Congress launches probe of NY Fed over handling of $80M cyberheist

House panel asks NY Fed for security briefing
House panel asks NY Fed for security briefing

A congressional committee has launched an investigation into the Federal Reserve Bank of New York's handling of the heist of more than $80 million from accounts it maintains for the central bank of Bangladesh, CNBC has learned.

In a letter to New York Fed President William Dudley on Tuesday, House Science Committee Chairman Lamar Smith, R-Texas, asked for "all documents and communications" related to the cyberheist from the Bank of Bangladesh account. The committee also wants to know what oversight the Fed has conducted of the SWIFT system, an international electronic messaging system used by banks worldwide to authorize billions of dollars a day in money transfers.

A Federal Reserve Police officer stands guard in front of the New York Federal Reserve Building in New York.
Keith Bedford | Reuters

The House committee is requesting a briefing by the New York Fed on the status of its investigations, and "all documents or communications related to any review conducted by the NY Fed of its own information technology."

The committee said its jurisdiction over the matter stems from its oversight of the National Institute of Standards and Technology and the Federal Information Security Management act of 2014, which created an overall effort to protect government information.

"In light of the recent cyber attacks on our global financial systems, the Committee believes it is imperative to receive information from the NY Fed about its response, its oversight of SWIFT, the status of the investigation, and any remedial steps taken to address vulnerabilities," Smith wrote in the letter, a copy of which was obtained by CNBC. "The question of bringing those responsible to justice is an important one. To date, investigators have not publicly announced significant progress."

Although officials at the New York Fed have been careful to distance themselves from any electronic security problems related to SWIFT or its customers, the House committee asserts that the New York Fed has a role in overseeing the Belgium based consortium.

SWIFT, formally known as the Society for Worldwide Interbank Financial Telecommunication, has struggled to push the normally secretive international banks it works with to begin sharing information on the unprecedented wave of cyberattacks targeting the global financial community. In May it urged its customers around the world to tell SWIFT if they see cyberattacks or fraud. In a statement, the consortium said the Bangladesh hack was part of an ongoing campaign by unknown attackers, an effort SWIFT called a wide and "highly adaptive campaign targeting banks."

Federal Reserve Bank of New York
At time of Fed hack, Bank of Bangladesh targeted by others: Source

Traditionally, global central banks have operated with a high degree of secrecy and reluctance to share information, given the sensitive nature of their operations.

In April, a New York Fed official told CNBC that the Fed itself is not even required to report thefts from its accounts. "I am not aware of any laws or regulations that require public disclosure, certainly by the Fed," the official said.

The House committee requested documents be produced by noon on June 14.