With over 15 years of experience in finance, risk management and data analytics, Bill understands exactly what enterprise businesses should be thinking about as they build their corporate growth and risk strategies. Prior to joining Creditsafe in 2021, he spent six years at Dun & Bradstreet as Area Vice President of Finance Solutions and Third-Party Risk & Compliance.
Technology is helping fraudsters get better at attacking your business -- here's how you can use it to fight back
In the 60s cartoon The Jetsons, a family in the year 2062 lives in an apartment in the sky, going to work and shopping in their flying car and being waited on by their robot maid. Ever since, we’ve all been waiting for our flying cars. Or maybe that was just me?
Either way, even though we don’t have flying cars quite yet, technology has continued to develop at a breakneck pace. So, what does that mean for your business? It really depends – the opportunities can be endless if you know what to look for.
Let’s talk about procurement fraud today. When your business relies on suppliers to produce your goods, you can’t stick your head in the sand and hope for the best. Procurement fraud is an unfortunate reality for any company in the same position. So instead of crossing your fingers or doing the bare minimum when it comes to compliance and KYC checks, use technology to make your life easier. Not only can technology help you deal with procurement fraud head-on, but it can also help you prevent it in the first place.
The future is now, right? So, let’s check it out.
What is procurement fraud?
Procurement fraud is an area of fraud that impacts your supply chain. Your company is vulnerable to procurement fraud schemes if you rely on suppliers to produce the goods you sell. There are several different types of procurement fraud, but they all have one thing in common: they can wreak havoc on your business and cash flow.
When a procurement fraud scheme works for the fraudsters, they interrupt your procurement process to benefit themselves. This could happen at any point in the procurement process, so you need to know what to watch out for. In the past, for example, we’ve talked about invoice fraud. To refresh your memory, that’s when a fraudster sends fake or inflated invoices to your business and hopes that you pay up without doing your due diligence. In many cases, it’s an example of procurement fraud that quickly starts to impact your bottom line.
Do you really know your suppliers?
Enter a company name to view a free business verification report
Procurement fraud can have a huge impact on your business. And not for the better. Paying fake invoices, for example, can have you sinking money into businesses that don’t even really exist. That leaves you with less money available to pay your real invoices. Before you know it, your cash flow could be seriously strained.
But procurement fraud doesn’t just impact your finances. Let’s say, for example, you work with an overseas supplier for years. You trust and rely on this supplier and you’ve never had any problems with them. But then one day you learn that your supplier has been found guilty of bribing their government to win bigger contracts. Suddenly, you’re associated with a bad actor: will your customers think you’re okay with bribery?
Our research study The Murky Waters of Overseas Manufacturing, for example, asked manufacturers what they feared the most about working with a supplier involved with something like bribery. The number one response? Reputational damage. That’s why it’s so important to do everything in your power to avoid procurement fraud in all its forms.
Of course, the simple answer to the question “what is procurement fraud?” is “something you don’t want to have to deal with.” So, let’s talk a bit about common procurement fraud schemes and how to stop them before they spiral out of control.
Common procurement fraud schemes
Since procurement fraud can be so wide-ranging, it’s important that you understand what it might look like. Let’s take a look at a few of the most common types of procurement fraud schemes.
Chapter 1
Bribery
When you’re working on a level playing field, all you can do is the best work possible and hope others respect it. In an ideal world, the business that provides the best product would be the most successful. Unfortunately, that’s not always the world we live in.
Procurement bribery is when a company pays a person or organization to improve their standing. One of the biggest bribery cases is KBR, Inc, a massive engineering and construction firm. In 2008, the Department of Justice charged the company with several offenses, including paying hundreds of millions of dollars to secure a natural gas plant construction contract in Nigeria. The result? $402 million in fines and $177 million to the Securities and Exchange Commission (SEC).
But bribery doesn’t always happen on such a huge scale. It could be much simpler depending on the regulations your business is bound by. For example, if your business or CEO regularly supports a charity and you award a supplier contract to a business after they donate, this could be seen as bribery.
Red flags to watch out for: A company’s invoices will tell you a lot about whether bribery may be at play. For example, if there’s a large sum of money being passed between companies under something vague like “admin fees,” it could actually be a bribe. Keep an eye on payment patterns. If a company is invoicing every week instead of every month, for example, they could be trying to obscure the fact that they’re actually paying a larger amount of money than they’re supposed to.
How to avoid it: Make sure your anti-bribery policy and controls are clear to all your employees from the second they start working for your company. From there, your invoicing processes will help identify any bribery attempts. Bribery relies on hiding things. So, if you keep a strong, clear paper trail each time an invoice comes through, you should be able to spot bribery red flags. Remember that working with companies who are found to be guilty of bribery could result in a compliance violation for your own company.
Make sure your policies are updated frequently. With the fast pace of technology only giving fraudsters more opportunities, you need to be vigilant. It’s great if you have a procurement fraud policy. But if that policy is 10 years old, for example, it may already be obsolete.
Chapter 1
Conflict of interest
You’ve probably seen the discussion surrounding “nepo babies” in Hollywood: the children of famous actors or directors who go on to land roles they might not deserve because of their connections. Procurement conflicts of interest may not be as glamorous as a summer blockbuster, but the thought behind it is similar. Plus, they can impact your business massively.
A conflict of interest is when someone in your company has a personal or financial connection to a supplier that you do business with. In the eyes of the law, you could be seen as using your business to gain yourself. Let’s say, for example, you sign a contract with a new supplier without first checking for conflicts of interest. If it’s later discovered that your procurement manager’s spouse owns that supplier, it would be a huge conflict of interest. People would – rightfully – ask questions about whether that supplier was really the best choice, or if they were only selected because of the personal connection.
Red flags to watch out for: Conflicts of interest can get a bit awkward since the person responsible has to have some kind of personal connection to it. If an employee is pushing extra hard for one particular supplier over another with no obvious reasoning, it could be a red flag for a conflict of interest. They might argue that the vendor is the absolute best company for the job or want to rush through onboarding and compliance checks. If a choice seems to be influenced by a single relationship, or if an employee is resistant to auditing their decision, alarm bells should start ringing.
How to avoid it: When you work with a supplier and discover that an employee has, for example, a sibling working at that supplier, it doesn’t necessarily mean there’s a conflict of interest. What you need is to be able to prove that your employees aren’t personally or financially profiting from their involvement or association with your suppliers. The way to do that is through a clear paper trail and processes that you go through every time you on-board a new supplier. If you can prove that you’ve gone through all the appropriate checks and decided on your supplier organically, for example, you’ll have a much better defense against any conflict-of-interest accusations that could pop up. If there’s any kind of connection or affiliation between an employee and a vendor, it’s a potential conflict of interest. That doesn’t always mean that the deal has to be scrapped, but anyone that could be connected to the company should immediately recluse themselves from negotiations and contracts.
Chapter 1
Price fixing
There are tons of fancy economic terms that explain why things cost the amount they do. Sometimes though, it’s not about economics at all – it's price fixing.
Price fixing is when companies decide to increase the price of their product to falsely inflate the value. An example many people remember happened in 2018 with major Canadian supermarket chains like Loblaws, Metro and Sobeys. The three chains, along with others, agreed to raise the price of bread by 96% between 2001 and 2015. In 2024, Loblaws was fined a record $500 million for their involvement, proving again that procurement fraud doesn’t pay.
But price fixing isn’t just a risk for consumer-facing businesses. In 2022, for example, the Attorney General’s Office sued Amazon over its “Sold by Amazon” program. Through this program, Amazon worked with its retailers to agree prices with third-party sellers. The AG’s office argued that “Amazon restrained competition in order to maximize its own profits off third-party sales. This conduct constituted unlawful price fixing.” Amazon was forced to shut down the “Sold by Amazon” program and paid a $2.25 million fine.
Red flags to watch out for: Price fixing is one of the more difficult types of procurement fraud to pin down. But that doesn’t mean it’s impossible to watch out for. If you rely on a particular product or service as part of your company’s everyday operations, you should get a pretty good understanding of how much things cost. If those costs start to creep up in a way that doesn’t feel quite right, you might be noticing price fixing.
How to avoid it: Unfortunately, if your vendors are participating in price-fixing, there might not be too much you can do about it. Instead, you should look at other vendors wherever possible. Keep a close eye on your invoices and look for trends in pricing. Do the changes line up with inflation and the current economy, or does something seem off? Remember that, even if you can’t always do something about price fixing in the moment, you can – and should – report it when you suspect price fixing is at play.
Chapter 1
Bid-rigging
They say, “may the best man win,” but they don’t always mean it. Bid-rigging is a scam where companies conspire with each other to decide which of them will win a bid. It’s a type of price-fixing that can be particularly harmful. Companies coordinate their bids on procurement or project contracts to manipulate the bidding process, usually to drive prices up overall. Often, the companies take turns deciding who receives the business so that each guilty business has a steady stream of income. If, for example, each bid is 50% more than the job is worth, but the “winning” bid is only 20% more, you may feel forced to go for the “least expensive” bid. But that bid is still inflated.
Bid-rigging is especially prevalent in industries that rely on lots of suppliers, like construction and healthcare. Earlier this year, for example, four erosion control company owners from Oklahoma pleaded guilty to bid rigging. Over the course of their scheme, they targeted over $100 million in publicly funded projects going as far back as 2017. Now, they all face up to 10 years in prison and $1 million fines each. Bid rigging doesn’t seem so worth it, huh?
Red flags to watch out for: Suppliers should be doing everything they can to win your business during the bidding process. If their bids come with stipulations like unreasonably short timeframes to make your decision, it could be because the suppliers have already chosen for you. In other words, you’re at risk of bid-rigging: head for the hills.
How to avoid it: You need to be smart about identifying bid-rigging. The easiest way to spot potential bid-rigging is to compare the bids you receive from potential vendors. Is there a clear “winner” in terms of price? It could be that you got lucky and found the perfect vendor for your business, but it could also be something more sinister. Keep detailed records of your bidding processes – not only will this help you identify bid-rigging, but it’ll also come in handy when it comes to auditing. Keeping a clear audit trail can help you spot the patterns that come with bid-rigging.
This is where reading bids carefully comes in handy, too. Some businesses use specific language when they describe their services. If you suddenly see the same language pasted into a bid from another company, it could indicate that the original business had a hand in writing the bids.
How technology can reduce the risk of procurement fraud
Chapter 1
Risk management software
Using technology to help you make decisions about which suppliers you use can help every corner of your business. In our research study AI’s Role in Business Risk, we asked finance managers what their most pressing concern was for their business. The number one answer was the need for strong data management and analytics. Having a clear vendor evaluation process helps you make better decisions about who you work with. And using automated software makes that process so much easier. Rather then spending valuable time digging into their financial information and trying to make sure you remember all the details, you could get a quick yes or no answer about whether to extend credit to them or whether you should avoid working with them altogether. Once you have a better idea of their financial situation, you can make more informed decisions about whether to work with them.
Chapter 1
KYC Software
KYC checks are an essential part of working with vendors and suppliers. You should be running KYC and compliance checks every time you’re thinking of onboarding a new business, but that goes double for international suppliers. Remember, you’re responsible for compliance in every part of your supply chain. If something goes wrong at any point – if one of your suppliers is found to be bribing their local government, for example – you'll have to pay the fines associated with that.
Since you can’t always keep a close eye on every one of your suppliers and their behavior, regular KYC monitoring is a must. A good KYC software should regularly update you on any changes in your suppliers. Whether it’s a compliance violation, legal filing or even adverse media that could impact your reputation, you need to know. Since the most important part of resolving compliance violations is to catch them early, a good KYC software should be your best friend to avoid procurement fraud.
Chapter 1
Risk data integration
Isn’t it nice when you find a win-win scenario for your company? They aren’t all that common, but when they come up, they’re great. Data integration is one of those things. First of all, integrating credit risk data into your existing workflows means you’re able to make credit decisions faster across teams. With our recent research showing that 75% of finance managers can take up to a whole day (8 hours) to reach a single credit decision, making credit risk data more accessible for your team can go a long way.
But that’s not all. “A lot of risk comes from being overburdened by processes,” says Nileema Ali, Senior Product Manager for Creditsafe. “Consolidating processes can reduce the gaps in your workflows. Those gaps are where risks increase, so reducing them better protects your company.”
In total, there are 7 risk domains you should be thinking about when it comes to procurement fraud. They are:
Financial Risk: This is where things like credit risk data come into play. You need to know how much of a risk it is to work with a particular business based on their current financial situation.
Cyber Risk: We’ve been talking so much about technology’s impact on fraud, so this one should be a no-brainer. How vulnerable is this company to things like cyber-attacks, data breaches, or phishing? All of them can have an immediate knock-on effect to your business.
Location Risk: Where are your suppliers located? The answer may raise or lower their risk to you. Think about it: if your suppliers are located in a politically unstable country, the risk of war or violence could be much higher. Make sure you understand the laws and context that applies to each of your international suppliers.
People Risk: It’s not just Barbara Streisand who thinks people need people – they're the key to a successful procurement process. But that also means they can harm the process, or even expose your business to risk. You won’t always agree with everyone, but finding suppliers who share your business values can prevent things like bribery or other types of procurement fraud.
ESG Risk: Suppliers are required to comply with environmental, social and governance laws. Making sure these ESG risks are constantly evaluated will help you avoid fines and reputational damage. That means you should also be evaluating the potential ESG risks before you work with a supplier – what are their employees’ working conditions, for example?
Operational Risk: During the pandemic, much of the general public learned more about the supply chain than they had before – namely, because that chain was broken. Assessing a supplier’s potential operational risk means taking a look at their processes and understanding what might cause problems within them.
Nth Party Risk: You rely on your suppliers for key materials or products for your business. For you, it’s a simple transaction – you pay, they give you the materials. But that doesn’t mean it’s that simple for your supplier. Nth party risk assessment means looking at your supplier’s supply chain. How many other companies are involved in the product you ultimately purchase?
By integrating risk data into your existing workflows, no one needs to navigate away from your CRM to validate information. Keeping everything in one place lowers the risk of human error and mistakes in credit applications and vendor management.
Chapter 1
Data cleaning
Did you know that business data decays at a rate of 22% a year? If it’s been a while since you’ve organized and cleaned your data, you could be leaving yourself vulnerable to procurement fraud. And that’s just the tip of the iceberg: if your data isn’t up to date and accurate, you could be making bad decisions about who to work with or giving favorable payment terms to businesses likely to pay you back late. 49% of sales professionals surveyed in our research study The Sales vs. Credit Control Battle said the quality of their data is very important in streamlining and improving their sales processes. Basically, the better your data, the better your results.
Data cleaning gives your team the most accurate and up to date information to work from. That way, if your company is targeted by procurement fraud, you’ll be able to catch it faster. If, for example, a fraudster tries to use a fake invoice to defraud your company, having a strong database with up-to-date information would help you identify the fraud right away.
Make supplier evaluation a breeze
About the Author
Bill James, Director of Enterprise Sales & Strategy, Creditsafe