Procurement fraud: the hidden threat facing businesses of every size

By the Business Fraud Alliance, 16 February 2026

Procurement fraud isn’t just a ‘big government’ problem. From sole traders to multinationals, organisations lose money, time and trust when suppliers, employees or third parties manipulate buying and contracting processes for personal gain. 

In the UK, both the public and private sectors are collectively spending hundreds of billions on goods and services each year. Thus the opportunity for abuse is significant, and growing.

This article explains what procurement fraud looks like, why small and medium-sized enterprises (SMEs) are especially exposed, the current UK legal landscape, red flags to watch for, and practical steps to reduce your risk.

What is procurement fraud?

Procurement fraud is any dishonest or improper conduct across the sourcing, tendering, contracting, and contract-management cycle that results in an unauthorised benefit.
 
It includes schemes such as bid-rigging and collusion, bribery and kickbacks, false invoicing, duplicate billing, overcharging, undisclosed conflicts of interest, product substitution, and contract ‘change-order’ abuse. (For practical overviews and controls, see guidance from the Chartered Institute of Procurement & Supply (CIPS) and the Local Government Association (LGA).)

Why this matters now

• Scale of losses: The UK National Audit Office estimates fraud and error against public funds at £55–£81bn in 2023–24, illustrating the scale of incentives and vulnerabilities across procurement ecosystems. While that figure covers a broad set of government programmes, the same weaknesses and behaviours surface in private supply chains.
• Active enforcement on collusion: The Competition and Markets Authority (CMA) continues to warn about bid-rigging risks in UK public procurement and is piloting AI tools to detect suspicious bidding patterns – techniques that private buyers can adapt in their own analytics.
• Evolving rules: The UK’s Procurement Act 2023 (in force for public bodies and entities caught by the regime) reshapes procedures, conflict-of-interest duties, and introduces a strengthened exclusions and debarment regime – raising the bar on supplier due diligence and record-keeping.

Common schemes (and how they show up)

1. Bid-rigging/collusion
   Patterns: identical bids, rotational winners, last-minute identical price cuts, or unusual subcontracting between ‘competitors’. Use market intelligence and data checks to spot anomalies.
2. Bribery & kickbacks
   Patterns: gifts, hospitality, ‘consultancy’ fees routed to decision-makers; steering specifications to favour one supplier. UK organisations must have adequate procedures to prevent bribery under the Bribery Act 2010.
3. Invoice & payment fraud
   Patterns: duplicate invoices, inflated quantities, off-contract pricing, ‘ghost’ vendors, changes to bank details without verification. CIPS recommends embedding fraud checks in vendor assessment and supplier evaluation.
4. Contract management abuse
   Patterns: excessive change orders, tolerance creep on quality, acceptance of substitutes not meeting specifications, or undisclosed conflicts in performance monitoring. LGA guidance maps the risks across the entire cycle.

Why SMEs are especially vulnerable

• Concentration risk: Fewer buyers and approvers create single points of failure.
• Limited segregation of duties: One person may raise purchase orders (POs), approve invoices, and reconcile statements.
• Resource constraints: Smaller teams often lack the tools for spend analytics, background screening, or supplier monitoring.
• Relationship capture: Longstanding relationships can dull healthy scepticism.

The UK legal and regulatory backdrop (in brief)

• Bribery Act 2010: Creates corporate liability for failing to prevent bribery; the government’s guidance sets out six principles (proportionality, tone from the top, risk assessment, due diligence, communication/training, monitoring & review).
• Procurement Act 2023 (public sector focus): Simplifies procedures, tightens conflict rules, and introduces an exclusion/debarment regime with oversight. Private suppliers to the public sector must understand these duties and disclosure expectations.
• Competition law: Cartel conduct and bid-rigging are criminal and civil offences, with the CMA actively investigating.

Red flags your team should recognise

• Unusual bid patterns (same formatting, repeated typos, IP addresses, or sequential timestamps).
• Specifications seemingly written around a single vendor’s product.
• Frequent, poorly justified change orders or price escalations post-award.
• Supplier requests to change bank details via email without secure verification.
• Staff with unexplained lifestyle changes, undisclosed outside interests, or close ties to vendors (train managers on Bribery Act expectations).

A practical, proportionate control framework

1. Govern & set tone
   • Approve an anti-fraud and anti-bribery policy referencing Bribery Act principles; assign an accountable executive and a Fraud Response Plan owner.
2. Map and assess risk
   • Risk-assess categories with high value, urgency, or limited competition (e.g., facilities, construction, IT). Use simple heat-maps if you’re an SME.
3. Strengthen the process
   • Pre-award:
     • Standardise competitive procedures; require conflict-of-interest declarations on every procurement.
     • Vet suppliers (corporate registry checks, directors, sanctions; watch for ‘newco’ shells formed just before tenders)
   • Award:
     • Document the evaluation trail; keep decision logs and scoring rationales.
   • Post-award:
     • Three-way match (PO, goods received note (GRN), invoice); exception-report variances.
     • Approve changes via a change-control board with thresholds.
4. Use data smartly
   • Run duplicate-payment and vendor-master analytics (i.e. same bank account across multiple suppliers; near-duplicate names).
   • For tender integrity, look for statistical anomalies in bid timing and pricing – mirroring the kind of analysis the CMA is piloting.
5. People & culture
   • Train budget holders and approvers on red flags and reporting routes.
   • Rotate duties and mandate holidays in high-risk roles.
   • Enable safe, anonymous reporting (whistleblowing) and commit to non-retaliation.
6. Monitor & assure
   • Periodic spot-checks with internal audit or an external reviewer.
   • Supplier performance reviews against clear KPIs; verify deliverables independently.

If you suspect procurement fraud

1. Freeze the situation: Pause payments and contract changes where legally possible.
2. Preserve evidence: Secure email, messaging, bid files, and enterprise resource planning (ERP) logs.
3. Scope the issue: Use an independent lead to avoid conflicts; consider forensic review of vendor and payments data.
4. Follow your plan: Engage legal counsel early (i.e. on Bribery Act exposure and reporting obligations) and consider self-reporting where appropriate.
5. Remediate and communicate: Close control gaps, debrief teams, and update training and policies.

Key takeaways

• Procurement fraud thrives where process discipline, transparency, and data use are weak.
• UK enforcement and regulation are raising expectations, especially around conflicts, exclusion/debarment, and anti-bribery controls.
• Even small, proportionate steps – supplier vetting, segregation of duties, analytics for duplicates/anomalies, and stronger change control – dramatically cut risk.

You may also be interested in:

Insights

Tips for defending your business against staff fraud

Get ready for new UK failure to prevent fraud offence

Courses

ICA Advanced Certificate in Managing Fraud