Top Story

By Melissa Luz T. Lopez and Imee Charlee C. Delavin, Reporters

Cyber heist prompts
bank industry
to check controls

Posted on March 22, 2016

THE RECENT DETECTION of some $81 million stolen from the government of Bangladesh that made its way with ease through the Philippines’ financial system and casinos -- in what is believed to be one of the biggest such heists in history -- has prompted a review by both local monetary authorities and banks of existing internal controls.

RCBC branch manager Maia Santos-Deguito on March 15 takes an oath during a Senate hearing on the alleged stolen funds from Bangladesh foreign reserves. AFP
“We always need to draw lessons from our experiences. We are reviewing all our relevant regulations to mitigate current and future risks,” Bangko Sentral ng Pilipinas (BSP) Deputy Governor Nestor A. Espenilla, Jr. said in a recent text message.

“The facts are just coming out right now. We’ll have to decide depending on what are the facts. I think as the hearing progresses, pieces of information are coming out.”

The Anti-Money Laundering Council (AMLC) has initiated investigation on the case, following a request on Feb. 11 -- a few days after the funds were remitted to four accounts with the Rizal Commercial Banking Corp. (RCBC) -- of the now-resigned Bangladesh Bank Governor Atiur Rahman to his counterpart BSP Governor Amando M. Tetangco, Jr. to trace and possibly recover the stolen money.

Wire transfers from the Bangladesh Bank’s account with the United States Federal Reserve were made to four accounts with RCBC’s Jupiter Street branch that were then coursed to accounts under the name of businessman William S. Go that were purportedly opened without his consent. The accounts were opened in May 2015 and were left untouched until Feb. 5, when the transfers were made.

The AMLC has filed charges against RCBC branch manager Maia Santos-Deguito for her alleged knowledge of the entry of dirty money, alongside the owners of the four accounts through which the funds were coursed.

AMLC Secretariat Executive Director Julia Bacay-Abad confirmed before the Senate Blue Ribbon Committee last week that multiple fund transfers totaling some $66 million to Mr. Go’s alleged accounts and $15 million to an Enrico T. Vasquez account eventually went to remittance firm PhilRem Service Corp. that, in turn, reportedly delivered the money to casino junket operator WeiKang Xu.

In the course of the Senate inquiry on Thursday, Ms. Deguito and other bank officials refused to discuss details of the bank transactions and deposits, citing provisions under Republic Act 1405 or the Law on Secrecy of Bank Deposits signed in 1995.

Going forward, Mr. Espenilla stressed the need to communicate to international observers how local authorities have since acted on the case through policy and regulatory tweaks to prevent a recurrence, as officials flagged the country’s possible return to the watch list of the watchdog Financial Action Task Force and risks of credit rating downgrades, among others.

“What’s important is what we do about managing the risks,” the BSP official said in a separate interview.

“The Philippines has been a growing economy. Increasingly, it’s an attractive place for money to come in -- good and bad money,” he noted.

“The Philippines is just being apparently the place where you clean up the money... the challenge is how do we make the system more unattractive to illegal funds.”

The BSP itself is conducting its own investigation on possible lapses of banks and financial entities in complying with the central bank’s regulations on operational risk management, among others.

BSP’s Mr. Tetangco has likewise called for the easing or lifting of the “very strict” deposit secrecy rules that have hampered probes on the current case.

Locla lenders themselves said controls are in place and just need to be reviewed.

EastWest Bank President and Chief Executive Officer Antonio C. Moncupa Jr., said: “We continue to remind our people to follow existing processes and controls, particularly on know your customers’ protocols to ensure we continue to avoid a similar scandal... our processes and controls are effective and working just fine.”

For Ayala-led Bank of the Philippine Islands (BPI), the internal review is part of its regular protocol. “We continue to review our systems and process. It’s part of the normal process of continuously looking at our processes and reviewing. It’s not just a response of what has happened but it is always an ongoing process for us. It’s embedded in our processes, since when you implement something, part of that is the monitoring,” BPI Family Savings Bank President Natividad N. Alejo said in a recent interview.

Security Bank President Alfonso L. Salcedo, Jr., said: “I think the regulations are there, you just have to follow it. On our part, we’re just reinsuring everything -- the KYC (know-your-client) -- we’re just ensuring the quality, not really tightening it.

Philippine Business Bank President and Chief Executive Officer Roland R. Avante for his part said: “We just reiterated to maintain strict enforcement of existing policies and procedures as they are enough if done accordingly. KYC was also part of the reminder.”

For Aboitiz-led Unionbank of the Philippines, the issue has triggered “end-to-end” review of its existing policies and systems in place. “The chairman (has) already ordered a review, another round of review of our own information security which is more comprehensive -- not just IT, cyber-security -- but also operating procedures. You have to look at it end-to-end where the possible weaknesses are,” UnionBank President and Chief Operating officer Edwin R. Bautista said, referring to Chairman and Chief Executive Officer (CEO) Justo A. Ortiz.

The fresh round of review, he noted, started right after the issue blew up.

“The chairman-CEO on his own already called our chief risk officer, our chief information security officer, and operations head, and asked to do the review. We’re watching this very closely because you’ll have learnings here... What’s important is to look at it end-to-end, the whole process: you have to make sure you’ve identified all the loopholes. I guess all the other banks are doing the same,” Mr. Bautista added.

“Different areas have been reviewed both individually and as a whole, what we want to do is just review that all over again.”

Gokongwei-led Robinsons Bank President and Chief Executive Officer Elfren Antonio S. Sarte said: “The regulations are there; we are just reiterating what’s there since it’s already there to begin with.”

For RCBC itself, part of ongoing internal investigations is to identify areas for improvement.

“Part of the investigations that have been conducted or still being conducted is a way to understand what happened, how it happened and that should lead us to how we can improve, how we can further improve and prevent this thing from happening,” RCBC Savings Bank President and Chief Executive Officer Rommel R. Latinazo said when sought for comment.

“...I think even the other banks are doing their own reviews of their own processes and I think the aim is trying to seek... improvements. For us, definitely it is part of the things that we look at as part of the investigation and try to see moving forward if there are areas that needs improvement.”

RCBC President and CEO Lorenzo V. Tan had earlier proposed to members and incoming board of the Bankers Association of the Philippines (BAP) the establishment of an Anti-Financial Crime Committee to be led by a BAP Board member with the mandate of checking compliance with rules against financial crime, money laundering, and terrorist financing.

“This [money laundering issue] is unprecedented and has dire consequences on how we conduct business in our industry. We need to face up to challenges that introduce systemic and institutional risk. We have threats that originate from sources outside our borders and beyond the reach of Philippine legal jurisdiction. Threats that require new risk-mitigating strategies and creative financial crime preventive tools,” Mr. Tan was quoted as saying in a statement.

Mr. Tan -- who recently ended his stint as BAP President -- said the proposed committee will also identify loopholes in laws and regulations and lobby with legislators, regulators and banks’ governance boards for changes needed.

“In close coordination with the BSP, the Anti-money Laundering Council, Congress, law enforcement agencies and all financial institutions, a comprehensive strategy needs to be immediately implemented in order to prevent similar incidents from recurring. The industry has to have the single mindedness for the consistent implementation of policies across all banks and financial institutions,” he added.

“All banks must participate and contribute their expertise because this issue highlighted our vulnerability and exposed the banks’ directors, officers and employees to compliance, operational, and reputational risks.”

Sen. Teofisto D. Guingona III, chairman of the Senate Committee on Accountability of Public Officers & Investigations -- better known as the Blue Ribbon Committee -- that is looking into the case, also said that legislators are considering amendments to the country’s banking and anti-money laundering laws. Apart from the inclusion of casinos among institutions covered by the Anti-Money Laundering Act of 2001, Mr. Guingona said the committee is also looking authorizing AMLC to issue cease and desist orders on suspicious transactions in order to promptly stem the flow of funds concerned.

“The law should be revisited to see how it is relevant to the fast-changing times,” Mr. Guingona said in a press briefing in Manila.

Ang napapahiya is the Philippines (was embarrassed): you get the impression you can send all sorts of illegal funds to the Philippines and get away with it.”