Facebook, Google - The 100 million dollars fraud - was it preventable?

According to Fortune, a Lithuanian man managed to practically steal around 100 million dollars from the two tech giants. The sum itself is rather surprising (how no one noticed that money is going out the window?) but the length of the fraud is even more shocking, as it was going on for around 4 years from 2013 until now. The swindler used a simple, yet as it turns out effective, trick to lure the companies' financial administrators to pay him- He simply started to send invoices, issued in the name of real suppliers to the administrators (using an e-mail address which was deceivingly similar to the ones used by the suppliers) and started to push the administrators to transfer the sums to his bank accounts. This case calls the attention to huge deficiencies in procurement processes, which might occur to any other company too in case such processes are not managed in closed systems.

In relation to this case, we do suggest to include all partners' bank account numbers in their respective contracts, hence making this type of fraud impossible to perform. Also, the best way to keep our company away from similar deceptions is including all contractual data in an adequate workflow system, while paying great attention on proper business process management. In this case, procurement processes should include requesting, approvals, PO management, fulfillment checks, invoice checks (see the process chart below) and linking all invoice data to POs and contracts.

By using such processes and workflow systems, it will become clear if there is no request or PO linked to an invoice or if contractual terms were different, who approved the purchase or the invoice, not to mention fulfillment checks which certainly will ensure that no invoice without fulfillment can be paid.

We do believe that the invoice approval processes were of key importance in the above case. In our experience, such fraudulent cases are rather frequent in America, however, the situation is not much better in Europe either. Many of our clients have reported that proper business processes and the robust workflow system have saved them in similar cases - for example it is quite frequent at our clients that invoices without fulfillment are arriving in the name of suppliers, however, the system immediately alerts the administrators about such events - hence these invoices are not paid!

Our tips

How to prevent such fraud cases?

• Define the organization and eligibilities as exactly as possible (who can request/approve what, expense limits, cost centers, etc.)
• Keep your supplier database up to date, so that it will be clear who and why exactly can send an invoice to your company.
• Consider the whole procurement process in line with invoicing and always link requests, POs, fulfillment details and contract terms to invoices!
• Always ask for feedback from your suppliers whether they received the sums you transferred to them or not!
• Manage eligibilities, hence only those can approve anything who does have the right - and takes responsibility - for doing so.

In our experience, well defined, comprehensive, strict procurement processes, managed in an appropriate workflow system enable the organization to operate as efficiently as possible while it also protects you from fraud cases like this one.