Exclusive: Central banks seek global standards in wake of Bangladesh heist

NEW YORK/LONDON (Reuters) - The world’s major central banks, stung by this year’s $81-million heist in Bangladesh, have launched a task force to consider setting broad rules to protect the vast network of cross-border banking from cyber attacks, according to two sources with knowledge of the matter.

Slideshow ( 2 images )

The committee of central banks, part of the Bank for International Settlements (BIS) in Basel, Switzerland, set up the task force this summer. It has begun gathering information from members on their protections against fraud, said the sources, who requested anonymity because work had just begun.

The task force could ultimately set cyber security standards around inter-bank transfers that may be adopted globally. The new principles or guidance could cover responsibilities of banks that send and receive money transfers, and networks like SWIFT that transmit payment instructions in correspondent banking.

The task force also aims to consider recommending the steps each player should follow if a central bank falls short of protecting its systems from hackers, what role domestic regulators should play, and how to respond if another breach happens, the sources said.

“It’s in its formative stages,” said one of the sources. “It’s what needs to happen ... but it’s not a fast process.” The other source said a focus of the task force will be identifying where the “breakdowns” are hidden in correspondent banking.

The BIS, which oversees the Committee on Payments and Market Infrastructures (CPMI) that launched the effort, declined to comment.

The sources said the attempted theft of nearly $1 billion from Bangladesh Bank’s account at the Federal Reserve Bank of New York, as well as other cyber attacks that since came to light, helped spur the committee of central banks.

In early February, hackers breached the Bangladesh central bank’s systems and peppered the Fed with payment requests via the SWIFT global money-transfer network. Some requests were filled, amounting to $81 million that disappeared mostly into Philippines casinos. A Reuters investigation found the theft happened amid missed warning signs and miscommunication between the New York Fed and Bangladesh Bank.

After months of international finger-pointing, central banks and police investigators now appear to be cooperating to try to recover the funds, find the culprits, and strengthen a banking system found to be vulnerable.

“It just shows the vulnerabilities and, with the Bangladesh example, how a lot of money can be redirected in a very short amount of time,” U.S. Senator Gary Peters, a Democrat who has urged the Group of 20 to prioritize cyber crime, said in a recent interview.

The National Bank of Belgium, which directly oversees SWIFT, has a leading role in the task force, one of the sources said.

The New York Fed, which handles some $80 billion in global money transfers each day and which is also taking part in the task force, said in June it was talking with other central banks about cyber security and the structure of global payments.

Belgium’s central bank, the New York Fed and SWIFT, which stands for the Society for Worldwide Interbank Financial Telecommunication, each declined to comment.

The task force would have representatives from some of the most influential 25 central banks that make up the BIS payments committee, including the Bank of Japan, the European Central Bank, the People’s Bank of China, and the Fed. However it was unclear who was tapped to serve.

The committee, which does not include Bangladesh Bank, promotes the safety and efficiency of bank-to-bank payments and settlements. It could open consultations with outside entities as early as this year, said one of the sources, adding it could take another couple of years before anything is formalized.

Reporting by Jonathan Spicer and Tom Bergin; editing by Chizu Nomiyama