What is accounts payable fraud?

A company’s accounts payable department is particularly vulnerable to fraud, as it can be exploited through various schemes like false billing and overbilling.

Understanding accounts payable fraud schemes and implementing preventive measures is critical to protecting an organisation’s capital and reputation.

Definition and Overview

Accounts payable (AP) fraud refers to the intentional deception or manipulation of a company’s accounts payable department to obtain unauthorized financial benefits. This type of fraud can be perpetrated by employees, vendors, or external scammers, leading to significant financial losses, reputational damage, and operational disruptions.

Understanding accounts payable fraud

Accounts payable refers to the money a company owes its vendors for goods or services received.

Fraud occurs when payments intended for legitimate vendors are diverted or when fictitious transactions are processed through the accounts payable system. A billing scheme is a prevalent type of accounts payable fraud where employees create fictitious invoices for non-existent goods or services or inflate legitimate vendor invoices.

This can result in financial losses, strained vendor relationship and potential legal consequences.

There are several reasons why accounts payable is vulnerable to fraud:

• High transaction volumes can obscure fraudulent activities.
• Manual processes lack adequate oversight.
• Vendor management systems are often targeted by cybercriminals.
• Insider access allows employees to manipulate payment workflows.

Types of accounts payable fraud

Fraud schemes targeting accounts payable systems vary widely. Awareness of these methods can help organisations identify risks and mitigate them effectively. Detecting AP fraud through effective anti-fraud controls and structural changes in business processes is crucial to prevent significant losses.

Fake invoices

Fraudsters create and submit fake invoices to accounts payable departments. These invoices often mimic legitimate vendor details but direct payments to fraudulent accounts.

Example

An employee fabricates a vendor and submits invoices for non-existent services.

Vendor impersonation

Using phishing or social engineering tactics, fraudsters impersonate legitimate vendors and request updates to payment details.

Example

A fraudster emails an accounts payable clerk claiming to represent a vendor and asks to update banking information.

This tactic is common among small businesses, with one survey finding that 39% of business owners and senior managers would agree to pay money into a new bank account without first checking if the request was genuine.

Duplicate payments

Duplicate invoices may be submitted by mistake or intentionally. Without proper checks, duplicate payments are processed.

Example

A vendor resubmits an invoice claiming non-payment, and the company pays it twice.

Insider fraud

Employees with access to the accounts payable system create fake vendors approve fraudulent payments or manipulate invoice details. It is estimated that around two-thirds of AP fraud is committed internally.

Some employees deliberately overpay a vendor and misuse the difference when the vendor refunds the payment, while others engage in kickback schemes with suppliers that may involve:

• Inflated invoices.
• Securing orders without competitive bidding.
• Billing full price for substandard products.

Invoice redirection

Legitimate invoices are intercepted by attackers who alter payment details before they reach the accounts payable department.

Example

An attacker hacks email communications between a company and its vendor and then alters the bank details on an invoice.

Red Flags for AP Fraud

Identifying red flags is crucial in detecting and preventing AP fraud. Some common warning signs include:

• Unusual or unexplained changes in payment patterns or vendor behavior
• Duplicate payments or invoices
• Missing or altered bank account details
• Unapproved vendor payments or changes to vendor master data
• Employees living beyond their means or exhibiting suspicious behavior
• Unusual or excessive expense reports or reimbursements

By staying vigilant and recognizing these red flags, companies can take proactive steps to prevent AP fraud and protect their financial assets.

How AP Fraud Works

AP fraud can occur through various schemes, each designed to exploit vulnerabilities in the accounts payable process. Some common methods include:

• Billing schemes: Fraudsters create false invoices or alter legitimate ones to obtain unauthorized payments. These false invoices often appear genuine, making them difficult to detect.
• Check tampering: This involves altering or forging checks to divert funds to unauthorized accounts. Fraudsters may change the payee name or the amount on the check.
• ACH fraud: Manipulating electronic fund transfers, such as Automated Clearing House (ACH) transactions, to redirect payments to fraudulent accounts.
• Expense reimbursement fraud: Submitting false or inflated expense reports to receive unwarranted reimbursements. This can include claiming personal expenses as business-related.
• Vendor fraud schemes: Colluding with vendors to obtain unauthorized payments or kickbacks. This may involve overbilling, providing substandard goods, or bypassing competitive bidding processes.

Understanding these schemes can help companies implement targeted measures to detect and prevent AP fraud.

How to detect accounts payable fraud

Early fraud detection is essential to minimising losses. To do this, it is important to implement a combination of manual and automated processes that can help uncover suspicious activities. Automating the AP process enhances overall efficiency and prevents accounts payable fraud by improving visibility, creating audit trails, and flagging suspicious transactions.

Here are some possible warning signs of accounts payable fraud:

• Unfamiliar vendors appearing in the system.
• Frequent updates to vendor payment details.
• Invoices lacking purchase order (PO) references.
• Payments without matching delivery receipts or approvals.

Monitoring tools

Modern accounts payable automation software includes fraud detection features that:

• Flag duplicate invoices.
• Cross-check vendor bank details against known records.
• Track unusual payment patterns.

These systems often integrate with enterprise resource planning (ERP) platforms to streamline fraud prevention efforts.

Investigating AP Fraud

Investigating AP fraud requires a thorough and systematic approach to uncover the full extent of fraudulent activities. Key steps in the investigation process include:

• Identifying and preserving evidence: Collect and secure accounts payable records, bank statements, and other relevant documents to prevent tampering or loss of evidence.
• Conducting interviews: Speak with employees, vendors, and other relevant parties to gather information and insights into the suspected fraud.
• Analyzing financial data: Examine financial transactions and records to identify suspicious patterns or anomalies that may indicate fraud.
• Using forensic accounting techniques: Employ specialized methods to quantify losses and trace the flow of funds.
• Reporting findings: Present the investigation results and recommendations to management and, if necessary, law enforcement authorities.

A thorough investigation helps ensure that all fraudulent activities are identified and addressed, minimizing the impact on the company.

How to prevent accounts payable fraud

Prevention is the most effective form of defence against accounts payable fraud. By strengthening internal controls and adopting technology, organisations can significantly reduce their exposure.

Here’s how this is achieved in practice.

Vendor verification

Ensure that all vendors are vetted during onboarding and that payment details are verified through trusted contact methods.

Tip: Call vendors directly using known contact information to confirm changes in banking details.

Segregation of duties

Assign distinct roles for invoice approval, payment processing and record reconciliation. This reduces the likelihood of a single individual executing fraudulent transactions.

Invoice matching

Three-way matching is an AP invoice process that cross-references an invoice with its corresponding purchase order (PO) and delivery receipt.

This process helps identify fake or unauthorised transactions that cost companies around 5% of their annual revenue.

Accounts payable automation

Investing in a accounts payable automation and payment verification, such as eftsure, can easily:

• Identify duplicate invoices.
• Flag unusual payment patterns.
• Enforce approval workflows for high-value payments.

Regular audits

Conduct regular audits of accounts payable records to identify anomalies. These audits can uncover patterns of suspicious activity that may go unnoticed in day-to-day operations.

AP Fraud Risk Assessment

Conducting a risk assessment is essential in identifying and mitigating AP fraud risks. A comprehensive risk assessment should consider the following factors:

• AP processes and controls: Evaluate the effectiveness of existing accounts payable processes and internal controls.
• Segregation of duties: Ensure that responsibilities for invoice approval, payment processing, and record reconciliation are appropriately separated to prevent conflicts of interest.
• Automation and technology: Assess the use of automation and technology in AP processes to identify opportunities for enhancing fraud detection and prevention.
• Employee training and awareness: Provide regular training to employees on AP fraud risks and prevention measures.
• Vendor management and procurement practices: Review vendor onboarding and management practices to ensure they are robust and secure.
• Audit and monitoring activities: Implement regular audits and continuous monitoring to detect and address potential fraud risks.

By understanding these factors, companies can identify areas of high risk and implement targeted controls and measures to prevent and detect AP fraud effectively.

Real-world example of AP fraud

Nathan J. Mueller, an employee at a financial services firm, embezzled nearly $8.5 million over four years between 2004 and 2007.

Mueller exploited his access to the company’s accounts payable system by creating false payment requests that directed funds to his personal accounts. He also used his authority to bypass internal controls and approve fraudulent payments.

His scheme was eventually uncovered, leading to criminal charges and significant financial and reputational damage to the company. The case study also highlights the importance of AP access controls in ERP systems.

Consequences of accounts payable fraud

Fraud doesn’t just lead to financial losses; it also has broader implications for businesses:

• Financial Impact: Losses from fraud strain cash flow and profitability.
• Reputational Damage: Fraudulent activities erode trust with vendors and stakeholders.
• Regulatory Penalties: Failure to detect and prevent fraud may lead to consequences for non-compliance with data protection or financial regulations.
• Operational Disruption: The fraud investigation response consumes time, ties up resources that could be better directed elsewhere, and delays critical business operations.

Steps for recovery

If fraud is detected, swift action is necessary to mitigate damage and prevent recurrence.

1. Freeze suspicious transactions. Cease all payments to affected accounts to prevent further losses.
2. Notify the authorities. Report the fraud to relevant law enforcement as well as to regulatory bodies and relevant financial institutions.
3. Audit systems. Conduct a comprehensive audit to identify vulnerabilities, root causes, and additional fraudulent activity. This may form the basis of evidence in legal proceedings.
4. Assess and strengthen controls. To reduce the risk of future fraudulent activity, implement additional layers of security. These include MFA for payment approval and segregation of duties such that no one person has control over the full accounts payable process.

Key Takeaways

• Accounts payable (AP) fraud occurs when someone intentionally exploits weaknesses in a company’s payment process to steal money or misdirect funds.
• The majority of accounts payable fraud is committed internally by employees and includes:
  • Fake invoices
  • Vendor impersonation
  • Insider fraud
  • Invoice redirection
• To create a secure accounts payable environment, implement:
  • Regular audits
  • Vendor verification
  • Employee training
• If fraud does occur, it is crucial to:
  • Freeze suspicious transactions
  • Notify the authorities
  • Audit systems
  • Assess internal controls