The Compliance Theater

The scam looked ordinary.

Clean product photos. A countdown timer ticking toward "SOLD OUT." A price just believable enough to make you hurry. A cousin in Kuala Lumpur forwarded it to a family group chat with a single question: "Is this legit?"

It wasn't. By the time anyone replied, the money was gone.

In Singapore, the same week, a different ad wore the face of a government minister, borrowed without permission, promising an "approved" investment. In Vietnam, it was a livestream that felt like a storefront. The details change by country. The mechanism doesn't. The ad runs. The money moves. The report gets filed.

And the platform often behaves like it didn't hear you.

Malaysian officials say Meta ignored 96% of scam reports submitted through official channels. Singapore threatened fines and deadlines. Vietnam pushed takedown windows from 24 hours to 12 through intense government pressure.

Meta's public posture is compliance. Its internal posture, according to documents reviewed by Reuters, looks more like math: what's the minimum enforcement that preserves maximum revenue?

The documents suggest an answer: approximately $16 billion in projected 2024 revenue from ads that Meta's own systems flagged as fraudulent or policy-violating. That's roughly 10% of the company's total advertising revenue.

The documents don't prove Meta intended to profit from fraud. What they show is that Meta built a system that makes fraud tolerance a business necessity.

Meta's own internal assessment makes the scope clear. According to an April 2025 audit, "it is easier to advertise scams on Meta platforms than Google." That's not an activist's accusation. That's Meta comparing itself unfavorably to its main competitor, in a document written for internal eyes only.

Most of this fraud originates in China, which Meta classifies as its top "scam exporting nation." The pattern is consistent: low barrier to entry, high tolerance for policy violations, and enforcement that kicks in only when the damage is already done.

While the profits are booked in Menlo Park, the damage lands hardest in Southeast Asia.

Consider a retired schoolteacher in Penang, Malayasia who sees an investment ad featuring a government minister's face. The ad promises guaranteed returns. She's been careful her whole life, saved what she could on a modest salary, and now her pension barely covers rising costs. The ad looks official. The returns look possible. She transfers money she can't afford to lose. By the time her daughter sees the ad and recognizes it as a deepfake, the account is empty.

These scams happen daily across World but have found fertile ground in Southeast Asia. Impersonation scams using stolen images of government officials spiked dramatically across Singapore in 2025. The government responded with a formal directive: implement robust anti-scam measures by September 2025, or face fines up to S$1 million per violation. Malaysia's Communications Minister went public with his frustration after Meta ignored the vast majority of official scam reports: "While some platforms have complied, others offered excuses."

In January 2026, Malaysia stopped asking nicely. The government declared all major social media platforms subject to the Communications and Multimedia Act, requiring proper licensing to operate. Meta had been running without one.

Vietnam achieved a 96% content takedown rate, but only through intense government pressure and shortened deadlines. Observers called it "compliance theater." Meta had satisfied one regulator while the money kept flowing elsewhere.

These countries came out of COVID with populations drowning in personal debt. Savings gone. Credit stretched. People who'd never owned a smartphone before suddenly living their financial lives through one. These are exactly the people who fall hardest for scam ads, and exactly the people who can't afford to lose what little they have left. Singapore, Malaysia, and Vietnam aren't failed states with captured regulators. They're actively trying to protect their citizens. And it barely moves the needle.

Meta’s business model is the problem. In Q2 2025, advertising represented 98% of Meta's total revenue. Not 80%. Not 90%. Ninety-eight percent.

I've been watching this dynamic since 2020, when I tried running an ecommerce business and saw firsthand how Meta was loosening its ad rules after the Apple privacy changes cratered their targeting. The metaverse was supposed to be the escape hatch. It wasn't. Meta’s Reality Labs division, responsible for the company’s AR and Metaverse initiatives, has lost $73 billion since 2020. In January 2026, Meta began preparing layoffs of Reality Labs staff as the company pivots to AI as its next hoped-for savior.

So Meta faces a structural trap: virtually all revenue comes from ads, and roughly 10% of that ad revenue comes from sources they've identified as toxic. Cracking down on fraud means cracking down on revenue. And Wall Street doesn't ask "how many scammers did you ban this quarter?" They ask about revenue growth.

Meta's solution was to turn platform integrity into an accounting exercise.

Internal documents show Meta established a 0.15% revenue "guardrail" for fraud enforcement. That's the maximum acceptable loss from cracking down on fraudulent advertisers. At Meta's scale, 0.15% translates to approximately $135 million annually.

If enforcement actions would cost more than $135 million in lost ad revenue, they don't happen.

To ensure most fraud never even reaches enforcement, Meta requires 95% confidence before banning a fraudulent advertiser. They apply a "beyond reasonable doubt" standard to stop a scammer, but take your money on far less certainty. Most fraud never clears that bar.

And when fines do come? According to Reuters, Meta views regulatory fines as an operating cost rather than a reason to change behavior. It's cheaper to pay the occasional fine than to actually fix the problem.

In late 2024, Meta made a choice that crystallizes their priorities. The company reinstated 4,000 previously suspended Chinese advertising agencies, returning $240 million in annualized revenue to the platform. Internal documents showed Meta knew approximately 50% of these agencies were running ads that violated their own policies. They brought them back anyway.

Internal emails revealed that "growth teams" concerns overrode fraud enforcement "given the revenue impact." Rob Leathern, who led Meta's business integrity operations until 2019, was direct about what platforms should do: measure violation rates from partners and "fire your worst-performing customers" when thresholds are exceeded. Meta chose the opposite direction.

The obvious question: if Meta's platform is riddled with fraud, why don't advertisers leave?

Because there's nowhere else to go.

Google and Meta together control roughly half of all global digital ad spend. Add Amazon, and the "Big Three" capture 56% of the trillion-dollar market. In Q2 2025, Meta alone commanded 65.8% of all social media ad spending.

Meta reaches 3.4 billion daily active users across Facebook, Instagram, and WhatsApp. That's nearly half the global population through a single ad buy. TikTok has scale, but skews younger and excels at awareness rather than conversions. Amazon has purchase data, but limited reach outside e-commerce. Connected TV is growing but fragmented and expensive.

None of them offer Meta's combination: massive reach, granular targeting, and proven conversion performance. Average Facebook ROAS (Return on Ad Spend) sits around $2.79 earned per dollar spent. Seventy percent of businesses report their highest ROI comes from Facebook ads.

Advertisers know the platform has problems. They stay anyway.

The 2020 "Stop Hate for Profit" boycott proved the math. Over 1,100 companies pulled their ads, including Coca-Cola, Starbucks, and Adidas. It didn't dent Meta's bottom line. The top 100 brands account for only 6% of Facebook's ad revenue.

The millions of small businesses that can't afford to pause campaigns are the real customer base. And they have no alternative.

One brand marketer, speaking anonymously to Digiday, called Meta a "necessary evil." Another industry observer put it more bluntly: there's been "no boycott, no grandstanding CMOs—just quiet resignation that this is the cost of doing business online."

The fraud isn't a dealbreaker because the alternatives aren't good enough to make it one.

Meta's fraud problem isn't fixable through better content moderation or AI detection tools. It's structural. The lesson is uncomfortable: Meta isn't broken. It's working exactly as designed.

Their "guardrails" function as compliance theater. Something to show regulators as evidence of effort. Something to quietly adjust when growth teams need to hit targets. When governments force action in one market, the fraud simply moves to the next one. The retired teacher in Penang loses her savings. The family in Kuala Lumpur gets scammed through the group chat. The reports get filed. The spreadsheet gets updated.

Somewhere in Menlo Park, someone is calculating exactly how much fraud Meta can afford this quarter. The formula is elegant: enforcement costs, regulatory fines, reputation damage on one side. Ad revenue on the other. As long as the second number is bigger, the machine keeps running.

What would have to change for this to stop?

Not better AI.

Not tougher fines.

The only thing that would change Meta's behavior is a world where advertisers have somewhere else to go.

Until then, the compliance theater plays to a captive audience.