The Central Bank of Ireland (“CBI”) has for the first time imposed a sanction on a firm following a loss of client funds through cyber-fraud directly caused by significant regulatory breaches and failures by the firm.
The investigation arose following a cyber-fraud where, acting on the instructions of a fraudster impersonating a client, the firm facilitated a series of transactions resulting in the loss of €650,000 of the client’s funds.
The client had invested a sum with the firm. The cyber-fraudster having hacked the client’s web based email account, impersonated him in a protracted series of email correspondence with an employee at the firm. The employee complied with directions to liquidate a large portion of the client’s investment and pay out the proceeds. On discovering the fraud, the firm reported it to the authorities and the client was fully reimbursed. The firm did not benefit from the cyber-fraud.
The Cyber-Fraud
The cyber-fraud unfolded over a two month period during which no one at the firm formed fraud, money laundering or terrorist financing suspicions or made appropriate reports to the relevant authorities. This was despite the fraudster’s…
