Fraud, Directors and the Board

This is the first part of the article. Second and final part will be published soon in the same section of India CSR Network.


By *Prof. Colin Coulson-Thomas

As well as building and governing companies, directors and boards should also seek to protect them from malevolent intensions. Many companies are under attack 24/7 from hackers and fraudsters. Some criminals aim to steals money or information that can be monetised. Others look for ways of laundering the proceeds of crime. Some use tried and tested methods that often succeed. Other push the boundaries. Old scams reappears in new guises. Criminals can be inventive and innovative.

Directors and boards cannot afford to be naïve in the face of multiple threats. Not all of them may be external. People within a company might attempt to profit by sharing insider information with associates and friends.

Criminal activity can include price fixing and collusion in the setting of interest rates. Directors should not assume that existing anti-fraud and risk management practices are effective. Unauthorised activities can implicate a company in changes of fraudulent conduct.

Exposure to be risk of fraud is a consequence of contemporary operation. It is ever present in many situations, contexts and locations. It is also being perpetrated on an industrial basis, as criminals and others take advantage of technological and other developments. For example, the internet of things and large numbers of connected devices create new opportunities for criminals. Innovation and entrepreneurships can increase risks for the unwary, particularly during transaction and change.

The Counter-Fraud Challenge

Fraud is a form of theft by lying. It is also a crime that is significantly under reported. Many who suffer losses feel ashamed and embarrassed. They hide that they are victims. If they believe the prospect of recovering stolen money is low, they may quietly take a hit.  Criminal often feed on large numbers of small strikes. The losses suffered by many people can add up to a large amount. In some countries, the majority of businesses have suffered effective malware attacks of some form.

A higher proportion of small businesses man be victims of malware and other cyber-attacks. The cost of preventive and protective measures can represent a bigger proportionate burden for a smaller enterprise. They may lack the critical mass of qualified staff needed for greater resistance and resilience. In an arms race between criminals and their targets, many companies do not have the resources, discipline or focus to win. Cherished openness and informality can increase vulnerability.

Governance structures and corporate practices tend to follow a patter. They are often rule and logic based, and designed to cope with defined categories and particular situations. To a fraudster or hacker they may be predictable. To reduce cost and variation, corporate processes and systems often rely upon classification, standardisation and automation. People operating them may be given little discretion to respond to the particular requirements of individual callers or customers.

Criminals can be more flexible. While corporate staff are busy, distracted and under pressure to complete all transactions, fraudsters can plot and scheme. They can try different options. They can modify their approaches to exploit loopholes or home onto a perceived vulnerability. If they smell blood the can persist.

They just need to succeed at enough attempted frauds to deliver an acceptable return of their efforts. Like gamblers, they operate in a world of probabilities. To combat them one needs to understand their motivations and how criminal minds operate.

Recognizing Patterns of Fraud

Although new approaches to enticing desired response and overcoming defences are continually being tried, some attempts at fraud follow certain patterns. For example, different phishing attacks may have features in common. Making people aware of these might alert them to suspect emails. Many fraudsters can over their costs if a very small proportion of recipients click upon an attachment, or respond with password information.

Cyber criminals are becoming more focused and determined. They devote more effort to learning about a target business prior to launching a planned attacks to steal larger amounts of money or data.

Once entry is secured via a business email account, sometime may be spent ‘casing the joint’. Criminal possibilities are assessed without alerting a potential victim. Stolen data, code and entry and other tools can all be purchased and exchanged on dark forums. Many criminals have built well quipped operations that are either as sophisticated as those of most of their target, or more so.

As cyber and other threats mutate, obtaining and developing the skills required to operate adequate defences is not easy. There is also a risk that some of those who are trained might themselves decide to become hackers. Defences may need to be continually changed and updated if they are to remain secure. When doing this, many companies play catch up in response to new forms of attack.

Companies should continually scan for threats and monitor trends and developments in the threat landscape, in order to quickly distinguished between problems they feel can be dealt with internally, and those which will require external assistance and/or collaboration if they are to be addressed or guarded against. Criteria may need to be set for determining which risks or instructions would warrant disclosure and collaboration with law enforcement agencies.

Read the final part of the Fraud, Directors and the Board, published in the same section of India CSR Network.

(*Prof Colin Coulson-Thomas is IOD India’s Director General, for UK and Europe Operations, also holds a portfolio of board academic and international roles, and has advised directors and boards in over 40 countries.)

(Article first published in Director Today, May 2017)

Copy Right: Director Today.

Please follow and like us:



Previous articleSKF India: Opportunities are all around, you just need to grab it!
Next articleCSR spending increases by 28% in 2016-17
India CSR Network
India CSR Network is India's biggest and most trusted news portal in the domain of CSR & Sustainability. India CSR welcomes stories, statements, updates, reports on issues that interest you. Feedback, comments will make it more purposeful and resourceful. It is designed and maintained by India CSR Group. Contents are non-fiction. Though all efforts have been made to verify the accuracy, the same should not be construed as a statement of law or used for any legal purposes. In case of any ambiguity or doubts, readers are advised to verify with the source(s). Statement, articles, views and contributions can be sent to