The famous ancient military leader and war theorist Sun Tzu is noted for his clear dictum:

“Know your enemy.”

Although the concept can make many people uncomfortable, finance professionals understand that combating devious financial schemes requires not only an understanding of system vulnerabilities. A battler against fraud has to learn how to think like a fraudster:

“If I wanted to steal from this company or misstate financial results, where would I look for weaknesses that would enable my scheme to succeed undetected.”

Of course, beyond concocting potential fraud schemes as a mental exercise, the careful and diligent finance professional is quick to pursue the ultimate aim of this process: Devise countermeasures to combat vulnerabilities.

The consulting firm WorldCompliance published a white paper entitled, Fraud and Money Laundering: Can You Think Like a Bad Guy? by Dennis M. Lormel.

Expanding upon the fraud triangle concept, Lormel lists five elements that characterize frauds:

A potential fraudster who 1) lacks integrity, 2) sees an opportunity due to a poor control structure, 3) has a motive such as greed or a pressure such as a financial hardship, 4) rationalizes the scheme (perhaps by reasoning that he feels underpaid and overworked), and 5) possesses the capability due to positioning and skills; will no doubt execute the fraud.

Certainly, as previously discussed, effective internal controls can mitigate the opportunity for fraud. However, sometimes it is possible for fraudsters to circumvent controls or to collude with partners in their schemes.

Lormel notes: “The elements of fraud include a representation about a material fact; which is false; and made intentionally, knowingly, or recklessly; which is believed; and acted upon by the victim; to the victim’s detriment. The ability to be deceptive and avoid detection is one of the fraudster’s primary keys to success.”

Bad guys are proactive about manipulating the system, even as those who combat them are often reactive. Among other factors, fraudsters look for environments with unethical culture due to poor tone at the top. Fraudsters understand the importance of laundering funds through financial institutions and maintaining a reasonable appearance and a story of legitimacy.

Lormel points out: “Over time, spin and deception get much more difficult to disguise. The veneer of reasonableness tends to fade. A good fraudster usually watches intently for signs that their scheme is unraveling. At that point, they will implement their exit strategy. However, often times, fraudsters are blinded by their own greed and arrogance. They either miss or disregard the warning signs of detection. Instead of following an exit strategy, they find themselves in jail.”

A finance professional, whether an auditor, controller, CFO, banker, investment manager, or someone else entrusted with fiduciary responsibility; has to think several steps ahead of the fraudsters. Know what warning signs to look for, ask questions, don’t believe everything you hear, and be ready to act quickly when something doesn’t look right.

Lormel concludes: “There are two prominent end games. One has a private sector focus, the other, a public sector focus. On the private sector side, the end game is to prevent or minimize monetary losses and reputational risk. On the public sector side, it is to seek prosecution, recover illicit proceeds and assets through forfeiture, and/or bring enforcement actions. Both end games could carry significant consequences. In either event, understanding how the bad guys think and taking preemptive steps to stop them makes the end game easier to handle.”

Know your enemy. Combat a fraudster by knowing how a fraudster thinks and operates. This is especially important with regard to IT-related frauds due to the importance and sensitive nature of electronic records and system access points.