Several years ago, a multinational client of the global risk management consultancy founded by former US FBI director Louis Freeh received a tip on a whistleblower hotline about its China operations. Apparently, someone managing the local office was receiving kickbacks on a grand scale from suppliers.

Michael Marquardt, then a principal at Freeh Group International Solutions, was more than ready to believe the allegations and not just because as a fraud investigator he is paid to be cynical about human nature: the information provided was very detailed and, in his view, highly plausible. If anything, he says, fraud and deception in business relationships is understated and overlooked. “To me, it is an issue that is not being talked about enough,” he says.


Investigators from the consultancy travelled to China to investigate, where they discovered the subject of the tip-off was an innocent victim of a conspiracy by his co-workers, who wanted to advance their own careers. This case may be have been more complicated than most but its underlying message is clear: people lie and cheat, sometimes for complex reasons. And it is corporate managers’ responsibility to prevent it from happening.

Losses from fraud

According to a recently released poll by Deloitte, between 2014 and 2017, an average of 30.8% of respondents reported at least one instance of fraud, waste and abuse in supply chains in the preceding year. In a 2016 survey on global occupational fraud, the Association of Certified Fraud Examiners estimated that the typical organisation loses 5% of revenues in a given year as a result of fraud.

It found that asset misappropriation was the most common form of fraud, occurring in more than 83% of cases, but causing the smallest median loss of $125,000. On the other end of the spectrum was financial statement fraud, which occurred in fewer than 10% of cases but caused a median loss of $975,000. Corruption cases fell in the middle, with 35.4% of cases and a median loss of $200,000.

In theory, fraud prevention should not be too hard. There are best practices and internal controls that can be put in place to prevent theft and embezzlement. Performing due diligence on the partner, segregating financial and compliance duties, having a representative on the ground are among them.

However, such rules can get very complicated to execute when this business relationship involves a foreign partner. Take, for example, the matter of segregating financial duties from the chief decision makers, says Mr Marquardt, who is now principal of his own firm, Michael Marquardt Global Advisor. A company that has strict internal controls in its headquarters may find itself meekly accepting a shortcut, for instance, in invoicing in its South American office because of language issues or limited financial staff on the site.

Lack of due diligence

Often a company’s conflict with a foreign partner can be traced back to too-hasty due diligence – an issue that seems to be a particular problem for US firms, says Mr Marquardt. “A lot of American businesspeople have the assumption that the rest of the world operates the same way the US does, just cheaper. They tend to look at business in transactional terms, as in ‘these guys have a labour cost that is half of ours, so let’s make something happen’.”

A lengthy due diligence is more likely to turn up red flags, such as evasive or incomplete responses to questions or having a single individual be the face of the company, says Mark Pearson, a principal in the forensics and investigations practice of Deloitte Financial Advisory Services LLP. “When you start seeing a number of these red flags, that usually means there’s a heightened risk.”

A proper due diligence for a company entering a new market for the first time should probably take about a year and a half to plan and execute on the expectation that this relationship will last for a minimum of 10 to 15 years, says Mr Marquardt.

Automating an expensive process

Unfortunately there are no shortcuts to what can be an expensive and clearly time-consuming process. Best practice calls for on-the-ground investigations and the use of third-party auditors, neither of which is cheap. Increasingly companies are turning to technology to supplement these processes. During the past four years, for instance, use of analytics to mitigate third-party fraud, waste and abuse risks in supply chains has jumped to 35% in 2017 from 25.2% in 2014, Deloitte also found in its poll of supply chain fraud.

Technology is also aiding the due diligence process, specifically by investigating individuals and ‘known associates’ in a potential deal, says Kevin Gibson, UK-based CEO of IT security firm Hanzo. Hanzo uses a range of structured and unstructured sources and applies data science techniques to extract the information of value. In other words, it creates a bot that acts as a private investigator.

“A lot of people when they hear that will shake their heads and say ‘you’ll never catch me that way, I’m not on Facebook’,” Mr Gibson says. “But it doesn’t matter – all of us leave a massive footprint on the web one way or another.”

These bots can uncover such salient facts as a change of terms and conditions on a joint venture partner’s website or a change in the way that a tier two supplier has been behaving in the marketplace. “It’s possible to set up a framework to at least give you some advance warning of potential areas of concern,” says Mr Gibson. From there, the baton is passed to a human team.

But when it come to bots versus humans, the latter are better at soft skills such as weighing nuance and making decisions – and ultimately, that is what this data will require. “There is always a tension between creating an agile business environment and protecting yourself,” says Randy Bridgeman, co-chair of law firm Perkins Coie’s M&A practice, says. “It’s a fine line that requires a lot of skill to navigate.”