https://usancen.lawthek.eu/en/blog/lawthek/ogh-on-fake-president-fraud-7a932dc4/
Corporate Law 

OGH on Fake-President Fraud

Benn-Ibler Rechtsanwälte

company law  control system  corporate law  fraud  managing director liability 

The strategy of "fake-president fraud" is not designed to deceive persons authorised to make decisions, but to circumvent use of, or misuse existing processes through skilful manipulation and deception of an employee subject to instructions. Managing director liability exists only in the case of individual culpable conduct.

The defendant was one of three managing directors of the plaintiff and at the same time chairman of the board of the parent company, a listed stock corporation. At the end of 2015,the plaintiff became a victim of a "fake-president fraud". This method of fraud is usually initiated via emails and the perpetrators manipulate the employees of a company into transferring money by pretending to be false identities. The plaintiff seeks compensation for the financial loss caused as a result of this attack and argued that the defendant had breached his statutory duties as a managing director by being responsible for the lack of an internal control system.

The purpose of an internal control system is to safeguard assets, ensure the accuracy and reliability of accounts and support compliance with business policies.

In the present case, a control system was in place. However, contrary to the specifications, the “four-eyed” control principle was not adhered to. After exchanging a total of 92 e-mails, the group leader allowed herself to be persuaded to transfer several payments totalling around EUR 54 million to the accounts named to her by the fake president.

Fake-President Fraud, which is based on methods of "social engineering", aims precisely to entice the targeted employees to circumvent the control mechanisms. The method used here goes considerably beyond the conventional e-mails, which are easily recognisable as fraud attempts due to their numerous errors and clumsy wording.

The exploitation of human characteristics is a central feature of the technologically and psychologically adept highly professional attackers. The employee is flattered by expressions of trust and praise, a basis of trust is established, which is reinforced by telephone contacts and the ostensible involvement of reputable authorities - in this case, the financial market authority. Existing doubts are dispelled, false documents are used, all with the aim that the employee is willing to bypass the existing security systems deliberately, supposedly, as an exception, on behalf of the board of directors and in the interest of the company.

According to Section 25 para 1 of the Act on Limited Liability Companies (Gesellschaft mit beschränkter Haftung-Gesetz, GmbHG) the managing directors are obliged to exercise the diligence of a prudent businessman in their management. Liability of the corporate body presupposes that it exceeds its discretionary powers, makes an evidently incorrect factual decision or an almost unjustifiable decision. The basis of liability under Sec. 25 GmbHG is an individual, culpable breach of duty. Managing directors are only liable for the misconduct of employees if they have culpably violated their organisational and supervisory duties and this violation was causal for the damage.

OGH 8 ObA 109/20t (03.08.2021)



More Services

LawThek Efficient Legal Information LawThek uses cutting-edge technologies like graph databases and AI to make legal information accessible. (opens in new tab) JobThek Legal Jobs The job board for legal professionals – find your next career opportunity in the legal sector. (opens in new tab) LegalNetics Innovative LegalTech Solutions Transform your legal documents into connected knowledge with LegalNetics. (opens in new tab)