30 Jul 2019
Data falsification, salary kickbacks among ‘emerging fraud risk areas’; procurement-related frauds decline

The “I Speak out Now” website, the news and resources website of the Office of the Inspector General (OIG), features frequent updates on matters of risk-related interest to Global Fund implementers, ranging from ‘How to protect against school fee fraud’ to ‘Fighting back against phishing’ and ‘Speaking out about human rights violations’.

A recent blog by Katie Hodson, the OIG’s Head of Investigations, focused on the ‘changing global fraud landscape’ as observed in the OIG’s assessments of Global Fund grant implementation. Part of Hodson’s role is ongoing monitoring of this ‘landscape’, for the purpose of protecting the Global Fund’s assets and reputation.

Underpinning Hodson’s theme (also expressed in the OIG’s 2018 annual report) is evidence, in numbers, that the nature of the most frequent frauds perpetrated in Global Fund grants has substantially shifted, from primarily procurement-related frauds to training-, supply chain- and programmatic data-related fraud. Five years ago, most fraud allegations the OIG received (11 cases in 2014-2015, or 80% of the total) were related to procurement; today, there are far fewer (2 cases in 2018, or 20%).

Hodson says that the Global Fund’s pooled procurement mechanism is thought to be a positive contributing factor to the reduction in procurement-related frauds, but this in turn has meant that dedicated fraudsters now look for areas that have weaker controls, for example components of in-country supply chains such as warehouses and government distribution mechanisms.

Hodson’s blog addresses different types of fraud (procurement, training-related, per diem-related, embezzlement, data falsification) and highlights “emerging fraud risk areas”, which are also identified in the OIG’s 2018 annual report, including programmatic data fraud (the OIG’s 2018 Guinea data fraud investigation was the first case of this kind) and salary kickback schemes (See GFO article from 3 September 2018).

Currently, the OIG’s fraud-related investigations break down into a few main ‘buckets’: 33% of investigations concern training-related frauds, 20% are supply chain-related issues, 7% relate to instances of embezzlement, 7% to data manipulation, and 13% to other schemes such as salary kickbacks and school fee-related frauds.

Alerting the OIG – fraud allegations

In 2018, the OIG received 208 allegations of fraud (just one more than in 2017), including 107 from ‘whistleblowers’ and 35 directly from the Secretariat, which Hodson says are generally ‘credible’, because leads that come from the Secretariat often come “from LFA [Local Fund Agent] eyes and ears on the ground”. (The OIG opened investigations into 64 of these cases, or 31%.)

“[The LFAs] are the ones that have access to the books and records,” Hodson says. “They’re the ones that are looking into the accounts, so often the information received [by the OIG] from the Secretariat has already been verified.”

Whistleblowers remain critical, though, Hodson affirms. “We always encourage people to speak out and encourage people to tell us – but timely reporting is one of the things that keeps me awake at night,” she says, meaning that sometimes whistleblower reports come in long after the wrongdoing has occurred. “When the Secretariat hears about something, we want them to tell us at the earliest possible opportunity. [And] we encourage whistleblowers to report ‘red flags’, things they see that that aren’t usual.”

Emerging types of fraud

When speaking to the GFO, Hodson expanded on the emerging types of fraud the OIG is now seeing more of, notably the relatively new issue of data falsification (as in the Guinea 2018 example) and salary kickbacks, areas in which the OIG currently has three new investigations underway. Hodson pointed out that the Guinea case had a relatively low level of financial loss associated with it (non-compliant expenditures totalled $114,366), but that this has led to the OIG taking a sort of ‘broken window’ approach to investigations (where a seemingly minor offence may signal or trigger other more serious infractions).

In another data falsification case that the OIG is currently investigating, Hodson said procurement fraud was identified first, and that had led to further investigation. “Perhaps where the OIG might have stopped in the past, we’ve said that if they’re prepared to commit fraud on expenses and procurement, what other services and activities are they delivering and is it possible that they’re falsifying [data] in that work? So we’ve turned our attention to that, too.”

Another recent method of committing fraud involved a phishing email. This is a type of social engineering attack, occurring when an attacker, masquerading as a trusted entity, dupes a victim into opening an email and then clicking a malicious link.  That link can lead to the installation of malware, revealing of sensitive information, or important data, that the attacker can use to breach a system or account. (Source: www.imperva.com.) This is the first report of a successful phishing attack on a Global Fund implementer that led to a loss of funds, Hodson said, and the OIG’s investigation report will be published once the OIG has received a reply from the implementer to the ‘letter of findings,’ which the OIG has already sent. Hodson could not yet make public the country name or the details of the case, but the lesson learned from this case will be shared with other implementers to increase awareness of the risks.

“We know from colleagues in different [international] institutions that this isn’t the first time that our NGO-type communities have been targeted,” Hodson said. “It seems to be quite a targeted scheme that has been successful in other organizations as well.” The OIG is now developing ‘ispeakoutnow’ material (to add to its collection of resources and e-learning materials) for Global Fund implementers on how to spot the red flags and minimise the impact of similar scams.

“It’s all very well detecting these [schemes],” Hodson told the GFO, “but we want to make sure that we mitigate the risk of this happening again, investing our resources into areas that can really help the Global Fund achieve its objective.”

A future article in the GFO will focus on the Office of the Inspector General’s proactive investigations, as well as oversight investigations.

Leave a comment