Menu

Legally sharp

Director on holiday? Don’t let fraud exploit your absence

Director on holiday? Don’t let fraud exploit your absence

Summer is a time when many entrepreneurs take a step back from day-to-day business. Yet these are precisely the weeks in which cybercriminals see their opportunity.

When a director or person responsible for finance is absent, the risk of fraud demonstrably increases.

An email containing an urgent payment request, a phone call from a supposedly familiar supplier, or a request to pay an invoice “quickly before the weekend”: these are classic examples of fraud that can be particularly successful during holiday periods.

Many entrepreneurs believe that good software provides sufficient protection. In reality, people are often the weakest link.

Why especially during the holiday period?

Fraudsters know that organisations operate differently during the summer. Decisions are made by substitutes who are less familiar with ongoing matters. Colleagues are harder to reach, internal controls are sometimes applied more flexibly, and the pressure to deal with matters nevertheless is high.

Criminals take advantage of this.

A common form is so-called CEO fraud. An employee receives an email that appears to come from the director, asking them to make a confidential and urgent payment.

Because the director is supposedly travelling or on holiday, the message stresses that telephone contact is not possible and that discretion is required.

Changing suppliers’ bank account numbers also remains a popular form of fraud.

An apparently harmless email in which a supplier states that future payments should be transferred to a new account number can lead to significant financial damage.

Legal responsibility

When a company falls victim to this type of fraud, the question often arises as to who must bear the loss.

In some cases, a bank may be liable if it failed to sufficiently check an unusual transaction. In other cases, it may be held that the company itself had not taken sufficient internal control measures.

Increasingly, attention is being paid to whether a company had organised its processes in such a way that fraud could reasonably have been prevented.

A well-structured internal organisation is not only commercially sensible, but can also be of great legal importance.

Practical measures

A relatively limited number of organisational measures can significantly reduce the risk:

  • Record who is authorised to approve payments during holiday periods.
  • Always apply the four-eyes principle for higher amounts.
  • Verify every change of bank account number by telephone using a previously known telephone number, never the contact details provided in the received email.
  • Make employees aware of the most common forms of phishing and CEO fraud.
  • Agree that urgency is never a reason to bypass internal control procedures.

Prevention is easier than litigation

In our practice, we regularly see companies that only discover after a fraud incident that internal arrangements were never properly documented. This then leads to a complicated discussion with banks, insurers or contracting parties about who is responsible for the resulting loss.

Especially during the holiday period, internal organisation therefore deserves extra attention.

A clear authorisation structure, clear control procedures and an alert organisation still provide the best protection.

Legally sharp: the risk of fraud does not increase because employees are on holiday, but because criminals know that organisations are more vulnerable at that time. Good preparation before departure can prevent a great deal of trouble and costly legal proceedings.

Expertise

Contact

Do you have a question? Please feel free to contact us. You can email to info@acginter.com.
  • Related articles
All articles