Does Profiling Help Us Uncover Risks?
From Cold War spies to corporate fraudsters — why behaviour, not background, exposes the real threats.
Does Profiling Help Us Uncover Risks?
In a past life, we were tasked with identifying spies. Specifically, we were looking for Russian and Chinese assets focused on industrial espionage.
This was in the 2000s.
Recent reports detailing how Beijing (and Moscow) infiltrate Western universities, companies, and government entities bring back memories (like this piece).
Should We Be Profiling?
I did, back in the day.
Chinese spookery in the 2000s was a blunter instrument than it is now: send Chinese students overseas and play the long game, or pressure the diaspora (often with threats to family back home).
In this context, Chinese nationals trying to gain access to sensitive parts of UK industry (defence, transport, infrastructure ) were a red flag.
(Let’s ignore, for now, our own government’s habit of selling critical infrastructure directly to China.)
But the point was, profiling was common.
Russian spymasters, were cannier, with decades of Cold War experience. They had leaned to lean on non-Russians.
This is why we’ve had other (mainly EU) nationals implicated in spying for Russia, and plenty of British citizens, often academics with romantic notions of Marxist utopias.
China would soon follow and innovate. For example, posing as hiring managers at defence contractors to lure disgruntled US military personnel they’d target on LinkedIn into spilling secrets as part of the hiring process:
“What does your current role entail?”
A Healthcare Approach to Risk
Now, I’d take a healthcare approach.
In medicine, we look at contributing risk factors, diet, sleep, exercise, work environment, exposure to pollutants.
That helps us narrow down areas of vulnerability.
If you’re trying to discern risks from within your own organisation (and you should, especially around financial crime and fraud), you could profile.
Or, you could take an asymmetrical approach.
For example, a demographic profile might tell us that most fraudsters are university-educated men over 50.
That would have missed:
Sam Bankman-Fried (FTX): ~30 years old when it collapsed.
Elizabeth Holmes (Theranos): not a man, not near 50.
Jan Marsalek (Wirecard): 40 years old, high school dropout, and a Russian asset.
Three of the biggest frauds in recent memory, none fit the “profile.”
Diagnosing an Unhealthy Risk Profile
If, instead, we take a healthcare approach, we’d have spotted that:
Nearly no one understood the underlying technology (crypto, nano-blood testing).
Each industry was drowning in hype and FOMO.
There was zero accountability, remember Bankman-Fried taking investor meetings while gaming?
Add that up, and you’ve got a very unhealthy risk profile.
Even basic behavioural analysis would have revealed a common pattern: contempt and disdain for oversight.
Profiling Behaviour, Not People
Understanding which groups view your organisation with contempt is sensible.
But assuming everyone in that demographic shares the same intent is lazy, and dangerous.
Work inside-out instead. Ask:
What do we have that others might want to steal, damage, or duplicate?
Who has access to it?
Are they angry, fearful, or contemptuous?
You’d be surprised how easy it is to gather this data.
True profiling is behavioural, not demographic.
It’s about pressure, fear, greed, contempt, and disgust, the emotional levers that drive misconduct.
Uncomfortable? Yes.
Necessary? Absolutely.
Because most risks come from within through both action and inaction.
Metaphorically Speaking
I love a metaphor. A picture can paint a thousand words.
The images above helped explain why applying the same assessment criteria to a downtown apartment and a floating village in Vietnam makes no sense.
The same logic applies to risk frameworks.
If I applied the standards of an FTSE 100 manufacturing firm to a development bank in Southern Africa, the result would be chaos.
The danger isn’t bad frameworks.
It’s misapplied ones.
What metaphors or visuals have you used to communicate complex risk concepts to jaded audiences?
Contextual Quote of the Week
“We put people of concern on the watch list or the no-fly list, so we have a number of layers of security beyond the airport checkpoint. We gather as much information about a passenger as the law allows without profiling.”
— John Pistole
Need More?
Find out why the world’s most ethical investors say I’m
“particularly skilled at sensitively engaging with firm leadership on very tricky topics.”
Why SMEs we’ve screened as potential investments thank us for
“the deep, thoughtful approach.”
And why Transparency International said,
“We wholeheartedly recommend Rupert for his creativity, inventiveness, and professionalism - a definite 10 out of 10.”
Get free assessments, in-depth guides on integrity risk and sustainability, two sample chapters of Bootstrapping Ethics, and schedule a no-obligation strategy session.
👉 Get More