Appian Asset Management ('Appian'), an Irish based and owned asset manager, has been fined €443,000 by the Central Bank for breaches of regulation regimes covering client asset protection, anti-money laundering, and fitness and probity. This was the first imposition of a sanction by the Central Bank where there has been a loss of client funds from cyber-fraud as a direct result of the firm's regulatory breaches
The breaches, which have been admitted by Appian, led to the loss of €650,000 of a client's funds as a result of cyber-fraud. The Central Bank, following an investigation, stated that Appian's failures were in the following areas:
- it had defective controls to protect client assets against fraud;
- it had inadequate policies and procedures to monitor transactions, detect and report money laundering and provide its staff with appropriate training; and
- it failed to ensure that an employee, performing a role that might expose Appian to financial, consumer or regulatory risk, was fit for that role.
These failures led to the success of a fraudster who, posing as the real client over a two month period, requested the liquidation of €650,000 of the client's assets to be paid into two third party UK accounts.
The Central Bank found that Appian had processed the request despite the presence of a number of red flags, signalling potential fraud and money laundering. For example, the e-mail correspondence from the fraudster contained a number of spelling and grammatical errors which were not consistent with the profile of the real client, that of a competent businessperson. The fraudster induced Appian to pay the proceeds of the redemption in to two separate corporate accounts outside of Ireland, which is where the real client resides. The fraudster then requested that the payments be split into smaller amounts with the intent of avoiding UK banking controls and subsequently provided incorrect account names twice and incorrect payment details once. These red flags did not trigger a commensurate response from Appian.
Seána Cunningham, the Central Bank's Director of Enforcement and Anti Money Laundering, commenting on the issue, stated:
"Appian's failures in this case demonstrated serious deficiencies in its governance arrangements, risk management, compliance oversight, and systems of internal control. These failings, combined with a culture in which clients' instructions were given primacy over security and regulatory concerns, rendered the Firm exposed to the cyber-fraud that occurred. It placed client assets at heightened risk and that risk crystallised. The Central Bank views such fundamental failings as completely unacceptable."
The Central Bank's action underlines the importance of cyber-fraud prevention in a modern corporate governance code and culture with the design, implementation and updating of an effective cyber-fraud prevention plan a matter for which responsibility should be assumed at board level.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.