In PwC’s Global Economic Crime and Fraud Survey 2022, over half of organisations said they had experienced fraud – the highest level in twenty years of research.
Today’s criminals are constantly innovating new ways to target businesses and break into online platforms. Sometimes, bad actors are operating within organisations too.
Procurement fraud, also known as purchasing fraud, is increasingly being targeted by criminals, with greater complexity and information-sharing, as well as poor data quality, leading to greater fraud risk.
So, what exactly is procurement fraud is, how can it be spotted and what can organisations proactively do to protect themselves falling victim?
What is procurement fraud?
Procurement fraud is the unlawful manipulation of business trade agreements within the procedure-to-pay process to acquire goods, services or contracts unfairly.
An organisation may be defrauded at any stage of the procurement process from bidding to after the contract has been awarded.
There are five common methods of purchasing fraud:
Invoice scams
An illegitimate company sends fake but credible invoices, claiming payment for certain goods/services is required.
Sent with threatening messaging such as legal action, or strict payment deadlines, they incite quick, knee-jerk reactions leaving little room for review before paying.
False accounting fraud
Often when financial reporting is vague and hard to trace, fraudsters are attempting to cut a slice of profits, paying an accomplice, evading certain taxes or inflating share prices of an organisation.
Kickbacks
When an employee develops or has a close relationship with a prospective supplier, there lies the risk in them colluding to develop inflated invoices to be paid to this supplier with the intention of getting a cut of the profits.
Bid rigging
Businesses that are typically market competitors might work together to manipulate their target into paying more than they should by limiting or eliminating competition and then splitting the profits between them.
Fake vendors
This is usually a long-term operation where a fake business is paid repeatedly for goods or services that are never actually provided because the company does not exist.
What is the procurement fraud triangle?
As detailed above, procurement fraud often involves employees, highlighting the importance of training staff to spot the signs, vulnerabilities and understand the seriousness of being involved.
According to the 10-80-10 rule, ten percent of people would never commit fraud, ten percent of people are actively looking for the opportunity to and the remaining 80 percent may or might not commit fraud. There is no type of person more likely to commit fraud than another – it is circumstantial.
Criminologist, Dr Donald Cressey, identified the three factors likely to cause an individual to engage in fraud. Known as the Fraud Triangle, the three pillars are pressure, opportunity and rationalisation.
First is pressure. When someone comes under significant pressure, often financial, it increases the risk of them committing procurement fraud.
Sometimes pressure is applied by someone known to the person – perhaps through extortion or manipulation. Others may commit fraud when they feel pressure to hit certain targets or goals based on past poor performance or undue pressure from senior colleagues.
Second is opportunity. With 10 percent of people actively looking for the opportunity to commit fraud, any internal security weak spots or cracks in management can be exploited.
Finally, there is rationalisation. Someone wanting to commit fraud might have the pressure and opportunity but can’t rationalise a reason to do it – unless they are disgruntled, undervalued/paid or mistreated. Thoughts around the company ‘deserving it’ or being able to ‘afford it’ are examples of rationalisation.
What are the consequences of procurement fraud?
Procurement fraud can have lasting and serious consequences, damaging a business’ reputation but also costing them financially.
Legal and financial consequences leave their mark too. A recent report estimates that 40 percent of all businesses lose anywhere between €150 000 to €400 000 a year to purchasing scams.
Under the Bribery Act (2010), businesses or individuals found guilty of procurement fraud are eligible to be fined or face imprisonment according to the severity of the offence.
Furthermore, the relationship between businesses and vendors can become complicated, distrustful and acrimonious if fraud is suspected with no one wanting to take the blame.
How can organisations detect procurement fraud?
Generally, larger companies with longer supply chains, involving many stakeholders and bigger budgets, are more likely to experience procurement fraud. However, any company can fall victim.
Detecting procurement fraud requires constant vigilance and monitoring alongside having an in-depth knowledge if who each employee is, and vetting ones that are involved in company finances.
There are also red flags to look out for within the procurement function:
– Inflated vendor prices
– An unusually small pool of vendors
– Patterns in bid winners or losers
– Repeat selection of certain vendors
– An unlikely vendor being awarded the contract
– Mismatch between the contracts and the goods or services being delivered
– One individual managing the entire procurement process from start to finish
If red flags are detected, an internal and external investigation must be carried out, reviewing financials and suspicious vendors/employees.
How organisations can protect themselves against procurement fraud
The best protection against procurement fraud is proactively developing defences, maintaining regular monitoring and immediately responding to any red flags.
Being vigilant is a deterrent and limits opportunity for those seeking it, which saves businesses time and money.
Practical ways to protect against procurement fraud include enhanced staff training and awareness, enabling every employee to understand the risks and red flags, and spot and report the signs early.
Responsibility for specific vendor accounts should be rotated regularly, reducing the risk of one encouraging the other into fraudulent activity. Regular reviews and assessments should also take place, making sure that nothing slips under the radar.
In-depth research should also be carried out before any new contract is signed with an external supplier or service. Digitalising procurement, ensuring that processes are streamlined and protected with cloud based secure software, can boost efficiency and improve monitoring.
Using RFx software to streamline procurement processes makes it harder for scammers to spot opportunities to strike because of the auditability and traceability of all processes – the biggest allies in the war against fraud.
According to the CIPFA Counter Fraud Centre strategic model, protection against procurement fraud requires acknowledging who is responsible for monitoring it, identifying all the present risks, developing a strategy to mitigate these risks, providing the resources to do this, and then taking any necessary action.
In this model, deterrence and prevention must be carried out alongside investigation and detection. But should fraud slip through this defence, sanctions and redress are necessary remedial steps, including recovery of funds and assets.
Jack started his career at UBS Investment Bank in London as an analyst in the Infrastructure Mergers & Acquisitions team before spending 8 years in Equity Capital Markets, Equity Derivatives and Structured Financing where he raised over USD 5bn in financing for public and private businesses.
He left UBS as a Director and Head of Strategic Equity Solutions LatAm to become the CEO of DeepStream Technologies in 2016, with a vision to transform the way in which global procurement businesses transacted with their suppliers.