Hide and seek

IT WAS one of the most spectacular robberies of modern times. In February thieves tried to steal nearly $1 billion from accounts held by Bangladesh Bank, the central bank, at the Federal Reserve Bank of New York. They were thwarted, but only after spiriting away $101m. Since then Bangladesh’s government has twice suppressed the publication of a report into the heist, most recently last month, on the ground that making it public would jeopardise efforts to retrieve from the Philippines $81m that is still missing. Interviews with officials and others in Dhaka lead to an obvious conclusion: the report will almost certainly never be made public.

The investigating panel’s remit was to establish why the central bank kept the theft secret for a month, whether bank officials were involved in it and how to avert a similar heist in future. Mohammed Farashuddin, a former central-bank governor, who led the probe and once advocated its publication, will not comment on its findings. The word in Dhaka is that the report is being buried because it exposed lapses at the central bank and implicated its officials or consultants. The government has consistently blamed outsiders: hackers, the New York Fed and SWIFT, the messaging network for cross-border payments on which the transactions took place.

The government is still trying to retrieve stolen money from the Philippines. Much of it flowed through casinos in Manila. The country’s president, Rodrigo Duterte, has promised to help. In September a court in the Philippines ordered the central bank, which received some of the stolen money, to return $15m. Filipino officials may be hoping the Bangladeshis will take their money and leave them in peace. That is a small price to pay for keeping their money-laundering controls lax enough to continue to attract wealthy Chinese gamblers.

Nobody has yet explained how the thieves managed to send the New York Fed properly authenticated SWIFT transfer orders. Nor is it clear why the Fed’s controls failed to stop odd-looking transfers to accounts held by individuals. Few think it possible to hack into the SWIFT systems at Bangladesh Bank and issue transfer orders without the physical presence of a person inside the central bank. If it did turn out to be possible, it would be hugely worrying for the global payments system: SWIFT covers half of all big cross-border transfers. It is more likely that the criminals did have access to the SWIFT terminals in the bank. That would suggest the heist was at least in part an inside job: a collaboration of hackers and bank employees or others who were allowed close to its SWIFT terminals.

As Bangladesh’s politicians stonewall, that is the line of inquiry that its sleuths are pursuing. The police’s Criminal Investigation Department (CID) wonders if the SWIFT staff or consultants who installed the central bank’s systems were involved (or at least negligent); SWIFT denies this. The CID wants to talk in Dhaka to these eight individuals—Indian and Sri Lankan nationals—but has not yet managed it. The race is not always to the SWIFT.