Case Study – CFO in action
One would think that in a modern-day company with strict approval processes would never face direct deceptions and fraud only from hackers in the action movies.
However, based on real life experiences multinational companies in certain industries could be a target of organized crime schemes and could be shortened with serious amounts of money.
Companies are especially exposed, if:
- they have a global network of subsidiaries
- they transfer money to Asian (especially Hongkong) accounts through their daily operation
The two above criteria would not create a short list, therefore in the following section we would like to provide some methods which served us well and could help you recognise and prevent fraudulent activities.
The first and most important rule of a CFO is that being an expert in financial tasks is only half of the battle. They must be always cautious with suspicious events and implement control points throughout the processes.
The deception technique
The deception technique is usually quite simple, even though it requires a lot of preparation from the fraudulent organizations.
- Request money transfer through phone: It is important to recognize that even the number on your phone screen indicates someone from the company’s HQ, that is not always the case. The number itself is not a guarantee that the person on the other side of the line is to whom he claims to be. There are methods to hack a number and send false information to your phone. There are several ways to check someone’s identity, but the most secure way is to simply reject this request. A global company cannot have the option to request a money transfer through phone without any control. There needs to be a strict payment process set up, where at least – depending on the amount – 3 people need to be involved and the approval needs to go through the banking system in a well-documented and trackable way.
- Request money transfer through email: A multinational company must have a strict money transfer process which cannot be bypassed regardless of positions. It does not matter who sent or who signed the emails, the “suspicious” requests coming through emails should not be completed. With the pace of the current information flow, we do not have the luxury to work with original documents therefore we need to be certain that the email is coming from a vendor from whom it is expected. The invoice registration in this regard needs to be standardized since it is closely connected to payment processes.
- False / fake invoices: The finance department can receive many false or fake invoices. What should be checked? For example, banking details on the invoice differs from ERP master data. This could be noticed by accountants who input or check the data. In case of domestic vendors, the process is quite easy since the banking data can be double checked with public company registrations and send back to the ordering or the procurement team to consult with the partner. In case of foreigner parties, we should request a bank statement which can certify their data and we can ensure that the source is trustworthy. This process can be time consuming but keep you on the safe side. It can be very difficult to withdraw a payment which was fulfilled to a foreign bank account. Once again emphasis on the standardized procurement process as it will be the base of a secure payment flow.
We have mentioned above only the most obvious and frequent frauds, but the threat can take many different shapes, even in more hidden and subtle ways. The fact that we have faced many of them throughout our course means that the current systems are far from perfect.
What shall we do when the event has already occurred?
Let’s say our company suffered a million EUR loss. Speed and rapidity is key. The swifter response we can take, the better chances we must fix the issue. Call the bank immediately to stop the payment process, money transfer from Europe to Asia is usually not immediate and does not get executed within a day. Therefore, if we detect the issue the day after the payment initiation, our bank might have the opportunity to hold the payment. To help this process an up-to-date accounting of the banking transactions could be critical.
If days have passed from the payment initiation, we might not be able to recover our financial loss. The company’s response naturally depends on the amount and how big the impact is on the financial operations. But a report must be submitted to official bodies and personal liability should be questioned as well (however this is not the subject of our article).
As a closing thought, CFOs and their team always need to be on guard to avoid stories like the above. We at least prefer to experience these thrills through a good book or a movie.
