1. Business

Bangladesh Bank moves to tighten SWIFT security with AML tools

Move follows recommendations from government review committee and KPMG Bangladesh, which identified gaps in SWIFT security and risk management

The central bank is adding anti-money laundering tools to its SWIFT defences. The technology automatically suspends suspect transactions the moment they arise, placing all international transfers under heightened scrutiny.

A decade ago, the reserve theft from Bangladesh Bank jolted the global financial system. Hackers used the SWIFT payment network to dispatch fraudulent transfer orders and pull off one of the largest cyber heists in history. Several central banks worldwide tightened security in response. SWIFT itself overhauled its protocols. Now Bangladesh Bank is adding anti-money laundering tools to its SWIFT defences. The technology automatically suspends suspect transactions the moment they arise, placing all international transfers under heightened scrutiny.

The move follows a recommendation from the special taskforce investigating the reserve heist. The taskforce also proposed environmental and security upgrades to the bank’s SWIFT room.

The AML tools verify the authenticity of every piece of information moving through the SWIFT system, allowing the instant identification and halting of any false or fraudulent transaction data.

Last year, the audit firm KPMG Bangladesh inspected the SWIFT server and submitted 15 observations alongside a series of security recommendations. Chief among them was the deployment of AML tools. KPMG’s report found that the bank had not conducted a review of potential risks to its SWIFT system and lacked a rollback plan for restoring the previous system in the event of failure. That plan has since been drawn up. Formal authorisation of firewall rules and the virtualisation design was absent; the bank completed it later on the auditors’ advice. The technology asset inventory has been updated, user access and privileged account controls have been implemented, and gaps in the production runbook and system decommissioning policy have been closed.

Mehedi Hasan of KPMG Bangladesh told Bonik Barta that the firm issued several recommendations and continues to follow up on them regularly.

Procurement of the AML tools has already been completed under the recommendations. But the tools will only be integrated after the newly implemented SWIFT system goes live. Deploying them on the current system could require purchasing two additional licences.

SWIFT, which the government uses for international payments, already offers anti-money laundering tools, according to experts. They work in three steps. First, banks link their core banking systems to SWIFT’s screening API, routing every outgoing payment message and customer transfer to a cloud platform before transmission. Next, SWIFT’s servers automatically check the sender, receiver, bank name and country against major global sanctions lists. Finally, if a transaction looks suspicious, the tool generates an alert and halts it. A bank’s AML compliance officer then reviews the case manually; funds move only after clearance.

Dr Anindya Iqbal, a professor of computer science and engineering at Bangladesh University of Engineering and Technology (BUET), told Bonik Barta: “If a local team can be built for the SWIFT AML tools, it will be sustainable — a team combining Bangladesh Bank’s in-house staff with outside experts. But I doubt how effective it will be if we simply buy and install a foreign tool.” He stressed that the tools need regular updates because money laundering patterns shift constantly.

The former interim government set up a six-member review committee on March 11 last year to determine how to prevent a repeat of the reserve heist. The committee inspected Bangladesh Bank’s SWIFT server on the first working day of July that year. It later disclosed that the hackers dressed the transfers as bill payments for local projects but routed the money to foreign accounts, landing the stolen reserves in six institutions’ bank accounts. Had AML tools been integrated into SWIFT at the time, the transactions would have been blocked.

The review committee’s recommendations explicitly called for deploying anti-money laundering tools on SWIFT, citing technical and security imperatives. Central bank officials had informed the committee of a shortage of skilled technical staff. Because a single SWIFT transaction requires five competent officers performing distinct roles simultaneously, the committee proposed expanding the SWIFT team.

Financial and technology sector analysts argue that shifting global geopolitics, the complexity of cross-border trade and escalating cybercrime risk leave no alternative to rigorous international security standards. For an institution as sensitive as the Bangladesh Bank, the country’s apex financial regulator, AML technology is no longer optional, long-term or a luxury. Experts stress that deploying such automated tools is compulsory to sustain correspondent banking relationships and to buttress Bangladesh’s global ratings. It is not merely a piece of software or a technical addition; it is a critical strategic shield for safeguarding macroeconomic stability, restoring the battered image of the domestic banking sector abroad and ensuring the airtight security of the state’s reserves.

Bangladesh Bank spokesperson and executive director Arif Hossain Khan said the review committee’s recommendations are being taken seriously. “The committee members who inspected the SWIFT server and set-up gave us a number of recommendations. Among them was adding AML tools to secure SWIFT. That has already been procured,” he told Bonik Barta. “The recommendations requiring immediate implementation have been carried out. Work is underway to implement the rest on an urgent footing.”

আরও