Large-scale fraud is taking place across industries and companies of all sizes, as well as impacting enormous numbers of individuals. Robert Wynn Jones, Partner in the Civil Fraud Department at Mishcon de Reya LLP, writes

It is reported upon every other day in the national press, and in particular fraud against victims utilising the UK banking sector.

Many, albeit not all, of these innocent consumers end up being at least partially refunded by their banks under the Authorised Push Payment Scam Code, a voluntary scheme launched by the banking industry in 2019. What is less well known is that businesses also routinely fall victim to the same banking fraud – just as innocently, and often with significantly larger financial consequences. However, there is currently no scheme, voluntary or otherwise, to protect them.

Corporates are being duped into parting with their cash by sophisticated email hackers and phishing scammers, who often funnel the stolen funds through the UK banking system before dispersing it into jurisdictions beyond the reach of law-enforcement.

Banks are too slow

Too often, Britain’s best-known high street banks fail to spot and block even the most obviously suspicious transactions before it is too late. And too often – despite their crucial, if unwitting, role in facilitating the fraud – the banks’ response is to shrug their shoulders and deny any liability.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

This should concern everyone. Push payment fraud on businesses – commonly referred to as “CEO Fraud”, since it involves a scammer impersonating a high-ranking official of the victim organisation – cost $26bn (£21bn) between 2016 and 2019 globally, based on victim reports to the US Federal Bureau of Investigation.

The FBI has highlighted Britain as a major conduit for fraudulent transfers. And if the UK banking system’s alerts against suspicious transactions deriving from CEO fraud are not sufficiently robust, it could be inferred that the systems detecting money laundering and terrorist financing are also deficient.

It is now imperative that banks take this problem more seriously. The House of Commons Treasury Select Committee is conducting an inquiry into economic crime, including banking fraud. On behalf of clients, I have made a number of formal recommendations to MPs on the Committee, including that they require banks to invest more in their anti-money laundering (AML) monitoring, which is often based on antiquated technology.

NatWest and Tecnimont

I have acted on multiple matters involving CEO fraud, including a current case in the English High Court against NatWest on behalf of Maire Tecnimont, an engineering and construction multinational headquartered in Italy. In 2018, Tecnimont’s subsidiary in Saudi Arabia was duped into sending $5m to a bank account registered at NatWest’s branch in Brixton, south London.

Despite this account having seen very little activity in the preceding period, and none remotely involving such large sums, NatWest only briefly froze the account on two occasions in response to internal fraud alerts. Each time, the account was unfrozen as soon as NatWest had verified that the payments out of the account were made on their customer’s (i.e. the fraudster’s) instructions.

Within 48 hours the fraudster dispersed nearly all of the stolen funds in a flurry of payments to bank accounts in eastern Europe and Hong Kong. By the time NatWest were notified of the fraud and had identified and frozen the account for a third time, the account was virtually empty.

The misappropriated funds became effectively untraceable. Very limited recoveries have since been made, but the funds are largely still in the hands of the criminals.

It is important to note that NatWest denies responsibility and the litigation is ongoing. The purpose of this article is not to score points on a matter that will be resolved at court, but to raise awareness of the issue of CEO fraud at political and industry levels.

Time to regulate

We are advocating for regulations or a code that encourages greater investment by banks in meaningful AML controls and immediate fraud detection mechanisms. Banks still take up to a month to review suspicious transactions, yet the technology exists to ensure near to real-time monitoring of accounts. It is no longer acceptable for banks to refuse to implement this technology whilst allowing their account holders to launder money and facilitate criminal activities.

We also want to see changes in the compensation regime, which currently offers no cover to non-customers – even in circumstances where the bank has failed in its monitoring of fraudulent activity or the implementation of its AML controls.

Other industries have been expected to evolve with the times. Social media companies face calls to tackle misinformation and prejudicial language. The GDPR has focused businesses on data protection in ways that would have been unimaginable even 10 years ago. Large companies can modernise outdated practices to keep pace with a big-data economy and society.

In my view, the banking sector has an opportunity to implement similar changes to tackle fast-moving global fraud – which, after all, could not take place on this scale without the banks’ infrastructure.

I would urge financial institutions, as well as parliamentarians, to consider these proposals. Ultimately, they are about assisting innocent victims, both individuals and companies. But they are also about preserving the integrity of the UK financial sector – and that will benefit the banks themselves.