Diversion of critical technology – a byproduct of global competition?

6 minutes

Global competition for science and technology is heating up

Unless you have been sleeping under a rock these past five years or so, you will be aware that the world is again in an era of great power competition. One key area in which this geostrategic competition is playing out is in science and technology. In addition to the omnipresent competition between businesses, nations are now trying to gain the upper hand for economic and national security reasons in a way we haven’t seen since the end of the Cold War.

Developing a high level of scientific and technological capability maturity takes decades and requires substantial infrastructure, starting with basic education systems all the way to post-doctoral research. The research needs to be supported by a legal, regulatory and financial environment conducive to commercialisation, such as Intellectual Property law, sources of capital investment, and the right government policy settings. Lastly, countries need to have companies capable of converting consumer-ready ideas into products, and the ability to take these products to market.

Where countries or companies cannot or do not wish to take a product to market, they use Technology Transfer mechanisms to assign ownership or control. If you can’t or won’t build these capabilities organically, the alternative offers a fast-track option: Steal it. If you want to take the illicit path, you have three main options: Theft, patent infringement and counterfeiting, or diversion.

medival professionals holding test samples
Photo by Tima Miroshnichenko on Pexels.com

What is Diversion in the context of Technology Transfer?

To understand the diversion of critical technology we need to establish some definitions, starting with Technology Transfer. I spent quite a bit of time learning about Technology Transfer at university, but it seems the inherent complexity hasn’t changed in many years. According to a 2011 World Health Organisation (WHO) report, the term “technology transfer has been notoriously difficult to define precisely”.

WHO have chosen to go with a World Intellectual Property Organization (WIPO) definition which defines technology transfer as “a series of processes for sharing ideas, knowledge, technology and skills with another individual or institution (e.g. a company, a university or a governmental body) and of acquisition by the other of such ideas, knowledge, technologies and skills”.

Diversion” refers to the unauthorised or unintended redirection of technology, confidential information, or components / materiel from its intended (authorised) receipient or use to a different party or for use in a different purpose.

Diversion is different to Theft (although they often arise simultaneously): Theft is effectively taking something that isn’t yours without permission (and often without paying for it). For example, going on a laboratory visit, picking up a laboratory notebook and discreetly putting it in your bag for later is theft, not diversion. Although I cannot find evidence of it being discussed in this way in the literature, I consider Diversion a type of Fraud as it typically involves obtaining a benefit (the confidential information or technology) by deception.

faceless operator examining drone in modern studio
Photo by Pok Rie on Pexels.com

Why should we care about the Diversion of critical technology?

The impact of diverted technology depends on the what the technology actually is and the identity of the perpetrator. Diversion is commonly perpetrated by nation states, competitors, private intelligence collectors, non-state actors (e.g. terrorist groups), and trusted insiders (e.g., employees, supplier’s workforce). Diverted technology can have a number of national security and market competitiveness impacts, which over time erode competitive advantage and can expose companies and countries to undue risk, including:

  1. Military Superiority: Critical technologies often underpin a national defence capabilities. If adversaries or third parties access these technologies, your competitive edge can be eroded.
  2. Economic Competitiveness: Advanced technologies drive economic growth and national competitiveness. At the start of this 4th Industrial Revolution, science and technology goes hand in hand with economic prosperity.
  3. Critical Infrastructure Vulnerabilities: Critical technologies are often used to support critical national infrastructure like energy, transportation, and communication. Diverted technology could be used to identify novel vulnerabilities in systems (including zero-day cybersecurity vulnerabilities), which could be exploited by adversaries leading to widespread disruptions.
  4. Proliferation of Weapons of Mass Disruption and Dual-Use Technologies: Defence and dual-use technologies (those with both military and civil applications) can be diverted to sanctioned groups or nation states, destabilising global security.
  5. Diminished Strategic Autonomy: In this new ere of geostrategic competition, being reliant on another country is a strategic vulnerability (we saw this from the effects of the COVID-19 pandemic). Diversion can lead to increased dependence, potentially compromising a nation’s independence.
  6. Foreign Interference and Espionage: Diverted technology can provide adversaries with insights into a nation’s capabilities, strategies, and operations, potentially undermining its diplomatic and security efforts.

There are many ways in which technology can be diverted, such as False End Users, front companies, use of brokers or intermediaries to obtain information, joint ventures or mergers and acquisitions, IP Licensing agreements, insider threats, foreign student arrangements, and many more. In some cases, once the diverted technology is obtained by the adversary, it will be copied or reverse engineered before going into production (manufacturing). The benefit here means that companies can build a competing product (or military capability) at a cheaper price. without the overheads of having to recover the costs of research and development.

Further Reading

  • Gaida, J., Wong Leung, J., Robin, S., Cave, D., Pilgrim, D. (2023). ASPI’s Critical Technology Tracker – Sensors & Biotech updates, Australian Strategic Policy Institute, https://www.aspi.org.au/
  • Hannas, W., Chang, HM (2021). Unwanted Foreign Transfers of U.S. Technology: Proposed Prevention Strategies, Centre for Security and Emerging Technology, https://cset.georgetown.edu/
  • McBride, J. and Chatzky, A. (2019). Is ‘Made in China 2025’ a Threat to Global Trade?, Council on Foreign Relations, https://www.cfr.org/
  • Toman, D., Famfollet, J. (2022). Protecting Universities and Research from Foreign Interference and Illicit Technology Transfer, European Values Centre for Security Policy, https://europeanvalues.cz/
  • WHO (2011). Pharmaceutical Production and Related Technology Transfer, www.who.int

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Towards a taxonomy for product diversion

What is product diversion?

Those who follow my blog will know that diversion is something I wrote about reasonably often. The reason for this is simple – diversion has a multiplier effect on the business supply chain. It doesn’t just result in a financial loss like theft does, but it also impacts the profitability and engagement of your distributors, the integrity of your channels (in terms of being able to control who sells your product, the quality and integrity of that product, and at what price), and consumer satisfaction in terms of brand perception, warranty coverage and customer service.

black fujifilm dslr camera
Photo by Math on Pexels.com

How does product diversion occur?

I started researching diversion more generally before Oliver May and I wrote our book ‘Terrorist Diversion’ for the non-profit sector. Unfortunately diversion happens everywhere in business, but the way it happens differs by industry and product. One challenge with diversion is that it can be hard to grasp how it actually happens – diversion is part theft, part fraud, and part breach of contract. To illustrate, when I discuss product diversion with clients, there are six main risks I start with, as follows:

  1. Expired, defective or out-of-specification (non-conforming) product is diverted from destruction or reverse supply chains and sold as conforming (on-specification) product
  2. Product authorised for sale in one market (e.g. Country X) is actually sold in another, unauthorised market (e.g. Country Y) in breach of contractual obligations between distributors / end users and the manufacturer
  3. Product is stolen from the distribution or supply chain and diverted (sold)
  4. Product is acquired, repackaged and on-sold by a third party or unrelated party
  5. Product sold by a manufacturer for non-domestic use is subsequently sold or re-imported for sale / use domestically in that country
  6. On-specification (conforming) product is produced by an authorised manufacture (i.e. a third party) without permission from the Intellectual Property Rights Holder, through practices such as overproduction (see my previous article on Shadow Manufacturing), with that excess conforming product being sold without approval

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

In my previous article on Typologies, I mentioned the importance of getting to what I typically call “level 3 risks” – effectively drilling down to three levels of detail that describes how and where each diversion risk may arise in relation to factors such as your business’s organisational structure, channels, products.

Whilst I won’t be publishing them here due to length, I’ve identified over 25 different ‘Level 3 diversion risks’ at the time of writing. Each of these risks materialises in a different place in the supply chain and has different actors, demonstrating the breadth and complexity of this issue. If your business is experiencing product diversion issues, only focusing on a discreet element of diversion may not solve your broader problem.

If you are concerned about product diversion in your supply chain, you may want to start with my risk taxonomy and customise it to your business. Remember not every risk will apply in your situation, but it is important to understand how and where diversion can occur in your business.

Who perpetrates product diversion?

Product Diversion is predominately a ‘trusted insider risk‘ perpetrated by someone within your organisation or supply chain who has privileged access to your products, processes and information. There are two exceptions to this, one being the involvement of buyers (end users) who purchase conforming product in bulk for unauthorised resale, and the second being criminals who perpetrate cargo or warehouse theft to resell stolen product on the commercial market. Perpetrators of product diversion typically include:

  • Employees
  • Contractors
  • Business Partners
  • Suppliers and Service Providers (e.g. reverse logistics, repackaging companies)
  • Organised Crime (warehouse and cargo theft)
  • Unauthorised End Users (see my previous article on the importance of End User Verification)
  • Contract Manufacturers

In some cases, collusion between one or more groups will occur, as well as criminal infiltration between external organised crime and trusted insiders. Trying to perpetrate larger scale or ongoing product diversion as an individual may be challenging and lead to early discovery. In this case, networks such as organised fraud sydndicates tend to emerge.

Where does product diversion arise in your supply chain?

As with any crime, we always talk about means, motive and opportunity as three legs of the crime triangle. Without all three elements, crime is unlikely to occur. From my work, I have identified for main ‘motives’ which should be considered alongside the product diversion risk taxonomy I presented above:

  • Steal for self: where a trusted insider diverts the product for their personal use (this is typically small-scale or opportunistic, and commonly falls under the definition of ‘theft’ or ‘occupational fraud’ as opposed to product diverison, which is generally larger in scale and more organised)
  • Steal for sale: where a trusted insider with legitimate access to the product (including employees of third parties such as suppliers) diverts the product in a higher quantities for commercial sale
  • Buy for resale: where a fake end user purchases product, potentially at a discount, for resale in one or more Territories (countries / regions)
  • Buy then dispose: where a legitimate end user purchases product then resells / disposes of product to liquidation firm (such as a retailer who purchases stock but is unable to sell that stock within an acceptable period)

If you are are responsible for managing these risks in your organisation, remember that some positions in your organisation will provide greater access and / or opportunity to perpetrate diversion than others. For the purposes of your security or insider threat management program, you need to consider these High Risk Roles.

High Risk Roles are those positions in your organisation (or in your supplier or business partners’ organisation) that confer privileged or unsupervised access to your critical assets – in the case of diversion, this could be a warehouse manager or team managing reverse logistics and destruction of expired or non-confirming product. My article on High Risk Roles provides more information here.

Key areas where product diversion can occur include:

  • Warehouses
  • Distributors
  • Wholesalers
  • Retailers
  • Factories
  • Contract Manufacturing Organisations
  • Third Party Logistics companies
  • Liquidation companies
  • Repackaging companies
  • Product returns companies
  • End Users (e.g. for resale)
  • Other resellers

As you can see, product diversion can happen anywhere in the supply chain. However, some of the product diversion risks presented in my taxonomy will only manifest in specific parts of the supply chain and / or involve specific actors. This needs to be considered in any risk assessment and treatment plans.


As you can see, product diversion is a complex type of fraud which requires considered thought and planning in order to mitigate. Understanding how and where risk events may materialise is important, as is understanding the perpetrator and their motives. Access to data, and use of data analytics and intelligence is critical to mitigating your organisation’s risk to within your risk appetite.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

What’s the problem with conflicts of interest?

What are conflicts of interest?

At their core, conflicts of interest are about integrity. ‘Conflict of interest‘ arise in situations where employees or third party legal entities such as vendors or business partners (including employees of those third parties) could be influenced, or where it could be perceived that they are influenced, by a ‘personal’ interest in carrying out their duty (Commonwealth Ombudsman 2017).

In this sense, ‘personal’ interest refers to perceived or actual benefits being derived, ranging from money to relationships or reputation. There are three forms of conflicts of interest (Commonwealth Ombudsman 2017):

  • Actual conflict – where a direct conflict arises between an individual or entity’s personal interest and their fiduciary duties
  • Perceived conflict – situations where others might perceive a conflict (even if an actual conflict does not exist)
  • Potential conflict – situations which in the future could give rise to an actual or perceived conflict of interest but have not yet happened

Are conflicts of interest fraud?

Conflicts of interest are considered one of four ‘corruption schemes‘ by the Association of Certified Fraud Examiners (ACFE), the other three being bribery, illegal gratuities, and economic extortion. However, unlike some types of fraud, an actual conflict of interest only becomes fraudulent if it is not declared.

Photo by Brett Jordan on Pexels.com

Declaring a conflict of interest (whether actual, perceived or potential) provides an opportunity for it to be managed, which could include the conflicted party recusing themselves from the conflicting situation or decision, or declaring this conflict to peers (such as where a board member is conflicted through multiple interests).

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

How do conflicts of interest arise?

Conflicts of interest arise can either intentionally or unintentionally (Commonwealth Ombudsman 2017) :

  • Intentional conflicts occur where an individual or legal entity knowingly puts itself in a conflicting situation. This could arise where a potential conflict is entered into with the full knowledge of all affected parties (and appropriately managed), or where the party gaining a personal benefit attempts to conceal the conflict (fraud)
  • Unintentional conflicts arise from poor management or awareness by affected parties, such as where employees do not recieve conflicts of interest awareness training, employers do not have conflicts of interest policies or require attestations.
Photo by Jopwell on Pexels.com

Declarations – a key part of conflicts management

Conflicts of interest are all about transparency, or the lack thereof. Declarations are a key component of managing conflicts. Irrespective of whether an employee, contractor, supplier or potential business associate, businesses need to understand what (if any) potential conflicts they may have and work through a process to evaluate them.

Typically, the easiest way of managing conflicts of interest is avoiding them, but this is not always possible. Where a conflict does or may arise, it must be evaluated – sometimes this process can be quite onerous.

The U.S. National Academies of Sciences (NAS) notes that “conflicts are not binary (present or absent)”, and that they “can be more or less severe”. The NAS identifies two factors to assist decision makers when evaluating a conflict of interest declaration, being (a) the likelihood of undue influence by the secondary interest, and (b) the seriousness of the outcome. The NAS presents this useful rubric for assessing confict of interests:

Likelihood of undue interestSeverity of potential harm
What is the value of the secondary interest?What is the value of the primary interest?
What is the scope of the relationship?What is the scope of the consequences?
What is the extent of discretion?What is the extent of accountability?
NAS (2009) – Chapter 2 Principles for Identifying and Assessing Conflicts of Interest

Depending on severity or perceived harm, treating a conflict of interest may require removing the conflicted individual / entity from the decision making process, or in other cases severing the business relationship entirely. Exactly how you need to manage a conflict depends on the situation (noting that in some cases there may be applicable legislation which will also govern this).

Good practice requires organisations to collect information on conflicted individuals or entities regularly – there is no set timeframe for this, but an annual declaration coupled with voluntary event-based disclosures by the affected party if they arise, makes sense for most organisations. Any more frequent and the program can be difficult to manage, whilst a longer gap between declarations can give employees the impression that conflicts aren’t important, as well as meaning the organisation is working on out of date information.

Once conflicts are identified and confirmed, managers of those employees or affected contracts (e.g. vendor managers) must be made aware of the conflict and charged with managing the risk in accordance with the organisation’s agreed treatment plan.

The challenge of detecting undeclared conflicts

Managing declared conflicts can be challenging enough for large organisations, however detecting them is something different altogether. Without a properly structured approach it is possible to spend a lot of time, effort and money without identifying anything conclusive.

Photo by cottonbro on Pexels.com

In the absence of an allegation, such as a tip-off from a whistleblower or competing vendor, organisations seeking to be proactive in detecting potential undeclared conflicts should focus their resources on the business units, processes, people or vendors of highest risk. The ACFE identifies three main types of conflict of interest scheme (Wells, 2007):

  • Purchasing Schemes – where a conflicted party manipulates the victim’s purchasing process to the benefit of the entity to which they are conflicted
  • Sales Schemes – where the conflicted party negotiates discounts or processes write-offs to benefit the entity to which they are conflicted
  • Other schemes – where the conflicted party diverts funds, clients / sales leads, and / or resources such as equipment from their employer to the entity to which they are conflicted for the conflicted entity’s benefit

Each of these categories of scheme is comprised of a number of typologies (perhaps best thought of as variations), some of which are more easily detected than others.

As you can see, conflicts of interest schemes can arise amongst employees in sourcing and procurement or sales and marketing roles; however, this is not exclusively the case. Conflicts of interest are generally quite complex to both detect and investigate. Typical methods of detecting conflicts include fraud data analytics (fraud detection) and investigative techniques including (Wells, 2007):

  • Supplier vetting or due diligence (and comparison of ownership data with employee and contractor names and other indicators, such as phone numbers)
  • Matching of supplier / vendor and employee identifiers (eg.g. Address, phone number data)
  • Identification of employees who are take up employment with a vendor after termination
  • Tipoffs and complaints, including from other disaffected vendors who are losing work as a result of the corruption scheme as well as employees who notice inconsistencies or favouritism

A well designed integrity program, inclusive of appropriate internal controls in key areas (such as purchasing), awareness programs and annual attestations can help mitigate the risk of these insider threats. Perhaps most importantly though, these same practices must extend to third parties, whether a vendor, business partner or other classification. A third party’s employees or contractors in positions which place the contracting entity at risk must be managed and monitored closely, sometimes with even more scrutiny than may be applied to the contracting entities staff – this decision is dependent on where the risk lies, and the inherent and residual rating of that risk.

Further reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Theft of fuel from HMS Bulwark – a diversion case study

What happened?

This story broke in the media on 7 April 2022, with multiple articles claiming the theft of fuel from a high security Royal Navy base in the United Kingdom. According to Sky News, “the diesel was siphoned from a tanker in a heist that reportedly “ran for weeks” with most of it having been “flogged on the black market”. Some articles claim the fuel was being used to run diesel generators on HMS Bulkwark whilst it is alongside and undergoing refit.

HMS Bulkwark, Albion-class assault ship, Royal Navy, United Kindgom

Further details on the case are limited, other than the fact that the case is under invetistigation by the UK Ministry of Defence and that the alarm was drawn when a guard at the base became suspicious. Unfortunately the theft of fuel is a common occurance – as a perisable commodity which retains its value in the market, fuel is in high demand and can be readily converted to cash when diverted even in small quantities, or alternately consumed for personal use.

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

A case of diversion or shrinkage? Motive is key

The fact that fuel was stolen means this is an offence of theft, or potentially fraud depending on whether deception was used to perpetrate the crime. Given events took place on a secure military base where it is reasonable to assume you cannot simply walk in or out, it is reasonable to assume an element of deception (i.e. fraud).

Either way, whilst details are limited in the public domain it is possible to develop further insights into the crime for the purposes of building this case study. For example, we know this scam went on for weeks. According to Wikipedia, the capacity of a fuel tanker truck ranges from 20,800 to 43,900 litres. Google reveals that the average capacity of an SUV on the road is up to 70 litres.

To provide an order of magnitude, 2% of 43,900 litres is 878 litres, which equates to around 12.5 full SUV tanks. If this scam was perpetrated once a day for 7 days, we are talking about over 6,000 litres of diesel being stolen each week. With current Australian diesel costs averaging $1.95 per litre as at 14 April 2022, this equates to illicit earnings of just under AUD$12,000 per week (AUD$624,00 per annum). To be clear, there is no indication of quantum or order of magnitude in the media, so this is hypothetical and indicative only.

AA van with Jeep SUV broken down in Kensington Gardens by David Hawgood is licensed under CC-BY-SA 2.0

So does this activity equate to shrinkage or diversion?

  • Shrinkage is an accounting term used to describe when a store has fewer items in stock than in its recorded book inventory (Shopify). Shrinkage can be the result of process or quality issues, as well as theft and fraud.
  • Product Diversion refers to goods that are redirected from the manufacturer’s intended area of sale or destination to a different geography or distribution channel (Curwell)

In practice, I tend to view shrinkage as being less organised and not ‘commercial’ in scale, whereas diversion is typically more organised and more commercial in nature. Given this has been going on for weeks as well as the volume and illicit revenue estimates outlined above, I would suggest this is clearly a case of product diversion. Further, in my taxonomy of product diversion risks, this is defined as “Product stolen from distribution or supply chain“.

How can these types of product diversion events be detected generally?

Product diversion shares similarities with other frauds. According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud 2022: Report to the Nations study:

  • 42% of business frauds globally are detected via tip offs,
  • 16% through internal audit, and,
  • 12% through management review.

Interestingly, 5% of cases were detected by accident – exactly how the Royal Navy guard discovered this diversion incident.

When you know what you are looking for, the application of fraud analytics techniques means product diversion can be detected provided you have the right data and you assemble and analyse this data in a manner that will allow you to identify potential indicators of diversionary activity.

Photo by Lou00efc Manegarium on Pexels.com

From my understanding of the situation, there are at least four primary records that, when ‘joined‘ together, could be used to identify similar product diversion cases pertaining to oil and fuel:

  • Order records – invoices and purchase orders should state the quantity of fuel ordered and the delivery dates. Given this is a military base, there are likely to be some sort of movement records to register in advance the potential delivery.
  • Tanker truck records – records of how many tanker trucks entered the base and their capacity (this might be captured at the front security gate for emergency management reasons in case of fire).
  • Fuel transfer records – these should record how much fuel was actually delivered from the tanker to HMS Bulwark, and would likely be maintained by the driver or the fuel tanker company’s order delivery system (most likely a smart phone app). Requirements to supply these to the customer could be mandated in the contract of sale.
  • Fuel receipt records – these would be maintained by the crew of HMS Bulwark, recording all details of the delivery including fuel quality records through onsite Quality Assurance testing performed by the ship’s engineers as well as the quantity of fuel recieved.

These four datasets could be collected by customers and monitored on a proactive, ongoing basis to identify discrepancies indicative of potential product diversion using data visualisation tools such as Tableau or even Microsoft Excel. Alternately product diversion schemes such as this may also be identified during distributor audits or compliance investigations.

What other preventative and detective controls might be relevant in this scenario?

In addition to the data points outlined above, a range of other preventative and detective controls could be used to identify potential diversion. These measures may be more expensive than the ‘books and records’ approach outlined above, hence their application should be risk-based. Relevant examples include:

  • Accurate calibration of measures to calculate the volume of fuel delivered – just like petrol stations, fuel delivery measures need regular re-calibration, and in some instances may be tampered with to under- or over- deliver. There may be two such devices in this example – (1) the tanker truck and (2) HMS Bulwark.
  • Quality checks should be performed by the customer to ensure the diesel is appropriate quality and that product substitution has not occured (e.g. fuel diluted with another substance, fuel sitting on top of a heavier substance to give the appearance of conformance).
  • GPS monitoring on the tanker truck allows both the vendor and customer to monitor for unscheduled stops, which could be indicative of an accident or unscheduled delay, cargo theft (e.g. hijacking), or collusion with organised crime elements. These systems typically generate an alarm or alert in an operations centre.
  • IOT sensors may also be attached to fuel lines or guages, to confirm quality and volume of product in real-time as it is decanted from the tanker to the fuel storage tank.
  • High-value or sensitive facilities should be subject to a range of physical security measures.
  • Third parties loitering in a secure area, either pre- or post-fuel delivery, are also indicative of suspicious activity that would warrant further investigation (as allegedly occured in this case)

As you can see, the Internet of Things (IOT) and the proliferation of sensors in daily life provide excellent opportunities for detecting product diversion in near real-time.

Lessons learned – what to do about it?

Performing a thorough anti-diversion risk assessment, and then implementing appropriate detective measures to identify potential diversion incidents early, before any substantial loss is the foundation of a proactive approach to managing diverison risk. The data required for detecting this type of diversion is likely to be readily collected in most organisations, and simple tools such as a spreadsheet can help identify anomalies. Detecting diversion in your data can be easy and cost-effective when you know what to look for.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Understanding the risk of organised crime infiltration in your business

What is Serious Organised Crime anyway?

The concept of organised criminal infiltration into your business or supply chain is interesting. I’ve worked with a number of critical infrastructure operators in Australia who have this concern: the nature of their business provides a unique opportunity for criminals to exploit their business, or the employees position, to facilitate their own or others criminal activity. Before we start to get carried away that serious groups like the mafia are infiltrating your business, it’s worth understanding key elements of the ‘spectrum of crime’ which forms a basis for any Threat Assessment:

  • Criminal enterprise – a group of individuals with an identified hierarchy, or comparable structure, engaged in significant criminal activity (FBI)
  • Opportunistic individuals – individuals who take advantage of internal control gaps or weaknesses and opportuinities of circumstance to perpetrate criminal and / or unethical activity (e.g. fraud or business espionage) (Curwell, 2022)
  • Organised criminals – “small, organised networks of entrepreneurial offenders, often transitory in nature, that develop to exploit particular opportunities for illegal profit. These groups vary from temporary associations created to commit a time-limited series of offenses, to enduring businesses that invest in on-going criminal activities” (Eck & Clark, 2013, p28).
  • Organised crime (organised criminal group) – “a structured group of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offences established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit” (Smith 2018 in United Nations 2004: 5).
  • Transnational Organised Crime – those self-perpetuating associations of individuals who operate transnationally for the purpose of obtaining power, influence, and monetary and/or commercial gains, wholly or in part by illegal means, while protecting their activities through a pattern of corruption and/or violence, or while protecting their illegal activities through a transnational organisational structure and the exploitation of transnational commerce or communication mechanisms (FBI)
Photo by Anugrah Lohiya on Pexels.com

Its important to remember that not all crime that happens somewhere like a border, port or airport will be perpetrated by serious organised crime. Anecdotally, a lot of the crime I come across day to day involves opportunistic individuals and organised criminals. These risks are managed through employment screening and internal controls (which might include detection programs – see What can be done about it? below).

Photo by Anete Lusina on Pexels.com

Common activities of serious organised crime – is there a nexus with your business?

Understanding the types of activities which commonly involve serious organised crime groups can help businesses assess their likely exposure to this activity. In the following list, I have compiled a list of offences based on information published by the FBI and ACIC:

  • Bribery
  • Currency Counterfeiting
  • Embezzlement
  • Fraud schemes
  • Cybercrime
  • Investment and financial market fraud
  • Revenue and tax fraud
  • Credit card fraud
  • Superannuation fraud
  • Money Laundering
  • Murder for Hire
  • Drug Trafficking
  • Prostitution
  • Exploitation of Children
  • Organised retail crime
  • Human Trafficking and Slavery
  • Intellectual Property Crime – including Counterfeit Goods
  • Illegal Sports Betting
  • Cargo Theft
  • Sale and distribution of stolen property
  • Murder
  • Kidnapping
  • Gambling
  • Arson
  • Robbery
  • Extortion
  • Tobacco and firearms smuggling
  • Vehicle theft

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

What we know about Serious Organised Crime in Australia today

Access to detailed assessments of the nature and sophistication of serious organised crime in Australia are not publicly available. However, one of the most useful reports is the periodic assessment of Serious Organised Crime released approximately every 5 years by the Australian Criminal Intelligence Commission. This report provides a useful outline of serious organised criminal markets in Australia, as follows:

Illicit CommoditiesSerious Financial CrimeSpecific Crime MarketsCrimes Against the Person
NarcoticsCybercrimeVisa & Migration FraudExploitation of Children
Illicit Pharmaceuticals & AnaestheticsInvestment & Financial Market FraudEnvironmental CrimeHuman Trafficking & Slavery
Performance Enhancing Drugs (e.g. steroids)Revenue & Taxation FraudIntellectual Property Crime
llicit TobaccoSuperannuation Fraud
Illicit FirearmsCredit Card Fraud
ACIC (2017). Serious Organised Crime in Australia, Canberra

Understanding whether your business, including your supply chain, has a nexus with any of these criminal markets will help inform your threat and risk assessment process in relation to organised criminal infiltration. As with assessing physical security of your office premises or facilities, you may not have a direct nexus with organised crime but your suppliers or neighbouring businesses might. This creation of an indirect nexus should also be considered, as this could have adverse reputation, safety and disruptive effects on your business, employees or customers.

The role of criminal enablers

Some organisations may not be directly of interest to OCG, but they may be recognised as having something or someone who can enable or facilitate their objectives. Examples here include access to information, professional facilitators (eg. lawyers, accountants, trust & company service providers), systems (eg being able to change a database record in a third party system), or sub-leasing warehouse or storage space.

The Australia Criminal Intelligence Commission identifies six enablers of serious and organised crime (ACIC, 2017):

  • Money laundering
  • Technology
  • Professional facilitators
  • Identity crime
  • Public Sector corruption
  • Violence and intimidation

Enablers can be targeted by organised crime either directly (eg group leases warehouse space for its own activities) or in relation to employees in key positions. Employees who have some sort of vulnerability, either at home or at work, may be coerced, bribed, intimidated or extorted to perform acts at the direction of a group.

Photo by ThisIsEngineering on Pexels.com

What can be done about the risk of organised criminal infiltration?

So far in this post, we’ve demystified what constitutes serious organised crime, the types of activities (offences) commonly associated with this activity, the criminal markets where organised crime groups are found, and the professional intermediaries and enablers who might knowingly (or unknowlingly) support them. The next question is what to do about it.

The starting point for any business leader concerned about potential organised criminal infilitration in their business is a thorough, objective and factual assessment of the threats and risks, and their associated likelihood and consequence. Once understood, a proper security plan can be implemented to mitigate these risks.

With infiltration by organised crime there is a potential insider threat. This can materialise within both the employee and contractor / third party populations, including within the extended supply chain. This also needs to be considered when scoping any assessments. Suggested actions for businesses concerned about organised criminal infiltration include:

  1. Perform a Threat Assessment to map your ‘threat universe‘ (i.e. who is likely to target your organisation), and why
  2. Undertake a Security Risk Assessment, which incorporates identifying critical assets, vulnerabilities (control gaps), consequence and likelihood (i.e. which of your assets might serious organised crime groups actually consider attractive) for the various threats identified in the Threat Assessment. For risk such as product theft or product diversion, don’t forget to assess if your products are CRAVED.
  3. Undertake a Personnel Security Risk Assessment – this is commonly separate to your Security Risk Assessment, but identifies high risk positions and roles in the organisation which give acceess to your critical assets, and the types of employment screening (background investigation) and continous insider threat detection programs that may be required to mitigate the risk
  4. Perform due diligence on prospective and current employees, contractors, suppliers and business partners / third parties based on the risks idenitifed in your Security Risk Assessment and Personnel Security Risk Assessment.
  5. Develop a robust intelligence and security program to monitor for ongoing changes to your organisation’s threat landscape (including building capabilities such as media monitoring), and where appropriate, develop partnerships with police and security agencies to help mitigate the risk to within your organisation’s risk appetite.

Following these steps will ensure you know where you need to focus your security effort and resources. It may be that your greatest risk is that of opportunistic individuals and organised criminals (including trusted insiders and employees or contractors of your third parties or business partners) and not serious organised crime, requiring a different treatment strategy. If in doubt, seek assistance from an appropriately qualified professional who is licenced by the State Police to give security advice in the relevant Australian jurisdiction. If in doubt, have a read of this advice from ASIAL, the Australian Security Industry Association.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Los Angeles rail hijackings – a form of cargo theft

What is going on?

Recently, there has been substantial coverage of the hijacking of goods trains by thieves on Los Angeles (LA) goods lines (McFarland & Mossburg 2022). Images of damaged or discarded shipments from distributors to consumers (end users) strewn across the train tracks are common, as are photos of railway police trying to apprehend individuals and small groups running along the tracks.

Photo by Daniel Semenov on Pexels.com

Reportedly, these criminals either force entry to stationary or slow-moving goods trains, ransacking any items which appear to be of value. Since they have been doing this for a while now, one must presume they have learned what more expensive packages look like (e.g. branded shipping boxes, specific logos) and are likely selected over lower value items (see my previous article here). Additionally, media reporting also stated that larger, harder to move goods are discarded on the train tracks over smaller items easily transported by a single human trying to flee the scene quickly. This activity is a form of Cargo Theft.

What is cargo theft?

The prevention of cargo theft is a core pillar of any supply chain security program, ensuring goods are not stolen in transit either from the factor to a distributor (for larger or bulk shipments), or distribution centre to end user (as appears to be seen in this example).

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

How does cargo theft impact brand integrity?

When cargo theft occurs in bulk, there is a real risk the diverted product is moved into grey markets (gray markets)  or alternately that stolen product is infiltrated into legitimate supply chains, and then on-sold to end users (see Sugden 2009). An example of the scenario that occurs here is where an authorised distributor is approached by a purported ‘wholesaler’ to purchase legitimate (non-counterfeit) stock at a discount to prices set by the manufacturer or standard wholesale prices.

In this scenario, distributors may knowingly or unknowingly purchase stolen but non-counterfeit product and then sell this to end users, with three potential business impacts:

  • The manufacturer is disadvantaged through erosion of their profit margins,
  • A ‘legitimate market’ is created for the stolen goods through poor purchasing controls by the distributor, and,
  • Potential future revenue leakage and brand damage to the manufacturer through services and warranty fraud, if a customer who purchased the non-counterfeit good from an authorised distributor makes a claim.
Photo by Quintin Gellar on Pexels.com

Cargo Theft Typologies

According to the latest BSI Survey on Supply Chain Risks (2020), there are four primary cargo theft typologies (note the report does not define each typology, I have added my own definitions here)

  1. Hijacking – where the vehicle (truck, train, plane, ship) carrying the goods is stopped and control is taken of the entire vehicle. Typically, vehicles are typically taken to a third location controlled by the hijackers for unloading and disposal. Hijackers may be working in collusion with trusted insiders (e.g. drivers or warehouse staff).
  2. Theft from a vehicle – whereas hijacking involves the whole vehicle, this typology involves stealing selected goods from the vehicle (e.g. specific boxes), and is what we see in the LAX examples.
  3. ‘Slash and grab’ – when cargo is transported in soft skinned trucks, the vinyl or canvas covers can be slashed and any items to hand quickly stolen.
  4. Other – undefined typologies, presumably including theft by employees or third parties as well as fraud (e.g. claims of shipments being damaged as cover for theft).

According to BSI, cargo theft primarily occurs in six geographical locations:

  • In-transit – whilst the vehicle is moving (e.g. slowed due to traffic congestion, stopped at traffic lights or an accident)
  • Rest areas – trucks carrying high value cargo without two drivers are at risk when the driver stops for a break or sleep
  • Warehouse – there are at least two risks here:
    • Theft from warehouse by criminals (e.g. breaking & entering) with no insider involvement
    • Inventory theft or fraud by trusted insiders (e.g. employees)
  • Unsecure roadside parking – where a loaded vehicle is parked either at the point of origin or destination
  • Freight facility – where multiple trucks / trains are unloaded in a single location
  • Other locations – these are not defined

How do the proceeds of cargo thefts end up in grey markets?

We sometimes see high value goods, such as stolen motor vehicles, being exported from the jurisdiction where the theft occurred (e.g. the USA) to an overseas jurisdiction where the product is in high demand and where criminals can obtain substantial profit margin on the sale of the stolen goods.

It might also be common to see sales of consumer products being sold online (either individually or in bulk) by either a business or individual seller or sold to authorised or unauthorised distributors [an ‘authorised distributor’ is defined as one which has a signed distribution agreement with the manufacturer or Intellectual Property Rights (IPR) owner and is conducting their business operations in the geographic area(s) stated in the agreement].

In the case of the LA activity, the stolen goods seem to be packages shipped from distributors which are stolen before delivery to the consumer (end user), rather than bulk shipments (e.g. multiple copies of the same product). These stolen goods can also be sold online, in person through social networks or street corners, or local flea markets.

Photo by Mark Dalton on Pexels.com

What can be done to help mitigate this type of cargo theft?

There are three main strategies that can be employed to mitigate the types of risks seen in Los Angeles, as follows:

  • Physical Security (including use of tamper evident seals) – appropriate (i.e. risk-based) physical security should be part of any Supply Chain Security program. This may be the responsibility of the logistics provider (i.e. a third party) or the manufacturer. Most shipments are covered by insurance against theft or damage, but this may be subject to exclusions.
  • Market Surveillance – a robust market surveillance program is essential for the protection of your products, IPRs and ongoing brand integrity. This involves using Open Source Intelligence (OSINT) techniques to monitor physical and online markets (e.g. flea markets, online market places like eBay and Gumtree) as well as social media for sales of your products, monitoring pricing (pricing surveillance), conducting test purchases (to determine the origin of the product for diversion and grey market purposes), and identification of sellers to determine whether they are authorised or unauthorised.
    • This data should be added to a Graph database to facilitate Social Network Analysis and other intelligence analysis and investigative methods which might help to identify the criminal value chain and map organised crime groups involved in this activity.
  • Collection and analysis of incident data – in my previous post on product fraud and security risk assessments, I discussed the importance of capturing current and historical incident data for analysis. The sorts of questions you need to ask of your data here includes whether there are any common themes or trends and whether any specific products are at higher risk than others (e.g. those which are more valuable or CRAVED by thieves).


Whilst cargo theft is a risk, there are controls and other measures which can be implemented to mitigate it. Proper planning is essential, as is the use of security risk analysis to identify where effort (and budget) should be allocated, and the use of intelligence methods to continuously monitor the market and those actors (individuals, legal entities) involved in it. Ideally, any incidents are either prevented, detected or disrupted before a loss is incurred, but in some cases formal investigation may be required.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Product security risk assessments for tangible goods

Author: Paul Curwell

State of art – managing fraud and security risk in relation to products

It makes sense that out of the universe of products on the market globally some products are more attractive to thieves and criminals, including trusted insiders, than others. Whilst working through my holiday reading I came across some research undertaken in 1999 by Ronald Clarke, a leading criminologist.

Photo by Gabriel Freytez on Pexels.com

I’ve been interested in what makes a product vulnerable to security and fraud risks for at least ten years. Take a moment to think about what we do with products: whether a passport or airplane part, we manufacture them before ultimately selling them to consumers, most of whom are free to use them and resell them at will on the secondary market. This means they need some protection against fraud and security threats, especially if your reputation or commercial revenue model is linked to the product’s ongoing integrity.

Whilst working in banking my team would undertake product fraud and security threat and risk assessments, at that stage primarily on the bank’s new fleet of Automatic Teller Machines (ATMs). ATMs are targeted in a number of ways, both physically and virtually, through attack vectors such as ram raids, Plofkraak attacks, and cyber hacking to ultimately access the cash contained inside. More recently, I provided expert review of threat and risk assessments for a suite of financial services and identification products (including digital identities) for another client.

To my knowledge, there is no formal threat and risk assessment methodology for products per se, but Clarke’s methodology seems a good starting point.

What satisifies a criminals cravings?

In his research, Clarke found that products commonly targeted by shop lifters in a retail exhibited six attributes which spell the acronym CRAVED, as follows:

  • Concealable – this is relative to the situation. Shoplifters might target small items they can easily conceal in clothing (eg watches) over a large TV, but sometimes it’s easier to walk out with something large. I previously did some work with a client involved in international air freight, and one of their risks was that trusted insiders could smuggle large items concealed in something else out of the airport through a legitimate freight shipment.
  • Removable – to target a product, you need to be able to pick it up and move it. Unlike services, products are generally transportable.
  • Available – there are two elements to this – products that are widely available, and those that are readily accessible (i.e. not kept in a locked cabinet with inventory or stock in store). Audit logs and access control measures, amongst others, should protect more valuable items.
  • Valuable – whether trusted insiders or organised fraud rings, criminals generally don’t steal things which are not of value to them. Value is also contextual – whilst a high demand product such as consumer electronics is seen as valuable to a large potential market, some products might be valuable to an individual for a specific purpose. We can reasonably expect the former might be targeted multiple times by one or more actors, whilst the latter category might be targeted only once.
  • Enjoyable – Clarke’s work looked at products most commonly associated with shoplifting, so there is an element of consumer desire (i.e wants & needs) here. But if our COVID crisis has taught us anything about supply chains, its that Maslow’s hierarchy of needs also plays a role (the repeated hoarding of toilet paper by consumers comes to mind).
  • Disposable – attractive products are those easily sold, or resold, either for cash or another form of value transfer. There is more demand, hence more of a market, for some products than others. Think of how easy it is to dispose of a second hand (or stolen) fridge over a passport.

Readers will note that CRAVED really applies to security related threats, such as theft, much more than fraud. I’m not aware of any formal product fraud risk assessment methodology.

How can we apply the CRAVED construct to manage product risk?

Clarke’s research was performed in 1999, so it is somewhat dated but the principles likely remain valid. Also, the research focused on retail and is not representative of other industries. Nevertheless, we can use the principles outlined by Clarke to inform the design of any product specific risk assessment methodology: CRAVED provides a starting point.

Based on my experience assessing product risk for fraud and security threats, I offer three tips to consider when designing and / or executing a product risk assessment to address fraud and security threats:

Tip 1: Analyse your historical incidents

Collecting detailed incident data is a foundational element of any fraud, security or risk function. Ideally, you want to capture as much detail as you can at the time of the incident, even if it may not seem relevant now. It may be much harder, or even impossible, to capture some data in the future.

TIP: If you are not doing this already, you should start. Ideally, try to collect as much historical data for say the past 12-24 months as you can, even if it is not complete, and put in place processes and tools to collect rich incident data going forward.

As you start to analyse your historical incident data, ask yourself the following questions:

  • Which product(s) are most commonly targeted? Assuming the Pareto Principle (’80:20 rule’) applies, a small number of your product models will be targeted more commonly than others. You need to identify these and assign a higher likelihood score during your risk assessment.
  • Are there any geographical aspects to these incidents? E.g. do they commonly occur in specific locations? This might indicate that some products are more likely to be stolen or attacked in a specific geographical area. The logical follow up question here is why…
  • Are there specific dates or times when most incidents occurred? In some forms of fraud, it is common to see spikes in fraud incidents in summer and a significant decline in winter. Additionally, some forms of crime are more likely to happen at night. Perhaps you might identify an unusual pattern, such as high rates of theft on a weekend when your business is closed, suggesting a potential insider threat.
  • How do these incidents occur? You need to get a good understanding of the criminal’s business process, particularly if there is a specific pattern or series of steps that are commonly undertaken which you might be able to disrupt using internal controls (mitigations). You can use a variety of analytical methods here including business process mapping, red teaming and analysis of competing hypothesis to achieve this.
  • Who is the perpetrator? Even if you can’t identify the perpetrator by name (which is unlikely), try to categorise perpetrators into groups such as opportunistic individuals, organised criminals, organised crime (eg mafia), trusted insiders etc. Over time, as you develop richer data sources and a deeper understanding of your data, you might be able to distinguish groups or sub-categories based on the groups specific behaviours (i.e. their Modus Operandi [MO] or Tactics, Techniques and Procedures [TTPs], such as a specific organised fraud ring.
  • Why do you think specific products are being targeted? You may need to do some critical thinking here, or alternately comparative case analysis methods would be helpful. You need to understand whether the products that are mainly being targeted (e.g. the 20% – assuming the 80:20 rule applies to your data) are being targeted for a reason. Ask yourself, do they share common attributes (such as the CRAVED attributes identified by Clarke)?

Tip 2: Identify any design attributes which could be modified to reduce the product’s attractiveness to criminals

Sometimes there are design attributes to a product, or even a service (e.g. a business process) that makes one manufacturer’s product more likely to be targeted than a competitor. Additionally, sometimes the design of a product makes it more likely to be targeted – an example could be not having branding or a serial number readily visible, which might allow criminals to ‘rebadge’ it as it is being sold. Repackaging is another area of risk here. Understanding these factors means you can work with product managers and design engineers to modify your product and make it less attractive to criminals, which means it is less likely to be targeted.

Ultimately, your goals here are revenue and brand protection. If you can design your product to be a ‘harder target’ (i.e. less attractive), you might save on downstream fraud and security costs. Alternately, some products are readily counterfeited, with sometimes lethal consequences for unsuspecting consumers. Aside from potentially tragic impacts to consumer’s lives, your organisation’s brand and reputation might be adversely impacted simply because your product design was easy to counterfeit and commercially attractive to counterfeiters.

In this case, the cost of the reputatation or brand damage (such as by consumer boycotts, lost sales) may far exceed the costs of product redesign or implementing additional security measures. Product managers need to know if anything specific makes their product overly attractive to criminals, and if so, do something about it in the design phase.

Tip 3: Understand where the product is most likely to be attacked or compromised

For example, if a product is more at risk during shipment, can better cargo security measures be implemented? If a product is at risk of counterfeiting, product authentication measures such as security packaging and traceability programs could be the solution.

It is very uncommon to encounter situations where managers have unlimited resources – a well-designed product risk assessment methodology can be used to identify those products requiring increased protection based on likelihood and consequence, and those requiring less protection. These insights can be used to efficiently allocate your limited risk management resources, as well as helping product managers understand why their product is at risk.

Further reading:

  • Clark, Ronald V., and John E. Eck. 2016. Crime Analysis for Problem Solvers in 60 Small Steps. Washington, DC: Office of Community Oriented Policing Services. https://cops.usdoj.gov/RIC/Publications/cops-w0047-pub.pdf
  • Clarke, Ronald. 1999. Hot Products: Understanding, anticipating and reducing demand for stolen goods. No. 112 in Police Research Series. London: Home Office. www.popcenter.org

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

The USP/APEC ‘Supply Chain Security Toolkit for Medical Products’

Author: Paul Curwell


In a previous post, I looked at the anti-counterfeiting and supply chain traceability model proposed by AS6174 for the Aviation and Defence industries. This standard is one of many different standards available, some of which are generically applicable to any industry, and others which are designed to meet the needs of a particular target audience.

This article continues with the current Supply Chain Integrity and Security theme, this time looking at the model developed by the The United States Pharmacopeial Convention (USP) – Asia Pacific Economic Cooperation (APEC) Life Sciences Innovation Forum (LSIF) in 2016.

The United States Pharmacopeial Convention defines Supply Chain Integrity and Security as “a set of policies, procedures, and technologies used to provide visibility and traceability of products within the supply chain. This is done to minimize the end-user’s exposure to adulterated, economically motivated adulteration, counterfeit, falsified, or misbranded products or materials, or those which have been stolen or diverted”.

On first glance, the output of the USP/APEC model is what is referred to as the ‘Supply Chain Security Toolkit for Medical Products’, designed for the pharmaceutical, medical devices, and life sciences industry. This toolbox addresses ten different domains, each of which has a range of sub-components, which align nicely into a Capability Maturity Model that at a high level could be applicable to a range of industries.

In this post, I unpack this USP/APEC toolbox in more detail and explain how the Toolkit could be applied to create an industry-agnostic Capability Maturity Model for Supply Chain Integrity and Security.

Photo by Anna Tarazevich on Pexels.com

The USP/APEC ‘Supply Chain Security Toolkit for Medical Products’

This toolkit itself is a 14-page interactive PDF broken into ten domains, each of which reflects a different element of the supply chain.  There are 64 supporting documents from a variety of authors, including the World Health Organisation and APEC, which dive into each element in differing levels of detail. This is available on the Korean National Institute of Food and Drug Safety’s website. The ten elements are as follows:

Good Manufacturing PracticesThis section sets out 11 key considerations for supply chain integrity and security in any manufacturing process. Aside from processes like Outsourcing and Repackaging, which are recognised as vulnerable to a variety of supply chain threats from product tampering, to cargo theft, product substitution, product diversion, and grey market / parallel import activity, this section also introduces the concept of “show and shadow factories”.
Used here, ‘shadow factories’ refer to businesses which actually perform the manufacturing process (or elements of it), without being declared as such. Aside from the Supply Chain Integrity and Security risks, these practices also expose organisations to Bribery & Corruption risks (such as the Foreign and Corrupt Practices Act and United Kingdom Bribery Act) and Modern Slavery and Human Trafficking risks (such as were workers in ‘shadow factories’ may be trafficked or working in slavery, slave-like, harmful or substandard conditions). See my related posts on modern slavery and associated due diligence practices here.
Good Distribution PracticesThis section, along with the Good Manufacturing Practices, is comprehensive and well-constructed. Whereas the real insights the remaining sections are somewhat buried in the supporting documents, this section is cleanly laid out to reflect the steps required across 11 elements of the distribution value chain.
Good Import / Export PracticesUnfortunately this section remains under development so no further guidance or information is available on importing and exporting
Clinical and Retail Pharmacy PracticesThis section is interesting because of its focus on the ‘end user’ [see my previous post for details on end user verification], covering the lifecycle from “purchase and receipt to storage, and until the products are dispensed and administered”. The supporting guidance includes another 66-page toolkit which is similar in terms of application to AS6174, as well as incorporating similar concepts around traceability of raw materials and storage as the Australian Code of Good Manufacturing Practice for Veterinary Chemical Products.
Product SecurityThe term ‘product security’ appears undefined in the Toolkit, yet seems to refer to the variety of measures used to protect products from “cargo theft, intentional adulteration, Product Diversion, Substandard Products [what I refer to as Product Substitution], and Product Tampering. The materials in this section provide advice on both “upstream” and “downstream” issues in the supply chain.
Detection TechnologyThis section focuses on giving parties in the supply chain the ability to determine the Authenticity and Conformance (including Quality) of any product, with a view to identifying what USP/APEC define as ‘Substandard, Spurious, Falsely Labelled, Falsified and Counterfeit’ (SSFFC) medical products through non-destructive (e.g authentication of packaging) and destructive testing (e.g. chemical analysis) methods. One observation from me is the different language used across industries – whilst this life sciences example uses SSFFC, readers of my previous post may recall that AS6174 used “suspected, fraudulent, and counterfeit” to refer to the same concepts.
Internet salesThe global, unregulated nature of online shopping is a long-standing concern for any Intellectual Property Rights (IPR) Holder, let alone life sciences. TheToolkit highlights a variety of risks to consumers arising from internet sales, including: “(a) not receiving the drug purchased; (b) drugs containing incorrect dosage, i.e. super-potent or sub-potent; (c) or containing no active ingredient at all”. A fourth category, that of containing harmful or toxic ingredients as substitutes (e.g. arsenic), could also be added given this practice is common with many counterfeit pharmaceuticals – see this article published in 2019 from The Guardian.
Track and Trace SystemThe life sciences industry has a range of industry-specific, regulated requirements around ‘track and trace systems’ such as those mandated by the United States Drug Supply Chain Security Act (DSCSA). Usefully, this Toolkit contains a Gap Assessment documenting selected best practices as well as cost-benefit information that may be of use in any business case.
Surveillance and MonitoringThis element is split into the typical Prevent, Detect and Respond domains common in any security or fraud risk management framework and is primarily focused at the government, as opposed to manufacturer, level. The government focuses likely explains why this model does not address the utility of an ‘intelligence capability’ as a foundation to Identify and Monitor threats before they become material to business. I will cover this in more detail in future posts.
Single Points of ContactThis aspect focuses on building a public-private network for information exchange between regulators, authorities, law enforcement agencies and international bodies. In addition to emphasising reporting, this domain also addresses the need for training and cooperation programs.
Photo by Alexandros Chatzidimos on Pexels.com

Using the Toolkit to build a Capability Maturity Model for Supply Chain Integrity & Security

As outlined above, this is a comprehensive, free toolkit for a highly regulated industry that goes into a substantial amount of detail as to the programs and initiatives that should comprise any Supply Chain Integrity and Security framework for the life sciences sector. The attraction of this Toolkit is that it could be easily converted into a Capability Maturity Model and applied across any industry with similar supply chain risks, such as food & beverages, consumer electronics, or agricultural chemicals.

Whilst subtle industry and jurisdiction-specific differences will exist, any reader charged with the task of reviewing or developing a Supply Chain Integrity and Security program could easily apply the contents of this Toolkit to this task. Additionally, Internal Auditors and functional leads (e.g. Heads of Product or Heads of Security) could benefit from using the Toolkit to benchmark their current programs.

Photo by Anna Shvets on Pexels.com

Benchmarking & Capability Maturity Models

Any benchmarking activity should start with the construction of a Capability Maturity Model – effectively a deconstruction of all the major elements in any Supply Chain Integrity and Security framework (e.g. manufacturing, distribution, product security, etc), which identifies each of the sub-elements that comprise each of the major elements. Organisations which lack either a major or sub-element would ordinarily be considered less mature, receiving a lower ‘current state’ score, unless there is a justifiable business need for not performing a particular function.

I have been building and applying Capability Maturity Models since 2006 when I joined Booz Allen Hamilton, and I can personally attest to the tremendous value of Capability Maturity Models in helping functional leads understand what needs to feature on strategic roadmaps or workplans. Just as important as the design of the Capability Maturity Model is what is defined as the ‘target state’ – importantly, you don’t need to have the highest capability maturity score for every major or sub-element. In some cases, a low score may be justifiable.

The whole point of a Capability Maturity Model is to build a capability that meets your strategic and operational requirements, as opposed to having a great capability that is not required given the business’ operational footprint. Capabilities which exceed business requirements can be a waste of money and may be a target for cost reduction or outsourcing.

Further reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Magazine article – “Supply Chain Integrity: Detecting Product Diversion”

Author: Paul Curwell


In June 2021, I was privileged to have an article I wrote on Detecting Product Diversion in the quarterly edition of Michigan State University’s Brand Protection Professional (BPP) magazine. BPP is part of the outreach program for the Center for Anti-Counterfeiting and Product Protection at the University.


Curwell, P. (2021). Emerging Supply Chain Integrity Practices: What this means for detecting product diversion, Brand Protection Professional, June 2021, Centre for Anti-Counterfeiting and Product Protection, Michigan State University.

The Centre for Anti-Counterfeiting and Product Protection (A-CAPP) is a non-profit, interdisciplinary research focused centre which is recognised worldwide as a leader in anti-counterfeiting and brand protection. A-CAPP operates a range of research, outreach and education initiatives including a Professional Certificate in Anti-Counterfeiting and Brand Protection which provides foundational knowledge for professionals new to this area. Reasonably priced, I have taken a few of their short courses which are informative and delivered 100% online at your own pace.

Photo by Tiger Lily on Pexels.com

So what is product diversion anyway?

Also known as “illicit diversion”, product diversion “refers to goods that are redirected from the manufacturer’s intended area of sale or destination to a different geography or distribution channel” (Trent and Moyer, 2013). Often this terminology can be used interchangeably with the term “grey market”, despite one term referring to a fraudulent act and the other where the proceeds of that fraudulent act are sold.

The impact of diversion is that legitimate product may be sold into grey markets, in breach of a manufacturer’s sales contracts for that geographical location. This causes margin erosion for manufacturers, erodes legitimate distributors of their market share and deprives them of sales revenue, and can damage the brand through invalid warranties and returns policies for consumers. 

Further reading

Unpacking AS6174 in relation to Supply Chain Integrity

Author: Paul Curwell


Product counterfeiting is a global fraud problem that has been steadily evolving for decades, with no product or industry being immune. In 2015, Frontier Economics estimated “the value of international and domestic trade in counterfeit and pirated goods in 2013 was $710 -$ 917 Billion” (2015). The magnitude of this problem is also reflected in US and EU Customs seizures, which continue to grow (Smith, 2016). Unfortunately, Customs agencies can only seize what they know about, placing the onus on the purchaser to exercise adequate due diligence and supply chain risk management practices.

In 2007, the US Department of the Navy tasked the US Department of Commerce’ Bureau of Industry & Security to conduct an assessment of counterfeit electronics across the US defence industrial base, concluding “all elements of the supply chain have been directly impacted by counterfeit electronics” (2010). Similar findings across other branches of the US Government have triggered a range of Supply Chain Integrity and Security initiatives, one of which is Supply Chain Integrity.

The concept of Supply Chain Traceability

Supply Chain Traceability is critically important as a control to achieve Supply Chain Integrity in safety or high-reliability industries such as Aviation or Healthcare, where the introduction of sub-standard products / components / raw materials (referred to in the standard as ‘materiel’) can ultimately lead to death. Supply Chain Traceability is defined in AS6174 as “having documented history of material’s supply chain history. This refers to documentation of all supply chain intermediaries and significant handling transactions, such as from original manufacturer to distributor” (SAE International, p9), with ‘materiel’ being defined as “material, parts, assemblies and other procured items” (SAE International, p6).

Photo by Alexander Isreb on Pexels.com

This concept of Supply Chain Traceability presented in AS6174 appears akin to the concept of Supply Chain Integrity introduced by the World Economic Forum in 2012, which identified “four key questions that must be answered at the product level as part of Supply Chain Integrity (Pickard & Alvarenga, 2012):

  • Integrity of Source – did this product come from where I think it did?
  • Integrity of Content – is the product made the way I think it is?
  • Integrity of Purpose – is the product going to do what I think it will do?
  • Integrity of Channel – did this product travel the way I think it did?”

The difference between the approach adopted by AS6174 and that of the WEF report is that the standard is, unexpectedly, much more forensic in the way it approaches the concept. Where the WEF principles differ are in their application, which is broader than anti-counterfeiting, and could easily incorporate Environmental / Social / Governance (ESG) and other Sustainability Risk considerations such as Modern Slavery and Illegal Logging as part of a broader focus on Supply Chain Integrity (World Economic Forum, 2015).

Within AS6174, Supply Chain Traceability aims to address the introduction of Suspect, Fraudulent or Counterfeit materiel into the Supply Chain (SAE International, p6). Before proceeding further, it is worth exploring exactly how the introduction of Suspect, Fraudulent or Counterfeit material into the Supply Chain is possible. From my perspective, there are two starting points to this discussion:

Genuine Materials

Genuine materials are used or supplied by the manufacturer, which are subsequently adulterated or compromised, meaning that a legitimate product (referred to in AS6174 as a ‘conforming product’) is transformed into a ‘non-conforming’ (illegitimate) product at some point in the supply chain before it reaches the end user. The transformation from genuine to non-conforming materiel can occur in the supply chain via at least two methods:

  • Product Diversion – where legitimate product is diverted from the authorised supply chain (Bandler & Burke 2009, Datz 2005), impacting the ability of a consumer to rely on a vendors’ warranties around Authenticity and Conformance (SAE International, pp7-10). This can be through theft, but it can also be as a result of sales to seemingly legitimate customers (e.g. OEMs) where that product is then re-sold or passed to a third party, such as a gray marketer (Shulman, 2012)
  • Product Substitution – where a product, or part of a legitimate product, is substituted with non-conforming material (Guide to…2019). The concept of product substitution can be illustrated with a can of house paint. Imagine a paint can with the uppermost quarter consisting of real paint (i.e. conforming materiel). The remaining three-quarters of the paint can is filled with a substitute, or non-conforming materiel, which does not mix with the real paint and is heavier so it stays at the bottom of the can. When a customer receives the paint and looks inside, or perhaps performs testing on the product, they will likely only see the uppermost layer. Provided a sample is taken from this layer, the sample will test positive (i.e. conform with manufacturer’s specifications) and not be detected. Meanwhile, the fraudster who substituted the original for fraudulent product has the opportunity to sell three other cans of paint to unsuspecting consumers for the price of one, less the cost of labeling three unmarked paint cans, pocketing the difference.

Both of the above examples fit the definition of “fraudulent material” under AS6174, which is defined as “suspect material represented to the customer as meeting the customers’ requirements” (SAE International, p6).

Non-Genuine Materials

In the second method, non-genuine materials are used throughout the manufacturing process, resulting in a product that in no way conforms to the specifications or authenticity of the original product itself, other than the application of the victim manufacturers’ Trademarks or branding on the packaging. This is commonly referred to as a counterfeit, or ‘fake’. AS6174 defines counterfeit material as “fraudulent material that has been confirmed to be a copy, imitation or substitute that has been represented, identified, or noted as genuine, and / or altered by a source without legal rights with the intent to mislead, deceive or defraud” (SAE International, p6).

Managing the risks – what does AS6174 suggest?

AS6174 provides guidance across 7 main areas to manage the risks of Suspected, Fraudulent or Counterfeit materiel entering the supply chain. These areas include Product Assurance, Risk Assessments, Contractual Obligations, Purchasing Practices, Traceability Guidance and Reporting / Information Sharing arrangements. The following sections focus in more detail on Product Assurance and the Counterfeiting Risk Assessment. Other elements, such as purchasing and supplier due diligence, will be covered in future posts.

Product Assurance

The purpose of Product Assurance, which effectively involves “confirming the authenticity of materiel or its compliance with manufacturer’s specifications” (SAE International, p27), is minimising the likelihood of non-conforming materiel entering the supply chain. Where it does enter the supply chain, Product Assurance and other elements of AS6174 are designed to facilitate early detection. The standard proposes four elements of any Product Assurance process (SAE International, p27):

  1. Documentation & Packaging Inspection – effectively a review of supplier documentation to trace the history of the product and to review the packaging to confirm it meets expectations around conformance with manufacturer’s specifications. As with all fraud prevention processes, the suggestion of verifying the received documents against the source through means such as confirming the accuracy of serial and batch numbers, is raised.
  2. Visual Inspection – this involves examining the product using various scientific techniques and conditions for the presence of identification markings or traceability indicators.
  3. Non-Destructive Testing (NDT) – involves a variety of tests including radiological, acoustic, thermographic and optical techniques to check the product confirms to specifications without actually destroying or using the materiel itself.
  4. Destructive Testing (DT) – involves analytical chemistry techniques, deformation and metallurgical tests, exposure tests, and functional tests.

Obviously, the performance of some of the above requires access to specialist equipment and / or knowledge (such as details of manufacturer’s markings applied to help prove the authenticity of a product), which may be beyond the reach of some consumers. In this case, businesses in Australia may consider it worthwhile engaging a NATA Accredited laboratory to perform such testing on their behalf. One key principle of AS6174 is that the design of any framework to minimise and / or detect non-conforming parts be risk-based, informed by the likelihood and consequence of a non-conforming part being introduced into the organisation’s supply chain.

Determining Counterfeit Risk

AS6174 suggests that the steps taken to minimise counterfeits in the supply chain, including the extent to which Product Assurance is undertaken, should be driven by both the likelihood and consequence of any “non-mitigated counterfeit item” (SAE International, p13). This means, for example, that greater steps should be taken to prevent counterfeiting in relation to a helicopter engine part than say a ream of paper in the office. The risk rating from this exercise dictates the “degree of traceability required” for that part in the supply chain.

The first element of any counterfeit risk assessment should involve considering the Likelihood, or probability of counterfeiting in that product, industry or market. The guidance provided in AS6174 on how to do this is scant, and does not consider the nature of the counterfeiting threat and the attractiveness of counterfeiting a specific part or materiel to fraudsters or organised crime. In a typical security or fraud management context, the risk assessment is preceded by a Threat Assessment, which identifies potential threat actors (e.g. insiders, organised crime), and determines both their Capability to counterfeit the product or materiel and their Intent. This step, which is missing from AS6174, is in my opinion critical to the risk assessment process for any case where the risk is caused by criminality of a human.

In the absence of performing a threat assessment, it may be possible to rely on informal feedback from others, such as industry groups, competitors or customers, but the quality of their advice is reliant on the processes and tools available to those parties to identify and understand the threat. Given that fraudsters and criminals are financially incentivised to engage in counterfeiting due to the low likelihood of being caught, yet alone detected, it is important to remember that history is not a reliable predictor of the future, and that just because something hasn’t happened before does not mean it will in the future. In my experience, all to often these less mature, ad-hoc approaches to understanding threat provide a false sense of security and may mean risks such as counterfeit parts in a supply chain are not detected because people aren’t looking for them, as opposed to them not being there at all.

One other interesting part of the risk assessment relates to “long term materiel availability” (SAE International, p15) or steps to be taken when a manufacturer stops making something. As part of any Anti-Counterfeiting & Product Protection strategy, manufacturers or Intellectual Property Rights (IPR) Holders will typically perform some degree of market surveillance, to understand where their products are being sold, who the vendor is, and for how much. Market surveillance enables early identification of counterfeit and unlicensed product (e.g. parallel imports) and a facilitates a timely legal response. As products become ‘obsolete’, manufacturers often re-allocate market surveillance and IPR enforcement capabilities towards new products. However, this creates opportunities for sub-standard materiel to enter circulation. Products deemed obsolete by the IPR Holder but which retain their after-market value or are subject to consumer demand in a particular region (e.g. developed versus developing markets) can still be subject to counterfeiting, meaning in these cases market surveillance programs may need to become more targeted rather than ceased completely.


DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.