The data of a few important commercial banks linked to an influential Bangladeshi businessman is suspected to have been breached by unidentified persons who have “wiped out” digital details related to as many as 42 accounts and entries over a period of three months at a time when the country is going through political and economic uncertainty, the Northeast News has reliably learnt.
While Bangladesh Bank authorities have begun an internal investigation, whose preliminary findings suggest that entries related to Taka 2,000 crore deposits in several commercial banks have prima facie been erased from the database, the probe is also centered around the “writing off” of loans to the tune of Taka 67,721 crore that a few large business establishments, closely linked to the country’s power structure, incurred over the past few years.
These and other details are part of a consolidated October 2023 classified loan report, accessed by the Northeast News, and which relates to the April-June 2023 quarter. “The report preparation took longer than usual time since the exercise involved a proper scrutiny of documents linked to the massive loan write-off,” a senior Bangladesh Bank official said on the condition of anonymity.
When contacted over phone, Bangladesh Bank executive director and spokesperson Mezbaul Haque said, “Earlier, the original data from all banks were part of CRI Phase-3 project and this has now been upgraded. This measure, instituted last week, involves putting in place a new process of obtaining data from the banks. All banks and their branches have been directed to prepare centralised data from primary sources”.
Haque further said that past experience indicated that “a single mistake during uploading of data would corrupt the entire database. This involved corruption of borrowers’ entire data and this would happen mostly while uploading Excel sheets. But now the process has been refined to include data entry at the level of primary sources”.
Bangladesh Bank sources said that the wiping out of centralised digitised information related to the 42 accounts was “done with the aim of removing the loan details from the central bank’s balance sheet so that it did not reflect the actual financial condition of the commercial banks”.
These accounts are suspected to belong to an influential and powerful Bangladeshi businessman who has previously been accused of siphoning of Taka 1.20 lakh crore over the last few years. This businessman is in control of at least six banks.
The report, under the signature of Bangladesh Bank governor Abdul Rauf Talukdar, reveals that the top commercial banks wrote off bad loans to the tune of Taka 7,319 crore in a span of one year. Information related to loans totaling Taka 1,961 crore, incurred in the second quarter of the current financial year, was struck off.
Separate inquiries by the Northeast News have revealed that almost all the bad loans are linked to large business establishments which took the loans by producing fictitious information and fake addresses. “At a time when Bangladesh is faced with political uncertainty and the possibility of a regime change, large business houses are taking proactive steps to erase information related to their respective loan burdens,” the sources said.
Bangladeshi finance experts familiar with the massive loan defaulting and Bangladesh Bank’s writing off of bad loans said that the central bank took a policy decision authorising commercial banks to write-off such defaults since 2003. While earlier regulations allowed writing off loans that remained unpaid for five years or more, the policy today allows such waiver after a period of three years. Besides, according to the central bank’s policy now, a minimum of Taka 2 lakh can be written off without filing a defaulting case.
It is generally accepted by Bangladesh Bank officials, both past and present, that several irregularities in loan disbursement were committed in the last 10 years or so, even as the loan repayment default cases went up significantly.
What has, however, alarmed senior Bangladesh Bank officials is the immediate instance of “destruction” of data related to loans. “This reflects a massive security hole in the central bank’s server. Only a deeper investigation involving digital forensics will reveal the extent of the damage caused and the individual business houses who might have benefited from the server breach and data destruction and manipulation,” a retired Bangladesh Bank official said.
An April 2023 Bangladesh Bank report on ‘Guidelines on ICT Security’ accessed by Northeast News says: “The techniques used by cyber threat actors are becoming increasingly sophisticated, and weak links in the interconnected financial ecosystem can be compromised to conduct fraudulent financial transactions, exfiltrate sensitive financial data or disrupt the IT systems that support financial services. The increasing complexity of information and communication technology (ICT) and security risks, the increasing frequency of IT and security-related incidents as well as their potentially significant adverse impact on the operations of financial organizations”.
According to the Bangladesh Bank’s ICT policy, standard and procedure, the central bank “shall maintain detailed design documents for all ICT critical infrastructures/ systems/services (e.g. Data Center design, Network design, Power Layout for Data Center etc.). Besides, Bangladesh Bank “shall maintain an updated ―Operating Procedure for all ICT functional activities (e.g. Backup Management, Database Management, Network Management, Scheduling Processes, System Start-up, Shut-down, Restart and Recovery etc.)”.