It appears that the NY Fed and Bangladesh Bank are patching up both their systems and their relationship after being embroiled in one of the largest bank heists in history.

As I noted a few months ago, Bangladesh Bank is none-too-pleased with the NY Fed's failure to detect and stop a cyberheist of Bangladesh Bank's account with the NY Fed. At the time, Bangladesh Bank threatened to sue. But I've been monitoring US federal dockets closely since then and haven't seen any sign that Bangladesh has actually done so. Now it seems that the potential adversaries are cooperating to recover the stolen funds from the Philippines, where the funds initially landed.

Still, the NY Fed isn't taking chances. In a letter asking the Philippines central bank to help recover the loot, the NY Fed has said that it honored the fraudulent wire instructions sent from Bangladesh Bank's compromised computers only after authenticating them using a "commercially reasonable security procedure". This is of course a reference to the NY Fed's use of the SWIFT authentication protocol, widely used by banks everywhere. Returning readers will recall that Banco del Austro is currently suing Wells Fargo over a similar cyberheist and chiefly contends that the SWIFT authentication protocol isn't "commercially reasonable". If Banco del Austro is right, then Wells Fargo (and any other bank relying on the SWIFT protocol) can't invoke a critical safe harbor in Article 2A of the Uniform Commercial Code and may be liable for honoring fraudulent wire instructions. So the NY Fed's reference to its "commercially reasonable security procedure" is important: The NY Fed may be happy to help its customer to recover the stolen money, but it's not about to lie down and accept blame.