The fantastic Auckland Theatre Company’s ASB Waterfront Theatre on Auckland’s viaduct was recently host to Auckland’s 2nd Fraud Film Festival.  This presented a fascinating array of films on the topic of fraud.  This article looks at some of the insights gleaned.


Fraud is fascinating.  It cuts to the heart of some sad and dark aspects of human nature.  It’s also insidious and destructive in its impact on both individuals and organisations.  This is in terms of finances, the heavy human toll including the loss of trust, reputational damage etc.  Frustratingly though, many people and organisations seem to think it’s something that just applies to others and couldn’t apply to them.  


There is also an interesting reticence by some people to talk about fraud.  Especially those who have been subject to it, generally due to feelings of embarrassment, as well as from concern to protect the reputation of their organisation.


Hence, I applaud the recent Film Festival.  A showing of some really interesting films that help educate the audience.  And education and raised awareness is one of the biggest, if not the biggest, protection for people and organisations from being subject to fraud. 


As well as the very interesting movies shown, attendees had the benefit of some excellent expert panels exploring issues from the films after each one and taking Q&A. 


So, what did we learn?


The fundamental features of fraud still apply


No matter how sophisticated or new the fraud technique, or technologies used, the core fundamental features of frauds still apply allowing these to happen: 


  1. Pressure on an individual to drive them to fraud – need or greed

  2. The opportunity to commit a fraud – systems and controls, access to assets

  3. Rationalisation – the justification of the behaviour

Adding to the above, this collection of films also reinforced and highlighted the following observations:


Human gullibility and trust can and will be exploited.  Human nature means many are seduced by the desire to get rich quick or to take what appears to be an easier route.  For a fraud to work it needs a victim and sadly fraudsters are expert at praying on common weaknesses of individuals such as the “get rich quick” desire.  As grandpa always said; If it looks too good to be true it probably is! 


Delusion and/or justification from the fraudster


Never under-estimate the power of delusion or justification in a fraudster, and how this will drive their behaviours.  The Lance Armstrong movie was a truly fascinating case study into human nature and the driving power of the need to win at all costs.  It was also a case study in utilising the power of fame and money to protect oneself. Something that we are potentially likely to see more of with the global power of social media. 


Technology increases scale and reach


The ever-increasing interconnectedness of the world and ubiquitous use of technology in our everyday lives are a double-edged sword.  They provide many benefits but also open up frauds to a wider audience and almost exponentially greater reach in terms of impact than ever before.   The challenge for legislation and regulation is that fraudsters are increasingly not bound by country borders to carry out their frauds.


Common Attacks


In New Zealand, Denial of Service (an attack that results in locking up a computer network usually for ransom purposes) and Phishing (emails purporting to be someone else to induce individuals to release private information or funds) scams still appear to be the most common online attacks.  And sadly, they are getting more sophisticated. 


Hackers are now increasingly targeting individual’s personal email accounts knowing that these are likely to be less secure than company ones but may still provide access to companies and organisations.


New Zealand cyberattacks on organisations may not always be about NZ.  But rather we may be seen as a soft underbelly or route to international organisations who are the primary target.  


Privacy legislation


Our privacy legislation in New Zealand is now 25 years old. Hence there is a risk it is outdated as it was not written to cover the context of the highly interconnected world we all now operate in within both our professional and personal lives.  For example, a data breach now can result in huge volumes of data being made widely available to an international market.  This is an area we are likely to see legislation and regulation change, and tighten, in NZ in the future.   Change is also likely to be highly influenced and motivated by international moves in this area.  For example, the EU’s GDPR (General Data Protection Regulation) only affects data held about EU citizens but it applies to any entity in the world holding that data. 


Interesting conundrums


We are increasingly concerned about security of our data held by organisations, as we should be.  Internationally we are seeing increasing legislation and regulation being introduced, such as GDPR.  Yet at the same time individuals are putting more and more of their personal information on social media.


Assistance & Guidance


CERT NZ is a government agency set up to improve cyber security in New Zealand.  Their website www.cert.govt.nz has some great guides and information available.  They also want to hear about issues being experienced so that they can act on these.


Social Licence


More and more organisations are coming to appreciate their social licence to operate.  A large part of that social licence is earnt from other stakeholders being able to trust the organisation.  The adverse impact of such things as data breaches at big corporates, government and other organisations on the individuals affected has started to have the positive impact of making organisations much more aware of the value of this social licence.  


But we missed the festival….


All is not lost.  Thankfully due to the plethora of ways to access media these days, a number of the films featured are able to be accessed on the internet or mediums like Netflix.


Abacus:  Small Enough to Jail


The story of a small New York bank called Abacus which was the only US company criminally charged for mortgage fraud in the wake of the US 2008 mortgage led financial crisis.


Betting on Zero (available on Netflix) 


Explores the question of when is multi-level marketing actually a pyramid scheme or Ponzi scheme?  A story told via a fight between two of America’s billionaire hedge fund managers and a well-known brand Herbalife. 


The Armstrong Lie (available on Netflix) 


A stunning exposé into one of the most significant dishonest episodes in modern sport.   As noted above, a fascinating study into human nature and power. 


Cyberwar Viceland TV Series


The Sony Hack – what can happen to a company when it suffers a major data breach and release of private information.


The Ashley Madison Hack 


A hack designed to expose the dark side of some people’s online behaviour.  Fascinating if not just for the ethics of a company whose business model consists of promoting cheating on your partner!


Summary - so what can we do?


While we may do our best to engage sophisticated IT systems/controls and an army of IT experts to fight the increasing cyber-fraud threat, we should never lose sight of the importance of the special faculties and intuition we have as humans to bring to the battle.  The human element is the biggest weakness and biggest defence.


As individuals, we need to engage our eyes, ears, nose, touch and feelings to circumstances that may look unusual or give us concern, we need to have the ability and courage to question.


Auditors often talk about developing a “nose” for audit.   As one once said, “If something smells fishy…. it’s probably a fish!”