Norfund has been exposed to a serious case of fraud

Oslo, May 13th, 2020

Norfund has been exposed to a serious case of fraud through an advanced data breach. We are now cooperating closely with the police and other relevant authorities to get a full overview of the situation and to pursue and protect our interests. We have already introduced measures to strengthen our routines and halted all payments.

“This is a very unfortunate situation. We now have to get a full overview of the chain of events in order to get to the bottom of this. Based on findings, we will introduce further measures and strengthen routines to prevent this from happening again”

Chair of the board of directors, olaug svara

Norfund has been exposed to a serious case of fraud through an advanced data breach. There are still many details that require further investigation, but as of today we can say that a series of events have enabled this fraud. We are now working to get a full overview of the sequence of events and take appropriate measures to strengthen our routines and systems in order to prevent this from happening again. The fact that this has happened shows that our existing systems and routines were not secure enough.

Advanced data breach

Through an advance data breach, the defrauders were able to access information concerning a loan of USD 10 million (approx. 100 million NOK) from Norfund to a microfinance institution in Cambodia. The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language. Documents and payment details were falsified.

As a result of this extensive manipulation of communication, the defrauders were successful in diverting funds to an account not belonging to the intended recipient. The name of the account holder was the same as the name of the microfinance institution in Cambodia. The funds have been diverted to Mexico. The fraud took place on the 16th of March. The fact that the defrauders were able to manipulate the communication between Norfund and the intended recipient was a major contributing factor in delaying detection. The fraud was discovered on the 30th of April, as the scammers initiated a new fraud attempt. This attempt was discovered and prevented. So far, Norfund has not uncovered any further fraud attempts beyond the two above mentioned incidents.

“This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable. The fact that this has happened shows that our systems and routines are not good enough. We have taken immediate and serious action to correct this”

CEO, Tellef Thorleifsson

Norfund immediately established a crisis management team, informed our owner, the Ministry of Foreign Affairs, and contacted the police. We are now dedicating considerable resources to get the full overview and are systematically reviewing internal routines and control measures. Norfund is collaborating closely with the police, our bank DNB and other relevant authorities. A report has been filed with the police.

Norfund’s Board of Directors has engaged PwC to undertake an external, independent evaluation of company routines and security systems.

An increasing problem for Norwegian companies

The Norwegian Centre for Information Security, the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime and DNB are among those who have highlighted this type of fraud cases as an increasing problem for Norwegian companies and that the number of unreported or undiscovered cases likely is high. Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities.

DNBs head of fraud prevention, Terje A. Fjeldvær states that “Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarize themselves with how the parties correspond. The payments they initiate therefore deviate very little from ordinary payments performed by the victimized company and become very hard to detect and prevent.”

Transparency is important to Norfund

It is very important to us to be open and transparent on this issue, not least to reduce the risk that others become victims of similar fraudulent activities. We did not go public with this at an earlier stage due to police advice with regards to the ongoing investigation.

A press briefing is scheduled for today at 15:00 at Norfund’s head office in Oslo, Fridtjof Nansens Plass 4. CEO Tellef Thorleifsson, other staff members from Norfund and representatives from DNB will be present to make statements and take questions. Due to infection control measures, seating will be limited. Please submit a request for participation to inger.nygaard@norfund.no.