PublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorizedPublicDisclosureAuthorized

GOVERNANCEANDTHEDIGITALECONOMYINAFRICA

TECHNICALBACKGROUNDPAPERSERIES

VulnerabilitiesofICTProcurementtoFraudandCorruption

Copyright?2021

TheWorldBank

1818HStreetNW

WashingtonDC20433

Telephone:202-473-1000

Internet:

Disclaimer

ThisworkisaproductofthestaffofTheWorldBank.Thefindings,interpretations,andconclusionsexpressedinthisworkdonotnecessarilyreflecttheviewsofTheWorldBank,itsBoardofExecutiveDirectors,orthegovernmentstheyrepresent.

RightsandPermissions

Thematerialinthisworkissubjecttocopyright.Anyqueriesonrightsandlicenses,includingsubsidiaryrights,shouldbeaddressedto:

OfficeofthePublisher

TheWorldBank

1818HStreetNWWashington,DC20433USA

Fax:202-522-2422

E-mail:

pubrights@

.

GOVERNANCEANDTHEDIGITALECONOMYINAFRICA

TECHNICALBACKGROUNDPAPERSERIES

VulnerabilitiesofICTProcurementtoFraudandCorruption

HuntLaCasciaandMichaelKramer

iii

Acknowledgments

ThisBackgroundNotewaspreparedbyHuntLaCascia(SeniorProcurementSpecialist,GovernanceProcurement)andMichaelKramer(Consultant)underthedirectionofJamesAnderson(LeadGovernanceSpecialist).ItbenefittedfromcommentsfromMariaDelfinaAlcaide(GovernanceDataConsultant),JustinValentine(Valent–ProcurementConsultant),andTravisMells(Valent–ProcurementConsultant).

ThereportbenefitedfromtheinputsofthefollowingWorldBankcolleagueswhokindlyagreedtoserveaspeerreviewers:WalidDhouibi,KnutLeipold,KhalidBinAnjum,RajeshKumar,HibaTahboubandCareyKluttzfromtheOpenContractingPartnership.

TheBackgroundNotebenefitedimmenselyfromtheparticipation,assistance,andinsightsfromotherexperts.TheteamisespeciallygratefulforthesupportoftheGlobalGovernancePractice(GGP),theandthepriorworkofgovernance,finance,andprocurementcolleaguesinboththeGGPandOperationsPolicyandCountryServices(OPCS).

WearegratefultoMariaLopezforcoverdesign.

iv

CommonAbbreviationsandDefinedTerms

Thissectionexplainsthecommontermsandabbreviationsusedinthispaper.

Abbreviation/Term

FullTerminology/Definition

FCPA

ForeignCorruptPracticesAct

HP

HewlettPackard

IBM

InternationalBusinessMachines

ICT

InformationandCommunicationsTechnology

IFMIS

IntegratedFinancialManagementInformationSystem

OCCRP

OrganizedCrimeandCorruptionReportingProject

SEC

SecurityandExchangeCommission

U.K.

UnitedKingdom

US

UnitedStates

v

TableofContents

1Introduction 1

2ExamplesofActualCasesofCorruption,BidRigging,CollusionandFraudintheProcurementofICT

Systems 2

2.1CorruptionCases 2

2.1.1PublicizedCases 2

2.1.2PubliclyReportedInvestigations 4

2.1.3WorldBankSanctionsCase 4

2.1.4OtherUnpublishedCases 4

2.2FraudCases 6

2.3ProcurementAbuses 6

3BestPracticestoReducetheVulnerabilityofITProcurementstoCorruptPractices 6

4ANNEX 7

4.1ConflictsofInterest 7

4.2BidRigging 7

4.3CollusiveBidding 8

4.4False,InflatedandDuplicateInvoices 8

4.5FictitiousContractor(PhantomVendor) 9

5Bibliography 10

TechnicalBackgroundNote:VulnerabilitiesofICTProcurementtoFraudand

Corruption

1

1Introduction

InformationCommunicationTechnology(ICT)contractsarepronetofraud,corruption,bidriggingandcollusion.The

OECDForeignBriberyReport

whichshowsthatin2014,10%oftheforeignbriberycasesoccurredinICTsector.

1

IntegratedFinancialManagementSystems(IFMIS)andotherICTsystemsplayimportantrolesinimprovingtransparencyandaccountabilityandreducingtheopportunitiesforfraudandcorruptionindevelopingcountries.Theprocurementandimplementationofsuchsystems,however,presentsignificantopportunitiesforabuse.

2

Themainreasonsinclude:

a.Thesystemiccorruptioninmanypartsofthedevelopingworldwheremanysuchsystemsareprocured,ironicallyinanattempttoreducetheimpactofcorruptionandimprovegovernance;

b.Thelargescaleandcomplexityofsuchsystems,whichprovidemanyopportunitiestoimproperlyrigcontractspecifications,manipulateimplementationandinflateprices,andwhichmakeitdifficulttodetectsuchabuses;

c.Theexpenseandpotentiallylargeprofitmarginsofsuchsystems,whichprovideamplemarginstoofferandpaysubstantialbribestocorruptofficials;

d.Therelativelylowriskofvendorsorofficialsbeingcaughtandsanctioned,whichisvirtuallynon-existentinmanydevelopingcountries.

1

/docserver/9789264226616-

en.pdf?expires=1635533981&id=id&accname=guest&checksum=3D0743FE477E089CD599FCFB83DE05A0

2InstalledIFMISandotherICTsystemsalsocanbemisusedtofacilitateprocurement,paymentandimplementationfrauds,asdiscussedinmoredetailinthepaper“ReachingthePotentialfortheDigitalEconomyinAfrica-AddressingGovernanceandCorruptionRisks.”

2

2ExamplesofActualCasesofCorruption,BidRigging,CollusionandFraudintheProcurementofICTSystems

2.1CorruptionCases

2.1.1PublicizedCases

Africa

2020SemlexinAfrica-

BiometricBribery:InsideSemlex’sGlobalPlaybook

–anactiveBrussels-basedcompanyinAfricaprovidingsuppliesbiometricdocumentssuchaspassportsanddrivinglicensestogovernmentsandinternationalbodies.Investigationsby

OCCRP

havefoundtheuseofbribes,kickbacksandinsiderdealingtosecurecontractsaroundtheworld,inflatingthecostofvitaldocumentsforordinarycitizenswhileliningthepocketsofthewealthy.

3

ChinaandSouthKorea

2011

InternationalBusinessMachinesCorp.

–SECchargedIBMforprovidingimpropercashpayments,gifts,andtravelandentertainmenttogovernmentofficialsinChinaandSouthKoreainordertosecurethesaleofIBMproducts.IBMagreedtopay$10milliontosettletheSEC'scharges.

India

2012

Oracle

-SECchargedtheCalifornia-basedcomputertechnologycompanywithviolatingtheFCPAbyfailingtopreventasubsidiaryfromsecretlysettingasidemoneyoffthecompany'sbookstomakeunauthorizedpaymentstophonyvendorsinIndia.Oracleagreedtopaya$2millionfine.

Russia,PolandandMexico

2014

Hewlett-Packard

–TheUSSECchargedthePaloAlto,Calif.-basedtechnologycompanywithviolatingtheFCPAwhensubsidiariesinthreecountriesmadeimproperpaymentstogovernmentofficialstoobtainorretainlucrativepubliccontracts.HPagreedtopay$108milliontosettletheSECchargesandaparallelcriminalcase.

AccordingtotheSEC,inacaseinRussia,HP:

…createdexcessprofitmarginstofinance[a]slushfundthroughanelaboratebuy-backdealscheme.[Company]subsidiariesfirstsoldthecomputerhardwareandothertechnologyproductscalledforunderthecontracttoaRussianchannelpartner,then

3

/en/biometric-bribery-semlex/

3

boughtthesameproductsbackfromanintermediaryatanearly€8millionmark-upandanadditional€4.2millioninpurportedservices,thensoldthesameproductstotheOfficeoftheProsecutorGeneraloftheRussianFederationattheincreasedprice.

Thepaymentstotheintermediarywerethenlargelytransferredthroughmultiplelayersofshellcompanies,someofwhichweredirectlyassociatedwithgovernmentofficials.Proceedsfromtheslushfundwerespentontravelservices,luxuryautomobiles,expensivejewelry,clothing,furnitureandvariousotheritems.

Tokeeptrackofandconcealthesecorruptpayments,theconspirators…kepttwosetsofbooks:secretspreadsheetsthatdetailedthecategoriesofbriberecipients,andsanitizedversionsthathidthebribesfrom[outsiders].

Theyalsoenteredintooff-the-bookssideagreementstofurthermaskthebribes.Asoneexample,[acompanyexecutive]executedaletteragreementtopay€2.8millioninpurported“commission”feestoaU.K.-registeredshellcompany,whichwaslinkedtoadirectoroftheRussiangovernmentagencyresponsibleformanagingtheOfficeoftheProsecutorGeneraloftheRussianFederationproject.

Panama

2016

SAPSE

-Thesoftwaremanufactureragreedtogiveup$3.7millioninsalesprofitstosettleSECchargesthatitviolatedtheFCPAwhenitsdeficientinternalcontrolsenabledanexecutivetopaybribestoprocurebusinessinPanama.

Hungary,Thailand,SaudiArabia,andTurkey

2019

MicrosoftCorporation

-Thecompanyagreedtopaymorethan$24milliontosettleSEC

chargesrelatedtoFCPAviolationsinHungary,Thailand,SaudiArabiaandTurkeyandcriminalchargesrelatedtoHungary.

SaudiArabia,China,Djibouti,Vietnam,IndonesiaandKuwait

2019

Ericsson

-Themultinationaltelecommunicationscompanyagreedtopaymorethan$1billiontotheSECandDOJtoresolvechargesthatitviolatedtheFCPAbyengaginginalarge-scalebriberyschemeinvolvingtheuseofshamconsultantstosecretlyfunnelmoneytogovernmentofficialsinmultiplecountries.

4

2.1.2PubliclyReportedInvestigations

Romania,2019InvestigationofOraclesubsidiary

https://business-review.eu/news/oracle-romania-ceo-questioned-by-anti-corruption-

prosecutors-on-bribery-allegations-203832

SouthAfrica,2020InvestigationofSAP

/article/us-sap-se-safrica-exclusive/exclusive-south-africa-tries-to-

recover-over-23-million-from-sap-for-unlawful-contracts-idUSKCN2531MX

2.1.3WorldBankSanctionsCase

2017-TheWorldBankGroupannouncedthedebarmentforsixmonthsof

FreeBalance,Inc.

,aCanadianprovideroffinancial-management-relatedsoftware,inrelationtosanctionablemisconductundertheIntegratedFinancialManagementInformationSystem(IFMIS)ProjectforLiberia.Thedebarment,whichprecludesthecompanyfromparticipatinginWorldBank-financedprojects,ispartofaNegotiatedResolutionAgreement(NRA)underwhichthecompanydidnotcontestafraudulentpracticeoffailingtodisclosetheidentityandpaymenttermsofalocalagentinLiberia.

/en/news/press-release/2017/11/09/world-bank-group-

announces-settlement-with-freebalance

2017—TheWorldBankGroupannouncedthedebarmentfor2.5yearsofOberthurTechnologiesSA(Oberthur),aFrenchdigitalsecuritycompany(nowpartofacompanycalledIdemia).ThesanctionrelatestocorruptandcollusivepracticesundertheIdentificationSystemforEnhancingAccesstoServicesProject(IDEA),aprojectdesignedtoestablishasecure,accurateandreliablenationalIDsysteminthePeople’sRepublicofBangladesh.

4

/en/news/press-release/2017/11/30/world-bank-announces-

settlement-with-oberthur-technologies-sa

2.1.4OtherUnpublishedCases

AnumberofcasesinvolvedICTvendorsprovidingtheirproductsatsteepdiscountstotheirlocalresellers,whothenselltheproducttothefinalcustomeratthefullprice.Theresellersusetheextraprofitsfromtheirdiscountstofundandpaythebribes,oftenthroughotherintermediariesandshellcompanies.See,e.g.,

/wp-

4

/en/news/press-release/2017/11/30/world-bank-announces-settlement-with-

oberthur-technologies-sa

5

content/uploads/documents/publications/Hanna-Farhang-Soto-Peters-Channeling-the-Channel-Partner-

Risk-Addressing-Anti-Corruption-Risk-FCPA-Report-6-21-2017.pdf

InAfrica,anICTvendoragreedtopaymulti-million-dollarbribesthroughtheawardofbogusmaintenancecontractstogovernmentofficials.Theschemewasrevealedbythevendor’sprojectmanagerwhoworkedforseveralyearsontheprojectbeforebeingremovedjustweeksbeforethecontractawardbecauseheobjectedtothepaymentofbribesdemandedbythegovernmentofficials.Asaresult,helostthesubstantialbonushewouldhaveearnedontheawardofthecontract.Thebonuswasinsteadpaidtoanoutside“consultant”whoquicklynegotiatedthetermsofthecontractawardandthecorruptpayments.

Inanothercase,anICTvendordeliberatelyincurredfinancialpenaltiesforthelatedeliveryofcontractedservices;thepenaltieswerethenusedtofundtheagreedbribepayments.

AmajorEuropeanICTvendorhadarosterofhundredsofunusedoffshoreshellcompaniesinLiechtenstein,asecrecyjurisdiction,towhichfundsintendedforbribescouldbetransferredinpaymentoffictiousinvoices.ArepresentativeoftheshellcompanyinLiechtensteinwouldthenconverttheproceedstocashanddeliverthemdirectlytotheofficialsinvolvedinNigeriaandelsewhere.

OthercommonmethodstofundandpaybribesinICTcasesincludethepaymentofinflatedfeesandcommissionstosalesagents,thepaymentoffeestoshellcompaniesfornon-existentgoodsandservices,paymentstooffshoreshellcompaniescontrolledbycorruptofficials,thepaymentofbribesincash,literallydeliveredinsuitcases,giftsinkind,suchasvacationtravel,thepaymentfortheeducationofchildrenofcorruptofficialsortheofferofjobstothem,andsoon.

BidRiggingCases(Unpublishedcase):

AcompetitorforasubstantialICTcontractawardinPakistanwaspermittedbytheprojectmanager,inexchangeforacorruptpayment,towritethespecificationsforthecontractinamannerthat,ofcourse,favoredthecompetitor.

CollusionCases(Unpublishedcases):

InseveralprojectsinCentralAsiaandelsewhere,severalmajorICTvendorssystematicallycolludedintheawardofcontractsbyagreeingonwhichcompanieswouldbidandwinonwhichprojects,oftenevenbeforetherequestforbidswereformallyannounced.Thefirmsalsoagreedtodivideworkonthecontracts,e.g.,onecompanyagreeingtosubmitabidonlyonthesoftwarecomponentandanothercompanytobidonlyonthehardwarecomponent,therebyincreasingpricesanddefeatingcompetition.

TherelativelyfewcompaniesthatarequalifiedtobidonmajorICTcontractsmadeiteasytoarrangeforsuchcollusion.Aformerseniorexecutiveofoneofthecompaniesadvisedthatthecompanieswould

TechnicalBackgroundNote:VulnerabilitiesofICTProcurementtoFraudand

Corruption

6

routinelymeetbeforemajorprocurementstodeterminewhetherthecompanieswouldcolludeinthecompetition,orbidseparately,oratall.

Inmostdevelopingcountries,governmentandprocurementofficialsareawareofthecollusion,evensuggestandfacilitateit,toraisepricesandincreasemarginsforthepaymentofbribes.

2.2FraudCases

Unpublishedcase:

InacaseinAfrica,anICTvendor,incollusionwithprocurementofficials,inordertofundbribes,deliberatelyandunnecessarilyinflatedthescopeandpriceofthecontract,andthendeliveredfewerfeaturesthancalledforinthecontract.

Inseveralothercases,ICTvendorschargedforbutdeliberatelyfailedtoinstallproductsandfeaturescalledforinthecontract.

2.3ProcurementAbuses

ItisnotuncommonforICTvendorstosellunnecessaryandoftenunusedfeaturestoinflatefeesandprofitmargins.

“Horizontalcollusion:”ICTvendorscanprovidereasonablypricedinitialsystemandthenpromotetheadditionofotherhigh-pricedproductsandfeatures,againoftenunnecessaryandunused,whichonlythevendorcanprovide.

3BestPracticestoReducetheVulnerabilityofITProcurementsto

CorruptPractices

TherearevariousbestpracticestoreducethevulnerabilityofITprocurementtocorruptpractices.HereweincludeexamplesofbestpracticesusedincountrieswhosucceededincombattingcorruptioninICTcontracts.Forexample,QueenslandState(Australia)seemstobedoingwellin

mappingandmonitoring

corruptionrisksinICTcontracts

andinestablishingastandard

InformationTechnologyContracting

(QITC)framework

.

ToreducecorruptioninICTcontractsinQueenslandState,allagenciesshould:

?Ensureprocurementandcontractingpracticesaretransparent,accountableandmeetobligationsinaccordancewithlegislation,codesandpolicies.

TechnicalBackgroundNote:VulnerabilitiesofICTProcurementtoFraudand

Corruption

7

?Haveadetailedplanningprocesswhichincludesriskidentificationandassessmentadequatetothelevelofvalue,complexityandsensitivityoftheprocurement.

?Bealerttothepossibilitiesof“grooming”ofstaffbypotentialvendorsorotherinterestedparties.

?Proactivelyanticipateandexploreconflictsofinterestandincreasedisclosureobligations.

?Scrutinizeapplicationsforsecondaryemploymentcarefullytoidentifypotentialconflictsofinterest.

?Findouthowfrequently“urgency”isgivenasareasonfortakingshortcutswiththeproperprocurementprocess,andwhyitishappening.

5

Ingeneralsuggestedrecommendationsforimprovementsinclude:

1.CloserscrutinyonneedsdeliverablesandcostsinICTprocurement

2.Closerscrutinyonagentfees

3.WideruseofeProcurementsystems

4.MoreaggressiveWBG“ClientManagement:”promptlyaddresspossibleirregularitiesinBankICTprocurements

4ANNEX

Belowarethedefinitionsofthemostcommoncorruptionandfrauddetectiontechniquesarelistedbelow.Foramoredetailedlistpleaserefertothereport:

FindingFraud:GovTechandFraud

DetectioninPublicAdministration

.

4.1ConflictsofInterest

Projectorgovernmentofficialscantakeundisclosedfinancialinterestsincompaniesorsuppliersthatprovidegoods,worksandservicestotheproject.Suchfirmsoftenareshellcompanies,withoutpermanentstafforsignificantassets,thatoperateoutofresidencesorotherbusinessfronts.

4.2BidRigging

Thebidriggingschemesarelinkedtocorruption,ascorruptpartiesoftenseektorigthebiddingprocesstofavorthecorruptpayerandtoexcludeotherlegitimatebidders.Assuch,bidriggingschemesarebothredflagsofcorruptionandevidenceofcorruptinfluence.Clickoneachschemeformoreinformation.

Insomecases,corruptprojectofficialswillnottamperwiththeselectionprocessbythemethodsandwillselectwhattheybelievetobethebestbidorproposal.Theywillthendemandabribe

5

.au/sites/default/files/Docs/Publications/CCC/Prevention-in-Focus-ICT-procurement-

2018.pdf

TechnicalBackgroundNote:VulnerabilitiesofICTProcurementtoFraudand

Corruption

8

fromtheselectedfirmbeforetheywillsignacontract.Inthiscasethepriceofthebidsorproposalsmayrise,buttheotherredflagsofbidriggingwillbelargelyabsent.

4.3CollusiveBidding

Collusivebiddingreferstoagreementsbycontractorsorsuppliersinaparticulartradeorareatocooperatetodefeatthecompetitivebiddingprocessinordertoinflatepricestoartificiallyhighlevels.Itcanoccurinlargeandsmallcontracts.Wherecollusivebiddingiswellestablishedpricescanrisesubstantially,insomecasesbyasmuchasseveralhundredpercent.

Collusionininternationalprojectsofteninvolvescorruption,inwhichgovernmentofficialsandprocurementpersonnelundertheirdirectionsponsororfacilitatethecollusioninexchangeforbribes.Allorpartofthecorruptpaymentsoftenendupinthecoffersoflocalpoliticalpartieswheretheyareusedtooffsetcampaignandotherexpenses.

4.4False,InflatedandDuplicateInvoices

Acontractororsuppliercancommitfraudbyknowinglysubmittingfalse,inflatedorduplicateinvoiceswiththeintenttodefraud,eitheractingaloneorincollusionwithcontractingpersonnelastheresultofcorruption.

“Falseinvoices”refertoinvoicesforgoodsorservicesnotrendered.“Duplicateinvoices”arefraudulentifissuedknowinglywiththeintenttodefraud.

Duplicate,falseorinflatedinvoicesoftenareusedtogeneratefundsforbribepayments.“Knowingly”typicallyisdefinedas:

?Actualknowledgeoffalsity

?Deliberateignoranceoftruthorfalsity(“willfulblindness”)

?Recklessdisregardoftruthorfalsity

Knowledgeandintentcanbeprovendirectly,forexample,bytheadmissionofthesubject,thetestimonyofaco-conspiratororotherwitnesswithdirectpersonalknowledge,orbydocumentaryevidence,suchasanincriminatingemail.

Knowledgeandintentalsocanbeprovencircumstantially,by,forexample,showingthatthesubjectknowinglyalteredorforgedsupportingdocumentation,liedtoinvestigators,attempted

9

toobstructtheinvestigation(e.g.,byintimidatingwitnesses)orrefusedtoproducepertinentrecords.

Apatternofpriorsimilar“errors”ormisrepresentations,beneficialtothesubjectalsocanbeusedtoshowwillfulnessandrebutthetypicaldefenseofaccidentormistake.

4.5FictitiousContractor(PhantomVendor)

Aprojectorgovernmentofficialcancreateafictitiouscontractor,consultant,vendororsupplierthatdoesnotprovideanyactualgoodsorservicesinordertoembezzleprojectfunds.Thefictitiouscompaniesoftenpurportedlyprovideconsultingorotherhardtoverifyservices,suchasrepairworkorthedeliveryofconsumables,ratherthanmoretangiblegoodsorservicesthatcanmoreeasilybeverified.

Insimilarschemes,projectorgovernmentofficialscansetupandcontrol“middleman”companiesthatareusedtopurchasegoodsorservicesfromlegitimatecompaniesforresaleathigherprices,orshellcompaniesthatsubcontractallworkreceivedtootherfirms.Such“companies”oftenoperateoutofresidentialaddressesorothernon-businesslocationsandcannotbefoundontheinternetorinbusinessortelephonedirectories.

Contractorsalsocansetupfictitiouscompaniestosubmitcomplementarybidsincollusivebiddingschemes.

TechnicalBackgroundNote:VulnerabilitiesofICTProcurementtoFraudand

Corruption

10

5Bibliography

Business-Review.2019.“OracleRoma