There is no getting around the risk of Fraud.  The threat is pervasive in the American workplace where – as my colleague Josh Morrison pointed out in a blog last month – the Association of Certified Fraud Examiners estimates that fraud costs organizations about 7% of annual revenues.  That’s nearly a Trillion Dollars!  One of the most obvious points of entry for these wrong-doers is through the vendor master file.

Every single day – companies outside of your organization are posing as law-abiding entities and providing a host of trumped up documents and data to “sell” you on their status as legitimate organizations.   Letting these companies behind the curtain is not remedied with a simple “Oops, sorry, can you please show yourself out?”   Allowing these organizations in can really cost you in a variety of ways.  Some of the major areas where your company is at risk are as follows:

  • Damage to your company’s reputation
  • Non-compliance with external regulations
  • Threat of heavy penalties and fees
  • Operational risks
  • Perceived or actual reduction in your company’s credit worthiness
  • Fraud risk at the transactional level
  • And much more… 

As you can see the risk of working with corrupt or untrustworthy vendors and suppliers comes in many forms and the repercussions can be steep.  We issued a White Paper earlier this year reporting that through calendar year 2014 The Office of Foreign Assets Control (OFAC) had levied fines of over $2.5 Billion against over 50 U.S. companies across all industries… and nobody is immune.  In March of this year, PayPal (as in Ebay) was forced to fork over $7.7 Million to settle charges by the U.S. Treasury Department for having committed 486 infractions with companies appearing on OFAC’s blacklist.  They put up a plausible defense stating that a screening mechanism failed and that they did not willingly intend to engage in commerce with sanctioned organizations.  Such realities are acknowledged by the bodies that monitor these various watch lists, but this is never an absolute defense.  PayPal paid, pal!  So…  ask yourself – “What would happen to me if my innocent actions cost my company $7Million?”

How do you prevent vendor risk and or fraud?

It is paramount that, prior to setting up a supplier, some party or department within your company’s P2P landscape must take lead on screening suppliers to make sure that they pass all the necessary gates relating to their financial well-being; their reputation as a provider and any other risk they may pose as a partner.  This vetting process will inform and protect many departments such as: tax, legal, treasury, finance procurement, sourcing, risk, and others that will be tied to (read: dependent upon) information associated with your suppliers.

Whatever process you choose and whatever system you use – you must make sure the process is compliant with external regulations, repeatable and scalable.  And to address the first thought that just popped into your mind – “No, your ERP will not do this for you.  Not even close.  You’re dreaming.”

Where do you start in the screening process?

The basics of supplier screening include:

  • Screen all suppliers against various government watch lists
  • Perform a credit check on the supplier
  • Solicit and collect a W-9 for domestic suppliers
  • Perform TIN check against the IRS website
  • Solicit and collect a W-8 for foreign suppliers
  • Review supplier’s Business Continuity Plan
  • Review suppliers Disaster Recovery Plan
  • Collect and validate diversity and small business statuses – validate where possible
  • Check the suppliers physical addresses against USPS or international address directories
  • Collect and validate attributes of the supplier’s banking information

Going beyond the norm:

  • Search the supplier online for key personnel, news stories, involvement in litigation or analyst reports
  • Collect and validate the supplier’s insurance certificates
  • Perform a review of the supplier’s financial information
  • Verify supplier’s key officers and employees
  • Perform reference checks with the supplier’s key customers
  • Look up corporate registry records relating to the supplier
  • Have personnel complete a site visit at the supplier’s physical address
  • Review Supplier’s SLA’s, MSA’s and escalation policies

Additional Data that may be useful:

  • Founding data
  • Company history and mission
  • Understand the company’s business structure
  • Review the number of supplier employees
  • Review case studies and client data
  • Look into supplier’s social responsibility track record

Of course the list is daunting and in some cases a little implausible to carry out across all new suppliers, but mounting this type of defense against supplier fraud and or risk is what it is going to take to keep your company out of harm’s way.