Summary
- We’ve learned members of our team in D.R.C. conspired with others outside of the organization to defraud our cash transfer program. Upon discovering this fraud in January 2023, we immediately paused operations to prevent further losses.
- While our investigation is ongoing, we currently calculate around $900,000 was stolen from one of our D.R.C. programs over 6 months, diverting aid from over 1,700 families in extreme poverty. Including other cases of loss, this means ~1.1% of the money we delivered last year was lost to fraud, our highest amount to date.
- This fraud was only possible because of a specific change we made in our payment process in order to work in this remote, insecure region of D.R.C. We’ve taken immediate steps to prevent this type of fraud from happening again and are taking disciplinary and legal action against those involved.
- We feel deep regret for not catching this sooner and take seriously the vulnerabilities it exposed. We’re working to ensure that the families who were deprived of support receive the funds they expected.
- We currently have no reason to suspect that this fraud extends beyond our Eastern D.R.C. programs and are reviewing our procedures across the organization. We continue to believe cash transfers are a highly effective, transparent, and safe form of aid. We will use this loss to further improve our controls.
GiveDirectly has delivered cash transfers to some of the poorest households across sub-Saharan Africa for over a decade. Cash aid sent directly to recipients’ mobile money accounts is effective in avoiding many forms of fraud and waste by removing the need for middlemen or steep overheads. However, fraud is possible in all poverty programs: food aid can be stolen and so can cash, whether delivered as paper money, as an ATM card, or on a SIM card. This is why we have robust procedures in place to deter and detect fraud, which we’re constantly refining and strengthening.
This D.R.C. case is concerning for three reasons:
- the scale of the fraud, at the expense of people in extreme poverty
- the number of our own team members who participated
- the failure of our systems to prevent it
Delivering cash safely to recipients is our core mission, and in this case, we failed. Below, we outline the specifics of how this fraud occurred and how we’re responding. There is a version of this post in French.
We apologize to recipients and donors for the damage done
We apologize first and foremost to the families who were counting on the funds diverted by this scheme. They are the group we’ve let down most and we will do our best to see that they are paid. Over 60% of Congolese families live in extreme poverty, driven in part by an ongoing security threat of militia violence in the east. 5.7M people are displaced and 2.8M children are malnourished – populations our program aims to help. For a sense of what was taken from these people, see stories from their neighbors who did receive funds or the impacts found in studies on cash transfers from all over the world.
To our donors reading this post, we apologize for any damage this has done to your faith in our ability to deliver your funds to those most in need. We are bringing in external reviewers and auditing our control systems to ensure we’re providing the most efficient and transparent way to give cash directly to people in poverty.
The fraud occurred when our D.R.C. staff conspired with outsiders to divert mobile money payments
GiveDirectly donations reach people in poverty through mobile money, a technology for sending and receiving funds with a simple SIM card. Much like a bank card, these phone SIMs are registered to your government ID and protected with a PIN code. Most people we reach do not already own a SIM, so we issue them one. We avoid a good deal of risk by cutting out layers of middlemen and sending funds directly, but we still must ensure that the SIM is in the hands of the correct recipient. We check this multiple times in our process, which includes a separate census, registration, pre-pay audit, post-pay audit, and follow-up call.
Due to the regional violence in Eastern D.R.C., we made a special exception to our payment process design. Normally, recipients register their SIMs with independent mobile money agents, not with our staff, but in this remote region, the closest agent is often a long distance away. We therefore allowed GiveDirectly’s enrollment team to register these new SIMs for recipients instead of sending them to agents. We made this exception in the interest of protecting these recipients, relieving them of an extra journey through potentially dangerous areas.
We now know that while enrolling villages in South Kivu, some staff conspired to register payment SIMs to the recipients’ names (per the special exception granted), pocket those registered SIMs, and put different SIMs in recipients’ phones. In late August 2022, we started sending cash transfers to the registered SIMs, many of which were actually in the possession of these GiveDirectly staff. With the assistance of outsiders, including mobile money agents and ex-staff, these complicit parties then diverted the funds intended for recipients. They continued to steal funds from subsequent transfers sent to these same SIMs until we identified the fraud and stopped payments.
While simple on the surface, this scheme involved corrupting our fraud prevention system at many levels. Fraud checks are not just done by the enrollment team, but are further validated during visits from a completely separate internal audit team and follow-ups from our call-center, all of which are supported by our back office team. In this case, conspirators recruited local staff in every layer of this system in order to suppress evidence of the fraud, including complaints from families who had not received their promised funds. Further still, they conspired with third-party mobile money agents to transfer funds from these stolen SIMs.
Our audit staff identified this fraud, then confirmed it through outside sources
In January 2023, newly hired members of our internal audit team found signs of fraud in a different program in nearby Ituri, D.R.C. where payments had not yet started. Here the fraud detection process worked as expected, escalating these concerns into an investigation. We quickly stopped all work relating to our Ituri program to prevent any losses and soon after paused ongoing payments in our South Kivu program when we saw signs of similar fraud.
In the weeks that followed, with support of the local prosecutor’s office, we secured payment records from the telecom provider and were able to confirm money had been diverted from stolen SIMs to other accounts. We’re still investigating payment data and conducting village visits to assess the exact extent of the theft. It’s possible that in the course of this investigation, we find other types of fraud committed by this staff.
We’ve made immediate changes to prevent this type of fraud
Given that multiple departments within the country office participated, we’ve conducted a wide-ranging turnover of our staff in D.R.C. We’ve also referred some staff and outsiders to local authorities for investigation and prosecution.
A very small portion of the lost funds have been recovered. We will continue to recover as much as we can, but in all likelihood the majority will be unrecoverable, so funds for defrauded recipients will need to come from additional money from GiveDirectly. We will do our best to ensure all affected recipients are paid; however, we’re currently not able to restart payments in Eastern D.R.C. until a full investigation is completed.
To protect recipients in our other ongoing programs, we’ll take these steps:
- Further firewall different departments to prevent collusion and adding additional audits and checks to identify potential corruption sooner.
- Implement automated data checks org-wide that would allow us to detect such fraud more rapidly in the future.
- One central error on our part was the SIM registration exception we made in the D.R.C., which we will not make again without additional controls.
We will share the findings from our investigation with other organizations working in the D.R.C. to help them avoid similar failure points.
We remain committed to delivering cash aid securely in difficult environments
In addition to experiencing violence, Eastern D.R.C. is a particularly isolated place: 99% of roads are not paved and many communities lack a consistent network connection. Insecurity and remoteness make operations difficult and keep poverty high. They’re also what inspired these conspirators to specifically target the most remote villages, knowing residents would be unlikely to file a complaint when they didn’t receive funds.
This raises the question of why we are operating in such a remote and insecure environment. The answer is that the majority of the world’s extreme poor will soon be living in fragile and conflict-affected states. Being able to operate effectively in contexts like the D.R.C. will be essential to addressing poverty. Not least because D.R.C. has itself one of the very largest populations in extreme poverty in the world.
It’s not enough to be able to safely deliver donations in stable states like Kenya or Malawi when we know most people in extreme poverty will soon live in much harder environments. The challenges and occasional failures that come with this only increase our dedication to building ever-stronger systems to deliver cash aid. We hope your dedication remains as well.
Q & A
+How common is fraud in global aid programs generally?
Common, but it is generally a fraction of total budgets. The former head of counter-fraud for Oxfam GB says “estimates of the scale of loss to fraud are between 2% and 5% of an organization’s income – and many global development workers find that range readily believable.” GiveDirectly annual losses due to fraud (e.g.,) are consistently at or under 1% even including this recent case.
+Is cash aid more at risk of being diverted than other forms of aid?
No – independent reviews find cash transfers are no more prone to diversion than other forms of aid. In many ways, it can be more secure. Consider a program giving food aid to people in poverty: the procurement process of finding a food producer is open to corruption and the long journey the food takes from manufacturer to recipient is open to diversion at every step.
In a GiveDirectly cash aid program, money is digitally transferred from our bank account directly to a SIM card given to the recipient. As described above, we still must carefully safeguard this process as risks remain; however, there are far fewer variables to monitor compared to other forms of aid.
+Why deliver cash aid through SIM cards instead of as vouchers or cash?
Delivering funds through SIMs has unique advantages:
- SIMs are remote and digitally secure; the money goes from our account to the SIM, without intermediaries hand-delivering cash.
- They are digitally traceable, allowing for precise audits and investigations like the one described above. If not for this digital paper trail, we would not have been able to identify the parties involved in this fraud.
- Enrolling recipients in mobile money effectively banks the unbanked, which has downstream benefits like savings and access to markets.
+Can the GiveDirectly cash transfer model work in a complex place like D.R.C.?
Yes. Our model has worked well in the D.R.C. since 2018, delivering $16M to over 69k people across 4 provinces. This is our first major case of fraud in the country and will allow us to further strengthen our model for this unique environment.
+Was there something flawed with the team culture or structure that contributed to this fraud?
This fraud was only possible because the main conspirators were leaders in key positions that enabled them to corrupt members from every department in our D.R.C. office, some of which were meant to be completely firewalled from each other.
Since programs were paused and the investigation commenced, we conducted a wide-ranging turnover of our staff in D.R.C. Most or all people involved no longer work for us. Remaining suspects are currently undergoing disciplinary proceedings to assess their involvement at an individual level.
+Why did you not spot this fraud sooner?
We identified this fraud 5 months after the first payments were diverted. The primary reason we did not identify it sooner is that there was an unprecedented amount of collusion between firewalled departments, including the very audit teams tasked with identifying such cases.
+How are you sure that lots more money hasn’t been lost to unknown fraud in other programs?
While this case shows that our D.R.C. system had vulnerabilities, it also shows that our audit system does work in identifying fraud. While we caught this too late to prevent the money from being lost, we did catch it.
This D.R.C. program is not the only time we’ve allowed GiveDirectly staff to register SIMs for recipients, but we’ve since scrutinized those other programs and not found signs of fraud. It is, of course, impossible to know perfectly how much is lost each year, but we have no reason to believe there is significant fraud not yet uncovered.
+Why are you releasing this information now?
Discussing fraud publicly is crucial to building trust and helping others improve their systems, which is why we’ve shared information in the past (e.g. 1, 2, 3). Having conducted enough of an investigation to say with authority how the money was stolen and approximately how much, we felt it prudent to tell the donors and public about this case.
We are releasing this information proactively and not in response to a specific threat or external requirement. If some portions of this post felt vague or opaque, it is only to protect sensitive details of a current investigation and pending legal action.
Since 2018, GiveDirectly has delivered $16M to 69k people across 4 provinces in the D.R.C. with a local staff ranging from 30-100 people. Globally, GiveDirectly has delivered $670M to 1.45M people across 14 countries since 2011 and currently employs 825 employees.