Observations

• Author: European Court of Auditors
• Pages: 16-43

16

Observations

Anti-fraud policy, fraud prevention and detection measures

Managing authorities generally have no specific anti-fraud policy

18 The Commission has provided guidelines for Member States and managing

authorities to help them comply with their legal obligation to put in place anti-fraud

measures that are proportionate and effective.

— At the level of the Member States, the Commission recommends the adoption of

national anti-fraud strategies for the protection of the ESI Funds, with the

objective of ensuring homogenous and effective implementation of anti-fraud

measures, especially where Member States’ organisational structures are

decentralised.

— At the level of operational programmes, the Commission recommends that

managing authorities develop a structured approach to tackling fraud, organised

around the four key elements in the anti-fraud management process: prevention,

detection, correction and prosecution16.

— The Commission has further defined concrete criteria for evaluating the way

managing authorities have complied with their legal obligations for setting up

proportionate and effective anti-fraud measures17.

16 Commission’s Guidance for Member States and programme authorities on fraud risk

assessment and effective and proportionate anti-fraud measures (EGESIF 14-0021 of 16

June 2014), OLAF’s Handbook on the role of Member State auditors in fraud prevention and

detection (October 2014) and Guidance on a common methodology for the assessment of

management and control systems in the Member States (EGESIF 14-0010-final of

18 December 2014).

17 Article 30 and Annex IV of Commission Delegated Regulation (EU) No 480/2014 of

3 March 2014 supplementing Regulation (EU) No 1303/2013 of the European Parliament

and of the Council (OJ L 138, 13.5.2014, p. 5) and defining key requirements of

management and control systems and their classification with regard to their effective

functioning - specifically key requirement 7 (effective implementation of proportionate

anti-fraud measures).

17

19 The Commission recommends that managing authorities use a formal anti-fraud

policy18 to communicate their determination to combat and address fraud. This policy

should, in particular, include strategies for the development of an anti-fraud culture

and the allocation of responsibilities for tackling fraud. We consider that managing

authorities should have prepared a formal anti-fraud policy or a similar single, stand-

alone document specifying their fraud prevention, detection and response measures

and making clear to their own staff, the beneficiaries of EU funding and other

authorities that measures to tackle fraud are in place and being implemented.

20 We found during our visits that very few of these policies actually constitute

formal reference documents summarising the measures to be implemented at each

stage of the anti-fraud management process in response to identified fraud risks. We

only found examples of formalised anti-fraud policies in Latvia, at specific intermediate

bodies in Spain, and in France (where the policy has not been made public). In all other

cases, to obtain a full description of anti-fraud measures we needed to consult

multiple management documents and manuals of procedures. We consider that the

absence of formalised anti-fraud policies limits Member States’ ability to supervise and

coordinate anti-fraud measures and evaluate their effectiveness. This is particularly

relevant in that only ten Member States have adopted a national anti-fraud strategy19

based on the Commission’s recommendation (see paragraph 18).

21 We also consider the absence of provisions requiring managing authorities to

adopt formal anti-fraud policies as a shortcoming in the design of the anti-fraud

framework for 2014-2020. Furthermore, Commission Delegated Regulation (EU)

No 480/2014 (complementing the CPR for 2014-2020) does not mention shortcomings

18 In this sense, the concept of a formal anti-fraud policy c orresponds to the ’fraud risk

management programme’ defined by the Association of Certified Fraud Examiners (ACFE) in

its ”Fraud examiners manual” or in the ”Fraud Risk Management Guide” it developed with

the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and to

the “formal counter fraud and corruption strategies” defined by the Chartered Institute of

Public Finance and Accountancy (CIPFA) in its “Code of practice on managing the risk of

fraud and corruption”.

19 National anti-fraud strategies exist in ten of the 28 Member States: Bulgaria, Czechia,

Greece, France, Croatia, Italy, Latvia, Hungary, Malta and Slovakia. Romania also has a

strategy, but it is now out-of-date (Source: 2017 PIF report, page 12). The Member States

that have not adopted a national strategy are: Belgium, Denmark, Germany, Estonia,

Ireland, Spain, Cyprus, Lithuania, Luxembourg, Netherlands, Austria, Poland, Portugal,

Slovenia, Finland, Sweden and United Kingdom.