The future of foreign exchange company Travelex, which was disrupted for weeks by a ransomware attack in January, hangs in the balance today after its parent company, Finablr, appointed accountants to prepare it for potential insolvency.
Travelex took a £25m hit after it was attacked by cyber gangsters who held the company to ransom for £6m on New Year’s Eve, disrupting foreign exchange services to the company’s outlets worldwide and to high-street banks.
It now faces further uncertainty after its parent company, Finablr, began emergency talks with lenders in the wake of an emerging accounting scandal at the company.
Finablr, which provides payment and foreign exchange services for more than 25 million consumers and 1,500 corporate and institutional partners in 170 countries, suspended its shares on 16 March 2020 amid doubts over its ability to continue in business.
The group said in a statement today that following its “present liquidity situation and ongoing discussions with lending banks”, it had appointed an “accounting firm to undertake rapid contingency planning for a potential insolvency appointment”.
The announcement came a day after Finablr, which owns the financial services and foreign exchange companies Travelex and UAE Exchange and other financial services brands, said that it had discovered $100m worth of cheques that had been kept hidden from the board of directors.
Finablr chief executive Promoth Manghat has told the board he will step down from the company following the discovery.
Following publication of this story, Travelex said in a statement that it was taking advice from accounting firm PwC and other external advisers. The company said it had maintained a legal and financial structure that would allow it to continue operating separately from the Finablr group as a standalone business.
Travelex was already under pressure after incurring £25m costs following the cyber attack at the turn of the year, in which a cyber crime group infiltrated its computer systems with Sodinokibi malware that encrypted the company’s files.
The attack forced staff at Travelex’s 1,200 outlets in airports and other retail sites to use pen and paper to keep track of foreign currency sales and led to shortages of some foreign currencies.
It also disrupted Travelex’s ability to provide foreign exchange services for high-street banks, including Barclays, First Direct, Virgin, Clydesdale and Tesco.
The criminal group threatened to sell financial details of Travelex’s customers in a post on a Russian-speaking cyber crime forum a week after the attack, unless the company agreed to pay a ransom, reported to be $6m.
Travelex said on 2 March that it had successfully restored all of its “customer-facing” systems following a phased and controlled programme after the cyber attack.
But the attack, which left some of the company’s financial reporting tools unavailable in January, had delayed Travelex’s ability to report its full-year results for 2019 until at least mid-April.
Covid-19 adds to difficulties
The foreign exchange company has now faced further financial difficulties as travel restrictions following the spread of coronavirus have reduced demand for its services.
Travelex warned at the beginning of March that it had been negatively impacted by the Covid-19 outbreak, which was limiting demand for foreign currency in airports, particularly in China and Asia, which account for 10% of its revenues.
The company said at the time that it was holding talks with Finablr and lenders over credit facilities and was taking action to reduce costs.
Finablr gave a further warning on 12 March that travel restrictions introduced worldwide to limit the spread of Covid-19 had reduced the demand for foreign exchange and payment services, and had made it harder to access the foreign currency it needs to run its business.
In a statement following publication of this story, Travelex said it was working to mitigate the impact of Covid-19 on its business.
“Travelex operations continue as usual with extensive ongoing work and the support of its key financial stakeholders to mitigate the severe challenges created by reduced travel volumes as a result of the Covid-19 crisis,” it said.
Cyber insurance claim for hack
Travelex expects to offset a “material portion” of the £25m cost of the cyber attack through its insurance, but added the timing of any payments had yet to be worked out.
The company says it does not expect the cyber attack to have any material impact on trading in the second and third quarter of 2020, its peak trading period.
Finablr said on 9 March that its board intended to commission an independent post-incident review to ensure the findings and recommendations from the incident are learned across all companies in the group.
Ratings agency S&P downgraded Travelex’s credit rating in response to the attack, questioning whether it could survive as a standalone company.
Moody’s Investor Services also downgraded its credit rating of Travelex, citing the cyber attack, the impact of coronavirus and governance issues at Finablr.
Kroll investigates financial irregularities
The Finablr group has appointed corporate investigation company Kroll to review the company’s financial transactions, including the cheques that the company said may have been used as security for financing arrangements for the benefit of third parties.
The company said in a statement yesterday: “As a result of the foregoing events, the board is unable accurately to assess the financial position of the company and there is a material uncertainty about the group’s ability to continue as a going concern.”