When firms fall from grace, who’s to blame?

N-CRiPT
N-CRiPT
Apr 13, 2020 · 4 min read

Evidence suggests it’s middle managers, and now a new mathematical model provides further insights

Image Credit: torange.biz

In recent years, we’ve seen many corporations fall from grace. Corporate scandals have grown so commonplace that estimates suggest the probability of a company in the U.S. engaging in fraud in any given year is close to 15 percent.

Firms and their employees can mess up in many ways, such as engaging in unethical behavior, committing financial fraud, and other white collar crime. Privacy breaches form a big part of such misconduct — remember when Facebook allowed political data firm Cambridge Analytica to harvest millions of users’ data without their consent? Or when the “Oxy” database was scraped and recruiter and job applicants’ data was stolen from LinkedIn?

“Misconduct is so pervasive that estimates suggest the probability of a company in the U.S. engaging in fraud in any given year is close to 15 percent.”

When it comes to assigning blame, some empirical studies argue that employee seniority plays a key role in organisational misconduct. One 2017 study, which analysed more than 600 firms around the world that were involved in economic crime, found middle managers to be the main perpetrators, having been implicated in 41 percent of cases studied.

“The question is why is this happening? What incentives do the managers have to do misconduct? And what is the optimal regulation to minimise this kind of behaviour?” asks Jussi Keppo, an associate professor who studies risk management and analytics at the National University of Singapore (NUS) and principal investigator at the NUS Centre for Research in Privacy Technologies (N-CRiPT).

To answer those questions, Prof Keppo and his PhD student Minglong Zhou devised a mathematical model to explore the link between seniority and organisational misconduct — the first researchers to do so. “We came up with a two-stage game model to study the interaction between the three different parties involved — lawmakers, firms, and employees,” explains Zhou.

In the first stage, the lawmaker lays down regulations and penalties for insider misconduct. When complete, a firm and its employees then begin to engage in a “cat-and-mouse” game of sorts, where the former decides how intrusive its monitoring efforts should be and the latter weighs the benefits of engaging in misconduct against the risks involved. Both parties make their decisions simultaneously and without knowing what the other party decides.

“We then use economic tools to calculate the equilibrium,” says Zhou. “This basically corresponds to a pair of strategies, which is the optimal level of monitoring from the firm and also the employee’s optimal decision on whether or not to engage in misconduct.”

From their model, the pair discovered that an employee’s incentive to cheat changed as their seniority did (see the box below for more information). “This means that very junior staff and senior management are less likely to carry out misconduct, while the middle management was the most likely to do so, which supports the empirical evidence we’ve seen,” says Zhou.

For firms, equilibrium is the point where they have no further incentive to impose stricter monitoring efforts to try to reduce the level of misconduct. “There is a tradeoff between accepting some level of misconduct and killing it all off,” says Prof Keppo. “Companies don’t know who the good guys and bad guys are, and when you have lots of red tape, everyone’s productivity suffers.”

This means that lawmakers have to impose efficient regulations to disincentivise misconduct such as privacy leaks, he says. They can do this by adopting either a target-driven or welfare-maximising approach to regulation.

The team reported their findings in a paper completed earlier this year, where they also described a more general model. “You could even use this model to see, for example, if people will comply with quarantine orders and social distancing during the COVID-19 outbreak,” says Prof Keppo.

He and Zhou continue to work on the model today, this time examining what happens when decisions are made over different periods in the long run. “Myopic strategies will not be optimal and now the various parties have to be forward-looking,” says Zhou, “which makes the problem even more interesting.”

N-CRiPT blog

Tapping on expertise in NUS Centre for Research in Privacy…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store