Updated 16:54 PM PHT Fri, December 2, 2016
Metro Manila (CNN Philippines) — The Rizal Commercial Banking Corp. (RCBC) is ready to fight a long, protracted legal battle, as it argues it is not responsible for the repayment of Bangladesh's stolen money.
"The bank is firm in its position that we will not compensate Bangladesh," RCBC External Counsel Thea Daep-Laurena told CNN Philippines on Wednesday.
She said RCBC is already preparing for the criminal and civil charges Bangladesh officials are planning to file, adding it was ready to "do everything possible to protect the bank."
According to Laurena, Bangladesh has no case against RCBC.
Under criminal law, officials would have to prove RCBC participated in the cyber heist. But RCBC did not steal the money from the Bangladesh Bank, nor did the money stay with RCBC, she explained.
In February, unknown hackers broke into the Bangladesh Bank's accounts in the Federal Reserve of New York, stealing $81 million.
While hackers were able to hide the money in the Philippines through RCBC's branch in Jupiter St., Makati City, it was quickly withdrawn, converted to pesos and then gambled away at several casinos.
RCBC cannot be held civilly liable either since it did not cause the theft, Laurena said.
Turning the tables, she pointed to initial reports showing it was insiders at the Bangladesh Bank that hacked its system. That's why they knew how to get through layers of security, not just at the New York Fed, but also in SWIFT — the global banking communication network - and the correspondent banks that cleared the transaction.
"Under our laws, the doctrine of proximate cause, if it is by your own acts of negligence there is loss then you have to bear the consequences of your own negligent acts," she said.
A high-level Bangladeshi delegation, including Minister for Law Anisul Huq, Attorney-General Mahbubey Alam and central bank governor Fazle Kabir, was in the country this week to seek help from the Philippine government in recovering the stolen funds.
So far, Bangladesh has only recovered $15 million of the total $81 million, returned by casino junket operator Kim Wong.
About $2.7 million is frozen in Solaire Resorts and Casino by a court order, while another $17 million was allegedly pocketed by Salud and Michael Bautista, owners of remittance firm PhilRem Service Corp.
The rest of the money is missing.
Bangladesh continues to work with the Department of Justice, the Anti-Money Laundering Council (AMLC) and the Philippine Amusement and Gaming Corp. to find the missing $66 million.
But at the same time, Huq said RCBC should compensate the Bangladesh Bank, since it was liable for the cyber heist.
A Senate inquiry and an investigation by the Bangko Sentral ng Pilipinas (BSP) uncovered serious lapses by the Yuchengco-owned bank. For one, the bank accounts set up by hackers were fake. RCBC, moreover, allowed the money transfer and the withdrawals despite stop orders coming from Bangladesh.
"It is clearly established that RCBC was very much involved in the scam," Huq said on Tuesday.
He also shrugged off accusations Bangladesh Bank was negligent. "The money that left the New York Fed was sent to RCBC, and RCBC accepted the amount. So, the stolen money was found in RCBC, and that is where RCBC is liable."
"It is not for RCBC to point fingers at anybody. They should be explaining their conduct, and their conduct has been culpable," he said.
The BSP handed down a record P1-billion fine for RCBC's violations, which the bank accepted. Laurena stressed, though, that it wasn't an admission of guilt since the BSP only filed an administrative case.
The AMLC, however, is pursuing criminal charges. On Nov. 18, it filed a complaint at the Department of Justice against four officials in RCBC's retail banking group and two employees of the Jupiter branch.
The regulator accused them of ignoring "suspicious circumstances" and helping facilitate the $81-million money transfer.