Kazi Zahidul Hasan :
The fraudsters took away $2.50 lakh (Tk 2.0 crore) from the Sonali Bank (UK) Limited forging ‘Swift Code’ last year, raising question about the security of the bank’s Internet Protocol (IP) and IT management, sources said.
Having eight to eleven characters for a bank, Swift Codes are used for transferring money and messages among the banks.
A senior official of Sonali Bank told The New Nation yesterday that the Sonali Bank (UK) Limited sent a payment instruction Swift message (MT-103) on June 03 last year in favour of an account holder of Turk Ekonomi Bankasi AS, Besiktas Branch through Natwest Bank PLC London.
The payment instruction was made on the basis of a Swift message (MT 202 cov) sent from the Shilpa Bhaban Corporate Branch of Sonali Bank. Later, the Besiktas Branch of Turk Ekonomi Bankasi AS deposited the amount (USD 2.50 lakh) to the so-called beneficiary’s account, M/S Dardu Topcuoglo (A/C No14936937).
The MT 202 cov was sent on June 02, last year, to the Sonali Bank (UK) using the password of Md Shah Alam, a senior executive officer and Md Monowar Hossain, junior officer (IT) of Sonali’s Shilpa Bhaban Corporate Branch, Dhaka.
“The authorities of Sonali Bank (UK) sent the payment instruction beyond rules because they were not authorized to do it prior receiving MT (message type) -103 from the sender bank,” he noted.
Sonali Bank (UK), a subsidiary of Bangladesh Sonali Bank Ltd, was established in December 2001 to provide faster and efficient banking and remittance service to members of the Bangladeshi Community in Europe.
When the issue of the forgery came to the knowledge of the authorities of Sonali Bank (UK), it asked the Turk Ekonomi Bankasi A.S to return the money through sending a Swift message on June 5 last year.
But the Turkish Bank through another Swift message (dated 06/06/2013) informed it that they were unable to rerun it because the account holder had already withdrawn all the money on June 04,2013 from the account closing the file.
When asked, he said, “We have requested the Central Bank of Turkey to return the money and in reply it has asked the Sonali authorities to contract with its Banking Regulation and Supervision Agency (BRSA).
When we communicated with the officials of the BRSA, they advised us to file a case with the Turkish court, said Sonali Bank officials. As per their advice, we have discussed with the Turkish legal advisers. They said that to run a case in Turkish court is expensive. Besides, they were doubtful about outcome of the case.
We later discussed the matter with the counsel of Sonali Bank (UK) and they also gave the similar opinion saying that the money, which the Sonali Bank needed to run the case in a Turkish court, will be more than the fund that the Bank lost by the Swift message forgery.
Besides, the authorities of Sonali Bank wanted to know the IP (Internet Protocol) address and location from Nelito Systems Ltd of India, which is providing the Swift Solution Service for Sonali Bank.
In reply, it wrote us that the IP is located in UK. We later asked the authorities of Sonali Bank (UK). It replied: A quick review shows this IP address is located within Hosting site in the UK, this does not mean it is someone based in the UK, Nelito should have seen this from their own investigation.
We have sought cooperation from various agencies after the incident came to our knowledge. The matter also presented to the board of directors of the bank, which later sent it to the ministry of finance for seeking advise from it.
The authorities of Sonali bank have already terminated the Chief Operating Officer of the Sonali Bank (UK) Ltd. It also filed a criminal case against Md Shah Alam and Md Monowar Hossain.
Meanwhile, the Banking and Financial Institution Division (BFID) of the Ministry of Finance has directed the Sonali Bank (UK) Ltd to replenish the fund making it responsible for the misuse of the fund.