Shorter Version

A strategy to maximise bonuses and avoid personal culpability:

  • Don’t commit the fraud yourself.
  • Minimise information received about the actions of your employees.
  • Control employees through automated, algorithmic systems based on plausible metrics like Value at Risk.
  • Pay high bonuses to employees linked to “stretch” revenue/profit targets.
  • Fire employees when targets are not met.
  • …..Wait.

Longer Version

CEOs and senior managers of modern corporations possess the ability to engineer fraud on an organisational scale and capture the upside without running the risk of doing any jail time. In other words, they can reliably commit fraud and get away with it.

Imagine that you are the newly hired CEO of a large bank and by some improbable miracle your bank is squeaky clean and free of fraudulent practises. But you are unhappy about this. Your competitors are making more profits than you are by embracing fraud and coming out ahead of you even after paying tens of billions of dollars in fines to the regulators. And you want a piece of the action. But you’re a risk-averse person and don’t want to risk spending any time in jail for committing fraud. So how can you achieve this outcome?

Obviously you should not commit any fraudulent acts yourself. You want your junior managers to commit fraud in the pursuit of higher profits. One way to incentivise this behaviour is to adopt what are known as ‘high-powered incentives’. Pay your employees high bonuses tied to revenue/profits and maintain hard-to-meet ‘stretch’ targets. Fire ruthlessly if these targets are not met. And finally, ensure that you minimise the flow of information up to you about how exactly how your employees meet these targets.

There is one problem with this approach. As a CEO, this allows you to use the “I knew nothing!” defense and claim ignorance about all the “deplorable” fraud taking place lower down the organisational food chain. But it may fall foul of another legal principle that has been tailored for such situations - the principle of ‘wilful blindness’ - “if there is information that you could have know, and should have known, but somehow managed not to know, the law treats you as though you did know it”. In a recent essay, Judge Rakoff uses exactly this principle to criticise the failure of regulators in the United States in prosecuting senior bankers.

But wait - all hope is not lost yet. There is one way by which you as a CEO can not only argue that adequate controls and supervision were in place and at the same time make it easier for your employees to commit fraud. Simply perform the monitoring and control function through an automated system and restrict your role to signing off on the risk metrics that are the output of this automated system.

It is hard to explain how this can be done in the abstract so let me take a hypothetical example from the mortgage origination and securitisation industry. As a CEO of a mortgage originator in 2005, you are under a lot of pressure from your shareholders to increase subprime originations. You realise that the task would be a lot easier if your salespeople originated fraudulent loans where ineligible borrowers are given loans they can’t afford. You’ve followed all the steps laid out above but as discussed this is not enough. You may be accused of not having any controls in the organisation. Even if you try hard to ensure that no information regarding fraud filters through to you, you can never be certain. At the first sign of something unusual, a mortgage approval officer may raise an exception to his supervisor. Given that every person in the management hierarchy wants to cover his own back, how can you ensure that nothing filters up to you whilst at the same time providing a plausible argument that you aren’t wilfully blind?

The answer is somewhat counterintuitive - you should codify and automate the mortgage approval process. Have your salespeople input potential borrower details into a system that approves or rejects the loan application based on an algorithm without any human intervention. The algorithm does not have to be naive. In fact it would ideally be a complex algorithm, maybe even ‘learned from data’. Why so? Because the more complex the algorithm, the more opportunities it provides to the salespeople to ‘game’ and arbitrage the system in order to commit fraud. And the more complex the algorithm, the easier it is for you, the CEO, to argue that your control systems were adequate and that you cannot be accused of wilful blindness or even the ‘failure to supervise’.

In complex domains, this argument is impossible to refute. No regulator/prosecutor is going to argue that you should have installed a more manual control system. And no regulator can argue that you, the CEO, should have micro-managed the mortgage approval process.

Let me take another example - the use of Value at Risk (VaR) as a risk measure for control purposes in banks. VaR is not ubiquitous because traders and CEOs are unaware of its flaws. It is ubiquitous because it allows senior managers to project the facade of effective supervision without taking on the trouble or the legal risks of actually monitoring what their traders are up to. It is sophisticated enough to protect against the charge of wilful blindness and it allows ample room for traders to load up on the tail risks that fund the senior managers’ bonuses during the good times. When the risk blows up, the senior manager can simply claim that he was deceived and fire the trader.

What makes this strategy so easy to implement today compared to even a decade ago is the ubiquitousness of fully algorithmic control systems. When the control function is performed by genuine human domain experts, then obvious gaming of the control mechanism is a lot harder to achieve. Let me take another example to illustrate this. One of the positions that lost UBS billions of dollars during the 2008 financial crisis was called ‘AMPS’ where billions of dollars in super-senior tranche bonds were hedged with a tiny sliver of equity tranche bonds so that the portfolio showed a zero VaR and delta-neutral risk position. Even the most novice of controllers could have identified the catastrophic tail risk embedded in hedging a position where one can lose billions, with another position where one could only gain millions.

There is nothing new in what I have laid out in this essay - for example, Kenneth Bamberger has made much the same point on the interaction between technology and regulatory compliance:

automated systems—systems that governed loan originations, measured institutional risk, prompted investment decisions, and calculated capital reserve levels—shielded irresponsible decisions, unreasonably risky speculation, and intentional manipulation, with a façade of regularity….
Invisibility by design, allows engineering of fraudulent outcomes without being held responsible for them - the “I knew nothing!” defense. of course, they are also self-deceived so this is really true.

But although the automation that enables this risk-free fraud is a recent phenomenon, the principle behind this strategy is one that is familiar to managers throughout the modern era - “How do I get things done the way I want to without being held responsible for them?”.

Just as the algorithmic revolution is simply a continuation of the control revolution, the ‘accountability gap’ due to automation is simply an acceleration of trends that have been with us throughout the modern era. Theodore Porter has shown how the rise of objectivity and bureaucracy were as much driven by the desire to avoid responsibility as they were driven by the desire for superior results. Many features of the modern corporate world only make sense when we understand that one of their primary aims is the avoidance of responsibility and culpability. Why are external consulting firms so popular even when the CEO knows exactly what he wants to do? So that the CEO can avoid responsibility if the ‘strategic restructuring’ goes badly. Why do so many firms delegate their critical control processes to a hotpotch of outsourced software contractors? So that they can blame any failures on external counter-parties who have explicitly been granted exemption from any liability1.

Due to my experience in banking, my examples and illustrations are necessarily drawn from the world of finance. But it should be clear that nothing in what I’ve said is limited to banking. ‘Strategic ignorance’ is equally effective in many other domains. My arguments are also not a justification for not prosecuting bankers for fraud. It is an argument that CEOs of modern corporations can reap the benefits of fraud and get away with it. And they can do so very easily. Fraud is embedded within the very fabric of the modern economy.

Note: Venkat makes a similar point in his series on the ‘Gervais Principle’ on how sociopathic managers avoid responsibility for their actions. Much of what I have written above may make more sense if read in conjunction with his essay.


  1. Helen Nissenbaum makes this and many other relevant points in her paper about ‘accountability in a computerised society’.  ↩

Comments

Lynn

Brilliant.

Bub

From the headline I thought the article would be about Obamacare, then I noticed it was not. But after reading the piece, I decided it really is about Obamacare.

JEHR

Now all we need is set of steps on how to regulate these accounting control frauds so that CEOs go to jail for a long time!

Roger T Yokubaitis

My heavens! You certainly ought to publish a version of this for all babby lawyers so they can get it done correctly right from the start, or did you just secure the details of this from one of us older lawyers?

cdjagds

Superb, and very well written. You may have missed one piece, preferably choose junior or even senior FRENCH TRADERS/MANAGERS TO HELP you commit the fraud; they are so cooperative ready to help and highly disposable.

Lygeia

If this keeps up, people will no longer trust these complex algorithmic systems and will go back to simpler things, like basic bookkeeping and paper records. It will take a while, and it will seem like these computerized systems become more and more ubiquitous, but eventually this complexity based on dishonesty will crumble.

Saddam gone, but.. - Democrats, Republicans, Libertarians, Conservatives, Liberals, Third Parties, Left-Wing, Right-Wing, Congress, President - Page 6 - City-Data Forum

[...] Originally Posted by Hyperthetic Since GWB was first elected, incompetence has been the cover for evil deeds. Incompetence and stupidity work very well in the United States. That's why it was only logical that Sarah Palin should have followed GWB, via a stupid accident to Mr. McCain. What we have now is evil deeds covered by indifference and feigned earnestness. Strategic Ignorance - It's just DONE this way. How to commit fraud and get away with it: A Guide for CEOs at macroresilience [...]

Osgoode J Tooty

A GREAT "story"......exactly what those oh so wonderful Canadian banks were doing from 2003 to 2007....borrower didn't have a pulse, had near zero net worth, but Oh what a credit score!!!.....& qualified for government backed default insurance....I think if an academic with a strong real estate finance background, were to do a good study you would find a significant link between increase in real estate/ mortgage fraud and the reliance on (not the use of) credit scoring by major financial institutions.s S. coring was not used appropriately as a tool in underwriting, it was used more like a single crutch.

Links 12/9/13 | Mike the Mad Biologist

[...] How to commit fraud and get away with it: A Guide for CEOs (excellent) Secretly, everybody loves the trillion dollar coin Academics left out of college football’s multibillion-dollar bonanza? It’s not just fast-food workers who are underpaid Freedom “A Typical Terrorist Organization”: What They Said About Mandela Austrian mayor: Journalists should be hanged like Jews The Island Be Nelson Mandela ACLU should sue the doctors as well as bishops over denied medically indicated abortion Avoiding ‘MalPISAnce’: Caveats on International Test Rankings Share this:TwitterFacebookStumbleUponRedditDiggEmailPrintLike this:Like Loading... [...]

Nandita

Excellent article. I am all for technology, but I think Ops risk personnel, auditors and regulators need to focus more on the algorithms in these systems -- and only then rely on the output. In addition, implement a continuous audit on the entire system (not just on the output), thus ensuring that algorithms are not tweaked just before or after an audit.

Shared post: How to commit fraud and get away with it | Organization: A Misnomer?

[...] short article reinforces my view that audits should focus more on understanding and evaluating the logic and [...]

SuperWarrior

To Bub, you should not be referring to it as obamacare, it is in reality the option the republicans came up with to counter Bhillaries one payer plan from the 1990s. So call it what it truly is, repulsivicantCare. All the profit goes to the middleman that provides no care what so ever to those that seek the care. Talk about a waste of funds going to parasites, like the largest welfare program ever to hit our pockets. If you are stupid to who the middleman is, they call themselves the "insurance industry". What is industrial about them? Fraud in their name and descriptive. Who else can pay for national media commercials at the same time build skyscrapes in every city? The parasite with too much going into their undue pockets.

SuperWarrior

ps, the corruption of any institution is buried in the complication, when most financial ideas are as basic as 'you do this, I pay that'.

Various Links | Inuvi Blog

[...] How to commit fraud and get away with it: a guide for CEOs – implement complex control systems that absolve you from responsibility and let your most clever bonus-driven employees figure out how to game it on their own [...]