Published: Wednesday November 23, 2016
The effects of large scale fraud can be catastrophic for an organisation – exposing gaping holes in their bottom line and causing, in some instances. irreparable damage to their reputation.
However despite the significant and ongoing imposition of stricter regulation and controls the cases of malfeasance and outright criminality still keep bubbling to the surface.
There is a school of thought that attributes the escalating and seemingly endless stream of corporate malfeasance and fraud to the spectacular crash of 2008. The collapse of markets and the rush for investors to retrieve move or withdraw their precious assets tends to expose the activities of the shady financial movers and shakers. Look no further, for an example of this, than Bernie Madoff. “The safest hands on Wall Street” he went, via the small matter of misappropriating billions of dollars of client’s money, from being the toast of A list investors to house arrest and an electronic tag.
Far from Madoff being an isolated anomaly the cases keep on coming. Take, for example, Matthew Devlin the Lehman Brothers broker who made around $23,000 by passing on inside information. Devlin escaped prison due to his cooperation with investigators in turning over recordings he had made of his co-conspirators. The puny suspended sentence he received is indicative of the view held by some that fraud is victimless and in some circles appears to be seen as socially acceptable. The sentence imposed in the Devlin case seems all the more perverse considering presiding Judge William Pauley’s comments that Delvin’s actions “undermine (d) the integrity of the financial markets which our nation relies on” and that he had therefore “betrayed his country as well.”
Both the Madoff and Devlin cases raise the age old question – what motivates high earning professionals to take such high stake risks? This is and always will be much debated especially considering it has been estimated that organisations lose in the region of 5% of their annual revenue to fraud.
The traditional view is that good people go bad because they are fundamentally greedy, intrinsically dishonest and exploit weaknesses in their systems, regulation and supervision. While there is some truth in this It is my view that the reality is much more complex. I do not profess to be an expert but in my view there are a range of drivers which I group together under the mnemonic MICE.
Money – It would be foolish to disregard greed as a key motivator. But not all individuals who worship money and the acquisition of wealth turn to fraud.
Influence – Evidence collected from reported high value cases tend to support the assertion that in many instances the individuals concerned are initially genuinely successful, but feel compelled to resort to questionable practices in order to promote their status and move up the greasy pole.
Coercion – Professional fraudsters and organised crime groups understand the value of obtaining information from inside an organisation and social media provides an ideal opportunity to go spear phishing. “Social engineers” are becoming adept at using an organisations weakest link its staff against them. This is not only in relation to getting through network security but by compromising and coercing staff.
Ego – In my opinion fraudsters come in all shapes and sizes and are not easily profiled. However it has been acknowledged by several recent surveys that the hierarchal hotspot in terms of high damage fraud is at middle management/senior executive level. At these levels fraudsters have been seen to present as borderline narcissists with high levels of self –belief and low levels of self-control. Utilising the silo styled structure of many of our large financial institutions they can created a “closed community” of which they are the centre and which breeds a community culture in their mould.
When the wheels come off the wagon and fraud is discovered it is the norm for everyone involved in the governance of an organisation to disappear to the shadows and the blame culture kicks in. First in line are usually auditors, compliance officers and regulators for failing to spot the problem. This is understandable because not only does it focus on those whose role it is to protect the organisation, but it also deflects away from those higher up the food chain. It certainly could be argued that in the gravy train day’s pre 2008 there was an unwillingness for the awkward questions to be asked and for questionable activities, which sat within the grey area in terms of ethics, to go unchallenged. An environment which opening or implicitly encourages risk-taking can (intentionally or otherwise) blur the boundaries between ethical and unethical behaviour.
So, what is the answer, well if I knew that I would be on my way to being a millionaire because there is no single magic bullet. However my opinion, for what’s is worth, is that spending thousands or maybe even millions on technical monitoring systems is only part of the solution – effective if used as part of a co-ordinated approach but little better than useless on its own.
In this regard lessons could be learned from law enforcement who some years ago now realised that just reacting to reported instances of crime was ineffective. The move to Intelligence led Policing and the introduction of a national intelligence model which promoted cooperation and integration of information identified “hot spots” and allowed for the focusing of resources towards identified areas of concern.
I still come across many organisations which have policies coming out of their ears but do not have one which provides a step by step guide of how to investigate identified issues. This means investigators have nothing to fall back on and leaves them vulnerable. I truly believe that all the pieces of the jigsaw are there – Whistle blower procedures, the three lines of defence and compliance. All that is needed is the ability to feed all of the information gathered into some central point and to adopt an intelligence led approach to looking after the security and safety of the organisation. A key aspect of this would be the pro-active monitoring of all staff particularly those within key or sensitive areas – Simply KYC know your staff because whether we like it or not they are the weak link and to fail to rise to this challenge is tantamount to feeding Cheese to the MICE.
Bob Pointer founder CFIL