Governments are taking unprecedented steps to provide much-needed assistance to individuals and businesses in response to the distress caused by COVID-19. For example:
The European Council has put forward a €540 billion support package to mitigate unemployment risks and create a pan-European guarantee fund for loans to companies and provide pandemic crisis support for member states.
The UK government has introduced several measures to support businesses and employment, including wage subsidies, grants for the self-employed, and providing liquidity through various financing measures such as the Coronavirus Business Interruption Loan Scheme (CBILS), the Coronavirus Large Business Interruption Loan Scheme (CLBILS), the COVID Corporate Financing Facility (CCFF), and the most recently announced Bounce Back Loan Scheme.
The Italian government has announced multiple measures providing economic support to families, workers, the healthcare system, loans to Italian businesses, and support to strategic business fields to safeguard Italian businesses from foreign acquisition.
The German government launched the largest aid package in its history, focusing on providing funding to employees, the self-employed and companies, and strengthening the healthcare system.
The potential risk of fraud, waste, abuse, mismanagement, and inaccurate tracking and reporting of these funds may erode the purpose of these schemes and hamper reimbursement. The inherent requirement to disburse these funds without delay has, in many cases, resulted in simplified application processes, which may result in an increase in financial crime risk exposure.
To combat the risks associated with the distribution of COVID-19 relief efforts and prepare for the oversight mechanisms associated with these programmes, it is vitally important that parties to the distribution value chain enable a robust system of controls regarding application for, receipt, disbursement, monitoring, and reporting of funds received as part of the relief packages. Failure to distribute relief funds responsibly may lead to legal and regulatory risk and reputational damage.
How Should Organisations Protect Themselves In a Time of Crisis?
Guidehouse has significant oversight experience helping clients develop, document, operationalise, and implement controls to demonstrate prudent use of government funds in response to various natural and man-made disasters, including 9/11 and the 2008 financial crisis.
These controls are built on a three-part framework: Prevention is the first line of defence to protect your organisation; Detection assesses whether your preventive controls are effective; Remediation addresses weaknesses identified during the detection phase or otherwise.
Organisations in both the public and private sector should ensure that these controls include:
Management of Internal Risk
Conducting an assessment and, where necessary, enhancing the controls an organisation has in place to manage relief funds is an important first step to effective relief funds management.
Training and Communications
It is essential that all relevant personnel (including vendors, suppliers, contractors, and employees, as applicable) receive role-specific training about conduct and expectations relating to relief funds. Open and transparent communication with staff, customers, and regulatory bodies will support a credible compliance culture.
A well-designed and effectively operating control environment relating to procurement of goods and services is critical in the prevention of fraud, waste, and abuse.
Effective procurement controls should include a due diligence process for suppliers, vendors, and contractors; and processes to protect the integrity of the supply chain from bribery, corruption, conflicts of interest, and the theft of supplies and resources.
Well-designed and executed financial controls protect the integrity of the accounting and reporting of relief funds and promote management accountability of how the funds are spent.
An effective financial controls environment should include appropriate segregation of duties between procurement, payment processing, record-keeping, and reporting. Inventory, costs, and pricing controls should also be in place to protect against price gouging.
A robust internal audit process, supported by proactive monitoring, data analytics, and automated controls will help identify and remediate any potential anomalies or control weaknesses.
Investigations and Forensic Review
A robust investigations process can help organisations effectively address indicators or allegations of illegal or unethical conduct. Companies should incorporate regular testing, comprehensive reviews, and risk-based analytics to identify, detect, and protect against the mismanagement of relief funds and intentional efforts to circumvent established controls, which can lead to improper and fraudulent payments. These reviews should focus on vendors, suppliers and contractors, beneficiaries of funds, and employees, as applicable.
Public Accountability and Regulatory Transparency
The public has an expectation to remain informed and that organisations that receive funds will operate with transparency in how they use and manage the funds. Governments are likely to articulate their expectations for detailed reporting on how funds are used.
Special thanks to David Sabatelle for contributing to this article.