On the perils of trusting the wrong nominee director.

Mr A resides in London. He paid Ms B to set up a company in Singapore and open a company bank account. Ms B was instructed to (a) obtain a new SIM card; (b) register that new mobile number with the bank to receive OTPs for online banking; and (c) send the new SIM card to Mr A's UK representatives.

Instead, Ms B registered her own mobile number with the bank to receive OTPs. When carrying out online transactions, Mr A's representatives would log in using a PIN, which Ms B did not have. Ms B would then forward them OTPs upon request. This arrangement was presumably acceptable to Mr A.

Then Ms B went rogue! She seized control of the bank account and transferred out over USD 1 million.

As it turned out, all Ms B had to do was to request new login details from the bank - upon which the PIN was reset. As she was the sole director and shareholder of the company, there was no reason for the bank to deny her request. Mr A's trust - in both his nominee and safeguards - proved misplaced.

Surely this arrangement was not worth the risk! But hindsight is 20/20. A reminder, perhaps, to consider the weak spots in your security arrangements.

(all views my own!)