Why you need to think about criminal risk

Business school lecturer Bertrand Monnet believes security needs to be integrated into the business, not bolted on.

by Stephen Jones
Last Updated: 17 Apr 2018

'We were beaten with knives and kicked in so many ways. They did the Russian wall* on my head because they thought I was the police,’ says Bertrand Monnet as he recalls his kidnap and eight hour ordeal at the hands of the Brazilian mafia.

It's a terrifying account and one that you would associate with a detective story, but Monnet is a business school professor.

For 13 years, the former French army officer has been head of the Chair of Criminal Risks Management at EDHEC business school in France and lectures students on how to identify and mitigate against criminal risk in companies.

Needless to say, his research methods are rather immersive. He regularly travels the globe arranging face to face meetings with some of the most dangerous criminal groups in the world. Over the past decade he has met with Nigerian gangs, computer hackers, Somali pirates, Italian Mafia and even the Japanese Yakuza among others.

His aim is purely educational. He wants to find out how these groups operate and use this information to build case studies to train the next generation of top executives to be able to detect criminal risks within their organisations, a skill he thinks is missing in many board rooms.

Monnet insists that his experience in October 2016 - when he was kidnapped by the Brazilian drug cartel Primeiro Comando da Capital or PCC - was accidental.

He was scouting Cracolândia (Crackland) in Sao Paulo with the intention of coming back to observe and film at a later date. It was 6pm and Monnet and his fixer had permission to be on one street, but were pushed by a crowd of desperate drug addicts onto another street and it was here that they were taken by the cartel.

‘I don’t take risks, I am not a reporter.' says Bertrand. ‘Usually if anything is wrong I don’t go.’ He highlights the fact that he is going to Nigeria for a seventh time for the same project as his six previous attempts have been cancelled because it was too risky.

Monnet makes his contacts in the same way that a journalist would - by identifying the appropriate people and speculatively approaching them. A lot of his meetings are purely opportunistic and in his words he spends most of his time failing.

‘It takes time and a lot of effort of course, but it does not take any money. The people that I want to meet are in command of huge organisations making millions of dollars, they don't want anything from me.

‘If they do ask for money they are not the big enough guys’.

After being held, beaten and initially threatened by the Cartel, Monnet and his fixer were released after proving they were no threat. But not one to waste the opportunity to connect, Bertrand approached the boss to see if he could remain in touch.

‘I understood that this guy was one of the bosses of this organisation, so I thought that it was a unique chance to meet this kind of guy, so I asked him if I could keep in contact.

‘He asked me to tap my number into his I phone so I did and two weeks later I was just coming out of a class on the Lille campus and received a Whatsapp message. I was back in Sao Paulo two weeks later.’

How to mitigate criminal risk

His methods seem pretty extreme, but Bertrand is keen to stress that corporate criminal risk is something that threatens every business. Take cyber crime for example, in a UK government report it is estimated that almost half of UK firms were hit by a breach or cyber attack in 2017.

While Monnet believes there is wealth of literature and reports that needs to exploited, it is only through speaking with these criminals - whatever criminal industry they are involved in  - that we can truly understand how their organisations work. ‘Cyber crime does not exist as such, hackers create cyber crime. So you have to meet these people to question them.’

He also highlights occupational fraud as major risk to many businesses, referring to examples like the Volkswagen emissions scandal of 2015 as an example that many of these risks exist internally.

‘In so many cases security is just cosmetic,’ says Monnet. ‘Many of these security departments are staffed with people who are not bilingual. These people can talk security, but they don't know how to talk EBITDA.'

His solution is for boardrooms to manage security in a more ‘holistic way’ and insists that multiple departments  within an organisation have a role to play in how the company is protected and that security is a biproduct of good strategy.

'Cyber crime has a smell, corruption has a smell, fraud has a smell and who are the only positions able to detect these? Top management positions are not the ones that will be mobilised to mitigate the risks, but they will be the ones to detect it.’

'It is good for the students to realise that security is an issue, but at first it is a matter of strategy. It is a matter of decision.'

He points to the engineering firm Subsea 7, which works in dangerous regions like the Gulf of Guinea as an example of this.

They have an efficient CSR programme that concentrates on developing the areas local to their operations. This involves builidng roads, paying for schools and creating jobs within the local community. Something which he says is not initially part of an immediate security department, but something that can in itself can help to mitigate against potential risks.

'If you want to manage the risk of kidnapping in the world, a brilliant way to do this is to stop sending so many travelers and expatriates around the world and try to integrate locals. This is a matter of HR management, not security management.' Monnet says. 

'There are so many departments that have to be absolutely integrated into the global risk management process.'

 Image credits: YAKOBCHUK VIACHESLAV/shutterstock

*MT doesn’t exactly know what that is, but it sounds painful.



Find this article useful?

Get more great articles like this in your inbox every lunchtime