How the GLF Watered Down Its Anti-Fraud Code of Conduct

After reading that headline, I can guess what some of you are now thinking. Here goes Eric, the half-mad Don Quixote of telecoms risk, launching an attack on yet another innocent windmill. However, you should give this argument a fair hearing because words do matter and this article is about the difference between what words mean and how they have been applied in practice. And if words do not matter, why would anyone bother to write a code of conduct or agree to honor it?

The Global Leaders’ Forum of International Telecoms Week, commonly abbreviated as the ITW Global Leaders’ Forum, ITW GLF, or just the GLF, describes itself as “a network of the leaders from the world’s largest wholesale carriers, who convene to discuss strategic issues and to agree collaborative activities with the aim of driving the next phase of growth for the industry”. You could also describe the GLF as a brand of Euromoney Institutional Investor PLC, a company that specializes in business-to-business information services and whose Capacity Media division produces magazines such as Capacity and events such as International Telecoms Week. If you want to know more about the history of the services provided by Euromoney to wholesale telcos then I recommend the synopsis they published in 2020. This identifies key milestones such as the first edition of Capacity coming out in 2000 and the first International Telecoms Week being staged in 2008. So Euromoney has been selling to wholesale telcos for more than two decades. This is important because my experience of telecoms fraud managers is that they sometimes forget to apply their forensic skills to determining who pays the people that write reports about fraud.

The history is relevant because this is the fourth year the GLF has produced an annual fraud report but there were many years when fraud did not matter to Euromoney Institutional Investor PLC. The world has changed and they, spying a business opportunity, have changed with it. Fraud has not become more important; it has always been important. What has changed is that the telecoms sector has stopped growing like it used to, and many portions of the sector are consolidating as a rational strategic response to important services going into permanent decline. There was plenty of fraud in 2000 or 2008, but the GLF only started writing about fraud more recently because it now represents much more of a business opportunity than it did before. Fighting fraud will not create growth for wholesale carriers, but it might help some to slow the rate of decline. The business logic for wholesale carriers investing in fraud prevention is similar to the logic for printing newspapers on recycled paper or including more ethanol in oil-based fuels. The results are good in themselves, but the motivation stems from extending the life of a declining product by reducing the reasons for customers to abandon it sooner.

I used the analogy of recycling paper and adding ethanol to gasoline because those worried about climate change are acutely aware of the potential gulf between businesses saying they care about the environment and those same business doing everything they might to protect the planet. This is why the dictionary contains a new word, “greenwashing”, which means spreading disinformation so a business appears to be more environmentally responsible than it really is. Given all the bad headlines prompted by consumer-oriented frauds like wangiri and smishing, the last thing the telecoms sector needs is for fraud managers to engage in the equivalent of greenwashing for fraud prevention.

In 2018, when the GLF first published its anti-fraud code of conduct, the obvious criticism was that words are nice but mean little if nobody is checking whether businesses really comply with the code of conduct. A few years have since passed, and the GLF has now addressed that problem, to a limited extent. The GLF now has a process to attest (but not to audit) compliance with the fraud code. But compliance is not really compliance, as explained by their own report.

To be attested as “compliant” with the Code of Conduct, a carrier must score over 70% in each of the six Principles and provide evidence to demonstrate their adherence.

In the normal use of words, 70 percent compliance is usually referred to as ‘partial compliance’. However, that is not my main concern. The GLF has diluted their anti-fraud code of conduct by asking for evidence of compliance that is not consistent with what the principles actually state. This is the original 2018 wording of one of those principles:

Commitment to share information regarding fraudulent traffic flows with carrier peers

Carriers will actively share information on fraudulent traffic and its origination, where permissible, subject to anti-trust legislation, contractual and regulatory obligations and commercial constraints, with all potentially impacted peers.

But this is how the ‘aspiration’ to share information is being checked in 2021:

All carriers to participate in at least one industry fraud forum, with executives sponsoring their company’s participation and ensuring the adherence to recommended actions that arise.

If you run a business that generates profits by hosting meetings and webinars then it makes perfect sense to argue for the merits of the forums you provide. That does not mean participating in a forum is the same as actively sharing information with all potentially impacted peers. There will often be occasions when the peers impacted by fraud will not attend the same forum.

Other criticisms may be leveled at the evidence requested to demonstrate ‘compliance’ with the GLF Code of Conduct, but I want to focus on information sharing because I have current and first-hand experience of the problems in persuading comms providers to share fraud intelligence. The top fraud manager at a Tier 1 international wholesale carrier told me his business would not use the RAG Wangiri Blockchain to exchange fraud intelligence because they had invested in fraud detection and filters. An automated data exchange for fraud intelligence would be harmful to their business as it would cause them to “lose their USP”. A USP is a unique sales proposition. Its role is to increase revenues by offering something that other businesses cannot offer. But where does it say in the GLF principles that carriers no longer need to share information about fraud if the uniqueness of that information gives them a sales advantage? That fraud manager is employed by one of the carriers that supposedly complies with the GLF code.

Not all wholesale carriers have the same attitude to exchanging fraud intelligence. iBasis is the third largest international wholesale carrier and they celebrated their compliance with the GLF code by making an announcement that also referred to their use of the RAG Wangiri Blockchain. Their behavior shows it is reasonable to expect more active sharing of fraud intelligence by wholesale carriers, but it suits the GLF to endorse low standards that all the big carriers will easily satisfy because they want all big carriers to take part in GLF meetings. Like the United Nations, the problem with a forum that treats everyone as equals is that rogues and obstructionists are never made to feel shame. The GLF’s business interests preclude them from significantly improving standards. We might try to fool ourselves into believing slow progress is being made, but when progress is this slow it can only result in the telecoms sector falling even further behind the fraudsters that race ahead of us all.

For the 19 carriers who have been certified as compliant with the Code of Conduct, this is an opportunity to promote themselves to the industry as taking action against fraud and should provide a mark of assurance to customers and suppliers.

In other words, 19 carriers can seek to increase sales by claiming to actively share intelligence about fraud. But some may simultaneously seek to increase sales by refusing to actively share intelligence about fraud. The conflict of interest is obvious. That this conflict is not addressed by the GLF also illustrates where their interests lie.

The 2021 GLF Fraud Report, which includes its commentary on the attestation process, can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.