What Fraud Teaches Us About Economics
The optimal level of fraud is not zero
The story of fraud is the story of the economy, because fraud is the economy backwards.
Take a business you know well—your job, maybe. Think about what you’d do if you wanted to turn your business into a fraud. Write it down, maybe.1 What you’ll find is that planning a fraud is a remarkably good way of understanding the inner functioning of a business. It shows you how to tell whether your business is doing well, how that translates into numbers, how the company growing affects the business model and—of course—how you can figure out if someone else is defrauding you.
So let’s take a fraud’s-eye view on the economy and see what we learn.2
Fraud Is About Information
Fraud is an information problem. If I totally understand every detail of a system—say, my wheat field—you can’t defraud me per se. You can steal my wheat, but that’s not fraud, because I know perfectly well that the wheat is supposed to be there and someone took it. It’s possible to commit fraud because our systems are large enough that we can’t hold them all in our heads.
Economics has a great solution for distributing information in systems large enough that no one can keep it all in their heads: it’s called a “market.” No one has to personally know how many carrots every household in California needs. Each household just keeps track of its own carrot needs, and the invisible hand of the market aggregates the information so that everyone gets the desired number of carrots. Relatedly, there is no fraud related to households lying about their carrot needs.
But there are two avenues through which fraud becomes possible. First, I don’t know everything about carrots that might influence my decision to buy them. Second, the providers of the carrots are grocery stores, shipping companies, agribusinesses, carrot seed companies, etc. In economics, they’re called “firms.” Firms almost never use markets internally: they need alternate methods of aggregating information. That is, they have the same central planning problems that markets were designed to solve. Both of these problems can be boiled down to “there are more things we might like to know than things we can actually reasonably know.”
Let’s look more at the firm situation; the analogies to regulators are obvious and you can draw them yourself. It’s impossible to design perfect performance-based contracts that align everyone’s incentives, because if you could do that you’d be a market and not a firm in the first place.3 So you hire managers. The job of a manager is to check up on people to make sure that they’re doing what they’re supposed to: that is, it’s an information processing job. Managers can’t be aware of everything at the same time, so they choose some indicators that they hope indicate that people are doing what they’re supposed to.
The field of “cybernetics” or “control engineering” is, broadly speaking, about how to control things. The Law of Sufficient Variety is that the control system has to be able to represent all the states of the system it controls. A train only goes two directions (forward and backwards), so it can be controlled by a lever. A plane can go in any of three dimensions, so it needs a joystick. If you try to control a plane with a lever, you are having a bad problem and you will not go to the airport today.
There are three things you can do if you have more states in your system than representations in your control system: for example, if you are a manager trying to control people and not a pilot trying to control a plane. First, you can give up and stop tracking some of ways that states in your system can be different. Then you’re vulnerable to fraud caused by whatever things you’re not tracking, just like the lever-wielding pilot is vulnerable to crashes due to her failure to track the important Up/Down axis.
Second, you can try to reduce the number of possible states your system can be in. This usually doesn’t work, because systems made out of people will continue to be complicated against your will. It winds up being the first thing in Groucho Marx glasses and a sign saying “NOTHING TO LOOK AT HERE, YOU’RE DEFINITELY KEEPING TRACK OF EVERTHING.”
Third, you can try to increase your system’s ability to track things—the “switch from a lever to a joystick” option. The problem is that, at a certain point, your system can no longer fit inside a single human’s brain. At that point, you have to hire more humans. But each new human you add to your system is someone else you have to check up on and make sure they’re doing what they’re supposed to, and is another source of complication in your system.
This reality often makes it difficult to figure out if fraud happened at all. For example, you could create incentives in your business such that your underlings commit fraud, your business looks successful, and you can pay yourself a large bonus. When it all falls apart, you can claim that you had no idea, you thought all the books were accurate, and you are just a terrible manager, which is not illegal. Similarly, you can run a long firm fraud and when it goes up in smoke claim you are just bad at running a business, which is also not illegal. Thus it is said that fraud is the crime of wrongful deception in the interest of financial gain where the perpetrator is sending a bunch of emails saying “hahahahahahaha! I did a fraud! I sure hope don’t get caught for all this fraud I am doing!”
In a sufficiently complex system, fraud is all but inevitable. There are three possible approaches to this problem. If your job is catching fraud, you should incorporate all three.
First, you can do normal risk calculation. There is a certain population of bad people floating around in the world, and every so often they bump into your business and commit fraud. You should set up your control system to simultaneously minimize the amount of money you lose to fraud and the amount of money and time you spend on your control system. This method works well for the majority of frauds—embezzlement and so on—which are not conducted by especially sophisticated people.
Second, you can try to make sure that your control system is good in a common-sense sort of way. Your information is accurate, you draw reasonable conclusions from it, you’re tracking important details, and you have a basically realistic sense of how the world works. Eventually you’ll run into your system being too big to fit in a human brain, but you’ll run into it a lot faster if you have a badly designed joystick.
But neither of those prevents the really big frauds—the ones through which the most money is lost. Big frauds identify weaknesses in the control system that you didn’t know existed.
Fortunately, there’s something true of all large and most small frauds, which Dan Davies didn’t name but I will call the Icy Law of Fraud: fraud snowballs.
Let’s take embezzlement as an example. Let’s say you steal the widget-factory-improvement budget from your company, Widgets Incorporated. But your boss expects that you’ve spent that money on, you know, sprokets and so on, and that this will result in profits from the new widgets you’re making.4 You don’t want to get caught, so you fiddle the books a bit to make it look like the profits are there. Your boss is like “Great! This expansion is so profitable! Let’s reinvest the profits in a new factory in Smallsville.” Of course, there’s no money for the new factory in Smallsville, but you can fiddle the books a bit more and then you’re golden… at least, until your boss expects the new widgets to be rolling off the lines…
That is, in nearly all frauds, over time reality and the books are increasingly different from each other. You have to account for not only the money you stole but also all the profit you were supposed to get from using the money you stole for business reasons, and all the profit you were supposed to get from reinvesting that profit, and all the profit you were supposed to…
The miracle of compound interest!
It gets worse. You don’t want to claim to have lost money, because people are always more likely to look closely at the accountbooks of failures than of successes. The obvious solution to “the money isn’t there” is to take money from someone else (suppliers, investors, customers), give it to whomever is yelling at you for money, and declare the consequences to be a problem for Future You. Many frauds, however they started, wind up with something of the flavor of a Ponzi scheme.
The third method of identifying fraud is going “that’s growing too fast. Sus.” You don’t get sedate boring business-to-business companies with a small steady profit every year that suddenly turn out to have been stealing everyone’s money for thirty years. Not all fast-growing businesses are big frauds, but all big frauds are fast-growing businesses.5 You don’t have to have a model of what’s going wrong to sense something might be.
Fraud Is About Trust
Fraud is very rare in low-trust societies. Fraud most often occurs in high-trust societies: societies where businesses are honest and loans are repaid and laws are fairly enforced. Dan Davies calls this “the Canadian Paradox.”
Why? If you’re in a low-trust society, you know everyone is going to rip you off if you get a chance, so you take very expensive countermeasures against fraud. For example, in many low-trust societies, people only deal with their relatives. If you’re in a high-trust society, you can basically trust strangers to be honest, so you deal with strangers expecting them to be honest… and some of them take advantage.
The key innovation of the high-trust society is the division of trust. Everyone gets their books audited, but investors don’t have skyscrapers full of auditors checking the honesty of every detail of the books of every company they might invest in. In general, investors assume that the company’s own auditors did a good job.6
The vast majority of the time, “the company’s own auditors did a good job” is a reasonable assumption. The developed-world economy wouldn’t work otherwise. Investors would constantly have to pass over mutually beneficial deals because there simply wouldn’t be enough auditors to check that the company is legit. Most auditors are basically competent and honest, so this works well.
But frauds can exploit the system. If you’re a fraudster, you simply fire your auditors until you find a dishonest one. Many fraudsters can browbeat their auditors into submission. People don’t become auditors, generally considered one of the least glamorous jobs in the already extremely non-glamorous field of accounting, because they are badass alpha males who defy authority. Because auditing is usually a loss leader, the fraudster can get the auditor’s boss to join in on the browbeating.
People in general spend too few resources on auditing-related fraud prevention. First, most honest firms have an inaccurate sense of how honest auditors are, because all the most dishonest auditors are working for the fraudsters. Second, fraud is the kind of thing humans have particular trouble reasoning about. You can cut corners on checking that the books of companies you invest in were properly audited, and everything seems fine for years or maybe decades—until it turns out you invested in Enron or FTX and you just lost billions of dollars.
But the division of trust goes far beyond auditing. We trust that doctors only recommend treatments we need and that they correctly report to Medicare which procedures they’ve performed on Medicare recipients. We trust that if a drug says “ibuprofen” on it then someone has checked that it contains ibuprofen and not Viagra or fentanyl or nothing at all, and that that person is at least minimally good at their job. We trust that the people we supply goods to on credit will eventually pay for the goods, and that the people we pay in advance will eventually give us the items we paid for. If we couldn’t basically trust people to do what they’re supposed to, the economy would fall apart.
No one has the resources to investigate all their business associates for a history of undetected long-firm fraud, test all their own ibuprofen, and get a medical degree to make sure their doctors give good advice. We check; sometimes we check more, and sometimes we check less. But ultimately the whole system relies on people being basically trustworthy. And I think that’s beautiful.
Fraud Is About Tradeoffs
A recurring theme in this post so far7 is tradeoffs.
One reason that a firm grows very fast is that it’s a fraud. The other reason a firm grows very fast is that it’s producing a really good product that people want to buy. Do we want to catch more frauds at the expense of quashing some of the businesses that have the best chance of improving everyone’s lives?
If you check everything out for yourself, it takes a lot of time and energy. If you don’t check everything out for yourself, you have to trust other people—and a lot of them aren’t trustworthy. Even if you’re investigating things for yourself, you aren’t able to understand every aspect of the system. Each aspect you pay attention to implies another one you’re ignoring.
In Victorian Britain, fraud was more endemic than it’s ever been before or since. Reliable historical estimates suggest that about one-sixth of new companies founded in the Victorian period were frauds. Many people lost all of their savings due to unwisely investing in a fraudulent company. Why did the Victorians tolerate this?
Well, the other five-sixths were often really good companies. Victorian companies made enormous capital investments—steam engines, railways, factories—funded by the savings of the middle classes. Maintaining a robust control system against fraud is expensive, as we’ve discussed, so the Victorians… didn’t. It was easy to take a bunch of people’s money for a harebrained scheme, and sometimes people stole it, and sometimes they built the greatest trading fleet on the seas. Some widows, orphans, and retirees lost their life savings and died in penury, but to the Victorians it was a small price for the Industrial Revolution.
As Davies puts it, the optimal level of fraud is not zero; as Umesh Vazirani might put it, if you’re never defrauded, you’re spending too much money on auditors. You have to make the best information-processing system you can, choose the level of risk you’re willing to take, and balance catching frauds against doing anything at all.
Lying for Money: How Legendary Frauds Reveal the Workings of Our World. By Dan Davies. Published 2018. 321 pages. $14.
[Matt Levine voice] Not if you intend to do it!
I mean, ideally, about the economy, but if you want to learn details for spotting FTX this works too.
In fact, you’d be better off than most markets.
You can also steal money by inflating costs but you’re not going to get to steal a lot of money that way, because your boss will stop giving you money.
Bernie Madoff’s Ponzi scheme was so successful in part because Madoff kept the growth of his scheme under control; even then, about 70% of the money he stole never existed in the first place.
A similar trust is extended to accountants more broadly, lawyers, and actuaries.
As well as in, like, economics.
To give an example of a fraud I investigated (I was an IT tech working on the accounts system for a law firm).
Law firms hold money in trust for their clients - for instance, when you buy a house, you transfer money to your lawyer, they transfer it to the seller's lawyer, the seller's lawyer then hands it to the seller. This works as a kind of escrow process so you can't sign the contract and then not actually pay and end up with both money and house (yes, you'd get sued and lose, but that takes time and costs money).
Typically, you pay in the value of the house, plus banking fees, plus your lawyer's fees and then the lawyer does all the final calculations, realised they overcharged you on sales tax, and sends $10.43 back to you or some similarly trivial amount of a several-hundred-thousand-dollar transaction.
For various reasons, the law firm can end up not being able to send the money back (e.g. your bank account changed, or you sent money from an account that can't accept it back or they mailed you a check and you forgot to pay it in). By law, they have to try repeatedly for a period of time to get it back to you and then after that they have to pay it to either the government or to charity (depending on the state/country they are in).
So, our villain gets given a job to do: he has to go through all the accounts that have positive balances after the completion of the work for more than four but less than five years. He then has to try to contact the rightful owner of the money, and try to return it to them; if he can't return it to them, then he has to record that and when it hits the five years, it gets transferred to the government.
He does the proper process to try to contact people, and then for half the people where he failed to contact them, he records that he did contact them, they had new bank details, he enters the new bank details and transfers the money. To his own bank account. For the other half, they get transferred to the government.
For three years, he gets away with this, until an audit report picks up that his bank account has the third highest number of transactions on it. My very small participation in this is that I coded that audit report. An accountant notices this account, checks who it belongs to, and the next day, the police arrive and arrest him at his desk for fraud.
Remember that the money was money that no-one knew existed. There was vaguely a sense that there was some money like this, but no-one specific had a claim to specific chunks of it. The people he was actually returning it to had just not realised it was there, the government didn't know it was there. And it was several thousands of pounds. No-one was catching him for living beyond his means because it turned out he was a gambling addict and was just losing it all as soon as he stole it.
It really is a case of: so, what should you be auditing for? You probably haven't thought of everything.
The optimal level of fraud is, in fact, zero, but the optimum amount of defense against fraud is less than the amount of defense that would reduce fraud to zero.