Skip to main content

The Exploiter

The Exploiter uses something for a wrongful purpose to dishonestly gain personal benefits.

This might involve misusing their position or privileges, or dishonestly exploiting a vulnerability for personal gain.


  • An individual steals money or assets placed in their trust.
  • A staff member exploits their access to systems or information to commit fraud.

Case studies

A Brisbane pharmacist charged with defrauding the Commonwealth’s Pharmaceutical Benefit Scheme has been ordered to pay $1.9million to the Commonwealth pursuant to section 116(1) of the Proceeds of Crime Act 2002 (Cth). The debt will be paid from the sale of restrained assets, including property, shares and cryptocurrency.


Counter the Exploiter using measures that support people, process and system integrity, oversight and deterrence:

A positive workplace culture can encourage ethical and supportive behaviours while discouraging fraudulent or corrupt activities. Staff will be less able to rationalise fraudulent or corrupt activities where a positive workplace culture exists. A culture built on honesty, transparency and integrity is a key organisational strength that can serve to reduce the risk of fraud. If weak countermeasures are the fuel, a bad culture can be the spark that ignites fraud and corruption.

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Rotate staff and contractors in and out of roles to avoid familiarity. Staff and contractors can become too familiar with processes, customers or vendors, which can lead to insider threats.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Separate duties by allocating tasks and associated privileges for a business process to multiple staff. This is very important in areas such as payroll, finance, procurement, contract management and human resources. Systems help to enforce the strong separation of duties. This is also known as segregation of duties.

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Conduct system testing to identify vulnerabilities prior to release. Untested systems can allow vulnerabilities to be released into production environments.

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Was this page helpful?