Fraud: Tenders in the Wind

The subsidiary’s tenders for wind farm construction, with contracts worth hundreds of millions of euros, were carried out recklessly and deviated significantly from established policies. For example, although the tenders were announced in public databases, project managers requested bidders submit amended offers directly to their work emails, thus jeopardizing the confidentiality of the bids.

In addition, the subsidiary failed to follow negotiation protocols; it was impossible to ascertain what information was provided to participants during the negotiations and how equal treatment of bidders was ensured. The project managers responsible for the audited projects had been cooperative and agreed there were opportunities for improvement. However, in their collective opinion, the procurement policies seemed too bureaucratic and created unnecessary work.

Cohen was pondering the matter when the regional head of wind developments, Johannes Jänes, called via video conference to inquire when to expect the first draft of the audit report. “By the way,” Jänes added, “one of the project managers told me information may have been leaked during the ongoing tenders for the construction of the wind farm roads, power substation, electrical works, and other parts of the farm.”

Considering her audit observations, Jänes’ statement made sense to Cohen. She asked Jänes for more details. “There is nothing else,” he shrugged. “The project manager just said he had a bad feeling but no evidence.”

Cohen’s next call was to Gytis Zemaitis, the project manager at EternalWind Energy’s subsidiary. Zemaitis, a new employee, worked with his more experienced colleague, Edgaras Malinauskas, on several wind farm developments. Zemaitis, Malinauskas, and Cohen had conducted several rounds of video interviews during the audit, so rapport had already been established.

Zemaitis shared that one of the tender participants, a well-known Turkish company, TurkVista Ltd., seemed to have received information about both EternalWind Energy’s budgeted assump­tions and the prices of competitors’ bids submitted during the first round of tenders. TurkVista had already won several contracts for the wind farms and appeared eager to win more.

Cohen was well-aware of procurement process drawbacks. She knew the project managers were the key employees who possessed detailed information, analyzed bids, and were mainly responsible for negotiating and communicating with tender participants. Thus, if Zemaitis was the one blowing the whistle, then his senior colleague Malinauskas was one of the main suspects.

Cohen called Jänes back and told him that an internal investigation would be initiated, adding that Jänes should keep all information confidential. In addition, Cohen sent a short email to EternalWind’s CEO outlining the tip and promising an interim report in two weeks.

Cohen was dealing with a bundle of disturbing but inconclusive findings. When the second round of bids was submitted, an analysis of changes in pricing revealed anomalies. For example, for the road construction tender, TurkVista increased its offer considerably in comparison to its first-round bid, but the offer remained slightly cheaper than competitors’ bids.

TurkVista appeared to know its first-round bid was considerably lower and by how much the bid could be raised and still be competitive. The opposite anomaly could be observed regarding the electrical design and works tender. TurkVista’s first-round bid was much higher than competitors’ bids; however, after the last round, though technical specifications remained the same, TurkVista lowered its price and gained the leading position.

If in the first round of bidding TurkVista seemed to be winning one of four tenders, after the second round, TurkVista was leading in all tenders. Although the second-round outcomes appeared suspicious, there was neither direct nor circumstantial evidence that information was leaked.

Beyond the bid irregularities, Cohen’s findings revealed concerns about Malinauskas’ lifestyle. Specifically, his financial situation seemingly had improved overnight. He was bragging in the office about buying a car for a family member and selling his car, as “it was time to move to more luxurious vehicles.” Inspection of his internet activities revealed that Malinauskas was actively looking for an apartment to buy for investment purposes and was casually purchasing luxury items such as phones and watches.

Cohen decided to bring in trusted cybersecurity specialists and task them with focusing on the day the second-round bids were received. Specifically, all the participants’ bids for four tenders arrived in three mailboxes — Zemaitis’, Malinauskas’, and the in-house lawyers’. Using mail server logs and e-discovery tools, the cybersecurity specialists identified the first person to open the email. Next, they restored all logged activity conducted by that user until the arrival of the TurkVista bid. The final step was to clone that user’s laptop remotely.

The collaboration with the specialists yielded new evidence. The deadline for bid submissions was Aug. 15 at 11:59 p.m., which was a Friday. Both Zemaitis and the lawyer logged out from corporate information systems (including personal smart devices) at the end of the workday and did not return online until Monday. Malinauskas, however, stayed active online until 12:30 a.m.

The second to last bid arrived at 10:30 p.m., and Malinauskas immediately downloaded it to his OneDrive and opened the files. After that, he used Microsoft Office tools to make Zoom calls. TurkVista’s bids were the last to arrive and were received by all three mailboxes at 11:41 p.m. The fact that Malinauskas stayed after regular work hours on a Friday night to open a bid for a tender that he was not primarily responsible for could not be easily dismissed.

A quick search of Malinauskas’ cloned laptop retrieved the final piece of evidence. In one of his desktop folders, Malinauskas kept a spreadsheet named “Job Bonus.” Within it, he tracked amounts and dates of payments made to him with notes clearly identifying specific TurkVista representatives. The payments began immediately after TurkVista won previous contracts and ranged between €5,000 and €10,000 per month. According to his table, he expected to receive €130,000 in total.

A review of the tenders TurkVista had already won illustrated the same pattern of anomalies as in ongoing tenders: TurkVista knew exactly when to decrease and when to increase its pricing. Cohen summarized the results of the investigation and contacted senior management.

EternalWind management suspended Malinauskas’ employee agreement and required him to write an explanatory letter. Mali­nauskas partially admitted his wrongdoings but claimed no harm was caused to the company because, despite receiving “monetary gifts” from TurkVista, work was performed in accordance with the contracts. 

Malinauskas was then terminated. TurkVista was prohibited from further participation in any tender published by EternalWind Energy Ltd. and its subsidiaries. All existing contracts were terminated. The incident was reported to law enforcement; however, Malinauskas’ involvement was not reported due to a lack of hard evidence.

EternalWind’s CEO invited Zemaitis to dinner and personally thanked him for his courage and living up to the organization’s values of honesty and transparency.

Lessons Learned

Internal controls are ineffective without dedicated employees. In situations where employees see controls as tedious, bureaucratic exercises, controls cannot fulfill their primary functions. Organizations should invest time in explaining the objectives of established policies and procedures.

Segregation of duties in significant processes should never be underestimated. When the same employee is entrusted with either noncompatible duties or has the authority to execute the entire process without any oversight, it is only a matter of time before someone will take advantage of the situation.

Information leakage is a type of fraud that challenges investigative approaches. Internal auditors should either master the relevant IT skills or collaborate with IT personnel to ensure that there are sufficient resources available to conduct a thorough investigation.

Employees are the best fraud spotters. In addition to investing in whistleblowing hotlines and reporting mechanisms, organizations should encourage and enable employees to reach out to their direct super-visors or to ethics or internal audit personnel without fear of embarrassment, being ignored, or retaliation.

Corruption and bribery may be erroneously perceived as a victimless crime. Both parties — the employee who takes the bribe and the contractor who is awarded a contract — seem to win. Regular training should be conducted to raise awareness and explain the dangers of corrupt business practices.