13 June, 2017
Summary
Many victims of “CEO fraud” (otherwise known as “business email compromise”) are companies involved in cross-border businesses that routinely make international money transfers.
The Federal Bureau of Investigation (“FBI”) reports that:
- Most of the victims are based in the U.S., but companies from over 100 other countries have been defrauded;
- Although fraudulent transfers have been sent to over 79 different countries, most of the money is sent to banks in the People’s Republic of China (“PRC”) and Hong Kong (“HK”); and
- The first 24 hours after the fraudulent transfer are critical.
The following “Immediate Action Plan” outlines steps to “freeze” accounts and recover funds.
The Problem
According to the FBI, “Business Email Compromise is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
From January 2015 to June 2016, the FBI reported a 1,300 percent increase in losses due to “CEO fraud,” totaling approximately USD 3.1 billion. However, the extent of this problem could be much higher as many of these crimes may go unreported due to embarrassment or despair at the seeming lack of practical solutions.
The most common version of the scam involves criminals impersonating a person of authority within a company using a “spoofed”[1] or “hacked”[2] email account and demanding that an urgent transfer of money be made overseas. Often the criminals have been monitoring the company to make the scam appear authentic by mining social media and using “phishing” techniques to know the right names, the usual procedures and the business practices of the victim. For example, an email from a “fraudulent CEO” to the accounts department may read something like this: “Joe, I need you to make an urgent payment to XYZ Co. You know that this is our key client. If this deal falls through, there is no chance you will get the promotion we’ve been talking about!”
There has been a rise in the number and sophistication of these cases, and it seems as if the criminals have decided that there is a smaller chance of being pursued by lawyers and law enforcement if they increase the number of attacks for smaller amounts. In addition, it appears that the criminals are well-versed with the international transfer processes of the banks. For instance, if there are good linkages between particular banks, it may take 24 hours for a transfer of USD 99,999 to go from the U.S. to HK through the international settlement system, while a transfer from HK to the PRC may be virtually instant and take just a few hours for a team of 20 people to collect all of the money as cash from various ATMs in the PRC.
Immediate Action Plan
The key is to act quickly to stop the payment(s) while it is being transferred between banks. Since international transfers can take some time, it is also important to freeze the known destination accounts of the criminals. Upon detecting a fraudulent payment, take the following basic steps immediately:
- Contact your local bank to try to stop the payment before it enters the international financial system.
- Ask your local bank to contact the corresponding international bank where the fraudulent transfer was sent.
- Contact your local law enforcement authorities to report the crime.
- Contact the law enforcement authorities in the corresponding country where the fraudulent transfer was sent.
- When dealing with a country in a different time zone with a foreign language and legal system, contact professionals who are on the ground to help manage the process and ensure that the matter gets proper attention.
Hong Kong Action Plan Outline
Step 1: Contact HK Police
The first and key step is to report the matter to the HK police immediately. If, among other things, they consider there is sufficient evidence that the funds are the proceeds of a crime, the authorities will issue a “letter of no consent” (or “non-dealing” notice) to the recipient HK bank. This, in practice, has the same effect as, but is not, a “freezing order.” The letter of no consent/non-dealing notice is temporary and can be lifted at any time without notice.
Often it is easier to obtain prompt police assistance if the matter is reported in person. To report the matter to the Hong Kong police by email or online, use the following links:
- Email the police department.
- File an online report.
Note: Reporting by mail/fax are also options, but most people now use email or file a report online. If a report is made online or via email, a follow-up telephone call is encouraged and (if possible) an in-person visit to the HK police department to ensure that the matter is receiving sufficient attention, bearing in mind that the HK police have many sorts of these inquiries. The phone number for the relevant department of the HK police is +852.3661.1602.
Step 2: HK Civil Proceedings
To retrieve the funds, file an application immediately with the HK courts (“civil” proceedings) for a regular civil freezing order (often known as a “Mareva Injunction” in commonwealth jurisdictions), after the HK police have applied a letter of no consent/non-dealing notice to take control and ensure that the funds remain frozen. (Reminder: The letter of no consent/non-dealing notice can be lifted at any time without any notice.)
The civil freezing application will need to be directed at some identified defendant (in this case, the account holder) and is usually made without notice to/in the absence of the defendant (i.e., it will be made “ex parte”). An “endorsed writ” (with a general outline of claims) would need to be made for service on the defendant if a freezing order is made. A formal statement of claim only needs to be prepared if the proceedings are contested. However, ordinarily they are not.
Usually an application is made at the same time as the freezing order for disclosure against the HK bank concerned about the account holder(s)/misappropriated funds. This may assist in tracing funds and identifying the wrongdoers. After obtaining judgment on the writ, a “garnishee proceedings” will be issued for an order for payment of any funds in the defendant’s account to be paid to you.
PRC Action Plan Outline
Step 1: Contact Authorities and Appropriate Parties
Contact the local receiving bank and PRC police to try to get the funds frozen “informally.” The transferor bank may be able to assist with contacting the relevant persons at the local receiving bank.
Additionally, report the matter to the police authorities in the jurisdiction where the funds have been transferred, as well as Interpol. Local PRC police usually require a formal request from Interpol/the relevant foreign police authorities before taking any action or formally freezing funds that have been transferred from overseas to the PRC.
Some countries post police liaison officers to embassies/consulates abroad, including the PRC. If there is a police liaison officer from your native country based in the PRC, ensure that he/she has all of the relevant information and is provided with the contact details of all relevant persons and authorities involved.
Seek assistance from local lawyers in the relevant city (or nearest large city if in a remote part of the PRC) to help navigate the process and liaise with local bank officials and police authorities, as well as to ensure that the matter gets proper attention.
Step 2: Recovery of Funds
Commencing civil proceedings to try to freeze the bank accounts is not a realistic option given the time required among other factors. Theoretically, civil action may be possible for the return of misappropriated funds (e.g., on the grounds of unjust enrichment). However, PRC courts will decline jurisdiction in civil proceedings, where the claims are founded on fraud, on the basis that such claims should be dealt with by way of criminal proceedings. Even where civil proceedings, in theory, are an option, it will usually take too long to freeze the funds (e.g., all of the evidence will need to be translated into Chinese, a notarized power of attorney must be submitted which, if prepared overseas, will usually take several weeks to notarize, legalize and courier to the PRC, etc.). Moreover, the threshold for obtaining a freezing order in the PRC to preserve assets before the determination of an action is quite high.
In the PRC, the police only have the right to freeze bank accounts and cannot transfer the frozen funds. Once the funds have been frozen, the usual/main option for their recovery will be to seek judicial assistance at the state level via the relevant authority in your home country (e.g., Ministry of Justice or equivalent) for the recovery of the misappropriated funds. Many countries have signed bilateral judicial assistance treaties with the PRC.
Conclusion
As noted above, while civil action may theoretically be possible for the return of the frozen funds (e.g., on the grounds of unjust enrichment), this is seldom the best option. PRC courts will decline jurisdiction in civil proceedings on the basis that claims founded on fraud should be dealt with by way of criminal proceedings.
If seeking judicial assistance for recovery of the misappropriated funds, the relevant authority in your home country should make the request to the Ministry of Justice in the PRC. The request should specify the purpose, assistance sought, name of the competent authority conducting the investigation/proceedings in your home country and description of the crime, as well as include all relevant supporting materials, which must be translated into Chinese.
For More Information
If you are a victim of business compromise email, seek professional advice immediately in the relevant jurisdictions to “freeze” accounts and to help navigate the process of recovering funds.
Notes
[1] Generally, “spoofing” in this context means using an email address that is very similar to the legitimate email address of the CEO.
[2] Generally, “hacking” in this context would mean that your IT systems (e.g., your email server) have been compromised and the emails are being sent from the legitimate address of the CEO.
For further information, please contact:
Jonathan Gray, FitzGerald Lawyers
jonathan@fitzgeraldlawyers.com