The COVID-19 pandemic had profound impacts on the world’s economies. Companies in certain sectors struggled to remain solvent, leaving many people facing redundancies. Businesses in other sectors found it hard to keep up with demand and recruit enough workers. Needless to say, nearly every business and economy endured financial headwinds during the pandemic and in the months that followed.
In response to pressure on businesses in the European Union (EU), a National Recovery and Resiliency Plan (NRRP) was established, aimed at helping member states and businesses in EU countries recover from the pandemic and build for a more resilient future.
The NRRP is a key component of the EU's €723 billion recovery package in loans and grants, which was agreed in July 2020. The plan was designed to support investment in areas such as healthcare, digital technology, research and development, social and territorial cohesion, and green transition, while also promoting economic growth and job creation.
Each member state has been tasked with developing its own NRRP, outlining specific measures and reforms that will be implemented with the support of EU funding - a crucial step towards strengthening European economies and ensuring the region is better equipped to withstand any future crisis.
The Recovery and Resilience Facility (RRF), which provides the funds, operates on a performance-based approach. This means the Commission disburses money to each member state based on successful attainment of agreed criteria, milestones, and targets. For countries like Italy, the fund allocation represents a share that’s equal to 10.79% of its annual gross domestic product (GDP), and in the case of Greece, it represents an even higher percentage of 16.68% of annual GDP – very significant amounts.
While the aim of the NRRP was to support economies across the EU, so many billions of Euros also became a massive draw for financial criminals. There have been and will continue to be fraudsters attracted by the prospect of taking a share of this money. However, National Risk Assessments conducted by member states have highlighted that the public sector is largely unaware of its vulnerability to the risk of money laundering and its attractiveness to organized crime groups. This is particularly evident in cases such as the misuse of COVID-19 relief funds.
Criminals are using different methodologies to access money through the RRF fraudulently, which include:
One of the more sophisticated ploys used to make fraudulent claims on the fund is for “entrepreneurs” to set up a business to access subsidies from the NRRP. After receiving their grant or entitlement, the business owner will file for bankruptcy and dissolve the company. However, rather than ceasing trading, the company and its employees are moved to another country. The country chosen might be a low-tax jurisdiction, or it may be a less well-regulated country in Europe. All this is, of course, done without telling the national authority who issued the grant. The entrepreneur is therefore defrauding the state and the EU as a whole.
One instance of fraud detected in Italy led to the imprisonment of a woman who had illegally obtained approximately €7.5 million through the RRF. She established a voluntary association and submitted false documents to meet the requirements and obtain the funds. The money was supposed to be used to provide food, accommodation, Italian language courses, and training for asylum seekers, but instead it was used for personal purposes.
The association’s true board of directors comprised individuals without prior expertise in running companies and it was also comprised exclusively of non-Italian foreign nationals. It seems, in this instance, the required due diligence checks and risk assessments were lacking, which shows poor compliance and governance practices. However, the fraud was successfully detected and the perpetrator prosecuted.
There is a regulatory framework for the Recovery and Resilience Facility (EU Regulation 2021/241), and article 20 sets out the measures and due diligence activity required before grants and funds are issued:
“In implementing the Facility, the Member States, as beneficiaries or borrowers of funds, shall take all the appropriate measures regarding the prevention, detection and correction of fraud, corruption and conflicts of interests.
Member States shall provide an effective and efficient internal control system and the recovery of amounts wrongly paid or incorrectly used.
For the purpose of audit and control, it is a requirement to collect and ensure access to the following standardized categories of data: (i) name of the final recipient of funds; (ii) name of the contractor and sub-contractor, (iii) first name, last name and date of birth of beneficial owner(s) of the recipient of funds or contractor; (iv) a list of any measures for the implementation of reforms and investment projects under the recovery and resilience plan.”
Distribution of the NRRP funds is administered in-country, therefore each member state needs to take control of its own compliance measures, due diligence, and fraud checks. This can be onerous when responsibility falls between national and local agencies. Clear lines of accountability and attacks on these kinds of fraud need to be drawn, but anti-fraud controls in the EU will have to intensify as the risks of defrauding the NRRP continue.
Central and local administration teams, as well as individual government departments, all have a crucial role in detecting fraudulent disbursements. In Italy, for example, to ensure compliance with checks and combat fraud risks, three recommended platforms are used: Arachne systems, Moody's Analytics Orbis database, and PIAF-IT. These platforms are interconnected with ReGiS, which is the unique platform developed by the Italian state. The platform enables central and peripheral government administrations, local authorities, and implementing entities to conduct a wide range of operations to fulfill their regulatory obligations regarding monitoring, reporting, and controlling measures and projects funded by the NRRP.
While this outlines the approach in Italy, it’s certainly one that could be more widely adopted across the EU to fight fraud targeting the Recovery and Resilience Facility.
The Moody’s Analytics KYC team works with Government teams globally to support on a range of critical issues. We help drive efficiency improvements, data integration, automation, and scalability of teams and processes. Our tools enable departments and agencies to access data and automate checks that identify risk and prevent fraud.
Moody’s Orbis solution is the world’s most powerful comparable data resource on private companies. It has information on more than 445 million entities - 40 million with detailed financial information - to support anti-fraud and anti-money laundering programs anywhere in the world.
Please get in touch if you have any questions or would like to find out more about Moody’s Analytics KYC.