Total Pageviews

Wednesday, 21 November 2018

CEO fraud

Recently, a French cinema chain fired its Dutch management following a CEO fraud of some 19 million Euro (source). The term CEO fraud is relatively new although such fraud has existed for decades. Today's version often uses the CEO's hacked email account for ordering fraudulent payments. The perpetrators rely on the fear of subordinates to verbally question the CEO.

Fear towards CEO's is more common than one might assume. Several articles point to the CEO as the #1 psychopath in the workplace, like CNET-2013Independent-2016Psychology Today-2014Time-2014Wiki, and WT-2014. These articles were based on a 2012 book by British psychologist Kevin Dutton, who has specialised in the study of psychopathy.

Moreover, the social distance between employees and top management is (very) large in work cultures like France and Germany. In France, the CEO acts like a demi-god. Germany is known for a workplace culture of fear. Excerpt from my 2015 blog on the VW Audi diesel scandal:
"Mr. Müller also said he wanted to change the company’s culture so that there was better communication among employees and more willingness to discuss problems. His predecessor, Martin Winterkorn, who resigned after the scandal, was criticized for creating a climate of fear that made managers afraid to admit mistakes." (NYT)

Early 2000, I was confronted with a CEO fraud. In the early morning, we received a phone call from our bank liaison to verify some large foreign payments outside the group's operational territories. Without hesitation, I killed the money transfers, which were due in 15-30 minutes. Being CFO, I should have known these large money transfers. Hence, I preferred being safe and one day late than being sorry.

In retrospect, the CEO signed payment orders were unusual in several aspects: urgent, large amounts, foreign destination, outside the group's operational territories, amounts just below a certain threshold, use of an exotic / obscure type of payment instrument, no CFO involvement, and (obviously) a forged CEO signature. It's difficult finding more fraud criteria.

I must admit that I learned a lot of this near fraud. Every cloud has a silver lining, including this one. No one objected when I updated the payment authorities shortly afterwards. One person asked if my revoking of his single payment authority implied distrust. The answer was difficult as he had indeed been a suspect. Despite our efforts, we never found the culprit(s).

Ever since that event, a review of the payment authorities was one of my first activities in a new job. Remarkably, dual payment authority is often considered not "efficient" by (Business Unit) managers. A drive for efficiency is often the reason for a deterioration in Internal Controls.

The Boss (1979) by Diana Ross


Note: all markings (bolditalicunderlining) by LO unless stated otherwise

No comments:

Post a comment