White Collar Crime: Scales of Harm, Deviance, Innocence, Permissions and Errors in Security Risk Management

The concept of white collar crime (WCC) is an incorrect start point for all organisations.

Moreover, the assumption that crime is constrained to exclusively immoral individuals or illegal acts further conflates the real-world issues of crime within an organisational setting, particularly financial-orientated crimes.

As a result, fraud structures and practices that work on sterile or abstract metrics as indicators of WCC are also inherently flawed.

In other words, white collar crime remains a tapestry of overlapping visible and intangible factors that may/may not be geographically criminogenic or illegal.

Permissible

While the rule of law may be overtly supported by an organisation and management, many behaviours, practices and normative traits may become permissible within an organisation that are ethical/morally questionable or in fact illegal, despite adroit legal counsel advice to the contrary.

Permissible WWC behaviours may be enabled by seemingly harmless or victimless practices far removed from the minor act.

Long lunches, padding invoices, taking office stationary, delaying customer results and punishment of whistleblowers are all subtle examples of permissible acts that contribute to WCC environments and acts.

Errors

Many punitive errors are applied to individual errors and omissions whereas corporate errors remain ownerless, permitted practices.

No soul to condemn nor body to kick, as the expression goes.

Poor inventory management, stocktake, systems, accounting, training and qualifications creating complex, overlapping errors within organisations each and every day.

Detection, prevention and correction of white collar crimes therefore becomes extremely challenging, if not impossible.

Arbitrary and bias determinations by management and sponsors may further conflate the issue, whereby one individual's act is deemed an accidental error and another individual's criminalistic or warranting disciplinary/corrective action.

Mixed standards and messaging result, further creating opportunity for WWC activity.

Temptation

Temptation is not an objective, consistent unit of measure across people, nor consistent across time, role, gender or responsibility.

It does exist, but remains exceptionally difficult to predict at scale and security risk management measures applied without accurate evidence or estimations results in draconian, blunt instrument policing of behaviour, acts and practices.

Rule-Seeking

Humans are rule-seeking, socially orientated beings.

That is, not all rules and requirements are documented, therefore we all look around our environment for signals of normative practices, habits, culture and socially acceptable practices.

In other words, we orientate to our environments very quickly.

This includes illegal practices, corporate criminal activity, personal gain, errors and omissions.

Reasoning individuals seeking personal gain or profit also rule-seek for exploitable vulnerabilities and ineffective controls so as to commit crime/s.

Poor rules or a lack of effective rules can enable all sorts of poor behaviour, including criminal activity.

Deviance

Those that don't fit the norm of any one group, community or society are routinely deemed to exhibit deviance.

Outliers, odd balls or just different all fit into this category.

Including honest people, and those acting with integrity and ethics when the group doesn't.

Whistleblowers, whilst routinely demonised, are examples of cultural deviance for good.

Deviance can be very difficult to detect or define if so many questionable, unethical and illegal practices are permitted.

It becomes a case of personal arbitration as to what is/isn't acceptable, with very little documentation.

While permissible, errors, temptation, rule-seeking and deviance factors represent numerous elements for consideration, context remains highly influential and relevant also.

The intersection of factors with context such as organisation, corporate culture, inefficiencies and crime create ever increasing complexity not easily nor conveniently mapped in risk matrices or corporate risk registers.

Especially those produced by those with no criminological qualifications, pedigree or corporate security security risk mitigation expertise.

White collar crime, including fraud is not a predominately accounting discipline.

Moreover, preventative, detective and administrative controls are not exclusively financial nor general management in nature.

Complex, adaptive, intelligence and error-prone human behaviours exist and remain primary factors for consideration, in addition to organisational and cultural influences.

Therefore, the big question is...

How do you map, categorise and evaluate white collar crime elements or actions within your organisation?

If it is dearth of psychology, criminal reasoning, systems design, cultural norms, socialogical traits and empirical data, it is more likely more corporate security voodoo than security science or criminological practices.

Tony Ridley, MSc CSyP MSyl M.ISRM

Security, Risk & Management Sciences