We advised a large fintech company self-report to the FCA after they were tricked by fraudsters impersonating a listed company in Asia seeking to procure $100m for working capital finance.
We helped manage the immediate risk upon discovery of the fraudulent issues, guided the client on self-reporting and their internal approach to remedy the issues that arose. We thereafter provided advice on improvement to their internal financial crime compliance processes to ensure such an event was very unlikely to repeat itself.
This case study provides yet another reminder that there are no limits to what fraudsters will do to make money by means of defrauding innocent victims – in this instance institutions. This case was a prime example of how fraudsters increase their activities and seek to take advantage of recessions / periods of disruption (in this instance, the COVID-19 pandemic) to mount their campaign.
Background
The attempted fraud in this case was audacious to say the least as the fraudsters sought to impersonate the identity of a substantial corporate that purportedly wanted to procure several hundreds of millions of pounds of working capital finance. They did this by impersonating members of senior management in the corporate concerned and contacted our client who operates in the financial sector and facilitates the provision of finance.
Fortunately, the attempted fraud was detected before any direct financial loss was suffered. However, by that stage the client had wasted not an insignificant amount of time and resources on the project and had made introduction of the fraudsters to the client’s banking trade partners. Moreover, the incident caused a sizeable amount of senior management time to be diverted away from the client’s business and external costs being in incurred in order to investigate the incident.
Our work
Following an initial review of our client’s applicable policies / procedures and taking into account the client’s legal and regulatory obligations, we helped the client to: (i) understand the root cause of the attempted fraud; (ii) improve its understanding of its regulatory reporting obligations; and (iii) identify specific areas of focus for review.
As a responsible business operating in the financial services sector and regulated by the FCA, the client did have in place the requisite policies and processes to combat financial crime plus a designated compliance function. Nevertheless, the client was almost caught out. This is not uncommon since no control framework, no matter how sophisticated, is entirely fault proof.
Practical advice for our client
In our experience of advising clients who have been victims or targets of fraud and/or require advice on their financial crime controls, as was relevant to this case, we have found the following to be key factors in minimising the risk of becoming a victim or system being partially breached:
- The policies and procedures (e.g. Customer Due Diligence / Anti Money Laundering / Know Your Client checks) in place are effective and bespoke to the operation and needs of your business and the sector it operates in.
- Periodic review (preferably on annual basis) plus ad hoc reviews in response to awareness of specific risk(s) to your business / sector and/or occurrence of national / international disruptions (e.g. recessions, pandemics, etc). Thereafter, prioritising and implementing any changes identified.
- Implementing a structured and bespoke training programme for the relevant members of staff to take account of new joiners, promotions, role change(s) within the business, seniority of staff and job role specificity.
- Implement a multi-layered line of defence (e.g. back office team, Compliance/legal function, and, depending on the size of the business, an internal audit function) in your financial crime control system. In addition, encourage a clear line of dialogue between these teams so that each team is aware of its own responsibilities and how / when matters should be escalated up the chain.
- The effectiveness of any financial crime control is dependent on (i) the effectiveness of the policies and procedures in place; (ii) the ‘buy in’ from all the relevant functions in the business; (iii) the input into those policies and procedures by the first line of defence; and (iv) the challenge by senior management to the robustness of the policies and procedures in play at any given time.
- As well as having the appropriate controls and procedures, it is also important that there is emphasis on a work practice that is based on intuition and continuous analysis and monitoring
