The Dhaka Metropolitan Senior Special Judge Court has sent an order for the confiscation of $81 million from the Rizal Commercial Banking Corporation in the Philippines in connection with the 2016 cyber heist from the Bangladesh Bank’s foreign reserves, according to the Criminal Investigation Department of Bangladesh Police.
Judge MD Sabbir Faiz passed the order following a petition submitted by the CID, asking to transmit the order to the relevant authoritites in Bangladesh and the Philippines for an immediate execution and compliance.
CID chief Md Sibgat Ullah disclosed the development at a press conference at the CID headquarters in Dhaka on Sunday.
‘The court issued the order on September 18 to seize the funds held in the Rizal Commercial Banking Corporation, nine years after the theft. A copy of the order has been sent to senior RCBC officials in the Philippines,’ he said.
However, CID officials at the briefing said that it was not confirmed how long it would take to recover the amount.
They also could not confirm whether the Rizal Commercial Banking Corporation had officially acknowledged the court order.
They expected that the Rizal Commercial Banking Corporation would return the money to Bangladesh soon, upholding its reputation.
CID officials said that they were unable to provide further details as the investigation was still going on.
The Bangladesh Bank reserve heist remains one of the biggest cybercrimes in global banking history, which occurred in February 4, 2016.
CID officials said that investigators found that RCBC officials, including then-president and CEO Lorenzo Tan, branch manager Maia Santos Deguito of the RCBC Jupiter Branch in Makati City, along with other officials who opened five fictitious bank accounts. Through four of the accounts, the stolen funds were illicitly funneled.
Despite an official message from the Bangladesh Bank instructing the Rizal Commercial Banking Corporation to stop payment, these officials proceeded to disburse the stolen funds illegally, said the CID.
The CID said that its investigation, based on the evidence, determined that the Rizal Commercial Banking Corporation, as a corporate entity, committed money laundering in line with section 27 of the Money Laundering Prevention Act.
In accordance with the United Nations Convention Against Transnational Organised Crime, the Philippines’ domestic laws, and the Financial Action Task Force guidelines, the Bangladesh government will formally pursue the Philippines government to enforce this order and recover the laundered funds.
In February 2016, hackers attempted to steal nearly $1 billion from Bangladesh Bank’s account with the Federal Reserve Bank of New York by sending 35 fake SWIFT transfer requests messages. While most transactions were blocked, $101 million was successfully withdrawn.
Of the stolen funds, $20 million was transferred to Sri Lanka, but was later recovered. The remaining $81 million moved through the Rizal Commercial Banking Corporation in the Philippines and laundered through casinos.
So far, Bangladesh has managed to recover around $34.6 million, with $66.4 million still missing.
After 39 days of the incident, on March 15, 2016, Bangladesh Bank deputy director Zubair Bin Huda filed a case with the Motijheel police station against unidentified people under the Money Laundering Prevention Act.
Later, the CID was tasked with the investigation, but it failed to complete the probe till now.
In 2019, Bangladesh also filed a lawsuit in a US federal court against RCBC, several casinos, 17 individuals and institutions, and three Chinese nationals, accusing them of planning and carrying out the theft.
RCBC and others countered that the matter was outside the jurisdiction of the court and sought dismissal.
In March 2020, the court rejected the case on technical grounds but said that Bangladesh could file a case with another court. The Bangladesh Bank then filed a fresh case with New York County Supreme Court in May 2020.
The FBI later revealed that North Korean hackers had spent two years preparing for the attack.
They first entered the Bangladesh Bank’s system by sending a fake job application email.
Investigators identified Park Jin Hyok, a North Korean programmer, as one of the masterminds.
US media and the BBC reported these findings based on court documents filed in California in 2018.
