The Insider Threat: The dark web of the bribery network

The fraud and corruption case and the insider threat highlighted within this recently published case by the Federal Bureau of Investigation documents not only how easy it was for individuals to perpetrate the procurement fraud but how easily it could have been prevented.


From September 2009 to August 2015, a US company, purported to provide construction services. Using his position of influence as Regional Manager for a construction contractor, steered subcontracts to a construction company that he owned. To conceal his ownership, he signed the subcontracts as Keith Walsh, the purported owner or vice president of the construction company. There was, in fact, no person by that name who owned or was the vice president of the company.


He used his own company to obtain payments from the construction contractor by submitting invoices and bills on behalf of his company for work purportedly performed. Many of the invoices and bills included charges for work that his construction company only partially did, or for work that was not performed at all, causing losses of $1.4 million.


He also accepted kickbacks totalling $180,345, from four subcontractors who served as subcontractors to the contractor on various construction projects knowing that the subcontractors expected, in return, to obtain favourable treatment from him as the Regional Manager of the main contractor.


METHODOLOGY


The key points in this case are as follows:


  • Regional Manager was in an influential position to offer favourable treatment to the subcontractors

  • Regional Manager hid his ownership of a subcontractor and steered work to his company

  • Submission of false invoices to client for work that wasn't conducted or not fully completed

Once again, this case highlights the importance of conducting due diligence on the main contractor and their sub-contractors before a business relationship commences. All sub-contractors should be authorised before use to ensure that they are able to complete work and also that there is no conflict of interest. Using a sub-contractor or Ghost company as a front for the work is not an uncommon method of bribe payment to an individual working within the client’s organisation or the main contractor because in many cases the transactions and audit trail is hidden.


CHECKS AND BALANCES


Where an insider threat has been identified, to assess the scale of the problem or whether it is just a procedural issue there are a number of key checks that need to be conducted:


  • Check individuals details against contractor, subcontractor and all registered suppliers details for conflicts of interest risk

  • Check contractor and subcontractor company formation and registration information to confirm ownership, shareholders, directors and any links to individuals that is an insider threat

  • Analyse the financial transactions between your organisation and contractor and verify whether work has been completed and to the correct quality

  • If there is a conflict of interest risk identified or there is concern about the completion or quality of the work, clarify how far back contracts go with the contractor and also how many contracts and contractors has the insider worked with

Obtaining answers to these questions, will give you an initial assessment of the scale of the risk that your organisation may be facing and whether it is only one person involved or there is a darker web and network of individuals involved. It should also be the starting point to reassess your organisations risk mitigation strategy within your procurement lifecycle and projects.


It is not uncommon for government organisations to outsource the management of a project to the main contractor basing governance of the project on trust. Given the global figures of fraud and bribery and the high risk of procurement fraud within the construction sector this is a naive approach and attempt to save money.