A Philippine bank manager who approved funds transfers at the centre of an attempted $US1 billion ($AU1.3 billion) international cyber heist was only following orders from high-level officials, her lawyer says.
Branch manager Maia Santos Deguito allowed $81 million to be withdrawn last month despite requests from the Bangladesh central bank - the owner of the funds - to stop the transfers, after a printer error inadvertently tipped off authorities.Bank manager Maia S. Deguito testifies before the Philippine Senate Blue Ribbon Committee probe into how $81 million of Bangladesh's stolen funds were transmitted online to four private accounts. Photo: Bullit Marquez
Investigators managed to halt $850 million in scheduled transactions, and cancel a $20 million payment to Pan Asia Banking.
But the $81 million that entered the Philippine banking system was credited to beneficiary accounts with Rizal Bank and eventually withdrawn.Maia Deguito takes her oath prior to the start of the Philippine Senate Blue Ribbon Committee probe into how about $81 million of Bangladesh's stolen funds were transmitted online. Photo: AP
Ms Deguito declined to answer questions at a five-hour Senate hearing on Tuesday, instead opting for a tell all in a closed-door executive session on Thursday.
Ahead of the appearance, her lawyer Ferdinand Topacio told DZMM radio Ms Deguito had emails, mobile-phone messages and other evidence showing that she was acting on orders from superiors when she approved transactions allowing the transfer of the funds.
"It is not at her level to transact such a huge amount" without the knowledge of the bank's "highest echelons," Topacio said.
Rizal Bank's chief executive officer Lorenzo Tan denied Ms Deguito's claims in an emailed statement.
Rizal Bank is involved in a scandal that saw hackers defraud Bangladesh's central bank of foreign reserves, which were subsequently routed to lenders in the Philippines and Sri Lanka. The governor of Bangladesh's central bank resigned this week over his agency's handling of the matter.
The Philippine anti-money laundering agency has said that Deguito allowed the opening of at least four fictitious accounts that received $81 million, and permitted the sum to be withdrawn on February 5 and February 9, despite requests from the Bangladesh central bank to halt the transactions. The funds about match the average daily amount overseas Filipinos send home in remittances.
A printer error first tipped off Bangladesh's central bank, according to a complaint filed to police that provided new details on the attempted theft of nearly $1 billion.
Zubair Bin Huda, a joint director of Bangladesh Bank, found the printer tray empty when he looked on the morning of February 5 for confirmations of SWIFT financial transactions that are normally printed automatically overnight. He then tried and failed to print out the messages manually from the SWIFT system, according to his complaint to police, the first step needed to start an official investigation.
"We thought it was a common problem just like any other day," Huda said in the complaint.
Because it was a Friday - a weekend in Muslim-majority Bangladesh - Huda left the office around 11.15am and asked colleagues to help fix the problem. It took them more than 24 hours before they could manually print the receipts, which revealed dozens of questionable transactions that sent the bank racing to stop cash from leaving its account with the Federal Reserve Bank of New York to the Philippines, Sri Lanka and beyond.
The case has prompted central banks around the globe to examine cyber security measures. It has also led to the resignation of Bangladesh's central bank governor and put money laundering in the Philippines under scrutiny.
The $20 million transfer to Pan Asia Banking raised alarms because of its size and a typo in the beneficiary's name, according to Nalaka Wijayawardana, deputy general manager of marketing at the bank.