CFO jailed for siphoning off S $ 1.3 million using company internet banking tokens
SINGAPORE: For more than three years, a CFO embezzled about S $ 1.3 million from corporate accounts using internet banking tokens intended for his CEO and CEO.
On several counts of unauthorized access to computer equipment between January 2015 and March 2017, Cheng Jun was sentenced Monday, March 30, to three years and nine months in prison.
The court heard that Cheng, 33, worked as a finance director at Sinopay Singapore, a subsidiary of the Sinopay Group that provides bank cards and financial services.
He was responsible for managing corporate accounting and human resources for the company, including billing accounts, customer payments and employee salaries.
Cheng CEO Mr. Christopher Chuang Tze Chung has requested internet banking services for the three UOB accounts at Sinopay Singapore.
Cheng helped his boss complete the application forms for three ibanking tokens – for use by Mr. Chuang, general manager of Sinopay, and Cheng himself. Mr. Chuang was supposed to approve the transactions before they were made.
However, since Mr. Chuang lived in Hong Kong, Cheng was tasked with receiving the UOB ibanking tokens which were delivered to Sinopay’s Kallang address.
Instead of sending the CEO his internet account information with Mr. Chuang’s token, Cheng only sent the confirmation letter, without the accompanying ibanking token.
Mr. Chuang was unaware of the existence of the ibanking physical tokens and signed the confirmation letter, before returning it to Cheng.
Cheng did the same with the general manager, sending only the letter and not the ibanking token.
He kept the three ibanking tokens and logged into the accounts using the initial passwords provided by UOB.
Cheng began to log into ibanking services to transfer funds from Sinopay’s accounts to his own, without Mr. Chuang’s knowledge or authorization.
He spent the money on his personal expenses and gambling in casinos, transferring a total of S $ 1,293,496.17 to himself.
He initially escaped detection by claiming the transfers were for business purposes such as paying claims and indemnities, Deputy Prosecutor Jordon Li said.
CEO FLIES TO SINGAPORE AND DISCOVERS CRIMES
The crimes went unnoticed until February 2017, when the CEO traveled to Singapore to request that Sinopay be listed.
He checked the company’s bank account statement and found numerous unknown bank transfers. He checked with the bank before confronting Cheng in the office on March 6, 2017.
The CEO then called 999 that day, reporting that one of his employees had stolen a million dollars from his company.
Cheng transferred S $ 20,000 to Sinopay’s bank account that day when he was arrested, and the police then froze his OCBC bank account, which had a balance of S $ 135,400.
They also froze his wife’s UOB account, which contained approximately S $ 11,000 from Cheng’s account.
Police also seized a Nissan Qashqai car that Cheng had purchased with the proceeds of the crime. The car has since been returned to Sinopay and sold.
Cheng pleaded guilty to 14 counts under the Computer Abuse and Cyber Security Act, and 22 more counts were considered in sentencing.
The prosecutor requested five years in prison, noting that Cheng had committed the offenses over a long period of time, with substantial premeditation as he had surreptitiously taken control of the bank accounts.
He added that Cheng abused the trust placed in him and was motivated by financial gain.
Defense lawyer Amarjit Singh instead requested three years and four months in prison, saying his client felt remorse and that the five years sought by the prosecution was “too overwhelming”.
He said his client suffered from a gambling addiction and “has a firm resolve to seek help” for it.
For each charge, Cheng could have been jailed for up to two years, fined up to S $ 5,000, or both.