In today's world, marked by uncertainty, tightening markets, and rapid technological disruption, fraud is not just a possibility but an ongoing reality that is constantly evolving. Over the past five years, it has become evident that no organization is immune. The increase in global enforcement actions has placed a significant responsibility on senior leadership, from Silicon Valley firms to state-owned banks. Chief financial officers (CFOs), non-executive board members, chief compliance officers (CCOs), and chief internal auditors (CIAs) must act swiftly and proactively.
There are five critical actions that leaders should prioritize. These steps are grounded in established frameworks and lessons learned from some of the most significant corporate collapses in history. Each step addresses fraud mechanisms and their human and cultural roots.
1. Identify Internal Ethical Issues and External Fraud Hazards
Fraud poses both internal and external threats. Internally, perverse incentives and unchecked pressure can lead employees or executives to justify wrongdoing. Externally, increasingly sophisticated global supply chains, cybercrime, and corruption schemes involving third parties are heightening exposure levels. An example is an unauthorized account opening scandal within a U.S. retail bank, driven by internal pressure to meet sales quotas. Similarly, a European fintech firm hired external entities to create ghost assets, which went unnoticed. In both cases, early warning signs were ignored.
Executives must conduct ongoing, dynamic fraud risk evaluations as part of enterprise-wide risk management, considering emerging digital, geopolitical, and compliance challenges. They must also recognize that reputational damage and loss of shareholder value are genuine costs of inaction.
2. Investigate Root Causes of Fraudulent Activities
Understanding why individuals commit fraud is essential to preventing it. Fraudsters are often first-time offenders who feel pressured, notice opportunities, and rationalize their actions. However, the traditional fraud triangle is no longer sufficient. The Fraud Pentagon, developed by BDO’s Jonathan T. Marks, includes capability and arrogance alongside pressure, opportunity, and rationalization, providing a more comprehensive perspective.1
A case involving a global aerospace producer revealed how ego and top-down rationalization could undermine protective controls. Executives misled regulators to protect their brand at the expense of public safety. In the failure of a cryptocurrency exchange, fraudsters disguised themselves as altruistic innovators while misappropriating billions of dollars in customer funds. These crises resulted not from a lack of policy but from failing to address root causes like those noted in the Fraud Pentagon.
Risk modeling and behavioral profiling can help identify at-risk units or individuals. Importantly, companies must foster cultures that encourage accountability and incentivize truthfulness over merely meeting targets.
3. Evaluate the Impact of Organizational Culture on Fraud Prevention
Culture is the operating system of any organization. When integrity is modeled at the top, it permeates the organization. Conversely, when fear, ambition, or uncertainty dominate, corners might be cut.
Examples from a Silicon Valley healthcare startup and a recent electric vehicle startup illustrate how cult-of-personality leadership can stifle dissent. Employees were encouraged to remain silent or repeat falsehoods. Open, transparent, and supportive companies are more likely to detect fraud early.
Executive boards must formalize ethics programs, enforce desirable norms, and link performance incentives to long-term value creation rather than short-term appearances. Simple yet effective tools like employee surveys, ethics hotlines, and town halls can provide early warnings. Boards should also periodically assess their culture and compare it to industry standards.
4. Improve Internal Controls and Anti-Corruption Programs
Effective fraud prevention relies on having robust controls in place and ensuring their implementation. Cases involving an international bank and a derivatives exchange in the crypto space demonstrate that even sophisticated companies can fall victim to inadequately designed anti-money laundering (AML) programs, poor task segregation, or complacent boards.
Organizations must move beyond a check-the-box mentality. Controls should be risk-driven, regularly tested, and integrated into actual operations. Internal audit staff must be empowered and not bogged down by bureaucracy. Compliance functions should report directly to and have direct access to the board.
Technical solutions like anomaly detection via AI and blockchain technology for supply chain integrity are valuable only when combined with strong human oversight. Controls don't fail on their own; they are typically overridden at the top level. The focus should be on the durability of controls, not just their existence.
5. Enhance Collaboration and Communication for Anti-Fraud Efforts
Preventing fraud requires a collective effort, not isolated actions by individual departments or individuals. Silos within finance, operations, law, and compliance provide opportunities for bad actors. In nearly every major scandal, whether involving a crypto exchange, an international aerospace and defense corporation, or a large U.S.-headquartered retail bank, some individuals were aware but did nothing.
Organizations must invest in real-time information sharing, collaborative training, and coordinated fraud response mechanisms. Interdepartmental task forces, incident response exercises, and anonymous hotlines are proven tools. Boards should receive regular fraud risk briefs, not just audit results.
Externally, coordination with regulators, auditors, and peers is essential. In cases involving an international investment bank and a multinational aerospace and defense corporation, FCPA issues were resolved through joint settlements with global regulators, demonstrating the benefits of open cooperation. Companies that resist coordination often face higher fines and greater scrutiny.
When Controls Fail
The world has evolved and so has the nature of fraud. Today's executive leaders must manage fraud as an organizational, behavioral, and systemic risk, not merely as a compliance exercise. By following these five critical steps, CFOs, board members, and compliance leaders can identify vulnerabilities, disrupt fraud channels, and build more robust, reliable institutions.
Fraud carries an economic cost and a strategic cost. It damages brands, dismantles cultures, and undermines trust. In an age of volatility and accountability, instilling transparency, integrity, and vigilance at every enterprise level is paramount.
Internal controls don't fail randomly. Failures occur because controls were not correctly designed, implemented, or respected in the following ways.
- People: Even the best-designed control depends on people executing it correctly. Controls fail when individuals become confused, skip steps, or bypass procedures.
- Time: Demanding schedules lead to shortcuts, bypasses, and inadequate controls.
- Judgment: Discretion is problematic when it results in deviations without proper rationale or documentation.
- Overriding and Workarounds: Even beneficial workarounds can circumvent critical safeguards.
- Incentives: Performance-for-reward can encourage dangerous actions unless guardrails are established.
- Leaders must ask themselves: Are our controls designed with these realities in mind? Are they regularly tested for resilience?
It's not about eliminating all risk — that's impossible. It's about designing a structure strong enough to withstand stress, impervious to manipulation, yet effective in fulfilling its purpose. Good controls are proactive, effective, and responsive. Controls should be integrated, not added as an afterthought. When controls fail, it's rarely the structure — it's the implementation, the environment, or both.
Let’s have a conversation about preventing fraud in an uncertain business environment.
1 Jonathan T. Marks, ’ Playing Offense in a High-Risk Environment - A Sophisticated Approach to Fighting Fraud,’ 2024