FRAUD RISK ASSESSMENT AND ANTIFRAUD MEASURES Article 125

FRAUD RISK ASSESSMENT AND ANTI-FRAUD MEASURES Article 125. 4 c) CPR ESIF 2014 -2020 Mr Leif HÖGNÄS, Fraud Prevention Officer DG Regional and Urban Policy 1 Regional Policy

Anti-fraud requirements in Article 125. 4 c) of Regulation 1303/2013 "As regards the financial management and control of the operational programme, the managing authority shall put in place effective and proportionate anti-fraud measures taking into account the risks identified" 2 Regional Policy

Member States' IMS reporting to OLAF on fraudulent irregularities in Cohesion Policy under 2007 -2013 Regulations Number of cases Fraud suspicions EU amount (EUR) 621 604. 000 75 13. 800. 000 Established fraud cases 3 Regional Policy

Underlying objectives of Article 125. 4 c) - seek to reduce potential economic cost of fraud to both EU and national budgets - seek to reduce potential reputational cost of fraud to both EU institutions and national administrations - contribute to the objective that ESI funds are used for their intended purposes 4 Regional Policy

How can the COM and MS work together to reduce fraud risks? - common effort to be shared between COM and Member States: COM guidance, exchange of tools, methods and best practices - the aim should be cost-effective measures to seek to mitigate economic and reputational risk of fraud 5 Regional Policy

Discussions with Member States on the draft guidance note on fraud risk assessment in 2013 and 2014 - 4 June 2013 with Audit Authorities - 16 July 2013 with Member States’ expert group on 2014 -2020 legislation - 21 May 2014 in EGESIF committee 6 Regional Policy

Interpretation of 'effective anti-fraud measures' applied in the guidance 1) the management and control system is effective and complies with all EU and national rules 2) the MA assesses the potential impact and likelihood of any known specific fraud risks and seeks to mitigate such risks 3) the audit authority reviews the effectiveness of the management and control system and is sensitive to the risk of fraud in its audit work 7 Regional Policy

Interpretation of 'proportionate antifraud measures' applied in the guidance 1) the anti-fraud measures the MA puts in place should be proportionate to the fraud risks identified by the managing authority during its self-assessment 2) the overall benefit of any additional anti-fraud measures should exceed their overall costs 3) proportionate also means that any additional administrative burden must be reduced to a minimum 8 Regional Policy

Main IT tools suggested by the COM 1) Guidance on effective and proportionate antifraud measures containing a basic fraud risk assessment tool (Excel-based) 2) A specific risk scoring tool, Arachne, which the COM considers helpful to identify potentially risky operations 9 Regional Policy

Which authorities are involved? Managing authorities 1) Put in place a minimum set of effective and proportionate anti-fraud measures 2) Carry out a fraud risk assessment (selfassessment) Audit authorities 3) Verify whether the MA's fraud risk assessment is credible and provides a true and fair assessment of the risks and verify that adequate anti-fraud measures are in place to mitigate 10 against the risks Regional Policy

Structure of the guidance note on fraud risk assessment 1) 2) 3) 4) 5) 6) Main guidance note Fraud risk assessment tool (Annex 1) Detailed manual for the tool (Annex 1) List of recommended mitigating controls (Annex 2) Template for anti-fraud policy statement (Annex 3) Template for checklist for audit authorities (Annex 4) 11 Regional Policy

Other anti-fraud guidance uploaded on SFC • - Information note on fraud indicators for ERFD, ESF and CF (COCOF 09/0003/00 -EN) • - compendium of anonymised cases • - OLAF's practical guide on conflict of interest • - OLAF's practical guide on detection of forged documents • - forthcoming guides from OLAF in 2014: • 1) on anti-fraud strategies and 2) the role of auditors in anti-fraud work 12 Regional Policy

Key principles in the guidance - zero tolerance to fraud - the right tone from the top - cost-efficiency: benefits of anti-fraud measures must exceed overall additional costs - which anti-fraud measures are “effective and proportionate” is conditioned by each situation - the MA’s own self-assessment determines the level and intensity of the necessary anti-fraud measures Regional Policy 13

User-friendly fraud risk assessment tool 1) Excel-based tool with automatic risk scoring 2) Step-by-step manual in Annex 1 3)Classic risk assessment logic is used: assessment of impact and likelihood of specific fraud risks occurring 4) To help in the identification of risks, the tool has been pre-filled with 18 specific fraud risks (based on COM and MS experience of fraudsters’ modus operandi in Cohesion Policy and commonly recognised and recurring fraud schemes) 14 Regional Policy

User-friendly fraud risk assessment tool 5) Simplification: when the MA concludes that it is not exposed to a specific fraud risk pre-filled in the tool, there is no need to assess that risk, only indicate why a given risk is not relevant 6) Simplification: subsequent risk assessment in e g 2017, 2019 etc can be done as updates of the first risk assessment made e g in 2015 7) The Commission provides further training and advice on request on the use of the tool 15 Regional Policy

16 Regional Policy

Anti-fraud cycle EFFECTIVE PREVENTION ADDITIONAL DETECTIVE EFFORTS CORRECTION OF IRREGULAR AMOUNTS PROSECUTE AS RELEVANT 17 Regional Policy

Fraud prevention - a robust control system is key - raise awareness internally and externally about preventative and detective controls - state the anti-fraud policy visibly: DETER FRAUDSTERS - template for anti-fraud policy in the guidance (Annex 3) 18 Regional Policy

Fraud detection - preventative techniques cannot provide absolute protection against fraud - recommendation to complement the risk assessment with data mining tools (the ARACHNE risk scoring tool is offered by the Commission) - embed fraud indicators in checklists (red flags) 19 Regional Policy

Investigation, correction and prosecution - refer cases for investigation in accordance with internal and EU requirements (report to national competent body and OLAF) - recover affected amounts after known financial impact and reimburse to the EU budget - criminal prosecution under national criminal law Regional Policy 20

Fraud reporting mechanisms - mechanisms should facilitate the reporting of both suspicions of fraud and control weaknesses that may increase the MA's susceptibility to fraud - sufficient coordination on anti-fraud matters with the audit authority and competent investigative authorities in the Member State, including anticorruption authorities 21 Regional Policy

Communication and training about reporting mechanisms must ensure that staff - understand where they should report suspicions of fraudulent behaviour or control weaknesses - are confident that they can report in confidence and that the organisation does not tolerate retaliation against any staff member who reports suspicions (whistle-blower protection) 22 Regional Policy

Why did the fraud case occur? Learn the lessons! Objective and self-critical examination which should result in clear conclusions about perceived weaknesses and lessons learned, with clear remedial actions as necessary, responsible individuals and deadlines 23 Regional Policy

The tool focuses on fraud risks in relation to three key processes 1) Selection of applicants 2) Implementation and verification of the operations (including public procurement-related fraud risks) 3) Certification and payments 24 Regional Policy

Assess and mitigate against e g the following specific fraud risks - Undisclosed conflict of interest, bribes and kickbacks at project selection stage - Deliberate avoidance of competitive procedures in public procurement (e g unjustified single source award) - Manipulation of public procurement procedures (e g rigged specifications) - Collusive bidding - False or inflated invoices 25 Regional Policy

Basic steps in the fraud risk assessment 1) assess the ‘gross’ risk (= impact x likelihood) of specific pre -identified risks occurring under each of the three key processes (and any other identified risks) 2) identify and assess the effectiveness of controls already in place to mitigate against the identified specific fraud risks 3) assess the net risk 4) as necessary, put in place any further mitigating controls in order to reach a tolerable risk level 26 Regional Policy

Anti-fraud measures and designation of authorities - Annex XIII of Regulation 1303/2013: for the purpose of designation, the MA is required to have procedures for putting in place anti-fraud measures - designation based on report and opinion of independent body, including on anti-fraud measures - independent body can be audit authority 27 Regional Policy

Audit authorities' verification of the fraud risk assessment during 20142020 - in connection with audits on the functioning of the management and control systems, the audit authority should carry out verifications of the effective implementation of the anti-fraud measures by the MA as early as possible in the programming period. - depending on the results of such audits and on the identified fraud risk environment, follow-up audits may be carried out as often as necessary 28 Regional Policy

And now…demonstration of the fraud risk assessment tool 29 Regional Policy

QUESTIONS AND ANSWERS 30 Regional Policy