Third party fraud is a persistent problem, here’s how to address it

By Jane He, Partner, PwC Australia, and Pernille Hebert, Director, PwC Australia

Fraud remains a significant and ongoing challenge for organisations, but one of the most critical threats often comes from the people with whom they do business, rather than from within. Fraud committed by third parties—such as agents, vendors, and customers—is alarmingly common and poses a serious risk for both small businesses and multinationals, irrespective of their location or industry.

According to PwC’s Global Economic Crime and Fraud Survey (GECS) 2024, procurement fraud ranks among the top three most disruptive economic crimes experienced globally in the past two years. The survey reveals that 19% of Australian respondents identify procurement fraud as one of the top three most disruptive frauds, while 21% of Australian businesses have encountered it.

Interestingly, however, 39% of Australian businesses consider procurement fraud a widespread concern, compared to 55% globally. This discrepancy suggests that Australian companies may be underestimating the risk, have different fraud detection mechanisms in place, or benefit from stronger controls that make fraud less likely to occur in Australia than in other countries. Conversely, the 51% of Australian respondents who do not perceive procurement fraud as a significant issue might be overlooking potential vulnerabilities, especially given current economic pressures. The focus on cost and expenditure could lead to changes in the supply chain that create opportunities for fraud.

For organisations that haven’t experienced procurement fraud or don’t view it as a concern, it is crucial to assess whether they have implemented the following measures:

• Due Diligence and Risk Assessments: Thoroughly evaluate third parties to understand and mitigate risks.
• Proactive Monitoring of Contract Compliance: Regularly review contracts and ensure compliance.
• Robust Governance of Procurement Processes: Implement strong governance frameworks to oversee procurement activities.

Failure to address these aspects can result in severe consequences. Fraud by third parties can lead to substantial financial losses, potentially amounting to millions of dollars in high-value contracts and may persist unnoticed for years. Deeply embedded fraud can become a business norm, leading to reputational damage and potential social harm. Additionally, third-party fraud can disrupt operations, affect morale, and create legal or regulatory challenges.

Third party fraud can also significantly impact operations, disrupting the supply chain, with regulatory or legal issues that arise from having to respond to fraud. With immense dependency on your supply chain, and lengthy timeframes to replace a supplier of a significant good or service, it not only disrupts operations, but also starts to impact morale, and is a huge psychological tax for your workforce.

Building Confidence Through Proactive Measures

While 75% of Australian respondents express confidence in understanding their third parties, this confidence does not always extend throughout the supply chain. The survey highlights that 33% of respondents do not use risk scoring in their assessments or monitoring activities, and visibility often stops short in subcontracting scenarios.

To address these issues, organisations should implement a comprehensive third-party risk assessment programme to identify and mitigate risks. This involves:

• Improving Visibility and Mapping the Supply Chain: Undergo rigorous and robust risk activities by mapping key people, processes, and controls. Identifying gaps will help you proactively address potential vulnerabilities. Mapping the supply chain is crucial for recognising and mitigating risks. According to the survey, 29% of Australian respondents have mapped their supply chain to tier 1 suppliers, and 22% have extended this mapping to tier 2 suppliers. Although these figures are higher than the global averages, further work is needed to enhance visibility by mapping beyond tier 2 suppliers.
• Tailoring Due Diligence and Risk-Based Activities: Implementing timely conflict-of-interest disclosures as part of the procurement process can address various issues. Procurement processes should be reviewed to avoid violations of conflict-of-interest policies, which can create perception issues even if not directly related to fraud. Tailored due diligence and risk-based activities can reduce costs, save time, and minimise tensions between procurement and operations teams. Enhance integrity due diligence with more extensive media and ASIC searches to better understand who you are doing business with. The level of rigour should be informed by your risk activities to ensure adequate comfort.
• Doubling Down on Awareness Training and Setting Expectations: According to GECS, 69% of organisations have improved anti-fraud training for procurement personnel. This training is crucial to remind staff and third-party networks of their obligations to disclose conflicts of interest. A well-defined third-party code of conduct and a ‘speak-up line’ are effective tools for monitoring and addressing potential issues.
• Monitoring for Better Outcomes: Collaborate with operations, risk, and legal teams to ensure contracts include the necessary clauses for auditing and monitoring. Ensure that contracts allow for the detection of misleading or fraudulent activity and that a robust monitoring programme is in place. This approach serves as a deterrent and signals to suppliers that you are actively overseeing compliance.
• Quantifying Losses to Understand Impact: Regularly quantify losses from procurement fraud to gauge the financial impact and develop effective countermeasures. While 25% of Australian organisations quantify losses annually or more frequently, 39% do so infrequently or not at all, potentially hindering the development of robust anti-fraud strategies.
• Using Data and Analytics to Support Due Diligence Efforts: Leverage data analytics to identify unusual activities, such as bid payments. While data enhances fraud detection capabilities, advanced technology also enables sophisticated fraud attempts, making it imperative for organisations to implement enhanced controls.
• Establishing a Tone from the Top: Ensure senior leadership actively supports and champions fraud prevention efforts. Their involvement helps align organisational goals and strengthens the effectiveness of risk management activities.

Safeguarding Against Third-Party Fraud

In an ever-evolving global landscape, vigilance and proactive measures are essential for protecting against third-party fraud. By adopting these strategies, Australian businesses can safeguard their operations, enhance their reputation, and foster a positive corporate culture. Addressing third-party fraud should be a top priority for every organisation to ensure long-term success and resilience.

This article has been prepared for general guidance on matters of interest only and does not constitute professional advice. You should not act upon the information contained in this article without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this article, and, to the extent permitted by law, PricewaterhouseCoopers, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this article or for any decision based on it.

PwC’s Liability limited by a scheme approved under Professional Standards Legislation