Incompetent

Here we may proudly say: Something like this could never happen in the Philippines.

Three years after hackers broke into the security systems of Bang-ladesh Bank and successfully stole $81 million from under the noses of that country’s central bankers, the Bangladesh Criminal Investigation Department (CID) has once again failed to submit a report on what happened and who is to be held responsible.

A court in Dhaka has set March 13 as the new deadline for submission of the case report. This will be the 29th extension of the deadline. Meanwhile, the syndicate responsible for the largest cyber heist in banking history will have all the time to cover their tracks.

Dhaka metropolitan magistrate Sadbir Yasir Ahsan Chowdury must be a very patient man. He has been routinely granting extensions to the deadline for that report to be submitted. Not everyone is confident that the CID will submit a report on March 13.

This could go on and on. Meanwhile, the officials who were negligent or complicit in this crime could simply retire in peace.

The signs of incompetence are everywhere in this case.

Whoever hacked the Bangladesh Bank account with the New York Federal Reserve did so in February 2016. But the Bangladesh Bank accounts and budgeting department reported the incident to the police on March 15, at least two weeks after the cyber heist happened.

In banking, especially in central banking, a day is a very long time. Two weeks is an eternity.

It takes several handprints to clear any movement of money from the Bangladesh account through other banks using the SWIFT system. Yet the hackers accomplished the transfers with apparently little difficulty. This sparked suspicion the heist might have been an inside job.

If something like this happened in the Philippines, a horde of regulatory and oversight institutions such as the BSP and the SEC would have been all over the case. Public hearings at the House and the Senate would have been called. Every bank officer, for reasons of commission or omission, would have been called to the mat. Investigative reporters from every media organization would have been preoccupied turning up rocks and following leads.

No wonder the hackers chose the Bangladesh Bank. This bank bought switches for its security systems from hawkers in the streets. It took over two weeks for the break-in to be reported. And now, it has taken at least three years for the CID to produce a report. 

Yet the Bangladesh Bank dared to file suit against Filipino bank RCBC to recover its money. They forget the security breach happened in Dhaka and not in Manila. Or, maybe, they are diverting attention away from their failures.

When it was established that the money was coursed through accounts at the Jupiter branch of RCBC, the BSP immediately slapped the bank with a billion-peso fine for not acting promptly enough.

But then, this is the Philippines, not Bangladesh. Our regulatory institutions work.

Remedied

It might seem like legislative sleight of hand.

By means of a resolution, the Senate transferred the franchise earlier awarded Mislatel to the whole consortium awarded the right to be the third major telecoms player. That should solve the problem revolving around the discovery Mislatel had failed to commence operations immediately after it won its franchise.

That “problem” was unseemly. While Mislatel failed to abide by the conditions of the franchise awarded it, no one remembered to annul the award.

The Senate remedy to this problem underscores the desire of everyone to have a truly competitive telecoms industry and better Internet services for all. The designated third player had deposited a hefty multi-billion performance bond to guarantee it will deliver according to the schedule set. It now has every incentive to perform as promised.

With the Mislatel franchise question remedied by legislative fiat, the only live case affecting the entry of a third major player is the one filed before the bidding, and announced belatedly, by NOW Corp.

NOW sued the National Telecommunications Commission (NTC) for turning the bidding process into a “money-making scheme.” They described the performance bond as “extortion.” While the company did pay the P1 million fee for acquiring bid documents, it must have been incapable of raising the billions required to establish full financial commitment to the undertaking. NOW, along with the other bidders unable to comply with the terms of reference for the bidding, was disqualified outright.

DICT Acting Secretary Eliseo Rio described the suit as a self-serving ploy to delay the entry of a third player. As far as government is concerned, the bidding process has been completed.

This is not the end of the story for NOW Corp. Its surprise move to sue the NTC very late in the bidding process surprised everybody, especially shareholders in the company. They concluded that NOW did not disclose relevant information about its own financial standing.

The decision to sue NTC has definitely backfired on NOW Corp. Investors are now scrutinizing the company’s financial health and its outstanding tax obligations.

Of the renegade player, Secretary Rio wryly commented: “The participation fee of P1 million it paid might have significantly cost NOW Telecoms’ mother company, NOW Corp., of its operational income, which only stood at P6.3 million in 2017.”

That comment raises every reputational risk imaginable.