“It’s not enough just to manage your own company’s supply chain anymore,” writes Ben DiPietro (@BenDiPietro1).[1] By that he means that supply chains are no longer linear or sequential; rather, they are part of a larger network that inevitably relies on other nodes in that network. They are complex and that complexity invites fraudulent activity and is often used as cover for it. Analysts at Katzscan agree. They ask, “Did you know that a trouble-free supply chain can be an indicator of cover-ups by participants (both inside and outside your company) who don’t want to get caught in the act of fraud?”[2] That sums up the conundrum faced by supply chain risk managers — they can’t even rest easy when things seem to be going smoothly. Katzscan analysts add, “Perpetrators of fraud don’t want to make the evidence obvious! They know that when they do, people will start investigating.” They go to note, “Fraud is generally a breach of confidence. … Fraud is done with purpose and intent.” In other words, supply chain risk managers aren’t paranoid — people really are out to get them. If you don’t think fraud is a problem in your supply chain, a press release from Deloitte might change your mind. It notes that for the third consecutive year, about 30 percent of respondents to an annual poll “say their companies experienced supply chain fraud, waste or abuse in the preceding year.”[3] It takes real effort to eliminate fraud out of a supply chain. Han Kieftenbeld, Chief Financial Officer for AB Mauri, told DiPietro, “By embedding best practices, mandating transparency throughout the system, better employing technology and putting in place effective training programs for all levels of employees to make sure rules are followed, fraud is deterred and reputational black eyes that could arise from the use of child or slave labor [can be] avoided.”

A few years ago the Chartered Institute of Procurement and Supply (CIPS) published an article written by Ron Hardwick that warned fraud was on the rise. “Fraud is commonplace, wide-ranging, costly, and clearly affects the supply chain, as well as all other areas of corporate business,” Hardwick warned. “Fraud is also on the increase, especially with the development of IT systems and ever more sophisticated methods of perpetrating fraud.”[4] Hardwick went on to describe the most common types of fraud:

Corruption – meaning the payment or receipt of any unauthorized benefit to or by an agent (usually an employee) for doing, or not doing, anything in relation to his work. Examples include:
• acceptance by an employee of cash for influencing a decision made on behalf of his employer.
• payment of club membership for an employee of a supplier in return for favorable treatment.
• indefensibly lavish entertaining of, or by, an employee with the possible intention of influencing a decision.

Conflicts of interest – where agents (again usually employees) have private, undisclosed interests that could interfere with their work and fiduciary obligations to their principles. Examples Include:
• engaging in part-time work or consultancy, without permission.
• using sensitive company information for personal benefit, including insider dealing.
• drug or alcohol abuse, which affect work performance.

Theft of assets – including the unauthorized removal of intellectual capital and information. Examples include:
• theft, embezzlement, false accounting, and deception.
• theft or misuse of proprietary information.
• malingering and theft of time paid for by the company.
• commercial deception by suppliers, customers, and others.

False reporting and falsifying performance – this includes both the creation of false reports and suppression of material information. Examples include:
• submitting false accounts to conceal inadequate performance or to qualify for a bonus.
• using false accounts to deceive investors, bankers, a stock exchange or a third party.
• manipulating financial results.
• suppression of regulatory and other breaches and false reporting; examples include: falsely reporting compliance with environmental, anti-discriminatory or other regulatory requirements;
fraudulently concealing violations of money laundering, health and safety, human rights or other regulations.

Technological abuse – including unauthorized access to computer systems, implanting viruses
or other malicious code, and sabotage. Examples include:
• accessing computer files without authority.
• unauthorized Internet browsing.
• computer related fraud.

Since fraud is done with purpose and intent, even the best training programs won’t dissuade malefactors from pursuing their evil plans. Some companies are adding technologies, like cognitive computing and advanced analytics, into the mix in order to detect and deter fraud. However, not enough companies are doing so. Deloitte reports, “Just 29.3 percent of … respondents use analytics to mitigate supply chain fraud and financial risks. Two-thirds (67.1 percent) are confident employees will report any schemes they see in the coming year.” Since employees are often a part of the problem, that trust may be misplaced. In a press release that accompanied the results of the previous year’s poll, Mark Pearson, an Advisory principal in Deloitte’s Forensics & Investigations practice, warned, “Don’t fall into the ‘it can’t happen at my company’ trap. Forces outside your company aren’t always to blame. Employees often leverage transactions involving vendors and third parties to their own benefit via supply chain fraud — and when collusion is involved, detection and prevention is quite difficult.” In that same press release, Deloitte published some of the warning signs for supply chain fraud, waste and abuse.[5] They include:

• Bidding/procurement processes that are not robust or independent;
• Lack of sufficient clarity in third-party invoice details;
• Poor or strained relationships with certain third parties;
• Infrequent or non-existent “right-to-audit” assessments of suppliers and licensees’ practices;
• Little-to-no oversight into proper administration of agreements with third parties; and,
• Use of third party agreements that are sole-sourced without a clear explanation or are constructed as cost-plus agreements without clear definitions of cost and other relevant terms.

A couple of years ago, Jamie Bisker (@jbisker), a self-described insurance maven for Salesforce, foresaw the value of cognitive computing in helping to detect fraud. “Cognitive computing,” he wrote, “will be essential to power critical decisions that go beyond the current use of rule-based knowledge and the retroactive use of the results of predictive analytics. The aforementioned next generation of risk management (solutions that are evidence-based, personalized, actionable and much closer to real time with dynamic durations) will require big data feeds and tools that make sense of that information flow … according to my cognitive computer.”[6] More recently, Judith Hurwitz (@jhurwitz), President and CEO of Hurwitz & Associates, wrote, “Cognitive computing is not a single technology or a single market. Rather it is an approach to solving problems by leading with data. … Fraud detection is another important area where advanced analytics and the cognitive computing system can have a significant impact.”[7] It should be clear there is no single approach or strategy for eliminating fraud from the supply chain. Fraud must be attacked on multiple fronts using traditional methods as well as emerging technologies. The worst thing a company can do is bury its corporate head in the sand or deny the possibility that fraud could be taking place.

Footnotes
[1] Ben DiPietro, “Fighting Supply Chain Fraud Requires Strategy, Commitment,” The Wall Street Journal, 27 August 2014.
[2] Katzscan Staff, “Trouble-Free Does Not Mean Fraud-Free,” Supply Chain Fraud.
[3] “Supply Chain Fraud Levels Unchanged for Third Consecutive Year,” PR Newswire, 4 April 2016.
[4] Ron Hardwick, “Supply Chain Fraud in the 21st Century,” Chartered Institute of Procurement and Supply, 2013.
[5] “Despite risks, many still lack supply chain fraud prevention and detection programs,” Deloitte, 18 May 2015.
[6] Jamie Bisker, “Thinking About Cognitive Computing,” Insurance & Technology, 9 September 2014.
[7] Judith Hurwitz, “Why Cognitive Computing Solutions, Driven by Advanced Analytics, Will Replace Traditional Applications,” Reltio Blog, 21 September 2015.