Arup CIO Hopes that Others Will Learn from His Mistake

Arup CIO Hopes that Others Will Learn from His Mistake

UK engineering group Arup faced one of the world’s biggest known deepfake scams in Hong Kong last January 2024. Arup employs about 18,000 people worldwide and has annual revenues of over £2bn. The company was duped by cyber criminals who virtually cloned a CFO using video, audio, and other AI generated material. (You can read the full article by the Financial Times here.)

The scam happened after one Arup employee received a fraudulent message about a “confidential transaction” from a sender who claimed to be the UK-based Chief Financial Officer. The Arup staff member scheduled a video conference and, unbeknownst to him, met with a digitally cloned version of the CFO (and other fake employees) requesting financial transfers. After the video conference, the Arup staff member made 15 transfers to five Hong Kong bank accounts before discovering the scam. Arup suffered HK$200mn ($25mn) in losses to the cyber criminals.

Arup’s global Chief Information Officer, Rob Greig, warned that deepfake scams have been rising in both number and sophistication, and companies should learn from Arup’s experience and always be on the lookout.

In case you missed last week’s blog, the company size thresholds have been increased for accounting periods commencing on 1 January 2024, with the option to implement the increase for accounting periods commencing from 1 January 2023.

For a full list of the thresholds see our new publication here for €60+VAT.

For more on AML related matters go to:

For more on the whole ISQM process for audit firms, please see our ISQM 1 Toolkit on our website here.

Also, on our website we have:

  • Letters of engagement and similar templates (all updated since May 2024) – Please visit our website here where immediate downloads are available in Word format here. A bulk discount is available for orders of five or more items bought together.
  • ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by email at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements.

The ISQM TOOLKIT 2022 is available to purchase here.