How can organizations enhance company culture to prevent fraud?

Key Takeaways

• Secrecy needs oversight. Legitimate confidentiality protects operations, but without independent and effective oversight it becomes a shield for fraud.
• View silence as a warning. Missing data, delayed disclosures, withheld records, and quiet staff should be treated as red flags, not routine obstacles.
• Culture drives accountability. Systems matter, but only a culture that rewards safe challenge and protects whistleblowers ensures wrongdoing is exposed.

When Secrecy Becomes a Shield

Imagine when the documents you need have disappeared. The people who could explain them won’t speak, and the official version of events is already circulating. This isn’t an isolated scenario; it’s how secrecy is routinely turned from protection into concealment.

Secrecy is not confined to defense or intelligence agencies. It cuts across all sectors and runs through many large organisations: state-owned enterprises, global corporations, and regulators. In these environments, information flows are tightly controlled.

Legitimate secrecy protects operations and intellectual property, yet it can create blind spots. Without independent oversight, those blind spots become cover for misconduct. The issue is not whether organisations keep secrets, it is whether those secrets protect the public or shareholders’ interests or conceal wrongdoing.

Secrecy is routinely exploited and across very different sectors spanning a variety of industries. Regardless of the industry, the result is the same: Opacity corrodes oversight and fraud thrives where secrecy goes unchecked.

Hierarchies, Culture, and Narrative Control

Closed organisations concentrate power at the top, and when secrecy is layered onto rigid hierarchies, risks multiply.

In tightly controlled organisations, employees often defer to authority, not just out of respect but because challenging superiors is seen as insubordination. The psychology here is powerful. Authority bias, the instinct to obey those in charge, is magnified when the costs of disobedience are visible.

Stanley Milgram’s famous experiments showed that ordinary people would deliver what they believed were harmful electric shocks when told to by an authority figure. The lesson still resonates. In entrenched hierarchies, the same instinct explains why staff stay silent in the face of wrongdoing. An instruction from above is often enough to override doubt, silence internal warnings, and keep damaging practices alive.

But this is not just about individual psychology; it is reinforced structurally. Groupthink flourishes in siloed teams where loyalty is prized over scrutiny. Questioning the narrative is not viewed as professional duty, but as disloyalty. Over time, employees learn that survival depends on compliance, not challenge.

This is not theoretical. Whistleblowers can experience personal risk of defying entrenched narratives. Protections on paper are often distrusted in practice. For every individual who speaks up, many more remain silent, watching what happens to those who challenge authority.

This combination of authority bias, structural hierarchy, and cultural punishment creates the perfect conditions for fraud to endure. It explains why misconduct at senior levels often continues unchecked for years and why even obvious irregularities can go unreported.

The financial consequences are stark. Fraud at the executive level is especially costly because it combines access, influence, and the ability to manipulate internal controls. According to the Association of Certified Fraud Examiners (ACFE) 2024 Report to the Nations,^[1] schemes led by executives generated median losses of $459,000—seven times higher than frauds carried out by lower-level staff. Moreover, 87% of those caught had no prior disciplinary record. Misconduct escalates not because it goes unnoticed but because no one challenges it.

Hierarchies do not just centralise decision-making; they define the narrative of the organisation. Senior leadership sets the tone and once a particular account of events becomes established, it is repeated until it hardens into “fact.” Staff learn quickly that challenging this narrative carries risks—stalled careers, sidelining, or quiet removal.

For investigators, this dynamic creates two serious challenges. First, management’s accounts are often polished and persuasive but incomplete or misleading. This can amount to obstruction of justice or misleading regulators, not just an internal culture problem, but creating legal exposure.

Second, potential witnesses may hesitate to contradict the official version, fearing repercussions. In such environments, investigators cannot take explanations at face value; they must test every claim against independent evidence and create trusted channels for disclosure.

Narrative control is often reinforced through procedural obstruction. Requests are delayed under the guise of “clearance.” Key information is redacted as “confidential.” Access is restricted to what leaders decide others “need to know.” Each tactic can appear reasonable in isolation. Combined, they block oversight. The question then is intent: Does secrecy serve legitimate protection, or does it conceal misconduct?

When Records Go Missing

Fraud in closed and hierarchical organisations rarely reveals itself in what is present, but rather in what is missing. Logs are deleted, emails erased, invoices shredded. These gaps are not neutral. According to the ACFE, fraud typically lasts 12 months before detection, this can be far longer in systems where information gaps are treated as routine. Where frauds are detected within the first six months, the median loss is $30,000. If left undetected for more than five years they rise to $875,000.^[2]

For investigators, absence itself is evidence. Missing files, unexplained redactions, and delayed disclosures must be treated as red flags, not administrative inconvenience. The task is to reconstruct reality from the fragments that remain and to test management’s polished narratives against sources they do not control.

This is where triangulation becomes indispensable. Internal records, even incomplete, must be cross-checked against external filings in courts and registries. Supplier and contractor data often reveals what official ledgers obscure. Oversight reports, however redacted, carry statutory authority that can anchor fragmented accounts.

Yet documents rarely tell the whole story. Human intelligence often proves decisive. Whistleblowers, insiders, and former staff supply the context that paper trails cannot. They explain why gaps exist, which controls were bypassed and how, and why certain narratives were shaped. In practice, their testimony can be the thread that ties other fragments together.

Triangulation is not about one perfect source. It is about assembling enough independent points, human and documentary, to expose patterns. Triangulation mirrors the evidentiary approach in court: No single source is definitive, but consistent, independent points build a case strong enough to withstand scrutiny and rebut competing narratives. Silence, missing files, and selective disclosure become part of the evidence, not barriers to it.

Strengthening Resilience

If missing records and muted staff are the signals of fraud, then resilience lies in building systems that make silence harder to maintain. Secrecy will always have a role in protecting operations and intellectual property, but without effective oversight it corrodes trust and shelters misconduct.

The legal landscape already reflects this reality. The U.S. Foreign Corrupt Practices Act (FCPA) continues to shape enforcement internationally, updating its guidelines in 2025 to refocus enforcement toward significant criminal conduct over routine business practices, refining how extraterritorial liability is assessed.^[3] In Europe, the Whistleblower Directive has shifted from principle to enforcement, with fines imposed if firms fail to protect insiders.^[4] These regimes demonstrate that opacity is not only a governance weakness but also a legal liability that can trigger sanctions, settlements, and reputational collapse.

Organisations that want to stay ahead must reinforce resilience on multiple fronts:

• Independent oversight with full access: Committees, inspectors, and internal audit should have access to records directly for regular independent reviews, bypassing intermediaries and management gatekeepers. Independence loses its force if access is filtered. 
• Protected whistleblowing: Laws such as the EU Whistleblowing Directive, mandate safe reporting channels, but these matter only if staff believe they will be protected. Assess whistleblower channels annually, test these under real conditions, and ensure whistleblowers are safeguarded. Anti-retaliation measures must be visible, enforced, and tested regularly. Without trust, tips never surface.
• Cultures that reward scrutiny: Training must address authority bias explicitly, framing challenge as professional duty. Evaluations and promotions should reflect an employee’s willingness to raise concerns, not just their ability to conform.
• Legal frameworks: Statutes like the FCPA,^[5] the UK Bribery Act,^[6] and equivalent regimes provide tools for regulators to investigate, compel disclosure, and prosecute bribery and accounting misconduct across borders. Organisations should conduct regular compliance assessments and prepare for cross-border enforcement. Proactive alignment with these laws reduces the risk of crisis later.
• Technology and monitoring: Cross-validate supplier and contractor data against internal ledgers, payment flows, and third-party records to independently corroborate narratives. Automated logs and anomaly-detection systems can identify irregularities even in secure environments, but technology cannot substitute for governance. Unless findings are acted on, systems become window dressing rather than safeguards.

Regulators are already signaling their unwillingness to accept “classified” or “confidential” as blanket defenses.^[7] The direction of travel is clear: Organisations must separate operational secrecy from financial transparency. One protects national or commercial interests; the other ensures accountability. When both are balanced, resilience is possible.

Conclusion: From Secrecy to Accountability

Fraud in closed systems is rarely dramatic in its beginnings. It seeps in through silence, reinforced by hierarchy, until concealment becomes the norm. By the time missing files or muted staff attract attention, losses are already significant.

Operational secrecy may protect interests but financial secrecy attracts liability. Boards that fail to adapt will not face only reputational damage, they will face sanctions, fines, and debarment. The way forward is not complex. Independent and unfettered oversight, credible whistleblowing channels, cultures that reward scrutiny, and clear separation between secrecy and transparency are the baseline.

The lesson is simple: Secrecy without scrutiny is risk. Organisations that embrace accountability today will not only avoid sanctions. They will be the ones still trusted tomorrow.

The views and opinions expressed in this article are those of the authors.

Read Past Raising the Bar Issues