Directors and Boards on notice with recent ruling
A new legal precedent has been set after a company paid a $190k false invoice and was ordered by the court to pay the original invoice as well
In short:
Company Inoteq Pty Ltd has been ordered to pay more than $190,000 to Mobius Group after paying a fraudulent invoice.
Hackers used the email of Mobius's director to send the invoice with new bank details and the court found Inoteq didn't do enough to protect itself.
What's next?
Lawyers say the effects of the case are likely to be felt across the country.
This mistake effectively cost the customer (Inoteq) over double the original invoice and underscores critical lessons for directors and the broader C-suite regarding the importance of robust internal controls and vigilant risk management. In this case, despite attempting to verify the altered bank details via a single phone call, the court deemed Inoteq's actions insufficient and held the company liable for the unrecovered amount, plus interest.
Key Risk Considerations:
-
Enhanced Verification Processes: The court's decision highlights that superficial verification methods are inadequate. Executives must ensure that their organisations implement multi-layered verification protocols, especially when processing significant financial transactions. This includes cross-referencing changes in payment details through multiple communication channels and obtaining written confirmations.
-
Segregation of Duties: Establishing a separation of responsibilities within the finance function is an important process; however, in isolation and when not enforced issues will arise.
-
Regular Fraud Risk Assessments: Conducting periodic fraud risk assessments enables organisations to identify vulnerabilities and implement appropriate controls. The Serious Fraud Office of New Zealand (SFO) and the Australian Securities and Investment Commission (ASIC) provides guidance on conducting these assessments, emphasising their role in proactive fraud prevention.
-
Director and Executive Accountability: The ruling serves as a reminder that directors and executives are accountable for ensuring effective risk management frameworks are in place. Failure to do so can result in personal liability and reputational damage. The Court decision further clarifies the extent of directors' duties and liabilities, reinforcing the need for diligence in governance practices.
-
Continuous Education and Training: Keeping abreast of emerging fraud tactics and evolving legal expectations is essential. Regular training programs for the C-suite and board members can foster a culture of vigilance and compliance, ensuring that leadership is well-equipped to address potential threats.
In conclusion, the Inoteq case serves as a critical reminder of the necessity for comprehensive internal controls, diligent verification processes, and proactive risk management strategies. Directors and executives must prioritise these areas to safeguard their organisations against fraud and to fulfil their duty of care.
Read the full ABC News Article
