Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • ArabiaREFLECT Bangladesh

    Cargado por

    Duchess Saudia
    9 vistas3 páginas

    Título original

    ArabiaREFLECT-bangladesh.docx

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    DOCX, PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    9 vistas3 páginas

    ArabiaREFLECT Bangladesh

    Cargado por

    Duchess Saudia

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 3

    Arabia, Duchess Saudia T.

    5BSA

    Reflection Paper: The Bangladesh Bank Heist

    The Bangladesh Bank heist took place in February 2016. A total of $101 million were
    transferred, $20 million to Sri Langka and $81 million to the Philippines. The $81 million from the
    Bangladesh bank at the Federal Reserve Bank of New York was stolen by hackers via the Society
    for Worldwide Interbank Financial Telecommunication (SWIFT) network. Egregious violations of
    the banks security procedures have also been uncovered. On the day of the robbery, its security
    cameras were disabled. A number of security protocols need to be met before the SWIFT system
    authorizes a payment: one step, a physical key or dongle, was left plugged in for weeks, rather
    than locked away. Five of the hackers 70 messages were accepted as genuine by the New York
    Fed. The stolen money was transferred to various accounts at the Jupiter Street Branch of the
    Rizal Commercial Banking Corp. (RCBC) in Makati City, Philippines. The money transferred to Sri
    Langka was recovered ($18 million) but none from fictitious bank accounts in RCBC was
    recovered. Officials state that the money was withdrawn from a bogus account set up under the
    name of a local businessman, William So Go, who denies any involvement in the transfers. The
    banks internal investigation showed Deguito, RCBC banks branch manager, helped set up an
    account under Gos name, with a forged signature. The Senate investigation revealed the money
    was transferred to remittance company Philrem, where it was converted to Philippine pesos,
    before being sent to two casinos and to a person named Weikang Xu. Xu runs Solaire resorts and
    casinos.
    The NBI is coordinating with relevant government agencies including the country's Anti-
    Money Laundering Council (AMLC). The AMLC started its investigation on February 19, 2016 of
    bank accounts linked to a junket operator. AMLC has filed a money laundering complaint before
    the Department of Justice against a RCBC branch manager and five unknown persons with
    fictitious names in connection with the case. A Philippine Senate hearing was held on March 15,
    2016, led by Senator Teofisto Guingona III, head of the Blue Ribbon Committee and Congressional
    Oversight Committee on the Anti-Money Laundering Act. A closed-door hearing was later held
    on March 17. Philippine Amusement and Gaming Corporation (PAGCOR) has also launched its
    own investigation. On August 5, 2016, the Bangko Sentral ng Pilipinas approved a 1 billion
    (~US$52.92 million) fine against RCBC for its non-compliance with banking laws and regulations
    in connection with the bank robbery. According to Wikipedia, U.S. prosecutors are reportedly at
    work building potential cases that would accuse North Korea of directing the theft of $81 million
    from Bangladesh Bank's account at the Federal Reserve Bank of New York. The report also said
    that to be included in the charges are "alleged Chinese middlemen," who facilitated the transfer
    of the funds after it had been diverted to the Philippines.
    In addition to the huge financial loss, Bangladesh Banks professional credibility as a
    reliable business partner has been tarnished in the global banking network, where security is a
    hallmark of professional threshold. The incident severely harmed the trust in the IT systems of
    the global banking sector. It is clear, that the global monetary network is only as secure as the
    weakest bank in the alliance. The Bangladesh attack was noteworthy because it called attention
    to the SWIFT, the financial messaging services system that many of the worlds banks rely on to
    coordinate and communicate about automated financial transfers. The SWIFTs model seems to
    have failed to provide a layered security approach, which allowed the attackers to exploit the
    system without compromising the core servers of the SWIFT network. The incident shows the
    risks that banks connected to the SWIFT system are exposed to as a result of the security
    vulnerabilities of other member banks. By breaching the Bangladesh Central Bank's security
    firewalls, hackers were able to hack the system and transfer the funds through the established
    global banking networks almost undetected. The failure of the Bangladeshi government to build
    adequate safeguards for its financial system became the starting point for a global, multi-million
    money laundering scheme whose effect was felt beyond the country's borders. This heist scheme
    demonstrates the value of combining cybersecurity, anti-fraud, and anti-money laundering
    (AML) disciplines. Such a step would provide a clearer picture of the threat landscape, may
    increase the likelihood of early detection, could avoid duplication of effort between fraud and
    AML personnel that may end up investigating the same transactions, and should define roles,
    responsibilities and procedures for reporting of attempted or actual suspicious transactions
    related to such incidents. The opportunity to stop the fraud does not just lie with the originating
    institution, but counterparty banks and institutions play a role in monitoring for and combating
    the fraud.
    Corporate governance emphasizes external regulation and internal control of the firm by
    legal means and assumes that the monitoring function is controlled by the board of directors and
    senior managers. Corporate social responsibility (CSR) is about how the firm regulates its own
    behavior with reference to social norms; now including external, mainly soft, governance
    systems. Corporate social responsibility is concerned with treating the stakeholders of the firm
    ethically or in a socially responsible manner. Here CSR is sometimes seen as a threat to the agent-
    principal relationship in which the agents (managers) should simply serve the assumed priority
    of their principals (shareholders) for short-run profits. But it seems to me that the agent-
    principal relationship is itself misguided and misrepresents proper governance of the company.
    The interests of the company itself, of other stakeholders and of society at large have been
    recognized as appropriate points of managers responsibility. It is the managers responsibility to
    not only serve the best interest of the shareholders but also the public, especially since banks are
    where people entrust their hard-earned money or so-called treasure, to be kept safely.
    RCBC was at the center of the money laundering scandal after the stolen funds owned by
    Bangladesh central bank entered the Philippines in its Jupiter branch. The branch manager, Maia
    Deguito, was charged for money laundering wherein she facilitated the withdrawal of the said
    funds from RCBC and deposited them to the accounts of the unknown and fictitious account
    holders. The company doesnt have good corporate governance because there was lack of
    sufficient monitoring by board and means of communication that made the unauthorized
    transactions possible. Apparently, the bank had failed to follow regulation against fraud and
    theft. It should now be clear, that the leaders of the banking world globally need to improve the
    state of cybersecurity by both developing more secure systems as well as train their personnel
    to detect anomalies. As the fraud was only detected after human intervention, it should be clear
    that the current state of automated fraud detection and prevention mechanisms is not yet at
    adequate level. The scandal is also a reminder that any device linked to the computer system has
    the potential to create a new vulnerability.
    All companies should evaluate the risks posed by third parties with access to their
    systems. RCBC should revamp its training modules and introduce the anti-money laundering
    certification program to ensure that all bank personnel are aware of their roles and
    responsibilities in the money laundering. These would help minimize the banks exposure to risks
    and strengthen its commitment to combat money laundering. If the banks and even SWIFT do
    not heighten their security controls and monitor it strictly, it would lead to the fall of their
    organization because of their ruined public image, the public wouldnt make any transaction with
    them. Financial institutions should follow leading industry practice of managing their payment
    systems at an enterprise-risk management level that considers operational, legal, regulatory
    credit, reputation, fraud, and business continuity risks. Financial institutions need not wait until
    they suffer losses to anticipate and respond to this new, sophisticated financial crime threat.
    However, a proactive defense will require institutions to combine three familiar security
    measures cybersecurity, anti-fraud, and insider threat management

    También podría gustarte