CFO fraud can be devastating to companies. Luckin Coffee saw its shares plummet from $50 to $1,38 after word got out that they had recognized $300M in false revenue. CFO fraud can take several forms. Keep reading to learn about it and how to protect your organization against its negative consequences.
Trustpair blocks the effect of CFO fraud by continually monitoring your vendor information through automated account validation. Our solution automatically checks each payment before it’s processed, so you always know where your funds go. Request a demo to learn more!
What are the different types of CFO fraud?
There are two categories of Chief Financial Officer fraud:
In CFO accounting fraud, the CFO helps to commit fraud for:
- Their own gain (called internal fraud)
- The company’s gain (called corporate fraud).
In both cases, the chief financial officer is a key part of the fraud. They help fabricate and/or dissimulate the scheme.
That’s the opposite of what Jimmy Patronis, Florida’s CFO, is trying to do today with setting up a fund to help presidential candidates with their legal fees — because it’s all out in the open. A conspiracy to commit accounting fraud would happen by manipulating books behind closed doors and would make the news a few years later.
Accounting fraud can take the form of:
- Delaying or advancing revenue recognition,
- Falsifying financial documents or financial statements,
- Inflating purchase orders or inventory,
- Manipulating securities,
- Committing insurance fraud over some assets,
Financial executives commit fraud to make their companies look good, or to steal money from their organizations. It’s a deliberate act where the CFO knows full well what’s happening.
The other type of CFO fraud happens without the CFO’s knowledge. In this scenario, fraudsters impersonate a high-level financial executive to lure employees into sending unauthorized money or information.
They do so by:
- Using spoofing or identity theft,
- Hacking into their email.
While communications will look like they come from the company’s CFO, they’re actually scammers who want you to wire funds to their own bank accounts.
They can also ask to divulge sensitive information they’ll sell on the dark web or use it for a later fraud scheme. Once they’re in your system, they can make a deep dive into your data and sell it to competitors, which would drastically impede your growth (and there is no insurance against that).
It’s a case of Business Email Compromise (BEC) similar to CEO fraud through phishing, but impersonating the chief financial officer.
What are real-life examples of CFO fraud?
Pareteum Corp., the New York-based company specializing in telecommunications, is one of the most recent examples of CFO fraud. Their former executives Donnel and Bozzo are in the spotlight for their indictment by the NY district’s Attorney’s office and the federal government.
The organization settled for accounting and disclosure fraud charges in 2021, before filing for bankruptcy the following year.
In September 2023, the Securities and Exchange Communications made a press release announcing an indictment towards O’Donnell (former CFO) and Victor Bozzo (former Chief Commercial Officer and CEO).
Both defendants are charged with committing improper revenue recognition practices. They understood purchase orders were from future non-bidding clients, but reflected anticipated future earnings.
They allegedly reported anticipated future sales, inflating Parateum’s financial statements by $40M — up to 91% of their restated revenue between 2018 and 2019.
The United States Attorney’s Office from the Southern District of New York, Damian WIlliams, also pressed charges against Bozzo and Donnel for criminal offenses.
Charged with conspiracy to commit securities fraud, Bozzo and O’Donnel could both face multiple years in prison.
Xoom, a digital money platform, lost more than $30M to third-party fraud. Cyber criminals impersonated a high-ranking company official asking for wire transfers to be made to overseas accounts for fake purchases.
When the company realized what had happened, it was too late. The money and the culprits were gone. Their CFO, Matt Hibbard, resigned soon after the financial documents announcing the fraud were disclosed. To this day, no press release has been published regarding Xoom pressing charges against anyone.
This type of whaling attack is sadly becoming more common. Spear-phishing emails target specific individuals within an organization, showing a depth of research to reach the right individuals. Finance executives are particularly at risk of these kinds of cyber attacks.
Learn all about payment fraud in our latest fraud report!
What should you do if you’re a witness of CFO fraud?
If you think you’re witnessing CFO fraud, report it immediately to:
- Your manager or someone you trust,
- The whistleblower hotline (or similar protocol),
- An external agency like the SEC or the Federal Bureau of Investigation.
In case of a Business Email Compromise (BEC) or another kind of cyber attack, you’ll also want to involve your IT department. Most large companies have contingency plans to secure their data and funds for such occasions.
Those usually involve freezing your business bank accounts, restricting access to financial information, and tightening security throughout the organization.
What are the best safeguards against CFO fraud?
Fortunately, there are ways to protect yourself against CEO fraud and CFO fraud.
Increased internal controls
The first thing to do is to take a look at your internal processes to assess their efficiency and reinforce internal controls rules if needed:
- Who is authorized to send money and review payments?
- How are you protected against cyber and social engineering attacks?
- What information available online would make it easier for fraudsters to impersonate your CFO?
Answering those questions will already give you some areas of improvement. You can also adopt the segregation of duties to reduce the risks of fraud.
It’s also important to check your payment chain is completely safe. Doing account validation during vendor onboarding and before sending any transaction ensures you always know who you’re sending money to.
While it’s a fallible (and tedious!) process to do manually, automatic solutions like Trustpair help you completely eradicate the risk of fraud.
The best way to protect your organization against both cases of CFO fraud (passive and active) is to use fraud detection software.
Trustpair blocks the effects of CFO fraud by continuously controlling your third-party information. No one (even the CFO!) can therefore wire money to an unapproved account without raising the alert.
We connect with databases internationally to ensure you always know who you’re sending funds to, even when dealing with overseas suppliers.
Our solution incorporates seamlessly into your procure-to-pay process to secure your payment chain from end to end.
CFO fraud happens when:
- A high-level financial executive commits internal or corporate fraud or
- Someone impersonates your CFO to steal funds from your company.
Both cases can be avoided by using Trustpair. Our anti-fraud software blocks unauthorized transactions.