Philippines SEC Calls for Casinos to Fall Under Anti-Money Laundering Legislation Following New York Fed Cyber Heist

Posted on: March 15, 2016, 11:42h. 

Last updated on: March 15, 2016, 12:24h.

Philippines Securities and Exchange Commission (SEC) Chairwoman Teresita Herbosa said this week that her country needs to expand its current Anti-Money Laundering Act (AMLA) to provide investigative authorities with additional resources and research powers.

Atiur Rehman Philippines anti-money laundering laws bank heist
Bangladesh central bank boss Atiur Rehman stepped down on Tuesday, following an $81 million cyber heist of his country’s money. Ironically, Rehman is seen here after winning a 2014 GUSI Peace Prize International for his work in the field of economics. (Image:

Specifically, Herbosa says casinos need to fall under the AMLA umbrella of regulatory oversight.

“We need to strengthen the law,” Herbosa told reporters in Manila on Monday. “It’s a global effort to eradicate money laundering . . . We have to catch up with people doing that activity.”

Charged with supervising the country’s corporate sector, investing public, and its securities and investment market, Herbosa is responding to the Philippines’ apparent involvement in a successful $81 million cyber heist that spread from the United States to Southeast Asia.

Half Moved Through Casinos

A little more than half of the $81 million stolen in the cyber heist moved through two of  the country’s casinos, according to PAGCOR, the Philippine’s gaming regulatory authority. One unnamed PAGCOR official noted that the influx of funds went to the Solaire Resort and Casino ($26 million) and also to the Easter Hawaii Casino and Resort in the Cagayan province ($20 million). The deposits occurred between February 5 and 9.

As to where the money went once inside the two gaming properties, it’s all a bit vague, according to the same official, who didn’t want to be named, as the investigation is ongoing.

“Only a portion (of the $81 million) went to the local casinos and these were all used to bet at the tables and buy chips,” the regulator told, the news site for the Philippine Daily Inquirer.

“The rest of the funds never entered the local casino system. So, we don’t know where those funds went,” the anonymous source noted.

Spelling It Out

The multimillion-dollar heist was extraordinarily complex in design, yet it’s still somewhat unimaginable that in today’s world, an international group of hackers can quietly loot such a large sum of money from what’s supposed to be the most secure banking system in the world.

And worse, authorities might have taken much longer to catch on to the embezzlement, which was accomplished over many unique transactions, were it not for a spelling error that raised suspicions.

In February, the Federal Reserve Bank of New York received dozens of what appeared to be authorized withdrawal requests from the Bangladesh Bank.

The Fed approved the transactions, the first being for a sum of $81 million. The funds were deposited through the Society for Worldwide Interbank Financial Telecommunications (SWIFT) into foreign banking accounts, and then laundered through casinos in both the Philippines and Sri Lanka.

The next payment from the New York Fed was for $20 million, but an incorrect spelling of the word “foundation” caused payment processors to reconfirm the correct destination with Bangladesh authorities. The fraud was then detected, along with an additional $749-$769 million that had been scheduled to be extracted.

Repercussions Continue

The original $81 million payment remains unrecovered and the identities of the assailants are still unknown.

However, Philippine immigration authorities prevented a Rizal Commercial Banking Corp. (RCBC) branch manager from leaving the country late last week. RCBC was one of the bank recipients of the millions of transferred funds.

Under Philippines’ current AMLA law, the country possesses the authority to monitor the integrity of bank accounts in order to detect criminal activity and money laundering. The law defines these accounts as holdings in banks, non-banks, quasi-banks, trust entities, insurance companies, securities, and investments.

It makes no mention of casino transactions, however. Herbosa believes the recent hacking heist should serve as “good stimulus” to modify the AMLA to include such provisions.

While stronger anti-money laundering laws in Filipino casinos could aid in the recovery of laundered monies, the chief problem rests at the withdrawal process. The hackers were apparently able to implant a malware device on the Bangladesh computer network in order to gather the proper credentials to infiltrate the country’s account at the New York Fed.

“Relying on poor spelling should not be a security policy,” Jerusalem-based cyber security expert Andrey Dulkin told Bloomberg. “If the Bangladesh Bank had been monitoring the activity of these accounts, it could’ve quickly identified the anomalous behavior.”

As if to drive home that point, Atiur Rehman, Bangladesh’s central bank governor, resigned on Tuesday.