Kickbacks – under the table and under the radar

PS&Co_horizontal_Color

Authored by: Leo Munoz, CPA/CFF, CFE

In the fraud environment, kickbacks are classified as corruption schemes because they typically involve collusion between employees and vendors, where the fraudsters involved are either giving or receiving something of value to influence a business decision without the employer’s knowledge and consent.  In the public, we hear the cliché that an individual was receiving kickback payments “under the table.”  Kickback schemes often fly “under the radar” of management and can last years without detection, resulting in significant financial losses to victimized companies.

PS&Co kickbacks money pic

The classic kickback scheme involves an employee and vendor engaged in a collusive relationship for the purpose of diverting employer business to the vendor in exchange for cash payments or value-based arrangements to the employee.

Kickback schemes go undetected for a variety of reasons, including the following:

  • The employee involved is in a position of management and wields his or her influence to facilitate the scheme through the company’s normal accounting processes.
  • Some schemes involve multiple employees, which increases the opportunity to circumvent a company’s internal control procedures.
  • The company’s procurement policies allow for “sole-sourcing” or “limited number of vendor” bids at a specified dollar threshold, resulting in limited oversight.
  • The company’s procurement and payables processes lack detection-type internal control procedures to red-flag unusual activity on the back end of the process.
  • A company may lack a formal bidding policy, which results in an environment of undefined roles and responsibilities.
  • Business is diverted to vendors who are related in some form or fashion to the employee authorizing the business relationship; however, the relationship is unknown to the employer.
  • Services rendered by a vendor involved in a kickback relationship are services operationally needed by the victimized company and, therefore, do not raise questions with management.
  • Kickback cash payments or value-based arrangements (such as gifts, paid vacations, or free use of vacation homes) to the employee are typically not processed through a company’s accounting system.

Most kickback schemes are detected through tips from honest or disgruntled co-workers or vendors.  Therefore, if a company does not have a “fraud/whistleblower” hotline already in place, that would be a good start to initiate a process to detect kickback schemes.  However, while receiving a tip from a hotline helps, the tip, in most cases, comes after the scheme has been perpetrated for months or years.

In addition to having a whistleblower hotline, a company can initiate processes to detect possible red flags that may reveal signs a kickback scheme is active, such as:

  • Periodically review vendor transactions to spot a significant amount of activity with a few vendors; a year to year comparison may also reveal an unusual increase in transactions with vendors or situations where cost of materials or services is out of line.  Overbillings by vendors is a classic strategy deployed by vendors to fund their kickbacks.
  • If a company has a procurement policy that includes limited procedures for lower dollar thresholds, then place a periodic process to confirm vendors awarded work are legitimate “third party” vendors.  Simple background checks can confirm –
  1. Vendor ownership and valid Employee ID number
  2. Physical address and valid phone numbers
  3. Website presence

For limited bids with a limited number of bidders, review the vendors that were not awarded the work to determine if they are legitimate companies and not simply “shell” companies used to meet procurement policy requirements.

  • Perform a periodic database search that matches vendor addresses to employee addresses.
  • Create a robust vendor set-up process which compiles detailed vendor information and is reviewed and approved by someone either outside the procurement department or not involved in the collection of vendor data.
  • If not already part of a company’s procurement process, establish and enforce a written bid policy with detailed procedures and defined roles and responsibilities.

For companies who are intentional about addressing “bribery/kickback” risk within their organization, a formal “bribery/kickback” risk assessment can be performed with help from fraud expert consultants if needed, in order to identify areas that are susceptible to this type of fraud.