For the last decade, a new type of fraud is particularly expanding amongst major size French companies: the so called CEO impersonation fraud or CEO fraud (“fraude au president” in French).

This type of fraud commonly follows the same modus operandi: a small group of fraudsters pretend to be a Chairman or CEO of the company to order an international transfer of money into a specific bank account located outside the country. Once the money is received, it is quickly transferred in another country and both criminals and transferred funds then vanish. This fast expanding phenomenon sets new challenges in terms of insurance coverage and new perspectives for the insurance market.

What is a CEO impersonation fraud?

CEO impersonation fraud is an organized scam which purpose is to fraudulently impersonate a CEO who orders an employee to transfer consequent amounts of money to a third party bank account.

What is the modus operandi?

An employee authorized to transfer money on behalf of the company receives a fake email or phone call from a chairman of the holding, ordering to urgently transfer money on a foreign account, in view of an alleged takeover or to avoid tax penalties.

The emergency, the secrecy of the alleged transaction and the degree of power and persuasion a director would vest the subaltern employee with is aimed to short-circuit the usual security process before transferring currency outside the company.

Subsidiaries are particular targets since CEOs are less well-known to the employees than in the holding company.

Why is CEO impersonation fraud flourishing in France?

Although the tricks used by the fraudsters remain basic and have proved to be effective throughout the years, development of new technologies, border-free practice of business and hacking tend to favour thorough gathering of crucial information from the company, spread across the four corners of the Internet. Employees’ social networks, the company organizational scheme and the online commercial registry can be relied on as tools to infiltrate a company without help from an inside accomplice.

This phenomenon concerns mostly French companies and foreign company’s subsidiaries established in France because a concentration of French-speaking fraudsters settled in and operate from Israel and China.

Figures and examples

Although many CEO frauds remain undiscovered, French authorities stated that 350 companies were attacked in 2013, with a global loss of EUR 155 million. In 2014, numbers continued to rise: up to 500 companies were under attack for a loss amounting EUR 250 million. About 10% of the frauds against companies in France come from CEO impersonation.

International companies such as Michelin, Vinci, Eurocopter, Virgin, Saint-Gobain, Nestlé and even insurance companies (Malakoff Médéric) have been targeted, sometimes in the range of millions of euros.

How are CEO impersonation frauds insured?

Which type of insurance would cover such fraud?

CEO impersonation fraud is relevant to property insurance covering loss due to misappropriation of the assets of the company. Typical fraud coverage provisions generally provide that the insurer covers the insured against direct pecuniary loss resulting from criminal offenses enumerated in the policy, regardless of the author (internal or external fraud).

Foreign companies with subsidiaries located in France or in a French speaking area (Swiss, Belgium, Africa) would be well-advised to refer to their lawyer, intermediary or insurer to ensure they are offered the right coverage before facing a CEO impersonation fraud.

Overview of the insurance market covering fraudulent transfer order

The French market already provides commercial fraud and fraud and malice policies that generally cover CEO impersonation when performed under the offence of theft, breach of trust, fraud and forgery.

However, due to an increasing and important total loss experience (up to 500%) in comparison with a low risk pooling and to a low rate of funds recovery, few insurance companies currently offer this coverage. Only 20% of the companies are covered against CEO impersonation fraud.

As the insurers positioned in this niche are currently rethinking their offering in terms of exclusions, deductibles, caps and warranties to improve profitability, long term awareness raising campaigns are also put in place within the companies to limit the risks and improve secured money transfer processes.