Many governments form global joint ventures with the private industry in the form of Public Private Partnership (PPP) or Private Finance Initiative (PFI) deals.
These are used as a way of funding public projects using private finance instead of public borrowing for projects such as infrastructure, schools, hospitals and transport upgrades. These arrangements are large projects and require a great deal of procurement support to ensure the successful delivery the project.
I have worked with many organisations both in the UK and globally that have been involved with PPP and PFI arrangements, and questioned whether procurement fraud risk identification is considered when these arrangements are being set up. The question is should it be? Here are two situations to illustrate the potential risks.
A new company is formed to facilitate a PPP/PFI agreement. The organisation is established and there are no procurement fraud controls in place. As it is established and finds its feet, naturally there will be a period of disorganisation. This is a great opportunity for fraudsters to embed and design their scams and wait for the work to start.
To reduce the risk of procurement fraud, best practice would suggest purchasing processes should be enforced from the start and other procurement fraud controls such as auditing contractors and sub-contractors, an efficient purchase-to-pay process and procurement fraud training should be introduced at the inception of the organisation. A proactive approach will always be more effective than trying to clear up afterwards.
In the second scenario, the PPP/PFI arrangement is going to be facilitated using existing companies. In this scenario, often two companies are merged to form a joint venture. So what type of procurement fraud due diligence could be conducted in this situation?
First, it may be prudent to see both organisations’ fraud strategies and policies, their risk registers and fraud investigation log if they have one. What to look for is entries relating to fraud, and specifically procurement fraud. In addition, any information relating to existing or historical fraud investigations should be examined. This would include previous audit reports so you can get the full picture. We’re looking for evidence of whether fraud has even been considered as a risk. If not, is there unknown fraud occurring?
Finally, here is a real life example:
A large organisation (X) formed a joint venture with a smaller company (Y). The two merged to become a larger, more successful partnership to secure a substantial piece of work.
X became the operational side of the company and the suppliers from Y were novated across to X. X took responsibility for those suppliers. Y had in excess of 900 suppliers and due diligence was not carried out because the task seemed too big and time consuming.
What was unknown is there was fraudulent activity in Y’s supplier database, with a large number of ‘ghost’ companies and the senior management of X were unaware these phantom firms were being moved to their organisation. They are also unaware a senior manager in X was collaborating with another manager in Y and between them they identified a fraud opportunity.
Not content with their current fraud fund, the mangers from X and Y identified there were no checks carried out on new suppliers prior to the movement to X. They set up new companies in Y and registered them on the supplier registration system.
These ghost companies were used to commit substantial fraud in the form of work and services not provided and this was not discovered for two years. The losses were immense and this could have been easily prevented by considering the risks in the early stages of the merger.
☛ Paul Guile is CIPS global procurement fraud advisor