Government Vendor Fraud: is prevention the ultimate cure?

People and technology must work together to prevent government fraud 

For as long as there have been governments, there have also been people seeking to defraud the system for personal gain. In ancient Rome, construction contractors discovered they could profit more by using low-quality, pitted marble for buildings and charging the government for premium, high-quality marble. During the Civil War, the federal government passed the False Claims Act (FCA) as part of an effort to prevent opportunists from selling lame horses, broken rifles, and spoiled provisions to the army. The FCA was strengthened in 1986, when reports of the government paying exorbitant sums for everyday items - $600 for a toilet seat, $400 apiece for hammers - came to symbolize government “waste.”

Yet fraud, waste, and abuse still happen. Since 1986, the Department of Justice has recovered $56 billion from prosecutions under the False Claims Act, with $3.7 billion recovered in 2017 alone. And that’s just at the federal level. State and local municipalities lose millions every year to various types of vendor fraud, despite the rigorous processes and safeguards intended to exercise due diligence to prevent it.

One of the greatest challenges for governments of all types is that most fraud is discovered after a crime has already been committed. Preventing fraud before it happens – by not hiring illegitimate businesses in the first place – is sometimes difficult because surface appearances can be (and in fact are meant to be) deceiving. Fraudsters are highly adept at presenting themselves as legitimate service providers, precisely because their con depends on it. In Missouri, an owner of a construction company recently pleaded guilty to a scheme in which he pretended his company was being run by a disabled veteran, giving it preferential treatment for $13.8 million in contracts the company otherwise would not have qualified for. And in El Paso, $3.2 million in funds for a downtown streetcar project were diverted into the bogus bank accounts of a front company posing as a legitimate vendor.

Identifying potentially fraudulent vendors before they are hired is not always possible, of course. Many types of vendor fraud involve billing schemes that manipulate invoices or under-report the true cost of services in order to skim a larger profit. These scams are often crimes of opportunity that exploit loopholes in the invoicing and payment process. Other methods of vendor fraud require the cooperation of a government employee, one who somehow feels justified in exploiting the power of their position for personal gain. If those involved are respected businesses (at least on paper) or trusted employees, it can take years to identify a pattern of malfeasance. Financial audits, compliance controls, and tips from whistleblowers are how most of these types of scams are discovered – but again, these require the crimes to have already been committed, and for the fraudulent activity itself to be well established.

That said, the scourge of chronic offenders skilled at thwarting the system is very real, and the costs are significant. Not only does fraud increase the overall cost of government services and stifle legitimate competition, it also erodes public trust in government institutions and increases skepticism about the quality of services taxpayers are getting for their money. By some estimates, various forms of fraud, waste, and abuse – particularly in the areas of healthcare, social services, and the military – account for as much as five percent of the nation’s GDP.

People, resources, and priorities

The first line of defense against vendor fraud is of course the normal application and vendor assessment process for government services. In fact, existing contract and procurement processes are nothing if not elaborate filters designed to ensure that only qualified applicants get considered for government funds. However, some well-intended government regulations have also tempted people to commit fraud, or at least try. Regulations giving preferential treatment to businesses owned by women, minorities, or veterans are a good example. In order to win such contracts, husbands have been known to list their wives as the “owner” of their business, or – as was the case with that construction company in Missouri – pretend that the business is run by a veteran.  

According to Sandra Vargas, a former head administrator for Hennepin County, the largest county in Minnesota, such equal-opportunity regulations walk a fine line between opening access – which is good – and inviting risk, which isn’t. “No system is perfect, and any time you have human beings involved, you have the potential for fraud,” says Vargas. “But the only way to eliminate the risk for fraud altogether is to shut programs down completely. Short of that, minimizing risk is the goal. The question for governments is: How many resources do you want to throw at the problem?”

Like so many other government sectors, including the courts, the functions of procurement and compliance are complicated by shifting leadership priorities and perpetual pressure to keep pace technologically in an age when spending on IT infrastructure is often viewed as a necessary evil at best. To be sure, the National Association of State Procurement Officials (NASPO) 2017-18 annual report lists the profession’s No. 1 priority as “strengthening the strategic role of state central procurement” in order to create more efficient processes and improve coordination with executive branches of government. In addition, the profession’s No. 1 “horizon” priority, according to NASPO, is “leveraging data management and advanced analytics,” followed by applications of artificial intelligence and blockchain.

Technology and fraud

Each state’s politics are different, of course, but they share a common theme: the increasingly important role of technology in the vendor risk assessment and procurement process. To be sure, targeted use of data analytics and increasingly sophisticated artificial intelligence algorithms do offer governments new and better tools to research and track vendors, which in the long run should limit opportunities to game the system. Furthermore, such tools are also excellent at identifying the kinds of anomalous spending patterns that often alert authorities to fraudulent activity.

Vendor and supplier due diligence in the current procurement application and screening process includes (but is not limited to) searching public databases and social media for clues about the legitimacy of new or potential vendors. Criminal and civil records can also be searched for involvement in lawsuits or evidence of wrongdoing. A history of bankruptcy, judgments, and liens on property can also be indicators of criminality, as can associations with businesses or individuals that have been linked to fraudulent activities in the past. Third-party service providers who specialize in investigative data mining and risk management can go deeper still. And organizations like the Project on Government Oversight (POGO) maintain such helpful resources as the Federal Contractor Misconduct Database (FCMD), which anyone can search to determine if a potential contractor has ever been associated with any misconduct or corruption.

Career criminals know how to cover their tracks, and the sophistication with which they hide their activities continues to improve. Shell companies that mask the identity of a business’s true owners; tech-savvy criminals who know how to scrub their digital footprint and curate an alternative identity online; international hackers who pose as legitimate suppliers and vendors – all are smokescreen tactics to hide illegal activity.

Habitual abusers of the government procurement process also tend to be familiar enough with the system to identify cracks and fissures they can exploit. Chris Tonjas, Chief Information Officer for the Washington D.C. Attorney General’s office, has seen several such cases.

“In one instance, we had a vendor claiming phantom hours – imaginary hours that people didn’t work. In this case, there was a loophole in the invoice processing chain, and the vendor figured out that loophole, and was able to take advantage of it,” Tonjas explains. The fraud was exposed by a “very sharp-eyed clerical person” who noticed some billing discrepancies and “the whole thing unraveled from there.” More recently, says Tonjas, a fake vendor defrauded the District of Columbia out of $700,000 by gaining access the vendor registration system and changing payment information to divert funds into a different bank account.

“Cyber theft is certainly becoming more common,” says Tonjas, “But there are things people can do to prevent it. Prevention of most IT contract fraud starts with the ability of people to recognize that something unusual is happening in what should be a carefully managed payment process.”

As an Information Technology specialist, Tonjas is confident that emerging technologies, artificial intelligence (AI) and blockchain in particular, will eventually make the most common types of contractor fraud much more difficult. “Blockchain holds a great deal of promise for ensuring that government payments are legitimate. Blockchain can verify every element of any contract, and it’s very hard to hack into that,” says Tonjas. “AI is a tremendous tool as well, because it can flag and analyze anything unusual, and alert people if something fraudulent occurs.”

The personal connection

But according to those on the front lines of the procurement and compliance process, the best systems for combating fraud include a combination of thorough training, vigilant staff, the latest technical resources and, if possible, face-to-face interaction with applicants. At the county and city level, in particular, developing personal relationships with businesses providing government services is an extremely effective deterrent. “In Minnesota, our compliance people are not sitting at their desks; they are out in the community,” says Sandra Vargas. “In many service sectors everybody knows everyone else, too, so they tend to police themselves.”

“Knowing as much as possible about contractors is important, and if you can meet them in person, that’s great,” Tonjas agrees. “But as AI and blockchain mature, as other types of data-sharing mature and become more accessible to people, it’s very important to apply all of that to contract and payment management to prevent fraud from happening in the first place.”

When people defraud the government, they are really stealing from their fellow citizens and violating the all-important social contract that makes effective governance possible. They are also breaking the law, of course, and for that fraudsters should be punished – not the millions of taxpayers who put their trust and money into the system.

Know the risk within your network

See how CLEAR Risk Inform helps you find risk factors, potential fraud, and criminal history across all state and federal criminal jurisdictions

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a "consumer report" as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer's eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.