Impact of Procurement Fraud within the Financial Sector
Procurement fraud is not an area of financial crime risk that is generally identified or specifically highlighted as a risk within the financial sector and yet in many cases, it is linked to the insider threat.
An investment in knowledge pays the best interest
In many procurement fraud cases, an associated risk can be corruption, where an individual accepts or requests a bribe payment to facilitate the awarding of a contract, and once a contract is obtained by this method, in many cases, further fraud can be committed ensuring maximum financial gain throughout the lifetime of the contract.
The Experian, UK Annual Fraud Indicator report, the loss to the public and private sectors in the UK from procurement fraud was estimated to be £121.4 billion, and the World Economic Forum estimate that corruption, bribery, theft and tax evasion, and other illicit financial flows cost developing countries $1.26 trillion per year. Although likely a significant loss, what isn't clear is the level of bribery within the private sector and therefore an area that the financial sector should pay more attention to.
THE INSIDER THREAT
Assessing bribery and obtaining or retaining new business, which includes the use and payment to third parties in developing new areas of business, there has been a number of published cases and reviews that have highlighted the extent of the risk that the financial sector faces. However, in publishing these risks have the financial sector and regulating bodies properly considered the extent of the fraud and corruption risk that they may face.
Bribery in the regulated sectors has in many cases been considered as a front office risk on the financial services and solutions that they provide, however, is procurement an area within your organisation that requires a second look to determine the extent of the fraud and corruption risk? Is this a financial crime risk that you aren’t aware of, is it part of your risk management plan or do you believe that the risk is so low that it requires minimal consideration as part of your compliance regime.
Procurement is a process that all organisations have and use, and financial sector organisations can spend hundreds of millions annually on, from cutting edge IT security to facility management and physical security services. But is it an area that your organisation focuses on or prioritises when assessing fraud and corruption risks? The British Standard BS10501 (Guide to Implementing Procurement Fraud Controls) delineates the many methods through which procurement fraud can be committed.
One of the challenges within the financial sector is the ongoing assessment and procurement of cutting edge IT infrastructure and in many cases is one of the largest procurement areas. Dependent on the approach and responsibility given to ownership and procurement of these solutions, greater autonomy can be given to IT departments and their leadership, where procurement routes and controls can be ignored. This may also show itself in the improper procurement of consultants and misuse of procurement cards for low value procurement, particularly where there is a lack of governance or risk assessment in the process.
Although the financial sector has a clear focus on risk, this capability is only as good as the knowledge of the individuals assessing these risks. Over the years we have identified different bribery and procurement fraud risks that were missed during the risk assessment process, which has included the weakness in the invoice payment process where 60% of the invoices received didn't have a requisition or purchase order. This meant that the only control in the procurement process was the review before payment. If there was a weakness in this control then it would leave the process open to the creation of fake invoices for fictitious goods, works or services.
The recruitment of IT expertise is an essential part of the banking infrastructure and in many cases the financial sector use specialist recruitment companies to identify key candidates. Where, as a case example, the head of an ICT department consistently fails individuals within the interview process and then goes outside of the normal recruiter to identify a specific individual for a role through a different recruitment company. The risks highlighted within this case included the individual recruited was a friend of the ICT head and secondly why was the recruitment company paid for this individual when the head of ICT already knew the individual.
Organisations that don't put enough emphasis on the expertise of procurement staff and procedure, may increase the risk of bribery and corruption, where a procurement team is only used in an advisory role for high value projects. In instances where departments carry out their own procurement, it may reduce the segregation of duties controls and increase the procurement fraud and bribery risk.
Globally, procurement fraud is limited within organisation crime strategies and consequently, there has been limited assessment of risk in this area.
The UK Financial Conduct Authority (FCA) has tended to focus upon bribery and has published the results of thematic reviews in order to assist organisations in evaluating and developing their own anti-bribery systems and controls. These have included a thematic review on anti-bribery and corruption in commercial insurance broking and anti-bribery and corruption systems and controls within Investment Banks. The further publication of the final notices to Aon Ltd, Willis Ltd and Besso Limited have provided a specific focus on third party bribery risk in obtaining and retaining new business and the marketing of financial solutions that an organisation may offer.
The use of procurement contracts to obtain and retain new business within the financial sector, has featured only to a limited degree within FCA publications and then only in relation to third party relationships (including general comment on policies and procedures for said parties) and due diligence. Although corruption and fraud within procurement can be serious risks, FCA publications mention bribery risk in procurement fleetingly and then only in terms of a commentary on good practice for specific organisations’ implementation of anti-bribery initiatives.