Securing cyber partnerships: Navigating risks with due diligence

By Vineet Bansal Co-Founder & COO of OnGrid and eLockr

In a strongly interconnected world with an increasing number of businesses depending on other business models to succeed, organisations today find themselves at an interesting crossroad. On one hand, their survival and growth depends on forging active partnerships, while on the other are those business alliances that come with risks. This calls for an active due diligence of vendor partners. Irrespective of whether you’re dealing with suppliers, service providers, or collaborators, it has become imperative to safeguard the business and mitigate potential risks effectively, especially with the sudden explosion in vendor fraud incidents.

Long gone are the days when a dodgy invoice and phantom supplier were the height of creative depictions. Now, fraudsters have stepped it up, creating a mask of facades that smudges the line between what is real and fake. In recent news, an ex-employee of an ed-tech startup was recently booked for syphoning off Rs 1.21 crore from the company by conniving with some vendors, underscoring the stark need for robust vendor verification.

From paper trail to digital footprint- evolution of vendor fraud

Technology has undoubtedly imbued frauds with a new outlook altogether, making it effortlessly simple to spoon off a phone number, forge documents and much more. Simply stated, it has become easier than ever for fraudsters, which can either be your suppliers, employees, or third party who impersonates them to scam the pants off your company. Having evolved into many nuanced forms, vendor frauds have emerged as:

Fictitious vendor: Under such schemes, employees tend to submit payment requests from non-existent or real vendors that don’t deliver any supplies. To create fake companies that don’t exist, fraudsters use fake vendor information such as fake tax ID numbers, non-existent mailing addresses, phone numbers, or shell company names, and fake vendor bank account numbers, which makes it look like a trusted supplier.

Duplicate invoice payments: Being the most common form of vendor fraud, in such cases employees duplicate invoices from a legitimate vendor, and divert the payments to an account of their preference.

Overbilling: Within the landscape of vendor frauds, an overbilling fraud arrangement refers to a case wherein, a vendor cushions up an invoice by inserting supplies that were never delivered or adding higher prices of delivered goods. It’s common among vendors that supply in gigantic quantities, as they hope that accounts payable will neither have the time nor the tools for robust risk assessment.

Bid-rigging: Not only being unethical but against the moral principles of both the company and employees, bid rigging involves a vendor offering monetary compensation to an employee with a strong influence in order to secure a contract and vendor payment.

Check-tampering: When an employee tampers with a legitimate check from the accurate vendor with forgery, such incidents fall under the category of check-tampering fraud. The goal, as always, is to divert and use these funds for personal gains, which can either be done by changing the payee or the amount.

Having witnessed the evolved narratives of vendor frauds, Vendor Due Diligence is all about assessing a vendor’s suitability and risks before entering a table-turning relationship. Not only does it enable organisations to safeguard against cybersecurity threats and reputational damage, but it also empowers them to remain financially stable and customer-centric.

First line of action against vendor frauds – due diligence

Begin by validating the basic essentials such as PAN details, GST number, MSME status, Corporate Identification number (CIN), Director Identification number (DIN), and any industry specific identity (eg. FSSAI certification for vendors in food business).

Followed by which it is important to make sure that the respective entity ensures compliance with regulatory requirements, which will help companies ascertain the legitimacy of entities before venturing into partnerships. To make things easier, and dismay the fraudsters, organisations need to integrate automated verification platforms into their midst, which offer real-time updates on the sanctions list, criminal histories, and court proceedings from global databases, unearthing any potential red flags.

Transcend beyond the surface-level evaluations, to make space for field audits, enabling companies to verify the authenticity and operational integrity of possible entities, whilst also gathering first-hand insights into their practices, compliance standards, and processes. At the same time, it is equally valuable to assess the financial health of the concerned vendor via financial health checks. Such checks entail assessing the lucrativeness, financial competence, and growth prospects, which will help in determining the viability and reliability of possible vendors.

Don’t just limit the process to merely gauging the intricacies of the company, but also move on to investigating the background of the key decision-makers and directors, so that you have a clear idea about the people you’re about to associate with. At the end of the day, a due diligence process is the ultimate master key to unlocking enhanced risk management strategies, improving decision-making capacity, and safeguarding both the company and its customer’s interests alike.

Resilience to overtake vendor frauds

Turning over a new leaf in mitigating vendor frauds, the meticulous process of due diligence when onboarding vendors underscores the importance of safeguarding organisational interests. With a structured framework at the forefront, companies can engage vendors in a collaborative manner, boost resilience by fortifying security measures, and build lasting partnerships conducive to long-term success and growth.

AIITtechnology
Comments (0)
Add Comment