Interpol recently reported the success of Operation HAECHI-I where a team of 40 officers focused on 9 Asian Pacific jurisdictions were able to intercept illicit funds in the region of USD 83 million resulting from cyber enabled financial crime.

One example,  involved changing the bank account details of a supplier to a Korean company. This meant that when invoices were presented to the company for payment, almost USD 7 million was transferred, not to the supplier but to the bank accounts of the fraudster.

For fraudsters, circumventing the internal controls of a company to change the bank account details of a supplier creates opportunities that can result in significant gains for them and often, material losses for the victims. 

It's a simple fraud in an often complex environment and is known by a number of different terms including account, payment or invoice redirection but can be prevented by robust internal controls.

These controls include measures such as

  • change confirmation and validation processes between parties
  • authentication processes; and
  • use of technology based solutions  to identify payment fraud risk

Given the continued rise in cyber attacks and the scale of potential losses, companies should review and test their controls regularly to provide comfort that they are not exposed to this type of risk and end up making payments to fraudsters instead of their trading partners.

If you would like some help to review and test your controls in this area or investigate an incident please contact Neal Ysart, Lead Regulatory & Investigations Advisor  at   /  Tel: +971 55 138 9250  or your usual Clyde & Co point of contact.