On September 19, 2022, Borgarting Court of Appeal rendered a verdict in one of the largest fraud cases in Norwegian history. Hjort law firm assisted the Italian energy company Edison, which was victim to a comprehensive CEO fraud in 2019.

Following to the verdict of the Court of Appeal the result of Oslo District Court's judgement remains standing, and Danske Bank must pay NOK 39 million in compensatory damages and interest on late payments to Edison. Hjort's team in court consisted of lawyer and partner Nils Christian Langtvedt, together with lawyers Ole Iversen Johnstad Kalvø and Øivind K. Foss.

Case background

In the autumn of 2019, the Norwegian subsidiary of the Edison Group was targeted in a sophisticated CEO fraud. The subsidiary's managing director received an inquiry from fraudsters acting as the Group's Chief Executive Officer (CEO) in Italy. The fake CEO instructed the managing director of the Norwegian subsidiary to assist with the execution of payments as part of an acquisition the Group was in the process of completing.

Through manipulation of the managing director of the Norwegian company, the fraudsters managed to create a false belief that the payments had to be completed immediately and kept strictly confidential. Over the period of two weeks, the managing director of the Norwegian company was manipulated into making 13 payments from the company's account in Danske Bank to the fraudster's accounts. In total, the payments amounted to NOK 130 million, all of which went to newly incorporated companies in Hong Kong. Edison had not previously made any payments to Hong Kong.

In the spring of 2020, Edison filed a lawsuit against their bank in Norway, Danske Bank, seeking compensatory damages. On February 8, 2022, Oslo District Court concluded that Danske Bank should have stopped the payments and that the bank was liable for damages to Edison International. On April 19, 2023 Borgarting Court of Appeal concluded that the District Court's judgment was correct.

The court's assessment

The majority of the Court of Appeal found that the Bank has an obligation to have control measures to detect and prevent fraud. Without being able to justify why, Edison was exempt from the Bank's automated control system. When one of the payments was accidentally stopped in the automated control system, Danske Bank's subsequent manual control was deemed inadequate by the court's majority. Known indicators of CEO fraud were not followed up.

Furthermore, the court's majority also concluded that the Bank's failure to comply with obligations under the Anti-money Laundering Act was relevant when assessing the Bank's negligence. The court's majority found that the information registered when onboarding Edison as a customer was inadequate to fulfil the Bank's obligations under the anti-money laundering regulations. The Bank's follow-up of the transactions was also considered inadequate in light of the Bank's obligations under the Money Laundering Act.

When considering all relevant aspects the majority of the Appeal Court found that Danske Bank's conduct deviated from the control regime a bank must have in order to exercise its professional responsibilities in a prudent manner. If Danske Bank had fulfilled its professional responsibility diligently, the majority of the Court of Appeal found that the fraud would have been prevented. There was therefore a basis for Edison's claim for compensatory damages against the Bank. As a result of Edison's own conduct, the Bank's liability was reduced as compared to total amount transferred to the fraudsters and Danske Bank must pay compensatory damages and interest on late payment totaling NOK 39 million.

The verdict was rendered with dissent 2-1 and has been appealed.

What is CEO fraud?

CEO fraud is fraud carried out by email, telephone, SMS or similar means by persons impersonating the management of a company or group. Companies headquartered abroad may be particularly vulnerable. By impersonating the management of the company or group, the aim of the fraudsters is to deceive someone in the company or group into transferring money to an account belonging to the fraudsters. The fraudsters are becoming more and more thorough in their preparations and individual attacks are tailored towards specific companies and employees.

What are the characteristics of typical CEO fraud?

Even if the fraudsters succeed in deceiving employees in a position to transfer money on behalf of the company, there are some indicators that typically characterize a CEO fraud.

If such indicators are identified, it may help the company itself and/or the company's bank to detect and prevent the fraud.

Typical indicators of CEO fraud

  • Lack of payment history to the recipient of the transfers.
  • Urgency to complete the transfers.
  • The payments shall be kept secret.
  • The transfers are divided into multiple payments.
  • The payment are made to high-risk countries for financial fraud, such as Hong Kong.
  • The recipient of the payment is a newly established company with no legitimate business that is visible externally.

Originally published by 24 April, 2023

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Nils Christian Langtvedt
Advokatfirmaet Hjort DA
Universitetsgata 1

© Mondaq Ltd, 2023 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source Business Briefing