In a recent digital boardroom hosted by Lightbox, leading experts in finance, risk, and forensic accounting came together to address the rising threat of fraud in India’s startup ecosystem, where 59% of companies reported incidents in the past two years. The discussion explored the “fraud triangle,” early red flags auditors watch for, and real-world lessons from companies like Rebel Foods. Panelists emphasized that fraud is not just a control failure but a behavioral issue rooted in pressure and rationalization. The session underscored the need for strong culture, vigilant monitoring, and proactive measures to protect startups in high-growth environments.

Transcript: 

Rashmi Guptey: Hi. Good evening, everyone. Thank you for joining us today. Today, we're going to talk about a topic that most of us dread. It's a topic associated with corporate fraud. The goal is really to discuss, you know, frameworks to help us prevent, avert, and fraud-proof our organizations in an increasingly complex operating environment that all of us are a part of. Just a few statistics on this.

According to PwC global economic crime survey 2024 about 59% of the organization surveyed in India have faced a financial or a white collar crime in the past 24 months, there has been lot of angst recently within and outside the startup community due to a series of fraud and mismanagement incidents, which have not only led to a fall in the valuation of the startups, but also dampened and affected the overall sentiment in this ecosystem. It's important to look at companies inside and out and to be able to effectively tackle economic fraud and financial crime. We have with us a fantastic panel today in Manoj Vidya sarda and pu all you know, stalwarts in their own fields, and each one providing a very unique lens to discuss the much dreaded topic of fraud. Manoj Nair leads the statutory practice at cross shore Services Division of SCU. He's a commerce graduate and ici graduate, a member of the cost Institute of cost accountants and a member of the Institute of Internal accounts in internal auditors. Sorry, he has multiple certifications and sustainability and ESG, and has nearly 30 years of experience in assurance and risk consulting. His perspective today is very important from an audit, statutory audit standpoint.

Vidya rajarao is the founder and CEO of fraud pedia, Private Limited, a startup that aims to equip young professionals with knowledge and training to combat fraud. Vidya is a chartered accountant and a Certified Fraud Examiner. From us, she holds substantial investigative and forensic experience and brings over 25 years of forensic accounting and risk consulting experience. She's testified before eminent Supreme Court justices, both internationally and domestically. She is the first woman to be elected on the board of Association of Certified Fraud Examiners, and she was also a member of the nfra the next panelist is Bucha. He has he's a chartered accountant and CS. He's also the CFO of one of our portfolio companies, rebel foods. He has 25 years of diverse experience across sectors like pharma, telecom, media and entertainment. Bucha is very passionate about building a very strong governance profile within and within his organization, and he is going to talk to us today from an operational perspective of managing fraud or averting fraud in businesses. Last but not the least, Saradha Govindrajan is a post graduate and diploma holder from XLR I Jamshedpur. She is also a Bachelor of Engineering from Anna University. Sada has over 2025, years of experience, and she her journey began with the Mahendra group, followed by Doctor agarwals Eye Hospital, and her latest stint was as the CFO of the veranda group. Sada has extensive experience in M and a business, finance and strategy. So without much ado, let's begin into today's session. But before we do that, let's take a very quick look at what fraud really means and how it all begins. So if, if the screen is sort of visible to everybody, I think really, why do frauds or why are frauds committed, right? So what, what this does is talks about the fraud triangle, which is often at play, and it begins with essentially a pressure, and usually it's often an economic pressure or some form of duress, which then basically leads you to abuse trust. And finally, once you've done both, you need to find a way to rationalize what you've done and justify your fraud by saying it's okay, right? And thus begins the triangle of fraud and the inescapable route, which is a black hole through which we go down and fraud often takes proceedings. So I think with that background, and I don't want to get into the details of fraud, we all know what it is. Let's sort of begin this panel with a very objective lens on how the four of our panelists see fraud, right, and what are some of the early signs. So maybe I'll look at you, Manoj, to sort of in your experience, talk us through how do you as an auditor see those ugly early shoots of a fraud?

Manoj Nair: Well, for us, any audit while the preliminary lens of an auditor, whether it's a stat auditor or rental auditor, is not to look into fraud, but primarily to ensure that your financial reporting numbers, numbers are correct, true and fair it's compliant to accounting and auditing standards. It's also to look at internal controls over financial reporting. While looking at this, we come across certain trends which indicates that there is a possibility of a fraud that would have happened in the organization. Now, such trends could be something right on the face of it, or it is well and very done very stealthily and well. Hidden under the rugs, where it is very difficult to even identify such a fraud has happened. You know, some of the trends that we see of late, and I mean, these are not something new that I'm going to tell to the group here, because these have come in the media in the last four or five years. If you see the startups related fraud or misreporting on the financial numbers. It could be GMB or revenue. It could be things like related party transactions. It could be some fraudulent entries passed in the books just to hide certain fund management that has happened between the people, related parties or some friends of the promoters, I would say, so what generally we look at are these kind of trends, saying, what's the revenue movement between the previous years to the current year? If there is a sudden spike or a spurt that really gives us a cause of concern? Saying, why did this really happen? And many a times, and let me tell you, in the last couple of years, three out of my five startups client where we went into this revenue trend analysis, we found that there is something fishy and suspicious out there. We had situations where, you know, peculiar accounting entries happened, like a huge amount of GST input reversal. Now, when we got into the details, we found that this reversal was done on the basis of notice and by dggi and GST authorities. When we went into the detail, we found that these vendors were actually non existent vendors. Fraudulent entries were passed these vendors to whom the company had made the payment has not deposited the GST onward to the authority, so they came after these entities. And as a result of which our client had to suffer so and when we get caught into the details, we found that there are people who are involved within the companies, and it's very sad to say, some of them are promoters, which gives us further doubt on what are the kind of transactions the company has entered. You find a lot of related party transactions. You will see lot of non operational fund movements, which means money is moving. The money raised from the investors of the banks, wherever is it, it's moving from one entity to other, but no significant operational developments are happening. So these are some of the, you know, early pointers that we as auditors notice, and we try to build on it. And when it comes to appropriate time, we involve specialists like Vidya who can take it to the logical end, including to the legal court where the matter would be for the settled.

Rashmi Guptey: You know, Vidya, we investors, are often criticized, saying, What were you doing? Where was your diligence? What was the auditor doing? And like Manoj explained, these are early shoots, sometimes conclusive, sometimes not. Your role is very different. You come into the picture once there is, you know, some trailing to be done, or there is the definite suspicion involved. But could you highlight a few areas, or a few instances which you know, you know going in, that these are definitely signs towards indicating a fraud? And how do you go about the investigation of things like this? 

Vidya Rajarao: sure. Thank you. Thank you. Rashmi, good evening. Everyone. See, I think the reason why you know investors, auditors, you know especially statutory auditors, fail to detect fraud, is because fraud is a problem of human beings. It's a problem of behavior, whereas audit is focused on controls. So that's where the dichotomy lies, right. And when I look at red flags, I follow the frog triangle. So if you look at where's the pressure, because it's both pressure and incentive, right? If the organization is structured, where the pressure to meet targets, unfortunately, even in a startup world, if you, even if you don't have these quarterly earnings targets, you have targets because the market is racing ahead of you. There are competitors entering the market. You have set certain targets for yourself, and if you have investors, you need to give them an exit. So you're looking at a five year horizon. So targets are always, you know, collect damical sword, you know, on top of your head every day. And that leads to behavior, which is sometimes errant behavior. You know, you start with the fraud triangle. It's an excellent tool. You know, if you look at incentives or a pressure to meet targets, and then you look at opportunities, because controls don't keep up with business. Because you, you know, you very quickly you have a because you're starting with a very small baseline, you've sold 100 SKUs in one month, and you know, next month you're up to 200 that's double. And then the next month you're up to 400 that's geometric progression. Your controls don't keep up as quickly as your business and controls, again, has to be done by people. It isn't getting, you know, SAP and Oracle and PeopleSoft or whatever other software that you have. It isn't software. It isn't it's really behavior around controls. And only if you get these two right, you can fix the national. Realization piece of it. So that's where the red flags emerge, you know, from a forensic angle. And I think I'll stop there and see what the CFO in the hot seat, you know, has to say about all of this.

Rashmi Guptey: The CFO in the hot seat, I think should help us understand, how do you find these traces in an operationally complex environment, Piyush, because startups, you know as much as we can talk about governance and following protocol and doing everything systematically, the truth is, it's chaos, because you're growing at a very fast pace. So maybe Piyush, you could give us some operational insights into what you've seen. 

Piyush Kakkad: sure. Thanks, Rashmi, and once again, thank you so much for giving the opportunity and warm welcome to all of you. I represent rebel foods. We are a world's largest Internet restaurant company. Essentially it is single infrastructure where we have multiple brands operating, and we are 97 to 98% of our revenue is digital, right? So Manoj and Vidya talked about the fraud, and, you know, different kind of how it happens. I think essentially, if you think about it, there are two buckets in which we can think about fraud. One is about intentional, which means that internally within the company, there is some nullified intent to sort of take an extra benefit. Second, could be someone external is trying to create a bypass in the process or the system and able to take an undue advantage. I'm talk, I'm going to talk a real life incident that happened to us at rebel foods around couple of years back, which is in the second category. So essentially we have operations in India, and then there is operation in UAE and UK. So this happened in one of the transaction which is based out of UK. Now what happened is that basically we have advertisement on the Facebook page. So we came to know that there was an excess debit that happened. So typically, if there is a run rate of X debit, which happens on account of monthly invoice to Facebook, there was suddenly around 10x debit that happened in terms of when we received the message from the bank account. So immediately triggered a thought from the executive was managing it to say that, why is the debits on so much on the higher side? And then it was reported to the bank and band. Then, you know, the teams got alerted. So basically two channels got activated. One was reporting to us to say that there is something suspicious that has happened. Typically, a payout on marketing campaign is x, but there is a 10x debit that we have received. And then immediately we huddled together. We said that first, let's go to the bank try to substantiate the claim in terms of why it's only 1/10 of what got debited. So that was a trigger, one that did. And immediately, banks sort of took a note of the transaction, invoice and all, and made sure that the unauthorized debit of 10x got immediately reversed. So that was one part. Now the second and most important was to understand exactly what happened. So typically what happens is that these kind of media spends and such other credit card led spends, it is, it is through a direct debit. So what happened is, in in case of we have multiple Facebook pages for advertisement and media post right and it is linked to the sub pages which are linked to the bank account. Now the hacker was able to access the Facebook page, modified the name of one of our brand pages and altered the limit set for the transaction. And due to this alteration in the limit Facebook reach increased, and hence the billing also increased. Now, as a result of which, there was an unauthorized 10x transaction that happened. So one was to remain calm, report the transaction, and then make sure that we are able to immediately work to do a damage control. The second part is then we did RCA to say that exactly where did we go wrong? I think there were clear four or five actionable that came in. First was for this direct debit transaction, we should never link it to the primary bank account. The second was try to get into a mode of deploying the limit through a wallet only. So basically, even if there is an unauthorized debit, it will the transaction will fail because it's only a specified amount that we have parked in the wallet. The third is about account access advisory. So basically, at a periodic interval, we should do a review and make sure that excess rights are only within the authorized individual and also strong password rules needs to be implemented. And last is try to do a periodic review wherever the such debits are actually enforced. There is a review mechanism, like Manoj was saying in a traditional thing about a bank account review, but we don't do wherever the auto debits have been set. So I think this is a classic example that world is moving towards more and more digital. There are types of these digital frauds that happen in a rush we may not follow proper protocol or control, or either in a regular review, these things don't get surfaced. So I just thought that it would be good to sort of discuss a live example. And luckily, with the help of team member was quite vigilant and alerted at the right point of time, and also took it up with the banks to ensure that there is no unauthorized debit that was there, finally. But, yeah, it was a big learning for us, and as a result of which, we have strengthened the process.

Rashmi Guptey: You took this in the direction of, you know, basically being the torch bearer, and sort of trying to prevent it, prevent these kind of occurrences. But maybe Sardar, you know, in your past experience, I. I think it begins with culture, right? And that's the first line of defense in how we, as, you know, torchbearers of the finance function, can control this. You know, you've served on so many listed companies. Could you talk about sort of the trickle down effect of culture and promoter sort of views on how this is managed? 

Saradha Govindrajan : starts with the founder. Let's put it that way. Founder culture, I think we were talking about. I just want to rephrase it. Founder is the culture they set the tone right. Like many startups would not have a proper finance team, would not even have a finance function. So if the culture set by then, no matter how brilliant the CFO you get at a later stage, or if somebody gives you brilliant advice, the founder has to accept the advice. I think it starts with the attitude and the tone of the founder. Rightly, like Vidya pointed it is people you have to set it right. So I have more often than not, seen that many founders, and you know people who are very limited related party transactions are very above board. So my spouse's company is not involved. They're not a vendor. My spouse is not an employee. I'm sure genuine spouse being employees are there. I'm just saying for the sake of 10 people from my family are not employed, so on and so forth. You know, it gets a lot of comfort. So I think the founder should think about it as a long term goal. I look at this as karma. Today, it may look very fantastic, but it will catch up with you at some point in time. So you're better off not taking you know, today's profit will be 1x and you are asking for two multiple more. But look at it five years down the line, when you will probably list or you are a unicorn, you're also carrying the credibility. Secondly, we talked about a fraud triangle, the incentives itself, right? I believe the incentive for a CFO, for example, to do a fraud is much lower than a founder, because the shareholding wise, the percentage itself, the return wise ROI, is much better for them, and that is why we see them getting involved. So founders should abstain, given their long term goals are much better if they act by the book. And I think as management finance professionals, look for these intangibles, and ideally, either if you can influence and correct them, it's fine, or do you want to stay with them in the longer journey? I don't know that to each their own and to founders. The last thing is, you know, most of the frauds that happen are from cost cutting, because, generally, founders want to make more profit. Yes, accounting standards wise, you want to show more revenue. Fudging, that's one part. But this bucket is also bigger. How can I be, you know, quick? There's one thing that's bootstrapping being smart and sensible, but that's there's one more thing that is, you know, going against. So I would urge people to differentiate between good and bad cost. There is always a good cost that's required to be spent by businesses being over smart about it will just hurt you and lead you down the fraud arena. So these are the few things the founder should do right and if they have the right culture, they should also hire the right people. I don't want to talk more on that because it may lead to a more I know some of the talking points from others. I don't want to take it away. Maybe I'll chip in