By Nathan Layne
After an $81 million cyber heist at the Bangladesh central bank, the Federal Reserve Bank of New York said there was no problem with its procedures for approving fund transfers, according to a letter released on Friday by a U.S. lawmaker who had questioned those methods.
U.S. Representative Carolyn Maloney had called for a probe of the fund transfers triggered by the February cyber attack on the Bangladesh central bank.
In the April 14 letter Thomas Baxter, general counsel and executive vice president at the New York Fed, said the correct procedures were followed in approving five transfers of money and in blocking 30. Blocking the 30 requests prevented the attackers from reaching their goal of stealing a total of $951 million.
Baxter said the New York Fed's systems were designed to flag transfers to people and jurisdictions subject to sanctions but not to block a transfer if it had passed the authentication process on the SWIFT messaging network.
That comment was an acknowledgement that the New York Fed, much like other banks, in most cases relies solely on SWIFT verification to prevent fraud and does not take additional steps.
"Unlike the SWIFT authentication protocols, these steps are not designed to protect our customers from an unauthorized transfer," Baxter wrote in the letter.
"The vast majority of authenticated instructions received from foreign official account holders are not flagged for manual review by the automated systems."
Authorities in Bangladesh and elsewhere are still trying to figure out how hackers carried out the attack and what happened to the money, which was routed from the Bangladesh Bank's account at the New York Fed to banks in the Philippines.
Cyber security firm BAE Systems connected the heist on Friday to the hack at Sony Corp's film studio in 2014, a day after SWIFT disclosed a second attack similar to the Bangladesh incident, this time hitting a commercial bank.
The attacks have put a spotlight on the global financial messaging system run by SWIFT, a Belgian based co-operative owned by member banks.
Maloney said in a statement on Friday that while Baxter's letter provided key information about the incident, she remained "concerned that there are critical security gaps in the international payment system."
Maloney said she would urge the New York Fed to review its security protocols to make sure such a heist does not recur.