Outsourcing processes and technologies outside direct organizational control inevitably increases the risk of fraud. However, as explained by Andres Otero, Latin American Managing Director and Market Leader for risk advisory firm Kroll, companies engaging in outsourcing can take a number of steps to protect themselves against fraudulent outsourcing activity.
“The main reason outsourcing increases the risk of fraud is that the internal controls of a company get outreached to an entity or third party where they don’t have the same level of penetration,” said Otero. “The people companies hire in other markets don’t necessarily have the same vetting or professionalism in their conduct as people in the US typically do. There are cultural issues. For example, there are things you can culturally expect from employees in the US and Canada that are different than what you can expect from employees in Latin America.”
Outsourcing fraud can take many different forms. Otero said some of the most common include fraud that occurs when a third party outsourcer in turn depends on another provider for support or to deliver certain services, lessening direct client oversight even further, as well as fraud that occurs when inside employees collude with service providers in activities like paying or receiving kickbacks or otherwise engaging in conflicts of professional interest.
And according to Otero, certain types of outsourcing, such as IT outsourcing, pose an especially high risk of fraud. “A third party basically controls your IT infrastructure,” said Otero. “That creates generally high risks of information leaks and breaks and disruptions in your infrastructure.”
The best way to prevent outsourcing fraud is to avoid dealing with unscrupulous service providers in the first place.
Risk Exposure is Never Outsourced
One of the biggest mistakes outsourcing clients make that can lead to fraud is to make the assumption that when a process or system is outsourced, all the associated risk gets outsourced, as well. “You will receive the same disruption to your business whether the risk is transferred or not,” he warned.
While performing basic due diligence and including warranties and penalties in contracts can help reduce the risk of outsourcing fraud, Otero advised there are other actions outsourcing clients can take to help uncover fraud when it does occur. “Many times we see red flags that our clients didn’t pay attention to,” he said.
One red flag indicating possible fraud is unusual email activity between an employee and an outsourcing provider, Otero said. “The information in a corporate email account belongs to the company, so you should monitor and review corporate email. Keyword searches can also help.”
In addition, Otero said companies engaged in outsourcing should use data mining and analysis to uncover suspicious activities such as unexpected payments or transfers of money from the company or its employees to service providers.
An Ounce of Prevention
Naturally, the best way to prevent outsourcing fraud is to avoid dealing with unscrupulous service providers in the first place. Figuring out who the scammers are is not always easy, but Otero offers advice for determining what providers to stay away from.
“You need to understand human behavior,” Otero said. “People think fraud is performed through technology, but it’s perpetrated by humans.”
Otero said in some Latin American countries, if an outsourcing vendor is substantially more successful than its competitors, that should be enough to raise suspicions. “Examine the reasons behind the success,” he said. “It may sound like a witch hunt but it’s not. It’s creating a preventative culture rather than a reactive one.”
Thus before engaging with a service provider, prospective outsourcing buyers should examine existing contracts, interview current and former customers and also current and former employees. “In a vendor if a function has seen heavy rotation, speak with former employees who once did that job,” he said. “Former employees will provide information that current employees cannot or will not. They may have seen irregularities.”
In addition, Otero said vendors who have lost bids or contracts may have presented issues that for one reason or another clients chose not to publicize or seek legal action against, but simply took their business elsewhere.
Finally, companies that want to detect fraud in their partners need to also be transparent about fraud that may occur internally. “You need whistleblower policies,” he said. “Don’t just provide communication tools, but also do something about what’s being reported and give proper feedback. Knowing there’s a problem and not doing something about it is worse than the deceit itself.”