In KPMG’s COVID-19 Fraud Survey, 67 percent of Australian companies that responded reported they were at risk of being exploited by suppliers. Here we explore why suppliers present a significant risk and how you can reduce your business’ vulnerability.

Organised crime has been quick to take advantage of the current global uncertainty caused by coronavirus, mounting large scale orchestrated campaigns to defraud businesses and preying on fear and anxiety caused by the pandemic.

Board and senior leadership attention is diverted to address immediate burning issues such as liquidity and capital management in the current climate. This provides fraudsters with a head-start to grow their own profits by exploiting any new or enhanced vulnerabilities in your supply chain. This article continues on from our earlier supply chain analysis article, COVID-19 Actions for supply chain leaders, and examines the main reasons why your supply chain is so highly vulnerable to fraud and corruption in light of the coronavirus pandemic.

Supply chains are inherently vulnerable to fraud due to their global spread, the complexity of the operating environment, and the sheer volume and scale of transactions. COVID-19 era supply chains are at even greater risk of fraud due the rapid introduction of new suppliers.

Constrained supply chains have meant that organisations have needed to look to alternative suppliers to meet demand. These suppliers may be in different geographies, meaning new ports and the challenge of trans-shipment are introduced. New geographies bring with them new potential bribery risks and greater exposure to foreign public officials who might seek a bribe or facilitation payment to allow the passage of goods.

In addition, changes to suppliers often mean changes to many other components of the supply eco-system. The new supplier may necessitate the use of new third party logistics providers, new freight forwarders and customs clearing agents. The rapid introduction of so many new third parties into the supply chain, when they may not have been subject to appropriate due diligence, is a material risk.

New suppliers can mean exposure to new IT systems for ordering, payment, dispatch and tracking. Research suggests that 60 percent of cyber attacks occur in the supply chain¹. Organisations need to be particularly cautious about opening back doors into their own infrastructure through interfaces with smaller third parties who might lack robust IT security protocols.

Businesses on every continent are faced with extraordinary challenges caused by the coronavirus pandemic including volatility in supply and demand for goods and services, constraints in mobility and traditional business operations, falling share prices and unforeseen business liquidations, plus intense pressure to reduce costs.

In preparing a business continuity response, organisations should look at the fraud, bribery and corruption risks as closely as they examine any opportunity for cost optimisation within the supply chain. Potential fraud losses could cost an organisation significantly more in the long run – even seemingly small supply chain fraud events, perpetrated while controls are weakened, can aggregate to a significant loss over time.

Supply chain fraud is typically opportunistic and in the majority of cases involves some complicit behaviour from an internal source. The chaos the coronavirus has caused has presented ample opportunities for criminals to exploit: taking advantage of current supply shortages, reduced or immobilised workforces, low productivity or staff morale and public desperation. Our article COVID-19: Protect your business from fraud and corruption examines this topic in further detail.

In a KPMG survey, Global Profiles of the Fraudster performed in 2016, it was discovered that less than half of supply chain frauds were identified by fraud risk management controls, most were accidental discoveries. This is a stark contrast from traditional frauds which can be detected through, for example, automated fraud rules and alerts or identity and access management controls. This highlights that catching supply chain fraud organisations requires a deeper understanding and a dedicated supply chain fraud action plan.

A supply chain fraud action plan, performed as part of a larger fraud risk assessment will enable organisations to safely navigate this challenge. The more you know about the risks you are facing, the greater the chance of effective risk management and fraud prevention.

• Examine all links in your supply chain including your manufacturers, sub-manufacturers, distributors and logistics agents. Ensure you know who your suppliers’ suppliers are. Indirect exposure to supply chain fraud is often overlooked. Pay particular attention to the use of sub-contractors. Adding sub-contractors into the system that haven’t been properly vetted can expose you to a critical risk. Confirm that you have complete visibility over the extended supply chain.
• Consider fraud risk in your contingency plans for any critical components of your supply chain.
• Examine the global reach of your supply chain and map this to the current levels of impact, border restrictions, use of customs clearing agents and the use of freight forwarders.
• Review vendor on-boarding controls, and contractual clauses relating to exiting supplier relationships.
  

• Review your vendor risk management fraud controls in light of remote working operations to consider any changes which may be required.
• Run a data analytics exercise to identify any cost outliers within your general ledger or unexplained gradual increases in funds distributed to your suppliers which may have fallen under the radar.
• Examine the current effectiveness of your conflicts of interest and whistleblowing controls.
• Identify and monitor any critical suppliers in countries which have been worst hit by COVID-19.
• Identify any materials which are critical within your supply chain and could become scarce within the short or medium-term.
  

• Based on the results of an interim fraud risk assessment, consider any opportunities to enhance your supply chain control framework to meet the heightened risk.
• Set the ‘tone from the top’ and remind employees how they can report supply chain fraud or misconduct in your organisation. Remind employees of their fraud prevention obligations, particularly those in high risk roles.
• Perform a ‘pulse-check’ on employee wellbeing. Supply chain fraud often fails without a complicit internal aide. Take measures to foster a cooperative and compliant culture and manage the risk of low morale and increased motivation and rationalisation to commit fraud.
• Liaise with your procurement and operational risk teams to identify areas where risks can be mitigated through, for example, identifying alternative suppliers, and/or splitting orders across a number of suppliers, modifying logistics arrangements and payment terms. Managing inherent operational risks will have a positive impact on lowering your exposure to fraud risk, as it minimises the opportunity for exploitation by suppliers.

If you have any questions regarding the content of this article and would like speak to someone from our team please contact us.