Practice category: Systems and tools
Contact: European Investment Bank (EIB), Fraud Investigations Division of the Inspectorate General
Fraud risk(s) countered:
- Avoidance or manipulation of public procurement procedures
- Conflict of interest
- Manipulation of project cost
- Substitution or under-delivery in construction and investment projects
- Misuse of project funds
Context and objective(s)
The European Investment Bank (EIB) finances about 400 projects per year across the world, amounting to EUR 63 billion annually (of which 88% in the European Union). The majority of the EIB portfolio consists of investment loans and intermediated loans (mainly for SMEs and Midcaps) through other financial institutions. These projects are managed by hundreds of procuring entities leading to thousands of contracts during the lifetime of the projects. Managing the risks in such a large portfolio is a challenge.
As required by the EIB Anti-Fraud Policy, the Fraud Investigations Division of the Inspectorate General (IG/IN) of the EIB undertakes Proactive Integrity Reviews (PIRs) to ensure that funds are used for their intended purpose and to assess vulnerability to prohibited conduct. Selecting the right project for review is crucial in the PIR methodology. To optimise its current resources and increase its prohibited conduct (PC) detection capacity, the following three key processes operate simultaneously:
IG/IN selects projects for an in-depth review, known as the Proactive Integrity Review or PIR, using its risk assessment tool, called FIRST. The projects selected are not usually the subject of an allegation but are often implemented in challenging conditions. Once selected for review, IG/IN analyses these projects to identify indicators of fraud and corruption through a detailed review of the project implementation. In particular, PIRs aim to check:
(i) The procurement processes followed by promoters in the context of investment or framework loans, as well as the quality of the work and services procured; and
(ii) Credit procedures followed by financial intermediaries (banks, public support lending agencies) in the context of multi-beneficiary intermediated loans, as well as the eligibility and actual use of on-lent funds by the final beneficiaries.
Findings and lessons learnt from PIRs lead to the issuance of recommendations to EIB Group services to remedy any identified irregularity and to improve internal procedures and processes.
The PIRs are carried out in line with the fraud detection guidelines endorsed by the Conference of International Investigators.
Description of the practice
The main challenge encountered in these types of reviews is the selection of the operation (or operations) for PIRs, especially in the context of time, staff and budget constraints. From its launch in 2009, projects for a PIR were selected based on a mix of basic country and industry risk indicators and high-value monetary exposure analysis. Based on the experience gathered in the initial years of the practice and in order to ensure the selection of the riskiest operations in a systematic and non-biased way, the Fraud Investigations team at EIB developed its own methodology.
In 2017, a new robust fraud risk assessment mechanism was created - the Fraud & Integrity Risk Scoring Tool (FIRST). FIRST was developed by analysing vast amounts of structured data on operations available at the EIB and creating a pool of custom “red flags” and risk factors to score the project risks and select limited amounts of the most risky operations for PIR. The tool, with the help of a data visualisation application, enables the monitoring of all active EIB operations through a combination of internal and external databases and algorithms. In 2019, drawing the lessons from the pilot of this new methodology, IG/IN further improved the analytical capacity of the tool, including technical and conceptual enhancements. As a result, FIRST is now linked to the EIB’s data warehouse, providing real-time risk scores and information on all active operations.
FIRST includes more than 30 risk factors. These factors were developed in consultation with staff from operations, risk, monitoring, IT and projects. Each factor spots particular red flags on counterparts, location, procurement or project performance. According to the current methodology, all EIB projects are scored against these risk factors. The structured data used in FIRST is either:
FIRST includes a software to visualise the results of the risk factors for each project, in order to suggest an initial selection of projects to be considered for a desktop review, as illustrated in the diagram below:
Figure 1: The fraud detection process on projects financed by EIB
Access to current project information allows active monitoring of the fraud risk evolution so that risk trends can be spotted in specific sectors, financial products, or geographical regions.
Via a data visualisation software, FIRST displays the results of the scoring process. It allows the team to monitor the current risk score of all operations through various graphics and filter the results which can then be reviewed and compared against similar operations. FIRST provides the possibility to fine-tune the weighing of various risk factors in the total fraud score, depending on their importance and relevance.
In order to ensure a balanced coverage of all types of EIB operations, a number of projects that present a high-risk score according to the data from FIRST, are reviewed yearly through a Desktop Review to confirm the score from FIRST and their vulnerability to prohibited conduct. Desktop reviews represent an essential part of the PIR methodology.The PIR team, during the Desktop Review, performs a screening of the operations indicated by the FIRST. The Desktop Review encompasses the analysis of the project related, legal, financial and procurement documentation available at EIB, adverse media press searches, ownership structure (KYC) review and also interviews with operational and project staff within EIB.
In the final step, the most relevant projects are then selected for a fully-fledged Proactive Integrity Review (up to four per year). These are on-site audits that review the organisational controls and the implementation of the project in greater depth. PIR fieldwork is performed on the borrowers/promoters’ premises and on the project site for a period of approximately 6 weeks. In addition, surveyors and subject-matter experts are contracted by IG/IN/PIR to verify the ultimate quality and quantity of the works and goods delivered.
PIRs enable IG/IN to examine an EIB financed project to ensure that the funds are being used for their intended purposes and, in doing so, to assess the project’s vulnerability to prohibited conduct. PIRs also identify gaps in areas of higher risk and recommend remedial action to prevent their recurrence or mismanagement. In each case, IG/IN/PIR determines if there is a need for a follow-up, remediation/intervention and/or investigation. A PIR on a given EIB Group operation can also be launched ad-hoc independently by IG/IN/PIR or at the request of other EIB Group services and/or management.
Based on the outcomes of PIR, several actions can be taken by the EIB:
The major difference between a PIR and an investigation is that an investigation is launched based on an allegation received, while the PIR is launched as a result of a risk assessment or an ad-hoc request from other EIB services.
Working together with IG/IN’s general PIR methodology, FIRST is the only tool of its kind to be developed based on data analysis of all EIB structured data on operations. The FIRST tool enables “live” access to the EIB data warehouse, which is updated daily. Such connection ensures reliable and up-to-date results of each risk assessment. This framework is one of the most comprehensive and tailored for the fraud risk scoring and selection of operations for in-depth PIRs.
Outcomes and results
The outcome of the PIRs finalised and closed from 2009 to 2019 is as follows:
By way of example, for a number of EIB operations partly affected by fraud, the EIB recovered the part of the loans that was misused or subject to fraud or irregularities from the borrowers. In addition, several remedial measures and action plans were put in place to strengthen the controls and to mitigate the risk of recurrence of such misuse and irregularities.
In another case, a lending operation was highlighted by FIRST in a country in Africa due to its high fraud risk score. The project had experienced significant delays and EIB’s operational appraisal deteriorated. FIRST indicated that finance contract covenants were breached, and several other red flags emerged. Following a detailed review of the available documentation and internal discussions with operational staff, as well as a review of external databases, the red flags were confirmed. Shortly after the PIR, the CEO of the company in charge of the project was accused of corruption by local authorities (unrelated to the PIR). A criminal investigation was launched and the EIB intensified the monitoring of the implementation of the project.
PIRs have proven to be an effective tool for identifying indications of unreported irregularities which would otherwise continue undetected despite the existence of other, regular controls.
Key success factors
The main key success factor for implementing FIRST and PIR at the EIB were:
- Good understanding of available data on operations
- Support of the management on developing the new methodology for risk scoring
- Mapping of risk indicators on each stage of a lifecycle for different products, market and sectors
- A multidisciplinary team, consisting of:
- Data analysts
- Project managers that can analyse how the available data is used
- Fraud investigators, forensic auditors (including data-oriented ones)
- IT software developers
- Consultants, increasing the capacity of the core team and bringing specific knowledge to the team (e.g. consultants were supporting the EIB team on the review of the methodology for risk assessment; in addition consultants are always involved in the execution of the on-site Proactive Integrity Reviews)
- Existence of a contractual framework with Borrowers allowing EIB to visit and audit the projects
- A solid policy foundation (the Anti-Fraud Policy of EIB) envisaging proactive antifraud measures like the PIRs.
Challenges encountered & lessons learned
There were several challenges that the tools FIRST and PIR faced at the beginning of their implementation:
- Conveying the right message on complex matters to win the support of the management/hierarchy
- Having a thorough understanding of the available data and how it is being used. A lack of understanding of what structured data is available and how to use it, limits the application and efficiency of any risk assessment tool based on big data analysis.
- The need to involve experts in different fields (data experts, financial experts, lawyers, subject matter experts, project managers) to map the available data and identify fraud indicators
- Capacity limitations of the amount of full-fledged PIRs conducted per year motivated the Fraud Investigation team to further improve the risk-scoring tool and introduce an intermediary step - desktop reviews on identified red flags by FIRST.
Potential for the transferability
The FIRST tool is scalable, however as such cannot be easily replicated, as it is based on the tailored algorithm and is specific to the EIB business model as well as data warehouse technology. However, the authorities from EU MS can take inspiration from the efficient use of big data for developing a tailored risk scoring tool that can analyse the structured datasets on operation/project in real time and illuminate relevant red flags.
In order to implement a similar practice, the authorities should consider:
- The authority implementing a tool like FIRST and PIR should have an independent status and legal basis to perform investigative/anti-fraud audits.
- Support of the management is crucial, considering the initial time and financial investment needed to develop the algorithms and methodology for the risk scoring tool.
- The long preparatory phase of mapping the data and identification of the red flags.
- The tool would be most useful for organisations dealing with a large variety of projects and that have access to a large pool of (regularly updated) structured data.