BEC, the acronym for business email compromise scams, is getting its share of attention. Amid reports this week that changes to accounting standards are coming over the next few weeks, the Securities and Exchange Commission (SEC) has said that financial professionals, including accountants, must be mindful of cybersecurity risks.
The idea, as detailed in the SEC’s Report of Investigation, is that firms should consider cybersecurity as they develop their own internal accounting standards. That comes in the wake of BEC scams that are growing as a threat to companies of all sizes and industries as they conduct B2B operations. Though the SEC had seemingly mulled action against companies that had been victimized by BEC scams — on the grounds that they had not had appropriate internal systems in place — it had decided not to do so. The Securities Exchange Act of 1934 requires companies to develop internal accounting controls that mandate that transactions are done only with management’s “general or specific authorization.”
The warning on cybersecurity risk comes as the FBI has estimated that over the past five years, U.S. firms have lost more than $5 billion to BEC scams.
“Cyber frauds are a pervasive, significant and growing threat to all companies, including our public companies,” said SEC Chairman Jay Clayton at the time the report debuted. “Investors rely on our public issuers to put in place, monitor and update internal accounting controls that appropriately address these threats.”
The SEC may urge caution, but victimization continues, even at the government level. Reports from various news sources said this week that scammers who posed as city vendors bilked nearly $700,000 from the Washington, D.C. city government. The theft happened in July of this year and is being investigated by the Treasury Department. The Washington Post reported that a scammer used fraudulent emails and impersonated a construction vendor, and with an altered email address duped the D.C. Department of General Services.
The office of D.C. CFO Jeffrey DeWitt said that new protocols are in place, where added levels of confirmation are needed when vendors change their bank details. Funds were paid by electronic transfer, tied to a design and build contract for a homeless facility.
Hunting Fraudsters with the Public’s Help
The Securities and Futures Commission, otherwise known as the SFC, has appealed to the public at large to help track down fugitives accused of financial crimes — and also wants the public to come forward with any suspicions of financial fraud.
The South China Morning Post reports that the SFC has set up a form online through a page titled “Reporting corporate fraud and market misconduct.” Reports state that the 10 suspects on the regulators’ wanted list include three missing chairmen, two former executives and a fund manager — and all appear on a section of the site that asks the public, “Have you seen these people? The three former chairmen include Ding Hui, who is the co-founder of mainland fashion retailer Fujian Nuoqi. The company had reported the former executive as missing as far back as 2014, several months after the company had listed its shares on the Hong Kong public stock markets and after discovering Ding had made unauthorized transfers from company funds.
Separately, Reuters reported this week that former International Monetary Fund head Rodrigo Rato reported to prison in Spain for a four-and-a-half year term. While running Bankia, a state-owned lender bailed out by the government in 2012, he — along with more than 60 other former executives — had used corporates cards to pay for vacations, jewels and clothes. The total spending came to as much as 12 million euros between 2003 and 2012.