Supply Chain Fraud

From eSourcingWiki

Introduction

Whether you realize it or not, fraud is a serious and rampant problem in today's supply chains, with Kroll's recent Global Fraud Report finding that, in some sectors, fraud in the supply chain has increased five-fold in the last six years. Considering that fraud now costs U.S. companies alone more than 660 Billion annually (Nashville Business Journal), and multi nationals trillions of dollars annually, it's easy to see that fraud is one of the most critical issues in today's supply chains. It's one of the biggest risks to your supply chains - and a much bigger rich than natural disasters (which are rare), pricing risks (which fluctuate with the markets), supply risks (which can be mitigated through appropriate multi-sourcing strategies), and logistics disruptions (which are usually temporary in nature) as it's a constant, daily risk.

Furthermore, it only takes a single fraud to bankrupt a company, especially these days when single instances of fraud can cost billions of dollars. Examples include when Nick Leeson lost 1.8 Billion (and brought down Barings Bank) in rogue trading, when Ramon Baez Figueroa committed banking fraud that amounted to more than USD 2.2 Billion, when Yasuo Hamanaka hid 2.6 Billion in losses at Sumitomo Corporation, when a group of employees at Societe Generale committed a series of "elaborate, fictitious transactions" that cost the bank more than USD 7 Billion, and, more recently, the collapse of Bear Stearns thanks to out of control hedge-fund managers. Now, it is true that these are all bank frauds, but for a hundred million dollar company, it might only take a fraud of 10 to 20 Million to bankrupt it - and many progressive companies these days mitigate against risks of supply increases by hedging on the markets. If your trader goes rogue, he could easily rack up millions in debt before you know anything is wrong, and you are susceptible to the same risks that have brought down global banks. And if you're a manufacturer of high-priced electronics, losing a single container could cost you millions of dollars. And when you consider that sometimes even an entire freighter goes missing and that modern day piracy is still a problem off of the coast of Africa with over 61 attacks in 2006, it can happen.

These days, fraud is one of the most serious risks you have to face in your supply chain, and also the most commonly overlooked. Hopefully this wiki-paper will help to not only clarify the importance of shoring up your supply chain against fraud, but help you understand what types of fraud you should be looking for and how you can go about minimizing the risks.

Fraud

Loosely speaking, fraud is a deception made for personal gain. (Wikipedia) Under (criminal) law, it's the crime of deliberately deceiving another in order to damage them, and is usually committed in an effort to obtain goods or services unjustly. It can be committed in many ways, and common methods include mail, wire, phone, and, today, the internet.

Fraud is very expansive, and common forms include marriage fraud (especially in prosperous countries where people from less prosperous countries want to immigrate to), false advertising, identify thefts, health fraud, and plain old deception, but the types of frauds you are most likely to encounter as a supply chain professional include bait-and-switch, false billing, forgery, embezzlement, false (insurance) claims, and even bankruptcy fraud.

Bait-and-switch and / or false claims happen all the time. If it didn't, would the recent Mattel recall have happened? (Either Mattel performed quality assurance testing on a sample product, and found no lead paint, which would indicate the manufacturer did a classic bait-and-switch, or they did not perform quality assurance testing and believed the manufacturer with their claims that they did not use lead-based paints and that their methods and quality assurance standards met Mattel's requirements.) Would the recent pet food scandal which involved melamine-contaminated pet food) have happened? Would shipments of diethylene glycol toothpaste have hit store shelves? I think not!

Furthermore, false billing happens all the time. Ask any of the consultancies that specialize in spend analysis. They'll tell you of the dozens of examples where electronics (and computer hardware providers in particular) promise "best-price" agreements, but where the company is still paying the same amount for a given configuration 9 months later when prices on the open market (and through resellers) have dropped 15%+. Or about the dozens of examples where office supply manufacturers change SKUs a few months into the contract and start sending you "substitute" products of equal, or lesser quality, at a higher fee, because the exact SKU wasn't in the contract. Or about how they regularly find fraud in the T&E expense category where a less-than-respectable salesperson will submit the same receipt six times, knowing that as long as he waits until the next reimbursement cycle, it will never be detected. Or the executive who charges his "entertainment" expenses at the local "gentleman's" club where he goes to lunch as part of his "meal" because he knows that the particular expense in question will show up under "meals and entertainment" on his corporate credit card statement and not "personal services" and that he'll get away with it.

Forgery and false insurance claims are also quite common from less-than-reputable suppliers. Some suppliers will falsify shipping documents to indicate more items were shipped than actually were, and then blame the loss on the carrier. Others will claim "defective" products were damaged in shipment, even though they were defective or damaged when shipped. More than one Certified Fraud Examiner has found more than one instance of this situation occurring, and common consensus is that, despite the fact that the number of situations in which this scenario is uncovered and proven is small, it is a rampant problem.

Fraud in the Supply Chain

As discussed in the last section, supply chain fraud is a rampant problem. More so than the bank-frauds that tend to get all of the news attention. The authors believe that this is likely due to a number of factors. Supply chains are bigger, and more complex, and present more opportunities for fraud. Businesses with complex supply chains employ more people than banks do, and it's a lot easier to get a job as a receiving clerk or a warehouse worker than it is to get a job as a hedge fund manager which requires degrees, certifications, and experience. Complex supply chains usually have lots of holes where fraud, if kept to a value that is small relative to the value of goods that flows through the chain (which often have a value in the hundreds of millions of dollars over the course of the year), can often be committed in a manner that will be undetected. There are lots of opportunity for repeat occurrences, and just like the former town official in Willimantic, Maine managed to embezzle funds for over 10 years before being caught, there could be individuals in your supply chain stealing from you on a daily basis and you might not know it.

Where It Can Happen

The simple answer is that it can happen everywhere. It can happen inside your four walls, inside the four walls of your manufacturer, inside the four walls of their raw material supplier, and at every touch-point and (especially) at every hand-off in between.

Let's start by examining the inbound supply chain, as described in the Global Trade wiki, and pictured below:

Fraud can occur at each step of the inbound supply chain. Some (common) examples of fraud that can occur at each step are:

Supplier Selection

A supplier can submit a higher-quality product than it actually plans to, or is capable of, delivering in a bait-and-switch.
A purchaser could select the vendor on the basis of a bribe or kickback.
The supplier might not even be a real supplier, it might a shell corporation owned by the employee in an attempt to double bill for work done. (E.g. Your quality assurance manager contracts a third party review to a company he owns, and reviews the product himself on company time.)

P.O. Creation

The purchase order could be to a non-approved supplier.
The purchase order could be for goods at prices significantly above market price (where the buyer is colluding with the seller to commit fraud and splitting the profits).
The purchase order could be to a non-existent company. (Another example where an employee could be attempting to defraud the company. He could be buying office supplies from his own company, and then fulfilling the orders off of cheapoverstocksupply.com and pocketing the profit.)

Transport Insurance

The insurance company might not be a real company. (With the fraudulent party pocketing the premiums.)
The insurance might not cover what you think it does (where the fine print was hidden or altered).
The company might represent themselves as having the assets to cover a certain magnitude of loss when they really don't.

Financing

The letter of credit could be a forgery.
The cheque could be forged (where a con-artist sells you a product that doesn't exist after running off with your "processing fee").

Carrier Selection

A carrier might not have the right equipment. (Promising to use freezer trucks when they only have refrigerated trucks, or promising cold storage when they don't have any refrigerated trucks in the fleet.)
A carrier might not be able to meet the promised delivery times or be able to handle the agreed to volume, leading to costly shipment delays.
Less-than-scrupulous carrier personnel might help themselves to a box or pallet and claim it was never loaded.

Document Creation

The quantity actually shipped or delivered can be altered.
The wrong HTS code can be knowingly used in an attempt to defraud the government of tax revenue.
Signatures can be forged.

Loading

The supplier will only ship part of the order but claim the full order was shipped.
A box or pallet will be "overlooked" during loading by third-party personnel who will just help themselves to the contents.
The box or pallet will be loaded but then "fall off the truck" which the driver "forgot to lock" when he stops for gas between pick-up and final delivery.

Shipment Tracking

The barcodes might state that the shipment contains product it doesn't.
The GPS chip might be removed during transit and continue on its way while the shipment it was supposed to be attached to gets diverted.
Shipping receipts might be forged.

Import

HTS classification codes might be altered.
Items might be reported as "damaged" or "destroyed" in a FTZ when they really aren't.
Costs or values might be marked up or marked down.

Goods Receipt

The receiving clerk can issue a receipt for more goods than were actually delivered, in collusion with the supplier.
The receiving clerk can issue a receipt for less goods than were actually received, and walk away with them.

Invoice

The invoice can include goods that were not shipped.
The invoice can be for prices above agreed upon contract or PO terms.

m-way Match

An employee with authority can doctor e-documents so that they pass the m-way match.
An auditor with authority can manually override a flag and accept an invalid invoice or issue an invalid payment.

Payment

The payment could be in the form of a bad cheque.
The payment guarantee might be fraudulent.

Tax Refund

The filed return could be fraudulent.
An employee might not report an error made by a tax agency that is to the benefit of the company.

Furthermore, fraud can also occur at each step of the outbound supply chain, as described in the Global Trade wiki, and pictured below:

Customer Approval

The individual who approves a deal might not have the signing authority to do so.
The customer might not be performing the due diligence it is supposed to before entering a new market.

Sales Order

A rogue sales-person could be employing a bait-and-switch strategy to get customers to choose your products or promising terms you can't meet to spike quarterly numbers and defraud you out of a large bonus for product that will be returned or refused.
The individual who signs off on an order might not have the authority to do so.

Order Approval

A sales manager might approve an order to a party on the OFAC denied party list.
A sales manager might agree to terms that you can not meet.

Transport Insurance

The insurance company might not be a real company. (With the fraudulent party pocketing the premiums.)
The insurance might not cover what you think it does (where the fine print was hidden or altered).
The company might represent themselves as having the assets to cover a certain magnitude of loss when they really don't.

Financing Receipt

The letter of credit could be a forgery.
The cheque could be forged (where a con-artist sells you a product that doesn't exist after running off with your "processing fee").

Carrier Selection

A carrier might not have the right equipment. (Promising to use freezer trucks when they only have refrigerated trucks, or promising cold storage when they don't have any refrigerated trucks in the fleet.)
A carrier might not be able to meet the promised delivery times or be able to handle the agreed to volume, leading to costly shipment delays.
Less-than-scrupulous carrier personnel might help themselves to a box or pallet and claim it was never loaded.

Document Creation

The quantity actually shipped or received can be altered.
The HTS code can be knowingly altered in an attempt to defraud the government of tax revenue.
Signatures can be forged.

Shipment Tracking

The barcodes might state that the shipment contains product it doesn't.
The GPS chip might be removed during transit and continue on its way while the shipment it was supposed to be attached to gets diverted.
Shipping receipts might be forged.

Export

HTS classification codes might be altered.
Items might be reported as "damaged" or "destroyed" in a FTZ when they really aren't.
Costs or values might be marked up or marked down.

Goods Delivery

The receiving clerk can issue a receipt for less goods than were actually received, and walk away with them.
The receiving clerk can claim products were damaged that weren't and not send them back.

Invoice

The receiving clerk might substitute a forged invoice.

Payment

The payment could be in the form of a bad cheque.
The payment guarantee might be fraudulent.

m-Way Match

An employee with authority can doctor e-documents so that they pass the m-way match.
An auditor with authority can manually override a flag and accept an invalid invoice or issue an invalid payment.

Tax Refund

The filed return could be fraudulent.
An employee might not report an error made by a tax agency that is to the benefit of the company.

And this doesn't even capture all of the frauds that can occur. Other types of fraud include:

Fixed Asset Fraud
Your employees could be stealing your assets, or using them for purposes other than they were designed for, wearing them out faster and costing you significant amounts of money in repair and early replacement costs.
Picking / Packing
Your employees could be purposefully picking the wrong items or packing less items than they are supposed to, and pocketing the right items, or remaining items, for themselves.
Manufacturing
Your suppliers might not be following the ISO-9000 processes they say they are, using sub-standard materials, or skipping the quality assurance.
Inventory
Especially vendor managed inventory (VMI) where the vendor, or managing third party, manipulates stock levels to either force early reorders (to claim higher profits in a shorter window) or to cover up theft and / or loss.
Warehousing
Temporary warehousing and storage during shipment is also a target. The point at which responsibility changes hands and where security might be weak.
Bidding
Your suppliers can be colluding and fixing bids, or deceptive employees can be rigging bids and award criteria so a "preferred" vendor always wins.

Fraud Signals

By now you should realize that fraud can occur everywhere in your supply chain, and that the big trouble points are often anywhere a hand-off occurs, anywhere an employee, or small group of employees, has too much power, anywhere where there is not a clear division of responsibility without oversight (he who buys should generally not also be responsible for quality assurance, for example), and, particularly, anywhere you don't have (enough) visibility.

Fortunately for you, when it does happen, there are usually signals that you can use to hone in on it and prevent it from happening again. These signals usually fall into two groups - "red flag warning signals" and "all's clear" signals - at both ends of the spectrum. In the first group, it's something that clearly went wrong with your supply chain, but not necessarily something you'd blame on fraud. In the latter case, the fact that nothing has gone wrong in the past three months, with most companies experiencing at least three significant disruptions a year and minor issues almost every week, should be a big clue that someone's covering something. So what should you be looking for?

Red-Flag Warning Signals

Abnormal vendor selection
A brand new, untested, 50M vendor gets an 20M order? Really?
Payments outside the normal accounting system
Generally speaking, although hand delivered payments, manual approvals, and lack of proof of delivery do have valid occurrences, if two or more of these conditions are met on the same transaction, that’s usually not a good thing.
Unusual payment patterns
Falsified invoices rarely follow the same patterns that come from honest suppliers. Examples of potentially fraudulent payment patterns include an increase in payments, a high number of transactions just under audit thresholds, or multiple invoices in a short time period.
Rates are out of line with the company's standing in the market
Higher than expected charges could be for kickbacks or illicit payments.
Unexplained lifestyle improvement
If Joe the clerk, who usually drives a beat up Intrepid, shows up to work in a brand new Beamer, there’s a chance that there could be something up. Now, maybe he did just inherit a windfall and blow it, but if he starts bragging about his recently acquired Viking 45 Convertible next month ...
Complaints or tips
Corrupt staff members will usually try to get rid of non-conformers, exclude them from the “in-crowd”, and marginalize complaints from coworkers.

False "All's Clear" Signals

Automatic Order Triggers in a VMI System
A vendor can manipulate stock levels to indicate a re-order prematurely to increase their revenue
More purchase orders than usual.
Although it looks like your team is doing a good job by getting more purchases through the system, this could represent collusion between your buyer and a seller to inflate either the sales person commission or the buyer's bonus by submitting false orders that will just be cancelled or returned at a later date.
An unusual number of returns.
Your buyer could be colluding with an individual at a shipper's facility to create orders for unwanted goods which will be filled incorrectly; the buyer will then demand a refund and the goods will get lost during the return process.
More defective returns than usual.
Your quality assurance personnel might be accepting inferior products for bribes.

Impacts

As you will have inferred by now, dear reader, supply chain fraud has a number of serious consequences. These include:

Lost and Damaged Goods
Your fixed assets can be damaged and your products stolen.
Financial Loss
You can loose a significant amount of money, especially if embezzlement is going on.
Brand Reputation Loss
If you release a poor quality product that has to be recalled due to safety issues, or that causes harm, your brand reputation is going to take a nose dive (which will soon be followed by a nose-dive in your stock price if you're public).
Jail Time
Under acts such as Sarbanes Oxley, if you're a CEO or CFO you are ultimately responsible for knowing what goes on in your company and the financial results you report. That means, if someone committed fraud or embezzlement on your watch, you could be on the hook!

Thus, it's very important that you do whatever you can to prevent fraud from happening in the first place. The next section will address what you can do.

The Solution

Although there is no perfect solution, as con artists and criminals spend all their time trying to break the system and will eventually break any system that's not rigorously maintained and monitored, the reality is that con artists and criminals usually go after the easy targets. Given a choice between a large organization with an unsecured and poorly monitored supply chain and millions of dollars of easily accessible and easily disposable inventory (on the black market) and a large organization with a carefully monitored supply chain and tight security around all valuable inventory, a criminal is much more likely to target the former than the latter.

The solution is a simple three step process:

Audit
Process Improvement
Visibility Solutions

The Audit

In this phase, you take stock of your supply chain. It starts with a supply chain map. A supply chain map is a graphical representation of the flow of goods throughout your supply chain, starting with the flow of raw materials into your suppliers' factories and ending with your end customers. It identifies all of the physical, financial, and information flows in your supply chain. If your organization has significantly different supply chains for different products, they can be mapped separately, but the maps have to document every process, every participant, and, most importantly, every point where a product, dollar, or piece of information (especially if it is IP) changes hands.

Once the mapping is complete, you perform the audit by examining every process and looking for weaknesses. Where physical goods are involved, you look to insure that all of the parties who handle the goods are known and trusted, that appropriate security measures are in place, and that there are clear separations of tasks between different individuals. This means that, where third parties are used in transportation, they are verified and that you insure they have processes in place to insure the integrity of their people, that valuable goods always have an appropriate level of security, and that the same person who selects the supplier and places the order doesn't also do quality assurance, for example.

Where financial transactions are involved, you not only verify the other party, but the means used to effect the transfer. Whenever possible, insist on wires, ACH, bank drafts, and other forms of verified transactions. Be wary of cheques and uncertified money orders for large value items. Be extra wary of cash transactions, as cash can easily go missing.

Where information transfer is involved, you need to not only verify the identify of the party that you're giving it to, but make sure that such party is bound by the necessary confidentiality and partnership agreements and accepts the necessary liabilities if they fail to keep your confidential information and IP secure.

Process Improvement

Once you've done the audit, you'll have identified a number of weaknesses that need shoring up. The next step is to define and implement processes and procedures that shore up the weaknesses discovered in the audit. Where the physical chain is concerned, this will normally involve creating clear separations of duties and responsibility in key processes, adding security for valuable materials at various hand-offs in the supply chain where the goods are vulnerable, and adding processes to verify the identify of parties involved.

Where the financial chain is involved, you'll need to implement payment policies to insure that only authenticated payment mechanisms are used for transactions over a certain value as well as controls to make sure those rules are adhered to. Finally, where the information chain is concerned, you'll have to develop policies for information control and dissemination and make sure that confidential information and IP is only given to trusted parties.

Visibility Systems

Good processes are a start, but they're not enough on their own. In order to deter parties with less than honorable intentions and prevent fraud, you have to insure that the processes and rules are followed. This will involve the implementation of software systems, and where necessary, monitoring systems to make sure all exchange of goods, information, and currency are appropriately tracked and secured.

Some examples of good visibility systems include:

Vendor Registration Systems
These systems will track all of your vendors, their certifications, insurance policies, and agreements in one central system.
e-Procurement Systems
These allow you to track all purchases that go through the system and make sure that rules are followed.
Global Trade Management Systems
Good global trade management systems allow you to keep on top of documentary requirements, check denied party lists, and track your shipments.
Spend Analysis Systems
Spend analysis systems are great for detecting patterns of suspicious activity, off-contract spending, and outright embezzlement.