Fraud Auditing, Detection, and Prevention Blog

Anatomy of a Real-life Shell Company Pass-Through Scheme

Mar 20, 2024 11:39:15 AM / by Leonard W. Vona

This story is about a passthrough scheme. It is my opinion that most large companies have one of more pass-through schemes occurring. What makes it difficult to detect or prevent these schemes is that the scheme will comply with all of your controls. Your company has received the goods or services. Therefore, your ability to detect these schemes is predicated on your understanding of how these schemes occur and what they look like.

The fraud case we’re examining in this blog is based on the following fraud risk statement:

Sales representative at a real supplier sets up a shell company and convinces the budget owner or senior member of management to purchase from the shell company rather than the real supplier. The budget owner places orders for goods through the shell company, the shell company places an order with a real supplier, the real supplier ships directly to the budget owner company, the real company invoices the shell company, and the shell company invoices the budget owner at an inflated price causing the diversion of company funds. The budget owner receives a kickback from the sales representative.

In this case, there was no single red flag glaring enough to reveal the fraud scheme, we were only able to uncover the fraud by using multiple analyses.

Summary of the case:

The contract officer at Infraloo Corp. had discontinued purchasing from a historical supplier and had begun purchasing from a new vendor, North Atlantic Supplies. The explanation was that North Atlantic Supplies was a registered minority vendor. However, our fraud data analytics revealed a series of red flags about the company. For instance, a change analysis that compared prior-year to current-year purchases showed that the previous vendor was a publicly traded company, but North Atlantic Supplies was a privately held company. We also noticed that the purchase orders for North Atlantic Supplies had been issued after the invoice date. The invoice-number pattern was a limited-range pattern, which provided the illusion that the vendor had other customers. A limited range pattern occurs when the perpetrator issues invoices in a random ascending pattern, but the number range between the first invoice and the last invoice isn’t consistent with a real vendor.

Infraloo Corp. initially paid invoices consistent with its company policy, but over twelve months the speed of payment increased — from 30 days to 15 days. The invoice description fields failed both our alpha and numeric tests. Finally, the master-file data analysis indicated that the vendor was preferred and revealed the lack of data commonly found in the company’s master file. Our investigation eventually identified losses totaling $500,000 paid to North Atlantic Supplies. If we had not performed an FDA analysis, this scheme could still be going on today. That is the scary part of pass-through schemes.

 In a situation like this, the sales representative is defrauding his company and your company. He is defrauding his company with the gross margins and your company by paying your purchasing agent a bribe.

This was a new company, but the question is whether it is a new company with a logical business explanation. I will refer you to the ACFE annual report as to the length of fraud occurring before detection.

Setting the Stage

I believe in summarizing by general ledger account by vendor using a comparative analysis. The report will be large, and it will take you a long time to review the report. I refer to this phase of a project as code-breaking. The report format is simple, vendor #, vendor name, vendor creation date, aggregate expenditures, record count, largest invoice smallest invoice, and average invoice amount. After that, it will depend on the data available. In my most recent audit, we added a field denoting whether the street address contained a reference to a suite #. The reason? We have found that service companies often use a suite number to identify the vendor.

A closer look at the North Atlantic Red Flags

1. North Atlantic did not have any physical structure consistent with holding inventory for resell. To the best of our knowledge, the office was a one-room office.

2. North Atlantic had no record of secured debt. Fundamentally, this meant North Atlantic owned all of its assets and had no open line of credit. This could be impressive or a red flag that the vendor is a shell company.

3. There was a limited range of invoice numbers because the sales rep was selling to five different customers (learned in the forensic investigation). However, judging a limited range is subjective. The thought process starts with the range of invoices for the year. Just to make up a number, let’s assume the range is 250. Let’s further assume you paid 50 invoices. This indicates that you represent 20% of the sales invoice for that company. In my opinion, we judge this as a limited range or equivalent to a sequential pattern.

5. Our speed of payment analysis indicated that over time, North Atlantic Invoices were being paid faster than company policy. FYI, this is a predictable pattern over a period of time. The perpetrator needs to pay the real supplier, but the perpetrator is taking more moment of the shell company bank account to support is his reason for stealing. It sort of becomes like a Ponzi scheme.

6. The key red flag indicating that the vendor was a shell company was in the line-item description. Clearly North Atlantic did not have a real product description field for their inventory or their sales records. The sku# for the line-item descriptions was 5 numeric integers. The alpha description was highly abbreviated. A comparison of the line-item descriptions from the publicly traded company to North Atlantic invoices revealed glaring discrepancies. In our experience, when the pass-through vendor is selling tangible goods, the line-item description is the key. This is why it is critical to ensure that accounts payable enters the invoice information just as the information is in the invoice. We once quit an audit after the first day because of how accounting was entering invoice data.

Reaching the Degree of Certainty

In our December 2023 blog, we talked about the “degree of certainty” and trigger point for considering a forensic investigation. Based on the accumulated red flags, we believed we had sufficient evidence to recommend a forensic investigation.

Our first step was to contact North Atlantic company for the direct purpose of examining their books. Yes, initially they declined our offer. Your job, if you decide to accept it, is to convince North Atlantic to cooperate with a private investigation rather than a public investigation.

We were successful in gaining access to the accounting records. In examining North Atlantic’s books, we discovered that Infraloo purchasing agent was receiving kickbacks from North Atlantic. FYI, the purchasing agent had created an LLC to receive the kickback.


Well, no one provided any fraud trivia, so I decided to change the trivia for a few months, here we go:

Small Town Trivia
  1. What is the population of the smallest town in the USA?
  2. What is the name of the town and in what state?
  3. Why did the Census Bureau add a person to the town? Hint, it was not a mistake.

Demystifying Fraud eBook CTA


Topics: Fraud Data Analytics, Fraud Risk Identification, Fraud Auditing, Red Flags, shell company

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.