Procurement Fraud and Kickback Schemes: The AP Red Flags
Most fraud awareness training focuses on the fake invoice — the forged document, the spoofed email, the obvious mismatch. Procurement fraud is a different animal, and a more expensive one. It does not produce fake invoices. It produces real invoices, from vendors that genuinely exist, for goods or services that may genuinely have been delivered, approved by an employee who has every right to approve them. The fraud is not in any single document. It is in the relationship and the pricing behind them.
I have spent my career building fraud detection, and procurement fraud is the category that defeats document-level checks most completely. A three-way match passes. The vendor has a valid tax ID. The approval is from the correct manager. Nothing on the page is wrong. What is wrong is that the manager is steering work to a vendor who pays them a cut, or to a company the manager secretly owns, or that the price is inflated and the difference is being split. None of that is visible on an invoice. It is visible in patterns across many invoices — which is the entire reason data beats intuition here.
Procurement fraud is a family of schemes, and recognizing them is the first step to detecting them. The major variants all involve an insider with influence over which vendors get hired and what gets paid.
The procurement-fraud schemes an AP team should know
- Kickbacks — a vendor secretly pays an employee, in cash or in kind, in exchange for the employee steering work to that vendor or approving its invoices without scrutiny
- Bid rigging — competing vendors collude, or an insider manipulates the bid process, so a predetermined vendor wins; competition is faked rather than real
- Shell vendors — an invoice-only company with no real operations, often owned by or tied to an insider, billing for goods or services that are inflated or never delivered
- Related-party vendors — a real, operating vendor that is secretly owned by, or connected to, an employee who approves its work, creating an undisclosed conflict of interest
- Split purchases — a single large purchase deliberately broken into smaller invoices, each kept under an approval threshold, so a low-level approver can wave it through and a senior reviewer never sees it
- Over-billing — a real vendor invoices for more than was delivered: inflated quantities, padded hours, higher-grade materials than supplied, or unapproved change orders, with the overage often shared with a colluding insider
These schemes overlap in practice. A kickback is often paid out of an over-billing scheme; a shell vendor is frequently also a related party; split purchases are the technique that lets a kickback or a shell vendor stay below the radar. The rest of this post takes the most important ones in turn, then turns to what AP can actually detect.
A kickback is the oldest procurement fraud there is: a vendor pays an insider to be favored. The payment can be cash, but it is often less traceable — a renovation done at the employee's home billed as a job-site cost, a vehicle, tuition, a no-show consulting arrangement for a relative. In exchange, the insider directs work to the vendor, approves its invoices quickly, and looks past quality or pricing problems.
Kickbacks are damaging because they corrupt the price. A vendor paying a 10 percent kickback has to recover that 10 percent — so it bids high, and the colluding insider makes sure the high bid wins. The company overpays on every job that vendor touches, and the overpayment funds the bribe. Construction is especially exposed: project managers and superintendents make real-time vendor and sub selection decisions in the field, often with limited central oversight, and a single corrupt PM can route a large slice of a project's spend.
Bid rigging is the mechanism that delivers the favored vendor a win while keeping up the appearance of competition. It takes several forms: complementary bidding, where other vendors knowingly submit high "courtesy" bids so the chosen one wins; bid suppression, where competitors agree to stay out; bid rotation, where a ring of vendors takes turns winning. An insider can also rig from inside — writing a scope only the favored vendor can meet, leaking competitors' numbers, or compressing the bid window so only the tipped-off vendor can respond. The common result: the company believes it ran a competitive process and got a market price, when it did neither.
A shell vendor is a company that exists only to send invoices. It has a name, a tax ID, a bank account, and nothing else — no employees, no equipment, no real capacity to do the work it bills for. An insider sets it up, routes payments to it, and pockets the money. The shell may bill for phantom services that are impossible to disprove — "site consulting," "project coordination," "expediting" — or it may sit between the company and a real vendor as a pass-through that marks up every invoice.
A related-party vendor is subtler and often harder to find, because the vendor is real. It operates, it can do the work, it may even do it competently. The fraud is the undisclosed connection: the vendor is owned by the approving manager, by a relative, or by a business partner, and that conflict is hidden so the manager can steer work to a company they profit from and approve its invoices without anyone knowing they sit on both sides.
Both leave faint but real traces in the vendor master. A shell or related-party vendor often shares an address, a phone number, or a bank account with an employee or with another vendor. It frequently has no web presence, no business-registration history, and no physical footprint that matches its claimed scale. It may have been added to the system around the time a particular employee gained influence, and its billing may track that employee's projects with suspicious precision. Individually these are weak signals. Correlated against HR records and across the vendor file, they become a pattern.
Every approval hierarchy has thresholds — under $5,000 a PM can approve, above $25,000 it needs a controller, and so on. Thresholds are a good control. But they create a specific exploit: if a fraudster can keep each invoice below the line, the transaction never reaches the reviewer who would catch it. Splitting is how they do it.
A $60,000 purchase that would require senior sign-off is broken into a cluster of invoices — say five at $11,500 and change — each comfortably under a $12,000 threshold, each approved by a single low-level approver. The total spend is identical; the oversight is gone. The same pattern lets a colluding insider keep a kickback vendor or a shell vendor below the threshold at which someone senior would ask hard questions.
Splitting is one of the easier procurement frauds to detect statistically, because it leaves an obvious fingerprint: multiple invoices from the same vendor, close in time, each landing just under a threshold. Honest spend does not cluster against a threshold — it scatters across a range. A vendor whose invoices repeatedly come in at $4,800, $4,950, $4,750 against a $5,000 line is showing you something. A natural distribution does not pile up just below the cutoff.
Get AP insights in your inbox
A short monthly roundup of construction AP + accounting posts. No spam, ever.
No spam. Unsubscribe anytime.
AP cannot see a kickback being paid or a side conversation between bidders. But AP sees the data those schemes distort, and that data carries detectable signals. None of the following proves fraud on its own — each is a prompt to look harder.
Procurement-fraud red flags visible in AP data
- Invoice amounts clustered just below an approval threshold from the same vendor — the signature of split purchases
- A vendor whose volume rose sharply right after a specific employee took on a project or a procurement role
- Invoices for vague, hard-to-verify deliverables — consulting, coordination, expediting, miscellaneous services — with no PO, no receiving record, and no quantifiable scope
- A vendor that is always approved by the same single person and never independently verified by anyone else
- A vendor address, phone number, or bank account that matches an employee record or another vendor's record
- Round-number invoices, sequential invoice numbers, or invoices that arrive from a personal-style email rather than a vendor billing system
- Pricing consistently above market, or unit prices that drift up over time without a corresponding change in scope or specification
- Bids that come in suspiciously close together, or a vendor that wins repeatedly while its competitors submit only token-high numbers
- A new vendor whose first invoice arrives within days of setup and whose billing precisely tracks one employee's projects
- Change orders that recur with the same vendor, padding contracts after the competitive bid is already won
- A vendor with no verifiable footprint — no website, no business registration, no working phone — yet a steady payment stream
The power is in correlation. One round-number invoice is nothing. A vendor with round-number invoices, an address matching an employee, a single recurring approver, and pricing 15 percent above the others is not a coincidence — it is a scheme described in four data points.
Procurement fraud is the category where human intuition is weakest, for a structural reason. The fraud is invisible at the level a human reviews — the single invoice — and only visible at the level a human cannot hold in their head: thousands of invoices, dozens of vendors, months of timing. A clerk approving an $11,500 invoice has no way to know it is the fourth such invoice from that vendor this month, or that the cluster sums to $58,000, or that this vendor's volume tripled the week a particular PM was promoted. Each fact lives in a different row of a different report.
Procurement fraud is a pattern problem, so it needs a pattern detector. The schemes that defeat invoice-by-invoice review — split purchases, shell vendors, kickback-driven price drift — all show up as statistical anomalies the moment you analyze AP data in aggregate. An AP platform that continuously scans for invoices clustering below thresholds, vendor-master fields that overlap employee records, approver concentration, and pricing that drifts above peers turns a years-long undetected scheme into a flagged anomaly a human can investigate this quarter. The math sees what a reviewer reading one document at a time structurally cannot.
This is not about replacing judgment — investigating a flagged vendor is entirely a human job, and most flags resolve as legitimate. It is about pointing judgment at the right place. Anomaly detection does the part humans are bad at: holding the whole dataset at once and surfacing the handful of vendors whose numbers do not behave like honest spend. The investigator then does the part software cannot — calling references, checking ownership, comparing pricing, deciding what it means.
Detection finds schemes already running. Controls make them harder to start. The structural controls that constrain procurement fraud are familiar AP discipline, applied with conflict-of-interest in mind.
Controls that constrain procurement fraud
- Segregation of duties — the person who selects a vendor is not the person who approves its invoices is not the person who releases payment
- Competitive bidding with documentation — purchases above a set size require multiple real bids, with the bid file retained and reviewable
- Vendor onboarding due diligence — verify the tax ID, the business registration, the physical address, and screen new vendor records against employee data
- Annual conflict-of-interest disclosures — employees with procurement influence formally declare any financial interest in, or family ties to, vendors
- Aggregate-spend monitoring — review total spend per vendor and per approver, not just individual invoices, so split purchases and approver concentration surface
- Threshold and approval rotation — vary who reviews above-threshold spend, and rotate PM and AP pairings, so a corrupt insider cannot rely on a fixed, predictable approval path
- Periodic price benchmarking — compare unit pricing across vendors and over time to catch the inflation that funds kickbacks
Controls alone are not enough, because procurement fraud is fundamentally about whether insiders believe they can get away with it. That belief is set at the top. When leadership runs visible due diligence, takes conflict disclosures seriously, investigates anomalies rather than explaining them away, and treats a discovered kickback as a firing-and-prosecution matter rather than a quiet exit, the expected cost of the scheme rises sharply. When leadership signals that procurement is a relationship game and pricing is nobody's business, the controls become theater. Tone at the top is not a soft factor here — it is the variable that decides whether the controls are real.
Procurement fraud is the most expensive fraud category that document-level review will never catch, because it hides in real invoices from real-seeming vendors approved by trusted insiders. Kickbacks, bid rigging, shell and related-party vendors, split purchases, and over-billing all defeat the single-invoice check — and all leave statistical fingerprints across the AP dataset. Catching them requires looking at the data in aggregate, where clustering, overlap, and price drift become visible, and pairing that detection with segregation of duties, competitive bidding, conflict disclosure, and a leadership posture that makes the scheme genuinely risky to attempt. Intuition reads one invoice. The fraud lives in ten thousand. Detection has to work where the fraud actually is.
Written by
Alex Kim
Engineering Lead, AI
Engineering lead for Covinly's AI and ML systems. Previously built fraud detection at a B2B fintech. Writes about how AI actually reads invoices — the math, the edge cases, and why OCR alone isn't enough.
View all posts