on Friday accused her bank of covering up the role of some of its officials in an $81-million laundering scandal.

        Atty. Ferdinand Topacio, legal counsel of Deguito, said RCBC is pinning her client as a “scapegoat” in the transfer of stolen money from a Bangladesh central bank account into four RCBC accounts.

        Topacio claimed RCBC’s attempt to cover up for some officials is aimed at maintaining the confidence of its investors and avoiding legal repercussions.

        “Siyempre po, pagtatakpan po ng RCBC ang kanilang mga opisyales sapagkat unang-unang po, concerned sila sa reputasyon ng RCBC. Baka natatakot silang masira ang kumpiyansa ng mga depositor sa RCBC,” he told radio dzMM.

        “Pangalawa po, magkakaroon ng pananagutang legal sa ilalim Anti-Money Laundering Act ang mga opisyal ng RCBC. Pati RCBC po mismo, baka magkaroon ng pananagutan sa ilalim ng batas po sa Bangko Sentral ng Pilipinas na nagre-regulate ng mga banko.”

        Topacio added the RCBC has suspended Deguito, hence barring her from securing bank documents which may clear her name.

        “Suspendido po iyung aking kliyente at bawal po siyang pumasok sa bank. Iyung mga dokumento pong magpapatunay na siya ay walang kasalanan, hindi po namin makuha,” he said.

        “Samantalang iyung iba pong opisyal ng RCBC na pinaparatangan, nasa kanilang custody po lahat iyan e. At may impluwensya po sila doon sa mga nananatiling empleyado ng bangko.”


        Topacio also questioned in particular why RCBC president and CEO Lorenzo Tan has not been suspended despite being embroiled in the scandal.

        Deguito earlier said Tan had personal knowledge of the transactions involving the four questioned accounts.

        She also told ABS-CBN News that the owners of the questioned RCBC accounts were referred to her by businessman Kim Wong, an alleged close friend of Tan.

        In the interview, Topacio claimed that Tan can destroy evidence linked with the laundering scandal and may also pressure RCBC employees to testify against Deguito.

        He also expressed suspicions over a possible conflict of interest that may influence the separate internal probe of the RCBC.

        Topacio said Tan is represented in the investigation by the ACCRA (Angara Abello Concepcion Regala and Cruz Law Offices).

        The head of the RCBC investigation, Atty. Macel Fernandez, was a former ACCRA official, Topacio said.

        Tan earlier denied any involvement in the suspicious transactions facilitated by Deguito.

        READ: P20-M loaded into RCBC manager’s car: witness


        Tapacio went on to blast the Anti-Money Laundering Council (AMLC) for singling out Deguito in the criminal charges it filed in connection with the heist.

        The lawyer maintained that the embattled bank manager was ready to tell everything she knows about the scandal before the AMLC slapped her with its lawsuit.

        Deguito, during the ongoing investigation of the Senate into the scam, refused to answer questions in public, invoking her right against self-incrimination. She instead gave her testimony through a closed door session.

        The Senate blue ribbon subcommittee has coordinated with the AMLC to find ways to secure Deguito’s consent in disclosing her statement in its next hearings.

        • Joe America says:

          Tapacio I believe is primarily interested in defending his client, not any particular truth. Of course, I am biased because he is the guy who called me a “son of a bitch” on Twitter, mainly because I support the Aquino Administration, which has his other client, Arroyo, under arrest. He ripped the authorities who stopped the branch manager from leaving the country, talking about how tearful their young child was, as if the government was the guilty party in the theft. Talk about seeking to avoid any law-based justice. He would get her out of the country if he could.

          • I hope justice and truth will result in this investigations. As Will says in his comment above, the world is watching. Let the guilty party be punished and let this be a blessing in disguise so AMLC can be amended, to give it more teeth and relevance, the Bank Secrecy Law amended too when crimes like this or plunder is being investigated, not to treat the lifting as fishing for evidence and lastly, for justices at the CA or other courts concerned to be available even at midnight, weekend or holidays so freeze orders can be served before hot money is flown out electronically.

            • Vicara says:

              Amen to that, Mary Grace. As you said, this CAN be a blessing in disguise if it pressures everyone–from Congress, this administration and the next, and even those casinos, to clean up. Being in the international spotlight can make the cleanup proceed a little more nimbly. As for high-flying, all-guns-blazing Topacio, funny how a simple bank manager supposedly being hung out to dry by her employers was able to engage someone like him so quickly.

              The manager’s kid’ll get over it. Great presentation of facts and context, Chempo.

              • chempo says:

                Thanks Vicaro.
                Your point on hiring Topacio is noted.

              • True, oh so true…consequence of wrong decisions like succumbing to temptations of quick sums of money – then swift punishments should be meted if proven guilty…this should teach future heist planners and accomplices. What you sow, you reap.

                I just can’t get the possibility of threats to life of families of key players out of my force them to do that……things played out in thriller movies like Firewall, starring Harrison Ford. Movies like that although exciting to watch could give the wrong ideas to some enterprising people. In the movies, good triumphs over evil.

                Hopefully this is not the case..if it is, then with lack of evidence to prove their innocence, de Quito and Torres will just be fallgals, scapegoat of the powerful and wealthy.

                I wonder how much a bank manager makes – if what de Quito makes is that substantial for her to afford a tour of Japan for her family and to engage someone like Topacio so quickly.

                My officemates, though not executives, can afford to fulfill their bucket list – an annual tour to either Macau, Thailand, Japan, China or Boracay or be foodies in high end restaurants, drink and be merry on weekends. Their FB postings bear witness to their banks of good memories, BTW, they are annoyed by my political posts. Thy’re nice people, though just not interested in politics, deciding to live life to the fullest while they have the energy and the means.

                I don’t have a bucket list, I do have poor relatives to help in times of emergency in the city or in our province. Maybe they say am boring, they don’t realize am happy this way.

              • edgar lores says:

                Boring but happy? Are you me?

              • sonny says:

                @ edgar

                my boring and unhappy beats your pair. 🙂

              • Edgar Lores says:

                Ahaha! I don’t believe you are unhappy. You have resolved the questions of existence to your own satisfaction. There are not many men who have done that. 😉

              • sonny says:

                edgar, true happiness is dining on genuine pinapaitan (freshly extracted true papait) and lumo-lomo on a Sunday. 🙂

              • edgar lores says:

                I don’t believe I have ever tried lomo-lomo. But, if alongside the pinapaitan, we have kilawin na kambing… and kilawin na isda on the morrow… then that would be true happiness.

              • sonny says:

                Yes, I totally forgot the kalding kilawin. Don’t forget the San Miguel pale pilsen on ice. 🙂 Cheers!

              • edgar lores says:


              • cha says:

                Mary and Edgar,

                You are both to boring what Tito Sotto is to beguiling. 🙂

                Sorry, just couldn’t help myself. Haha.

              • edgar lores says:

                And Binay is to charisma… 😉

              • sonny says:

                Ha ha This is too much. Don’t stop but don’t go too fast.

              • manuelbuencamino says:

                Vicaro, As to your observation, “funny how a simple bank manager supposedly being hung out to dry by her employers was able to engage someone like him so quickly”…..maybe Deguito is INC? I was intrigued by the consecutive exclusive interviews that Deguito and Torres granted to anthony taberna and gerry baha on their afternoon radio show. I suspect they were made available by Topacio because the questions from the radio hosts all seemed prepared by a lawyer trying to make his client appear innocent. Topacio, Taberna are both INC members and they have always enjoyed a cozy relationship

              • “…..maybe Deguito is INC?”

                hmmmmmmmm… international in scope, with really nice churches, possibly tech savvy, able to hide the money (churches hardly get scrutinized over here, look at Scientology), pass criminal activities, etc.

                (I hope I won’t “offend” anyone) But I think you’re on to something, manuelbuencamino.

                I’m only familiar with this INC group from this blog, I’ve seen their churches all over the Philippines, but this church is very interesting (like Scientology and LDS)

              • sonny says:

                Came across some news items – INC or some members have real estate interests in one of the Dakotas (North or South).

              • This is interesting, sonny.

                I’m wondering if INC bought other towns…


                (re url question above, the simple answer, you buy towns, real estate, etc. to hide profits, legal or otherwise, same play book used by the Church of Scientology over here).

          • chempo says:

            Philippines are full of hot-headed attorneys whose first priority is to generate as much media publicity as possible.That’s good for business.
            Next they divert blame to others in ways tantamount to slander. The bigger personalities they can drag in the better. It’s good for business.
            A good attorney is one who does their work quietly and never discuss their clients situation in public other than a general statement in calm collected manner. The cardinal rule is the more you open your mouth, the more likelihood you get your client in trouble.

          • stpaul says:

            Sir Joe, same here. What would you expect from someone whose role-model is Hitler? My 2 cents Sir.

          • Sup says:

            Tapacio don’t like you Joe because his idol hitler (no capital, don’t deserve one) lost from the USA…

            • Joe America says:

              Actually, he sent me a note on Twitter after reading this blog and the discussion thread. He said he appreciated my candor, that I was indeed a son of a bitch, but the kind he liked. So I guess I have to put down my slings and arrows.

              • There was a postwar joke my father told me… after three years of not seeing Americans and them coming back in 1945 and swearing “Son of a Gun” all the time, Filipino kids like my then 11 year-old father were joking that the Americans have their own saint: San Amagan.

              • Joe America says:

                Hahahaha. Well, I have to confess that Atty Tapacio would find a comfortable fit in a John Grisham novel, show-boat eccentric representing the toughest cases. Values get turned inside out for those who choose to represent (likely) criminals, but they deserve respect for stepping up to the bar.

                Saint San Amagan . . . maybe that’s what Tapacio meant. He worships the very paper I type upon . . . 🙂

              • Topacio might be a Goodman…. misspelling courtesy of the Salazar fandation.

            • stpaul says:


              totally agree re: hitler (small h) , the devil incarnate

      • stpaul says:

        Mary, Go’s signed waiver shows goodwill on his part and truly points to Deguito as being complicit in the heist.

        • stpaul

          Maybe, let’s wait for the investigation to be completed. Am just wondering, what if she and Torres are telling the truth, what if they were just forced to be complicit in the heist.

          • stpaul says:

            Having a background in banking, a branch manager really has that kind of power to open an account even without the higher ups approval, and her flight points to guilt. Torres being an accessory defends her to the hilt. It happens all the time in branches operations. Thanks Mary 🙂

        • duker says:

          possible scenario on go giving the waiver:
          1. its easy to sign a waiver since the accounts are now empty. if there was money left, what is its value compared to his percentage in $80M. hindi na niya papansinin ang laman nung account?

          2. its a convenient way to make himself appear as a victim in the heist?

        • maru0907 says:

          The waiver Don’t mean anything, he knows he is lost that and he’s already got the bulk.

          • stpaul says:

            @maru duker

            all frontline personnel and managers are trained in fraud detection so don’t believe that they are clueless. As to Go, why the need to bribe him if he is part of the whole shenanigans. Easily verifiable by checking the cctv of the restaurants they’ve dined in. But, I could be wrong..

    • Will, this comment of yours was quoted by Boo Chanco in his column today at

      I found this comment of Wilfredo G. Villanueva (he might be the same Willy Villanueva I worked with early in my career but lost track of) in a blog by “chempo” in Joe America’s blogsite on the subject that sums up my feeling as well:

    • BFD says:

      What I find alarming, nay, revolting is the way the Senators conduct themselves vis a vis the “resource persons.” They hobnob with them as if they’re investigating them. Take for example Mr. Tan, when there was a break in the hearing, several senators walked up to RCBC’s side of the table and chit chatted. I think it’s inappropriate for them in that kind of setting where they’re investigating million dollar heist.

      Oh, that’s why there was no Senate Ethics Committee, they don’t understand ethics or how to comport themselves in that kind of situation.

  5. Edgar Lores says:

    Wonderful, exciting and thorough analysis.

  6. karlgarcia says:

    To RHiro,
    Your expertise is financial forensics,your inputs are needed.

  7. karlgarcia says:

    I don’t want to be the one to ask about a possible typo,but should Pangcor be replaced with PAGCOR?

    • karlgarcia says:

      Probably Chempo was thinking about Malaysia.
      Freudian slip.
      Small thing-Maliit na bagay.

      • chempo says:

        haha that’s Pangkor Island you mean, nice place for snorkelling, but beware, it has the most dangerous runway, it’s very short and near highlands. Once the pilot comes in, he has no second chance.

  8. DAgimas says:

    is there no grace period like here in the US (local transfers)? that a wire transfer is under “float” before final credit just to make sure everything is in order? that if there is a problem, the remitting bank can still recall the transfer?

    in this case, there was still time to recall the wire transfer but the manager disburse it anyway then she said the money has been withdrawn already

    what a corrupt manager

    • chempo says:

      DAgimas, I have never heard of “grace period” before. This would be simply creating open season for legalistic squabbling over responsibilities.

      In banking operations, a simple payment is coursed through many depts and hands, depending on the transaction. There is a front office, a middle office and a back office. Before a payment reaches the desk of the one to make the payment, whether SWIFT, TT, cheque, or cash, you can be sure many eyes have seen it. The payments itself are checked, double checked, before and after execution. Considering that a fairly large bank handles thousands of transactions each day, the rate of mistakes are extremely low. This is what we call operation mistakes, and operational risks are very low in good banks. In my previous work, billions of dollars are paid out and received every day, we had no errors over my entire period of 15 years there.

      • DAgimas says:

        what I mean is you have to wait for another day before it is available, so that the originating bank could recall if there is a problem. with this heist, it seems they were in a hurry to withdraw. there is no holding period for just even 24 hrs after they received the money.

        had the bank has a policy to hold wire transfers for 2 banking days or even just 1 banking day, the stop payment should have been effective, and the heist would have been foiled.

        worked in a branch before and if we receive a court order for garnishment, the manager will call the account holder and withdraw all the balance then they will enter the order in the system then make a report that this is only the balance available.

        seems that’s what happened but if they have a policy to hold even for just one day, they have no choice but to stop the payment because the money is still not available for withdrawal

        • chempo says:

          Re garnishment order — I know what you mean. I know people on the opposite of the table, the customers whose a/cs got garnished. We have “good” bankers who alert us to get the funds out. It’s the people, it’s not the system. If people don’y follow rules and laws, that’s what happens – systems collapse.

          Re holding period — I don’t think that’s the solution. What if a situation occurs and we say oh if only 2 days were allowed, the scam would have been discovered. And another situation it’s 3 days? If you are referring to cheque clearings, yes there is a holding period to allow the drawee banks the time to do all the checkings before they can say the cheque is good. Normally 1 or 2 days, depending on the system. Outstation cheques require a longer time for clearing.

  9. Wilfredo G. Villanueva says:

    I have to dive in, go up to the surface for air, dive in again. Chempo’s a marvel, but definitely my understanding is inadequate. Thanks, Chempo! I will finish your article yet, for self-improvement. Fantastic is the word!

    • chempo says:

      Wil, partly my motive is sharing knowledge. This is one is up my alley.

    • sonny says:

      “… my understanding is inadequate. Thanks, Chempo!”

      My sentiments exactly, chempo. This is downright esoteric for me. I thought solutions to differential equations was the end of the math knowledge frontier for me. But your tracking is right up there, with lessons pa! 🙂 Again, thanks.

      (Are you sure you did not consult for the Fed Reserve System?)

      • sonny says:

        As a cross-transfer professional from Chem to IT to Trust & Banking, how I wish I paid tons more attention to my introduction to the Financial Accounting world. A whole new world of knowledge. They called us only when SWIFT software was not working at the Forex and Letters of Credit backroom. Musmos pa rin ako (I’m thoroughly a babe in the woods).

        • chempo says:

          haha Sonny, I’m just an ops guy who has just a little bit more knowledge than most ops guys on systems. But when we need to open up the systems and get into the real esoteric world represented by 0s and 1s, you’re the types of guys we call.

          • sonny says:

            🙂 For sure ‘our types’ rode on our own clouds but we had no pretensions – we were simply ‘the help’ after MT505 msgs were working again.

  10. arlene says:

    Oh my, oh my, I followed the two Senate hearings on this and the plot thickens. This is better than the Senate investigation. Being a former banker, I am very much interested how this would end. Thank you for the details Chempo. Can a mere branch manager pull it off alone?

    • chempo says:

      Small scale crookery, yes. This one, unlikely. She would have been naive if she really was the lone wolf and she thought she could do it alone. I’m sure she knew she will be found out.

  11. chempo, thank you for discovering this blog site and contributing awesome articles in it…this is fantastic…thank you for finding the time to explain such complicated banking procedures to us non bankers…

    • chempo says:

      Mary, I’m glad I found this site too. I have learnt much, especially from marvelous commenters here. And I have learnt humility as well. You write an article and be prepared for whatever comes. If mistakes are pointed out, well and good , we all learn.

  12. NHerrera says:

    I just had hot coffee placed on a table nearby before I opened JoeAm’s and started reading your article and the comments up to this point without letup. The coffee is lukewarm now. Wow, can’t add to the adjectives already posted, short of going to find synonyms.

    Thank you very much indeed! (I will have to go back and re-read this thriller for more understanding and learning — banking and all that not being my cup of hot coffee.)

  13. andrewlim8 says:

    Superb, chempo. This beats any coverage/explanation, and I have this gut feel that Vanity Fair, Wall Street Journal, Bloomberg, New York Times, etc will refer or use parts of this article. Copyrights belong to chempo and Joe. 🙂 Just a joke.

    Producers of the Big Short, Too Big to Fail, and other financial dramas will start trying to option this for movie rights. aha ha ha

    Seriously, my takeaway here is spotlight also needs to focus on characters inside the BCB and Bangladesh Finance Ministry.

    • andrewlim8 says:


      As follow-up can you elaborate on this:

      “Another give-away of employee complicity is the payments made references to actual ongoing infrastructure projects in the country.”

      Which country? What infra projects?

      • karlgarcia says:

        Hi Andrew.
        Maybe Chempo means this.

        “Based on documents, RCBC officials had no reason to doubt the validity of the remittance from Bangladesh. The branch manager also cited several superiors attesting to the validity of the transactions, which—on paper—were backed by underlying infrastructure projects in Bangladesh.”

        Read more:
        Follow us: @inquirerdotnet on Twitter | inquirerdotnet on Facebook

        • A $25-million transaction was supposedly ordered by BB on behalf of the government’s The Kanchur, Meghna and Gumti 2nd Bridges Construction project. The amount was remitted to the account of Vasquez purportedly for the payment of a “loan” from Japan International Cooperation Agency (Jica).

          A payment for $30 million to Lagrosas, an IT professional, likewise under a Jica “loan,” was supposedly ordered on behalf of Dhaka Mass Rapid Trans. Dev. project

          A $6-million payment order on behalf of an IPFF project cell was supposedly to pay for Cruz’s consultancy fees. Another payment worth $19 million was supposedly from Bheramara Combined Cycle Power Plan Development Project with Vergara as beneficiary, citing “engineering consulting fees.”

      • chempo says:

        Andrew, as an added security feature, SWIFT payment messages require a “description of payment” field to be completed. So the 4 payments made various descriptions to infrastructure projects in Bangladesh to make it seem the BCB was paying for those projects….like consultation fees for Project xxxx, etc.

    • chempo says:

      Andrew, Did somebody mention Dhakawood haha


    “Some of the officials found the central bank’s computer systems inoperative on Feb. 5, a day after the theft, but didn’t immediately inform their supervisors… ”

    BSP, please take care of our Dollar reserves. Ours is just a widow’s mite as well.

  15. karlgarcia says:

    chempo expect Dhalywood to be askng for your contact information.

  16. NHerrera says:


    The picture accompanying chempo’s very fine piece seems to me like hooded Joe hard at work in his slow-internet Biliran place to keep apace with his blog articles and schedule and his noodling of coming articles. 🙂

    Thanks Joe for the timely insertion. (This is not the only one, you have done this a lot of times.)

    • karlgarcia says:

      😃 Thank you Joe!

    • or a pic depicting a cyber hacker…

      • karlgarcia says:

        Hi Mary,
        Have you read or watched this ?

        File:The Girl with the Dragon Tattoo Poster.jpg

          • nope, haven’t had the chance or the time….aarrgh!

          • BTW, I love the phrase above the picture – “What is hidden in snow, comes forth in the thaw”…awww!

            • It refers to corpses of women – tortured and killed by the perverted son of a industrialist. There is this investigative journalist who goes on the case and is helped by a somewhat disturbed punk girl who turns out to be a master hacker – Lisbeth Salander.

              It later turns out that her father is a former Soviet spy turned to the Swedish side – Salachenko – a sociopath who abused both her and her mother, whom she set on fire at the age of 12… but because he is under state protection he gets a new identity and she is put in custody. There is also a scene where her foster father – she is a bit older then – abuses her. Later she ties him up and tattoos his back with “I’m a pervert” to mark him… I don’t know if they made the American version less strong, somewhat like what you told me the Church has done to the Noli.

          • That’s the remake – the original movie is in Swedish, the original novel by Stieg Larsson as well.

            I watched the original dubbed in German, browsed the novel as well in a bookstore.

            • wow, a thriller indeed… the girl with the dragon tattoo…I’ll watch out for this novel

              • sonny says:

                I recommend, Mary. I saw the movie version. 🙂 Add also INSIDE JOB. Tumaas ang ilong ko after I watched it, akala ko I knew something about banking system and economics that many don’t. ‘Yon pala, musmos pa rin ako! By the time I catch up with the readings here at Joe’s blogsite, I will be so virtuous in humility. 🙂

              • sonny,

                You just gave me an idea for a bucket list I intend to do, with your Inside Job and the rest of the book suggestions here, this will ocupy my time during the first 100 days honeymoon period of the next President and VP, hopefully RORO.

    • Joe America says:

      Hahahaha, yes, that dude do look familiar . . . it was me ripping through chempo’s article looking for all the British spellings in the wee hours this morning. I left “cheques” in for flavour. 🙂

      • chempo says:

        Thanks for checking, I mean editing, the article.
        Thanks for the bulletting. I was looking for that but don’t know why the feature was not there. I was there the last time I did an article.

        • Joe America says:

          There are several edit screens, so you have to be in the right one for the bullet feature.

          Thanks for the sterling article. My role reminded me of being in the army and spending time lining up rocks along the pathway, painting them red white and blue. We called it “eyewash”, meant to please the generals with our attention to detail.

          • chempo says:

            My army days I recall standing by the CR at 7am and snapping to attention when the officer came “Toilet ready for inspection, Sir”. We go into the spanking clean bathroom and toilets and the Sir asked, and when the Sir ask, you comply — curl the forefinger and run it round the underside of the toilet bowl. When the finger comes out in funny colours, the Sir said — “You did’nt pay attention to details”.

  17. zuproc66 says:

    superb factual piece of journalism on the issue…

  18. Madlanglupa says:

    I have no idea of exactly how Bangladeshi banks operate or what infrastructure they use, but in most cases there’s alway the inside job, especially when a single or a few errant employees decide to get even because of their salaries, so they make a deal with this outfit, pay them more in exchange for information, or if possible plant malware, bugs, anything for the outfit to know the holes in the system. This amounts to an intelligence operation, except of course, the goal is to grab the cash and go.

  19. Jean says:

    This is simply a masterpiece…

    Thank you Chempo

  20. Bill in Oz says:

    This hacking was a major event ! While $81 million was stolen, the actual attempt involved almost $1 billion being stolen from the Bangladesh central bank…And it was quite a complex theft…

    As Chempo says it needed insiders in the Bangladesh Central Bank and at the Philippines Bank end…
    Bangladesh clearly needs to clean up it’s Central bank..And I read that the head of their Central bank has now resigned..

    As for the Philippines well closing down the anti money laundering exemption for casinos is essential….An exemption like that is an invitation to launder money….

    • I think it was not an exemption, just not included in the list of establishments AMLC need to watch and monitor.

      chempo said it quite well:

      “If it is in aid of legislation, dear senators, do the following :

      Pass the amendment to the anti-money laundering act to include casinos.
      Whilst you are at it, include also NGOs, charities, money changers, remittance companies (these organizations have often been used to launder money as well).
      Amend the banking secrecy act, stop the law from protecting the crooks.”

      If I mad add, all cash withdrawals exceeding a certain cap should be monitored as well.

      There’s a reason why Makati payroll is on cash basis for the longest time under the almost 30 years Binay admin, considering Makati is our prime commercial and business district. Other cities and municipalities are on ATM…so why? Simple, my dear Watson, err Bill in Oz…ghost employees, allegedly a practice as well in Davao City… Hundreds of millions of campaign fund, right?

      • Bill in Oz says:

        I would still the casinos were ‘exempted’. After all Chempo says there was a member of congress asking for exactly that MGP.And he asked after going to visit a Macau casino…So yes Casinos need to have this exemption removed via an amendment..But I wonder which legislators will appose this amendment ??

        Cash will always go to ‘unusual’ places..But large amounts of cash need to be banked somewhere so an anti corruption body can usually track things….

        ( need to carefully avoid making any derogatory remarks about an election candidate MPG .Curious my lady calls him “nog nog”. But what does it mean I wonder..

  21. This Bangladesh Central Bank heist reminds me of a movie Firewall, a 2006 American-Australian crime thriller film directed by Richard Loncraine and written by Joe Forte. The film stars Harrison Ford as a banker who is forced by criminals, led by Paul Bettany, to help them steal $100 million. The film was a box office bomb and received negative reviews from critics.

    In the movie, Jack (Ford) was told his family is being held hostage at their home… then initiates a wire transfer to send the money to Cox’s offshore accounts.

    • Madlanglupa says:

      This large amount of money is enough to kill for, literally. Money that could’ve been used for development projects in Bangladesh, but the ringleaders and thieves would’ve disappeared from the grid, spending the money as if it was water, enough to buy a new life in an obscure country with no extradition treaty, if it weren’t for a single misspelling.

  22. jeps says:

    Thanks Chempo! This is truly an amazing peace of work. Sabi nga – Pambihira! This is a must read for everyone especially those in the regulatory/compliance and banking industry. A lot of lessons to be learned here.

  23. chempo says:

    To all those with kind words, a BIG thank you.
    Sorry if I don’t thank you at the personal comments, but for sure it’s appreciated.
    I felt compelled to write because I read in various media and always come out half-full. There are so much errors one way or another, and so lacking in simple background research. The biggest bank robbery in the world deserves a better report. I thought to myself shucks if I were a journalist I think I could do better, so I just down and whack away…

    I like to thank Joe for allowing thiis article to jump the Q. Actually I was thinking of asking him to do that but I thought that would be presumptious of me. Next thing when I opened my email there was Joe asking me if I should publish earlier as the issue is still current. Nice to know you have good support from the bossing.

    It’s good to have this out early because post event may make my work seem dud and repeatitive. Case in point — I suggest that SWIFT “ack” or acknowledgement or confirmation for the payment messages would have been printed and alerted BCB staff, thus indicating insider interception. And there Mar 17 came BCB disclosure that they had been having printer problems for a while and they didt have hard copy outputs!!!.

    • andrewlim8 says:


      Oh yes, yes that story of malfunctioning printers and no hard copies on the Bangladeshi side, and on our side the malfunctioning CCTVs, I wonder if the RCBC guard logbook can malfunction as well….:)

      Pretty faces in the hearings are starting to scare me…

      • Add to that the evidences that Atty. Topacio is talking about in de Quito’s desk, inaccessible to de Quito due to her suspension, maybe including the receipt signed by Go mentioned by Santos. I see a dark prison cell for the hapless de Quito, hapless if indeed she is just a scared, terrorized escape goat.

    • Harry Tan says:

      “Pretty faces in the hearings are starting to scare me…”

      >>Hahahaha. My thoughts too, andrewlim8. Hehe. Thanks for voicing that out! 😀

    • Jerry says:

      You are now my favorite blogger/contributor…next to joeam. Good job man for doing this and more power!

      • chempo says:

        Thanks Jerry I cringe in humility, especially knowing there are far greater wrtiers here. I’m not the philosophical or analytical type. I’m just a story teller.

  24. Joselito Asi says:

    The story is very detailed and I can’t stopped from reading. Thank you so much. However, I found two confusing words here, Pangcor – under Timeline Feb. 19 (Is it PAGCOR?) and Hongkong. For the nth time Hongkong was misspelled (in other stories). Let it be known that it is Hong Kong and not Hongkong.

    • We have a grammar police here. methinks (see, i mangled that one) it does not lessen the impact of a truly, magnificent article, very informative and useful guide for bankers and non bankers alike.

      • this is coming from a commentator with comments full of typo errors, wrong choice of word and all that. am not a writer is my excuse, I post comments hastily with little time to proof read. direct to the comment box and then hit the Post Comment button, that’s my style.

    • chempo says:

      Thank you Joselito.
      Pangcor/Pagcor — haha you’re the 2nd person to highlight that. A guy working past midnight is excused for such errors I think, haha. But the reality is I never go casinos, so Pagcor is not engraved in my mind.
      Hongkong or Hong Kong — perhaps you are right. I think Hongkong is the romanised version that we use in old English textbooks.

  25. MAXIE says:

    Chempong-chempo ito. Thanks for breaking it down to bits for simple-minded folks like me. I’m sure my son, who is BSL/AML investigator in a financial institution in the US would be fascinated by this. My thoughts on Ms Dequito is that this is such a huge operation, she couldn’t have pulled this off without complicity from above. A Ms. Anna Torres from RCBC Jupiter as on radio yesterday with a very interesting tale.

  26. cwl says:

    This is fast turning into a classic conspiracy. Before we know it, layers of layers of lies and half truths will bury the truth.
    And after this, some senators will look into each other’s eyes and say to themselves ” I know that you know that I know that I don'[t know.”

  27. wjarko says:

    “Give a man a gun and he can rob a bank. Give a man a bank and he can rob the world.”
    – I dont know who said this.

  28. andrewlim8 says:


    How about a complementary future article on how ill-gotten wealth by corrupt officials could be laundered?

    No actual events, but just scenarios on how it could be done.

    Dummies, layering, shell corporations, british virgin islands are old hat, there ought to be more sophisticated methods nowadays, what do you think?

    For all we know, we could be eating, shopping or strolling or staycationing in them, funded by ill-gotten wealth re-invested back here? 🙂

    Just thinking… there are only three countries with bank secrecy laws – Lebanon, Switzerland and us….

    • chempo says:

      How crooks do their laundry? For sure they don’y hang them out in the public.
      That would be challenging Andrew…hmmm.

      Re banking secrecy laws — we have it in Singapore too, but I think ours is the correct way. The objective of banking secrecy law is to protect customers, the banking industry, and the state — not the crooks. So we have one main feature that others don’t have — no numbered accounts allowed. That means a/c must be in actual names, whether corporate or individuals. In Switzerland you can open an a/c with no names, just a code, and nobody will ever know who the owner is. In Philippines you can open a/cs in any name, like Joe Estrada, William Go, who cares what ID you present so long as there is a 1,000 peso note attached to the application form. Which is why the denial of William Go about his a/c is difficult to believe.

      • BFD says:

        Since were into this believability of William Go, it makes me wonder why he did not go to the PNP or NBI to file a complaint so he would have a solid alibi that he reported the crime of forgery under his name? Why did it took so long to file a complaint on February 22, 2016 after he met Deguito? That’s the big why in my mind. just my opinion

  29. orphicpixel says:

    This is the most detailed explanation of what is going on.

  30. jtdelapaz says:

    Two thumbs up on this one, Chempo.

  31. chempo says:

    There are 4 part processes to this sort of game.

    Part 1 The heist — Check.
    Part 2 Getting the money out of the bank, RCBC — Check
    Part 3 Lauder it — Check
    Part 4 Invest or park the washed money — To be checked

    I think Part 4 is still a work-in-progress. It’s not so easy to make those money disappear so fast. You are likely to find Weikang Xu’s bathtub full of peso and US$ notes. Ask Napoles, she knows it best.

    • BFD says:

      What about if it’s given for election purposes? It’s timely, isn’t it?

      • karlgarcia says:

        Last couple of elections was low tech a jewelry store and a few armored cars,Kidnap for ransom.Maybe this cyberheists have been going on,we just didn’t know about it yet.

      • chempo says:

        A friend of mine told me the same. It’s insanity to even believe for a second.

        • BFD says:

          But is it really? But anyway, I just thought about that because it’s election time, the main characters were:

          – Hackers from China

          – Principal recipients from the Philippines were with Chinese-sounding names.

          – Casinos that may or may not be controlled by Chinese.

          It plays right into the election since it could be used to buy votes or other nefarious activities to affect the election.

  32. omar millar says:

    wrong spelling wrong. who would have misspelled the word foundation as fandation? definitely not a high school graduate filipino, at least.

    • caliphman says:

      No, but perhaps an American college-level graduate? 🙂

    • Joe America says:

      Omar, can you publish a comparable report in two days? If not, kindly shut your yap.

      (It bugs me when people ignore the substance of an article to dwell on the trivial, as if that taught anybody anything but how to follow rules. The goal is to THINK, man, THINK!)

      • chempo says:

        Joe he was referring to the spelling error that alerted the Sri Lanka bank.

        I don’t know what’s the reference to the Filipino high school graduate is all about. To go into the racist way, was he comparing Filipino English superiority over Bangladeshis’ — I dont know.

        • Joe America says:

          Dang, I thought I sent that remark to trash, because I didn’t like my own hostile attitude. Maybe it is one that had a double. I would note that today is a clumsy day; I am dropping food on the floor, kicking the chair with my bare toes, breaking a coffee cup . . . figures my mouth would be running amok as well . . .

          Yes, I don’t know either . . .

        • caliphman says:

          Chempo, sorry to correct you but Singapore and Bangladesh as former British colonies speak and spell the Queen’s English whereas in the Philippines it is American that is spoken and spelt. So I would wager one should be careful claiming Filipino American is more correct English than the version in Bangladesh. Just saying 🙂

      • omar millar says:

        did i just bump into a forum of highly intelligent people? just because i focused on a single detail of the big picture meant ignoring the substance?? come on man, THINK. let me state there is a difference between trying to THINK and trying to OVERTHINK the whole thing. what you have referred as trivial is actually the turning point that could have turned this fiasco into a “zero day” for these thugs.

        i speak highly of the filipino english superiority. period.

  33. caliphman says:

    Another great piece of investigative journalism, chempo! Reading this and the MTR article is so unique in this blogsite that its like peeling layer and layer of skin off an onion to expose where the acrid odor is coming from. The analysis is factual, nitty gritty, unphilosophical, penetrating, and the force of logic seemingly inexorable. CPM has Raissa Robles, PCIJ its Joy Coronel, but perhaps our investigative writer here is Chempo.

    One question. Why did the hacking and laundering scheme pick Bangladesh and the Philippines as key building blocks in their heist? What does it say about our banking systems and laws?

    • chempo says:

      Thank you caliphman

      Why Bangladesh — I’ll venture this — if it was really hacking indeed (not yet proven), Bangladesh is a good candidate because their IT technology is not that sophisticated. The country is one of the most hacked in the world. If it’s inside job — corruption is high in Bangla. Poor security, high corruption, and keeping $1 billion in a float — that’s recipe for disaster.

      Why Philippines — there are various stages in the plot. The robbery itself in BCB, the international transfers, taking good money out of RCBC, getting it cleaned in casinos, making the clean money disappear. The robbery is the most difficult part. The second most difficult part is taking the good money out of the banking system. To do that they need a bank that they can work with and this they can do quite easily in Philippines. There is nothing wrong with the Philippines banking industry. The weakness is the people. Corruption is still our big problem. Getting the good money out of RCBC is not an issue with anti-money laundering act, it is old fashioned bank robbery. Taking the good money into the casinos and then out as clean money, thats the money laundering part. Obviously why Philippines — corrupt bank employees and casinos. Note Sri Lanka too, for the casinos, but somehow, some non-corrupt employee handled the remittance and had to stop the payment due to name spelling error.

      • – no sources in English available but it is all over the German-speaking news.

        Deutsche Bank was in charge of the transfer to Sri Lanka and stopped it due to the spelling – Germanic thoroughness and “military”-like attention to detail.

        • chempo says:

          Deutsche Bank action in retrospect was correct, but it certainly was not their job. How the hell will a correspondent bank know who Pan Asia’s customer is?. My bet is the German media is wrong on that one, because I saw in other media that Deutsche Bank stopped the payment so it’s mere copying, one or the other. Sri Lanka bank mentioned they were also alerted because the payment was too large for a country like theirs.

      • caliphman says:

        It was a rhetorical question to emphasize the reasons which you already cited in your article. Aside from getting rid of the bank secrecy laws

      • caliphman says:

        Thank you, chempo! With all due respect to Bangladeshi’s here, your response relegates both Bangladesh and the Philippines in the netherworld of the best places to commit megacybercrimes and make a clean getaway.

        • chempo says:

          Unfortunately so Caliphman. We build the stage, the players come in. The Senate, AMLC, Bangko Sentral and the banking community here has been given a wake up call.

          • caliphman says:

            There are two separate facets of this sordid caper one of which should be a huge concern for the Philippines. The money laundering aspect is very troubling as this could is possibly but one of very many unreported transactions where drug, untaxed, or terrorist moneyvk

          • caliphman says:

            In the hundreds of millions and perhaps even billions of dollarswere ‘cleaned’ without anyone noticing because there was no attention getting antecedent crime like the BCB hijacking at the New York Fed. It strikes me that this may not even be the first time this ring used the Philippines to course and clean dirty funds. One does not plan hijacking a billion dollars and risk coursing it through the maze of regulated and unregulated institutions unless its been done bef

  34. Chempo, great article about “Ocean’s 14”.

    Probably with the Oceans 13 team plus Deguito.

    “Ocean’s 15” will be the theft of Cojuangcos Oz money.

    Aaron Cross will join them in Ocean’s 16: China Central Bank.

    Oops, I should not have divulged the script of this real-life trilogy…

    • chempo says:

      For sure someday a novel or film will be adapted from this incident.
      The Great Train Robbery of London 1963 of only Stg pd 2.6mm generated lots of movies and books, expect more out of this.

  35. manuelbuencamino says:


    You made a messy affair so much clearer. I watched both hearings and I did find the questions of Angara, Recto, and Pimentel quite helpful. The other senators didn’t do such a good job. The RCBC lawyer was very good explaining the bank’s procedures and the AMLA lady was on point.

    I don’t know if my points below contribute to your essay but here they are:

    (1) As explained by RCBC the bank haa an automated process dealing with inward remittances. They enumerated 5 conditions or criteria that must be met otherwise an alarm is triggered and HO acts accordingly. But remittances go straight to the branch without human intervention when the 5 conditions are met. This they explained was for efficient and fast processing of remittances.

    (2) The RCBC lawyer explained the difference between a request for a freeze and a freeze mandated by a court. (Media had been equating the two and it has led to questioning why the bank did not put a freeze on the accounts immediately)

    A bank cannot freeze any transaction or account based only on a freeze request, it can only do so when mandated by a court. The former only requires that HO notify the concerned branch and the branch has to activate certain protocols. The latter is communicated to all branches and a freeze is put into effect immediately.

    (3) From watching both hearings, the testimonies, and physical behavior of the resource persons I tend to believe that Deguito could have pulled it off by herself, without the complicity of higher ups.

    The way the RCBC lawyer and the bank’s CEO explained it, their branch managers enjoy a lot of autonomy over opening/closing of accounts, deposits/withdrawals, etc. In addition bank managers know or can know the schedule of regular audits so they can time their shenanigans accordingly.

    The whole scheme was risky and likely to get caught in an audit but the pay-off was so big that Dequito could have decided it was worth the risk.

    As of now she is only charged under sec F of the anti-money laundering law. Sec F deals with facilitating money laundering and the sentence for that is 4(?) – 7 years maximum. I think a couple of years of good behavior plus cooperation with authorities (tell-all at executive session) can probably cut her sentence in half.

    Millions of dollars for three years in jail, time that can be served in comfort by prisoners with money….I don’t know but I’ve heard stories of people who take raps in exchange for the real culprits taking care of their families so….

    (4) Funny how JPE, in the first hearing, tried to delink casinos to money laundering. He kept asking, could this have been prevented if casinos were included in the AMLA? He kept repeating that it should have been stopped by the banks. Thankfully the AMLA lady showed exactly why the whole thing became attractive precisely because casinos were not covered. JPE changed topic after that.

    In the second hearing JPE asked who Kim Wong was. Didn’t he know that Kim Wong is a licensed casino-hotel operator in the Cagayan Special Economic Zone and reportedly also own licenses to operate online gambling out of CSEZ.

    CSEZ can issue gambling or gaming licenses. Before CSEZ came into existence, only Pagcor could issue gaming licenses.

    CSEZ is, as Miriam Santiago said, JPE’s baby. He practically wrote the law on CSEZ, a law that granted CSEZ the power to grant gaming licenses.

    The point is, if casinos are going to be covered under an amended anti-money laundering law let’s make sure that it covers special economic zones as well.

    • “As of now she is only charged under sec F of the anti-money laundering law. Sec F deals with facilitating money laundering and the sentence for that is 4(?) – 7 years maximum. I think a couple of years of good behavior plus cooperation with authorities (tell-all at executive session) can probably cut her sentence in half.”

      I hope they extradite her to Bangladesh to serve her time— I gotta feeling 4 yrs over there will prove a more penance inducing time (than say karaoke and drinks every night in the Philippines 😉 ).

      • manuelbuencamino says:

        LCpl_X (@LCpl_X)

        Maybe Bangladesh should extradite their BB officials to serve time here

        • Like an exchange program?

          But I’m sure prison time in Bangladesh would be more severe than 1st class prison time in the Philippines, which include karaoke, bands, drinking, otherwise a very good time (where’s the punishment in that?)

          re the article,

          “In a damning interview, A.M.A Muhith told the Bengali-language daily Prothom Alo that Bangladesh Bank officials were “100%” involved in the scandal.

          “Of course! One hundred percent they are (involved). This cannot be possible without complicity of the locals,” the newspaper, which has the highest circulation of any in Bangladesh, quoted Muhith as saying.

          Muhith said the New York bank requires hand prints and other biometric information from central bank officials to activate transactions, appearing to suggest the hackers could not have carried out the attack without inside help.”

          Is it possible that any (or all) these “officials” are Filipinos? That’s the $81 million dollar question isn’t it… hmmmmm. What say you chempo? (over here our DMV, Dept. of Motor Vehicles, are staffed/managed by Filipinos; sort of like how Filipino bureaucrats dominate in the U.N.).

    • I’ve just realise listening to the hearing, our bank policies have to many loopholes, how come bank managers were given that much power.

    • chempo says:

      @ manuelbuencamino – thank you. Your points are as long as your name handle is haha, but I’ll try to address:

      I’m impressed by the RCBC lawyer and the AMLC lady. Both very professional, calm, and eloquent.

      (1) Automated handling of inward remittance — this refers only to the HO Inward Remittance Dept where thousands of transactions are received from SWIFT each day. Automation would handle the sorting out to destinations (branches) and correspondent banks, tabulation for all sorts of requirements such as currencies etc. They would incorporate some controls, but these would mostly be quantitative, not qualitive which requires human deliberation. I do not know what their criterias are, but certainly I think the large sums would be one of them, so why was it not flagged? The only reason I can guess is that this sort stage is done for all SWIFT receipts, not just inward remittances. Major portion of these receiptadvices from SWIFT relate to Treasury operation — FX, interbank — and these deals in large sums. So having a large sum as a criteria will trigger lots of false alarms.

      (2) Freezing an a/c — a bank has the right to close and freeze any a/c it wants. Go read the fine prints when you open an a/c. These are internal freeze, for whatever reasons. However, if reasons are invalid, law suit follows. Court order to freeze is from external parties. The AMLC needed the court order to get RCBC to freeze the a/cs.
      Why did’nt the bank freeze the a/cs — this is the $81mm question is’nt it? The issues is at which point the bank has been put on notice and they did not act? As I indicated in the article, on the morning of Feb 9, who handled the BCB SWIFT message to request RCBC assistance? An internal freeze should have been made there and then.

      (3) Yes a branch manager has lots of autonomy where it comes to operations and retail transactions. But there are lots of checks and balances. But if people are devious, and juniors keep their mouths shut, there are always loopholes. But this particular incident involves transactions that originate from HO, and FX 3 requires HO Treasury participation, it is unlikely a lone wolf operation. Remember, it could be more than $81mm, there is another $850mm held-up in NY. We dont know how much more was destined for RCBC.

      Come to think of it, there could be other banks involved, but their remittances did’nt come through. Bangko Sentral should inspect other banks to see if there were other US$ a/c opened in Mar 2015 and dormant to this date.

      (4) Agreed JPE asked a stupid question. The AMLC lady made him look small. Thks for the CSEZ info. Yes that’s JPE’s little kingdom.

      • omar millar says:

        chempo i would like to commend you for your brilliant and very enlightening article. and apology for “intruding” without the formalities of introduction.

        you are spot on in asking who handled the BCB swift message asking for assistance. i assume it landed in HO first and immediate action should have been made right away. putting a hold in the amount if total freeze is against the banks policy i think is the best move.

        as for the BCB management i think they have lapses. Holidays aside they can easily contact the concerned people to ask for help. why they chose to dilly dally is incomprehensible.

        • chempo says:

          Thank you Omar, glad you enjoyed the read. Apologies not necessary here.
          The SWIFT server is in HO.
          I guess BCB did’nt have a disaster procedures manual.

      • manuelbuencamino says:


        Thanks for your reply. I replayed the Senate hearings but I could not find a clear answer to the questions you raised in your response to my comment.

        (1) “I do not know what their criterias are, but certainly I think the large sums would be one of them, so why was it not flagged?”

        At this time we don’t know if this particular remittance was flagged or not. The bank cited Bank Secrecy law and would not discuss specific accounts. It limited its responses to policies and hypotheticals. It talked about the steps the bank takes when a freeze request comes in but not any of the accounts in question.

        (2) “Why did’nt the bank freeze the a/cs — this is the $81mm question is’nt it?”

        RCBC president explained that as a general policy when funds are in an account they are withdrawable at will by the depositor… even if the amounts are unusually large.

        But you’re right, a bank can put a temporary no debit order on an account. And you provided the reason why a bank would hesitate putting a no debit order on a bank account – “However, if reasons are invalid, law suit follows.” In this case it could have been a huge lawsuit.

        (3) “But this particular incident involves transactions that originate from HO, and FX 3 requires HO Treasury participation, it is unlikely a lone wolf operation.”

        The FX3 transaction involves Philrem accounts with RCBC. RCBC said it was willing to discuss the Philrem accounts in detail but Miss Bautista refused to waive her right to bank secrecy.

        So there is no way of knowing the details of that FX3 transaction or any other transaction involving her accounts with RCBC, that is unless the AMLAC looks in to it and reveals them in the next hearing scheduled for Mar 28. AMLAC is not bound by bank secrecy laws that is why the RCBC lawyer when asked about the accounts by the senators would direct their question to Abad of AMLAC.

        Latest news is AMLC charged two other branch employees. One resource person talked about a meeting of branch employees at a house in Forbes Park where he was offered a P5M bribe by Deguito. Maybe those were the conspirators, with the exception of the resource person who turned down a P5M bribe from Deguito. So you’re right it was not a lone wolf operation.

        Still, I’m inclined to think that Deguito was the point person of the syndicate as far as RCBC is concerned because at the request of Kim Wong she opened the dollar accounts of those four fictitious persons that close to a year later served as recipients of the stolen funds. And she personally handled the fund transfers and withdrawals from those accounts. She met with William Go regarding the fictitious account in his name. And Philrem said that “ang ka-transaksyon namin ay si Maia”.

    • caliphman says:

      Casinos, remittance, and banks I think are in fact covered by AMLA law, not that enforcement is very lax or nonexistent. See my and Irineo’s posts on this issue elsewhere. As a matter of fact, it was in the news that the AMLC were able to trace VP Binay’s illicit money transfers thru the same remittance firm.

      • chempo says:

        Yes Karl has pointed that out — remittances and money changers are covered by the AMLA law, casinos are not.

        Woooh…Binay, that’s interesting. Same conduit.

        • manuelbuencamino says:


          The family of the husband of o Salud (Sheiba as she was known in Assumption high school) Bautista is close family friends with the Binays

  36. caliphman says:

    Can someone who knows please explain why if casinos and remittance companies are not covered my AMLA laws and Bangko Sentral regulations according to the link they are included in thr definition of covered institutions? I have not had the time to research why this is but I am hearing everyone including chempo’s article claim perhaps mistakenly only banks are included. Perhaps the issue is enforcement rather than adding or changing more laws and regulations?

    • Casinos are deadly for money laundering, I really don’t know why they leave that open for criminals to transact money.

    • chempo says:

      Caliphman, casinos/remittances are definitely not included. Remittances companies and money changers left out because I think nobody thought it necessary to include them. Legislators are niave or pretending to be niave that these are where dirty money flows through.Casinos because of strong lobby.

      Casinos were included in original draft, but left out in the final. Osmena said some legislators want it out, you have to go and ask them why.

      • karlgarcia says:

        Covered institution” refers to:
        (1) banks, non-banks, quasi-banks, trust entities, and all other institutions and their subsidiaries and affiliates supervised or regulated by the Bangko Sentral ng Pilipinas (BSP);
        (2) insurance companies and all other institutions supervised or regulated by the Insurance Commission; and

        a. securities dealers, brokers, salesmen, investment houses and other similar entities managing securities or rendering services as investment agent, advisor, or consultant;
        b. mutual funds, close-end investment companies, common trust funds, pre-need companies and other similar entities;
        c. foreign exchange corporations, money changers, money payment, remittance, and transfer companies and other similar entities; and…

        Under RA 9160
        remmitance centers are covered.

        • chempo says:

          Remittances covered? — AMLC said it’s not that’s why they did not freeze Philrem….maybe I missed out on the discussions… she did mention that up to that point they did not felt Philrem was implicated.

          Thks Karl, so its good money changers and remittances are covered. I take that back. One up for the Senate

          • karlgarcia says:

            I had to double check it,just to make sure.

          • caliphman says:

            According to Buencamino’s post elsewhere, an RCBC officer stated in the televised hearings casinos and remittance firms were not covered and JPE accepted that. So you are in good company, Chempo….or NOT! hehehe

    • karlgarcia says:

      As far as the casinos were concerned,it was Rep.Amado Bagatsing then chairman of Games and Amusement committee who proposed that casinos be excluded.

      For remmitance companies,let me find out,if I can.

      Ps. that was not a rhetorical question,right?

      • karlgarcia says:

        Let me just hazard a guess on remmitance centers.
        so that remmitances will be smooth,and there are millions who depend on remmitances.

        to summarize-
        Gaming was in its infancy and the gamers lobbied for exclusion.
        and for remmitance centers maybe because of the number of recepients of remmitances.

      • caliphman says:

        No, Karl. If you look at the link from the bsp I posted, it lists banks as well as those two types as covered institutions by the reporting regulations. I can usually sort it out myself or know it of the to
        p of my head but I am a lightweight in this area.

        • karlgarcia says:

          Sorry, I answered without reading your link first,and not thoroughly reading your question.
          Casinos are definitely not included,but you are correct for others that are already included like remmitance centers,it is more of an enforcement issue.

          • caliphman says:

            Karl, I think you are correct and casinos are not covered. Whoever pulled this off knew his way around this labrynth of reporting laws.

            • karlgarcia says:

              I agree.👍🏻

              • BFD says:

                Karl, I think the representative of the BSP clarified that the remittance centers are not supervised by BSP, they only have to register that they’re a remittance center to the BSP, but they are not covered by BSP supervision per se unlike banks.

              • karlgarcia says:

                I see,
                But the RA9160 Included remmitance centers in the coverage.
                So what gives? If not BSP,who should supervise remmtance centers?

              • karlgarcia says:

                Republic of the Philippines
                Bangko Sentral nf Pilipinas

                Circular No. 706

                Subject: Updated Anti-Money Laundering Rules and Regulations

                By the authority vested to the Bangko Sentral ng Pilipinas (BSP) to issue guidelines and circulars on anti-money laundering (AML) in order to effectively implement the provisions of Republic Act No. 9160, otherwise known as the “Anti-Money Laundering Act of 2001”, as amended by Republic Act No. 9194 (AMLA, as amended), under Rule 17.1 (b) of the Revised Implementing Rules and Regulations (RIRR), the Monetary Board, in its Resolution No. 1801 dated 16 December 2010, approved the adoption of this Updated Anti-Money Laundering Rules and Regulations and the amendment of Part Eight of the Manual of Regulations as well as the repeal of other BSP Circulars that are inconsistent herewith.

                Section X801. Declaration of Policy – The BSP adopts the policy of the State to protect the integrity and confidentiality of bank accounts and to ensure that the Philippines in general and the covered institutions herein described in particular shall not be used respectively as a money laundering site and conduit for the proceeds of an unlawful activity as hereto defined.

                Section X802. Scope of Regulations – These regulations shall apply to all covered institutions supervised and regulated by the BSP. The term “covered institution” shall refer to Banks, Offshore banking units, quasi-banks, trust entities, non-stock savings and loan associations, pawnshops, foreign exchange dealers, money changers, remittance agents, electronic money issuers and other financial institutions which under special laws are subject to BSP supervision and/or regulation, including their subsidiaries and affiliates as herein defined wherever they may be located:


      FBI Investigating Bangladesh Bank-Account Heist – hieves were able to move about $81 million from Bangladesh’s account at the New York Fed to accounts in the Philippines, officials say

      The Federal Bureau of Investigation is probing the theft, apparently by hackers, of tens of millions of dollars from Bangladesh’s account at the Federal Reserve Bank of New York, according to people familiar with the matter. (MRP will be happy this is happening) 🙂


        Casinos, money laundering and wire transfers: Inside a global bank heist

        It’s a real-life heist that sounds straight out of Hollywood: $101 million in stolen funds, taken from a secure account, disappeared into a murky world of casinos and money laundering.

        If that’s not enough drama, the caper involves at least four countries, a central bank and a pillar of the U.S. financial system.

        Investigators are starting to learn just how criminals managed to steal $101 million last month from Bangladesh Bank, a complex operation that required many months of planning.

        On February 1, when banks were closed for the weekend in Bangladesh, criminals executed five transfers from the central bank’s account at the New York Fed. The requests looked real: They appeared to come from a Bangladesh server, and the thieves supplied the correct bank codes to authenticate the transfers.

        Most of the stolen funds ended up in accounts located in the Philippines, while roughly $20 million, which has since been recovered, went to Sri Lanka. The robbers tried to steal $850 million more, but the requests were denied by the New York Fed.

        The theft, which was made public last week, has already forced the resignation of Atiur Rahman, the governor of Bangladesh’s central bank. It has also raised questions over the international banking system’s vulnerability.


    Bank Secrecy Law divides House leaders

    by Charissa Luci
    September 14, 2015

    House leaders are divided over the Aquino administration’s proposal to lift bank secrecy for tax purposes.

    Even as he challenged Bureau of Internal Revenue (BIR) commissioner Kim Henares to run after big-time tax evaders, smugglers and money launderers, Speaker Feliciano “Sonny” Belmonte Jr. outrightly rejected the relaxing of the country’s Bank Secrecy Law.

    • Click to access PD1246.pdf

      Presidential Decree No. 1246, s. 1977
      Posted on November 21, 1977


      WHEREAS, under Republic Act No. 6426, as amended by Presidential Decree No. 1035, certain Philippine banking institutions and branches of foreign banks are authorized to accept deposits in foreign currency;

      WHEREAS, under the provisions of Presidential Decree No. 1034 authorizing the establishment of an offshore banking system in the Philippines, offshore
      banking units are also authorized to receive foreign currency deposits in certain cases;

      WHEREAS, in order to assure the development and speedy growth of the Foreign Currency
      Deposit System and the Offshore Banking System in the Philippines, certain incentives were provided for under the two Systems such as confidentiality of deposits subject to certain exceptions and tax exemptions on the interest income of depositors who are nonresidents and are not engaged in trade or business in the Philippines;

      WHEREAS, making absolute the protective cloak of confidentiality over such foreign currency
      deposits, exempting such deposits from tax, and guaranteeing the vested rights of depositors would better encourage the inflow of foreign currency deposits into the banking institutions authorized to accept such deposits in the Philippines thereby placing such institutions more in a position to properly channel the same to loans and investments in the Philippines, thus directly contributing to the economic development of the country;

      NOW, THEREFORE, I, FERDINAND E. MARCOS, President of the Philippines….


        Republic Act No. 1405 was enacted in 1955. Section 2 thereof was first amended by Presidential Decree No. 1792 in 1981 and further amended by Republic Act No. 7653 in 1993. It now reads:

        Section 2. All deposits of whatever nature with banks or banking institutions in the Philippines including investments in bonds issued by the Government of the Philippines, its political subdivisions and its instrumentalities, are hereby considered as of an absolutely confidential nature and may not be examined, inquired or looked into by any person, government official, bureau or office, except upon written permission of the depositor, or in cases of impeachment, or upon order of a competent court in cases of bribery or dereliction of duty of public officials, or in cases where the money deposited or invested is the subject matter of the litigation.

        Section 8 of Republic Act No. 6426, which was enacted in 1974, and amended by Presidential Decree No. 1035 and later by Presidential Decree No. 1246, provides:

        Section 8. Secrecy of Foreign Currency Deposits. – All foreign currency deposits authorized under this Act, as amended by Presidential Decree No. 1035, as well as foreign currency deposits authorized under Presidential Decree No. 1034, are hereby declared as and considered of an absolutely confidential nature and, except upon the written permission of the depositor, in no instance shall foreign currency deposits be examined, inquired or looked into by any person, government official, bureau or office whether judicial or administrative or legislative or any other entity whether public or private; Provided, however, That said foreign currency deposits shall be exempt from attachment, garnishment, or any other order or process of any court, legislative body, government agency or any administrative body whatsoever. (As amended by PD No. 1035, and further amended by PD No. 1246, prom. Nov. 21, 1977.)

        On the one hand, Republic Act No. 1405 provides for four (4) exceptions when records of deposits may be disclosed. These are under any of the following instances: a) upon written permission of the depositor, (b) in cases of impeachment, (c) upon order of a competent court in the case of bribery or dereliction of duty of public officials or, (d) when the money deposited or invested is the subject matter of the litigation, and e) in cases of violation of the Anti-Money Laundering Act (AMLA), the Anti-Money Laundering Council (AMLC) may inquire into a bank account upon order of any competent court.

    • edgar lores says:

      Obviously, Belmonte has got something to hide.


    See – Anti-Money Laundering Act (AMLA)

    R.A. No. 9160, as amended by R.A. No. 9194 & R.A. No. 10167

    Salient Features of R.A. No. 9160 (The Anti-Money Laundering Act (AMLA) of 2001)

    a. Criminalizes money laundering.
    b. Creates a Financial Intelligence Unit (FIU).
    c. Imposes requirements on customer identification, record-keeping and reporting of covered and suspicious transactions.
    d. Relaxes strict bank deposit secrecy laws.
    e. Provides for freezing/seizure/forfeiture recovery of dirty money/property.
    f. Provides for international cooperation.

    Amendments under R.A. No. 9194
    a. Lowers the threshold amount for single covered transactions (cash or other equivalent monetary instrument) from P4M to P500,000.00 within one (1) banking day.

    b. Expands the reporting requirements to include the reporting of suspicious transactions regardless of the amount involved

    c. Authorizes AMLC to inquire into or examine any particular deposit or investment, with any banking institution or non-bank financial institution and their subsidiaries and affiliates upon order of any competent court in cases of violation of this Act, when it has been established that there is probable cause that the deposits or investments are related to an unlawful activity. However, no court order is required in cases involving unlawful activities of kidnapping for ransom, narcotics offenses and hijacking, destructive arson and murder, including those perpetrated by terrorists against non-combatant persons and similar targets.

    d. Authorizes the Bangko Sentral ng Pilipinas to inquire into or examine any deposit or investment with any banking institution or non-bank financial institution and their subsidiaries and affiliates when the examination is made in the course of a periodic or special examination, in accordance with the rules of examination of the BSP to ensure compliance with R.A. No. 9160, as amended.

    e. Transfers the authority to freeze any money/property from the AMLC to the Court of Appeals.

    Revised Implementing Rules And Regulations (Earlier IRRs considered herein)
    The Revised Implementing Rules and Regulations of Republic Act No. 9160, as amended by Republic Act No. 9194 and Republic Act No. 10167.
    PDF Doc

    R.A. No. 10167
    a. allows application for bank inquiry ex parte
    b. allows verified ex parte for freeze order




      WHEREAS, under existing legal framework, the Central Bank has the authority to examine all records of banks in the discharge of its responsibilities under the Central Bank Charter;

      WHEREAS, the prohibition against inquiry into bank deposits adversely delimits the examining authority of the Central Bank.

      WHEREAS, limited examination powers operate against effective supervision of banks and endangers the safety of deposits which may affect the public’s faith in the banking system.

      NOW, THEREFORE, I, FERDINAND E. MARCOS, President of the Philippines, by virtue of the powers in me vested by the Constitution, do hereby decree and make the following part of the law of the land;

      Section 1. Section 2 of Republic Act No. 1405 is hereby amended to read as follows:

      Section 2. All deposits of whatever nature with banks or banking institutions in the Philippines including investments in bonds issued by the Government of the Philippines, its political subdivisions and its instrumentalities, are hereby considered as of an absolutely confidential nature and may not be examined, inquired or looked into by any person, government official, bureau or office, except when the examination is made in the course of a special or general examination of a bank and is specifically authorized by the Monetary Board after being satisfied that there is reasonable ground to believe that a bank fraud or serious irregularity has been or is being committed and that it is necessary to look into the deposit to establish such fraud or irregularity, or when the examination is made by an independent auditor hired by the bank to conduct its regular audit provided that the examination is for audit purposes only and the results thereof shall be for the exclusive use of the bank, or upon written permission of the depositor, or in cases of impeachment, or upon order of a competent court in cases of bribery or dereliction of duty of public officials, or in cases where the money deposited or invested is the subject matter of the litigation.

      Section 2. Section 3 of the same Act is hereby amended to read as follows:

      Section 3. It shall be unlawful for any official or employee of a bank to disclose to any person other than those mentioned in Section Two hereof, or for an independent auditor hired by a bank to conduct its regular audit to disclose to any person other than a bank director, official or employee authorized by the bank, any information concerning said deposits.

      Section 3. This Decree shall take effect immediately.

      Done in the City of Manila, this 16th day of January, in the year of Our Lord, nineteen hundred and eighty-one.

  39. I am doing a “Punxsutawney Phil” till May 10, or so I thought. This is tremendous so I peeked from Gobbler’s Knob and read this sumptuous mind banquet laid out by chempo. Well done, chempo.

    I cringed when I read the PH and US media versions of the bank heist. PH surely does not need this kind of attention. This will tarnish PH’s recently gained and hard fought positive global financial reputation. Filipinos around the world will bear the heavy burden brought about by this incident. We will all pay for the sins of the few.

    • Joe America says:

      News today says it was an inside job from the Central Bank of Bangladesh, so I think most of the international spotlight will focus there. Certainly, it provides an opportunity for the Philippines to shape up the ship, so could be converted to a positive if immediate legislative action follows to end the Philippine brand of bank secrecy, and the enabling of casinos as money transfer agencies.

      • Tem says:

        I have started to grow weary of reading stuff on the internet. Thankfully, once in a while I come across serious blogs like yours. Thanks much.

        My fear: someday (hopefully soon) this will go to the courts. When it does, I hope the rule of law prevails. Cold, objective facts like the ones you present will hopefully be used. Unfortunately, sometimes (others say, often) it is not the rule of law that prevails, but the rule of lawyers. Those that can afford the expensive lawyers, win. Regardless of the truth.

        • Joe America says:

          Yes, Tem. When one looks for lawyers advocating for human decency and fairness, suing for damages on behalf of the disenfranchised, one comes across the Harry Roques of the world, who quickly reveal themselves to be scoundrels as well. Old human rights lawyers become mayors of Makati. Human rights lawyers. Those we would think would have the greatest of compassion are shown to have the greatest greed. I’m hoping there will be attorneys . . . probably retired . . . who have reached the point of understanding that acquiring wealth has no real profit, in the end, and it is time to start suing for justice. Not leftist justice. REAL justice.

    • Punxsutawney’s most famous resident is Punxsutawney Phil, a groundhog said to predict the weather annually on Groundhog Day (February 2). Phil and the town were the basis for the 1993 film Groundhog Day (although nearly all of the film was shot in Woodstock, Illinois).

      Where have you been all this time, JP? We miss reading your comments.

      This coukd be a blessing in disguise as I have posted above. We need to shape up or be in the gray list precipice once more.


        The countries on the so-called “gray list” have strategic deficiencies in their systems for fighting the issues, but they have committed to action plans and are making progress in dealing with them.

        The Philippines is by far the most notable in the list, because it was identified in February after the last FATF plenary session as not having made sufficient progress, putting it on a so-called “dark gray” list.

        The Philippines’ involvement in the $100-million Bangladesh Bank heist, which has risked its return to the FATF gray list, showed the urgency of putting more teeth into the Anti-Money Laundering Act (AMLA), said Securities and Exchange Commission chairperson Teresita Herbosa, who co-chairs AMLC.

        The law, which was first introduced in 2001, left casinos out of the list of entities required to report suspicious transactions to the AMLC. There were efforts in the Senate to include this provision in the amended AMLA in 2013, but this was blocked by some lawmakers, and PAGCOR. (READ: Casinos exempt from tougher anti-money laundering law) At the time, the country was at risk of being blacklisted by FATF without an amended AMLA by the deadline set by the body.

    • chempo says:

      Thanks Juana, I like the “sumptuous mind banquet”.

  40. cha says:

    “Great train robbers will know this is a good place to be.”

    Abso #%^*+=#% lutely!!!

    Thanks for this article Chempo. It has served as my primer to this current hot topic. I haven’t had time to read up about it in the last couple of days and was keen on catching up on the news this weekend. And what do you know one of my favourite “investigative reporters”, Mr. Chempo, has very kindly put together a quick and immaculately written summary for me to start with. It’s made it easier to get through some additional reporting and analyses I found online in the last hour or so.

    And so going back to your last concluding statement, I couldn’t agree more after all I’ve absorbed so far. Laws in the Philippines (e.g. Bank Secrecy Law, Anti money laundering law granting exemptions to casinos) are like an open invitation for the criminally minded. Then you have a corrupted value system that seemingly is longer able to distinguish honorable behaviour from the deplorable. People in positions of trust, like bank managers, willing to look the other way or just simply feign a blank look while thieves are helping themselves to someone else’s hard earned money. Then you have the Speaker of the House of Representatives and ranking member of the political party espousing Tuwid na Daan who is either being a dill or just another crook protecting the egg nest and thus refusing to consider that the country’s bank secrecy law actually stinks. Aysus!!!

    ‘You get a lot more for your money in Bolivia”. Ever heard of the Philippines?

  41. Jom says:

    One helluva article!

  42. Malet says:

    Kudos to the writer of this great article. A must read, if you want a better understanding of what(might have) transpired for this heist to come into fruition.

  43. Chempo must be congratulated for the time and effort for him to put together this recreation. It is fairly obvious he is a former banker…

    I would like to write a open letter to the lawyer of this Deguito individual…

    Dear Atty. Topacio:

    I personally believe you may not realize that your adversary in this whole scandal are the present Gods of Olympus. The so called shadow government that runs this country. The financial/lawyer cabal for which there are no laws. We have been living in the era of financial capitalism for sometime now…Just to give you an example… Go to any local newspapers website and you will read on their banner, the previous days guiding rate of forex and the volume traded. Similarly you will read the previous days activities of the stock exchange and the volume traded. Fixed income markets not published as most investors hold bonds to maturity.

    IT has made the process of financial globalization move at the speed of light. Hence the ledger entries for all levels of transactions for retail/consumer banking and wholesale banking have been all been digitized. I am acquainted with Antonio Moncupa who is a brilliant banker on all levels of banking. He was a former activist in the fight against Marcos. He said it publicly sometime back…

    Banks no longer make much money from retail/consumer banking. Their treasury departments are the main source of profits. They trade for their clients and for their own accounts. They do know the direction of the economy since it is they who are the intermediaries between savings and investments. They operate with insider information.

    There is no need for me to delve into the details of the differing levels of encryption for access into the banks own internal servers for their different departments. Further to this the all important authorization codes for each bank’s access to the international payment system. Please note that in this particular power relationship, the higher the pay grade the greater is the access. Your client surely does not pass muster as far as access is concerned. The Gods of Olympus in RCBC are situated at the very top closest to the heavens. With their brilliant well places law firms no laws can touch them. They are the law.

    You see it is really not rocket science..RCBC head office has access to the historical data of each branch. Total Assets = Liabilities + Equity. Since the Uniform Currency Act was repealed, Individuals and Corporates are allowed to open foreign currency accounts. The bulk of foreign currency trading is done through the electronic platform of the BAP. All banks will probably subscribe to Bloomberg for their terminals to access on time trading. The CEO’s job naturally is to monitor the overall activities of the bank. He looks at numbers and bumbs in numbers. This particular transaction at the level of wholesale banking transitioning into retail banking would have raised alarm bells in most banks with competent reputable people. Unfortunately the culture of corruption and impunity in this country precludes this from happening. I personally have taken advantage of this culture and broke the rules to access cheap financing to meet payroll during the holiday season. Being a competent lawyer in this country you know the saying, for lawyers there is no law. Kindly include the banking hierarchy to that.

    In the financial world there is no morality. “Animal Spirits” reign supreme.

    Good luck for you and your client and God speed.

  44. R.Hiro says:

    I sincerely apologize as that sheeisawesome somehow inadvertently hacked my post on this desktop. My fault entirely

    • Joe America says:

      Thanks for acknowledging that sheeisawesome is using both your computer and your brain. I was about to commend him/her for recognizing that law practice in the Philippines requires no moral spine whatsoever. As a former banker, I’d like to think bankers are different, at least the mundane, drudgery kind of commercial/consumer banking, if not the investment kind. At least, in the US. Philippines, I’m still learning about, and it seems that it may have investment bank morality through and through.

      • sonny says:

        Joe, do you think the PH is at least pointing to the super-regulation of banking & financial institutions like the US does. The Penn Square debacle of the ’70s comes to mind. I was in Commercial Loans, IT, at the time.

        • Joe America says:

          Actually, I think the BSP is pretty good at regulation, as a super agency, and I hope this Bangladesh incident will get the matter of Bank Secrecy more in order. The nation has not gone through a real estate bubble collapse. The next step on my banking analysis was to examine the balance sheets and assets of the very large commercial banks to get a handle on that. I sat that aside because readership interest is low, but I might pull it back up, for my own edification (and yours).

          • sonny says:

            Aye. I’m glad. My impression here is that Penn Square repeat is unlikely and the 2008 Bubble has everybody gun-shy for the moment.

      • RHiro says:

        Apologies once again… Ronald Reagan deregulated banking in the U.S. and in the process savings and loan banks were allowed into wholesale banking. The result was the savings and loan banking collapse and bail outs. A very close friend of mine at that time went to jail during that scandal. But that experience only emboldened him as to the nature of banking. Power from great wealth is like an opium…Look at Trump. He leveraged his Dad’s contacts got tax breaks and built a real estate empire that to him created his belief that he is utterly infallible.

        The entire banking story based on very high levels of leverage is obviously a guarantee for high risks, huge profits or huge loses. The loses almost always charged to the public dime.

        Switzerland which practices a form of direct democracy is thinking of adopting a system of state owned banks exclusively. If the public itself is liable for banks failure why should they not own it through the State.

        • chempo says:

          I thought it was Bill Clinton that deregulated the banking industry? I may be wrong on this.

          High leverage, high paychecks for traders to take high risks, and then having Feds which are owned by these same too-big-to-fail banks giving their own banks the Greenspan Put, that’s just allowing financial disasters over and over again.

          • Joe America says:

            It pre-dated Bill. Interest rates were deregulated in the early 1970’s.

            • I think the reputation is due to the repeal of glass steagal during Bill Clinton’s term.

              • chempo says:

                Ya I’m with you on that. That repeal of glass steagall allowed commercial banking to do all sorts of investment banking activities. Thus commercial banking gets sucked into the financial collapses of investment banking. If they allow investment banking to go burst, only the rich suffer. But they can’t allow commercial banking to go burst because there will be huge ramifications for the industry. So if the two are one, they can’t let banks fail.

              • Joe America says:

                Okay, yes, investment banking.

              • Joe America says:

                I recall the deregulation of interest rates because our bank had this irritating radio jingle (early 70s) that went “1, 2, 3, 4, 5” to tout the new, competitive savings rate. Now it would go “.1, .2, .3, .4, .5”.

              • sonny says:

                Interest deregulation was already in full swing by the mid-’70s, if I remember correctly, as Joe says.

          • karlgarcia says:

            Since it was signed by President Carter,that makes it Pre-Reagan,I guess.

            “The Depository Institutions Deregulation and Monetary Control Act of 1980 (H.R. 4986, Pub.L. 96–221) (often abbreviated DIDMCA or MCA) is a United States federal financial statute passed in 1980 and signed by President Jimmy Carter on March 31.[1] It gave the Federal Reserve greater control over non-member banks”

          • R.Hiro says:

            The whole deregulation policy of S&L’s as part of the Reagan government in 1981 onward.

            Pls note: link


            December, 1982–Garn – St Germain Depository Institutions Act of 1982 enacted. This Reagan Administration initiative is designed to complete the process of giving expanded powers to federally chartered S&Ls and enables them to diversify their activities with the view of increasing profits. Major provisions include: elimination of deposit interest rate ceilings; elimination of the previous statutory limit on loan to value ratio; and expansion of the asset powers of federal S&Ls by permitting up to 40% of assets in commercial mortgages, up to 30% of assets in consumer loans, up to 10% of assets in commercial loans, and up to 10% of assets in commercial leases.

            • karlgarcia says:

              Many thanks,
              I was just curious so I tried to read on it.Thanks for the link and the exerpts.

    • animal spirits gave you away.

  45. anonymousbanker says:

    very good article, and quite detailed.

    although speaking as someone who has worked in the remittance department of a major foreign bank, the section on SWIFT is quite outdated and archaic. that plus a few very minor points of disagreement on banking practice i won’t bother to mention. nonetheless, overall an excellent analaysis and does a great job in pointing out some out of the many questions and areas for investigation (I can think of a couple more) that deserve an answer.

    • chempo says:

      Thank you anonymousbanker, I stand corrected on some SWIFT details. I left banking some years ago so yes, there probably must be improvements, more on the operational aspects I would suspect. Your “couple more points” may be interesting to all here if you care to share.

      • caliphman says:

        I agree but at the same time, I just want to know enough details about the SWIFT system to have confidence it was compromised in this heist. The challenge in writing this kind of article is presenting just enough new info without wallowing into the technical details and losing the story line.

  46. RHiro says:

    Everyone should be enlightened as to the existential nature of money and banking. The substantive nature of money is trust and confidence. Its creation process ruled by correct and timely information shared by many. In this regards information is currency.

    Unfortunately here in the Philippines the unscrupulous still rule..

    The ffg. are excerpts from FDR’s speech at the height of the Great Depression. He introduced democratic socialism to the United States.

    ”In such a spirit on my part and on yours we face our common difficulties. They concern, thank God, only material things. Values have shrunken to fantastic levels; taxes have risen; our ability to pay has fallen; government of all kinds is faced by serious curtailment of income; the means of exchange are frozen in the currents of trade; the withered leaves of industrial enterprise lie on every side; farmers find no markets for their produce; the savings of many years in thousands of families are gone.”

    “More important, a host of unemployed citizens face the grim problem of existence, and an equally great number toil with little return. Only a foolish optimist can deny the dark realities of the moment.”

    “Yet our distress comes from no failure of substance. We are stricken by no plague of locusts. Compared with the perils which our forefathers conquered because they believed and were not afraid, we have still much to be thankful for. Nature still offers her bounty and human efforts have multiplied it. Plenty is at our doorstep, but a generous use of it languishes in the very sight of the supply. Primarily this is because the rulers of the exchange of mankind’s goods have failed, through their own stubbornness and their own incompetence, have admitted their failure, and abdicated. Practices of the unscrupulous money changers stand indicted in the court of public opinion, rejected by the hearts and minds of men.”

    “True they have tried, but their efforts have been cast in the pattern of an outworn tradition. Faced by failure of credit they have proposed only the lending of more money. Stripped of the lure of profit by which to induce our people to follow their false leadership, they have resorted to exhortations, pleading tearfully for restored confidence. They know only the rules of a generation of self-seekers. They have no vision, and when there is no vision the people perish.”
    “The money changers have fled from their high seats in the temple of our civilization. We may now restore that temple to the ancient truths. The measure of the restoration lies in the extent to which we apply social values more noble than mere monetary profit.”

    • Joe America says:

      ” . . . the unscrupulous still rule . . .” That requires some nuance, or definition, I think. Politics, by definition, is a bit unscrupulous, involving the trading of favors. Thieving is a different kind of unscrupulous. The Aquino Administration is political but not thieving. The Ombudsman has been lining up corrupt government officials in droves. Believe me, local thieves are thinking twice about things. Rooting for Binay probably, but recalculating risks.

      So I would question whether the rule is still unscrupulous. Unscrupulous is deeply embedded in the way things work, but we ought not diminish the good work being done by good people trying to change things.

      • R.Hiro says:

        Unfortunately the truth is in my own personal experience, corruption today is worse that it was in the early 80’s under who would believe Marcos. The foreign company I was with sued Ongpin in court and won then. Today that would have taken a whole generation to complete. Law firms today have already established franchises with government agencies and all levels of the court system.

        There are even price guidelines for services rendered. Extra legal services that is. Aquino is not involved but those people around him are something else.

        Sometimes I wish I did not know as ignorance is bliss.

        How many people understand that no longer being the so called sick man of Asia was and is due almost entirely to the struggles of the overseas Filipino. The showrooms of Maserati, Rolls Royce Ferrari and Harry Winston here are testaments to it.

        • Joe America says:

          Well, I would for sure believe your attestation on the absurdities of today’s judiciary, and even the participation of “the President’s men”. I do believe a lot of people understand that, economically speaking, the overseas Filipinos are Atlas, and they have not even shrugged.

  47. Slightly OT: even if this real-life heist movie is more exciting I still recommend “Metro Manila”…

    John Arcilla plays a major role here in the time before he became Heneral Luna.

    An inside job by money transporters – one acting out of greed, the other out of desperation.

    • Back to the present heist… Frank Abagnale is still alive… I wonder what he would say?

      chempo’s comment about check clearing reminded me of him.

    • caliphman says:

      If its an older movie, I saw it and is offered free with a Netflix subscription.

    • cha says:

      Chanced upon “Metro Manila” on Australian cable sometime ago. The British filmmaker Sean Ellis’ realistic portrayal of poverty and desperation is quite confronting. This is not a movie that has you coming out of it extolling the beauty of life and the triumphant spirit of our humanity. It should actually make a good companion movie to Joeam’s earlier blog, ‘The two “me classes” that undermine the Philippines” as it is quite a vivid depiction of how life for the other half (the poor and the powerless ones) becomes a matter of the survival of the fittest, with fittest meaning the most capable and willing to do whatever it takes to make it out alive.

      A must watch for those who appreciate indie (independent) films; stay away if you like your movies served in a Hollywood platter.

      Interesting trivia: Ellis’ script was written in English, he had his actors translate their respective dialogues in Tagalog and went by their facial expressions and body language in assessing the authenticity of their portrayal of each particular scene in the movie.


    A Hole in the Global Money-Laundering Defense: Philippine Casinos

    Casinos aren’t covered by Philippine money-laundering laws, complicating the quest for funds stolen from Bangladesh’s account at the New York Fed

    By Cris Larano
    March 18, 2016 2:16 p.m. ET

    MANILA—In 2013, an international anti-money-laundering watchdog warned the Philippines that there was a gaping hole in its defenses against people illegally moving money around its economy: the country’s casinos.

    Now that loophole could end up leading to higher charges for Filipinos working abroad when they send money home to their families, as well as reputational harm to the country’s banking industry.

    In recent days, financial investigators trying to track down and recover $101 million stolen in February from Bangladesh’s account at the New York Fed in an elaborate cybertheft have been stymied by the fact that casinos aren’t covered under the Philippines’ Anti-Money Laundering Law.

    When the Philippines beefed up the law in 2013, it eventually decided not to add casinos to the list of covered entities, as recommended by the Paris-based Financial Action Task Force (FATF), a multigovernment watchdog agency. The group had singled out the industry for attention in its last review of the Philippines’ anti-money-laundering defenses three years ago. But lawmakers wanted the fledgling casino industry, and the jobs it promised to create, to flourish.

    The exemption from the law means that authorities can’t compel casinos to submit reports on operations or specific players to aid their investigations even though anti-money-laundering officials believe a portion of the stolen Bangladeshi funds was used to buy gambling chips in Manila.

  49. Alex says:

    Complicity everywhere.

    A superb detailed investigative analysis of the great bank heist still shocking the banking world.

    This blogger is better than a mainstream journalist worthy as a resource person in the ongoing Senate investigation.


    Hackers who stole $101 million from Bangladesh’s central bank stalked its computer systems for almost two weeks beforehand, according to an interim investigation report seen by Bloomberg.

    Prepared for Bangladesh Bank by cyber security firms FireEye Inc. and World Informatix, the assessment offers a tantalizing glimpse into how cyber criminals can use banks’ own systems against them. The cyber companies say the thieves deployed malware on servers housed at the central bank to make payments seem genuine.

    The report cast the unidentified hackers as a sophisticated group who sought to cover their tracks by deleting computer logs as they went. Before making transfers they sneaked through the network, inserting software that would allow re-entry.

    It’s the sort of thorough operation often mounted by nation-state hackers, according to the report, but FireEye’s intelligence unit believes the group, which it has been tracking for some time, is criminal. “These threat actors appear to be financially motivated, and well organized,” the report said.

    The heist, which saw payments processed through the bank’s accounts at the U.S. Federal Reserve and money moved to the Philippines and Sri Lanka, was part of a bigger attempt to steal nearly $1 billion in total from the central bank. It exposed weaknesses in systems, sparked a dispute between Bangladesh’s central bank and its finance ministry and cost the central bank governor his job less than five months before he planned to retire.


      Money laundering has long plagued casinos in the Philippines, which largely operate beyond the reach of anti-money laundering authorities. The U.S. Department of State, among others, has identified the country’s gaming industry as a nexus for illegal activity and money laundering.

      “Transnational drug trafficking organizations based in East Asia use the existing banking system, casinos, and commercial enterprises to transfer drug proceeds from the Philippines to offshore accounts,” said an agency report issued this month.


        Investigators looking into the Bangladesh Bank cyber heist will visit the Philippines, the US and Sri Lanka after analysing the information they are collecting from Bangladesh.

        “We think we will have to collect information from at least four countries to complete the investigation,” Mirza Abdullahel Baqui, special superintendent of the Criminal Investigation Department (CID), said yesterday. “It is a transnational crime.”

        Bangladesh Bank, Federal Reserve Bank in the US, Pan Asia Banking Corporation in Sri Lanka and Rizal Commercial Banking Corporation in the Philippines are all connected to heist, he told reporters at his office in the capital’s Malibagh.

        ”Some of the investigation abroad can be done through the local police or the Interpol, but physical presence is needed in some cases.”

        They would go abroad only after completing their investigation in Bangladesh, he said, adding that he was hopeful about identifying and arresting the “real culprits”.

        Talking to The Daily Star later, Baqui said intelligence officers from different units of police along with cyber experts were working on the case. Experts outside the police department would be hired, if necessary, he added.

        The investigators may also seek assistance from international organisations like Asia/Pacific Group on Money Laundering, Financial Action Task Force on Money Laundering, United Nations Office on Drugs and Crime (UNODC) to deal with the crime, he said.

        A CID official preferring anonymity said they had already communicated with cyber experts in other countries.

        Meanwhile, yesterday’s meeting between the CID and US Federal Bureau of Investigation (FBI) was rescheduled for tomorrow.

    • chempo says:

      Thks Irineo
      The Bloomberg report does indicate that hacking took place. As I indicated, they were exposed because the SWIFT server was connected to the corporate network.
      But from the little that has been disclosed so far, boy oh boy, if I were a bank president, I would be worried shit. Everybody’s exposed. These are new hacking techniques. I would decouple all SWIFT workstations and do manual input immediately until we know what the status quo is.

    • “It’s the sort of thorough operation often mounted by nation-state hackers, according to the report, but FireEye’s intelligence unit believes the group, which it has been tracking for some time, is criminal. “These threat actors appear to be financially motivated, and well organized,” the report said.”

      When it says nation-state and/or criminal, the only reference I have is “Swordfish”. Thanks for the link (should’ve caught this yesterday, but was busy upstairs 😉 ),

  51. This is a crystal clear a big syndicate corruption that know that Philippines is the place they can get away with it. There are so many things that could prevented this money to be stolen if it is only a normal hacking.
    1. Opening of the account & the validity of the account holders – RCBC have so much to answer for it, fake ID, thank you letter should come back to the bank if the address were wrong.
    2. The stop payment notice from New York was deliberately not recognise earlier on February 9, it was only recognised after 7pm – com’on people it’s 30 million dollars.
    3. The account that the 30 million was stolen was open last year of 2015, it was dormant & not moving at all & then suddenly boom! 30 million was lodge, big time red flags, it’s like fire alarm in the building is raised, it was that loud.

    • chempo says:

      Yes James, all the indicators are there. The questions are why why why?

      Stop orders didnt come from Feds, Its BCB’c request for assistance. Which means Feb 9 morning RCBC already knew. So big question – who got the message and what happened to that message? Thye could have not only stopped the Feb 9 payment, there was another payment Feb 10. Further more, Philrem said they delivered cash to Xu from Feb 5-15, so most probably the peso 600mm was paid out during this time, from the FX 3 deal, meaning RCBC was still partially handing over the pesos to Philrem up to Feb 13.

      • Wilfredo G. Villanueva says:

        Chempo, are nuclear silos easier to breach given the new hacking techniques?

      • omar millar says:

        thank you chempo for the very clear and elaborate piece. a lot of people, non bankers and even bankers alike, have been enlightened.

        it is very unfortunate to note that there are too many loopholes in this whole thing. the bogus accounts are wrongdoings of the branch people alone. under whose instruction is something they should explain.

        the craziest part though is the fact that the Philippine government sounded so helpless that the money can not be recovered and returned to the rightful owner anymore.

      • I am fucking tired of these chinky eyes, very short surname (Chiu, Tan,Wong) always in the big scam investigation… Fucking scumbags… And this ” I invoke my rights for self-incrimination” who invented that answer – they should pass a law that will prohibit that sentence.

        • Joe America says:

          James, with that kind of racial pigeon-holing and language, you are not long for this blog. First and last warning. Kindly civil up. Half the power base of the Philippines is reading and you come across like a drunken sailor fresh into port with too much grog under the belt, grunting and cursing and scratching.

          • NHerrera says:

            While many of these “chinky-eyed-short-name guys have been involved in scams, there are many more who are hardworking and law abiding. And scams are not a monopoly of this group. There are quite a few, including those in government, who are involved in scams/ corruption who are not chinky eyed with short names. I agree racial-profiling is not a fit subject for spending time on in this blogsite.

            • Joe America says:

              Yes, indeed, it contradicts everything we work for on civility and diversity and inclusion.

              • Edgar Lores says:

                1. Speaking of incivility, I apologize for my uncivil language. I direct my apology to JoeAm, Chempo, members of the Society – except LCpl_X – and to the thousands of readers.

                2. As to my nationalistic sentiments, I have raised the flag no matter how you may judge the degree of provocation.

                3. Those who are constant readers of The Society would know me for my analytical and level-headed stance. I have also said that I am rarely insulted. My reasoning, which I am sure is recorded somewhere in this website, has always been this: If what is said is untrue, then what does it matter? But if it is true, I will change myself.

                3.1. So what has been said or, rather, implied here? It is that Filipinos are criminal-minded if not criminals.

                3.2. I know this to be untrue, so why have I taken offense? If it were just me, I would laugh off the charge. However, it is not only I that has been maligned… but the entire nation.

                3.3. I have taken a stand… I am committed… and I will not retreat.

                4. LCpl_X has refused to apologize. That is between him and his conscience.

              • Joe America says:

                Good to know that you are human, with a sharp bark. No apology required. You’ve for sure earned our reflection and understanding. Good to know that you won’t accept the kinds of disparagement we see so lavishly strewn about at GRP. Misrepresentations, allowed to flourish, hurt a lot of good people. Carry on.

              • NHerrera says:

                @edgar, @Joe:

                If what is said is untrue, then what does it matter? (with your qualifier that that is your policy if it involves only you but not the country you still love — the Philippines) But if it is true, I will change myself.

                That sort of jibes with Joe’s Notes from the Editor,

                “When the facts change, I change my mind … ”

                Say, Joe, is this a prelude to this Sunday’s blog-topic?

              • Joe America says:

                Not intentionally, but if the shoe fits, steal it . . .

              • chempo says:

                Accepted Edgar. Let’s move on. Just hope no one spilled their popcorns and coke.

              • edgar lores says:

                chempo, thanks.

                From my view the issue is unresolved… but I am not holding my breath… and I will certainly move on to other matters.

          • He he he! Sorry Joe, I have chinky eyes too. My apology, I am just so frustrated of this whole corruption in every level & corner.

            • Joe America says:

              Will release moderation hold tomorrow. Off computer now. I get you. Feel that way myself about a few things. Thanks.

              • sonny says:

                Caution, Joe. Keep in mind things (comboxes, et al) can now go linear, to geometric to logarithmic in almost no time. I hope n pray your moderating steed (this is spelled right) can head off anybody at the pass. 🙂

        • Joe America says:

          Actually, since you are new, I changed my mind. You are in moderation so that your comments pass by me before published. If that is an inconvenience, consider the reason.

      • Surfer sison says:

        Congrats on your article chempo.
        If Rcbc was still handing out cash after feb 9 , is Rcbc legally liable?

        • chempo says:

          Thank you surfer.

          Very good question. As I indicated in the article, the bank has been put on notice the moment they received the message from BCB on the morning of Feb 9. So the issue of liability is not far fetched indeed. Mind old mind….. Perhaps Topacio should ditch Deguito and approach RCBC to represent them…

  52. Joe America says:

    Chempo’s article is approaching the 30,000 read mark today, an extraordinary readership level any day, and especially a Saturday. I suspect it will stand as the Primer on this great heist until official investigations provide answers to the questions he has posed. It is being read by important people.

    Congratulations on your quality article, Chempo, and thanks for illustrating the power and potential of work that is done, not for personal financial gain, but for fulfillment, knowledge and the Philippines.

    I wish all in government service shared these values and drive. Especially the Senate.

    • RHiro says:

      This is too important not to share in this country whose people are mainly Catholic.

      The Economist
      Charles Keating
      Crusader and fraud
      Charles Keating, moral crusader and financial snake-oil salesman, died on March 31st, aged 90
      Apr 12th 2014 | From the print edition
      Charles Keating

      THEY called him “Mr Clean”. It was not a joke. First, he was a champion swimmer, and would emerge from the pool with his long lanky frame smooth and shiny as a fish. Second, he was a moral crusader. If you wanted porn and obscenity cleared out of your Cincinnati neighbourhood, Charlie Keating was your man. He got Playboy and Oui magazine banished from news-stands near his office. He denounced the Ramada Hotel for showing adult TV programming in its rooms. He stopped a TV showing of “Oh Calcutta!”, the naked revue, at the old Shubert Theatre. He made sure Larry Flynt got a jail sentence in 1976 for publishing Hustler magazine, and he came down like a ton of bricks on the keeper of the variety store at 8th and State, who sold dirty pictures to schoolboys.

      Mr Keating was so doughty in this holy war that Richard Nixon appointed him in 1969 to the national commission on obscenity. When the commission produced a feeble report, Mr Keating dissented. He wrote that “Never in Rome, Greece or the most debauched nation in history has such utter filth been projected to all parts of a nation.” At meetings of his 300-chapter organisation, Citizens for Decency through Law, he would stride round with a big red Bible in his hand. Sundays saw him devoutly at Mass, with thousands of dollars given to Catholic causes. Such was his local influence that when the Supreme Court ruled that obscenity should be judged by “community standards”, every adult theatre in Cincinnati closed down.

      Strange, then, that this knight on a white charger—as he saw himself—was also the man who bilked 23,000 investors out of their savings. The total loss was $250m-288m, and the cost to the taxpayer $3.4 billion. In 1984 he had bought Lincoln Savings, a savings and loan association based in Irvine, California, and turned it into a piggy bank for his own American Continental Corporation. He persuaded Lincoln investors to swap their secured bonds for ACC’s junk ones, claiming that these too were backed by the government. Then he speculated freely in foreign exchange, risky development and tracts of raw cactus desert. Staff were exhorted to prey on “the weak, meek and ignorant”.

      Those hoodwinked investors subsidised a lavish life. Mr Keating travelled by private jet the world over. He built the $300m Phoenician Hotel in Scottsdale, Arizona, with gold-leaf ceilings and a swimming pool lined with tiles of mother-of-pearl. He threw champagne-soaked parties at which, in 1986, $2,000 was spent on Silly String alone. Pretty, biddable young women were paid enormous salaries to work for him. At one party, typically, he leapt on a table and posed as Superman.

      Influence-buying was his second nature. The city council of Phoenix, his base after 1976, was safely in his pocket. In 1987, as Lincoln’s false profits mounted and the bad smell drew attention, he used his influence with Washington politicos to hold off the regulators. Five senators, recipients of hundreds of thousands of Keating campaign dollars, assisted in keeping the Federal Home Loan Bank Board kicking its heels for two years. When Mr Keating was asked if his donations had inspired their kindness, he replied: “I certainly hope so.” He had also given at least $1m to Mother Teresa, who in return praised his good character. But in 1989 Lincoln went bust. No one could save him then from being convicted two years later on 17 counts of fraud, racketeering and conspiracy, and almost five years in jail.

      The sound of the guns

      Crusader and snake-oil salesman were hard to reconcile. Perhaps it all sprang from having an invalid father, too weak to steer him. Perhaps it came from spending years in navy training in the war, but never fighting. A bronze plaque on his desk declared that “A man can do no wrong if he always rides to the sound of the guns.” His energy and arrogance seemed to fire off wildly in dozens of different directions.

      For him, however, there was no contradiction. He fought scum in all its forms. For him, federal regulation too was an obscenity. When the savings-and-loans industry was deregulated in 1982, it was allowed to take risks with investments. That was what he did with Lincoln, quintupling its worth in four years. Then in 1985 the rules tightened again. At that point the regulators—some of them homos, all of them evil—launched a vendetta against him. The practitioners of yellow journalism followed.

      He was no sinner in his own eyes. “Martyr” and “scapegoat” were more like it. He was running a dynamic enterprise that was bound to recover when the market perked up. If Washington had let him alone, the Lincoln investors “would all be rich”. Besides, in the far worse financial scandals of 2008-09, no one went to jail.

      This noble self-image convinced very few. Not the jurors who convicted him. Not the SEC, which had sniffed him out as early as 1976 at the first company he ran, American Financial Corporation, for a dodgy insider loan worth $14m. Not the porn kings, who noticed that he seemed to enjoy collecting and flaunting the salacious stuff they sold. And least of all Sarah Solomon, 72, a Lincoln investor, who at his trial stood on tiptoe to seize him by the lapels and shout, into that craggy and sanctimonious face, “Mr Keating, what happened to my money? You took all my money away.”

      • Joe America says:

        Yes, I well remember those heady days. I was responsible for our bank’s merger and acquisition program during the 80’s, and was on the invite for the FDIC in California when another institution was going to be closed over the weekend. I’ve got some stories, but they will stay tucked away in my cranial recesses. Keating was a man among boys. So was the guy who ran Countrywide Savings that BofA regrets buying. Italian fellow. I’d google him, but my internet is horrid this evening. I did some consulting work for IndyMac Bank after I retired. Boy, that was another horror story. Pugnacious autocrat ran the place. I think Keating was his idol. I didn’t last long at the job, being a clean fish in a dirty pool.

        Thanks for the memories.

        • RHiro says:

          Repeal of the bank secrecy law and the FOI to include the BSP. Even the FED is not exempt from oversight and the FOI.

          Absolute power is always dangerous. case in point: The 2008 crisis—the roots again doctrinaire belief in neo -liberal economic wahhabism. Regulators influenced by a powerhouse of government technocrats and elected officials acting on behalf of those to be regulated. The Anatomy of a Major Crime. The criminals win in the end.

          How the Clinton Team Thwarted Effort to Regulate Derivatives
          April 25, 2014
          In April 1998, a decade before a historic crisis wreaked havoc on global financial markets, an obscure regulator saw a potential gap in the government’s oversight of Wall Street and tried to do something about it.

          Now, newly released records show just how ardently some of the Clinton administration’s most prominent figures shot her down. The documents add to the story of how President Bill Clinton’s team took a stance, on derivatives and other issues, that shielded Wall Street from more aggressive oversight in the years leading up to the 2008 financial crisis.

          At the time, Brooksley Born was head of the Commodity Futures Trading Commission (CFTC), a small agency responsible for overseeing lesser-known corners of the markets. At the April meeting, she asked other regulatory leaders if the government was doing enough to monitor trading in over-the-counter (OTC) derivatives—a type of financial tool, often used to hedge risk and place speculative bets, that would later feature prominently in the 2008 crisis.

          Born’s question was not well received.

          Treasury Secretary Robert Rubin, who had spent most of his career at Goldman Sachs and joined Citigroup shortly after his stint in government, said the “financial community” was “petrified” by the notion that OTC derivatives previously exempt from CFTC regulation would now fall under the agency’s purview, according to newly released notes from the April meeting.
          The possibility of CFTC oversight would create “uncertainty over trillions of dollars of transactions,” Rubin warned, adding that if Born tried to solicit the public’s input on potential derivatives regulation, “Treasury will put out [a] statement that CFTC has no jurisdiction,” according to the notes.

          The Project On Government Oversight found the handwritten notes, taken during a meeting of President Bill Clinton’s Financial Markets Working Group, in a trove of documents posted online this month by the Clinton Presidential Library. The notes were contained in files of the Clinton White House’s Council of Economic Advisers, according to the library’s release, but it’s unclear who took the notes or if the notes reflect the exact words spoken by the meeting participants.
          Born thought that “Rubin [was] asking CFTC not to uphold the law,” the meeting notes say. Rubin claimed he didn’t “disagree w/ substance of CFTC’s actions” but thought there was a “better way to proceed,” the notes say.

          His views were echoed by Larry Summers, then a deputy Treasury secretary, who likewise wondered if there was a “better way to proceed” given that regulators and the financial industry viewed the CFTC’s posture “as being disastrous for markets.”
          Arthur Levitt, then the head of the Securities and Exchange Commission, said it would be “problematic” for the CFTC to publicly discuss changes to the regulation of OTC derivatives without the support of other agencies.

          And Alan Greenspan, then the Chairman of the Federal Reserve, warned that increased regulation could “suppress OTC derivatives business.” Once regulators began tinkering with the rules, he said, they wouldn’t be able to “put [the] cork back in [the] bottle,” the notes say.
          Greenspan was also concerned that derivatives trading would move overseas. “Worry, then, that OTC derivatives market could flee to London (or Europe) if this isn’t handled well,” the notes say. “That would be a failure on CFTC’s part.”

          The notes also attribute this assessment to Greenspan: “There are contradictions in the CEA [Commodity Exchange Act] – but that shouldn’t induce us to do things that will undercut the system that we are beholden to serve…”

          Born’s clash with other Clinton officials has been widely covered, including in reports by Frontline, The Washington Post, and The New York Times. The newly released documents add to the historical record, offering a fly-on-the-wall account of a pivotal meeting on derivatives and taking the public inside Clinton administration discussions from that period.

          Shortly after the April 1998 meeting, the derivatives dispute boiled over.

          On May 7, 1998, the CFTC issued a concept release—a sort of regulatory trial balloon—raising a series of broad questions about the regulation of OTC derivatives. That same day, Rubin, Greenspan, and Levitt issued a joint statement saying they had “grave concerns” about the concept release “and its possible consequences.” They questioned the “CFTC’s jurisdiction in this area” and said they were worried about “reports that the CFTC’s action may increase the legal uncertainty.”

          Behind the scenes, Clinton officials lobbied to keep the CFTC on the sidelines of derivatives oversight, according to other records newly released by the Clinton Library.

          In a June 1998 email, a program analyst in the White House’s Office of Management Budget wrote that “Treasury, the FED, and the SEC all object to the CFTC’s concept release, and have drafted legislation that would prohibit the CFTC from any rulemaking until after FY 2000, while the President’s Working Group on Financial Markets studies the issue.” He added that “Treasury Secretary Rubin has talked with Gene Sperling”—director of the National Economic Council under Presidents Clinton and Obama—“concerning the legislative proposal.”

          In an email commenting on testimony Treasury had prepared about the CFTC, Sarah Rosen, then a senior advisor on Clinton’s National Economic Council, identified weak spots in Treasury’s argument.
          “Without better justification, sounds like Treasury wants to protect the traders from regulation,” she wrote.

          In addition, she expressed concern about ongoing risks in the derivatives markets. “God forbid a major pension plan looses [sic] its shirt in OTC derivatives while we are performing this study and workers are at risk of loosing [sic] retirement benefits,” she wrote. “Wouldn’t we be better off if we had at least acknowledged the concerns now.”

          “Treasury makes only the most cursory nod at the concerns in the OTC derivatives markets,” she added. “Even Greenspan noted recently that these transactions have never been tested in a down market.”

          Rosen also took aim at the concern that a CFTC regulatory concept release could be so harmful. “By this argument, we could never discuss possible regulation of any market because it might chill the market in anticipation of what the regulator ‘might’ do,” she wrote.

          Rosen, now president of the Urban Institute, did not respond to POGO’s request for comment.
          In September 1998, Long-Term Capital Management, a large and opaque hedge fund that made highly leveraged bets using OTC derivatives and other tools, found itself on the brink of collapse. It was saved only when the Federal Reserve orchestrated a $3.6 billion private-sector bailout of the firm.

          Rather than taking the opportunity to tighten the rules for derivatives trading, Congress and the President enacted an appropriations bill in October 1998 that included a six-month moratorium prohibiting the CFTC from taking any action. Congress explained in an accompanying report that it wanted to give the Financial Markets Working Group more time to study derivatives and hedge funds.

          The following year, the Working Group issued a report on the Long-Term Capital Management episode. The report offered a few modest reforms but stopped short of calling for increased oversight of derivatives or direct regulation of hedge funds.

          As the report was being drafted, Douglas Elmendorf—who was serving on the Council of Economic Advisers and is now the head of the Congressional Budget Office—recommended wording it in a way that avoided opening the administration’s regulatory record to criticism, according to a memo released by the Clinton Library.

          “As I suggested before, I think it’s useful to emphasize the idea that financial-market innovation has made the existing disclosure rules and regulatory approaches inadequate,” he wrote. “I’m not sure how much of the story this really is, but it’s a convenient argument because it absolves us of regulating badly in the past and neatly justifies the range of actions we’re now proposing.”

          Elmendorf declined POGO’s request for comment.

          Born left the government in June 1999. In November of that year, the Financial Markets Working Group—with Summers, Greenspan, and Levitt serving as members—issued a highly anticipated report on OTC derivatives.

          The report concluded that, “under many circumstances, the trading of financial derivatives…should be excluded” from the CFTC’s oversight. “To do otherwise would perpetuate legal uncertainty or impose unnecessary regulatory burdens and constraints upon the development of these markets in the United States,” the report said.

          The following year, Congress passed and President Clinton signed the Commodity Futures Modernization Act, which “effectively shielded OTC derivatives from virtually all regulation or oversight” and marked a “key turning point in the march toward the financial crisis,” according to a 2011 report by the Financial Crisis Inquiry Commission. (Born served as a Commission member.)
          The OTC derivatives market expanded greatly after the bill was enacted, as detailed in the Financial Crisis Inquiry Commission report. “At year-end 2000, when the [Commodity Futures Modernization Act] was passed, the notional amount of OTC derivatives outstanding globally was $95.2 trillion,” the report said. “In the seven and a half years from then until June 2008, when the market peaked, outstanding OTC derivatives increased more than sevenfold to a notional amount of $672.6 trillion.”

          At the height of the financial crisis, the government approved a massive taxpayer bailout of insurance giant AIG, which had a $79 billion derivatives exposure to mortgage-related financial products that were tanking in value.

          In the wake of the crisis, President Clinton and his economic team—some of whom had been featured as “The Committee to Save the World” in an infamous 1999 Time magazine cover story—were often asked to explain the positions they took on derivatives regulation in the 1990s.
          Rubin told the Financial Crisis Inquiry Commission he was “‘not opposed to the regulation of derivatives’” but explained that “‘very strongly held views in the financial services industry in opposition to regulation’ were insurmountable” during his tenure as Treasury secretary.

          Summers told the commission that “while risks could not necessarily have been foreseen years ago, ‘by 2008 our regulatory framework with respect to derivatives was manifestly inadequate.’”
          Clinton told ABC News in 2010 he shouldn’t have listened to officials who advised him against taking a tougher stance on derivatives. “On derivatives, yeah I think they were wrong and I think I was wrong to take [their advice],” he said. “[S]ometimes people with a lot of money make stupid decisions and make it without transparency.”

          Born told Frontline she expected pushback from industry players when the CFTC issued its 1998 concept release, but said she was surprised to encounter resistance from her follow regulators. “I had hoped that they would work with us to learn more about the [derivatives] market, decide whether there was an appropriate regulatory regime for it,” she said.

          When asked why other regulators resisted the CFTC’s action, Born had a few ideas. “[S]ome of the people involved really were purists in terms of belief in free markets and were absolutely, from a doctrinal point of view, opposed to regulation,” she told Frontline. “I think others were concerned with keeping the big banks and the investment banks happy and making sure that they were responsive to the demands of those entities.”

          Other records released by the Clinton Library this month show how officials lobbied to undo the Glass-Steagall Act, a Depression-era law that separated commercial banking, which is protected by a government safety net, from investment banking and insurance underwriting. The idea was to limit banks’ ability to put federally insured deposits at risk.

          Those records were first highlighted in a story by The Guardian.

          In a 1995 memo, Clinton’s then-deputy assistant for economic policy, Bo Cutter, told the President that Rubin was scheduled to testify on a proposed Glass-Steagall repeal, and it was “therefore necessary to have an agreed-upon Administration position” within a matter of days. Cutter did not respond to POGO’s request for comment.

          Two years later, Rubin and other officials tried again to push through a repeal of Glass-Steagall. In a 1997 memo to the President, Rubin explained that advancing the proposal “would be a Treasury initiative, and would not require a significant time commitment from the White House.”

          As described in the Financial Crisis Inquiry Commission report, “Citicorp forced the issue” the following year “by seeking a merger with the insurance giant Travelers to form Citigroup.” Congress soon passed and President Clinton enacted a Glass-Steagall repeal that “adopted many of the measures Treasury had previously advocated.”

          (According to The New York Times, Citigroup’s then-CEO Sandy Weill installed in his office a “hunk of wood – at least 4 feet wide – etched with his portrait and the words ‘The Shatterer of Glass-Steagall.’” He later changed his tune, telling CNBC in 2012: “What we should probably do is go and split up investment banking from banking, have banks be deposit takers, have banks make commercial loans and real estate loans, have banks do something that’s not going to risk the taxpayer dollars, that’s not too big to fail.” )

          Rubin joined Citigroup after stepping down as Treasury Secretary, going to work for a firm that benefited directly from the Glass-Steagall repeal.

          While serving as chairman of the Executive Committee on Citigroup’s board, Rubin “recommended that Citigroup increase its risk taking,” according to the FCIC report. “Citigroup’s investment bank subsidiary was a natural area for growth after the Fed and then Congress had done away with restrictions on activities that could be pursued by investment banks affiliated with commercial banks,” the report said.

          By the middle of the 2000s, “Citigroup was a market leader in selling CDOs”—a product that was at the heart of the 2008 financial crisis—“often using its depositor-based commercial bank to provide liquidity support.”

          After the crisis struck, taxpayers bailed out Citigroup to the tune of $45 billion, and the government promised to limit Citi’s losses on a $300 billion pool of toxic assets. The bank has since paid back the bailout money at a financial profit to taxpayers.

          Rubin stayed with Citigroup until January 2009, and was paid more than $115 million for his work at the bank, the Financial Crisis Inquiry Commission reported.

          By: Michael Smallberg
          Investigator, POGO
          At the time of publication Michael Smallberg was an investigator for the Project On Government Oversight.

      • Napoles, Binay, JPE come to mind. As posted here so many times, they treat confession and donating as a salve to their conscience.

    • NHerrera says:

      On the readership of chempo’s current article: time to pop the champagne. Buckets of popcorn from our supplier — edgar — at the very least.

      • sonny says:

        Additionally consider how fast the volume got to high. Seems we got our own version of going viral for blogs. 🙂

      • edgar lores says:

        Definitely, popcorn and peppered champagne are in order.

        • karlgarcia says:


          I could not find a sparkling champagne icon.
          Let me propose a toast!🍞

        • NHerrera says:

          Nah. Peppery popcorn does well with me but not peppery champagne. 🙂

        • Bill in Oz says:

          Edgar, It was very early there in the ACT ( 3.00 am by my estimate ) and there you were onpost and also apologising for your own behaviour here…Well done… And I see then mental conflict of being Filippino and Australian both…. Sometimes it’s time for popcorn,

    • chempo says:

      I’m happy people enjoy reading it, and if any knowledge is obtained, that’s great.
      Readership is not my prime concern. I liked putting it up here and bounce ideas off each other. That’s the fun for me. That is the reason why I’m not afraid even if what I write contains errors on my part. If pointed out, well so I learn too.

  53. We should call in all those people that have account in RCBC to withdraw their money & put in somewhere, let this bank be broke.

    • Not so fast, that would trigger a bank run, something we don’t need at this time or at anytime. That’s the 5th largest bank in our country. The BSP and the AMLC are on it, I believe.

      • omar millar says:

        can understand the frustrations of some. bangladesh i believe is much poorer than the philippines. now we are exposed to the world for everybody to see how helpless our government can be.

        can somebody please tell me what is the chance that the money can be recovered and returned to the bangladeshi government? im thinking zero, nil,nada… so for me this whole thing is an exercise of half futility even if we convict all of the involved.

        too many loopholes also in our laws. imagine a criminally accused individual invoking her rights for self incrimination over the senate committee. how can upholding an individuals rights to self incrimination negate the senate powers?

    • JCheng says:

      Yes.. BANK RUN ..thats their term… PDI should be prepared also.. 😊

  54. maru0907 says:

    Excellent article! Thank you.

    To think that top Management wouldn’t know about an USD81M remittance? Hah!

  55. jaded says:

    @chempo. Great article… a curious thing as well is the William Go peso account at the same branch that he also disavows which, as it was pointed out, had been quite active for at least a year…the whole check discounting thing seems overly convenient.., yet RCBC legal head has all but absolved Go. Quite premature and outright imprudent to make such statements no? Biased much?

    Further, submitting affidavits in line with the story you are weaving and choosing not to submit one that does not, and even verbalizing the same, is telling I think. Common ACCRA. You can do better than that.

    All these, plus the fact that the personalities, including Lorenzo Tan, know each other, again, is quite curious. Another coincidence perhaps?

    In any case, intelligent and powerful bank executives can always point to the absurd, brazen, and stupid nature of the heist as their defense, (an instinctive defense of the intelligent) so it would behoove them to act less obvious and defensive, and a little bit more intelligent, given that they are innocent, right?

    BTW, Philrem lady doing a better dog and pony show. ACCRA guys getting outdanced for the meantime.

    All in all, nice show though.

  56. sed says:

    Wow, this is superb. Have you read Gigi Grande’s report? It mentions it’s not Wong’s first time to be called in a senate hearing, if you remember Mary “Rosebud” Ong pointed to Wong as a Chinese mafia leader. Her report claims Hawaiian Eastern is owned by Wong’s sister and some labor lawsuits against the company says sister is just a dummy. This is really an elaborate conspiracy.

    Only crooks are afraid of uplifting bank secrecy laws.

  57. Noy Matias says:

    Great read. Thank you sir for providing the details which the mainstream media for some reason always fails not to write.

    • chempo says:

      Thank u, Noy. Your point noted. Woe it will be should it require social media to set the standards for the mainstream. But let’s not be too harsh, there are very good stories from them too.

  58. dad says:

    ang galing! GREAT article!

  59. karlgarcia says:

    Maybe the geek squad of DOF secretary Purisima,can help here.

    • R.Hiro says:

      The reason why the DOF cannot interfere with the BIR is the DOF is responsible for formulating and carrying out fiscal policy for the treasury. The implementation for revenue collection is with the BIR, BOC etc. Disbursements are assigned to the DBM while monetary policy of which forex rules and regulations are exclusively with the BSP based on the Macro economic policy of the state. I would say a very limited number of elected officials know this. Bankers are clueless about this. Worse of all the courts woefully equipped to handle crimes tied to financial issues. Judges are completely dumbfounded.

      That is why Chempo asked a good question as to why the BCB kept a $1B in cash with the FED.

      That would mean getting into the macro economic policy of the bank. Further to that their forex exchange policy…

      Case in point the Sri Lanka Central bank ordered the return of the $20 million since they felt suspicious of the transfer of state funds to private individuals. Sri Lanka has a stricter regulatory framework on inbound foreign funds as part of their forex policy. The Sri Lanka monitors all large inbound flows. We do not as part of a freer forex exchange regime under our
      neo-liberal wahhabi policy.

      Now back to Chempo’s question on keeping $1 billion in a current account. That is perfectly normal management of funds wherein the Central Bank in its management of forex rate adjustments in a liberalized forex trading regime in their own country. It always keeps bullets ready in case of as they say a an emergency.. Our BSP does the same but with cash at its disposal with local foreign banks who manage our reserves. If there is a run against the peso it responds immediately to quell the disturbance. The forex daily rate is determined by the last price quoted n the BAP trading floor. Computer terminal actually.

      You see if China would like to be mischievous it could launch a sneak attack on the Philippine currency. Send in a mixture of hard currency forex at $1+ billion and day for a hundred days and flood the Philippines with $200 B to $300 B to destabilize the exchange rate.

      Please note controls are anathema to a neo-liberal wahhabi framework that our BSP and economic managers are tied to…Animal spirits must be allowed to run free.

      Please note two of the countries with the highest debt to GDP ratios are Japan and the U.S.A.

      However they can continue to borrow from the globe at rates so much cheaper than us. Trust and confidence tied to the strength of their public institutions, openness and powerful economies.

  60. karlgarcia says:

    Quora added Chempo’s master piece.🍷🎉🍻

  61. chempo says:

    Just an update for those interested to follow through:

    Seems there was hacking at BCB after all. So my gut feel was wrong, but my proviso was right on the spot. I indicated 2 things, there can be hacking only if BCB had an integration application linking their banking system to the SWIFT workstation, AND there is something with the printer not printing out “ack” messages.

    It seems BCB have a SWIFT ALLIANCE package, which is a third party solution that enables banks to download transactions from banking systems and upload into SWIFT workstation. It is not clear at this stage whether hackers got into the banking system and created those remittance transactions which the SWIFT ALLIANCE application will pick up, or if the hackers got into SWIFT ALLIANCE itself and inserted the remittance transactions there. Either way, I still do not understand how they can approve the payments on the SWIFT system. It seems also hackers disabled the printer at the SWIFT workstation. Details still to come.

    Commenter ‘anonymousbanker’ rightly pointed out my SWIFT description is outdated, and he is right. I left banking long ago and I wrote from memory, did’nt research for updates. But I guess changes relate to operations part. I understand SWIFT messages are still in the FIN format and they are working towards the XML format. Their backbone system changed from the .x25 (during my time) to IP-networks, but the dedicated national nodes remain the same.

    In any case, the BCB part of the story is not too much of our concern here.

    Of all the players, DeGuito’s involvement is a given. For the others, we cannot condemn as yet, since the facts are not yet absolutely clear. The fact that Lorenzo Tan is accquainted with Kim Wong has no relevance. In the business world, everybody is acquainted to lots of other people. Pnoy had a picture taken with Napoles in some forgotten event once, and detractors said he is involved in PDAF?. My article only attempt to ask what I think are relevant questions.

    Apart from Deguito, my other strong gut feel is the role of Philrem. And I think the suspicion can be dispelled or raised further by establishing this:

    M/s Bautista said all instructions for the ultimate beneficiaries came from the branch manager, they were all verbal, there were no records of any kind. This is incredulous and an insult to the average man’s intelligence. Who on Earth makes delivery runs of millions of pesos cash, or transfers millions of pesos, to someone they do not know, and takes instructions based on a telephone call?. DeGuito’s involvement is likely as the insider to take the money out of the banking system. On a need to know basis, everything else outside of RCBC is not privy to her. She gets the money to Philrem who will know what to do. In other worlds, Philrem has already been pre-instructed. Philrem is certainly not part of the syndicate, but the enabler for the funds flow. Obviously they know it’s black money they were dealing with.

    • andrewlim8 says:

      Thanks for the update. After Holy Week, the hearings will continue.

      Yes, Philrem should be looked at intensely as well. As a remittance company, who oversees it?

      Another bone to throw to investigators or bank presidents: The likelihood that there are other Deguitos in our banking system is there. Remember that the amount originally attempted in the heist was $1B. Some would go to other countries, but surely, the plan was to break down and distribute the amounts in several willing banks here as well.

      Hopefully their clique is small, but they are advertising it out there to the underworld: our laundry services are available here. With enablers like those shadowy Chinese businessmen, they are just here waiting.

      If I were part of an investigative agency, I would start finding out who Deguito’s close friends were in the banking community, the customers she had recruited (remember she was a star performer), look at her social media accounts, where she hangs out, etc. It could lead to something interesting.

      Until then, the only safeguard of our banking community would be the integrity of the local bankers themselves, not the government. Government would only be useful after the fact, not in preventing it.

      • chempo says:

        Andrew you touched on something very relevant. What if all or a substantial part of the remaining $850mm was also destined for Philippines, would be all for RCBC or other banks. Surely they would spread it over a few banks, almost $1billion for RCBC alone would be too big to get through. So this is a very serious possibility the govt should be concerned. I would suggest a BCP review of all US$ a/cs openind in the Mar 2015 in other banks. Oh oh, no can do. AMLA Act in the way.

        Someone commented that the govt is rendered hopeless in this incident. I wonder if anybody has considered this. Fine, the Banking Secrecy law is there, but banks are under the supervision of the Sentral Bangko. What is there to stop BS getting into the banks and do their usual bank inspection? BS conducts inspections (audits) on banks as part of its normal supervisory responsibilities. It’s a different way to kill the cat. Why was this never ever considered in all past cases involving banks?

        Comnenter surfer sison raised the issue of RCBC liability. Remember in the article I wrote about banks being put on notice and the difficult situation they can find themselves in when owners of the a/c or in this case, the funds, tell them hold it, there is something wrong, don’t release the funds? BCB sent 2 such messages to RCBC Feb 8 and 9. So on the morning of Feb 9, what happened to the SWIFT message? No one acted on it. RCBC continued to allow funds to get out of RCBC. BCB may have reasons to obtain compensation from RCBC….some millions??

  62. JLa says:

    Brilliant forensic reporting

  63. this article thinks about possible policy consequences of this heist:

  64. BFD says:

    Kudos to Wilfredo Villanueva and Chempo and of course Joe. Boo Chanco of Philstar just quoted Willy Villanueva’s comments on Chempo’s article on Joe’s site, The Great Bangladesh Bank Heist.

    “I found this comment of Wilfredo G. Villanueva (he might be the same Willy Villanueva I worked with early in my career but lost track of) in a blog by “chempo” in Joe America’s blogsite on the subject that sums up my feeling as well:

    “The world is watching. Not a boxer’s victory, not a beauty title or titles, not good singers, not a well-educated and English-speaking work force here and abroad, no not those. Not even a million Pacquiao victories can erase what money launderers and RCBC did to Bangladesh.

    “The country is almost a twin of the Philippines—an emerging economy subject to vagaries of weather, recovered from a severe drought in the seventies, poor but struggling to break free from poverty just like us.

    “USD81 million lost by hacking. That’s widow’s mite. The world is watching. Not too much talk, please, Senators of the realm. Let’s not play politics again, until the issue dies down and Bangladesh is left with an empty bag, issue unresolved as usual, lost in rhetoric and political grandstanding and one-upmanship. Do everything you can to give justice to the poor country.”

  65. Rubynow says:

    Superb analyses shown in the blog and very interesting comments. Just want to know your comments regarding the recent report that according to Deguito, Go wanted 10% share to cooperate and keep mum on the issue. This appears to support Go’s statement that he was not involved, and only learned what happened when he met with Dequito on Feb 23 or 24?

    • chempo says:

      Thank you Rubynow.
      I don’t think we can comment on who says what to who in the media. There will be lots of mis-information, lots of publicity grabbing, lots of media interest in the slightest whisper they hear

      In this particular case, let’s just use common sense. IF Deguito opened a false a/c under Go’s name, why is there a need to meet him and offer him 20mm peso to close the a/c, or why would she meet him for him to blackmail her for 10mm pesos to keep mum. Coul’nt she simply close the a/c herself?.

      • Rubynow says:

        I agree, there are several inconsistencies in the stories that are coming out. I guess we’ll have a more logical flow of what transpired when the movie version comes out😄.

    • chempo says:

      Thank you David for the link to your blog.
      You provided great details to Inside RCBC, thanks for the info.
      My main views on your blog are:
      – You are too judgemental on the top brass. Let the investigations work out. It’s still preliminary.
      – The buck always stops at the CEO. All govt problems stop at the CEO, which is Pnoy. Does it mean fire Pnoy for every damn issue?
      – You pointed out so many stages when the problem could have been alerted. That is of course true. It was the failure of the front office that let the cash slip out and then all hell broke loose. The question of whether alerts could be flagged at the other stages had these transactions been allowed to pass through without problems, is only of academic interest. We would never know would we, whether safety nets of RCBC are strong enough to have been able to catch this. The front office failed, but the others we would never know. All the other levels are time-based, with the audit coming on at a much later time, maybe months later when they conduct their regular audits. The may even miss it if they dont cover the branch, or remittances, for 2016. It is a “What If” question, so it’s not fair.
      – To point responsibility on top management on the basis that they should know, is totally unfair. Each day, thousands of transactions pass through RCBC. At the transaction level on a daily routine basis, top management would not be involved. To suggest differently is to ask of the impossible.
      – Surely, as a result of this incident, after a proper investigation, heads will roll and internal control weaknesses, if identified, will need to be addressed.
      – As at this point, RCBC as in institution, should not be quickly pre-judged. We are simply not in a position to condemn anyone just yet.

      • from the article… and there is also a reference to the internal software that checks for anomalies (normally such automatic red flag or alert criteria are confidential and the developers are made to sign non-disclosure agreements so that is never made public) and of course you have to have people to check stuff so the question how good their compliance training was is a valid question… I have the feeling someone knew possibly not only the alert criteria of the software but also the standard routine of the compliance team i.e. social hacking – definitely a Danny Ocean kind of heist with highly sophisticated planning and execution… 😮

        Under BSP Circular No. 706, which updates Anti-Money Laundering Rules and Regulations, RCBC is supposed to report any “covered transaction” involving single transactions in cash or other equivalent monetary instruments in excess of P 0.5 million within one banking day. RCBC is also supposed to flag any suspicious transaction, regardless of the amount involved, where there is “no underlying legal or trade obligation, purpose or economic justification” and “the amount involved is not commensurate with the business or financial capacity of the client” and “any circumstance relating to the transaction which is observed to deviate from the profile of the client and/or client’s past transactions with the institution.”

        If you look at the money trail or read these details, the transactions fit the textbook description of a suspicious transaction. The Bangladesh Central Bank via the New York Fed wiring US$ 81 million to four individuals who just recently opened accounts with nominal amounts of money? There must be a giant red flag here somewhere.

        • chempo says:

          The ultimate check lies in the front office that handled the transaction, which failed dismally, due to complicity. Without complicity, the red flag would 100% have been raised.

          The issue is, with complicity, could there have been other stages where the red flag could have been raised. There will be many, but unfortunately, they will all be post event scenarios. Much of the reporting are all post event types, including the automated checks. Computerised checks in place requires several criterias, all quantitative. As RCBC said, one of the checks is summation of transaction across individual customer accounts — report showing total of transactions for each customer, there will be reports of transactions exceeding 500k pesos, etc, . All these comes after the end of business day cycle.That’s why I said it’s a “what’s if” question — if the front office missed it (which they did not due to complicity) could the auto check pick it up? I’m sure it did in this instance, if it did’nt, the app is’nt working. If the matter was hushed on Feb 9, the next business day Feb 10 reporting would have thrown up all the exceptions for investigations. That’s why the plotters must get all the stolen funds out of RCBC with then same day.

          The question I raised is — at the point of inception (not the front office) which in this case, is in inward remittance dept in head office, did they have certain checks in place. I doubt so, as I explained, they are merely routing the transactions to responsibility centres such as branches. Is the auto check app in place at this point? If there is, then certainly large sum transactions would have been alerted. But again, I don’t think the check is done here, why? Because at this dept they have no knowledge whether the transactions are OK — it’s the front office that understands the transactions. Another reason is as I indicated, if they place auto checks on all funds coming in, the 500K check would have been busted thousands of times because it would have covered treasury transactions which are all very large sums making it meaningless.

  66. BFD says:

    We are now on the financial world’s cross hairs. Hope we deliver those monies and crooks that shamed our country by their greediness.

    Zaid Bakht, chairman of state-owned Agrani Bank, believes the stolen money can be recovered providing Philippine authorities cooperate with Bangladesh. “The money can be traced if Manila is SINCERE,” he said.

    • – VOICE OF AMERICA: Historic Bangladesh Bank Heist Muddled in Mystery

      Finger-pointing, firings, a mysterious disappearance and threats of lawsuits are swirling around one of history’s largest cyber heists, with authorities apparently no closer to nabbing the mastermind.

      What investigators know for certain is that early last month, after nearly a year of careful planning, someone orchestrated 35 fraudulent transfer instructions to the Federal Reserve Bank of New York in an attempt to steal $1 billion dollars from the Bangladesh central bank.

      • BFD says:

        This is what bugs me, Bangladeshi Finance Minister that this is certainly an inside job because certain biometrics is needed to activate that kind of transaction on Bangladesh Central Bank’s end. If that would be so, then certainly this is a cabal of international conspirators ranging from Bangladeshi, Chinese, Filipino and Sri Lankans with high level knowledge of the international banking operational system.

  67. Chito Generoso says:

    Please update after yesterdays’ Senate hearings …

    • chempo says:

      Thanks for visiting Chito.
      I did not tune in to the 2nd hearing, but I’ll try to catch up on youtube.
      I may be writing something on the RCBC senate inquiry article. Stay tuned in haha.

  68. Joe Can says:

    How Barbie-doll maker Mattel got back $3M US from cyber thieves
    Executive at California-based toy company wired millions to a Chinese bank following bogus email
    By Eric Tucker, Fu Ting, The Associated Press Posted: Mar 30, 2016 8:11 PM ET Last Updated: Mar 30, 2016 10:59 PM ET

    • chempo says:

      Joe, thanks for the story, if anything, it demonstrates that time is of the essence in dealing with this kind of situation. The police in China were able to walk into the bank that received the illicit funds and stopped the payout. They don’t need anti-money laundering acts, no banking secrecy acts, no fanciful court orders.

      Note that it was the police, not some white collar investigative committees (AMLC) who did the investigation. Why – because it was a fraud case. In the RCBC case, it was a bank robbery case — it’s only a money laundering case when the money gets into the casino.

      Just for the interest, I don’t believe in the accuracy of the story in that someone will make a U$3mm payment from an instruction via email.

  69. karlgarcia says:

    Dang! That guy from Philrem was a school mate of mine.

  70. aihope says:

    Lengthy read, but a great one. Well written. Thank you.

    Notable words for me :
    Banking secrecy is fine, but where it comes to criminal investigations, the law must be on the side of those who uphold the law. An amendment is long overdue to override banking secrecy in the event of a criminal investigation. This will be a tough act for a lower and upper house full of legislators who themselves are tainted. Blame dwells on the voters who put them there.

  71. karlgarcia says:

    If we get a country rating down grade because of this.
    No more confidence in our banking system, those with loans will get sky rocketting interest rates.
    If RCBC and other banks are implicated,there goes the banking industry.
    I maybe stating the obvious,but you need to state the obvious in this case.

  72. – Filipino-Canadian Inquirer

    MANILA – The Anti-Money Laundering Council (AMLC) on Monday received another batch of funds, amounting to PHP38.28 million, stolen from the Bangladesh Bank (BB).

    AMLC Executive Director Julia Bacay-Abad, in a briefing, said casino junket operator Kim Wong returned the money through his legal team, composed of lawyers Victor Fernandez and Inocencio Ferrer Jr., who said that the funds are the amount abandoned by Gao Shu Hua in Eastern Hawaii Leisure Company Ltd. and/or Midas Casino.

  73. Nicole says:

    Hi Chempo. I am eagerly awaiting your analyses on the ongoing Senate hearing. I personally agree with the opinion of Sen Recto that the only thing that’s perfectly clear is that a lot of people are lying! Also, it seems that the money turned over by Kim Womg to BSP is only for safekeepimg purposes. His lawyers said that the money cannot be returned to Bangladesh Bank except through forfeiture proceedings filed in court. If that’s true, let’s all take a guess on how long would the Bangladesh Bank have to wait. . .

    • chempo says:

      Hi Nicole

      Lots of people are lying, that’s why the Senate inquiry is an act of sheer stupidity by the legislators. Find out why in my follow-up blog.

      Such claims are settled by civil suit which may or may not take long depending on jurisdiction and whether there are counter-claims. I suspect that this one may not take too long, by Philippines standards because Kim Wong and Solaire will not contest.

  74. If some one desires expert view regarding blogging then i advise him/her to pay a quick visit this blog, Keep up the good job.

  75. chemrock says:

    Putting this link here just for the records.
    Seems my initial suspicion was right all along. Its a good old fashioned inside job.

    A new police report seems to point to my early guess work was rather accurate. I had indicated these 3 pre-requisites for the thef to prosper:

    1. They must be linking the SWIFT system to a local payment system.
    2. The link in (1) connects the SWIFT system into another network having internet access.
    3. They compromised the SWIFT password somehow (and this almost definitely required an inside hand).

    Seems that was exactly what happened. They were doing some technical work on the system, and someone left the SWIFT password tokens in the system for a few months thus exposing the system. SWIFT password tokens are supposed to be kept in a vault under dual control at the close of each business day.

    • I think the NBI could use your talents. 🙂

    • edgar lores says:

      Chemrock, There are three possible scenarios:

      1. Pure inside job
      2. Pure hacking
      3. Combination of inside job and hacking

      We are certain option 1 is out.

      What you are suggesting is option 3.

      Option 2 is still possible… due to the negligence, and not necessarily the connivance, of internal staff.


      I am not too sure this statement in the article is correct: “It (i.e., the password token) is supposed to be removed and locked in a secure vault after business hours each day.”

      If the SWIFT password token is a hardware device that unlocks the functionality of the SWIFT system, then it should normally be left in place… because bank operations are 24/7 (?).

      A simple safeguard would have been to monitor outgoing transactions after business hours — and to raise the alarm if there were any — while allowing incoming transactions to be queued normally. The safeguard could be embedded in the password token or in the systems that interface with SWIFT. Or it could be a manual SOP.

      • chemrock says:

        Edgar, you are right 2 or 3 are possible. I’m betting on 3 because the pepetrators seemed to have internal knowledge of some BCB projects as these were mentioned in details of payments. (Perhaps these were public knowledge??). Also, the printer was out of order.

        For banks that operate 24/7 it is only the trading room that’s open. The back office (includes SWIFT operations) need not be 24/7. In any case, I don’t think central bank operations are 24/7.

        Ordinarily the back office will execute all pay and receipt instructions for value of the day and they will check SWIFT confirmation printouts to ensure all messages have been acknowledged by the system. They will also check their correspondent account balances in their own accounting system, any undue big balance indicates a mistake somewhere — a receipt or payment not properly recorded (because the Treasurer always maintain a minimum balance. Huge balance represents idle funds, huge overdraft incurs a cost of funds charged by correspondent or even non execution of a payment by correspondent if limits have been exceeded.) (To simplify, I have left out other discussing if the bank is a paying agent – other checks apply)

        Passwords and other attributes are embeded in the physical token. It seems the BCB staff left the token in the pc and with the SWIFT system logged on overnight and thus exposed. That token for sure belongs to a SWIFT ‘administrator’ level staff. Ordinarily, the tokens will be physically safeguarded, as in a vault, by the end of work for the day.

        Forensic reports so far never explained how the SWIFT payment was inserted — at the Alliance interface, or SWIFT system itself.

        Forensic reports also indicate the malware were able to hide their trail, that is all payment messages were wiped off digitally. It did not explain whether it was also able to divert SWIFT acknowledgement printout to a file (which eventually gets wiped out?). Perhaps the malware could not do this, that was the reason why the printer ‘happened’ to be out of order.

        • sonny says:

          I surmise a protocol breakdown among SWIFT transmitters/senders/outsiders who are basically a mix of checks and balances until the net protocol trigger sends the complete signal through. This is the basic hardware configuration, viz how a neuron works. 🙂

        • edgar lores says:

          Here is a simplified diagram of the computer system of the Bangladesh Central Bank. It only shows the elements involved in the heist. This is my understanding of the system.

          A. Description

          1. The main software is the Transaction System used to process payments and receipts. We shall call it the X-System.

          1.1. Note that this is one software applications among many that are used by the bank to conduct and administer its assigned functions such as open market operations and clearing house operations.

          1.2. The X-System is used to create payment transactions and to complete receipt transactions. The transactions could be in the international domain or the domestic domain.

          1.3. Transactions in the domestic domain are processed through the RTGS subsystem, while those in the international domain are processed through SWIFT.

          1.4. SWIFT is a standalone system with its own server, workstation(s), and printer. It interacts with the X-System through an interface system, Alliance. The main function of Alliance is to encode payment transactions from the X-System into a format that is intelligible to SWIFT and to decode receipt transactions from SWIFT into a format that is intelligible to the X-System. I assume Alliance resides on the bank’s main system.

          1.5. The function of the workstation would be to initiate/terminate the SWIFT software. It would also be used to monitor SWIFT operations, fix hardware/software faults, and apply software updates.

          1.6. The function of the printer would be to produce a hardcopy of payment/receipt transactions, and audit trails of any or all maintenance or transactional operations.

          1.7. For SWIFT to function a hardware device, referred to as the password token, must be inserted into the SWIFT server. In computer parlance, the password token is also referred to as a dongle key.

          1.8. Hackers were able to penetrate the computer system because of an internet gateway that was left open. They were able to insert malware into the X-System. The malware included keyloggers that enabled retrieval of user credentials, and other tools that enabled the siphoning of screen formats and transaction records.

          B. Speculations

          1. There is speculation that the hackers had insider info and assistance. The open internet gateway, the printer malfunction, the familiarity with infrastructure transactions, and the capture of X-System and SWIFT passwords – all of these tend to prove the speculation has legs to stand on.

          2. However, there is a case to be made against the speculation.

          2.1. The open internet gateway could have been one of bank ignorance and negligence. The gateway seems to have been left open for a significant amount of time.

          2.2. The printer malfunction did not only happen on the day of the heist. It had been happening for a while. Note that the malfunction may not be viewed as critical by insiders because audit trail of transactions would have been available on the SWIFT workstation and on the X-System as well.

          2.3. The familiarity with infrastructure transactions can be explained by the fact that the hackers had time to familiarize themselves with the data content and record format requirements of the payment transactions. Their main task was to create fake transactions that would pass muster by the system and its handlers.

          2.4. The capture of user credentials is easily explained by the keylogger malware.

          2.5. The capture of SWIFT passwords is hypothesized but, to my mind, this element was not necessary. If the hackers were able to create fake transactions that faithfully mimicked real transactions, and were able to queue these transactions properly for the attention of the Alliance software, then penetration of the SWIFT system was needless. This was not an obstacle that they had to overcome given that the token was left inserted on the server. Even so, if the fake transactions were generated before closing time, the penetration of SWIFT was also needless.

          2.6. Using Occam’s razor, it would be simpler for the hackers to hack one system than two. And if indeed there was inside help, I think info on the X-System from back-office staff/developers would have been more useful to the hackers. I do not think inside help was needed from IT employees except for the fact of the open internet gateway.

          2.7. I imagine a payment transaction would have to go through several stages before reaching Alliance. I envision at least four stages:

          2.7.1. Data entry by an encoder from info provided on a form by the front office (?)
          2.7.2. Online verification by a supervisor.
          2.7.3. Online sign-off by a manager
          2.7.4. Pass-off to Alliance

          2.8. Note that the transaction record would contain audit trails – the logon id of each user, terminal id, and date and time stamps.

          2.9. I imagine the fake transaction records were created after stage 3 going into stage 4. This would partly explain the absence of historical trails.

          2.10. I find it funny that such magnificent, effort, imagination, cunning, talent, and meticulousness were poured into a plan that ultimately failed due to a misspelling.

          “The best-laid schemes o’ mice an’ men
          Gang aft agley,”


          • chemrock says:

            Edgar, I’ll give you a 8/10 score.

            Pardon my further details which will demystify bankings systems.

            A.1.3 The RTGS is the domestic clearing house system, so for the BCB they don’t use that for payments or receipts. That interface is used by the central bank to update the reserve or nostro accounts the domestic banks maintain with BCB after the daily clearings, either on a netted basis or full transactions basis.

            A.1.4 It’s clearer to see System X as the central bank’s core banking system which would have various functionalities such as Foreign exchange, deposits, etc, as well as accounting.

            Payment/receipt need to be classed into 2 types :

            (a) Those relating to payments for normal office expenditures — salary, stationery etc, or receipts for fees, penalties,etc
            A central bank would use a govt-owned bank for this purpose. They would maintain a banking a/c like any banking customer. The System X will have the payment vocher/receipt functions like any normal accounting system.

            (b) Those arising from banking transactions like FX, money market deposits, remittances.
            For any banks, these would be where the volume is. SWIFT is meant for these transactions. It does’nt matter whether its domestic or international transaction. It is currency based. Any pay/receipt involving the local currency will be routed to the relevant correspondent banks within the country, foreign currencies go to the various currency centres where the correspondent banks are.

            This hacking is in the nature of remittances.

            Note the distinction of transaction and value dates:

            The transaction date is when the deals were executed or contracted. Transactions are processed and encoded into System X on the same day. It gets into the bank’s accounting immediately.

            Value date is when the payments/receipts are executed. The transaction dates may or may not be the same day as value dates. Mostly they are not. Same day value transactions are rare, because of international time differences. Spot transactions are actually 2 days in advance. In this hacking case, the remittances must be for same day value. Bangladesh is 11 hours ahead of NY so when the Fed receives the instruction they can execute payment. But Manila is 13 hours ahead of NY so RCBC lost 1 day value. (It does not matter in this case because technically RCBC didnt now about money coming in.)

            Some transactions involve both a front date and end date payment/receipt. Eg a 3 month placement involve a day 1 receipt of funds and a payment 3 months later. Or a 3 month forward foreign exchange involves a payment/receipt of 2 currencies in 3 months time.

            What this means is transactions are already captured in System X on transaction date and they are flagged for payment/receipt when they fall due. So each day there will be items for payment/receipt for value tom or tom next. The bank will then need to manually encode these items into SWIFT. There is thus a duplication of work — encoding into System X and then encoding into SWIFT which increases not only labour cost but chances of mistakes.

            So this is where the SWIFT Alliance apps come in. The bank need only do a one time admin set up in terms of SWIFT codes of the parties they deal with. Each day System X will upload those items flagged for payment/receipt into Alliance. The interface system auto formats into relevant SWIFT protocols and upload into the SWIFT server. No manual recoding required. It is likely the uploading is under administrator control, either individually or in batches. Someone checks and press the accept button.

            So the $81m question is where did the hackers insert the payments instructions?
            (a) They hacked System X and put fictitious remittance transactions there
            (b) They hacked Alliance and inserted the payment there
            (c) They hacked SWIFT server and created the SWIFT payment there.

            The least probability is (c) because of extremely strong encryption in SWIFT. This was why the printer had to be disabled.
            (a) is quite unlikely for 2 reasons. Firstly, there will be issues of the fictitious transactions appearing in the various reports that System X routinely generates for various bank dept during the course of the day and at the close of business; secondly it would mean the hackers need to study System X. This team of hackers have attacked a few other banks before. It is unlikely that they go about studying so many different banking systems. From time investments and risks, this scenario is not their modus operandi.
            My money is on (b) because there are’nt many Alliance packages in the market, and more importantly, an attack via the Alliance interface have been done before. As I mentioned in my article, this imposes a greater risks for banks that us the same Alliance package as BCB.

            Here is the important part why there is almost certainty of insider assistance — the hackers need to know how much money BCB had in their account at the FED. They can’t execute $1 billion payments if they have only $100,000 there. BCB may have some OD limits at the FED but certainly not $1b. If they did not hack into System X or SWIFT server there is no way the hackers know of the $1b balance in the FED. That is why I questioned why did BCB leave such a huge amount of idle balance in an operating a/c. $1b at 1% pa carries an opportunity cost of about $30,000 per day.

            A.1.7 The SWIFT token contains not just passwords but a lot of other security stuff too technical for me.

            B. 2.10 The plan did not fail due to a spelling error. That incident happened in the remittance to Sri Lanka. For me, I think that Sri Lanka payment could provide very useful answers. Of the 35 payments, only 1 went to Sri Lanka, the rest were destined for RCBC. The odd one out is always a key to an answer.

            The plot failed because FED staffers noticed unusual transactions. Too many in a single day, almost all to RCBC, and the nature of the payments. A central banker is not a govt banker, thus unlikely to pay for govt projects. Philippines uses their accounts at Planter Bank and Coconut Planters etc, for their payments, not the BSP.

            • edgar lores says:

              Chemrock, thanks for clarifying some points.

              1. Would not System X hold the info that there was $1B in the FED account?

              1.1. If that huge amount was unusual, would not the officials who allowed the amount to be there be immediate suspects?

              2. I only favor option (a) because the route to Alliance is thru System X. But if the hackers could bypass System X and directly queue transactions to Alliance, then I agree this would be much simpler.

              2.2. This would mean that there would be no need to hack SWIFT, option (c), and no need to know anything about the token. However, the out-of-order printer might still be a sticking point.

              2.3. Regardless, I think the hackers had to study System X for user credentials and data content for the fake transactions.

              2.4. The link between System X and Alliance, the triggering of the upload, could be manual or automatic. In the scenario I outlined, the sign-off of the manager after review of the day’s approved transactions could trigger the upload. In my scenario, the manager would not be able to see the fake transactions… but it would be at this point that the hackers would insert them.

              • chemrock says:

                1. Yes, but the a/c balance will only be updated at the end of day run by the system where all due date transactions will be posted by the system. There may be real time balance info on screen but I doubt a hacker can view this offsite because they can observe only field data in files, not something assembled or computed by a screen enquiry.

                1.1 He would be my first person of interest. There is no Treasurer in the world that would leave $1b idle. They may have their reason, but I would love to know that may be.

                2.1 I understand what you are saying. The Alliance server is simply another workstation on the network so I think hackers can access it directly, but I dont have technical knowledge, maybe someone else can clarify.

                2.2 Whether the payments are inserted at System X or Alliance, they still need to be uploaded into SWIFT and someone need to execute SEND. If they have not hacked into the SWIFT server they certainly need the system logged on with the token. What we do not know is can they execute everything in stealth — payment insertion, upload, and send. I don’t think they can which means they swing into action after close of business. FED received the first SWIFT message Feb 4 at 9.55 am which means the payments were sent at night about 9pm Feb 4. That means they hackers needed Alliance and SWIFT to be logged on. There is absolutely no reason for BCB staff to leave these systems logged on. Again pointing to inside assist.

                2.3 Debatable. I think they are familiar with that particular Alliance app so System X is redundant.

                2.4 I believe what you mean is when authentic payments have been check edand approved and uploaded into SWIFT, the fake payments, unseen by staff, gets uploaded at the same time. That is plausible, sort of invisible and sneaked through. You are slimy, Edgar.
                But 2.2 above was probably what happened, given the timing and office closure, systems not logged off, SWIFT token left logged on, printer off.

        • edgar lores says:

          Another speculation: For the period that the internet gateway was left open, authorities should conduct a reconciliation of payment transactions between the central bank and SWIFT.

          It is highly likely that the hackers “tested” their scheme with a medium fake transaction before the great heist.

          This medium transaction would not be on the central bank system but would be on SWIFT.

          • chemrock says:

            Companies do bank account reconciliation mostly on a monthly basis.

            Banks do bank account reconciliation every day. This is a critical check because of the sheer volume and the values. Big banks could have pay and receipts of $ trillions per day.

            Mistakes cost losses in delayed interest claims, opportunity costs, as well as counter party exposure risks. Eg a counter party was supposed to make a repayment of $10m to us so we record a receipt assuming the funds will come in. Our treasurer will make us of the funds on the assumption it will be there. Next day we reconcile and discovered the counter party failed to pay (normally it’s due to a mistake) so what happens? Our a/c with our correspondent bank is OD $10 and interest. The counter party still has a $10m outstanding, representing a credit exposure.

            • Bill In Oz says:

              Chemrock & Edgar..These comments on how the big Bangladesh Central bank robbery happened, are interesting. But they are also technical and surely by now, academic.

              The real question for the Philippines is : Who were the recipients of the stolen money ?”

              Only a small fraction of the US89 million which arrived in the Philippines has been recovered. And from memory it was processed through the Manila Casinos. And the Manila casinos claim they are not bound by any Philippines law to reveal the recipients.

              So when will Duterte solve this issue by using his rough & ready ( but very effective ) methods on the casino managers or owners ? I’m sure he has helicopters available if needed.

              • chemrock says:

                Bill — there are two trails to follow — the digital forensics and the money trail. Technicals are needed to assist the forensics.

                Philippines side of the investigation seems to me to be one big bumbling Clousseau act tripping over legalities and a senate circus that took centre stage and investigators with no teeth. From day 1 the crime was tagged money laundering, thrusting the AMLC to front the investigation, a fatal error, I believe, as it was then no longer a crime under hot pursuit but by people who will argue on the final prints of the laws whilst perpetrators sat in casinos making the cold cash disappear. (Clousseau would be one act better, cause he always get his man at the end).

                I wondered why Philipppines never do this :
                1. Check the Sri Lanka end. One single payment went to Sri Lanka, the rest (34) to RCBC. The exceptions very often throw up vital clues.
                2. The junket operators knew who were the ones sending the cash to them, their customers. A couple of Chinese big time gamers names were mentioned. What happened. Why Chinese authorities were not roped in?
                3. They knew some funds went to Hongkong. Why HK assistance were not roped in?

                As I indicated from day 1, the remittance company Philrem has lots of dark secrets to tell. Eventually the authorities got round to it, the company has been forced closed and the husband and wife are under arrest. Too late — whatever evidence they may have are all gone. (In HK or Singapore commercial crimes investigation, Philrem office would have been physically sealed off by authorities on day 1 and RCBC would be flooded with an army of investigators)

                If I were the authorities, I would allow Philrem a plea bargain — cooperate and go after Binay.

                What would Duts do? Well 6 months into his admin, the money that were recovered from various parties are yet to e returned to Bangladesh.

  76. karlgarcia says:

    More on the technical side.

    It was reported that the Bangladesh Central Bank did not invest much on its network security.

    It was reported that their routers cost only 10 $.


    Pinoy hacker involved?
    LCX mentioned that possibility,but like Edgar I do not agree,but everything is possible

    Chinese and Russians have more hackers, and the money ended up in China, right?

    • chemrock says:

      It seems hacking involving complicated financial crimes such as this is the forte of Russians. The IT security slueths engaged said they have been tracking this hacking group for some time. Seems the Russians do the hacking, Pinoys move the cash out of financial networks into hard cash and Chinese do the laundering. Throw in some Bangladeshis to do some inside job and we have a jolly band of international conspirators. This was a transnational crime so Interpol has to be involved. It can’t be solved by Bangladesh or Philippines alone.

      Bangladesh has indicated their investigation is coming to a close and many employees will be charged very soon. About 100 employees have hold departure orders.

      Meanwhile in Philippines 5 RCBC officials have been charged in Nov 2016. Branch Manager Deguito is not amongst these 5. probably she turned state witness. As I indicated, the Treasury Manager has to be involved and yes, he has been charged. Note that they are all charged under the Anti-Money Laundry Act, meaning for negligence to take certain actions in the normal course of banking to satisfy themselves the customers’ funds are legitimate and for not observing certain reporting requirements. This is obviously a very low level charge for which these 5 departmental heads take the rap. Some of them may be just obeying instructions of higher ups. Some may be`in the know for which the high charge should be criminal conspiracy.

      If it’s for charges under the Anti-Money Laundering Act it should be the bank itself that gets the rap, for which punitive penalties can be in billions. There is something very wrong with Philippines justice.

  77. karlgarcia says:

    Duterte wants his men on BSP and AMLC, it remains to be seen what will happen.

Check out what others are saying...
  1. […] Source: The Great Bangladesh Central Bank Heist […]

  2. Quora says:

    How did Hackers breached Federal Reserve Bank and send money to Sri Lanka & Philippines?

  3. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  4. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  5. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  6. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  7. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  8. […] The Great Bangladesh Central Bank Heist | The Society … – Awesome, just AWESOME, article, chempo. Thanks!!! “That the 5 payments that went through arrived in Sri Lanka and Philippines is no coincidence. […]

  9. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  10. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  11. […] The Great Bangladesh Central Bank Heist | The Society … – The Great Bangladesh Central Bank … If you make an ATM … And do take note that I did qualify towards the end that I don’t believe in any Filipino grand … […]

  12. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  13. […] The Great Bangladesh Central Bank Heist | The Society … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  14. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  15. […] The Great Bangladesh Central Bank Heist | The Society … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  16. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  17. […] The Great Bangladesh Central Bank Heist | The Society … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  18. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  19. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  20. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  21. […] The Great Bangladesh Central Bank Heist | The Society … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  22. […] The Great Bangladesh Central Bank Heist | The Society … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  23. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  24. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  25. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  26. […] The Great Bangladesh Central Bank Heist | The Society … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  27. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  28. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  29. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  30. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  31. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  32. […] The Great Bangladesh Central Bank Heist | The Society of … – w By chempo This must have been The Great Train Robbery of the 21st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

  33. […] The Great Bangladesh Central Bank Heist | The Society of … – w. By chempo. This must have been The Great Train Robbery of the 21 st century. Hackers were suspected to have been responsible for sending SWIFT FIN payment … […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: