UniCredit Employee in China Allegedly Embezzled $15 Million From Clients

Apr 08 2019, 7:37 AMApr 08 2019, 8:37 AMApril 08 2019, 7:37 AMApril 08 2019, 8:37 AM

(Bloomberg) -- A UniCredit SpA employee in China allegedly siphoned off about 100 million yuan ($15 million) of clients’ money over three years by taking advantage of shared passwords and other internal security loopholes, according to people familiar with the matter.

Local police and the China Banking and Insurance Regulatory Commission were informed late last year, and the regulator will levy a penalty in the coming months, the people said, asking not to be identified because they aren’t authorized to speak publicly. The CBIRC has shared information on the matter with other banks, one of the people said.

“UniCredit regrets this incident and apologizes to those affected. The safety and security of our clients’ assets is our primary concern and all efforts have been made to ensure that a similar malicious incident cannot reoccur,” a spokesman for the bank said, though he didn’t provide further details. “The Group strictly complies with all rules and regulations in each market where it operates.”

The CBIRC said in an emailed reply to queries that it has uncovered an incident involving a foreign bank employee misusing their position and powers of employment for embezzlement. It didn’t identify the bank or the individual, and said it will disclose details and punishment at a later time.

The alleged fraud -- one of the biggest among foreign banks in China -- could become the latest headache for the Italian lender’s Chief Executive Officer Jean Pierre Mustier, who took over about three years ago and inherited issues including a pile of bad debt and possible sanctions violations.

UniCredit’s employee in China allegedly used a group supervisor’s password to access clients’ accounts without authorization and fabricated transactions, the people said. The employee used the money to buy apartments in countries including the U.S., Greece and Japan, and intended to flip them at higher prices to repay UniCredit without raising any red flags, they said.

The employee allegedly confessed to the police after the bank detected that money was being illegally routed, they said. The people added that while Chinese banks have installed fingerprint and iris recognition technology in addition to password authorizations, UniCredit was still using only passwords.

While 2018 saw record fines imposed by the CBIRC, the agency focused mostly on local lenders as it tries to stamp out malpractice and corruption. CBIRC Chairman Guo Shuqing last year intensified his campaign to root out wrongdoings among the nation’s over 4,000 lenders by penalizing firms and removing senior executives.