Posts

(Two posts in a row about blood – that’s a bit weird)!

Earlier this month, Elizabeth Holmes went on trial in San Jose, California, accused of six counts of fraud.  That relates to the blood-testing firm she founded and ran, Theranos, which was claimed to use unique technology to perform a range of tests with just a small sample of blood. The claims were later revealed to be largely nonsense and in some cases the results might even have proved misleading or dangerous to the user. When one of the Theranos laboratories was inspected in Newark, California, in November 2015, the inspectors concluded that “the deficient practices of the laboratory pose immediate jeopardy to patient health and safety.”

The cautionary tale has been turned into a best-selling, award-winning and definitive book, Bad Blood by John Carreyrou and is going to be the subject of a film with Jennifer Lawrence playing Holmes.  But in real life, it seems that her defence during the trial may claim she was under the influence of her older and more experienced business partner and one-time boyfriend, Ramesh Balwani.  They may also claim that she really did believe in the product and it was others within the firm who misled her about the actual way it worked (or didn’t).

Although some experts warned from the early days of Theranos that there were questions to be answered about the product, Theranos raised hundreds of millions in investment from famous people such as Henry Kissinger and Rupert Murdoch.  Perhaps they were dazzled by this confident, smart young blonde woman, who seemed to be particularly effective at persuading older men to stump up large investments!

But as well as the investment aspect to the story, there was also a Bad Buying link to the events. Here is how I described it in my book (“Bad Buying – How organizations waste billions through failure, fraud and f*ck-ups)”.

“Buying failure comes into this because the pharmacy chain Walgreens spent $140 million with Theranos over seven years, hosting around forty blood-testing centres in their stores. They got very little benefit from that and recovered some $30 million after a lawsuit and settlement following the eventual disclosure of the issues. Amazingly, as Bad Blood reports, Walgreens’s own laboratory consultant, Kevin Hunter, had seen early on that something wasn’t right with Theranos. But the executive in charge of the programme at Walgreens said that the firm should pursue the pilot because of the risk that CVS, their big competitor, would beat them to a Theranos deal.

Again, buyers wanted to believe that something was real, even in the face of mounting evidence that it wasn’t. This relates back to comments around believing the supplier– those earlier examples weren’t demonstrating fraudulent behaviour, but the principle is similar. It is easy for a naive or gullible buyer to be sucked into believing what the supplier wants them to believe.

Suppliers will take advantage of this tendency – whether it is the relatively innocent ‘Yes, we can install this new IT system in six months’ or the more dangerous ‘This equipment will find hidden bombs’. And FOMO – the fear of missing out to the competition – is something else suppliers will use, and that can lead to bad decisions. It’s not just physical goods, either. The top consulting firm selling its latest ‘strategy toolkit’ will mention that the potential client’s biggest rival is also very interested”.

So the message is – treat claims made by suppliers about their products with caution, maybe even with a touch of cynicism if they seem unique, outlandish or truly earth-shattering! And don’t let FOMO take you into the realms of Bad Buying.

The fraud section in my new book was great fun to write. I know you can’t and shouldn’t call fraud “fun” in any sense, but the case studies I researched were interesting, and often quite astonishing.

In one case I saw personally (which I couldn’t mention in any detail in the book) we discovered a fairly senior colleague, who everybody thought was a lovely, capable person, was actually involved in approving six-figure invoices from a fake supplier. The police thought this “firm” was probably linked to the “Russian mafia”, and we only found out about the fraud when the police discovered this gang was receiving large payments from my firm (and told us)!

Anyway, buying-related frauds can involve just internal staff, as in the case of fiddling your expenses or using the company charge card wrongly, or can be purely externally driven, as in the case of many “invoice misdirection” cases, or might involve both internal and external players. That third category is perhaps the most common and includes classic frauds such as overpayments to suppliers or biased supplier selection in return for bribes or inducements to the buyer.

But technology, artificial intelligence in particular, is helping to pick up some frauds through its ability to analyse huge amounts of data and spot trends, patterns, inconsistencies and oddities. I remember a presentation from two or three years back which talked about using AI to search through corporate payments or approvals. The idea was that you might find for instance a budget holder who always submitted an invoice for approval or payment on a Friday afternoon, when it might be scrutinised less carefully! Or someone who always makes purchases with a value of £9,999 if the cut-off for approval is £10K.

But more recently, I learnt of another interesting approach. In this case, the AI focus is on emails and documents that flow within the organisation and to external third parties. It has been developed by a firm called FACT360, which is led by Paddy Lawton, who founded, ran and then sold spend analytics software firm Spend360 to Coupa in 2017. I spoke to Lawton and fellow director Andy Slater to get a quick overview of what they’re up to.

Of their three core products, AI Forensics  is most relevant to buying-related fraud work. It analyses documents and emails and produces a network “map” of who is talking to who within an organisation and across organisational boundaries, including to suppliers, for instance. It generates insights from that communication flows as well as from the content of the messages themselves.

So for example, if you apply the analysis to Enron’s data, before that firm’s crash and disgrace, you can see that one particular person was at the centre of a major web of communication within the firm, even though he wasn’t apparently very senior. It turned out he controlled one of the technology “marketplaces” that enabled Enron to falsely claim to be making money on transactions. This analysis of what FACT360 calls “prestige” can tell you a lot about what is going on within an organisation, and who is really important or powerful. 

“And there are subtle changes in communication behaviour that occur and can be detected when actors plan and engage in covert activity” according to Slater.

One of the interesting corruption cases in my Bad Buying book tells the story of the Sainsbury’s supermarket potato buyer, who conspired over some years with a major supplier to pay over the odds for potatoes in return for bribes. Might Fact360 artificial intelligence have picked this up?  Probably, says Slater. It is likely that emails between the main players would have been more frequent than for other similar suppliers, or show different patterns in terms of timing or even use of language. There might have been more obvious clues in the content too.

Of course, knowing that your email trail could be used in his way might discourage fraudsters from using that medium, but there is always going to be some record of contact, unless the participants are using real secret service tactics! And the beauty of these emerging AI technologies such as FACT360 is that the user doesn’t need to know or define what they are looking for – the system will highlight where it finds potential “unknown unknowns”, as Donald Rumsfeld famously put it. 

We’re still at the early stages of understanding just how AI is gong to affect our lives, and it may be that some implications will not be positive for many of us. But using it to detect and deter fraud and corruption in our organisations – and reduce Bad Buying – must be one of the more positive aspects of this fascinating technology.

Bad Buying was published last week, and whilst there wasn’t exactly a rush of media appearances, it was reviewed in the Times on Saturday (behind the paywall unfortunately).

The reviewer (Robert Colvile) enjoyed it, although he found it annoying / depressing that governments seem to make the same mistakes time and time again when it comes to spending public money. Well, yes, I’d agree of course, that being one of my reasons for writing the book! He also picked up on one important point that is mentioned in the book but perhaps deserves more focus.  As Colville put it in his review,

“And the mistake was usually pretty elementary (as a rule, anyone who talks about how their organisation was victim to a “very sophisticated” gang of thieves is telling porky pies: far more likely is that there was a failure to attend to the absolute basics).”

This is so true. We see it almost every time there is a fraud case – the organisation that has lost out claims it is the cleverness of the fraudsters, not the stupidity of management that is to blame. That is the case even if all the fraudsters have done is phoned up the finance department and said “hello, this is IBM here, we’ve changed our bank details, please can you pay our outstanding invoices now to this new account”. Very sophisticated…

But it is  certainly not just the public sector that gets caught out. EssilorLuxottica, the worlds leading lens and eyewear firm, was the target of a 190 million euro ($213 million) fraud at one of its factories in Thailand. At the end of last year, the firm announced that it had fired employees associated with the incident (well, you would, wouldn’t you) and was looking to recover the money.

An intelligent guess would suggest that this was a “fake supplier” fraud, where money was paid under the authorisation of someone internally to external firms that were controlled by the fraudsters.  Those firms would not in reality be supplying anything to EssilorLuxottica of course, and by the  time the fraud was spotted, those bank accounts would have been closed and the cash long since extracted.  But this was a huge amount of money to disappear from a single factory in Thailand – it  sounds like it could be equivalent to the firm’s entire annual revenue in that country.

Assuming that was the nature of the fraud, how on earth could such large sums of money be extracted without anyone noticing? What were the policies in place and processes to check up on those new “suppliers” and their legitimacy? Who was allowed to approve high value payments?  Did the firm outsource any part of the payment process to a third party services provider? (That can sometimes lead to weaknesses in the process and less focus on what is going on).  Maybe there was some sophistication here in the fraud, but it really does smack of poor internal management and controls.

Anyway, that story is really told to demonstrate that it is not just the public sector that can waste money and fall down on basic anti-fraud processes. I’d suggest that every procurement or finance leader and every Board should consciously think about this question – “if I wanted to defraud my organisation, how would I do it”? 

Think  through the different options and potential points of weakness, and evaluate whether there are processes, checks or policies in place that would stop you getting away with it. If the answer is “no”, then either tighten up quickly or accept that you might be the next person waffling on to the press about “sophisticated criminals”!  Personally, I would also fire the CFO if such a basic fraud was committed on his or her watch.

The Bad Buying book might be useful too if you are concerned about these issues.  It contains seven key anti-fraud principles, with some practical and clear advice on how you can at the very least reduce the chances of fraud and corruption affecting your organisation.

All over the world, medical staff have struggled to find enough PPE (personal protective equipment) to meet their needs and protect themselves in a time of pandemic.  The problems have extended out and affected other users too, in care homes, local government, the police even.

That has led to some buying activities and processes that were far removed from the usual formal public procurement approaches. In the UK, we have seen huge orders placed with firms that normally would not have made it beyond the first basic company checks. Money was paid up-front in some cases, something else that would never happen in normal times.

We’ve been hesitant to call this Bad Buying  given the emergency situation, although at time of writing, there is some evidence that the UK may now have over-ordered at the top of the market and paid more than perhaps we needed to. But let’s reserve judgment on that for now.

But as well as issues of competence, there have also been accusations of bias, nepotism and even fraud. Sometimes those are far-fetched; the fact that the CEO of a small firm supplying PPE once attended a Conservative Party charity dinner should not mean his firm can never be a government supplier again!

In some countries however, the issue has gone much further. Recently, the BBC reported on the arrest of the Zimbabwean Health Minister, Obadiah Moyo, as “the government came under pressure from the opposition and on social media over a scandal surrounding the procurement of coronavirus tests and equipment”.

Moyo faces charges related to a $20 million contract for PPE and other virus-related kit awarded to a firm registered in Hungary, allegedly made without going through the proper procurement processes.  The company, Drax Consult, was only registered two months before the contract award, and the firm’s representative in Zimbabwe, Delish Nguwaya, has also been arrested. Africa News reported that “local journalists exposed how Moyo allegedly chose the company to sell medical supplies to the government at inflated prices that included face masks for $28 each”.

The President, Emmerson Mnangagwa, has made much of his anti-corruption drive but one of his sons was forced to issue a statement denying a link to the company after pictures emerged of Nguwaya with the president, his wife and sons at several events. Meanwhile doctors and nurses have been on strike demanding to be paid in US dollars as inflation is running at over 750% and incomes are virtually worthless in this struggling nation.

Coming back to the UK, the recent controversial government contract for market research (running focus groups) actually seems to me more dubious than most of the PPE buying activity. Giving a firm with “conflict of interest” type links to adviser Dominic Cummings and Cabinet Office Minister Michael Gove a contract for almost £1 million with no competition simply seems wrong. The “urgency” claim made in that case does not hold water really when a quick competition could have been run in days. But at the moment, the British people don’t seem inclined to riot in the streets or start arresting Ministers.

That’s because corruption in public life is not perceived as a big issue in the UK, unlike in Zimbabwe. That is probably a reasonable stance today; but my fear is whether the public would notice or care if matters started getting worse.  The situation can decline rapidly, and once corruption becomes embedded, it is devilishly difficult to root out. Corruption is not the only cause of Zimbabwe’s decline in recent years, but it is certainly one driver of the economic woes the country has experienced.  So, even in nice, apparently honest western democracies, we need to “stay alert”, as somebody told us recently … 

(And of course there is much more about fraud and corruption in procurement in my new book,  “Bad Buying – How Organizations Waste Billions Through Failures, Frauds and F*ck-ups”, available to pre-order now).

Unfortunately, fraud and corruption are common in the business world, including in many large and well-known firms, as well as in governments the world over. Literally every day you could find a new story breaking that highlights an event of that nature, whether it is thousands of pounds, dollars or euros or millions involved. 

Issues related to ‘buying’, in its widest sense, probably represent the single biggest category of fraud and corruption globally. It is not hard to see why. When we consider fraud, it is clear that criminals trying to make money need to focus on where that money is. And buying (procurement) transactions account for most of the major spend areas for businesses and government bodies.

There are alternative ways you might look to extract money illegally or improperly from corporations, such as blackmail, or banking and investment frauds. There is some non-buying-related fraud committed by employees – we’ve seen examples of senior executives putting through pay rises for themselves that weren’t properly approved, for instance. But buying from third party suppliers accounts for trillions of dollars’ worth of trade annually around the world, so it is not surprising to see a whole range of fraud and corruption cases based around those processes.

Some of the low-level frauds are almost comical. The UK NHS suffered from a senior manager who extracted money by creating false suppliers, in order to fund her own activities as a horse breeder. The need to purchase expensive horse semen was a reason quoted in court to “justify” her criminal action.

However, without wishing to sound too sanctimonious, we do need to remember that there really are no victimless crimes, even in the seemingly light-hearted examples we see.  Taxpayers lose out when it comes to fraud related to government bodies, like the horse-related one. Even if the losses are covered by insurance for firms that are the victims, then insurance premiums will rise, or insurance-firm shareholders will take a hit. Someone always loses when a fraudster gains.

Perhaps the most annoying fact is that most buying-related fraud and corruption could be stopped by organisations taking a few relatively straightforward steps. Or where it can’t be easily stopped, and we’re talking about relatively minor frauds such as misuse of company credit cards, then it could be detected quickly.

Yet too often, the right processes aren’t in place, and we are left with a CFO after the event whining that “it was a very sophisticated fraud”. In 90% of cases, it wasn’t, the fraudsters simply exploited obvious vulnerabilities, and the CFO should be fired on the spot. If that happened a bit more regularly, we would see far fewer buying related frauds, that’s for sure!