Every High-Value Instruction Is a Trust Decision

Email, voice and video can all be imitated. Here is the operating protocol for verifying high-value instructions without paralysing the organisation.

The answer

A high-value instruction is not made safe by recognizing a voice, address or familiar detail. The institution must establish who is instructing, through which independent evidence, under what authority and with what exception path.

A payment instruction is not true because it arrived from the right address. A legal instruction is not valid because the caller knew a private fact. A video is not authority because the face and voice appear familiar. Every instruction that can move money, release information, alter control or commit an institution is a trust decision. The channel delivers the claim. It does not prove the claim. That distinction used to feel cautious. It is now basic competence.

The attack is assembled from truth

The strongest impersonation attempts are not wholly fabricated. They are built from accurate names, current transactions, travel dates, adviser relationships, writing style, public filings and previously compromised messages. Artificial intelligence lowers the cost of turning those fragments into a coherent request, but the underlying advantage is older: people trust context that fits. The Swiss NCSC’s description of CEO fraud is blunt. Attackers identify the people involved in financial processes, manufacture urgency and make verification difficult. In its deepfake example, a finance professional was drawn into a meeting with an apparent boss. The lesson is not that video is uniquely unsafe. It is that an attacker will use whichever combination of channels makes the story feel complete.

Verification must be independent

A verification step is only meaningful if the person initiating the suspicious instruction cannot control it. Replying to the email is not independent. Calling the number supplied in the message is not independent. Accepting an incoming call from the supposed principal is not independent. Asking a colleague whose information came from the same message is not independent. Independent verification begins from a known record or a pre-agreed route:

  • Call a number already held in the trusted directory.
  • Use a separate authenticated application with a known account.
  • Confirm in person using a pre-established challenge appropriate to the consequence.
  • Ask a second authorised person who has obtained their evidence separately.
  • For bank or asset instructions, verify beneficiary and purpose through the standing process, not an improvised exception.

Set the protocol by consequence

Do not create one rule for every request. A diary change and a private-equity capital call do not deserve the same ceremony. Define tiers.

  • Tier 1 — routine: reversible, low-value actions within an existing mandate.
  • Tier 2 — sensitive: disclosure of private information, change of trusted details or onboarding of a new provider.
  • Tier 3 — high value: transfer of funds or assets, execution of legal documents, release of credentials, or material public communication.
  • Tier 4 — exceptional: any instruction that conflicts with the standing rule, invokes secrecy, introduces a new beneficiary or compresses the verification window.

As consequence and novelty rise, increase independence, number of approvers and quality of evidence. Urgency should never reduce the control. Urgency is one of the facts that raises the risk.

Create an instruction record

The aim is not bureaucracy. It is to make consequential trust inspectable after the moment has passed. For a high-value instruction, retain a compact record:

  • The original instruction and the channel on which it arrived.
  • The identity claimed and the authority relied upon.
  • The transaction, disclosure or commitment requested.
  • The independent verification performed, by whom and through which known route.
  • Any anomalies, exceptions or pressure applied.
  • The final approver and the evidence of execution.

This record protects the institution and the employee who paused the request. It also gives investigators something more useful than recollection.

Write the refusal language in advance

People bypass controls because refusal feels socially expensive. The attacker uses hierarchy and urgency to make the employee believe that verification is disloyal. Remove the improvisation. Give teams a standard response: “This instruction falls within our independent verification rule. I will confirm it through the registered channel and proceed once verified.” The wording matters. It makes the delay procedural, not personal. A genuine principal can anticipate it. A fraudster must defeat it.

Test with live friction

Tabletop exercises are useful, but this protocol should also be tested against ordinary operational pressure. Ask a senior person to request a benign but unusual change and observe whether the team verifies it. Review failed or abandoned attempts, not only completed fraud. The metric is not how many warnings staff have read. It is the percentage of high-consequence instructions independently verified before execution—and the time needed to do so.

Trust is a designed act

Trust is not the absence of verification. It is the decision to act after the available evidence meets the consequence. The institution that understands this can move quickly because it knows exactly how certainty is established. The institution that does not understand it moves quickly until the day it moves someone else’s instruction.

Sources

  1. Swiss NCSC: CEO-FraudSwiss NCSC: CEO-Fraud

    Primary authority

  2. Swiss NCSC: Online meeting with deepfake bossSwiss NCSC: Online meeting with deepfake boss

    Primary authority

  3. Swiss NCSC: Social engineeringSwiss NCSC: Social engineering

    Primary authority

Jonathan P. De CollibusFounding Partner, Svperior / Cyber

Ross Belhomme

Ross leads Legal within Svperior GmbH. His work draws on more than two decades across international fiduciary, wealth-structuring, and private-client environments, combining legal, financial, and technical judgment around governance, privacy, assets, authority, and cross-border operating conditions.

Legal strategy / Governance / Private-client structuring / Digital assets

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry