New York Fed defends fund transfer after Bangladesh heist
By Nathan Layne
(Reuters) - After an $81 million cyber heist at the Bangladesh central bank, the Federal Reserve Bank of New York said there was no problem with its procedures for approving fund transfers, according to a letter released on Friday by a U.S. lawmaker who had questioned those methods.
U.S. Representative Carolyn Maloney had called for a probe of the fund transfers triggered by the February cyber attack on the Bangladesh central bank.
In the April 14 letter Thomas Baxter, general counsel and executive vice president at the New York Fed, said the correct procedures were followed in approving five transfers of money and in blocking 30. Blocking the 30 requests prevented the attackers from reaching their goal of stealing a total of $951 million.
Baxter said the New York Fed's systems were designed to flag transfers to people and jurisdictions subject to sanctions but not to block a transfer if it had passed the authentication process on the SWIFT messaging network.
That comment was an acknowledgement that the New York Fed, much like other banks, in most cases relies solely on SWIFT verification to prevent fraud and does not take additional steps.
"Unlike the SWIFT authentication protocols, these steps are not designed to protect our customers from an unauthorized transfer," Baxter wrote in the letter.
"The vast majority of authenticated instructions received from foreign official account holders are not flagged for manual review by the automated systems."
Authorities in Bangladesh and elsewhere are still trying to figure out how hackers carried out the attack and what happened to the money, which was routed from the Bangladesh Bank's account at the New York Fed to banks in the Philippines. Continued...