Back to Quest Board
💰

The Gilded Deception

Authorised Push Payment Fraud & SWIFT Payment Compromise
P1 — Critical

A shadow has fallen over the vaults of your private banking citadel. A master deceiver — a sorcerer of silver tongues and forged seals — has woven an intricate enchantment around your most trusted payment channels. Through cunning manipulation and arcane forgery, fraudulent SWIFT messages have been conjured and an ultra-high-net-worth patron has been beguiled into authorising a devastating push payment to a phantom treasury. As the golden threads unravel, the guild must race against time to recover the stolen hoard, contain the breach, and answer to the Elder Councils of regulation before the realm's reputation crumbles to dust.

60 minutes
DC 15
4 Injects
4–12 Players

Compliance Frameworks

FCA Handbook DISP PSR APP Fraud SWIFT CSP PRA Fundamental Rules

🛡️ Roles & Party Members

War Chief Required
Incident Commander

Leads the crisis response, coordinates all workstreams, and makes critical escalation and containment decisions

Shadow Hunter Required
Fraud Team Lead

Directs fraud investigation, analyses transaction patterns, coordinates recall requests, and liaises with receiving banks

Sentinel of the Golden Seal Required
Compliance / MLRO

Assesses regulatory notification obligations, manages SAR filings, advises on APP fraud reimbursement rules, and coordinates FCA/PSR engagement

Arcane Engineer Required
IT Security Lead

Investigates the SWIFT environment compromise, reviews access logs, assesses infrastructure integrity, and implements technical containment

Loremaster Optional
Legal Counsel

Advises on liability exposure, evidence preservation, freezing order applications, and engagement with law enforcement

High Council Elder Optional
Senior Management

Provides executive authority, manages SM&CR accountability implications, and engages the board on financial and reputational exposure

Herald of the Realm Optional
Client Relations

Manages communication with the affected UHNW client, coordinates reimbursement discussions, and preserves the client relationship

⚡ Inject Timeline

1
The Phantom Gold — Suspicious Payment Detected
T+0 Minutes

At 09:14 UTC on a Monday morning, the bank's real-time payment fraud detection system flags two high-value outbound SWIFT MT103 messages for manual review. The first payment — £2.4 million — was ...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
2
The Enchanter Unmasked — Investigation & Containment
T+15 Minutes

The IT Security team's emergency investigation into the SWIFT environment has produced alarming findings. Analysis of the SWIFT Alliance Lite2 gateway logs reveals that an unauthorised operator profil...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
3
The Quest for Lost Gold — Fund Recovery Attempts
T+30 Minutes

Six hours have passed since the fraudulent payments were detected. The SWIFT gateway has been taken offline for forensic rebuild and all outbound payments are being processed via a manual contingency ...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
4
The Elder Council Convenes — Regulatory Reporting & Client Response
T+45 Minutes

Forty-eight hours have passed since the initial fraud detection. The bank now faces the full regulatory and reputational consequences of the incident. The FCA's Supervision team has been formally noti...

6 Discussion Prompts 1 Dice Events 4 Possible Complications

📋 Debrief Questions

Post-Battle Assessment — The Gilded Deception
  1. Were the bank's fraud detection controls effective in identifying the suspicious payments, and what improvements would have enabled earlier detection?
  2. Was the decision to take the SWIFT gateway offline proportionate, and was the manual contingency procedure adequate for business continuity?
  3. How effective was the fund recovery process? Were recall requests submitted quickly enough, and were all available legal and banking channels utilised?
  4. Was the APP fraud reimbursement decision handled appropriately? Did the team correctly assess the bank's liability under the PSR mandatory reimbursement framework?
  5. Were regulatory notifications (FCA Principle 11, SWIFT ISAC, PSR) submitted in a timely manner with appropriate content? Was the balance between transparency and legal protection correctly struck?
  6. What systemic control failures enabled the attack — access management, dual authorisation, callback verification, phishing defences — and what is the prioritised remediation roadmap?
  7. How were the SM&CR implications managed? Were Senior Management Function holders appropriately supported while maintaining investigative independence?