Sometimes it is good when levels of reported fraud go up. It means a problem that was ignored before is finally getting the attention it deserves. Internal fraud within comms providers needs more attention, despite flatulent industry surveys which imply all fraudsters inhabit the wild world outside, and are never in the room with us. There are plenty of indicators of the extent to which fraud has spread like a cancer inside comms providers, including an endless stream of stories about insider fraud from mainstream news outlets. There are also credible industry estimates by intelligence providers like Symmetry Solutions of approximately three-quarters of international revenue share fraud for voice being short-stopped by carriers. Even the world’s richest man, Elon Musk, has learned that many comms providers are run by crooks, after X identified 390 telcos that were complicit in SMS traffic-pumping scams. So we should praise Vodacom, the African telecoms group headquartered in South Africa, for telling shareholders that 631 staff and contractors were dismissed during the last financial year, following a 16-fold increase in investigations of alleged fraud and other irregularities.
Per Vodacom Group’s Integrated Report for the financial year ending 31 March 2024:
All who work for or on behalf of Vodacom have a responsibility to report any behaviour at work that may be unlawful or criminal, or that could amount to abuse of our policies, systems or processes and, therefore, a breach of our code of conduct…
…Cases are reviewed by Group HR and risk, supported by corporate security. Each is formally and robustly investigated by a qualified expert and is monitored to verify that corrective action plans or remediations are conducted. When determined necessary and applicable, remedial action may involve consequences for the individual and/or changes to internal processes and procedures.
The current whistleblower process is obviously working better than whatever method they previously used to record and investigate claims of wrongdoing. Vodacom Group became larger in FY24 because it now consolidates the figures of Vodafone Egypt, following a transfer of 55 percent of Vodafone Egypt’s shares to the Vodacom Group entity. That will help to explain why the Integrated Report states that the number of investigations concerning external actors rose from 7,726 in FY23 to 15,999 in FY24, a rise of 107 percent. However, the consolidation of Vodafone Egypt is unlikely to explain why the number of investigations involving internal actors went from just 277 in FY23 to 4,559 in FY24, a rise of 1,546 percent.
Vodacom receives cases for investigation from:
- Direct reports from customers
- Direct reports from service providers
- Online reports
- Referrals from business
- External whistleblowing
A footnote to the Integrated Report says the change in investigation statistics is due to the consolidation of Vodafone Egypt and…
…a reporting methodology change, which we implemented to provide a better perspective to businesses on the challenges faced due to logical access.
That sounds to me like a diplomatic way of saying internal politics previously stopped the relevant departments from reporting and investigating wrongdoing as much they wanted. It is natural that no business wants to admit that some of its people are wrong’uns. But it is also naïve to believe that every employee of a large company will be honest and law-abiding. Any telco that addresses the sin of underreported internal fraud should be applauded. Internal fraud often has severe consequences for customers and suppliers as well as for the telco itself.
The statistics from Vodacom’s Integrated Report are backed up by a paragraph in the report from the group’s Audit, Risk and Compliance Committee, as presented with the FY24 Financial Statements.
From 1 April 2023 to 31 March 2024, the Group’s corporate security divisions investigated over 8 652 cases of alleged fraud or irregularities, of which 6 872 related to external cases and 1 780 to internal cases. The end result ensured the arrest of 15 suspects and the dismissal of 631 staff/contractors. These cases were reported and identified through various channels, including direct reports received from customers, service providers, online reports, referrals from business, the fraud management system and external whistleblowing.
It goes without saying that these numbers do not perfectly tally with the figures in the Integrated Report. This might be because the Integrated Report says the corporate security teams ‘support’ the review of cases by teams who work in HR and risk management. There is likely to be a disparity between the number of investigations per definitions used by HR and the number per definitions used by security staff, with some cases being dismissed or handled by HR without the involvement of security professionals. Even so, the 1,780 internal cases investigated in FY24 per the Audit, Risk and Compliance Committee is much higher than the 277 cases reported in the FY23 version of the Integrated Report, reinforcing the impression that much more internal fraud is being rooted out than before. No company would expect every investigation to yield proof of wrongdoing, so the arrest of 15 and dismissal of 631 also indicates the seriousness of the work being done to stop fraud.
Some people talk like SIM swap fraud is a problem that is wholly external to comms providers. Some pretend bypass fraud only occurs because of external agents. Some would like to believe handset theft is never abetted by any employee. This needs to stop. The cancer is inside our businesses and it will not be cured by pretending it is not there. Ignoring the cancer just permits it to spread further. The worse the cancer gets, the harder it is to confront. Whistleblowing is an essential component of any corporate strategy and needs to be both encouraged and supported through adequate resources. Comms providers that are currently trying to cut costs by slimming down the staff devoted to internal investigations need to be chastised by regulators and governments because they are putting the general public and other businesses at risk. It will be uncomfortable for a business like Vodacom to admit to this amount of insider fraud, but the more comms providers come clean about the scale of wrongdoing committed by their own staff, the safer we will all be.



