How to stop your development organization falling victim to fraud

Fraud is a major problem for aid organizations. In 2018, Mercy Corps discovered it had been scammed out of $639,000 from its rapid response program in the Democratic Republic of Congo. Between 2014 and 2016, the International Federation of Red Cross and Red Crescent Societies lost at least $6 million of its Ebola emergency appeal to fraud and corruption. And in 2014, Oxfam announced it had lost £65,000 following fraudulent invoicing by a former head of counter fraud. The development sector is an easy target for fraud, said Anjie Enabor, principal consultant at Findev Consulting, who blames a lack of robust processes and the need for online transactions. She explained that NGOs face many different types of fraud. One of these is internal fraud, where employees might be involved in siphoning money, perhaps through corruption, bribery, or money laundering. “If … you can demonstrate that your organization can identify fraudulent attempts early, prevent them, and strengthen its controls, that will only make you more attractive to donors.” --— Anjie Enabor, principal consultant, Findev Consulting In addition to internal fraud, there can also be fraud by partners where grantees and suppliers take money from an NGO and don’t deliver the promised results. There can also be fraud by strangers. This can include money extracted via cyberattacks and phishing. But fraud by strangers may not even target the NGO directly. A common tactic is fraudulent fundraising where money is raised in the NGO’s name but is diverted to another bank account. “For example, you get an [NGO] running a campaign to support families in Ukraine and then you get a fraudulent company that could mimic that campaign using a different payment link or website,” Enabor said. In times of crisis, Kris Wallace, director of the office of internal audit and investigations at IFRC, said there’s typically an increase in threats and attacks. During the 2014-16 Ebola outbreak, 4,810 people died of the disease in Liberia, 3,956 died in Sierra Leone, and 2,544 in Guinea. At the same time, collusion between former IFRC staff and bank employees in Sierra Leone, overbilling and fake billing by a customs clearance service provider in Guinea, and fraud related to inflated prices of relief items, payroll, and payment of volunteer incentives in Liberia meant vital funds never reached the intended beneficiaries. The same has been true amid COVID-19, according to Enabor, who explained that there’s been a rise in data fraud over the past two years, most likely because of increased online transactions and remote working. “Being able to process payroll remotely via a VPN network or approve payments on a weekly basis via an internet base or open Wi-Fi connection has created a risk,” she said, adding that people can forget to login via a secure connection or VPN and that’s made NGOs easier to penetrate. There’s also been a reemergence of “old social engineering type fraud,” Wallace said, which includes the manipulation of paperwork, abuse of checks, and falsification of beneficiaries. Lack of resources to fight fraud Fraud can have serious repercussions for NGOs. It can create distrust among the public and donors, who may not want to give further. But these negative reactions from donors are a problem, Wallace said, because they can deter NGOs from reporting. “Do you want to report the fraud to the donor until you confirm 100% that it's there if you think first thing they're going to do is freeze your funding, ask for money back, people lose their jobs, and also you're not able to then support those people that it's your mission to help and support?” Despite the risks fraud brings, the development sector has a particular problem in recognizing the scale of the problem, said Oliver May, director of financial advisory at Deloitte Australia and author of “Fighting Fraud and Corruption in the Humanitarian and Global Development Sector”. May is also a former head of counter fraud at Oxfam. His predecessor was Edward McKenzie-Green who pleaded guilty in 2014 to fabricating firms in order to pocket invoiced amounts. He said a real hierarchy of values in international development means fraud and corruption risks are deprioritized. “There’s a problem in the narrative between what we think of as delivery and what we think of as admin or overheads,” he said, adding that, as a result, senior managers might not make enough budget available for business support activities. “The reality is that to get delivery done safely in the technical and high-risk environment of international development, we’ve got to invest in the right systems,” he added. Samantha Musoke, project director of the International Financial Reporting for Nonprofit Organizations initiative at Humentum, agreed that project-based restricted funding models mean there’s a “chronic underinvestment in infrastructure” and business capabilities such as accounting systems and HR processes. These, she said, are “the very things that you need to fight fraud in organizations.” Organizational action to prevent fraud So what else should your organization do to go about fighting fraud? As a first step, Tom Green, president of the International Anti-Corruption Resource Center, recommended that an NGO “engage in some serious self-analysis to first admit that it has a problem.” IACRC through its DevWin initiative assesses the controls and procedures NGOs have in place and trains staff to recognize vulnerabilities. “For instance, do they let one person approve a voucher or do two people have to approve? Do they allow single source contracts and if so, at what level?” All the experts Devex spoke to said that it was vital to have an organizational fraud policy or strategy that offers guidance on preventing fraud, as well as what to do if it is detected. Part of that should include tightening internal policies and controls, segregating staff duties, confirming bank details with suppliers, performing tests and checks on payroll, having basic IT protection, ensuring staff aren’t doing work on personal laptops, and making sure accounting staff take regular leave, Enabor said. She recommended that IT or finance departments email staff on a regular basis with tips on how to avoid fraud and stress test implemented controls every quarter. Humentum has a free anti-fraud and bribery policy template that shares guidance on fraud response, conflicts of interest, conducting investigations, and reporting to donors. Plans should then be continuously reviewed, May said, to be sure they’re going to work wherever the NGO happens to be in the world. “We've seen our ability to respond to issues being better, but also our ability to get ahead of a fraud, so stopping it when it's a $1,000 issue rather than a $500,000 issue.” --— Kris Wallace, director of the office of internal audit and investigations, IFRC Additionally, there should be a clear method of reporting potential issues, Enabor said. “If some colleague knows that a particular employee tends to make a payment on a Friday without getting the three signatures on the payment run, they can alert somebody internally before it becomes an issue,” she said. For Musoke, this could come in the form of an organizational whistleblowing hotline. She tells a story of where a whistleblowing hotline would have been useful: A local NGO received a grant from an international NGO and the grant officer asked for a 10% kickback. The local board felt they couldn’t say no and then had to falsify expenditure receipts to cover up that 10%. “They didn't know if this guy's boss was also in on it, who to report to, what kind of trouble they were going to get in,” she said. Musoke said senior staff need to declare their stance on fraud. “Do the top leaders have a zero tolerance policy? Do they come out and say ‘this is not something that we will turn a blind eye to here?’” In doing so, it gives people another place to go to query any anomalies and reduces any concerns that senior-level staff will overlook fraudulent activity. Wallace said that Jagan Chapagain, IFRC’s secretary general, regularly acknowledges the issue and is vocal on why it's important to address fraud. “Having him as a champion on board has been hugely helpful for restoring that cultural change and getting people to buy in to why it's important and to why it's a risk they need to consider while they're developing their approach to programs and appeals,” he said. As a manager, being close to staff, understanding what pressures they're under, and having an open relationship are also key in helping spot things, Musoke said. The benefits of addressing fraud Competent anti-fraud systems can impact an NGO’s funding, not only by reducing the amount of resources spent investigating incidents or money lost but in appearing more amenable to funders, Enabor said. “If, for example, you can demonstrate that your organization can identify fraudulent attempts early, prevent them, and strengthen its controls, that will only make you more attractive to donors.” Since the Ebola funds fiasco, Wallace said IFRC has quarterly meetings with its main donors and national societies on the fraud agenda. This provides an opportunity to flag any significant reported cases. Being open about fraudulent activity that’s taken place can help in showing transparency and building trust, May said. “This is really important for helping to shape the conversation and show fraud and corruption does happen,” he explained, adding that organizations that experience fraud should invest in rebuilding and rehabilitating affected teams, conduct a fraud risk assessment, and analyze the existing fraud framework. For May, a culture of transparency and accountability can also address other organizational issues. “I commonly see that organizations that have certain vulnerabilities in place on fraud are also going to be vulnerable to sanctions, counter terrorist financing, and safeguarding incidents.” Following IFRC’s Ebola losses, Wallace said IFRC was transparent with donors and made public statements, which meant that it had to turn the lens internally. Since then, investigations officers have been hired in each regional office, a training program for investigators has been developed, and the Integrity Line – an online system supported by a third party that allows for submission of confidential reporting – has been implemented. These measures mean the number of reported incidents has increased. But rather than this signifying an increase in attempts to obtain money from the organization, Wallace believes it shows people are actively reporting cases. “We've seen our ability to respond to issues being better, but also our ability to get ahead of a fraud, so stopping it when it's a $1,000 issue rather than a $500,000 issue,” he said. While some may question the value of anti-fraud investment and activities, Musoke said it’s like COVID-19; the first case that comes might not be that common but if you do nothing about it, it becomes more common. “When you work in an environment where it's really clear what's expected, there's not a lot of temptation around and there are checks and balances, you're protecting people from themselves [and] each other,” she said.