GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
Bangladesh’s central bank said it has reversed its plans to sue the Federal Reserve Bank of New York and the SWIFT money transfer network, and instead intends to seek their help recovering $81 million stolen by cyber thieves in February.
“At the moment we have no plan to go for any legal action against the Fed bank or SWIFT; rather we will seek their assistance,” said Subhankar Saha, the spokesman for Bangladesh Bank. He declined to provide reasons for the turnabout.
A source close to the Asian central bank last month said it was preparing litigation to seek compensation, claiming errors by the New York Fed and SWIFT had made Bangladesh Bank vulnerable. In the February heist, hackers issued false transfer orders on the SWIFT network to move funds out of Bangladesh Bank’s account at the Fed.
Bangladesh’s finance minister had also said in March he was weighing legal action.
“We only assessed different options, including the legal (option),” Saha said on Tuesday. “We look forward to cooperation both from the Fed and SWIFT.”
Officials from the Fed and Bangladesh Finance Minister Abul Maal Abdul Muhith were not immediately available for comment.
The shift came as meetings were to begin in New York on Tuesday between officials from Bangladesh Bank, the New York Fed and SWIFT. It also comes after the New York Fed last week published its standard contract with correspondent banks, which spells out that the burden of preventing and reporting breaches lies largely with the correspondent bank, in this case Bangladesh Bank.
Saha said there was no link between the decision not to pursue a lawsuit and the contract. “We were assessing options, and we prefer cooperation,” he said.
Deputy Governor Abu Hena Mohammad Razee Hassan, who is heading the Bangladesh Bank team in the New York meetings, said the bank operates under the standard Fed contract. He did not comment on any possible lawsuit.
The standard contract includes a requirement for the correspondent bank to “immediately” notify the U.S. central bank when it learned it was hacked, and to give the Fed “a reasonable opportunity to act” on cancellation requests. The Fed was bound to then “make reasonable efforts” to halt any fraudulent payments it had made.
The New York Fed is liable for acting on unauthorized payments only if it does not comply with agreed authentication messages, or fails to exercise good faith when filling a payment request, according to the contract.
The published contract notes litigation must be heard in a U.S. court.
In the Feb. 4 heist, the hackers peppered the Fed with payment requests, four of which were filled. Much of the money disappeared into casinos in the Philippines.
Reuters reported last month that Bangladesh Bank did not realize it had been hacked and d id not attempt to alert the New York Fed until two days after the money had been sent. By that time, a weekend in New York, the Fed took two more days to respond.
Reuters also reported that the New York Fed attempted and failed to cancel the payments and did not immediately inform Bangladesh Bank of its efforts