Vendor B-BBEE fraud: a growing concern for CPOs

By Schalk van der Merwe

South African Chief Procurement Officers (CPOs) are often tasked to oversee the transformation of procurement spend at a near-impossible speed. This creates a pressure that is only equalled by the pressure that certain vendors find themselves under to improve their Broad-based Black Economic Empowerment (B-BBEE) credentials for these more demanding procurement requirements. In a scenario where pressure from both sides of the equation is towards bending the rules, taking for granted vendor integrity and governance may have severe consequences for CPOs.

Areas of concern
The B-BBEE regulations, as they stand since 24 October 2014, have raised the bar from previous versions in terms of transformation and are forcing vendor companies to seriously reconsider their B-BBEE-strategies. This message is not new, but as vendors settle for new strategies, it becomes clearer where they are exploiting grey areas or even where new patterns of fraud are emerging.

Two areas that contribute significantly to a company's B-BBEE rating are Ownership (25 points) and Enterprise and Supplier Development (ESD) (30-40 points).

Since ESD does not apply to smaller companies (exempted micro-enterprises (EMEs)) and is not as significant for medium-sized companies (qualifying small enterprises (QSEs)), these entities are mostly focusing on ownership structures - and this is where things are getting interesting.

The 'courtesy' that has been extended to EMEs and QSEs allows them to capture and present their B-BBEE statuses using only an affidavit. This has, essentially, made B-BBEE compliance an honesty system. The fact that PricewaterhouseCoopers' (PwC) Global Economic Crime and Fraud Survey 2018 has, once again, awarded South Africa the questionable honour of the "champion" of economic crime points to the risks inherent in this approach. Until recently, at least questions of integrity extended all the way to the very top of the country's the same time companies are desperate for business in an economy that is still struggling to live up to growth expectations and the pressures of socio-demographic dynamics.

In this light, a system based, to a certain degree, on self-policing and self-reporting bears significant risk - especially considering the penalties for any breaches, even for customers of fraudulent entities. So, clients of EME and QSE suppliers should be cautious of tell-tale signs of fraud.

Four relevant 'schemes'
The following list of vendor-company B-BBEE fraud patterns is by no means exhaustive, but definitely features heavily in investigations conducted by data collection and verification service providers, such as Inoxico:

1. Misrepresenting information
Let's start with the most basic (and desperate) form of B-BBEE fraud: the falsification of data or certificates. Here, two main modus operandi stand out:
a. Manipulating details on a certificate that was issued under the previous Codes in order to extend its validity period. Picking this up, typically, requires detailed knowledge of the layout and various elements of the certificates, good relationships with the verification agencies and access to historical data and certificates.
b. Misrepresentation as an EME or QSE when it qualifies instead as a Generic, based on the vendor company's revenue. Getting to a high B-BBEE rating is, in most cases, much easier for EMEs and QSEs. In terms of spotting misrepresentation, it is sometimes as easy as triangulating different types of information on vendor companies, e.g. comparing customer contracts with B-BBEE information.

2. Promoting straw men
Promoting employees to directors without the proper rights and remuneration is nothing new, but definitely still relevant. Companies take advantage of certain employees' ignorance of what it means to be a director of a business. They 'promote' black employees to director or even shareholder level without them taking on the duties of a director or aligning their remuneration schemes with these roles. This improves the company's management and/or ownership credentials in terms of B-BBEE, but the relevant employees are 'chewed up and spat out' in the sense that this title is taken away as soon as the business has made an alternative plan - this is certainly not in the spirit of the Act.

3. Impermissible flow-through
The current B-BBEE Codes allow for something referred to as the 'Modified Flow-through Principle', which entails the use of a special purpose vehicle (SPV) as part of a company's ownership structure. It provides for an easier means to improve a company's black-ownership credentials by using a >51% black-owned SPV as a 100% black-owned shareholder.

In addition to the above and, as already mentioned, in an effort to lower the cost of compliance for small businesses, the Act allows EMEs and QSEs to formalise their B-BBEE rating by simply completing an affidavit under oath.

Combining these two principles, however, is deemed to be against the spirit of the Act and a misrepresentation of B-BBEE credentials, as per the B-BBEE Commission's Practice Guide 01 of 2017. EMEs and QSEs cannot claim to be >51% black-owned if the relevant shareholder is a SPV, using the Modified Flow-through Model. This is, essentially, seen as taking advantage of the 'courtesy' extended to small owner-run businesses for the purpose of improving the ratings of larger, more complex, ownership structures.

Similar to the previous scheme, it is important that purchasers have a decent understanding of their vendors and cross-reference vendor information with their B-BBEE information in order to spot contraventions of the above. Although not against the law as things stand, ultimately, it will probably be written into the next revision of the Act.

4. 'Fake' employee-ownership schemes
Employee-ownership schemes are well known and used for many reasons - one being to improve B-BBEE ratings. Basically, black employees are given shares in a business to improve the company's black-ownership percentage.

One version of the above is based on extending equity to black employees through company loans. Conceptually, these loans are then paid back by the employees using their shareholder proceeds, e.g. dividends. However, this 'system' can easily be manipulated to ensure that the relevant employees never really become shareholders.

For example, should the board of directors own the property that the company rents, they could easily increase rent to reduce profits and thereby dividend pay-outs. This means that the short-term shareholder proceeds for these employees would virtually be zero and, therefore, their ability to pay back the related loans none. One can probably come up with many examples of how profits can be manipulated to the disadvantage of employee-ownership schemes if the business is not well governed - which is often the case for smaller businesses.

What are the implications of being involved or unaware?
As for many other cases of vendor-related fraud, there are serious implications for perpetrators and stakeholders that are involved (e.g. procurement officers):
1. The B-BBEE Act (Section 13O (2)) states that a verification professional, procurement officer or any official of an organ of state or public entity, who becomes aware of the commission of, or attempt to commit, any offence referred to under Section 13O (1) and fails to report it, is guilty of an offence. In addition, if an entity is found to have violated the Act, an entity could be fined up to 10% of its annual turnover and individuals that are involved could be imprisoned for up to 10 years and/or fined. Specifically, an offence under Section 13O (2) could lead to imprisonment of up to 12 months, or a fine, or both.
2. It is important to remember that the South African Companies Act (via the Organisation for Economic Co-operation and Development (OECD) regulations), the United Kingdom Bribery Act and the Foreign Corrupt Practices Act (FCPA) all require companies to put adequate measures in place to prevent fraud and corruption, specifically mentioning third-party related fraud. Should directors and those accountable not do so, they can be held personally liable.

How to address the problem
On-boarding and monitoring
As part of a well-constructed supply chain governance function, vendor B-BBEE statuses should be assessed and validated during the vendor on-boarding process and at regular intervals thereafter (typically when statuses are renewed). This should be done in conjunction with assessing other vendor-company data in order to gain a proper understanding of the risks involved.

Deep dives
Any suspicion of B-BBEE fraud should be substantiated by specific B-BBEE fraud-related assessments. These range from basic risk assessments using on-file (or vendor-provided) data, to in-depth assessments, which include ultimate beneficial ownership analysis through site visits.

Risk mitigation
These processes should also cater for the mitigation of the mentioned risks through appropriate interactions with vendors and B-BBEE authorities (e.g. the B-BBEE Commissioner) once a risk has been identified.

By having a reasonable and credible process in place that includes the abovementioned elements, companies operating in South Africa can operate in full compliance with and in the spirit of the Act - effectively contributing to an uplifting social dynamic in the economy.