Constituent Mitigations

11.5 Performing supply chain due diligence

Verify supplier performance history, integrity record, ownership and links to malign actors.

Knowing who to do business with is a big part of mitigating corruption risks, and recognising contractors who have links to corrupt networks can help avoid fraud and overcharging. It will also reduce the flow of resources to malign actors. Due diligence checks could include, though not be limited to:

  • Company work and performance history
  • Any history of fraudulent or corrupt behaviour in the past among bidders and suppliers
  • Existence and record of a supply chain, including subcontractors, agents and intermediaries
  • Beneficial ownership of a company and the owners’ work and legal history
  • The owners’ family and other social networks and connections, especially connections to criminal patronage networks, corrupt actors, organised crime groups, or insurgent and terrorist group
  • Financial flows, especially any flows to or from shell companies
  • History of unexpected wins or losses in previous bids.

For the due diligence checks to be possible, mission leadership and contracting staff need to ensure that bidding calls contain language enabling checks on company and individual records.

  • According to a senior officer interviewed in 2018, NATO forces in Kosovo require that bidders agree to verification of their companies and their financial transactions by the mission, which in effect means intelligence-based verification by the J2 branch.
  • The Resolute Support mission in Afghanistan verifies contractor information using a central US database, the Joint Contingency Contracting System. The JCSS is a way to store and use information and contractor performance history, helping ensure continuity and access to information across personnel rotations.

One challenge of supply chain due diligence is ascertaining the identities, links and influence of individuals either controlling or deriving benefit from particular companies. Different jurisdictions have varying standards regarding disclosure of beneficial owners, with some requiring no disclosure and others, for example the EU countries, requiring disclosure of individuals controlling 25% or more of company assets. In jurisdictions where beneficial ownership disclosure laws are not stringent, it might be necessary for the mission to explore contract-related and mission-specific ways to ensure beneficial ownership information which is necessary to protect mission resources, can be accessed.

In many operational environments, record-keeping is at best patchy and at worst non-existent, and it can be difficult to verify companies’ work history and their owners’ professional and social positions and relationships. In these cases, documentary evidence might need to be replaced by community checks and interviews, supported by intelligence information (signals and human) where possible and appropriate.


Case Study: Afghanistan: Corruption and the making of warlords

Good practice: Task Force 2010

Task Force 2010, set up by US forces in Afghanistan to stop resources flowing to adversary groups, focused on assessing potential contractors for risk of collaboration with the insurgents. According to interviews with former TF 2010 staff, contractors were graded on an A-D scale, with ‘A’ denoting ‘beyond suspicion’ and ‘D’ signalling near-certainty that a company was most likely cooperating with insurgent groups. While TF 2010 was not specifically geared toward tackling corruption, it was one of the factors they took into consideration when assessing contractors. The overall institutional solution and mode of working could be adapted to mitigating corruption risks in sustainment.

TF2010 checks were preventive in nature and did not include monitoring or oversight of contracts and projects as they were implemented. They did, however, enable suspension or debarment of problematic companies. TF2010 would start gathering information on potential contractors through consulting open sources and databases such as those run by US government departments or the World Bank, and gather information on particular contractors within local communities. If those gave cause for concern, further intelligence was gathered through human sources, through signals intelligence such as phone tapping, and through analysing financial flows. In some cases, checks were initiated by observations from routine inspections, such as those of fire or health safety. Final decisions on employing or disbarring a company were taken at the level of US joint commands such as CENTCOM.

Where TF2010 faced challenges was in coordinating with other interested agencies: one interviewee noted that it was an isolated unit, which did not work directly with civilian agencies and which did not cooperate with ISAF-wide anti-corruption task forces. This means that it had limited opportunities to share information. It did, however, did pass information on to Special Inspector General for Afghanistan Reconstruction in order to inform their audits.

View case study
External Link

Good practice: Preventive Services Unit, The World Bank

The Preventive Services Unit (PSU), part of the Bank’s Integrity Vice Presidency, is tasked with assessing and mitigating corruption and fraud risks in the procurement process. The unit analyses risks posed by particular procurement processes; identifies red flags; advises on project design based on known red flags and previous corruption and fraud risks; and provides training to Bank staff. The PSU provides a much-needed link between investigations, which can reveal particular vulnerabilities, and project design, which can use the results of previous analyses to introduce safeguards that can close off known avenues of corruption. It therefore enables a Bank-wide iterative project design that can help close off opportunities for corruption.

View external case study

Key Personnel

  • J2
  • J4
  • J8
  • J9