The details are hard to get, but something terrible happened last week – possibly earlier — to one of the country’s biggest banks, the Sy family owned Banco de Oro AKA BDO Unibank, Inc.
Officially, BDO as it is commonly called is one of the country’s Big Three banks, along with BPI and Metrobank. BDO may now have the biggest network nationwide, having more branches than the other two universal banks. It is also tops in resources, deposits and assets.
As such, BDO is a target for any criminal group looking for weaknesses in its systems.
The old style crime of a gang entering a bank and declaring a hold up is pretty much passe these days. It still happens every so often, but the “better” way to take the depositors’ money is not by forcing open a vault and getting as much cash as possible. The more effective way is to do so while being invisible.
Today, criminals have gone high tech, and robbing banks is mostly done online via hacking. This is what appears to be the case with BDO.
Just how serious the problem is was made obvious when BDO issued an official statement admitting that a “sophisticated fraud technique” had affected “some” of their clients.
Based on what little information has been released to the public, hackers were able to access BDO accounts, withdraw funds, and use the same to buy Bitcoin in another bank.
That other bank is medium-sized UnionBank, which was chosen by the hackers due to one seeming weakness. There is no limit in daily transactions with UnionBank, while for most others there is a daily limit of a P20,000 withdrawal from their ATM machines.
Depositors needing larger amounts can still do so, but they have to physically go to the branches where they maintain their accounts, or in other branches of the same bank, but proper identification will be required for over-the-counter withdrawals.
UnionBank will almost certainly need to alter their no-limit policy.
The hackers did not target the big accounts of high value individuals or companies, but rather middle class depositors.
The amounts stolen ranged from P25,000 to P50,000, or about $500 to $1,000. In a few cases, the funds stolen reached P100,000 or $2,000.
This may not seem like much to the rich folk, but is painful to middle class Pinoys who save their money for such expenses as tuition for their kids, family vacations, or to amortize big ticket items like cars and real property.
Beyond the official statement, BDP chairperson Teresita Sy also eased the concerns of the victims by guaranteeing that no one will lose their funds to the hackers.
This is practically a personal guarantee and the Sy family is more than able to reimburse the losses of their depositors.
But how much exactly has been lost?
This is where the data is difficult, if not impossible to determine. Neither BDO nor the Bangko Sentral ng Pilipinas are willing to give any figures for fear of causing a panic and resulting bank run.
My sources gave a guestimate of tens of millions all the way to hundreds of millions, but the low end is more likely. I have to trust their instincts because a truly mega-scandal cannot be hidden for long.
Some decades ago, I was the banking and finance editor of the country’s largest business newspaper. I learned that all banks take extreme measures to enforce the Banking Secrecy Law. This necessarily includes keeping negative news from the public in order to avoid that dreaded bank run, when depositors decide to withdraw their funds en masse.
Under a worst case scenario, a bank can be forced to go on holiday, suspending operations until the market has calmed down.
I recall one instance when a medium-sized bank fell victim to a bank run. Its president was able to ease the fears of their depositors by physically going to their largest branch and addressing the depositors who had gone there to close their accounts.
In a large glass case, millions of pesos were displayed to show that they were not going to run out of cash anytime soon.
The tactic worked. Many of the depositors took the word of that president that their money was safe in his bank. It helped that he had a pretty sterling reputation in the industry, of course.
As banking editor, I also became aware that any potentially horrible news was met with the nuclear strategy of killing stories.
There were and still are two ways of doing this. One is to ask the news organizations’ top editors to not use the story, extending the request through the advertising department. The message is clear. Use it and we pull out our ads.
The worst way is to pay off reporters, editors and columnists, telling them what to write and what to deny. In effect, the newsmen become mouthpieces of the bank, or any large company that has a crisis in its hands for that matter.
Thus far, BDO has been able to keep the details of the online heist from the public. As far as the bank is concerned, it is business as usual. Those who did discover that a big chunk of their funds have gone missing are banking on the Sy family to make good their promise that whatever has been lost will be returned.
The question is, will the Bangko Sentral get to the bottom of this latest scandal involving the Philippine banking industry? More importantly, will the perpetrators be caught, charged, tried, and imprisoned?
We shall see, folks. We shall see.