We've received many queries lately about Spend Matters PRO content: What is it? How is it different from regular Spend Matters coverage? For the next couple weeks, every Thursday, we'll feature a full article that has appeared on Spend Matters PRO. Keep in mind: this is the stuff that appears on Spend Matters PRO every single day. This content is bigger, more in-depth, and juicier than anything you've seen before on a regular publishing schedule. So enjoy the freebies...but for maximum impact, it's best to become a Spend Matters PRO subscriber!
Today's post comes from Peter Smith, originally published as Part 1 and Part 2 in a four-part series on June 19 and June 21, respectively.
We have been reporting on what seems to be an increasing number of procurement-related fraud cases that have come to the UK Courts in the last few months. They're a source of endless fascination, and while the specifics are always different they certainly share some common characteristics.
In this series, we'll take a look at three issues:
- Why might fraud be on the increase, and is the problem likely to get worse?
- How is fraud being executed?
- Finally, what should procurement executives be doing to counter the threat?
Despite the fact that we're working to a more generous word count here on Spend Matters PRO than we do on our other sites, I'd stress that this is not going to be an exhaustive guide. The subject is too extensive for that, so look out for more on the topic in the future.
As we say, there have been a plethora of recent examples of procurement-related fraud. We tend to think of the archetypal procurement fraud as involving somebody inside the organisation and someone outside – a supplier or a pseudo-supplier. But it's interesting that the recent UK cases have shown the variety of fraud, and have demonstrated that you don't need two parties.
One recent case (that we might define as a classic of its genre) saw the head potato buyer of Sainsburys (the UK's second or third-largest supermarket chain), colluding with senior staff at a potato supplier. The buyer paid over the odds for the potatoes and the extra income went into a slush fund managed by the supplier, which was used to pay the buyer via both pure cash and through trips to expensive hotels and similar.
In another example, we heard of MOD staff tipping off a favoured supplier and providing them with confidential information to help them win contracts in return for payments received from that supplier.
Both of those involved two parties: the buyer and the suppler. But then there's the current trial of a Lloyds Bank employee. This appears to be a purely internal fraud, where she allegedly authorised fake invoices from dummy companies she had set up herself. It is possible in such cases that, unlike two examples above, no third parties are involved at all.
And as a final example for now, the UK's Olympic Delivery Authority and the construction firm Skanska were the victim of a fraud that had – as far as we can tell – no internal participants. The fraudsters communicated with ODA in the guise of Skanska, telling them that the money owed to Skanska (a genuine supplier) should be paid into a different bank account than their usual. ODA believed the message, and paid the money into what was, as you've guessed, an account set up by the fraudsters.
Frauds can therefore include participants from both buyer and sales side working together. They might also involve purely internal staff, or indeed purely external. They can be committed by a single person or rely on collusion and multiple players.
So, with this huge variety of types and examples, what common themes and lessons can we draw?
Let's start with motivation – why does fraud take place? While I'm not a huge fan of the modern detective culture, between the ages of 14 and 16 I read everything Agatha Christie and Raymond Chandler ever wrote. And if I remember one thing about crime, it's this:
MOTIVE + OPPORTUNITY = BAD THINGS HAPPEN
Fraud is a crime, and the same equation works for a manager falsifying invoices to a dummy company, just as it does for the jealous wife with an unfaithful husband, a life assurance policy on his head, and a penchant for admiring the view over the hotel balcony.
So, everyone who commits fraud has a motive. Now we might consider that those motives are hard to legislate against in the business environment. But an understanding of motivation might help organisations spot where risk may be greater, and take pre-emptive actions to reduce the chance of that potential turning into money disappearing out of the door (or the bank account).
My hypothesis is that there are three key reasons (motives) why people – particularly internal staff – commit fraud. In no particular order:
Financial need – the most obvious, often driven by a problem such as debt. That may be caused by factors outside their control, such as mortgage rate increases, or more avoidable drivers such as a liking for expensive company of the opposite sex. Gambling is another not unusual factor that leads to debt and ultimately crime. In one case I'm aware of, a senior accountant made payments to a dummy supplier (which he controlled) because he had "the Peterborough* mafia on his back for horse racing betting debts". No, I had no idea either...
A psychological defect (as we might call it) – perhaps a pathological desire for excitement; or a "cry for help", as the newspapers like to put it. This is often unrelated to a tangible need for cash, and doesn't appear to be even simple greed – there's a parallel perhaps with the shoplifting habits of Hollywood stars like Wynona Ryder. In another case, I know of two very senior marketing executives who were fired for a complex fraud involving submitting duplicated hotel bills to generate expense claims. Given the return compared to their salaries, I suspect it was driven by the thrill of the fraud, rather than real financial need.
A sense that "I deserve it" – Whilst this could be considered pure greed, it is often driven by a feeling of being undervalued as an employee, or a jealousy of others. Perpetrators may even feel they are morally in the clear, and academic research suggests this is a major driver of fraud. It's often evident in the type of fraud where a secretary or administrator working for a very rich individual, or a junior person in a firm where top staff are highly rewarded, help themselves to some of the bosses wealth.
This final factor interests me. As the gap between rich and poor gets wider in our societies, are more people feeling like this? When a mid-level executive, whose salary is fairly static (or worse) sees bankers and CEOs earning millions, and footballers, rock stars or baseball players rewarded handsomely, are they more likely to think, "why not me – I deserve it as much as him/her"?
Clearly, the first of our three factors – financial need – is likely to become more significant in tough economic times. Whether or not the final factor changes over time, I don't know for certain, but it seems likely as inequality grows generally. So we can assume, I suggest, that two of the key motivational drivers for fraud are increasing.
Is there anything organisations can do to counter this, beyond the appropriate process measures we'll talk about in parts two and three of this series?
Should organisations try to identify addictive personalities, or those individuals who are intrinsically thrill seeking? Avoiding blatantly unfair allocation of reward is clearly sensible for many reasons, not merely in order to minimise the chances of fraud. Being aware of staff that may feel, rightly or wrongly, that they're under-valued, and not putting them in a position with the potential for fraud, is sensible.
But perhaps it's just a case of being aware that fraud does happen, and the drivers, and keeping alert to individuals' behaviour that might suggest a tendency to fall into one of these categories.
More important (and actionable) are the process and control measures that can be put in place; we'll cover those later in this series.
*A small/midsized city in Eastern England, once an agricultural/religious centre, now a light industry/services hub. And apparently popular with illegal gambling rings and rife with scary enforcers...
So, having set the scene in Part 1 by looking at some of the motivations of the fraudster, how can we minimise the chance of procurement-related fraud – at least in our organisations?
Like so many things in life, the simplest advice is to follow the money. Ultimately, procurement-related fraud is about getting money from the organisation without proper justification. The procurement aspect of our analysis means we're interested in cases where there is some link with third-party supply of goods or services, although as we saw in part one, it does not actually have to involve a third party at all.
So if we're going to look at ways to prevent fraud, it's worth taking some time to think about how we can classify different types of fraud. This should make it easier to take preventative measures. There are different ways of doing this; for instance, we might classify fraud types in terms of what the organisation gets in return for the money it expends. We find these options:
- The organisation gets nothing in return – the classic "invoices from fake suppliers" scam, or the ODA diversion of payments.
- The organisation gets something, but either not as much as it should for the money spend, or of inferior quality, or pays over the market price (the Sainsbury's potatoes example).
- The organisation actually gets acceptable market value – but the process involves fraud.
The last is an interesting case. The recent MOD trial in Northern Ireland, which actually featured events from 10 years ago, saw a supplier winning contracts with the aid of confidential information provided by MOD staff. But, having read the judge's comments, there was in fact no real evidence that the supplier actually charged anything other than reasonable prices, and in some ways they seemed to have been an exemplary provider. However, they did make payments to MOD staff, which clearly shouldn't have happened.
But what if the staff had leaked information because they truly believed this supplier was the best, and they wanted them to win the work – but no payment had changed hands? Would that have been fraud? What about the buyer who chooses a favourite supplier in a skewed evaluation process – but for what she believes are genuine reasons (they do a great job), and without any obvious reward? Fraud, or bending the rules for good business reasons? And what if our buyer gets a consulting role from them when she retires?
The point we're making is that there are several gray areas here, where fraud merges into something we might consider questionable or slightly sharp business practice, but not fraudulent. Another example came a few years back from a major consulting firm with whom my organisation had agreed a consultancy day rate of, let's say, £1500 a day. But I found they were actually invoicing on an hourly basis: they took the £1500 and said that was in effect £200 an hour for a 7.5-hour day. So if their consultant worked from 8.30 to 6pm with 30 minutes for lunch, that was a 9-hour day, and they billed at £1800!
Was that fraud? Perhaps not, but given we hadn't agreed that in the contract, it was perilously close to it. (And we told the supplier to stop as soon as we discovered it).
But let's focus again on our classification. Another useful way of looking at things is this issue of who is involved in the process that drives the fraudulent activity. Again, we have three options:
External party only
Examples here include submitting false invoices or diverting genuine payments to a bank account (as in the ODA example). In those examples, the party does not need to be an actual supplier; anybody can have a go at that type of fraud. But for those fraudsters who are genuine suppliers, the options here are considerably wider. The supplier might invoice for work that wasn't actually done or products that weren't actually supplied, or over-charge, or submit inferior quality products charged at a higher price.
Internal party only
As we've seen through some of the recent examples we discussed in Part 1, the classic here is the creation of false invoices that generate payments to a firm controlled by the employee, or that generate improper expense payments directly to the employee. These could even be invoices for goods or services that were actually supplied, but it is more usual to find that they weren't supplied at all. In the case of travel and related claims, it could be fake airline tickets or hotel bills, or real but doctored or duplicated documents to generate expense payments.
Internal/external parties working together
In this category, we have a wide range of options, ranging from the minor (slipping the favoured supplier a bit of inside info to help them win the tender in return for a nice dinner) to the multi-million siphoning of funds through invoices for non-existent services. In general, both parties gain; the supplier wins a contract they shouldn't, or receives more income than they deserve for what they supply; or indeed without supplying anything. The insider receives cash or other benefits for their contribution.
We pointed out in Part 1 that it tends to be more senior staff that engage in fraudulent activities. Looking at this categorisation, it's easy to understand why. So many of the different types of fraud depend on someone internally who can make decisions. That may be a decision on awarding a contract to a particular supplier, or a decision in terms of approving a payment; or signing off that goods received were correct, as they should be.
The types of people who can do this tend to be senior. So when we look in Part 3 at how organisations can address the risk areas, bear in mind that steps must apply throughout the organisation; they will be ineffective if the process says, "except for VPs who can approve invoices without counter-signature..."
You can catch the rest of this series on PRO.