Highly organized cyber fraud in South East Asia is widely run from so-called scam compounds: purpose-built or modified buildings that meet the precise operational requirements of this criminal industry. These compounds provide the infrastructure for online scams, fraud and other forms of cybercrime, often housing hundreds or thousands of people, many of whom are held captive and forced to cheat or extort victims around the world.

“Minimizing risks of criminal exposure to scam compounds in corporate supply chains” is a two-part policy brief series examining how private-sector actors may be exposed to cyber scam operations through legitimate commercial activity. While previous research has focused primarily on criminal groups, financial architecture and digital infrastructure, this series shifts attention to the industries, suppliers and partners that interact directly with scam compounds during both their development and operation.

The first policy brief focuses on the pre-operational phase of scam compounds. It examines how development projects that later host cyber scam operations are planned, financed and constructed, making it particularly relevant to private investors, multilateral development banks, developers, real estate companies and construction contractors. Drawing on field research conducted between 2023 and 2025 in Cambodia, Laos and Thailand (at the border with Myanmar), the report documents how scam compound hubs frequently follow a similar development trajectory. This repetition means that warning signs can often be identified early, when it is still possible for companies to distance themselves from criminal exposure.

The research uncovers a spectrum of complicity among private-sector actors, ranging from companies that are unaware of how their activities benefit scam operations to those that are actively complicit. It highlights how developers and contractors involved in large-scale projects that later house scam compounds sometimes have documented histories of criminal exposure that can be identified through strengthened know your customer procedures, enhanced due diligence and background checks.

The second policy brief focuses on compounds that are already operational and examines how existing or potential suppliers and partners can recognize red flags and respond. It is particularly relevant to companies operating in utilities, telecoms, order fulfilment and shipping, as well as technology companies that develop ride-hailing, food delivery and ‘super apps’. The report maps how scam compounds interact with outside suppliers across sectors, including electricity, water, waste management, internet connectivity, mobile networks, transport, shipping and food delivery.

The research demonstrateshow even self-contained compounds depend on external supply chains. It details how data already held by suppliers —including customer, payment and usage data— can reveal suspicious patterns, help trace criminal activity to specific locations, and identify emerging scam hubs.

Together, these two briefs provide practical guidance for private-sector actors seeking to avoid buying from, selling to or partnering with cyber scam operations. By examining both the development and operational phases of scam compounds, the series clarifies where and how legitimate supply chains intersect with this criminal industry and outlines ways companies can reduce their exposure while supporting broader efforts to address cyber scams and forced criminality in South East Asia.