TL;DR: Standard M&A due diligence misses fraud because auditors verify cash exists, not where the cash came from. The Fraud Diamond Framework replaces the outdated Fraud Triangle by focusing on four observable patterns: pressure, opportunity, suspicious timing, and concealment. This framework works in forward-looking investigations where you won’t get confessions or cooperation.
- The Fraud Triangle fails in M&A and compliance contexts because rationalization requires admission, which you won’t get in adversarial situations.
- The Fraud Diamond Framework uses four observable points: dynamic pressure, information control opportunity, events that are too convenient at critical times, and signs of concealment.
- Cash source verification matters more than cash existence verification. Trace where money came from, not where money arrived.
- Timing patterns are diagnostic signals. When beneficial developments arrive precisely when needed, scrutiny is warranted.
- Fraud detection requires observable patterns, not psychological access to the fraudster’s mindset.
What Happened in the M&A Deal
I’ve reviewed hundreds of acquisition targets. The one that taught me the most looked flawless on paper.
Major accounting firm signed off. Due diligence consultants gave the green light. Revenue growth looked strong. Cash collections appeared healthy. The founder seemed credible.
The buyer paid premium multiples based on those financials.
Six months later, they discovered the revenue was manufactured. The founder manipulated receivables by applying cash from one customer to age out receivables from others. This created an illusion of legitimate revenue streams across multiple customers.
What the auditors missed wasn’t complex. They verified that cash was collected on revenues. What they didn’t do was trace the sources of that cash.
That gap cost the buyer millions and triggered years of litigation.
The Core Issue: Verifying cash existence doesn’t reveal cash source manipulation. Standard due diligence checks the wrong thing.
Why the Fraud Triangle Fails in M&A Due Diligence
The traditional Fraud Triangle has three points: pressure, opportunity, rationalization. This model works when you interview convicted fraudsters after the fact. They tell you what pressured them, how they saw the opportunity, and how they justified their actions.
The model collapses in adversarial contexts.
When you’re conducting M&A due diligence, investigating compliance violations, or assessing risk before problems surface, you face one fundamental problem: rationalization requires admission.
In disputes, investigations, and forward-looking assessments, you don’t get rationalization. You get vehement denials. You get lawyers. You get carefully constructed alternative explanations.
The third point of the triangle disappears precisely when you need a framework most.
What Is the Fraud Diamond Framework?
I developed the Fraud Diamond Framework℠ to address this gap. It replaces rationalization with two practical elements you observe without cooperation from the other side:
- Something almost too good to be true that comes at a critical time
- Signs of concealment
These elements work whether the other party admits anything or not.
Bottom Line: The Fraud Triangle assumes cooperation. The Fraud Diamond works in adversarial contexts where denial is the default response.
The Four Points of the Fraud Diamond Framework
Point 1: Pressure (Dynamic, Not Static)
Pressure exists everywhere in business. What matters are changes in pressure levels driven by specific initiatives, deals, or survival needs.
In the M&A case, the founder faced acute pressure. The business needed the sale to survive. Personal liquidity depended on closing the deal at a premium valuation. The timing pressure was extreme. If the deal collapsed, the business faced potential insolvency.
What pressure looks like:
- Transactions necessary for business survival or liquidity events
- New initiatives requiring rapid customer acquisition or revenue growth
- Regulatory changes restricting key revenue channels
- Compensation structures tied to hitting specific metrics by specific dates
The pressure point tells you where the incentive to manipulate concentrates.
Key Point: Static pressure is normal. Dynamic pressure tied to specific outcomes creates fraud risk.
Point 2: Opportunity (Information Control)
Opportunity in fraud contexts revolves around one thing: the ability to convey materially false or misleading information that others rely upon.
In the M&A case, the founder controlled the accounting records. The company was small enough that segregation of duties was weak. The founder manipulated how cash was applied to receivables without immediate detection.
The accounting firm verified cash existence. Due diligence consultants reviewed revenue recognition policies. Neither traced cash sources systematically across the customer base.
That gap created the opportunity.
Why internal controls matter: Internal controls, compliance policies, and procedures exist to eliminate perceived opportunities before exploitation occurs. They’re not bureaucratic requirements. They’re fraud prevention mechanisms.
Where opportunity concentrates in Dutch SMEs:
- Single-person approval and payment authority
- Founder control over accounting records without independent review
- Weak segregation between sales, invoicing, and collections
- Complex ownership structures that obscure beneficial ownership
Key Point: Opportunity exists when one person controls the information others rely on without independent verification.
Point 3: Something Almost Too Good to Be True at a Critical Time
Business upturns happen. Positive developments occur.
When substantial boosts arrive precisely when they’re most needed, that convergence warrants scrutiny. This includes moments when deals must close, when survival hangs in the balance, or when compensation depends on hitting targets.
In the M&A case, the revenue growth accelerated dramatically in the quarters leading up to the sale process. New customers appeared. Payment patterns improved. Aging receivables decreased.
All of this happened exactly when the founder needed to demonstrate business health to command premium valuation.
The timing wasn’t proof of fraud. The timing was a signal that demanded deeper investigation.
Timing patterns that warrant scrutiny:
- Revenue spikes coinciding with deal milestones or financing rounds
- New customers or contracts materializing right before critical deadlines
- Sudden improvements in key metrics (collections, margins, efficiency) without clear operational changes
- Favorable developments that resolve multiple problems simultaneously
The “what” (a beneficial development) combined with the “when” (a critical moment) creates a diagnostic signal.
Key Point: Timing is a fraud indicator. Scrutinize when good news arrives at suspiciously convenient moments.
Point 4: Signs of Concealment
All fraud requires hiding. The question is what form the concealment takes.
You’re not looking for obvious red flags. You’re looking for any indication of attempts to mask materially important elements.
In the M&A case, the concealment was subtle. The founder didn’t fabricate customers or forge documents. He manipulated how cash was applied within the accounting system. This change wouldn’t trigger obvious alerts, but fundamentally distorted the revenue picture.
How concealment showed up:
- Resistance to providing detailed cash application records
- Explanations that were technically accurate but misleading in aggregate
- Accounting complexity that exceeded what the business size required
- Reluctance to allow direct contact between buyers and key customers
None of these alone proved fraud. Collectively, viewed through all four framework points, they revealed a pattern of information control designed to prevent discovery.
Key Point: Concealment shows up as patterns of resistance, complexity, and controlled information flow, not obvious forgery.
How the Framework Works: Export Controls Case Study
The framework applies beyond financial fraud. I used the Fraud Diamond Framework in an export controls investigation that resulted in €130 million in penalties (approximately $140 million USD equivalent).
A European technology company sold specialized components to a Chinese customer. When the U.S. Department of Commerce restricted that customer, new purchasers immediately emerged to continue the business.
When the first front company was restricted, another appeared.
Applying the Four Points to Front Company Detection
Pressure: The Chinese customer represented significant revenue. Losing that customer threatened the company’s financial performance and management’s compensation.
Opportunity: The company controlled how it classified customers and documented end-use. Export compliance reviews were infrequent. The company characterized new customers as independent without rigorous verification.
Critical Timing: The “new” customers materialized immediately after restrictions hit the original customer. The timing was suspiciously convenient. These white knight customers appeared precisely when doors closed.
Concealment: Multiple indicators clustered together:
- New customers shared addresses with the restricted entity
- The original customer’s Chinese name appeared next to the front company’s name in communications
- Technical personnel communicated with “new” customer representatives via the original customer’s email domain
- Order patterns, specifications, and delivery instructions remained identical
Individually, these indicators might have explanations. Collectively, they revealed systematic evasion.
The framework guided the investigation by identifying where to concentrate resources. We didn’t need to prove intent initially. We needed to map the pattern across all four points. Once that pattern became clear, the evidence of deliberate circumvention followed.
Key Point: Red flags cluster together in fraud. One indicator is noise. Multiple indicators across all four framework points reveal systematic evasion.
What This Means for Dutch SME Founders
If you’re running a small company in the Netherlands, this framework matters in three contexts:
When You’re Acquiring Another Business
Standard due diligence from accounting firms focuses on financial statement accuracy. Necessary, but insufficient. You need forensic cash flow analysis.
Trace cash sources, not just verify cash existence. Forensic accounting techniques identify off-balance-sheet items and hidden liabilities that standard reviews miss.
What to do: Demand detailed cash application records. Verify that cash from Customer A was applied to Customer A’s receivables, not used to age out other customers’ balances.
When You’re Building Compliance Controls
The framework shows you where fraud concentrates. Design controls that address all four points systematically.
Don’t build policies that look good on paper. Build controls that eliminate opportunity, create early warning systems around timing patterns, and make concealment difficult.
What to do: Implement segregation of duties, independent verification of key transactions, and timing pattern alerts for unusual metric improvements.
When You’re Facing Investigation or Dispute
Understanding how investigators think helps you recognize what triggers scrutiny. If your business shows patterns across multiple framework points (pressure, opportunity, suspicious timing, concealment indicators), expect heightened attention from regulators, counterparties, or enforcement authorities.
What to do: Proactively document operational changes that explain metric improvements. Maintain transparent records. Allow independent verification of key relationships.
Key Point: The framework is a diagnostic tool for acquisition due diligence, compliance control design, and understanding investigative scrutiny triggers.
The Enforcement Context in 2025
Enforcement patterns in 2025 show a clear shift toward what I call “high probability” enforcement.
Regulators no longer assess whether policies exist. They assess whether controls prevent violations at scale. OFAC civil penalties exceeded €245 million in 2025. Enforcement focused on recurring control failures, weak ownership analysis, and insufficient third-party diligence.
The pattern is consistent: systematic control failures attract disproportionate penalties. Isolated incidents with strong controls receive more lenient treatment.
What this means: Having a compliance policy on paper won’t protect you. Demonstrating that your controls prevent violations at scale is what matters.
The framework helps you identify systematic vulnerabilities before enforcement authorities do.
Key Point: Enforcement has shifted from policy existence to control effectiveness. Systematic failures trigger disproportionate penalties.
Three Control Points to Install Now
Based on applying this framework across multiple contexts, three controls provide disproportionate protection:
1. Cash Source Verification in Financial Reviews
Trace cash sources, not cash existence. Whether you’re conducting due diligence or reviewing your own financials, verify that cash applied to Customer A came from Customer A. This single control would have prevented the M&A fraud.
How to implement: Require matching bank deposit sources to customer invoices. Flag mismatches for investigation. Review cash application patterns quarterly.
2. Timing Pattern Monitoring
Build alerts around critical timing convergences: new customers appearing right after restrictions hit existing customers, revenue spikes coinciding with deal milestones, sudden metric improvements without operational changes. Timing patterns deserve investigation even when individual transactions appear legitimate.
How to implement: Create automated alerts for metric changes exceeding 20% month-over-month. Flag new relationships appearing within 30 days of major business events. Review timing clusters quarterly.
3. Beneficial Ownership Verification for Key Counterparties
Don’t rely on names and addresses. Verify ownership and control, especially for customers or suppliers that represent concentrated revenue or critical supply. Check registration timing, shared infrastructure, and communication patterns. Front companies cluster red flags. Look for the cluster, not individual flags.
How to implement: Verify ultimate beneficial owners for any counterparty representing more than 10% of revenue or critical supply. Cross-reference addresses, email domains, and contact information. Document verification annually.
Key Point: Three controls address the four framework points: cash source verification prevents concealment, timing monitoring detects suspicious convergence, beneficial ownership verification eliminates front company opportunity.
Why This Framework Works When Others Fail
The Fraud Diamond Framework succeeds in forward-looking contexts because it focuses on observable patterns rather than requiring psychological access to the other party’s thinking.
You don’t need confessions. You don’t need cooperation. You need systematic evaluation across four dimensions that reveal fraud patterns whether the other party admits anything or not.
The framework guided me through the M&A case, the export controls investigation, and dozens of other matters where traditional approaches failed.
It works because it matches how fraud operates in adversarial contexts, not how we wish it operated in cooperative interviews after the fact.
The practical reality:
- If you don’t prove where your cash came from, you don’t control your revenue picture.
- If you don’t explain why beneficial developments happen at convenient times, expect others to question it.
- If you don’t demonstrate transparent ownership of key counterparties, you’re exposed to sanctions and compliance risk.
Structure beats recovery. Build the controls that address all four points before pressure, opportunity, timing, and concealment converge into expensive problems.
The framework isn’t about suspicion. It’s about structure.
In 2025, structure keeps you in control when enforcement probability rises and denial stops working as a defense.
Frequently Asked Questions
What is the Fraud Diamond Framework?
The Fraud Diamond Framework is a fraud detection model with four observable points: pressure, opportunity, suspicious timing, and concealment. It replaces the Fraud Triangle’s “rationalization” element with two elements you observe without cooperation from the other party.
Why does the Fraud Triangle fail in M&A due diligence?
The Fraud Triangle requires rationalization, which depends on admission. In M&A due diligence, investigations, and disputes, you face denials and lawyers, not confessions. The third point of the triangle disappears precisely when you need the framework most.
How do I verify cash sources in due diligence?
Trace cash sources, not just cash existence. Verify that cash applied to Customer A came from Customer A, not from another customer used to age out receivables. Demand detailed cash application records and match bank deposits to specific invoices.
What timing patterns indicate fraud risk?
Revenue spikes coinciding with deal milestones, new customers appearing right before critical deadlines, sudden metric improvements without operational changes, and favorable developments that resolve multiple problems simultaneously all warrant scrutiny.
How do I detect front companies?
Front companies cluster red flags. Check whether new counterparties share addresses with restricted entities, use similar names in communications, have email domains matching original customers, and show identical order patterns and specifications. One indicator is noise. Multiple indicators reveal systematic evasion.
What controls prevent fraud in Dutch SMEs?
Three controls provide disproportionate protection: cash source verification in financial reviews, timing pattern monitoring for suspicious convergences, and beneficial ownership verification for key counterparties representing more than 10% of revenue or critical supply.
How has enforcement changed in 2025?
Regulators no longer assess whether policies exist. They assess whether controls prevent violations at scale. OFAC civil penalties exceeded €245 million in 2025. Systematic control failures attract disproportionate penalties. Isolated incidents with strong controls receive more lenient treatment.
When should I apply the Fraud Diamond Framework?
Apply the framework in three contexts: when acquiring another business (forensic due diligence), when building compliance controls (design controls addressing all four points), and when facing investigation or dispute (understand what triggers scrutiny).
Key Takeaways
- The Fraud Triangle fails in adversarial contexts because rationalization requires admission. The Fraud Diamond Framework works without confessions or cooperation.
- Cash source verification matters more than cash existence verification. Auditors checking that cash arrived miss fraud when cash from Customer B is applied to Customer A’s receivables.
- Timing is a diagnostic fraud signal. When beneficial developments arrive precisely when needed (deal closing, avoiding insolvency, hitting compensation targets), scrutiny is warranted.
- Concealment shows up as patterns of resistance, complexity, and controlled information flow, not obvious forgery. Look for clusters of indicators across all four framework points.
- Front companies reveal themselves through shared addresses, communication patterns, order specifications, and timing. Red flags cluster together in systematic evasion.
- Enforcement has shifted from policy existence to control effectiveness. Having a compliance policy on paper won’t protect you. Demonstrating that your controls prevent violations at scale is what matters.
- Three controls provide disproportionate fraud protection: cash source verification, timing pattern monitoring, and beneficial ownership verification for counterparties representing more than 10% of revenue or critical supply.
