I presented last week as part of an event run by CIPFA –  the Chartered Institute of Public Finance and Accountancy. As you can imagine, their live events are notorious for wild behaviour and partying, but this was online, luckily for me. (OK, just my little public sector accountancy joke there…) Anyway, I talked about Bad Buying, particularly in the public sector context and with a focus on corruption and fraud which I thought would most interest accountants.

One of the other speakers, Mohamed Hans, a lawyer and public procurement adviser, talked about the “typical” profile of a corporate fraudster. Most work within the organisation, and apparently, he – and more often than not it is a “he” – is most likely to be middle aged, with quite a few years of service, well-respected internally, and in a management position.

I guess that all makes sense. You need to have some authority generally to commit fraud – in the procurement space, it really helps if you are a budget holder or can sign off expenditure in some way. If you have been around a while in the organisation, you are more likely to understand the systems and processes, and how to get around them to commit your fraud. All of that points to someone of a certain age, seniority and length of service.

That fits with my personal experience. Probably the closest I came to a major case was when a senior procurement executive who had a “dotted” reporting line to me was prosecuted for a fraud where he appeared to be in league with some very unpleasant “Russian gangsters”, according to the police. My firm was not aware of the fraud but the police spotted odd transactions at the gangster end of things, which it emerged came from our villain signing invoices for non-existent furniture purchases, with the payments going to the gangsters. He was in his forties, in a senior role, and had been with the firm for at least a decade, so he fit that archetype perfectly!

Other cases in my Bad Buying book include a mid-level executive for Toys ‘R ‘ Us at Maidenhead in England. He was a  “typical middle-aged accountant to colleagues, living in a semi-detached house near Reading and driving an old Vauxhall car. But actually he lived a double life and was stealing millions from the firm, spending money on sports cars, prostitutes and even an estate in Nigeria for his secret mistresses! He was ordered to repay £3.6 million when he was finally caught, as well as being jailed in 2010 for seven years. (His jail term will increase if he doesn’t pay the money back.)

His fraud was simple. He created a fictitious toy manufacturer, a ‘supplier’ to the firm, and then made regular payments of £300,000 a month over more than two years to that account, which of course he controlled. When this was reported in the press, one reader’s comment was amusing: ‘so he spent £2.4 million on call girls and sports cars – and wasted the rest’!  But it’s not really funny; this was shareholders’ money, and sympathy is due to his wife and family, who knew nothing about it and did not benefit in any way”.

Just to show it isn’t only men, the (female) interim director of operations at Ealing Hospital NHS Trust stole more than £200K back in 2008 to pay for (among other things) horse semen, needed for her stud-farm business. She fraudulently signed off payments, which went into her own bank accounts rather than to genuine suppliers. The judge said that she was, ‘a woman of very great ability and up to this point of very high character. The difficulty and sadness of cases such as this is only people of high ability could get themselves in a position where they can defraud people and the NHS of the amount of money you took.’

However, in most cases, fraud can be prevented quite simply. The most basic advice includes that no single person should be able to “create” a new supplier, and onboarding checks must be made. Then again, no one individual should be able to authorise a payment (e.g. by signing off an invoice) to any supplier, without some sort of check from another person.  It is not unknown for two or more people to collude in frauds, but in my experience establishing that sort of basic control reduces the probability of fraud by a significant factor. Carrying out a fraud alone is one thing; asking another person to collude with you brings another level of risk for the fraudster.

And don’t assume someone couldn’t possibly be a fraudster because they are respected, have worked in the organisation for years, are senior, go to church, are kind to animals …. Criminals come in all sorts of shapes, sizes and disguises!

(Two posts in a row about blood – that’s a bit weird)!

Earlier this month, Elizabeth Holmes went on trial in San Jose, California, accused of six counts of fraud.  That relates to the blood-testing firm she founded and ran, Theranos, which was claimed to use unique technology to perform a range of tests with just a small sample of blood. The claims were later revealed to be largely nonsense and in some cases the results might even have proved misleading or dangerous to the user. When one of the Theranos laboratories was inspected in Newark, California, in November 2015, the inspectors concluded that “the deficient practices of the laboratory pose immediate jeopardy to patient health and safety.”

The cautionary tale has been turned into a best-selling, award-winning and definitive book, Bad Blood by John Carreyrou and is going to be the subject of a film with Jennifer Lawrence playing Holmes.  But in real life, it seems that her defence during the trial may claim she was under the influence of her older and more experienced business partner and one-time boyfriend, Ramesh Balwani.  They may also claim that she really did believe in the product and it was others within the firm who misled her about the actual way it worked (or didn’t).

Although some experts warned from the early days of Theranos that there were questions to be answered about the product, Theranos raised hundreds of millions in investment from famous people such as Henry Kissinger and Rupert Murdoch.  Perhaps they were dazzled by this confident, smart young blonde woman, who seemed to be particularly effective at persuading older men to stump up large investments!

But as well as the investment aspect to the story, there was also a Bad Buying link to the events. Here is how I described it in my book (“Bad Buying – How organizations waste billions through failure, fraud and f*ck-ups)”.

“Buying failure comes into this because the pharmacy chain Walgreens spent $140 million with Theranos over seven years, hosting around forty blood-testing centres in their stores. They got very little benefit from that and recovered some $30 million after a lawsuit and settlement following the eventual disclosure of the issues. Amazingly, as Bad Blood reports, Walgreens’s own laboratory consultant, Kevin Hunter, had seen early on that something wasn’t right with Theranos. But the executive in charge of the programme at Walgreens said that the firm should pursue the pilot because of the risk that CVS, their big competitor, would beat them to a Theranos deal.

Again, buyers wanted to believe that something was real, even in the face of mounting evidence that it wasn’t. This relates back to comments around believing the supplier– those earlier examples weren’t demonstrating fraudulent behaviour, but the principle is similar. It is easy for a naive or gullible buyer to be sucked into believing what the supplier wants them to believe.

Suppliers will take advantage of this tendency – whether it is the relatively innocent ‘Yes, we can install this new IT system in six months’ or the more dangerous ‘This equipment will find hidden bombs’. And FOMO – the fear of missing out to the competition – is something else suppliers will use, and that can lead to bad decisions. It’s not just physical goods, either. The top consulting firm selling its latest ‘strategy toolkit’ will mention that the potential client’s biggest rival is also very interested”.

So the message is – treat claims made by suppliers about their products with caution, maybe even with a touch of cynicism if they seem unique, outlandish or truly earth-shattering! And don’t let FOMO take you into the realms of Bad Buying.

One of the most annoying aspects of writing Bad Buying was reading dozens of fraud and corruption cases that came to court. Whilst the cases were often fascinating, the comments from the CFO or CEO of the organisation that suffered the fraud were always predictable. This is what I said in the book.

“But again and again, I see organisations failing to take basic precautions, and then once fraud is discovered, claiming that “this was a very sophisticated fraud”. In most cases, that remark is nonsense and is a fig-leaf for an embarrassed CFO or CEO who didn’t have basic fraud prevention measures in place.

Indeed, one way that fraud could be reduced globally is if CFOs in particular were told that their jobs are on the line. If a fraud takes place on their watch, that could have been prevented through simple actions, then they’ll be fired for incompetence. Implement this, and there will be a measurable drop in such cases very quickly”.

In recent weeks, a fraud committed by an IT manager in the UK’s National Health Service hit the headlines. Barry Stannard of Chelmsford in Essex, was “head of unified communications” for the Mid Essex Hospital Trust, which has since been merged into Mid and South Essex NHS Foundation Trust. He defrauded his employer of £806,229, which came out of the trust’s IT budget. He created two “fake companies” that he controlled, and then authorised payments against invoices from these firms – invoices he obviously produced himself.  He failed to declare any interest in these firms (obviously), no products or services invoiced were ever actually provided to the NHS, and he was sentenced to 5 years and 4 months’ imprisonment on June 30th.

At least the hospital did eventually spot this fraud. According to the Digital Health website, “Concerns first arose after the trust ran a data matching exercise on its payroll and accounts payable records, alongside Companies House records. After a comprehensive initial investigation by the Local Counter Fraud Specialist provider (RSM), the investigation was escalated to the NHS Counter Fraud Authority’s National Investigation Service”.

Stannard also charged VAT, which was never paid onwards to the tax authorities, so that was a further fraudulent element.  All of the hundreds of invoices submitted by his companies to the trust were individually for less than Stannard’s personal authorisation limit so he got away with it for some time.   

At least here nobody used the “sophisticated” word in describing the fraud, which is just as well because it wasn’t.  It was a pretty basic fraud and pretty basic best practice was not followed. That means there is a good case for sacking the CFO – and perhaps even the Procurement Head.  They certainly should answer these questions.

  • Why was there no proper “onboarding check” before a new supplier was first paid? Basic Companies House and Dun & Bradstreet checks would have shown a firm with Stannard as Director and presumably no other income.
  • Why was there no “separation of duties”? You should never have the same person able to choose a supplier, sign off the purchases, and approve the invoice (which includes confirmation of receipt of goods / services)?
  • Why did his boss not question the expenditure? Actually, it is not clear whether the budgets were his own or belonged to other managers (in which case why didn’t they query these costs for non-existent products)?

It all looks very negligent by the Trust and smacks of a poor attitude to spending taxpayers’ money, which unfortunately we’ve seen before in the case of public sector fraud of this nature.  So whatever your role, do think about whether such a fraud would be possible in your organisation.  If you wanted to extract money, how would you do it? Would you need an accomplice or could you do it yourself, as in this case.  If you do find gaps, then tell the CFO, CEO or equivalent. 

I reckon every organisation needs a few creative, cynical but trustworthy employees who can put themselves in the shoes of wrongdoers and have evil thoughts – for the greater good, of course!

Conflicts of interest as a ethical topic has always been relevant in procurement, both public and private sector. Here is a quick quote from my book, Bad Buying.

At a local level, I’ve worked with organisations whose top management didn’t even want to put in place a clear “conflict of interest” policy. That would mean staff having to disclose any interest they (or close family / friends) have in another business that might be a supplier or a customer of the organisation for which they work. But there’s usually a reason for that hesitancy.  Where you see organisations that won’t support anti-corruption activities, then you might draw obvious conclusions”.

Conflict of interest is a key issue within the fight against procurement-related fraud and corruption. We want buyers and everyone involved in the process to select suppliers, negotiate and manage contracts without being biased because they have an external interest that affects their behaviour.

We’ve seen these issues come up a number of times over the last 18 months through the pandemic with spend on products such as PPE (personal protective equipment) being in the public eye. So some recipients of huge contracts for PPE have had links with politicians and other powerful people, which has led to suggestions that decisions were impacted by these conflicts of interest.

The standard approach when developing procurement policies and practices is to ask those involved in the process to declare any potential conflicts upfront. Somebody can then decide if that is significant, and if so, how to handle that. At the extreme, I’d suggest it might eliminate a potential supplier from consideration completely. That doesn’t happen often, but appointing a small consulting firm to do a procurement review when that firm is run by the Procurement Director’s wife might not be a good idea.

But more frequently, it is a case of making sure the person with the conflict does not play a central role in key stages of the process, such as selecting the supplier or negotiating the contract. Suppose a senior executive who has an interest in the service being purchased discloses that their sister is a senior manager in one of the bidding firms. I would not expect that firm to be disqualified, but the executive should not be involved in the key aspects of the procurement. There are potential issues of confidentiality as well as bias of course – so if the exec is going to have access to confidential information, then they need to understand that any breach will lead to disciplinary action! Or you may simply choose to keep such information away from them.

There are questions however about how far we can and should go. That came to mind with the revelations around Mathew Hancock, the UK Health Minister who resigned because he broke covid rules with his ”friend”. But another part of that report claimed that his friend’s brother runs a firm that has won NHS contracts.

Is that a worry?  If your friend’s brother is bidding for a contract with your organisation, do you need to declare that as a potential conflict of interest?  That probably depends on just how close the “friend” is. If they are in effect a partner (legally or secretly) then it probably should be declared. But frankly, I would very rarely have known what any of my friends’ siblings did for a living!  So we have to be reasonable in terms of how meaningful the risk is.

A similar argument applies to shareholdings. Most of us hold shares indirectly through pension schemes or investment funds and we may well have direct holdings too. We can’t be expected to know exactly where “our” money is invested in every case. But what about if I have just a couple of hundred pounds worth of shares held directly in a potential supplier? I’d suggest that it is sensible to declare that, but I would not necessary exclude someone from the process for that level of “conflict”. However, if it were several thousand pounds worth, or if we were considering share options in a start-up that could prove valuable one day, the position might be different.

These are tricky issues.  The key is to impress on everyone that if they are in any doubt, it is better to declare the potential conflict and let others decide how serious it is. That is much better than having to plead later on that “I didn’t realise it mattered”. 

And if you want to hear more about this and related topics, I’m speaking as part of a CIPS (Chartered Institute of Procurement and Supply) webinar on July 13th, 2021, at 12.30 pm. It is all about ethics and is titled “50 shades of Procurement – an Ethical Perspective”.  It should be interesting – and it is open to CIPS members AND non-members, so anyone can book here.

(The picture shows my cycling friends enjoying an outing with me last year – no contracts were awarded!)

The UK National Audit Office has published a report titled “Initial learning from the government’s response to the COVID-19 pandemic”. It draws on the various reports NAO has conducted over the last year or so, including those related to ventilator and PPE (personal protective equipment) procurement, and covers quite a range of topics including risk management, data, workforce issues and – most relevant to our interests – “transparency and public trust”.

It is timely, not least because the Good Law Project and EveryDoctor UK are currently in the midst of a court case concerning PPE procurement. Those organisations are challenging the way government awarded contracts to suppliers, with a particular focus on a handful of suppliers including Ayanda Capital and Pestfix. They also want the government to publish the full list of suppliers and (where relevant), disclose who put them forward to the “VIP list” that gave firms accelerated access to the procurement process.

Some startling information has already been disclosed in the court case. For instance, it appears that Ayanda did NOT pass the initial “due diligence” process, but somehow were still awarded contracts worth over £200 million. It is also clear that influential people were badgering the professional procurement staff to favour certain firms. 

In the case of Pestfix, evidence suggests that their executives told the government buyers that some of the payment was being used to bribe people in China to make sure supplies got through to the UK.  (Pestfix denies this but the emails seem pretty clear!) I’ve always suspected that was one reasons why the government didn’t want to deal directly with producers but involved agents and middlemen. Ministers and officials didn’t want to get their own hands dirty in what was a vicious battle to secure supply at the height of the shortages.

It is well worth keeping up with the developments in the case, but let’s revert to the NAO report and transparency. One of the main NAO learning points is the importance of transparency and clear documentation to support decision-making when measures such as competition, are not in place.

In more detail:

Transparency, including a clear audit trail to support key decisions, is a vital control to ensure accountability, especially when government is having to act at pace and other controls (for example, competitive tendering) are not in place. On the ventilator programmes, we found sufficient record of the programmes’ rationale, the key spending decisions taken, and the information departments had to base those on. However, in the procurement of personal protective equipment (PPE) and other goods and services using emergency direct awards during the pandemic, we and the Government Internal Audit Agency found that there was not always a clear audit trail to support key decisions, such as why some suppliers which had low due diligence ratings were awarded contracts”.

That due diligence issue relates back to Ayanda (and others) of course. As well as the lack of documentation, government was also slow to publish information.

“… many of the contracts awarded during the pandemic had not been published on time. Of the 1,644 contracts awarded across government up to the end of July 2020 with a contract value above £25,000, 75% were not published on Contracts Finder within the 90-day target and 55% had not had their details published by 10 November 2020. The Cabinet Office and DHSC acknowledged the backlog of contract details awaiting publication and noted that resources were now being devoted to this, having earlier been prioritised on ensuring procurements were processed so that goods and services could be made available for the pandemic response”.

We can have some sympathy here, as staff were under huge pressure, but given the large number of people (many of them expensive consultants) working on PPE procurement, it should have been possible to do a bit better than this.

In terms of transparency, I recently wrote a briefing paper with the Reform think-tank, titled Radical transparency: the future of public procurement.  The message is that the time is right for a step-change in transparency around public sector procurement. That is not just about public trust, important though that is. I believe the even bigger issue is that buyers, budget holders and commissioners in the sector have very limited visibility of what each other are doing.

That means knowledge about great ideas and amazing supplier performance is not shared – and neither is the learning when something goes wrong. Radical transparency is the answer. The recent government Green Paper on public procurement makes a few comments in this direction but really does not go far enough. As soon as you see the rules on Freedom of Information quoted as a basis for disclosure you know there is no intention of getting anything really interesting into the public domain!

If you have a few minutes and you are at all interested in public procurement, do have a look at the Reform paper. I’d love to hear your comments and thoughts on the concept that transparency can be an effective antidote to public sector Bad Buying!  

The Conservative government has been criticised for some of the procurement actions of the last year or so, with allegations of mismanagement and cronyism. But the Labour Party has not been free of controversy in terms of how its politicians spend public money in local government.

Croydon council in south London has basically declared itself bankrupt, with mismanagement of a council-owned property company and bad decisions about acquisition of property investments contributing to the dire financial situation. We may come back to this as more detail emerges.

Meanwhile, Joe Anderson mayor of Liverpool, was arrested last December on suspicion of conspiracy to commit bribery and witness intimidation.  He and four others were held as part of a police investigation into the awarding of building contracts in the city. The BBC reported that a “year-long police probe, Operation Aloft, has focussed on a number of property developers”.

An inspection ordered by the Minister for Housing, Communities and Local Government reported in March and the inspector, Max Caller, found major failings “in governance and practice”. That has led to the imposition of Commissioners in the City to help the council implement the changes needed. But the report also commented on Anderson’s son David, now caught up in controversy. His firm SCC was awarded contracts by the council through what seemed to be unusual procurement routes.

Mr Caller said that a decision to award SSC a £250,000 health and safety contract on the project to dismantle Liverpool’s Churchill Way Flyovers in 2019 ‘exposed the site teams to considerable safety risks’. The company had no previous relationship with the council before the ‘urgent appointment was instructed’ as work got underway in 2019.

The report calls for more power for the procurement function in the Council, but also highlights that it needs to up its game. More criticism for circumventing official processes and policies appears to be attached to the staff in other departments such as Highways.

This is only the latest in a long line of issues around public sector construction contracts. That area of spend has historically been plagued by claims of and indeed proven corruption in local government and elsewhere.

 Why is that? Well, it is one of the biggest spend categories for local government and many organisations, and it is also relatively opaque in terms of benchmarking costs and prices. So social care, or IT hardware are also huge spend areas for councils for example; but I’d suggest it would be pretty obvious if a care firm or laptop supplier were charging unrealistically high prices to fund bribery. If a firm was charging £25 an hour for carers when the standard for other firms or other councils was £18, even the slowest auditor or councillor might notice!

But a few hundred grand added onto a multi-million pound building contract for a new school or sports centre is much harder to spot. If we’re talking the council buying land or property, then there is even less of a clear “market value”. 

These are also areas where historically, professional procurement has been less involved than in some other spend categories. The construction departments in councils have had a reputation for being powerful and something of a law unto themselves.  I remember 20 years ago a friend of mine who was MD of a firm that supplied heating equipment refusing to deal with one Yorkshire council because the corruption was so overt. Basically his firm was expected to pay a % commission to certain individuals on every order.

So a lack of professional procurement scrutiny, bespoke work and limited market price benchmarks are factors that indicate how open to corruption a spend area might be.

Back to Liverpool and there is also a link with a controversial construction project where Unite, the trade union led by Len McCluskey, is the buyer.  The project appears to have cost almost £100 million against the £57 originally forecast. The BBC reported that; “The contract to build the 170-room hotel and conference centre was awarded in 2015 to the Flanagan Group, a Liverpool company run by an associate of McCluskey, who is the union’s general secretary. Another contract on the project was given to a company owned by the son of Joe Anderson, Liverpool’s mayor.”

Yes, it’s him again …

Anyway, Unite has responded saying “Every step of the way, the production of this complex was overseen by independent surveyors and architects. Accountability was built into the process to ensure that at every stage of this development we got value for this union’s money. All this was overseen by our democratically-elected, independent 62-strong executive council”.

 Bad Buying? Or worse?  I’m not sure.

(But a Government procurement leader joining a supplier while still working as a civil servant is!)

In my last article about fraud related to supply chain finance (which came to mind because of the emerging Greensill / Gupta developments), I said that I hadn’t come across that type of fraud previously. There are plenty of other variants on invoice-related fraud in my book, however.

That brought a call from a friend. He told me of a case he had seen where a business created fake invoices to “clients” and used those invoices to obtain funding from their supply chain finance (SCF) provider. The amusing angle was that the finance provider was a major bank, and the fake invoices included a number that were supposedly issued to the same bank!

So the finance was provided by a bank on the basis of non-existent delivery of goods or services to the same bank … you might have thought that someone would have spotted this or checked to see if the supposed supplier was in their AP system. But perhaps they did, given the fraud was discovered eventually! You also wonder whether the fraudster was stupid, secretly wanted to be caught or was just having a laugh at the expense of the bank itself.

Exploring this theme further, it is clear that supply chain finance related fraud is not new. Just last year, a major scandal in Singapore saw the Him Leong oil trading company collapse. Part of that was down to false invoicing and over stating of receivables, which enabled the firm to obtain financing based on these invoices.

As the spglobal website reported, “financial statements for the year ended 31 October 2019 grossly overstated the value of assets by “an astonishing amount of at least $3 billion” comprising $2.23 billion in accounts receivables which had no prospect of recovery and $0.8 billion in inventory shortfalls”.

There are also cases that are not overtly “fraudulent” but are misleading. When leading UK construction and facilities management firm Carillion collapsed in 2017, the use of supply chain finance was one of the ways it concealed its problems until the final reckoning.  Carillion worked with Santander bank to offer its suppliers payment earlier than its ridiculous 120-day standard payment terms (in return for a fee, of course). Santander then retained the money it owed for the full period.

Globalconstructionnews website reported that “Carillion tucked the cash managed through reverse factoring into the box labelled “trade and other payables”, to which it had added “other creditors”. This, believes S&P, allowed it to show a modest increase in working capital from 2012 to 2016, because “working capital” does not usually include trade payables.  After 2012, the growth in money owed under trade payables ballooned from £263m that year to £761m in 2016. Reverse factoring, said S&P, allowed Carillion to “hide a substantial part of its debt from view”.

To widen the discussion to fraud generally, I believe that Boards, CFOs and CPOs should regularly ask themselves, “how would I defraud this organisation if I was an evil criminal genius”? Or maybe employ an actual evil criminal genius consultant to do that for them (I’m available at very reasonable evil genius rates). Read most of the cases I quote in the Bad Buying book, and you realise that any intelligent insider could have spotted the flaw in process that allowed the fraud, if only they had spent some time thinking about that.

However, the problem with much SCF related fraud or dubious practice is that it is almost always an internally generated fraud. It might involve third parties, innocent or not so innocent, but it is often driven by very senior people in the business, or even owners and founders. So there would not have been much point asking the Board of Carillion to look at the use of SCF if they were complicit in the  bad practice. If it is found that the Gupta companies did issue fake invoices to generate SCF funding  from Greensill, then no doubt that will have originated at a pretty high level in the business.

Meanwhile, back to other aspects of the Greensill affair, and yesterday we saw newspaper revelations that Bill Crothers actually joined Greensill two or three months before he left the civil service, while he was still Chief Commercial Officer for the UK government. Such a move seems very odd but it was all signed off within the Cabinet Office, apparently.  That seems to show very poor judgement at best from Crothers, and perhaps the judgment of the experienced top-level civil servants who approved this was even more suspect. More to come on all this, I’m sure.

We’ve written a couple of times about the Greensill affair, and now more is emerging about another key player in the financial scandal. Greensill in effect lent billions to Sanjeev Gupta, creator of the GFG Alliance of steel businesses.  That appears to have been based on both financing the invoices where GFG owed money to their suppliers, and also making early payment to gupta’s firms where GFG invoiced its own customers.

But the Financial Times, which has been instrumental in exploring matters, reports that Grant Thornton, the administrator for Greensill, has contacted some GFG “customers”.  Clearly, they in theory owe Greensill money. However, “some of them say they did no business with Gupta”.  In other cases, there are allegations that the customers were friends or associates of Gupta.

If this is true, it seems that Greensill was advancing money to GFG based on their invoices which had in theory been issued.  Greensill would collect the money owed from the customers in line with payment terms. So note this is financing Gupta based on its sales, rather than improving its cash flow by helping on the purchase side. But if these invoices – or some of them – were fake – then we have a real fraud, and Greensill obviously won’t be able to collect its debts. Maybe Greensill was an innocent victim, being told by GFG these were real customers and real debts. Or maybe not.

Anyway, this link with supply chain finance is for me potentially a new type of invoice-related fraud. I must admit I did not cover this in Bad Buying, but it might be in the 2nd edition / follow-up!

The more usual invoice frauds that I describe in my book fall into three categories.

  1. Fake invoices are created, submitted and authorised by someone inside the organisation. The money is paid to firms (probably set up for this purpose) which the insider(s) controls.
  2. Fake or inaccurate invoices are submitted by an external party, either “on spec” in the hope that the internal systems are poor and they get paid, or to be authorised by an accomplice internally. The supplier may even be genuine, but the amount invoiced may not reflect the actual goods supplied or work done.
  3. Invoice mis-direction, where the fraudster persuades the firm to pay a genuine invoice to the fraudsters bank account rather than to the real supplier’s account.    

“Fake invoice” fraud by insiders happens in the private sector, in government, and even in the charity sector. And it can be the most unlikely people – as in this case (taken from my book), where the former head of counter-fraud at Oxfam, the charity that fights poverty globally, was jailed after stealing more than £64,000 from the organisation.

Edward McKenzie-Green, 34, defrauded the organisation while investigating fellow charity workers in earthquake-hit Haiti. He filed fake invoices from bogus companies, making £64,612 in nine months before resigning because of unrelated disciplinary proceedings. The scheme was discovered after an internal inquiry was launched to investigate allegations that he’d behaved unprofessionally while leading a team in Haiti in 2011.

He agreed to resign, was given a £29,000 “golden handshake”, but then investigators unearthed 17 fraudulent invoices from two companies under his control.  An audit of his own counter-fraud department revealed payments to “Loss Prevention Associates” and “Solutions de Recherche Intelligence” in 2011. Investigators contacted the supposed head of one company, Keith Prowse, for an explanation of invoices for ‘intelligence investigation’, ‘surveillance equipment’ and ‘Haiti Confidential’. But there was no Mr Prowse – that was, in fact, Mackenzie-Green.  (The “real” Keith Prowse founded a very successful corporate hospitality firm in the UK).

McKenzie Green got two years in jail and Judge Wendy Joseph QC told him: “You have taken from those who desperately need it substantial sums of money. Worse, you have undermined the public confidence in a charitable institution. You were head of a department set up to counter fraud. This was a profound abuse of the trust invested in you.”

We suspect that the magnitude of the Gupta / Greensill affair might dwarf the Oxfam case and most of the others in the book, except perhaps for the Petrobras / Odebrecht scandal in Latin America, where fake invoicing was only a small part of the wider fraud and corruption picture. In any case, it will be interesting to see what emerges in the Gupta case over the coming months.

There have been interesting developments in terms of procurement of PPE in several European countries.   Last month, the Times reported that magistrates in Italy had ordered the seizure of property worth more than €70 million (£60 million) including a yacht, a Harley-Davidson motorbike, watches and several apartments from eight middlemen.  They are accused of exploiting the desperate shortages of PPE last year at the height of the pandemic.

The allegation suggests that a group of businessmen earned commissions worth €72 million on the purchase of 800 million facemasks from China. Those masks cost the Italian government some €1.2 billion. The suspects are accused of “illicit influence trafficking, receipt of stolen property and money laundering”. There is some cronyism involved here too. One of the accused is Mario Benotti, 56, a journalist and general director of two technology companies, and someone who knew Domenico Arcuri, 57, the Covid commissioner.  But Benotti says that he intervened to help his country and because Arcuri asked him to.  He acknowledges getting €12 million but says he earned it.

It has to be said that a margin or commission of €72 million sounds a lot. But on a spend of over a billion, that is “only” 6%.  Is that really exploitation?  A BBC Panorama programme this week suggested that firms such as Ayanda Capital made significantly more than that supplying the UK with PPE – a margin of 15.8% according to Tim Horlick, the boss. But in any case, if 800 million masks cost €1.2,  that is €1.5 per mask, which shows just how crazy the market got last year.

In Germany, the scandal is deeper and more shocking. Several leading politicians have been forced to resign because of the money they made personally from the pandemic shortages. Earlier this month, two members of the parliament and of Angela Merkel’s ruling CDU party resigned this week because of the scandal.

It appears that Georg Nüßlein and Nikolas Löbel both personally profited from government contracts for face masks. Löbel is alleged to have received €250,000 in payments for brokering a deal between a Chinese supplier of masks and the German cities of Heidelberg and Mannheim. Nüßlein is accused of making €660,000 through a consultancy firm for lobbying the government on behalf of a supplier. Mark Hauptmann, from the eastern state of Thuringia, is the latest to go. He is stepping down due to his alleged links concerning medical supplies and Azerbaijan. It all seems somewhat opaque, but Hauptmann has admitted that Azerbaijan and other countries paid for adverts in a newspaper he publishes.

Coming back to the UK, we also don’t know if any of our politicians took their cut for promoting PPE suppliers onto the “VIP” path, which greatly enhanced the firms’ chances of winning contracts. We still don’t know how Ayanda Capital and others were chosen to be awarded contracts, or why each got the size of contract they did.  This week, the BBC Panorama programme looked at how some very odd firms won huge contracts or acted as facilitators, such as an upmarket dogfood business! It also exposed that details of some contracts awarded last spring and summer have still not been published.

But there only four possible options in terms of the process used in the UK to select suppliers.  

1. There was an actual selection process. I don’t mean the due diligence assurance which was carried out once a firm had been chosen – I mean the process for choosing which firm would get which volume. But if there was such a process, we still don’t know what it was.

2. It was random. All the names in a hat …

3. It was literally first come, first served. The first firms that got their offers in won the work, until all the volume needed was covered.

4. It was fundamentally corrupt.  

We still don’t know which of these is the most accurate explanation, and until we do, we can’t rule out the possibility of more scandal emerging in the UK, as we have seen in these other nations. This story isn’t dead yet.

The fraud section in my new book was great fun to write. I know you can’t and shouldn’t call fraud “fun” in any sense, but the case studies I researched were interesting, and often quite astonishing.

In one case I saw personally (which I couldn’t mention in any detail in the book) we discovered a fairly senior colleague, who everybody thought was a lovely, capable person, was actually involved in approving six-figure invoices from a fake supplier. The police thought this “firm” was probably linked to the “Russian mafia”, and we only found out about the fraud when the police discovered this gang was receiving large payments from my firm (and told us)!

Anyway, buying-related frauds can involve just internal staff, as in the case of fiddling your expenses or using the company charge card wrongly, or can be purely externally driven, as in the case of many “invoice misdirection” cases, or might involve both internal and external players. That third category is perhaps the most common and includes classic frauds such as overpayments to suppliers or biased supplier selection in return for bribes or inducements to the buyer.

But technology, artificial intelligence in particular, is helping to pick up some frauds through its ability to analyse huge amounts of data and spot trends, patterns, inconsistencies and oddities. I remember a presentation from two or three years back which talked about using AI to search through corporate payments or approvals. The idea was that you might find for instance a budget holder who always submitted an invoice for approval or payment on a Friday afternoon, when it might be scrutinised less carefully! Or someone who always makes purchases with a value of £9,999 if the cut-off for approval is £10K.

But more recently, I learnt of another interesting approach. In this case, the AI focus is on emails and documents that flow within the organisation and to external third parties. It has been developed by a firm called FACT360, which is led by Paddy Lawton, who founded, ran and then sold spend analytics software firm Spend360 to Coupa in 2017. I spoke to Lawton and fellow director Andy Slater to get a quick overview of what they’re up to.

Of their three core products, AI Forensics  is most relevant to buying-related fraud work. It analyses documents and emails and produces a network “map” of who is talking to who within an organisation and across organisational boundaries, including to suppliers, for instance. It generates insights from that communication flows as well as from the content of the messages themselves.

So for example, if you apply the analysis to Enron’s data, before that firm’s crash and disgrace, you can see that one particular person was at the centre of a major web of communication within the firm, even though he wasn’t apparently very senior. It turned out he controlled one of the technology “marketplaces” that enabled Enron to falsely claim to be making money on transactions. This analysis of what FACT360 calls “prestige” can tell you a lot about what is going on within an organisation, and who is really important or powerful. 

“And there are subtle changes in communication behaviour that occur and can be detected when actors plan and engage in covert activity” according to Slater.

One of the interesting corruption cases in my Bad Buying book tells the story of the Sainsbury’s supermarket potato buyer, who conspired over some years with a major supplier to pay over the odds for potatoes in return for bribes. Might Fact360 artificial intelligence have picked this up?  Probably, says Slater. It is likely that emails between the main players would have been more frequent than for other similar suppliers, or show different patterns in terms of timing or even use of language. There might have been more obvious clues in the content too.

Of course, knowing that your email trail could be used in his way might discourage fraudsters from using that medium, but there is always going to be some record of contact, unless the participants are using real secret service tactics! And the beauty of these emerging AI technologies such as FACT360 is that the user doesn’t need to know or define what they are looking for – the system will highlight where it finds potential “unknown unknowns”, as Donald Rumsfeld famously put it. 

We’re still at the early stages of understanding just how AI is gong to affect our lives, and it may be that some implications will not be positive for many of us. But using it to detect and deter fraud and corruption in our organisations – and reduce Bad Buying – must be one of the more positive aspects of this fascinating technology.