Thai bank alerted Bhutanese officials to a further $150,000 sent to ‘wrong’ account here
Bhutan’s oldest bank, the Bank of Bhutan, has fallen prey to scammers who managed to steal 16 million ngultrum (more than US$240,000) from the account of the Royal Audit Authority.
The bank transferred 16 million ngultrum to three different accounts in India, Malaysia and Thailand based on a fake email received from the Royal Audit Authority, the country’s broadcasting service, Bhutan Broadcasting Service Corporation (BBSC) reported.
Audit officials told the TV station the anonymous perpetrator had hacked into an e-mail account of one of its employees and asked the bank to remit 16 million ngultrum to three different accounts.
Bank of Bhutan officials said the email had all the authentic letterhead, seal, signature and account number of the RAA, according to BBSC. The amount was remitted from the audit authority’s letter of credit account.
RAA officials came to know about the scam when the bank informed them that one of the account numbers was wrong.
The corresponding bank in Thailand followed up with the Bank of Bhutan to say that the account number was not correct.
Due to the mistaken account number, 10 million ngultrum ($150,000) could not be transferred, while it is assumed that 6 million ngultrum ($90,000) has already been dispatched.
Audit officials said the Bank of Bhutan had assured the money would be returned or reimbursed to the authority.
In a letter, audit officials blamed the bank for negligence.
“The withdrawal had been made possible through presentation of forged documents, a situation further exacerbated by non-fulfilment of minimum requirements for financial transactions,” the letter posted on BBSC website stated.
“Considering the nature of transaction, the RAA can fairly conclude that bank officials have failed to exercise due diligence prior to effecting the transaction from the said accounts.”
The bank took full responsibility. While acknowledging lapses “due to earnestness to provide prompt services to an important client”, the banks stated that the fraud was a result of an RAA staff’s personal email account being hacked and used.
It stated that the largest value remittance has been recovered with the help of the Financial Intelligence Unit of Bhutan’s central bank and their correspondent bank. “Efforts are ongoing to recover the rest with the help of the central bank,” it stated in a letter to Kuensel, the national newspaper.
The bank also wrote that they would reinforce their internal controls to prevent such incidents in the future. “The bank has in the past and will in future also take full responsibility whenever clients suffers a loss due to the bank’s negligence.”
Both audit and bank officials said the case has been forwarded to the Anti-Corruption Commission, which will be carrying out an independent investigation.