According to the NYT of May 12, 2016: “Security experts who have studied the attacks said the thieves probably were lurking inside the bank systems for months before they were detected.” This compilation of expert opinion was directed at fraudulent financial transactions originating inside an unidentified commercial bank that allegedly lost millions of dollars (U.S. dollars?) of its own digital money (not its customers’ digital money!) Thus, it knows the accounts charged (not its customers). It has the audit trail for these electronic thefts by deception (i.e., it has evidence of who did what). However, its internal control systems were not sufficiently robust and redundant to prevent these financial transactions as they occurred under apparently authorized protocols (though the issue as to whether these controls provided “reasonable assurance” will survive this post). The transactions seemed OK at initiation and authorization stages, and they might not have been detected under its review processes until too late (i.e., the digital money was moved from the initial fraudulent transferee to downstream fraudulent transferees – though the soundness of this argument remains to be seen). Let’s hope the bank’s a better custodian of its customers’ digital money than its own.
Compare these instances of corrupt insiders whose credentials were apparently vetted and approved by the principal (i.e., whether the bank as employer of these corrupt employees or the bank as prime contractor of these corrupt independent subcontractors/agents) with the instances of allegedly shady dealings touching the hub of the Panama law firm in the so-called Panama Papers scandal: many of these principals and the actions generating such prodigious amounts of digital funds (U.S. dollars?) were cloaked under the labyrinth of multiple layers of legal fictions spread across the playing field of electronic global finance.
Next Halloween I will be trick-or-treating as the ABC LLC incorporated in Delaware or Nauru – not sure yet. Or I could go as myself, grab handfuls of candies, and run. However, I suppose the strategy offering the greatest return on investment would be to work with a bank – a safe distance from the candy distributors – and absorb whatever digital funds reside in these distributors’ bank accounts and park these under the ownership of some yet-to-named legal fiction in some yet-to-be identified venue while sipping margaritas on a yet-to-be identified beach where it’s way warmer at the end of October than here in the NYC metropolitan area? Or maybe in the woods of Vermont?