Supplier fraud is the category of commercial fraud I am asked to investigate most frequently by organisations that consider themselves well-governed. They have procurement policies, approval workflows, and supplier due diligence processes. They have finance functions that review invoices and sign off payments. And yet, somewhere in the gap between what those controls are designed to do and what they actually do in practice, a supplier — or someone within the organisation managing that supplier — has been exploiting the relationship for financial gain.
That gap is what supplier fraud consistently targets. It does not require a sophisticated attack on the organisation’s systems. It requires an understanding of where the oversight is weakest, which relationships carry the most implicit trust, and how to structure transactions so that they look routine until someone examines them with genuine scrutiny. By that point, the fraud has typically been operating for long enough that the loss is significant and the evidence trail has become complicated.
This article sets out how vendor and supplier fraud operates, how the risk is identified, what a professional investigation involves, and what organisations can do to make their supplier relationships a harder target.
Understanding Supplier Fraud
Supplier fraud encompasses any deliberate deception involving a vendor relationship that results in financial loss to the purchasing organisation. It can originate externally — from the supplier itself — internally, from an employee who exploits their position to divert value through a supplier relationship, or through collusion between both. In my experience, the collusive variant is the most common and the most difficult to detect, because the fraud is effectively hidden within a legitimate commercial arrangement.
The scale varies considerably. At one end, supplier fraud involves straightforward overbilling or short delivery: a vendor charges for goods or services that were not provided at the agreed specification, volume, or price, relying on the purchasing organisation’s limited capacity to verify what it received. At the other end, it involves structured arrangements between an employee and a supplier that operate over years, channelling substantial sums through what appears to be a normal trading relationship.
What these cases share is the exploitation of trust. Supplier relationships — particularly long-standing ones — accumulate a degree of institutional trust that reduces the scrutiny applied to individual transactions. Invoices from a vendor the organisation has worked with for a decade receive less challenge than invoices from a new supplier. That differential is well understood by those who commit supplier fraud, and it is frequently what they depend on.
Common Supplier Fraud Schemes
The following schemes account for the majority of supplier fraud cases I investigate. They are not mutually exclusive — in practice, more than one is often operating simultaneously, sometimes involving multiple supplier relationships managed by the same individual.
Overbilling and Inflated Invoicing
The most prevalent form of supplier fraud by volume. The vendor submits invoices for amounts that exceed the agreed contract price, for quantities that were not delivered, or for services that were not performed. At its simplest this involves a supplier testing whether inflated invoices will pass through an approval process without challenge. At its most sophisticated, it involves systematic inflation sustained over years, supported by falsified delivery records and the cooperation of the employee responsible for approving payments.
In construction and facilities management — two sectors where I see this most frequently — overbilling is often structured around variation orders: legitimate contract mechanisms that are abused to generate additional payments that the original contract would not have permitted. The variations are approved by the employee managing the relationship, the supporting documentation is minimal, and the cumulative value of the excess is significant before anyone looks at the pattern.
Fictitious Vendors and Shell Companies
The fictitious vendor scheme involves the creation of a supplier entity — a registered company, a trading name, or in some cases a purely paper construct — through which fraudulent invoices are submitted and paid. The employee controls the vendor entity and receives the payments on the other side. I have covered this scheme in more detail in my article on procurement fraud, but it bears repeating here: fictitious vendor fraud exploits the gap between vendor onboarding processes as they exist on paper and as they operate in practice.
Shell company fraud is a variant that uses legally registered but operationally hollow entities — sometimes in multiple jurisdictions — to receive payments that are then further transferred or dispersed. These schemes require more sophistication to establish but can sustain larger and longer-running frauds, and the beneficial ownership is often deliberately obscured through nominee arrangements that require specialist investigation to unpick.
Duplicate and Phantom Billing
Duplicate billing — submitting the same invoice twice through different routes or in different periods — is one of the most straightforward supplier fraud schemes and one of the most reliably overlooked without systematic data analysis. In organisations where purchase orders and invoices are matched manually, or where different departments manage different elements of the approval chain, the same invoice can be paid more than once before the duplication is identified.
Phantom billing involves invoicing for goods or services that were never provided at all. The invoice is genuine in format, the vendor is an established supplier, and the approval process treats it as routine. What is missing is any underlying delivery. Identifying phantom billing requires a cross-check between invoiced activity and operational records: delivery notes, completion certificates, access records, or other independent confirmation that the goods or services described were actually received.
Mandate Fraud and Payment Diversion
Mandate fraud involves the fraudulent redirection of legitimate supplier payments to an account controlled by the perpetrator. It can be operated externally — through a supplier impersonation that convinces the finance team to update payment details for a genuine vendor — or internally, through a finance or procurement employee who makes unauthorised changes to supplier banking records in the payment system.
In my experience, the internal variant is more common than organisations tend to assume. Payment mandate changes are often treated as routine administrative updates and processed without the independent verification that their significance warrants. A straightforward confirmation process — contacting the supplier on a number independently sourced rather than one provided in the change request — would prevent the majority of these schemes. The absence of that process is what they depend on.
Identifying Supplier Fraud Risks
Supplier fraud risk is not distributed evenly across an organisation’s vendor base. It concentrates in specific relationships and specific functions, and understanding where that concentration sits is the first step in identifying whether a concern warrants investigation.
The risk indicators I look for when reviewing a supplier portfolio or responding to a specific concern are:
- Suppliers managed exclusively by a single employee, where no other individual within the organisation has a direct relationship with the vendor or visibility of the transactions involved.
- Long-standing supplier relationships where the terms of engagement have never been formally reviewed or renegotiated, and where pricing has drifted upward without a corresponding commercial justification.
- Vendors whose invoicing pattern — frequency, value, or timing — correlates with the authorisation limits or approval patterns of a specific employee rather than with the underlying business activity.
- Suppliers with limited verifiable commercial presence: minimal digital footprint, residential or mail-forwarding registered addresses, or Companies House records that show recent incorporation, dormancy, or connections to the approving employee.
- A concentration of sole-source or non-competitive procurement in a specific category or with a specific vendor, particularly where the rationale for avoiding competitive tender is not well documented.
- Payment mandate changes that were processed without independent verification, particularly where the change was requested by email rather than through a formal process.
- Supplier relationships that became significantly more active following a change of personnel in the relevant procurement or finance function.
The single-employee supplier relationship is the pattern I return to most consistently. When one person is the sole point of contact for a vendor, approves all invoices, and manages any queries that arise, the fraud detection capability of the entire approval chain is effectively neutralised. The controls exist, but they all pass through the same pair of hands. That structural concentration is both the risk and the tell.
Supplier Due Diligence Processes
Most supplier fraud operates in the space between the due diligence that organisations believe they are conducting and the due diligence that is actually taking place. Policies exist. Checklists exist. The problem is that those processes are frequently applied inconsistently, circumvented for established relationships, or treated as a box-ticking exercise rather than a genuine assessment of risk.
The due diligence approach I recommend to clients — and that we apply in our own supplier investigation work — is structured around three levels of scrutiny, applied proportionately to the value and risk profile of the relationship.
Baseline verification: applied to all new vendors before onboarding. This covers confirmation of legal entity status through Companies House, verification of the registered address as a genuine business premises, confirmation of bank account details through an independent source, and a basic check for adverse media or regulatory sanctions. This level of scrutiny takes little time and eliminates the most straightforward fictitious vendor schemes.
Enhanced due diligence: applied to higher-value suppliers, sole-source relationships, and vendors where baseline verification produces any unexplained results. This includes beneficial ownership analysis to establish who controls the entity behind the trading name, a review of the vendor’s financial health through filed accounts and credit data, and an assessment of any disclosed or discoverable connections between the vendor and the employees responsible for managing and approving the relationship.
Ongoing monitoring: supplier due diligence is not a one-time exercise. It needs to be repeated at defined intervals and triggered by material changes — a change of ownership, a significant increase in contract value, a new employee taking over the relationship, or an anomaly identified in the payment data. Most supplier fraud that runs for extended periods does so because the initial onboarding check was not repeated when the relationship changed.
One of the most consistent findings from supplier fraud investigations is that the connection between the fraudulent vendor and the approving employee was discoverable through publicly available information at the point of onboarding. The relationship was not hidden. It simply was not looked for. A basic beneficial ownership check and a cross-reference against employee personal data would have surfaced it. Neither was done.
Investigative Approaches
When a supplier fraud concern is raised — whether through a tip-off, an audit finding, or an internal review that has produced unexplained results — the investigation needs to move quickly and quietly. The risk of premature disclosure is higher in supplier fraud cases than in most other internal investigations, because the fraud often depends on an ongoing relationship between an employee and a vendor that can be wound down and obscured if either party becomes aware that an enquiry is underway.
The approach I take follows a defined sequence:
Covert preliminary assessment: before any overt step is taken, an initial review of the available financial data, the supplier’s corporate profile, and the employee’s disclosed interests. The purpose is to establish whether the concern has sufficient substance to justify a full investigation and to identify the immediate evidence preservation priorities.
Vendor forensics: a detailed investigation of the supplier entity and its beneficial ownership — Companies House records, overseas registry searches where relevant, property records, directorship histories, and connections to the employees involved. In the majority of supplier fraud cases I have investigated, this exercise produces significant findings that were not apparent from the internal records alone.
Transaction analysis: a structured review of the full payment history between the organisation and the relevant vendors, looking for duplicate payments, pricing anomalies, invoice irregularities, and patterns that correlate with the approval activity of specific individuals. The analysis is always conducted across the full relevant period, not just the window that initially attracted attention.
Communications and documentation review: where appropriate authority exists, a review of email correspondence between the relevant employee and the supplier, and of the internal documentation supporting the transactions under scrutiny. Communications in supplier fraud cases frequently contain the most direct evidence of the arrangement — references to the terms of the relationship, acknowledgements of payments, and coordination around invoice submission or approval.
Open source intelligence: a systematic review of publicly available information about the individuals and entities involved, including social media, professional networks, and any publicly reported litigation or regulatory history.
Witness interviews and subject interview: structured interviews with relevant witnesses before the primary subject, building the evidential picture progressively. By the time the employee under investigation is interviewed, the findings from the vendor forensics, transaction analysis, and communications review are in place. The interview is built around specific transactions, not general allegations.
Mitigation Strategies
Supplier fraud is preventable to a greater degree than most other forms of internal fraud, because the controls required to prevent it are well understood and relatively straightforward to implement. The reason it persists is not that prevention is difficult. It is that the controls are not applied consistently — or are applied at onboarding and then quietly abandoned as the relationship matures.
The measures that make the most practical difference are:
- Apply genuine due diligence at the point of vendor onboarding, including beneficial ownership verification and a cross-reference against employee personal data. Treat the discovery of an undisclosed connection as a serious matter, not an administrative oversight to be managed informally.
- Enforce segregation of duties across the procurement and payment cycle. The employee who manages a supplier relationship should not also approve invoices from that supplier, and should not have unchecked authority over payment processing.
- Implement an independent bank account verification process for all new vendors and for any payment mandate change requests. The verification should use contact details sourced independently of the request, not those provided by the party requesting the change.
- Conduct automated duplicate detection across the full accounts payable ledger as a standard control. This is not technically complex and removes one of the most reliably exploited gaps in manual approval processes.
- Review sole-source and long-standing supplier relationships regularly, applying the same scrutiny that would be applied to a new vendor rather than treating duration as a proxy for legitimacy.
- Include supplier fraud risk in the organisation’s internal audit programme, with specific attention to high-value vendors, single-employee-managed relationships, and categories where competitive procurement has not been applied.
- Create a genuinely confidential reporting mechanism for employees to raise concerns about supplier relationships. In my experience, colleagues in finance and procurement are often the first to notice that something about a supplier relationship is not quite right. They need a route to raise that concern that they trust and will use.
The principle that runs through all of these measures is the same one that applies to every other form of internal fraud: no single individual should have unchecked authority over a transaction from initiation to payment. Where that principle is consistently applied, supplier fraud becomes substantially harder to sustain. Where it is not, the gap it leaves is visible to anyone who is looking for it.
Concerned about a supplier relationship or suspected vendor fraud? Get in touch to find out how our supplier due diligence and investigation service can help.
Related Services
For organisations dealing with broader procurement or internal fraud concerns, the following pages may be relevant: