After investigation, SEC issues fraud alert

'Business email compromise' cost 2 companies more than $30 million.

The SEC recently issued an investigation report warning public companies to be wary of a type of cyberfraud called "business email compromise" and to consider such frauds when devising and maintaining internal accounting controls.

The report, produced by the SEC's Division of Enforcement in consultation with the Division of Corporation Finance and the Office of the Chief Accountant, detailed an investigation into nine public companies that cumulatively lost nearly $100 million as a result of cyber-related frauds in which company personnel wired money or paid fake invoices after receiving spoofed or otherwise compromised electronic communication.

The SEC did not name the companies but said each had significant annual revenue and securities listed on a national exchange. Each company lost at least $1 million, and two lost more than $30 million. Little of the money was recovered, according to the SEC report. Some of the schemes lasted for an extended period and were discovered by third parties.

The companies' sectors included technology, machinery, real estate, energy, financial, and consumer goods. This, the SEC said, demonstrates that every type of business is a potential target for cyber-related fraud schemes.

After investigating whether the companies complied with internal accounting control requirements laid out in Sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934, the SEC decided not to pursue an enforcement action. The commission instead issued a Report of Investigation pursuant to Section 21(a) of the Exchange Act to make issuers of securities and other market participants aware of the threat of spoofed or manipulated electronic communications, the SEC said.

The schemes "relied on technology to search for both weaknesses in policies and procedures and human vulnerabilities that rendered the control environment ineffective. Having internal accounting control systems that factor in such cyber-related threats, and related human vulnerabilities, may be vital to maintaining a sufficient accounting control environment and safeguarding assets," the SEC report stated.


Get your clients ready for tax season

These year-end tax planning strategies address recent tax law changes enacted to help taxpayers deal with the pandemic, such as tax credits for sick leave and family leave and new rules for retirement plan distributions, as well as techniques for putting your clients in the best possible tax position.


Keeping you informed and prepared amid the coronavirus crisis

We’re gathering the latest news stories along with relevant columns, tips, podcasts, and videos on this page, along with curated items from our archives to help with uncertainty and disruption.