This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Menu

Welcome to Connected World

Your go-to source for latest insights from our lawyers. Through sharp analysis and commentary, we explore the pressures facing businesses today.

| 1 minute read

Controlling changes to the bank account details of a supplier

Interpol recently reported the success of Operation HAECHI-I where a team of 40 officers focused on 9 Asian Pacific jurisdictions were able to intercept illicit funds in the region of USD 83 million resulting from cyber enabled financial crime.

One example,  involved changing the bank account details of a supplier to a Korean company. This meant that when invoices were presented to the company for payment, almost USD 7 million was transferred, not to the supplier but to the bank accounts of the fraudster.

For fraudsters, circumventing the internal controls of a company to change the bank account details of a supplier creates opportunities that can result in significant gains for them and often, material losses for the victims. 

It's a simple fraud in an often complex environment and is known by a number of different terms including account, payment or invoice redirection but can be prevented by robust internal controls.

These controls include measures such as

  • change confirmation and validation processes between parties
  • authentication processes; and
  • use of technology based solutions  to identify payment fraud risk

Given the continued rise in cyber attacks and the scale of potential losses, companies should review and test their controls regularly to provide comfort that they are not exposed to this type of risk and end up making payments to fraudsters instead of their trading partners.

If you would like some help to review and test your controls in this area or investigate an incident please contact Neal Ysart, Lead Regulatory & Investigations Advisor  at neal.ysart@clydeco.com   /  Tel: +971 55 138 9250  or your usual Clyde & Co point of contact. 

In early February, a Korean company was approached by what appeared to be one of their trading partners requesting payment of a series of invoices. The bank details on the invoices, however, had been fraudulently changed. The company eventually transferred nearly USD 7 million to the fraudster; money that was swiftly routed to bank accounts in Indonesia and Hong Kong, China.

Tags

fraud, supplier, risk, cyber, controls, investigate