CEO Fraud in the Age of AI and How to Adapt

CEO fraud is not a new phenomenon. Also known as business email compromise (BEC), it traditionally involved messages that appeared to be sent by a senior executive, such as the CEO of the company, often requesting a payment be made. The scammer spoofed the executive’s email address, or managed to access their account, and ordered what looked like a legitimate business transaction. This resulted in company funds being transferred to the criminal team behind the fraud.

However, the rise of artificial intelligence (AI) and criminals developing increasingly sophisticated tactics means there is a shift in the threat landscape. The ability to use generative AI to create realistic and persuasive images, audio and videos of people is widespread and affordable. This gives criminals the ability to create deepfakes (manipulated, realistic images and videos) of executives that could easily trick employees into catastrophic errors.

Deepfake fraud attempts grew by 96% in France and 84% in Spain during 2025. And identity verification platform Sumsub reported that 72% of EU companies are anticipating a sharp increase in AI-generated attacks in the future.

This article explores why this is a major governance and compliance issue that many companies are not yet equipped to mitigate and what organisations can do to safeguard themselves against modern CEO fraud.

Table of Contents

AI CEO fraud example

CEO fraud as a governance and compliance issue

Why traditional controls are failing

What modern controls need to look like

Moving from prevention-only to detection and response

Conclusion

References and Further Reading

AI CEO fraud example

In July 2024, a finance executive at Italian car manufacturer Ferrari was contacted by someone using a deepfake representation of CEO Benedetto Vigna’s voice on WhatsApp. It asked them for help conducting a transaction relating to a “big acquisition.”

Thankfully, the recipient was sceptical about the veracity of the call and asked the deepfake which book Vigna had recently recommended to them. When the fake Vigna couldn’t answer, the executive raised the alarm.

On this occasion, the number and photograph on the WhatsApp account were different from Vigna’s, raising suspicions. But, the executive reported that the accent was an almost perfect replica, showing how easy it might be for other companies to fall victim.

CEO fraud as a governance and compliance issue

With realistic generative AI in the hands of criminals, there is a risk of damage to the effective running of the company and its legal standing. Using the trust and authority garnered by senior leaders, bad actors can exploit your current controls and target weaknesses within your oversight and decision-making processes.

Key risks include the following:

Risk	Examples
Financial loss	Unauthorised payments or changes to supplier bank details.
Regulatory breaches	Fraudulent transactions bypassing anti-money laundering checks, incorrect financial reporting, leaking of inside information.
Data protection incidents	The misuse or leaking of sensitive, personal information managed by the company.
Reputational damage	Loss of stakeholder trust if the news of an incident is made public.
Liability	Directors could be held personally or collectively liable for the breach if it is found that governance protocols are not robust enough.

It is essential that all stakeholders understand the defined responsibilities and accountabilities to help employees spot suspicious behaviour. Ensure these are enshrined in documentation. Keeping clear audit trails also provides evidence of who approved what and when.

You should also have a response plan in place. Although prevention is important, the sophisticated nature of these attacks means they may circumvent your controls. Make sure you have a clear escalation plan and post-incident review procedure in place.

Why traditional controls are failing

There are a range of reasons why traditional controls might not be adequate to mitigate the risk of modern CEO fraud. These include:

Static approval workflows and checkbox compliance that fail to adapt processes to manage new risks, such as those posed by deepfake attacks. They usually rely on hard rules, such as transaction limits, rather than adapting to the dynamic nature of AI-generated fraud.
An over-reliance on using email for compliance workflows, which can be easily spoofed or manipulated to trick recipients.
Exploitation of authority bias, which might cause employees to ignore red flags and bypass time-consuming verification processes because an ‘executive’ has urged them to carry out a payment quickly.
Lack of a speak-up culture might lead to employees not feeling comfortable expressing doubt over a communication or reporting actions of colleagues that cause vulnerabilities.
Fragmented documentation across email, spreadsheets and messaging tools makes it difficult to look up approvals, changes and exceptions to verify processes in a short timeframe.

A critical first step in preventing CEO fraud is ensuring employees can report concerns anonymously and without fear of retaliation. When requests appear to come from senior leadership and pressure is applied to act quickly, staff need a secure way to flag suspicious behaviour.

IntegrityLog provides a secure whistleblowing and speak-up platform that enables employees to raise concerns confidentially, while giving compliance and governance teams clear visibility of reports, actions and decision-making.

Give employees a safe way to raise concerns

Explore how IntegrityLog supports confidential reporting, structured escalation and robust audit trails when traditional controls are no longer sufficient.

Request a demo today

What modern controls need to look like

When implementing controls that will help you meet the changing requirements in the age of AI, you need to prioritise protection. Look for trusted solutions that meet with international standards for data management and security. Use platforms that require role-based access control to limit the number of employees able to make significant changes to only those who truly need that authority to carry out their work.

The ideal compliance tools will maintain a comprehensive audit trail of processes to ensure that you can trace the decision-making process and discover what happened when that led to an incident. This also allows you to find solutions to close vulnerabilities in the future.

Internal communication is key. This means creating an environment in which all parties feel comfortable challenging any request that doesn’t feel right, even if it appears to come from a senior leader. It also creates transparency over decision-making that helps employees understand whether an interaction with what appears to be a company leader fits with the organisation’s direction of travel. Where leadership does not share governance matters, it is easier for fraudsters to trick employees into releasing funds for a non-existent takeover bid, for example.

Moving from prevention-only to detection and response

AI CEO fraud can be difficult to spot and that means there will be times when your controls are breached. So, it is essential to be prepared to detect and respond effectively to issues, rather than just relying on controls preventing attacks. Here are some steps you should take:

Conduct regulatory horizon scanning so that you maintain a clear understanding of your obligations regarding the fallout of fraud incidents. This will shape the controls you put in place and the procedures for managing them.
Recognise that prevention is not enough and seek out compliance tools that can help you keep track of employees' personal trades. With InsiderLog’s new module, you can easily set up pre-approval and reporting, define closed periods and create a single source of truth for employee trading.
Use tools that log all changes and actions taken so you can build an audit trail that allows you oversight on all activities.
Implement a systematic policy management process to create, implement and communicate your rules relating to the continually shifting cybersecurity landscape. This familiarises your team with your official approach to mitigating CEO fraud attacks.
Allow finance, compliance and governance teams to collaborate on the same secure platform or dashboard, allowing them to highlight, check and triage unusual behaviour faster than when using fragmented tools.
Have a system in place that allows for confidential whistleblowing, such as IntegrityLog. This enables employees to raise concerns if they feel the behaviour of leaders does not feel right, without fear of retaliation.
Encourage ethical and transparent governance from your leadership team, using Euronext Corporate Solutions’ suite of compliance and governance tools. With this, it becomes more obvious to employees when interactions with executives seem unusual.
Simulate and rehearse your response plans and crisis communication strategy to help your team react more quickly and with more confidence when an attack happens. This reduces the financial and reputational damage of the incident.

Conclusion

CEO fraud is changing and that means that your compliance controls must adapt to keep your company protected from the risks at hand. With the potential financial and reputational damage a successful attack could cause, you cannot rely on someone spotting the subtle signs of an attack, which prevented Ferrari from losing vast sums of money. You should put in place both preventative and reactive controls to help you reduce the risk and potential impact of CEO fraud and protect your company.

Euronext Corporate Solutions provides a range of platforms and packages to keep your company compliant and protected against negative outcomes caused by schemes such as these types of fraud attempts.

Request a demo today to find out how to reduce compliance risk

References and further reading

Share this post

IR.Manager

Shareholder Analysis

LiveEquity

Post Listing Advisory

ESG Advisory

Need a different solution?

InsiderLog

IntegrityLog

TradeLog

LEI Services

Admincontrol Board Portal

Admincontrol Board Evaluation

Admincontrol Data Room

EngageStream

EuroStockNews

The Palazzo Mezzanotte

Need a different solution?

Discover the portal

Essential Solutions

Advanced Solutions

Strengthen Investor Relationships

Transform shareholder knowledge into strategic advantage

Showcase your share price in real-time

Post Listing Advisory

ESG Advisory

Planning & Executing the IR Program

Preparing for an IPO

Investor Engagement & Targeting

Post-IPO Market Positioning

Preparing for a Capital Markets Day

Investor Transparency & ESG Storytelling

Communicating Financial Results & Key Disclosures

Need a different solution?

Essential Solutions

Advanced Solutions

Ensure MAR compliance & manage insider lists

Monitor employee personal trading activity

Establishing secure, online whistleblowing channels

Stay compliant with global LEI requirements

Run secure & efficient board meetings

Ensure fast & compliant market disclosures

Comprehensive MAR Compliance

Comprehensive Regulatory Compliance

Governance & Ethical Oversight

Multi-Jurisdictional Regulatory Compliance

Executive Leadership & Board Efficiency

Accelerate M&A deals while protecting sensitive data

Need a different solution?

Essential Solutions

Advanced Solutions

Communicate updates with engaging webinars and webcasts

Crisis Response & Reputation Protection

Leadership Communication

Secure Board & Committee Communications

Need a different solution?

Essential Solutions

Advanced Solutions

Gain expertise in capital markets communications

Gain essential compliance knowledge

Professional Development & IR Expertise

Bespoke in-person training

Need a different solution?

Visit the academy

Our certifications

View all courses

Bespoke training

Our certification programmes

IR Certification Programme

Capital Markets Compliance & Integrity Manager Certification

ESG Coaching

MAR training

Whistleblowing training

Need a different solution?

Browse by type

Browse by topic

ESG Self-Assessment for Issuers

Browse

Filter by topic

Need a different solution?

Browse