Updated: Aug 14, 2020
Procurement fraud is not an area of financial crime risk that is generally identified or specifically highlighted as a risk within the financial sector. And yet, as highlighted within the Experian, UK Annual Fraud Indicator report, the loss to the public and private sectors in the UK from procurement fraud was estimated to be £121.4 billion. This is, therefore, an area that the financial sector should pay more attention to.
An investment in knowledge pays the best interest
In many procurement fraud cases an associated risk can be corruption, where an individual accepts a bribe payment to facilitate the awarding of a contract, and once a contract is obtained by this method, in many cases further fraud can be committed to ensure maximum financial gain for the fraudster throughout the lifetime of the contract.
THE INSIDER THREAT
Assessing bribery and the obtaining or retaining of new business, that includes the use and payment to third parties in developing new areas of business, there has been a number of published cases and reviews that have highlighted the extent of the risk that the financial sector faces. However, in publishing these risks have the financial sector and regulating bodies properly considered the extent of the fraud and corruption risk that the financial sector faces.
Is procurement an area within your organisation that requires a second look to determine the extent of the fraud and corruption risk? Is this a financial crime risk that you aren’t aware of or do you believe that the risk is so low that it is given minimal consideration as part of your compliance regime?
Procurement is a process that all organisations have and use, and financial sector organisations can spend many millions annually on procurement, from cutting edge IT security to facility management and physical security services. But is it an area that your organisation focuses on or prioritises when assessing fraud and corruption risks? The British Standard BS10501 (Guide to Implementing Procurement Fraud Controls) delineates the many methods through which procurement fraud can be committed.
A RECOGNISED RISK
It has only been within the last decade that global interest in procurement fraud has been recognised as a serious risk to the public sector. Although there are many published cases globally, it is only within the last few years that national organisations have been attempting to quantify procurement fraud losses. Globally, procurement fraud has not been included within national crime strategies and consequently there has been limited assessment of risk in this area.
The UK Financial Conduct Authority (FCA) has tended to focus upon bribery and has published the results of thematic reviews in order to assist organisations in evaluating and developing their own anti-bribery systems and controls. These have included a thematic review on anti-bribery and corruption in commercial insurance broking and anti-bribery and corruption systems and controls within Investment Banks. The further publication of the final notices to Aon Ltd, Willis Ltd and Besso Limited have provided a specific focus on third party bribery risk in obtaining and retaining new business and the marketing of financial solutions that an organisation may offer.
The use of procurement contracts to obtain and retain new business within the financial sector, has featured only to a limited degree within FCA publications and then only in relation to third party relationships (including general comment on policies and procedures for said parties) and due diligence. Although corruption and fraud within procurement can be serious risks, FCA publications mention bribery risk in procurement fleetingly and then only in terms of a commentary on good practice for specific organisations’ implementation of anti-bribery initiatives.
To support the assessment of an organisation’s bribery risk, the FCA suggests that a review should be conducted with internal stakeholders to determine the risk within respective business areas. Although this is an important methodology for identifying fraud and bribery risk per se, the lack of knowledge on the part of corporate professionals in relation to procurement fraud methodologies, their connection to corruption and the threat posed by insiders involved in the procurement process to the organisations’ internal controls, may lead to an incomplete risk strategy.
PROCUREMENT RISK TYPOLOGIES
Organisations should have a process in place to verify whether the procurement need identified within the organisation is actually required or whether there are in fact illicit motivations driving the request. The specification should be checked to establish where possible that, for example, that where cutting-edge technology is requested that it is actually required or whether in fact something ‘off the shelf’ might be more appropriate. The pre-qualification and selection of vendors and the subsequent award of contracts can also be open to personal influence, and suitable controls should be put in place for the management of those processes.
The NFA also highlights bid rigging as a procurement fraud risk that includes the collusion between contractors and their pre-determination of the winners of tenders. This is also acknowledged as a global risk by anti-competition commissions including the Malaysia ACC that highlights a number of global cases and methodologies. Globally, these examples of procurement fraud risk are recognised as common methods within which fraud and corruption can occur and which can result, if appropriate controls are not put in place, in corrupt influence and improper awarding of contracts.
Post-award procurement fraud and corruption risks can also be seen in a number of areas including payments based on false vendor information, false invoices (including requests for the amendment of company billing information) and legitimate payments diverted to illicit accounts. An organisation must have proactive links between departments, including accounts payable, procurement and compliance, respectively, to systematically identify and respond to such risks. It is how the organisation implements controls in this area that generally determines the level of mitigation and the subsequent extent of procurement fraud committed against it.
The FCA also confirms that the notion of bribery extends to anyone acting on the firm’s behalf who engages in bribery. The FCA affirms that it does not enforce or give guidance on the Bribery Act but firms which are subject to rules SYSC 3.2.6R and SYSC 6.1.1R are under a separate regulatory obligation to establish and maintain effective systems and controls to mitigate financial crime risk.
In a large percentage of cases, procurement fraud is facilitated with the support of an insider. Do individuals involved in purchasing on behalf of your organisation or the handling of supplier information face additional vetting procedures to ensure that you do not have a conflict of interest or fraud and corruption risk?
Where organisations have decentralised their procurement or accounts payable capability and have a number of procurement hubs to support their purchasing requirement, particularly in organisations with an international reach, they may develop weaknesses in their procurement and payment controls. Fraud risk may also increase in this area, particularly where departments are driven by time sensitive operational requirements and controls are relaxed to expedite procurement.
ENHANCED DUE DILIGENCE
Organisations should not just conduct due diligence on companies they use in developing new business but should also review business services that are outsourced, and which may include procurement. Organisations that either outsource their procurement capability or use temporary staff within their own organisation for procurement requirements have a recognised susceptibility to procurement fraud and corruption risk. Where a high level of risk assessment and vetting is not conducted in these areas it can leave the organisation open to corruption and procurement fraud schemes.
The World Bank highlights, within its fraud and corruption awareness handbook, that an insider threat can emanate from the leaking of information about cost estimates and competing bids to favoured bidders in order provide them with an unfair advantage which enables them to tailor their bid to secure a contract award. The method is simple to commit and difficult to detect, thus organisations must put security systems and controls in place to mitigate this risk.
Procurement fraud methodologies and schemes are not new, but globalisation and the outsourcing of business functions, together with the continued enhancement of technology that expedites business and financial transactions, has rendered this type of fraud more difficult to detect. The fraudster’s best tool is the combination of insider knowledge of an organisation’s processes and controls and subsequent ability to manipulate weaknesses within them to their benefit. Organisations must ensure that they have the correct understanding of their procurement fraud risk and that their controls adequately reflect the risk appetite of the organisation.