How to Avoid Abuse and Fraud in P-Card and T&E Programs
June 26, 2020
Controlling costs and reducing abuse of travel and entertainment expenses is a concern for companies of all sizes. From air travel to meals, continuously monitoring these expenses is difficult, especially for companies that rely on spreadsheets, emails and paper receipts. Though companies that use corporate cards and expense management systems have an advantage, there are still significant inherent risks that needs to be managed.
This article examines emerging risks in procurement processes and how analytics can help mitigate them.
Actively Monitoring T&E Expense Risks
Many companies opt for solutions like Concur to electronically manage their expenses. While these solutions provide spend reports, reduce document storage costs and decrease the approval and reimbursement cycle, most are not designed to provide the analytics necessary to detect misuse, abuse and fraud.
Fraud schemes can be complex and a mix of prescriptive and behavioral analytics is required to actively detect and manage exposure.
According to 2016 ACFE Report to the Nations on Occupational Fraud and Abuse
- 16.7% of organizations with less than 100 employees experience expense reimbursement fraud
- 13.9% of organizations with more than 100 employees experience expense reimbursement fraud
- Organizations typically lose about 5% of revenues due to fraud
- It takes 24 months to detect expense fraud
Fighting Fraud at a Corporate Level
Rising volumes of T&E transactions plus the increasing push to be more productive while also maintaining compliance (i.e., anti-bribery legislation), are forcing companies to leverage technology and analytics to automate the management of T&E expenses.
Before implementing a technology solution to monitor T&E expenses, there are three things that every organization must do…
- Put the company T&E expense policy in writing
- Train everyone, including new-hires and executives, on the policies
- Commit to enforcing all T&E policies—even with the executives
Once a corporate policy on T&E expenses has been developed and communicated, the next step is to leverage technology to monitor the risks and controls.
7 Fraud Schemes for T&E Expenses
- Personal expenses represented as business expenses
- Modifying receipts
- Reimbursement for cancelled trips and events
- Purchasing items and then getting a refund without reimbursing the company
- Overstating mileage claims
- Claiming non-acceptable items like electronics and jewelry
- Multiple reimbursements for same expense either by multiple employees colluding with one another or through different proofs of payment
5 Fraud-Busting Techniques
- Review of 100% of transactions rather than random samples
- Detect and investigate out-of-policy or suspicious transactions prior to reimbursement
- Identify elevated liability on P-Card program
- Use workflows and case management to investigate suspicious activities instead of ad-hoc emails and phone conversations
- Leverage data analytics to get a clearer picture of risks within the T&E program
Framework for Effective Monitoring
To effectively monitor and manage T&E expenses, it is vital that a chosen monitoring solution contains:
- Automated transaction monitoring
- Cross-departmental and cardholder analysis capabilities
- Both prescriptive and behavioral analytics models
- Workflow and case management capabilities
- Data visualizations
Automated Transaction Monitoring
Continually looks at every transaction to ensure that business or expense rules have not been violated. If a deviation or violation is detected, the system automatically flags the transaction for investigation and resolution.
This functionality ensures that travel, entertainment and expense policies are not violated, and flags any transactions that may affect the company’s reputation, such as
violations of the Foreign Corrupt Practices Act (FCPA) or business dealings with politically exposed persons (PEPs).
Cross-Departmental & Cardholder Analysis
Examines data from other systems to maximize insights and ensure that transactions are analyzed holistically rather than from a purely policy perspective.
For example, if an employee completed a business trip with hotel accommodations costing $1,750 last week, the transaction by itself would appear to comply with company policies. However, if HR data is also looked at and reveals that the employee was on leave that day, the transaction should be flagged for further investigation.
Workflow and Case Management Capabilities
Once a transaction has been flagged, it is important that it be investigated quickly and methodically. Tracking the resolution of issues via phone, email and in-person conversations can delay or prevent the investigation of anomalies to resolution. This method also impedes the ability to create a proper audit trail.
Workflows and case management provide the framework for automated and complete remediation. In some solutions alerts can be delivered via email, text message or an on-screen pop-up and provide:
- Links to related issues that may help the user make decisions
- The entire history and nature of the issue, including who performed what actions when
- Remediation guidelines on how to approach the issue
- Indicators that will inform processes improvements, including possible root causes and the actions performed
Configurable workflows ensure that processes that meet the company’s culture and policies are implemented.
Some view data visualizations as the most exciting part of a solution because they make it easier to detect control weaknesses and help answer questions such as:
- Where are the risks?
- What controls are failing?
- What are the root causes?
- What needs to change in the business to get better results?
- Are we compliant with internal and/or regulatory requirements?
- How can we get business value from effective controls?
Data visualizations are also an effective tool to analyze and communicate with management on how much is being spent by category, vendor, department and employee. They provide a straightforward way to determine where savings can be found or which pricing agreements should be renegotiated with vendors.
Prescriptive and Behavioral Analytics
When implementing an analytics model for monitoring procurement expenses, it is important to include these two key elements for your models:
- Prescriptive analytics using rules-based scenarios
- Behavioral analytics, which includes anomaly detection, predictive analytics and text analytics
Rules-based analytics are easy to implement and understand. They are also very effective at detecting specific suspicious and fraudulent scenarios.
Where rules-based analytics fail is in the fact that abusers can find loopholes, and in that it also lags in detecting new forms of fraud. This is why rules-based analytics should be partnered with behavioral analytics like anomaly detection, predictive analytics and text analytics.
An anomaly detection model involves segmenting the population to determine peers. Transactions are then assessed to provide an outlier score that will determine if it is worthwhile investigating as an anomaly. The advantage of this detection method is that no rules need to be implemented—the system learns from history and segmentation based on the data.
Predictive analytics help determine future behavior. They can also be used to identify potential threats and establish patterns. The model looks at past contextualized data and variables known to have been involved in past fraud events to determine whether new events are likely to result in a fraud.
This allows for earlier detection and prevention of fraudulent behavior.
Information buried in unstructured data such as expense descriptions and manager’s review/approval notes can be a valuable resource to determine potential fraud. This form of analysis searches through free-form text in documents and other data sources to explore relationships between terms and weights them by the terminology, frequency and even tone.
Combined with an organization’s terminology and fraud dictionary, the system can then score terms and highlight any potential suspicious activities.
Analytics for Airfare Claims
- Airfare purchases that do not comply with policies (seat class, airline, etc.)
- Late bookings
- Refund of ticket issued to employee but balance not refunded to company
- Airfare claims without associated hotel and meal charges
- Travel to multiple cities on the same day
Analytics for Car and Gas Mileage Claims
- Claims for personal car usage and rental car usage for same period
- Inflated mileage claims for personal car use
- Claims for personal use during weekends and/or holidays
- Multiple mileage claims for employees that travel together
- Unusual tips, tools and/or parking expenses
- Rental of vehicles from non-preferred vendors
- Duplicate mileage submissions
Analytics for Lodging and Meals Claims
- Multiple employees requesting reimbursement for the same room
- Lodging expenses that are outside the norm or don’t comply with policy
- Expenses for lodging that exceed the average for location
- Lodging claims for days when employee was on vacation
- Duplicate claims for meals (i.e., multiple people for same day and location)
Analytics for Out-of-Policy or Other Suspicious Claims
- Purchases made on weekends and holidays
- Expenses incurred while employee was on vacation
- Expenses for events that did not materialize
- Credits not reported on an expense report but corresponding debits reimbursed to employee
- Duplicate claims across T&E and P-Cards
- Same claim across multiple employees’ expense reports
- Transactions authorized by requester
- Employees who consistently claim amounts just below approval thresholds
- Transactions not reviewed prior to approval (auto-approval)
- Potential split transactions across single/multiple cards to avoid card limits
- Transactions with missing receipts
- Claims made by former employees
Employee, Vendor and Expense Spend Profiling
- Increase in the cardholder’s average spend or highest spend amount
- Elevated liability on card program
- Unusually large T&E claims compared to employees in similar role
- Vendors with higher activity than others in same MCC
- Vendors with high amounts and frequency to determine top vendors
- Vendor/Employee/Supplier check to ensure not on OFAC terrorist watch list
- Average expense transaction sizes by business unit/division/department
- Search for keywords in expense submissions to identify invalid claims
Analytics for Card Management
- Cardholder using unauthorized card
- Cardholders with zero activity within a specific time period
- Transactions made by terminated/on leave/retired employees
- Elevated liability – card usage vs. credit limit
Suspicious Activities and Claims
- Duplicate payments through Accounts Payable and/or T&E
- Duplicate transactions (same merchant, same amount, same day)
- Multiple cards with same transactions (i.e., same merchant & amount)
- Split transactions over single and multiple cards
- Transactions outside of business hours, during holidays or vacation
- Managers approving own transactions or outside of their cost center
- Keyword search of non-compliant purchases such as jewelry, tobacco
- Excessive small dollar transactions
- Time spent by managers to approve transactions
- Card limit exceeded (i.e., single transaction, monthly, daily dollar)
- Spending patterns of employees to identify outliers
- Personal purchases that have not been repaid
- Cardholders that did not receive tax exemptions with specified vendors
- Excessive single vendor usage
- Cardholder charging incorrect cost center
- Excessive year-end budget usage
- Compare employee spend to internal spending patterns
- Even dollar net amounts that may indicate cash advances
- Purchases from “not allowed” or “not recommended” MCCs
- Potential high-risk personal purchases
- Purchases from merchants on a black list
- Ghost cards being used outside of expected category
- Transactions without sufficient explanation attached
- Appropriate transaction approval from manager
Whether you want to more easily track and manage T&E expenses, monitor travel policy compliance or minimize P-Card misuse, Alessa is the right choice. Our enterprise solutions provide organizations with immediate identification of non-compliant expenses before they are approved for reimbursement. Key components of the solution include automated notifications and workflows that track all deficiencies as they occur and provide the assurance that they are being addressed in a timely manner.
We also takes a consulting approach to implementing our solutions, allowing organizations to get a solution that works for them and to grow their risk-management and fraud detection initiatives.
To learn more about what Alessa can do for you, contact us.