The Bangko Sentral ng Pilipinas (BSP), Philippines’ central bank, has issued a PHP 1 billion ($21 million) fine to Rizal Commercial Banking Corp (RCBC) for cybersecurity failings.
RCBC was used by cyber criminals to channel $81 million stolen from Bangladesh’s central bank earlier this year.
According to BSP, the fine was “the largest amount it has ever approved as part of its supervisory enforcement actions” on a bank.
RCBC is going to pay the fine in two equal instalments over one year. The bank’s president and CEO, Gil Buenaventura, issued a statement saying that “RCBC affirms its continued viability and determination to fulfil its firm commitment against money laundering, terrorism and other transnational crimes to ensure the stability of the banking system”.
Reuters reported that RCBC has recently challenged Bangladesh Bank to take it to court. “Philippine side has done its part,” RCBC told Reuters, whilst the transfers were made based on authenticated instructions over the Swift network.
According to the Bangladeshi side, it was systemic failures at RCBC – not just individual mistakes made by RCBC’s staff – that allowed the stolen money to disappear into the casino industry. A team from Bangladesh Bank is currently in Manila, trying to recover the money. However, it is understood that so far the team is likely to recoup just $15 million.