Category Archives: Product Diversion

MedTech Companies Are Losing Millions to Revenue Leakage Without Knowing It

Posted on by

Paul Curwell

6–8 minutes

3 Key Takeaways

  1. MedTech companies lose 5-7% of gross revenue to fraud, supply chain leakage, and contract failures—most executives don’t even know it’s happening
  2. Your supply chain integrity is under attack from unauthorised discounting, billing fraud, and channel partners who bend the rules
  3. Revenue protection isn’t a back-office problem—it’s a strategic risk that directly impacts your bottom line and company valuation

You’re Bleeding Money and Don’t Even Know It

Here’s a sobering thought: while you’re obsessing over R&D budgets and production efficiency, your company is probably hemorrhaging 5-7% of gross revenue through fraud and supply chain leakage. That’s not a typo—it’s reality.

I discovered this harsh truth during recent work in the MedTech sector. Frankly, I was shocked. Through discussions with colleagues and clients about these estimates, I realised many executives either don’t recognise this problem or dramatically underestimate its impact.

Consider this: if your company generates $100 million annually, you’re potentially losing $5-7 million to preventable leakage.

That’s serious money—money that should be flowing straight to your bottom line instead of disappearing into the supply chain black hole.

The Billion-Dollar Problem Nobody Talks About

Revenue leakage in healthcare equipment and medical device manufacturing isn’t some theoretical concern. Industry data shows pharmaceutical companies collectively lose over $15 billion annually from rebate abuse and chargeback errors alone. Medical device companies face identical risks with even less protection.

The gross-to-net gap—the difference between what you bill and what you actually receive—reached $236 billion across healthcare in 2021. While pharma companies were forced by regulation to build revenue controls, medical device and diagnostic equipment manufacturers are still catching up, despite facing identical complexity.

Here’s why this matters to your bottom line: unlike other business costs, revenue leakage is almost entirely preventable. Every dollar you recover from leakage flows directly to profit. No additional manufacturing costs, no new R&D investment—pure margin improvement.

Where Your Money Disappears: The Top Leakage Points

Revenue vanishes at multiple stages throughout your operation. Understanding these vulnerabilities helps you plug the holes:

Manufacturing & Procurement Losses

  • Quality failures: Rejects and recalls from substandard components can trigger millions in losses
  • Supply chain fraud: Counterfeit parts compromise your supply chain integrity while creating warranty claims
  • Contract mismanagement: Poor supplier agreements allow pricing discrepancies to compound over time

Just last week, I heard a podcast about MedTech product packaging for air transport. The extreme temperature swings in aircraft cargo holds—from scorching tarmacs to sub-zero altitudes—can destroy highly calibrated diagnostic equipment. These “invisible” logistics failures create expensive writeoffs that directly impact revenue.

Channel stuffing fraud – a distribution problem

Distribution & Channel Partner Issues

  • Unauthorised discounting: Partners who exceed agreed discount limits without approval
  • Product diversion: Legitimate products sold outside authorised territories or channels
  • Contract violations: Distributors who bend pricing rules or ignore territorial restrictions
  • Billing errors: Complex pricing structures create opportunities for mistakes that favor customers
Product Diversion in the Healthcare Supply Chain: What’s the Problem and How Big Is It?

Sales & Service Revenue Gaps

The complexity of healthcare equipment pricing creates multiple leakage points:

Revenue StreamCommon Leakage Points
Equipment SalesUnauthorised discounts, pricing errors
Service ContractsUnderpriced renewals, forgotten billing
Software LicensesUnauthorised usage, poor compliance tracking
Diagnostic ConsumablesVolume discrepancies, rebate abuse
Training ServicesUnbilled hours, contract scope creep
The Hidden Threat to Your Bottom Line: How Sales Fraud is Bleeding Your Business Dry

MedTech is More Vulnerable Than Pharmaceuticals

Through my recent work, I’ve seen how medical device and diagnostic equipment companies face unique structural challenges that make revenue leakage worse:

Business Model Complexity: While pharma sells discrete products through standardised channels, MedTechs manage intricate bundles. A single “sale” might include equipment leasing, maintenance contracts, software licenses, training services, and ongoing consumables—each with different pricing structures and discount schedules.

Fragmented Distribution: MedTechs rely on more diverse partner networks than pharma companies. Specialised dealers, regional distributors, service providers, and system integrators all have custom contract terms and varying compliance capabilities.

Legacy Revenue Controls: The MedTech and diagnostic equipment sector has been slower to implement systematic revenue controls. While pharma companies invested heavily in rebate management and contract compliance systems under regulatory pressure, many healthcare equipment manufacturers still operate with outdated processes.

This complexity creates opportunities for revenue to slip through cracks that pharma companies sealed years ago.

Building Your Revenue Defense System

Protecting revenue requires systematic action across multiple areas. Here’s what works:

1. Implement Real-Time Monitoring

  • Install automated systems that flag unusual discount patterns
  • Set up alerts for pricing exceptions that exceed thresholds
  • Monitor partner sales data for territorial violations or volume discrepancies
  • Track service contract renewals to prevent revenue gaps

2. Strengthen Contract Controls

  • Automate discount approvals with clear escalation paths
  • Build dynamic pricing systems that adjust for market changes
  • Create partner scorecards that track compliance metrics
  • Implement regular contract audits beyond just financial reviews

3. Enhance Supply Chain Integrity

  • Deploy serialisation and track-and-trace technologies
  • Validate partner credentials and monitor their performance
  • Create digital twins that link physical inventory to service claims
  • Establish rapid response protocols for integrity breaches

4. Data-Driven Partnership Management

  • Cross-reference sales transactions, service logs, and rebate submissions
  • Use analytics to identify patterns that indicate fraud or process failures
  • Reward partners for validated outcomes, not just volume metrics
  • Conduct operational audits that assess pricing integrity and territorial compliance
Product Serialisation – a tool to help counter diversion and illicit trade

The Board-Level Questions You Need to Ask

Revenue protection belongs on your executive agenda. Start asking these questions:

  1. What’s our independently verified leakage rate?
  2. Can we trace our products through their entire lifecycle?
  3. Do we have complete visibility over channel partner behavior?
  4. Who specifically owns revenue protection accountability?
  5. Are we prepared for regulatory scrutiny on supply chain integrity?

If you can’t answer these questions clearly, that’s where your risk lives.

Your Next Steps: Stop the Bleeding

Revenue leakage is fixable. Companies that address it proactively enjoy stronger margins, reduced risk exposure, and better competitive positioning.

Start with these immediate actions:

Week 1: Audit your last quarter’s discount exceptions and pricing variances. Calculate the financial impact of irregular patterns.

Month 1: Implement automated alerts for pricing exceptions that exceed your predetermined thresholds. Review partner compliance with territorial and discount agreements.

Quarter 1: Deploy analytics tools that cross-reference sales data, service logs, and rebate submissions to identify anomalies.

Year 1: Build comprehensive revenue protection systems with real-time monitoring, automated controls, and regular partner audits.

The companies moving first will capture disproportionate advantages while competitors struggle with eroded margins. In an industry where innovation drives growth but operational excellence determines profitability, revenue protection has become a competitive necessity.

Your money is disappearing right now. The question is: what are you going to do about it?

Ready to plug the revenue leaks in your organisation? Start by conducting a comprehensive revenue audit to identify your biggest vulnerability areas. The sooner you act, the sooner you’ll see those lost millions flowing back to your bottom line.

Further Reading:

DISCLAIMER: All information presented on PaulCurwell.com is intended for general information purposes only. The content of PaulCurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon PaulCurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Product Diversion in the Healthcare Supply Chain: What’s the Problem and How Big Is It?

Posted on by

Paul Curwell

6–10 minutes

Key Takeaways:

  1. Healthcare Product Diversion is a multi-billion-dollar problem for MedTech, Pharmaceutical, HealthTech and Consumer Healthcare manufacturers, especially Small-Medium Businesses (SMBs)
  2. Manufacturers are most at risk, but distributors and consumers feel the pain too.
  3. Practical solutions exist—from serialization and contract clauses to better training and audits.

Why Product Diversion is a problem for Healthcare Supply Chains?

Product diversion might sound like a minor logistics glitch, but it’s a growing form of supply chain fraud with serious consequences for manufacturers. It undermines pricing strategies, exposes patients to risk, and silently drains profit from businesses—especially in pharmaceuticals, medtech, and consumer healthcare.

Let’s ground this in reality:

  • Price Gouging in Grey Markets: A 2012 U.S. Senate investigation revealed that during drug shortages, grey market distributors were marking up prices by up to 650%, creating an exploitative shadow supply chain that directly impacted patient care and manufacturer pricing strategies.
  • IP and Brand Risk for SMBs: According to a 2013 analysis by Michigan State University’s A-CAPP Center, illicit diversion and counterfeiting in healthcare products pose major threats to brand trust, supply chain security, and IP protection—risks that are especially acute for small and mid-sized companies lacking robust controls and visibility.
  • Healthcare Product Diversion via Unauthorised Resellers: Unauthorised resellers obtain genuine products through bulk or discounted sales and redirect them into unapproved markets. This undermines pricing and contracts, risks product quality due to improper handling, and threatens supply chain integrity. Such diversion impacts compliance, profitability, and consumer safety.

While precise global loss figures are difficult to pin down due to the covert nature of diversion, the financial and reputational impact is consistently described by regulators, manufacturers, and law enforcement as both significant and growing.

Product diversion is a risk to consumers and HCPs, HCOs.
Photo by Anna Tarazevich on Pexels.com

How does Product Diversion happen in healthcare supply chains?

Healthcare Product Diversion schemes don’t follow a single playbook. Instead, they are creative, persistent, and often involve trusted insiders or third parties exploiting weak points in the supply chain.

MethodHow It HappensExample
Bulk purchasingAuthorised buyers order large volumes, then resell to unauthorized partiesSalon-exclusive beauty products showing up in discount e-commerce sites
Overproduction / shadow batchesContract manufacturers produce more than authorised, sell off the surplusUnapproved medical device units reappearing in Southeast Asian markets
Theft and leakageProducts stolen from warehouses or in transitFentanyl stolen from hospital stocks and sold on the black market
Geographic arbitrageProducts meant for one country sold in another to exploit pricing differencesEU-only medical device diverted to U.S. via grey market reseller
Expired or defective goodsMeant for destruction, but reintroduced into the supply chainExpired drugs found in unregulated online pharmacies
Collusion and kickbacksSales reps or healthcare providers over-order and resell excess inventoryInstitutional drugs diverted to retail pharmacies for profit

Understanding these methods is essential if you want to design effective prevention strategies. They often exploit gaps in oversight, compliance, and contractual clarity.

Towards a taxonomy for product diversion

Real-World Case Studies – Pharmaceuticals, Medtech, and Consumer Healthcare

Product diversion isn’t a hypothetical risk for the global healthcare sector —it’s already happening:

  • Pharmaceuticals: A 2013 U.S. Senate report detailed how opioids intended for healthcare providers were routinely diverted and sold illicitly, playing a direct role in the national opioid crisis1.
  • Medical Devices: EU regulators have flagged instances where temperature-sensitive devices were diverted to regions without the infrastructure to store them safely, leading to degraded product quality and recall risks.
  • Consumer Healthcare: Brands like Redken and Olaplex have openly addressed diversion issues. Products intended for exclusive sale in salons have appeared on Amazon and eBay, undermining pricing integrity, partner relationships, and consumer trust.

These examples highlight the diverse nature of diversion threats and show that no segment of the healthcare supply chain is immune.

All manufacturers – big and small – are vulnerable to Product Diversion

Manufacturers sit at the top of the risk pyramid.

  • They suffer the most from product diversion, followed by authorised distributors and, finally, healthcare providers and consumers who must deal with the consequences.

Manufacturers lose direct revenue from diverted sales.

  • They also face brand damage when mishandled products tarnish reputation, and serious regulatory risk when expired or non-compliant items are resold.
  • Consumers don’t blame the grey market vendor—they blame the brand.

Small-to-medium-sized manufacturers are even more exposed.

  • Often, they don’t have dedicated legal or compliance teams, formal diversion programs, or tools like serialisation in place.
  • Their supply chains are lean and reliant on third-party relationships—relationships built on trust rather than tight oversight.

Unfortunately, this creates the perfect opportunity for diverters to exploit weak links.

The USP/APEC ‘Supply Chain Security Toolkit for Medical Products’

So what? The Business Impact

For manufacturers, the business implications of diversion go well beyond lost sales:

  • At a strategic level, diversion undermines pricing control, exclusivity agreements, and go-to-market models.
  • From a financial perspective, every diverted unit is a unit sold outside authorized channels—often at a discount or under different conditions. That distorts revenue forecasts, inflates warranty claims, and creates return headaches.
  • Operationally, diverted goods often re-enter your returns and recalls process, costing time and money.
  • From a compliance angle, unauthorized sales might breach your distribution contracts, prompt regulatory investigations, or expose your business to liability if patients are harmed.

If you’re trying to secure IP rights in a new market or negotiating an investment, diversion-related quality or compliance issues can tank your credibility quickly.

Control gaps enable Product Diversion

Understanding what makes your business vulnerable is the first step to fixing it.

VulnerabilityDescription
Complex global supply chainsMultiple players and jurisdictions reduce visibility
Weak contractual oversightContracts without anti-diversion clauses or penalties
Limited serialization and tracking techNo way to trace individual units across the supply chain
Insider threats and poor awarenessEmployees or partners exploiting gaps in oversight
Market price differentialsHigh variation in pricing between regions fuels geographic diversion

When multiple vulnerabilities stack up, diverters can exploit your entire supply chain, from production to post-sale support. Fortunately, each of these can be addressed with proportionate controls.

Mitigation Strategies for Product Diversion in Healthcare Manufacturing

Now for the good news. You don’t need to spend millions to protect your supply chain from diversion. Here are six effective, scalable steps:

1. Use Serialization and Digital Tracking

Track-and-trace technology, including QR codes and unique identifiers, allows unit-level visibility. It can deter resale and help identify leak points quickly. Newer tools are cost-effective and accessible to SMBs.

2. Update Contracts

Review your contracts with manufacturers, distributors, and resellers. Include anti-diversion clauses, audit rights, and explicit consequences for unauthorised sales. Legal clarity closes loopholes.

3. Audit and Monitor the Supply Chain

Use a risk-based auditing framework. Start with high-risk partners or geographies. Look for unusual purchasing volumes, inconsistent delivery data, or unauthorised resale complaints.

4. Train Your Staff

Awareness is critical. Your internal teams—from sales to shipping—need to know how diversion happens, why it matters, and what signs to watch for. A single employee spotting something suspicious can save you a lot of pain.

5. Use Incentives and Whistleblower Programs

Encourage internal reporting by rewarding ethical behaviour. Employees and partners are more likely to speak up when they feel safe and supported.

6. Leverage External Expertise

If you don’t have in-house expertise, work with professionals who understand the complexities of IP protection, supply chain risk, and regulatory compliance. Tailored assessments can identify hidden weak points.

Integrating Security into Quality Management Systems

Call to Action: Stop Assuming Product Diversion Is Someone Else’s Problem

If you’re a manufacturer in pharmaceuticals, medtech, or consumer healthcare, it’s time to act.

You don’t need perfection—you just need proportionate protection. Start with serialisation. Tighten your contracts. Educate your teams. The earlier you build diversion awareness into your commercialisation strategy, the better positioned you’ll be to protect your research, technology, and trade secrets.

Let’s connect if you need help building a scalable product diversion program. It doesn’t have to be big to be effective. And the sooner you act, the fewer losses you’ll have to explain.

Further Reading:

DISCLAIMER: All information presented on PaulCurwell.com is intended for general information purposes only. The content of PaulCurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon PaulCurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Crafting Security Business Cases for Executive Buy-in

Posted on by

Paul Curwell

6–9 minutes

Key Takeaways:

  1. Here’s the bottom line: Executives don’t fund security initiatives; they fund outcomes. A strong business case is essential to get their support.
  2. Focus on Impact, Not Activity: Executives care about how your proposal boosts business outcomes, not your list of security tasks.
  3. Show Value Beyond Compliance: Prove that security investments enable growth, reduce risk, and give your company a competitive edge.
  4. Quantify Risks and Benefits: Use statistics and real-world examples to demonstrate how security measures can save money or prevent significant losses.

What’s the Real Deal with Business Cases for Security?

Let’s be real: writing a business case for security, fraud, or IP protection can feel like trying to convince your dog to do your taxes—it’s tough and often gets ignored. Unlike departments that directly generate revenue, these functions are often viewed as “cost centers.” But the truth is, they’re vital for preventing catastrophic losses. Think about it: how much would a major data breach, insider threat, or IP theft cost your company? Exactly. That’s where your business case comes in.

If you want executives to take your proposal seriously (and fund it), you need more than just a list of security threats or the need for more budget. You need to speak their language. Executives want to know how your proposal will reduce risk, drive growth, and improve profitability. If your business case doesn’t hit those marks, expect a polite nod and zero budget. So how do you get the green light? You need to answer these seven crucial questions in your security business case.

an exhausted woman reading documents
Photo by Mikhail Nilov on Pexels.com

7 Key questions executives care about – linking security to strategic outcomes

The challenge is proving that security isn’t just about checking boxes or avoiding fines—it’s about tangible business outcomes: protecting revenue, improving customer trust, and enabling expansion into new markets. If you can’t connect security investments to these results, your proposal won’t make it past the trash can. So, let’s dive into the key questions executives are really asking when reviewing your case.

Question 1: What’s the Impact?

Executives want to know how your security investment will improve business resilience, customer trust, or revenue. Security isn’t just about defending against threats; it’s about keeping the lights on, ensuring smooth operations, and even opening new markets. Can your proposal do that? If not, it’s not going to get approved.

Useful strategy metrics for security business cases include:

  • Brand Equity (measured through surveys)
  • Customer Lifetime Value (CLV)
  • Net Promoter Score (NPS)
  • Revenue impact from security investments
  • Customer Trust Index (measured through surveys)
  • Employee Engagement Score

Question 2: Will This Stop Downtime (and Make Us Look Good)?

Downtime is the nightmare that keeps executives up at night. Every minute of downtime can cost your company thousands of dollars. Worse, it leads to frustrated customers and a PR disaster. You need to show how your security initiative prevents downtime, ensures business continuity, and (let’s be honest) makes the execs look like rockstars.

Useful strategy metrics for security business cases include:

  • Cost of Downtime
  • Recovery Time Objective (RTO)
  • Recovery Point Objective (RPO)
  • System Uptime Percentage
  • Mean Time Between Failures (MTBF)
  • Mean Time to Resolve (MTTR)
  • Customer Satisfaction Scores

Question 3: Can This Help Us Expand Into New Markets?

Want to expand into new geographies or high-compliance industries? Security plays a key role here. New markets require solid compliance and security frameworks. Prove that your security investment is the gateway to growth, not just a cost center.

Useful strategy metrics for security business cases include:

  • Market Penetration Rate
  • Revenue from New Markets
  • Market Share in New Segments
  • Compliance Rate with Market-Specific Regulations
  • Profit Margin in New Markets

Question 4: Does This Make Us Better Than Competitors?

In today’s world, security is a competitive differentiator. Customers stick with companies they trust to protect their data. Your company’s security posture could be the reason a customer chooses you over the competition. Show how your security proposal will improve customer retention and acquisition rates.

Useful strategy metrics for security business cases include:

  • Customer Retention Rate (churn)
  • Customer Acquisition Cost (CAC)
  • Security Breach Incident Rate (compared to industry average)
  • Brand Trust Index (measured through surveys)
  • Competitive Benchmarking Scores

Question 5: Are We Saving Money or Just Spending It?

Let’s face it—compliance fines can be crippling. A solid fraud detection, Trade Secrets or IP protection system can save your company millions. Demonstrate how your security investment prevents financial losses, whether from regulatory fines, operational downtime, or reputational damage.

Useful strategy metrics for security business cases include:

  • Return on Security Investment (ROSI)
  • Total Cost of Ownership (TCO) for Security Solutions
  • Operational Cost Savings
  • Compliance Fine Avoidance (measured in cost savings)
  • Automation Efficiency Gains

Question 6: How Much Risk Does This Actually Remove?

No one can eliminate risk entirely, but you can reduce it. How much are you saving by investing in security today to avoid a breach tomorrow? Help your execs understand the cost-benefit—are you spending $100K today to avoid a $5M loss in the future? Make the numbers clear.

Useful strategy metrics for security business cases include:

  • Risk Mitigation Rate
  • Expected Loss Reduction
  • Risk Score Improvement
  • Vulnerability Management Efficiency
  • Reduction in Security Incidents

Question 7: What’s the Brand Damage if We Don’t?

Nobody wants to be the next big breach in the headlines. Think Target, Equifax, or Sony. Show how your proposal protects the company’s reputation and brand equity, which can take years to build and mere seconds to destroy.

Useful strategy metrics for security business cases include:

  • Brand Valuation
  • Media Sentiment Analysis Score
  • Social Media Engagement Rates
  • Employee Net Promoter Score (eNPS)
  • Employee Turnover Rate
positive senior man in eyeglasses showing thumbs up and looking at camera
Photo by Andrea Piacquadio on Pexels.com

Writing Business Cases for Non-Revenue Generating Functions: The Struggle Is Real

It’s not easy to sell risk and compliance functions because they don’t directly generate revenue. But that doesn’t mean they don’t provide value. Here’s how to make your case:

  • Focus on Cost Avoidance and Risk Mitigation: A solid security program prevents disasters before they happen. Consider the massive fine HSBC faced for anti-money laundering violations: $1.9 billion. Your security measures are the front lines against such catastrophic fines and reputational damage. Use metrics like Annualised Loss Expectancy (ALE) to show how much risk you’re removing.
  • Emphasise Indirect Revenue Enablement: Compliance and security aren’t just about avoiding risks—they also enable growth. A strong security posture can open doors to new markets, especially if you’re meeting the right regulatory standards. By investing in security, you can unlock new opportunities for revenue without worrying about fines or legal issues.
  • Link Security to Strategic Goals: Non-revenue functions like risk management enable other revenue-generating activities. Think about how security protects supply chains, ensures smooth operations, and allows for market expansion. Security supports business continuity, which directly impacts the company’s ability to generate revenue.
  • Qualitative Benefits Matter Too: Not all benefits can be measured in dollars, but that doesn’t mean they’re less important. Enhanced trust, better customer relationships, and a positive corporate culture all contribute to the company’s long-term success.
Developing an compliance obligation register for your business

The Bottom Line: Get Your Security Business Case Right

Security business cases should focus on outcomes, not just activities. Link your proposals to business strategy and demonstrate how security helps reduce risk, save money, and enable growth. Link your business case to your strategy by addressing the seven questions executives care about and you’ll put yourself in a strong position to secure the budget you need.

What’s Your Next Step?

Take a fresh look at your security business case. Does it speak to business outcomes? Does it quantify risk reduction and highlight opportunities for growth? If not, it’s time to rewrite it. Trust me, your executives will thank you.

Further Reading

DISCLAIMER: All information presented on PaulCurwell.com is intended for general information purposes only. The content of PaulCurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon PaulCurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Product Serialisation – a tool to help counter diversion and illicit trade

Posted on by

Paul Curwell

4–6 minutes

When was the last time you bought diverted product?

Illicit Trade and diversion is a problem which keeps growing. Have you ever purchased a counterfeit product? Would you know if you did?

If you’re a regular online shopper the chancers are good that you’ve come across illicit product, possibly without knowing it.

men s gray crew neck shirt

I was recently at my local barbers getting a haircut when I noticed the container of a popular brand of talcum powder.

Only the logo and product name was in english – everything else was in Indonesian.

My barber mentioned he hadn’t noticed, but bought it because it was being sold cheaply online. This is an example of product diversion.

To highlight the risks of diverted or counterfeit product, there are many articles online about the link between talcum powder and cancer. By purchasing talcum powder on the illicit market you may unknowingly be exposed to asbestos, which causes lung cancer.

Most people know what counterfeits are, but diversion is less well known. Diverted product is authentic product sourced at a discount (or stolen) in one market, and then resold in another market. The diverter pockets the price differential between bought and sold, and the manufacturer (and their authorised distributors) lose out.

Diversion of critical technology – a byproduct of global competition?

Mechanisms that provide track and trace functionality, such as serialisation, are essential for the detection and investigation of illicit trade.

Serialisation can help improve supply chain integrity and counterdiversion

When we talk about serialisation in a supply chain context, it refers to the process where a unique identifier – usually a serial number or barcode – to individual items or products in the supply chain.

In combination with data management, analytics, and a well-developed program, serialisation is a way to realise the tracking and tracing of products as they move through the supply chain and circulate in the market.

Supply Chain Integrity can be defined as providing an “indication of the conformance of the supply chain to good practices and specifications associated with its operations”

European Union Agency for Network and information security (2015)

Serialisation offers benefits to Supply Chain Integrity:

  • Traceability – Serialisation is the traceability mechanism by which manufacturers can track the movement of their product through the supply chain
  • Provenance – Serialisation itself will not establish provenance (unless serialisation is uses blockchain), but data related to provenance could be linked with the serial number to indirectly establish provenance
  • Authenticity – Serial numbers should be unique and be matched to specific product versions or models, making it possible to identify counterfeit and diverted product through test purchases, ‘mystery shopping’, or seizures by police or customs
Supply chain integrity and security: what are the risks? (Part I)

Given the safety risks associated with illicit product, its no wonder the pharmaceutical industry is a leading adopter of serialisation:

  • The US Drug Supply Chain Security Act (DSCSA) requires serialisation, track and trace capabilities in the pharmaceutical supply chain, from manufacturers to retail pharmacies.
  • The 2019 European Union Falsified Medicines Directive (FMD) applies only to presciption medicines produced, imported or distributed in the EU.
  • The Chinese National Medical Products Administration (NMPA) has been managing serialisation since it was first introduced in 2013.
  • India commenced the serialisation journey in 2019, through its Drugs Technical Advisory Board (DTAB).

Australia is late to the party on serialisation in the pharmaceutical industry, with the Therapeutic Goods (Medicines—Standard for Serialisation and Data Matrix Codes) (TGO 106) being mandatory from 1 January 2023.

How does serialisation work?

Serialisation is the unique identification of each unit of a product, allowing a unit to be identified distinctly within its batch. Serialisation can be applied at multiple levels in any shipment:

  • Pallet
  • Consignment
  • Packaging (item and carton levels)
  • Labelling
  • Item

To maximise efficiency, Serialisation markings must be machine-readable and are typically applied via three techniques:

  • Barcodes
  • QR codes
  • Data Matrices

According to the Therapeutic Goods Administration (TGA), a Data Matrix contains various beneficial features not associated with the other methods, including:

  • A large data carrying capacity
  • Built-in error correction providing reliability and readability in situations where the label is damaged or if the pack is irregularly shaped
  • The ability to be easily printed at high production speeds, such as those found in medicine manufacturing environments.
deliveryman scanning the barcode
Photo by RDNE Stock project on Pexels.com

How can small-medium businesses access the benefits of serialisation?

It used to be that product serialisation was an expensive endeavour, but a number of recent articles online suggest serialisation is becoming much cheaper. The costs of serialisation can be quite substantial if not managed properly, but product serialisation can also add value to your supply chain and inventory management practices beyond mitigating illicit trade.

As the technology becomes more common and compliance programs mature, SMBs will be able to leverage their existing systems with serial number generation and management tools and labelling or printing tools to access the benefits of product serialisation.

Further reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Diversion of critical technology – a byproduct of global competition?

Posted on by

Paul Curwell

4–7 minutes

Global competition for science and technology is heating up

Unless you have been sleeping under a rock these past five years or so, you will be aware that the world is again in an era of great power competition. One key area in which this geostrategic competition is playing out is in science and technology. In addition to the omnipresent competition between businesses, nations are now trying to gain the upper hand for economic and national security reasons in a way we haven’t seen since the end of the Cold War.

Developing a high level of scientific and technological capability maturity takes decades and requires substantial infrastructure, starting with basic education systems all the way to post-doctoral research. The research needs to be supported by a legal, regulatory and financial environment conducive to commercialisation, such as Intellectual Property law, sources of capital investment, and the right government policy settings. Lastly, countries need to have companies capable of converting consumer-ready ideas into products, and the ability to take these products to market.

Where countries or companies cannot or do not wish to take a product to market, they use Technology Transfer mechanisms to assign ownership or control. If you can’t or won’t build these capabilities organically, the alternative offers a fast-track option: Steal it. If you want to take the illicit path, you have three main options: Theft, patent infringement and counterfeiting, or diversion.

medival professionals holding test samples
Photo by Tima Miroshnichenko on Pexels.com

What is Diversion in the context of Technology Transfer?

To understand the diversion of critical technology we need to establish some definitions, starting with Technology Transfer. I spent quite a bit of time learning about Technology Transfer at university, but it seems the inherent complexity hasn’t changed in many years. According to a 2011 World Health Organisation (WHO) report, the term “technology transfer has been notoriously difficult to define precisely”.

WHO have chosen to go with a World Intellectual Property Organization (WIPO) definition which defines technology transfer as “a series of processes for sharing ideas, knowledge, technology and skills with another individual or institution (e.g. a company, a university or a governmental body) and of acquisition by the other of such ideas, knowledge, technologies and skills”.

Diversion” refers to the unauthorised or unintended redirection of technology, confidential information, or components / materiel from its intended (authorised) receipient or use to a different party or for use in a different purpose.

Diversion is different to Theft (although they often arise simultaneously): Theft is effectively taking something that isn’t yours without permission (and often without paying for it). For example, going on a laboratory visit, picking up a laboratory notebook and discreetly putting it in your bag for later is theft, not diversion. Although I cannot find evidence of it being discussed in this way in the literature, I consider Diversion a type of Fraud as it typically involves obtaining a benefit (the confidential information or technology) by deception.

faceless operator examining drone in modern studio
Photo by Pok Rie on Pexels.com

Why should we care about the Diversion of critical technology?

The impact of diverted technology depends on the what the technology actually is and the identity of the perpetrator. Diversion is commonly perpetrated by nation states, competitors, private intelligence collectors, non-state actors (e.g. terrorist groups), and trusted insiders (e.g., employees, supplier’s workforce). Diverted technology can have a number of national security and market competitiveness impacts, which over time erode competitive advantage and can expose companies and countries to undue risk, including:

  1. Military Superiority: Critical technologies often underpin a national defence capabilities. If adversaries or third parties access these technologies, your competitive edge can be eroded.
  2. Economic Competitiveness: Advanced technologies drive economic growth and national competitiveness. At the start of this 4th Industrial Revolution, science and technology goes hand in hand with economic prosperity.
  3. Critical Infrastructure Vulnerabilities: Critical technologies are often used to support critical national infrastructure like energy, transportation, and communication. Diverted technology could be used to identify novel vulnerabilities in systems (including zero-day cybersecurity vulnerabilities), which could be exploited by adversaries leading to widespread disruptions.
  4. Proliferation of Weapons of Mass Disruption and Dual-Use Technologies: Defence and dual-use technologies (those with both military and civil applications) can be diverted to sanctioned groups or nation states, destabilising global security.
  5. Diminished Strategic Autonomy: In this new ere of geostrategic competition, being reliant on another country is a strategic vulnerability (we saw this from the effects of the COVID-19 pandemic). Diversion can lead to increased dependence, potentially compromising a nation’s independence.
  6. Foreign Interference and Espionage: Diverted technology can provide adversaries with insights into a nation’s capabilities, strategies, and operations, potentially undermining its diplomatic and security efforts.

There are many ways in which technology can be diverted, such as False End Users, front companies, use of brokers or intermediaries to obtain information, joint ventures or mergers and acquisitions, IP Licensing agreements, insider threats, foreign student arrangements, and many more. In some cases, once the diverted technology is obtained by the adversary, it will be copied or reverse engineered before going into production (manufacturing). The benefit here means that companies can build a competing product (or military capability) at a cheaper price. without the overheads of having to recover the costs of research and development.

Further Reading

  • Gaida, J., Wong Leung, J., Robin, S., Cave, D., Pilgrim, D. (2023). ASPI’s Critical Technology Tracker – Sensors & Biotech updates, Australian Strategic Policy Institute, https://www.aspi.org.au/
  • Hannas, W., Chang, HM (2021). Unwanted Foreign Transfers of U.S. Technology: Proposed Prevention Strategies, Centre for Security and Emerging Technology, https://cset.georgetown.edu/
  • McBride, J. and Chatzky, A. (2019). Is ‘Made in China 2025’ a Threat to Global Trade?, Council on Foreign Relations, https://www.cfr.org/
  • Toman, D., Famfollet, J. (2022). Protecting Universities and Research from Foreign Interference and Illicit Technology Transfer, European Values Centre for Security Policy, https://europeanvalues.cz/
  • WHO (2011). Pharmaceutical Production and Related Technology Transfer, www.who.int

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Towards a taxonomy for product diversion

Posted on by

Paul Curwell

What is product diversion?

Those who follow my blog will know that diversion is something I wrote about reasonably often. The reason for this is simple – diversion has a multiplier effect on the business supply chain. It doesn’t just result in a financial loss like theft does, but it also impacts the profitability and engagement of your distributors, the integrity of your channels (in terms of being able to control who sells your product, the quality and integrity of that product, and at what price), and consumer satisfaction in terms of brand perception, warranty coverage and customer service.

black fujifilm dslr camera
Photo by Math on Pexels.com

How does product diversion occur?

I started researching diversion more generally before Oliver May and I wrote our book ‘Terrorist Diversion’ for the non-profit sector. Unfortunately diversion happens everywhere in business, but the way it happens differs by industry and product. One challenge with diversion is that it can be hard to grasp how it actually happens – diversion is part theft, part fraud, and part breach of contract. To illustrate, when I discuss product diversion with clients, there are six main risks I start with, as follows:

  1. Expired, defective or out-of-specification (non-conforming) product is diverted from destruction or reverse supply chains and sold as conforming (on-specification) product
  2. Product authorised for sale in one market (e.g. Country X) is actually sold in another, unauthorised market (e.g. Country Y) in breach of contractual obligations between distributors / end users and the manufacturer
  3. Product is stolen from the distribution or supply chain and diverted (sold)
  4. Product is acquired, repackaged and on-sold by a third party or unrelated party
  5. Product sold by a manufacturer for non-domestic use is subsequently sold or re-imported for sale / use domestically in that country
  6. On-specification (conforming) product is produced by an authorised manufacture (i.e. a third party) without permission from the Intellectual Property Rights Holder, through practices such as overproduction (see my previous article on Shadow Manufacturing), with that excess conforming product being sold without approval

In my previous article on Typologies, I mentioned the importance of getting to what I typically call “level 3 risks” – effectively drilling down to three levels of detail that describes how and where each diversion risk may arise in relation to factors such as your business’s organisational structure, channels, products.

Whilst I won’t be publishing them here due to length, I’ve identified over 25 different ‘Level 3 diversion risks’ at the time of writing. Each of these risks materialises in a different place in the supply chain and has different actors, demonstrating the breadth and complexity of this issue. If your business is experiencing product diversion issues, only focusing on a discreet element of diversion may not solve your broader problem.

If you are concerned about product diversion in your supply chain, you may want to start with my risk taxonomy and customise it to your business. Remember not every risk will apply in your situation, but it is important to understand how and where diversion can occur in your business.

Who perpetrates product diversion?

Product Diversion is predominately a ‘trusted insider risk‘ perpetrated by someone within your organisation or supply chain who has privileged access to your products, processes and information. There are two exceptions to this, one being the involvement of buyers (end users) who purchase conforming product in bulk for unauthorised resale, and the second being criminals who perpetrate cargo or warehouse theft to resell stolen product on the commercial market. Perpetrators of product diversion typically include:

  • Employees
  • Contractors
  • Business Partners
  • Suppliers and Service Providers (e.g. reverse logistics, repackaging companies)
  • Organised Crime (warehouse and cargo theft)
  • Unauthorised End Users (see my previous article on the importance of End User Verification)
  • Contract Manufacturers

In some cases, collusion between one or more groups will occur, as well as criminal infiltration between external organised crime and trusted insiders. Trying to perpetrate larger scale or ongoing product diversion as an individual may be challenging and lead to early discovery. In this case, networks such as organised fraud sydndicates tend to emerge.

Where does product diversion arise in your supply chain?

As with any crime, we always talk about means, motive and opportunity as three legs of the crime triangle. Without all three elements, crime is unlikely to occur. From my work, I have identified for main ‘motives’ which should be considered alongside the product diversion risk taxonomy I presented above:

  • Steal for self: where a trusted insider diverts the product for their personal use (this is typically small-scale or opportunistic, and commonly falls under the definition of ‘theft’ or ‘occupational fraud’ as opposed to product diverison, which is generally larger in scale and more organised)
  • Steal for sale: where a trusted insider with legitimate access to the product (including employees of third parties such as suppliers) diverts the product in a higher quantities for commercial sale
  • Buy for resale: where a fake end user purchases product, potentially at a discount, for resale in one or more Territories (countries / regions)
  • Buy then dispose: where a legitimate end user purchases product then resells / disposes of product to liquidation firm (such as a retailer who purchases stock but is unable to sell that stock within an acceptable period)

If you are are responsible for managing these risks in your organisation, remember that some positions in your organisation will provide greater access and / or opportunity to perpetrate diversion than others. For the purposes of your security or insider threat management program, you need to consider these High Risk Roles.

High Risk Roles are those positions in your organisation (or in your supplier or business partners’ organisation) that confer privileged or unsupervised access to your critical assets – in the case of diversion, this could be a warehouse manager or team managing reverse logistics and destruction of expired or non-confirming product. My article on High Risk Roles provides more information here.

Key areas where product diversion can occur include:

  • Warehouses
  • Distributors
  • Wholesalers
  • Retailers
  • Factories
  • Contract Manufacturing Organisations
  • Third Party Logistics companies
  • Liquidation companies
  • Repackaging companies
  • Product returns companies
  • End Users (e.g. for resale)
  • Other resellers

As you can see, product diversion can happen anywhere in the supply chain. However, some of the product diversion risks presented in my taxonomy will only manifest in specific parts of the supply chain and / or involve specific actors. This needs to be considered in any risk assessment and treatment plans.

Conclusion

As you can see, product diversion is a complex type of fraud which requires considered thought and planning in order to mitigate. Understanding how and where risk events may materialise is important, as is understanding the perpetrator and their motives. Access to data, and use of data analytics and intelligence is critical to mitigating your organisation’s risk to within your risk appetite.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Theft of fuel from HMS Bulwark – a diversion case study

Posted on by

Paul Curwell

What happened?

This story broke in the media on 7 April 2022, with multiple articles claiming the theft of fuel from a high security Royal Navy base in the United Kingdom. According to Sky News, “the diesel was siphoned from a tanker in a heist that reportedly “ran for weeks” with most of it having been “flogged on the black market”. Some articles claim the fuel was being used to run diesel generators on HMS Bulkwark whilst it is alongside and undergoing refit.

HMS Bulkwark, Albion-class assault ship, Royal Navy, United Kindgom

Further details on the case are limited, other than the fact that the case is under invetistigation by the UK Ministry of Defence and that the alarm was drawn when a guard at the base became suspicious. Unfortunately the theft of fuel is a common occurance – as a perisable commodity which retains its value in the market, fuel is in high demand and can be readily converted to cash when diverted even in small quantities, or alternately consumed for personal use.

Does this article resonate with you? Please vote below or subscribe to get updates on my future articles

A case of diversion or shrinkage? Motive is key

The fact that fuel was stolen means this is an offence of theft, or potentially fraud depending on whether deception was used to perpetrate the crime. Given events took place on a secure military base where it is reasonable to assume you cannot simply walk in or out, it is reasonable to assume an element of deception (i.e. fraud).

Either way, whilst details are limited in the public domain it is possible to develop further insights into the crime for the purposes of building this case study. For example, we know this scam went on for weeks. According to Wikipedia, the capacity of a fuel tanker truck ranges from 20,800 to 43,900 litres. Google reveals that the average capacity of an SUV on the road is up to 70 litres.

To provide an order of magnitude, 2% of 43,900 litres is 878 litres, which equates to around 12.5 full SUV tanks. If this scam was perpetrated once a day for 7 days, we are talking about over 6,000 litres of diesel being stolen each week. With current Australian diesel costs averaging $1.95 per litre as at 14 April 2022, this equates to illicit earnings of just under AUD$12,000 per week (AUD$624,00 per annum). To be clear, there is no indication of quantum or order of magnitude in the media, so this is hypothetical and indicative only.

AA van with Jeep SUV broken down in Kensington Gardens by David Hawgood is licensed under CC-BY-SA 2.0

So does this activity equate to shrinkage or diversion?

  • Shrinkage is an accounting term used to describe when a store has fewer items in stock than in its recorded book inventory (Shopify). Shrinkage can be the result of process or quality issues, as well as theft and fraud.
  • Product Diversion refers to goods that are redirected from the manufacturer’s intended area of sale or destination to a different geography or distribution channel (Curwell)

In practice, I tend to view shrinkage as being less organised and not ‘commercial’ in scale, whereas diversion is typically more organised and more commercial in nature. Given this has been going on for weeks as well as the volume and illicit revenue estimates outlined above, I would suggest this is clearly a case of product diversion. Further, in my taxonomy of product diversion risks, this is defined as “Product stolen from distribution or supply chain“.

How can these types of product diversion events be detected generally?

Product diversion shares similarities with other frauds. According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud 2022: Report to the Nations study:

  • 42% of business frauds globally are detected via tip offs,
  • 16% through internal audit, and,
  • 12% through management review.

Interestingly, 5% of cases were detected by accident – exactly how the Royal Navy guard discovered this diversion incident.

When you know what you are looking for, the application of fraud analytics techniques means product diversion can be detected provided you have the right data and you assemble and analyse this data in a manner that will allow you to identify potential indicators of diversionary activity.

Photo by Lou00efc Manegarium on Pexels.com

From my understanding of the situation, there are at least four primary records that, when ‘joined‘ together, could be used to identify similar product diversion cases pertaining to oil and fuel:

  • Order records – invoices and purchase orders should state the quantity of fuel ordered and the delivery dates. Given this is a military base, there are likely to be some sort of movement records to register in advance the potential delivery.
  • Tanker truck records – records of how many tanker trucks entered the base and their capacity (this might be captured at the front security gate for emergency management reasons in case of fire).
  • Fuel transfer records – these should record how much fuel was actually delivered from the tanker to HMS Bulwark, and would likely be maintained by the driver or the fuel tanker company’s order delivery system (most likely a smart phone app). Requirements to supply these to the customer could be mandated in the contract of sale.
  • Fuel receipt records – these would be maintained by the crew of HMS Bulwark, recording all details of the delivery including fuel quality records through onsite Quality Assurance testing performed by the ship’s engineers as well as the quantity of fuel recieved.

These four datasets could be collected by customers and monitored on a proactive, ongoing basis to identify discrepancies indicative of potential product diversion using data visualisation tools such as Tableau or even Microsoft Excel. Alternately product diversion schemes such as this may also be identified during distributor audits or compliance investigations.

What other preventative and detective controls might be relevant in this scenario?

In addition to the data points outlined above, a range of other preventative and detective controls could be used to identify potential diversion. These measures may be more expensive than the ‘books and records’ approach outlined above, hence their application should be risk-based. Relevant examples include:

  • Accurate calibration of measures to calculate the volume of fuel delivered – just like petrol stations, fuel delivery measures need regular re-calibration, and in some instances may be tampered with to under- or over- deliver. There may be two such devices in this example – (1) the tanker truck and (2) HMS Bulwark.
  • Quality checks should be performed by the customer to ensure the diesel is appropriate quality and that product substitution has not occured (e.g. fuel diluted with another substance, fuel sitting on top of a heavier substance to give the appearance of conformance).
  • GPS monitoring on the tanker truck allows both the vendor and customer to monitor for unscheduled stops, which could be indicative of an accident or unscheduled delay, cargo theft (e.g. hijacking), or collusion with organised crime elements. These systems typically generate an alarm or alert in an operations centre.
  • IOT sensors may also be attached to fuel lines or guages, to confirm quality and volume of product in real-time as it is decanted from the tanker to the fuel storage tank.
  • High-value or sensitive facilities should be subject to a range of physical security measures.
  • Third parties loitering in a secure area, either pre- or post-fuel delivery, are also indicative of suspicious activity that would warrant further investigation (as allegedly occured in this case)

As you can see, the Internet of Things (IOT) and the proliferation of sensors in daily life provide excellent opportunities for detecting product diversion in near real-time.

Lessons learned – what to do about it?

Performing a thorough anti-diversion risk assessment, and then implementing appropriate detective measures to identify potential diversion incidents early, before any substantial loss is the foundation of a proactive approach to managing diverison risk. The data required for detecting this type of diversion is likely to be readily collected in most organisations, and simple tools such as a spreadsheet can help identify anomalies. Detecting diversion in your data can be easy and cost-effective when you know what to look for.

Further Reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.

Building a media monitoring capability 101

Posted on by

Author: Paul Curwell

Media Monitoring as part of a wider externally-focused risk intelligence capability

Businesses cannot operate effectively without an external listening capability that helps identify current and emerging issues in the operating environment. Competitors, regulatory change, technological innovation, and important developments involving suppliers and key customers have historically been ‘followed’ by businesses everywhere. However, with the rising importance of reputation risk and regulatory compliance, topics such as economic & trade sanctions, corruption, fraud, privacy & security incidents, business interruptions, modern slavery and environmental issues are also being increasingly watched, especially where suppliers or contractors pose a risk ‘by association’ to the buyer.

Our 24/7 news cycle and the global pace of change means it is no longer viable to read the newspaper once a day or occasionally Google a competitor every few months in your spare time to identify changes in your operating environment – media monitoring today needs to be a core part of your risk intelligence capability, employed on a systematic, continuous basis and integrated into other business processes to add value.

Conceptually, media monitoring seems relatively straightforward, but it follows the iceberg principle with most of the challenges laying beneath the surface. Many organisations struggle with media monitoring when they need to operate across large volumes of search criteria, countries, languages and mediums. Practically speaking, there are also differences between monitoring traditional print, TV and radio channels and social media: This post focuses on traditional channels, whilst social media will be addressed in a future article. The article outlines the key considerations when designing a media monitoring capability, the challenges, what to focus on, and what to do with what you’ve found.

Selecting sources and monitoring tools

The majority of media monitoring programs are run in an ad-hoc manner, without any real understanding of the sources or content of interest. The sophistication of these programs range from performing ad-hoc searches in the internet browser, to using tools such as Google Alerts and data aggregators. Typically, businesses focus on print media to the exclusion of TV and Radio, despite both having interesting and relevant content (take for example, an executive from a competitor being interviewed on the business channel).

The first step in selecting sources involves thinking about what, and who, you want to monitor, and where the content would be published. This ‘where’ is a function of both geography but also industry, as some of the richest coverage might be featured on niche industry platforms. Media monitoring typically focuses either on people or entities, both of which involve name-based searches (e.g. ‘Apple’ or ‘Tim Cook’). Where large numbers of search results are returned, it is normal to use boolean operators to write queries which search for the individual or entity’s name in conjunction with other search criteria, such as ‘strategy’ or ‘fraud’. This process can get quite complex, involving potentially dozens of words of interest (or derivatives of them, such as ‘Crim*’ to search for ‘criminal’, ‘crime’, etc in the same search) in addition to the entity name (i.e. “[name]” and “crim*”).

Media Monitoring Challenges

Licensing and Copyright – news information is subject to copyright, and many IP Rights Owners require their content to be licensed. These costs, and any licensing constraints (e.g. forwarding of a complete article is prohibited without an enterprise license) will require some thought around how any capability is designed, as well as impacting budget.

Syndication – increasingly common globally, syndication has the effect of increasing the volume of search results. Platforms such as Factiva have in-built tools to remove duplicates, however manual processes (e.g. Google Alerts) may take additional time to process

Reliability of free tools – free media monitoring tools use a variety of technologies to identify and index content, which can impact reliability. Unlike platform providers, they typically require closer scrutiny to ensure they are performing as intended.

Press Freedom and ‘Right to Forget’ laws – the reliability and coverage of the mainstream media is increasingly being influenced by attacks, government constraints on journalists, and corruption. In other jurisdictions, ‘Right to Forget’ laws mean the subjects of adverse coverage can have articles such as coverage of convictions or imprisonment deleted, impacting historical search results.

Where large volumes of search queries are required and where budgets allow, news aggregators such as Factiva and ProQuest, as well as other specialised industry journals, represent an excellent option provided they have coverage of the content you are seeking. Once you have identified your sources, you should check to see where their content is published as some publications are not covered by aggregators or news syndication services.

As with print media, television and radio content is also searchable via specialised aggregators. Typically these providers will index the content (i.e. note keywords and other search terms), to enable a word-based search to be performed via their portals. Once results are returned, they can then be screened for relevant content. Two examples of television indexes include BBC Monitoring and InformIT TV News.

Case Management: Reviewing, storing and evaluating matches

Media articles or other search results are typically recorded in some sort of ‘case management system’, which can be anything from a register kept in Microsoft Excel to a database or workflow system such as ServiceNow. There are a few steps in this stage of the process, including:

  • Reviewing each returned search result to determine whether it meets your criteria for retention (i.e. is it relevant, timely and actionable in relation to the question you are seeking to answer and is this new information, or is it a duplicate?)
  • Documenting selected fields / information from the article in your case management system – such as names or addresses of parties mentioned
  • Copying details of names, addresses, relationships, events or other reporting which could affect your relationships with key customers, suppliers or employees into a separate database (this is particularly important for fraud prevention and legal disputes)

This raises the question of who is performing the media monitoring, and how well they understand the intended recipients (i.e. their readers or internal ‘customers’). All too often media monitoring is performed by a central team, with consumers in the business being forwarded copies of news articles they have already read or receiving lots of emails that go unopened. Whether the function is performed centrally or by business line, the most important thing is that information is converted to intelligence so it is actually useful.

Whilst media monitoring can be started with the best of intentions, it quickly becomes a waste of time and effort if the generated content is not relevant and actionable to the recipient (i.e. can they actually do something useful with it) and timely (telling them an event has occurred 3 months after they’ve known about it is useless), if the content is not properly curated and searchable as volumes increase, and if the team performing the role becomes seen as a sender of spam.

Actioning what you’ve found

Once you have identified what’s important, the next step is to do something with it. By this stage of your process, you should be left with a number of articles that contain content of interest. In my experience, this is the stage where many media monitoring processes begin to fall apart.

Case Study:

A large bank had implemented a robust media monitoring process to track strategic developments involving competitors and the market. They were actively monitoring multiple channels, saving articles of interest to PDF from print media sources, and uploading them to a Document Library on their intranet (SharePoint). Over time they had thousands of articles containing rich information but it was never extracted and developed into intelligence. To make use of their collection, they had to individually review each search result rather than being able to see what all search results meant in the wider context. In time, it became quicker for users to simply use Google and the whole effort became a complete waste of time.

Media monitoring is only the first capability building block in an external listening process, and if your process relies upon emails or file libraries in a shared folder or on SharePoint once you hit a certain number of files you will start to encounter data challenges that affect our ability to extract any real value from your media monitoring. To avoid this situation, I recommend you add two steps to the end of your media monitoring process:

Dealing with information about people, events, places and things

Articles with content such as names, incidents, relationships, events and places need to have this information extracted into a structured format (ideally a database but CSV format will also suffice), with the original article attached. Whilst you can use document tags instead of structured content, it is not as effective (1) because you will still need to extract the data into a structured format to properly analyse it, and (2) over time libraries of tags will become unmanageable and you may encounter system limitations. To keep pace with volumes, I find this information most efficiently captured as the article is reviewed, rather than letting everything pile up.

These sort of articles typically relate to issues such as a key customer or supplier’s financial solvency, highlight relationships between employees and a supplier or customer (i.e. conflicts of interest or fraud risks), and legal disputes which might disrupt the supply chain. Consequently, the typical audience for this information will be finance / procurement, legal, audit, risk and compliance.

Articles of a strategic nature

In contrast to information about people, places and things, information of a strategic nature (e.g. articles on regulatory change, interviews given by a competitor on their new product) should be compiled into a separate document or ‘wiki’. Environmental Scanning is a common technique used in the strategic analysis and intelligence communities and is ideal for compiling and analysing this type of content, and will be covered in a future post.

The key difference between strategic information and that of people, places and things is the way it is used – it is mainly employed by strategy teams, product managers, or in other planning activities rather than more operational tasks, hence it needs to be reviewed less frequently. Strategic information is typically reviewed in the context of other strategic information or when making specific decisions.

Optimising your capability

The last step in developing any capability is to periodically evaluate its performance. For a media monitoring capability, this means running separate searches to ensure you haven’t missed anything with current search criteria (have you had consumers in the business ask about something you didn’t pick up?), ensuring that sources are reliable and credible and that search parameters are current, and that your downstream processes in terms of storing, evaluating and reporting remain valid.

Further reading

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.