Recommendation 4

• Given the complexity of the operations managed and the high number of beneficiaries concerned, Member States (managing authorities/paying agencies and audit/control authorities) are invited to plan and focus their audits and control activities on the basis of risk analysis and performing IT tools.

• The Commission has developed and put at the Member States' disposal systems and tools such as Arachne, IMS and the Fraud Risk Assessment tool. The Commission encourages Member States to use these systems and tools more systematically and efficiently, unless other comparable alternatives are already available to them.

BE

Federal Public Service, Finance

Question a:

Budgetary cuts have an overall impact on the Belgian Customs Administration, but the impact differs from control-type:

•    Safety and security controls (shift): no impact (1 on 1 replacement)

•    Clearance controls: small impact on staff, but number of executed controls remains at the same level:

onumber of controls that needs to be executed is a national objective in

onational management plan and hasn’t been changed;

omore efficient controls by investments in ICT (MODA, new feedback application, SEDA);

oless administrative burden;

osegregation of functions – specialization;

•    Post-clearance controls and audits: small impact on staff, but teams have been reorganized (and a new concept ‘auto-conducting’ teams have been introduced = experience of the teams is used to organize partially their activities with a formal follow-up on national level);

Question b:

The balance between budgetary cuts, trade facilitation and the protection of the EU’s

financial interests is assured by:

• a risk-oriented approach (based on a combination of analyses of goods and economic operators) to conduct controls:

oclearance controls of declarations;

opost-clearance controls of declarations;

opost-clearance audits of economic operators : administrative and accounting controls / system based controls;

• the implementation of AEO certificates in the control procedures: less or none clearance controls and a swap to respectively post-clearance controls/audits and system based controls

• investments in ICT:

ooptimization of the current automatic risk-engine (SEDA) to select declarations;

ooptimization of the current feedback-applications;

ooptimization of data-mining environment;

• Establishment of the service ‘Enforcement’. This service preserves the balance between facilitation and control (risk-oriented controls, procedural controls, random controls, and controls on behalf of other agencies).

Question c:

A National Operational Plan (called NOP) is written every year by the management. This NOP contains all the operational objectives for the organization:

·number of controls that needs to be executed;

·hit-rate of the executed controls that needs to be achieved;

This NOP is communicated within the whole organization, and is tightly respected by its employees. An evaluation and follow-up takes quarterly place by the complete management-team.

Question d:

The integration of all those information sources is already set in national work procedures of risk management services (central and local levels) :

·BE Risk Management Services (Central and Local Teams) have full access to the dedicated / specific sections of CRMS and of AFIS systems; Central RM service has access to OWNRES systems as reader; annual reports of ACOR-TOR committees are followed-up as EU trends;

·Information received from CRMS and AFIS systems are after analysis and consideration at national level either integrated in Risk analysis, targeting or specific actions administrative processes or registered as a confirmation of national statements / policies; information received in specific groups are also followed-up by Central level; Information sent by Belgium into CRMS system are also followed-up at central level;

·A national dashboard on CRMS information flows has been put in place, even if it is a time consuming activity; periodic measurements are communicated to the risk management local teams;

·According to the DG TAXUD yearly statistics on CRMS activities, BE Customs is on the top of the RIF contributors.

Question e:

Council Regulation (EC) No 515/97 provides for mutual assistance between the Member States in order to ensure that customs law is applied correctly.

Therefore, as regards customs value, when it is necessary to audit a purchaser established in another EU Member State for goods imported via Belgium, whether for a request for a reimbursement of duties, for a check of the price paid, for an investigation related to the customs value or for any other reason, assistance is requested from the Member State in question. These requests from the CABC/SBC units are sent to the Member States concerned through the Klama (Customer Management and Marketing department) central division. A copy of the requests is passed on to E&R for information purposes. The audit requests are always specific to a sample of import declarations representing a continuous import period.

It was recommended that each audit service (currently the CABC/SBC units, previously the IWECC) initiate investigations every year regarding the customs value of goods imported by non-Belgian European operators. It should be noted that the investigation of the customs value divides responsibility for auditing these operators between all IWECC units (adaptations notified following the changeover and the creation of the CAC/SBC units).

The vast majority of requests for assistance on this matter have been made for French operators. In the past, mutual assistance could conclude with a joint France/Belgium audit of the operator.

There have also been cases where information on under-valuation has been reported voluntarily. Indeed, another Member State, during an audit of one of its operators, already identified an under-valuation relating to imports by the operator in question via Belgium. This voluntary reporting system therefore allows the Member State, also through Regulation 515/97, to request that ‘Belgian’ imports are regularised.

Following the adjustments made in Belgium, the Member State that initiated the audit is informed about the duties recovered.

At the same time, however, AG D&A (General Customs and Excise Administration), via DMGC HL (Target Group Management Service, High-Level Risk Division) and the experts from the CABC team at the KLAMA Administration, is taking part in DG TAXUD’s ‘Post Clearance Audit’ project group with a view to consolidating a pilot scheme on exchanging information relating to declarations made in a Member State and audits of economic operators

(Consignees) established in another Member State. The aim is basically to supplement the available information for the Member States so that audits and checks can be carried out more efficiently in these kinds of situations.

BG

Measures taken by the Bulgarian customs administration to ensure the effectiveness of control systems — striking a balance between budget cuts, trade facilitation and protection of the EU’s financial interests:

In 2016, the Customs Agency implemented the EU Customs Competency Framework (CCF). The approval of professional standards for customs officers ensures a higher standard and efficiency in the performance of the duties and responsibilities of a customs officer and a more successful application of EU regulations and EU-wide initiatives.

With a view to strengthening administrative capacity and enhancing the functions of individual units in order to ensure better and more efficient performance of the activities of the Bulgarian Customs Agency, the functions of the Customs Intelligence and Investigations Directorate were expanded, in parallel to strengthening co-ordination and the monitoring and management of overall performance through the acquisition and use of additional specialist equipment and technical devices using ionising radiation. A co-ordination centre for the analysis of X-ray images obtained during customs controls has been established, which compiles summaries of the results of controls, and coordinates and monitors analysis related activities.

The activities performed on a regular basis to ensure the uninterrupted functioning of the national systems and the systems enabling communication with the EU, notably the CCN/CSI Communication Centre, the New Computerized Transit System (NCTS), the Export Control System — Phase 2, the Export Control System — Phase 1, the System for Registration and Identification of Economic Operators, the Integrated Tariff Management System (TARIC) and the Excise Goods Control System, are essential for the ability of the Customs Agency to perform its tasks and commitments in the capacity as customs administration of an EU Member State and participant in the E-Customs initiative of the EU.

In 2016, activities relating to the maintenance, upgrade and improvement of the functionalities of the information systems used by the Customs Agency were performed, including the Agency’s e-portal and the Integrated Customs Information System (BICIS) used to generate reports for management purposes on the basis of information contained in customs documents, and in particular the modules Road Tolls and Licences, Administrative and Penal Proceedings and Customs Duties. The BICIS was expanded with new functionalities enabling the electronic processing of customs import declarations (CID) and the requisite accompanying documents. Several versions of the Excise Movement and Control System (EMCS) and the System for Exchange of Excise Data (SEED) were rolled out in line with the EMCS Master Plan of Directorate-General for Taxation and Customs Union of the European Commission.

In November 2016, the implementation of module Management and Administration of the Information Systems of the Customs Agency of Activity 1 Implementation of the institutional architecture of the Bulgarian Customs Agency was launched as a step to ensuring compliance with the Community functional requirements for setting up a System for Direct Trader Access to European Information Systems.

In connection with the IT measures to be implemented as a follow-up to the previous period in relation to the implementation of the Community Customs Code, the BICIS, the Simplified Declaration Module (SDM), and the ITSM and NCTS were upgraded.

During the reporting period, a total of 166 national risk profiles of companies, vehicles, countries and goods subject to anti-dumping duties were activated in the Risk Analysis automated module of the BICIS with a view of preventing fraud relating to the evasion of customs duties, etc. In addition, 27 financial risk profiles were created on the basis of regulations introducing anti-dumping and countervailing duties.

Examples where customs authorities were particularly successful in detecting fraud or irregularities at the time of clearance:

In 2015, the Bulgarian customs administration identified 110 cases of diversion of goods from transit and unlawful completion of transit operations that affected seven Member States. As soon as the fraud was detected, the Bulgarian Customs Agency notified the competent national authorities and customs administrations in the affected Member States and OLAF on account of the fraud having implications for the financial interests of the European Union. At the end of 2015, OLAF opened an investigation under Ref. No OF/2015/1295/B1. The number of unlawfully completed operations was subsequently limited to 110 owing to the steps taken by the Bulgarian customs administration. As a result of the information exchanged with one of the affected Member States, the relevant customs duties have already been paid.

On the basis of a review of the general operational safety and security risk criteria at the time of processing entry summary declarations (ESD) and an additional analysis of available information, a decision was made to conduct a physical check on goods declared at the Lesovo Border Crossing Point (BCP) as canned tomato puree transported from Iran to the Netherlands. The lorry was checked with an X-ray scanner prior to conducting a detailed customs check. During the check the customs officers noticed that some tomato puree cans weighed less than others and after opening those with a lower weight found that each contained a plastic bag filled with beige powder (heroin). This resulted in the seizure of a total of 196 kg of heroin and 380 packets of Victory deluxe slims cigarettes without excise duty fiscal stamps.

Examples of the incorporation of information received from other Member States of the Commission departments through the CRMS, AFIS or OWNRES systems into risk management and complement the national populations used for risk management purposes:

On the basis of information received from other Member States via the CRMS, 27 financial risk profiles were created and integrated into the Customs Information System (BICIS) to preventing the avoidance of trade policy measures and complement the national populations used for risk analysis.

In 2016, a total of 34 notifications from OLAF were received via AFIS-mail, along with reports on administrative missions conducted by OLAF in third countries. On the basis of analysis of available information and identifying the customs operations conducted in Bulgaria, steps were taken to levy and collect the respective anti-dumping, conventional and other duties collected by the customs authorities on importation. In some cases, on the basis of conducted checks infringements of customs regulations by importers were ascertained.

In 2016, a total of 16 cases of fraud/irregularities were registered in the OWNRES system, resulting in an additional amount of BGN 1 218 866 in customs duties to be collected. A total of 12 cases of fraud (including three cases of cigarette smuggling) and 4 cases of irregularities were also detected. Modifications were made to 92 declarations in order to correct errors in cases registered during previous periods.

CZ

How information received from other MS or the Commission departments through the CRMS, AFIS, or OWNRES systems is incorporated into risk management and complements the national populations used for risk management purposes:

The Czech customs administration forwards information from other Member States and the relevant Commission department (OLAF) that has been compiled pursuant to Regulation (EC) No 515/97 and sent via AFIS to the JESSICA application. This application is used for gathering and assessing significant information relating to infringements of customs regulations. Within AFIS the customs administration's analysis unit mainly uses MAB mail, by means of which the customs administration exchanges information within the V4 grouping (with HU, PL and SK) concerning imports and exports of goods for the purpose of preventing and detecting infringements of customs and tax regulations (mainly in order to combat the undervaluation of textiles). Data are exchanged monthly in a predefined format. The customs administration analyses the items of data and from the ones indicating a risk it creates risk profiles in the national electronic risk-analysis system or records them in an internal system known as AVR [the Czech abbreviation for 'automated risk assessment'] for further assessment. Information has been exchanged within the V4 grouping since 2014. Information from the OWNRES system is not used retroactively by the customs administration. The customs administration complies only with the reporting requirement laid down in Regulation (EU, Euratom) No 608/2014. Information from new CRMS-RIF reports is processed by the Ruzyně Communications Centre, which operates 24 hours a day. RIF reports are entered in the national FIF register and are analysed on the basis of the type of risk information – the outcome being one of the following:

·risk known/noted,

·risk profile created in the national electronic risk-analysis system

·information entered in the application (AVR is used mainly for assessing the interchangeability of tariff classifications for the purpose of applying a lower customs rate and assessing undervaluation). The Czech customs administration also creates new RIF information reports for other EU Member States.

Members of the public are able to report suspicious incidents to the customs administration by means of an on-line form, which feeds the information automatically into the JESSICA application, where it is assessed and forwarded to the relevant department within the customs administration.

DK

Priorities are set for the annual operation on the basis of an assessment of materiality and risk, using the resources available for the operation. The priorities are also based on the collection and management of the customs duties that constitute the EU’s own resources.

The number of FTEs in SKAT has been declining in recent years, owing mainly to improvements in efficiency that allow the same task to be performed by fewer FTEs, for example digitalisation, new working methods, data-based control, etc.

The general aim of the operational strategy is to ensure effective risk-based customs controls designed to detect fraud involving imports from third countries. This entails the development of segment strategies. These strategies involve an analysis of the main challenges and possible approaches for maintaining or increasing compliance in the area of customs, including financial customs matters.

In order to support the segment strategies, and thus the annual action plan, Danish Customs has set up a 24/7 unit, SKAT’s 24-hour service centre (Døgntjeneste), which is also the national contact point (NCP). The unit receives risk information (RIF) on new trends concerning possible areas of fraud from the Commission or other EU customs authorities via the EU communication system (CRMS). The unit assesses all the RIFs and creates the relevant ones in the import system with a risk profile. The financial RIFs are sent to a customs operations unit (post-clearance control, etc.) for further processing.

OLAF uses the AFIS platform (Anti-Fraud Information System) to send Danish Customs MA communications regarding fraud and irregularities in the area of customs. Operating units have been set up in Danish Customs to analyse and draw up risk profiles based on the communications used for various control activities.

The Danish Customs’ analysis unit performs risk analyses on data from a number of sources - mainly declaration information in the customs system. The data is analysed in the Tableau and Business Intelligence (BI) IT systems. An advantage of Tableau is its effectiveness in enabling trends and irregularities in import patterns to be visualised.

An anti-fraud unit covering all areas of SKAT’s activities has also been set up in the Special Control division of SKAT’s Compliance department. The office’s main objective is to analyse trends and new areas of fraud in order to expose and combat fraud of an international nature, including particularly complex cases. This unit will therefore work closely with Danish Customs’ analysis units.

SKAT points out that Denmark, along with 22 other Member States, took part in the Orion joint customs control operation led by OLAF and the Greek customs authorities in early 2016. Based on the experience it gained during this operation, SKAT plans to draw up an internal cooperation and information exchange procedure, focussing in particular on this area.

DE

Protecting the EU’s financial interests is one of Germany’s main concerns, as well as one of the main objectives of the Federal Finance Administration.

In order to make best use of the Administration’s human and financial resources, risk analysis has been set up in such a way as to recognise and counter risks at an early stage. A distinction must be made between financial and security risk analysis. Both areas are constantly being developed and updated. Administrative cooperation among Member States and between them and the EU is carried out on the basis of Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters. This Regulation was amended by Regulation (EU) 2015/1525 of the European Parliament and of the Council of 9 September 2015.

The abovementioned cooperation has the highest priority in order to effectively combat fraud relating to EU own resources. Specific mention must be made here of the MA communications coordinated by the European Commission.

Financial risk analysis is used to strike the right balance between economic promotion, i.e. the freest possible movement of goods, and the protection of the EU’s financial interests. This enables us to give risky companies or goods the corresponding risk profiles in the computerised clearance system (ATLAS); in the event of a hit customs officers are instructed to take action to detect fraud cases.

Budget cuts at the control level have in general not taken place in Germany.

Regulation (EC) No 515/97 contains the option and indeed the duty to exchange information on specific cases of fraud in Germany (and hence also those discovered during the customs clearance process) with other Member States and with OLAF in order to effectively combat similar cases in other Member States. Risks notified by other Member States and the EU are included in Germany’s risk analysis. This exchange of information in the framework of Regulation (EC) No 515/97 also of course applies to the information collected and cases of fraud detected during post-clearance controls/audits, for example by the audit units. If companies based in Germany have risky consignments cleared in other Member States and not in Germany, these consignments must also be given special consideration. Under Regulation (EC) No 515/97 in these cases too information can be exchanged between the Member States concerned. This exchange of information is vital because there have already been numerous cases of companies changing their import strategy (clearing their imports in another Member State) to avoid the tighter controls imposed on risky consignments in Germany.

In 2015 ‘voluntary admissions’ became a more important source of irregularity detection. In the light of this, the outcomes of voluntary admissions need to be taken into account when planning future control strategies, in particular for post-clearance controls but also when adapting the control strategies and so that it is possible to conduct oversight on self-assessed operators in the future. Above all, ex post adjustments of customs value need to be taken thoroughly into account.

EE

a) Budgetary cuts have not had an impact on the level of the staff at the control level. The control level and countermeasures are dependent on the level of risks, which are constantly evaluated and monitored by the Estonian Tax and Customs Board (ETCB).

b) ETCB is analysing the import declarations for detecting the risky objects (goods, companies, declarations etc.) on the basis of the analysis and other risk information (including RIF-s and AM-messages). The suspicious declarations are directed via the automatic selectivity into control and/or post-control.

c) See answers for a) and b).

d) The information of CRMS, AFIS and OWNRES is received on a daily basis and it is analysed by the risk analysts and on the basis of this information the necessary activities are decided by the analysts (selectivity criteria and/or post-control and/or other countermeasures).

e) In ETCB there is a National Contact Point (NCP) which, in the need of additional information, contacts with relevant international partners in order to get additional information about the company. Also different databases (D&B, European Business Register etc.) are used among the other means of exchange of information (CRMS, for instance).

IE

Despite the budgetary difficulties that arose in 2008 Ireland has managed to maintain a consistently high level of Trade Facilitation and Enforcement activity. In recent years more resources have been made available to the Revenue Commissioners to facilitate control and compliance activity. Throughout this period due regard has been given to the importance of Customs controls and the role they play in securing the own resources of the EU and its Member States. Information supplied by the EU and OMS is made available to our Risk Unit and our Prosecutions and Investigations Division. Profiles are created to guard against future fraud and look backs are conducted to see if there are any transactions warranting investigation and investigations have been instigated where these have been found (confirm with IPD). In respect of companies that clear imports in a country where they are not established, there is an active and coherent monitoring programme across both the Customs and VAT spheres and this is facilitated by the fact that Revenue is a combined Tax and Customs administration and therefore no information exchanges issues arise (VIES & CP4200, etc.)

EL

Checks - infringements - charges - amounts collected from charges and from overdue debts recovered (Tables 1, 2).

1. Checks and infringements:

A) Checks at the clearance stage

157 766 checks were performed at the clearance stage and 10 568 infringements/disparities were identified during physical or documentary checks carried out on the basis of the risk-analysis results, i.e. non-compliance rate of 6.7%.

B) Ex-post checks

7 684 ex-post documentary checks were performed (annual objective 6 000) at the Customs office relating to goods cleared on the basis of a declaration, i.e. without a physical or documentary check; 958 infringements were identified, i.e. non-compliance rate of 12.47%.

These results demonstrate the good level of targeting of ex-post documentary checks carried out by the Customs and the efficiency of the reformed framework of ex-post checks, as well as a reduction in the percentage rate of checks in the clearance procedure after the adoption of Member States’ best practices.

4 222 ex-post checks were carried out on the premises of undertakings and 646 infringements were detected (non-compliance rate of 15.3%).

c) Checks on prosecution

The prosecution units of the Customs carried out 66 661 checks and found 4 335 infringements (non-compliance rate of 6.5%).

The Mobile Inspection Team carried out 8 715 checks and found 464 infringements (non-compliance rate of 5.3 %).

The Customs Service’s anti-smuggling vessels carried out 114 checks and found 26 infringements.

2. Assessment notices, certificates, receipts from assessment notices and recoveries of overdue debts:

9 231 assessment notices were issued.

The fines, multiple fees, duties and taxes charged for simple customs infringements and smuggling amounted to EUR 524 478 758.

3. Attachments/seizures by the Customs:

In 2016, in comparison with 2015, the Customs achieved excellent results regarding seizures, as shown in Tables 1 and 2 below.

Specifically, the total number of seizures increased from 1 344 in 2015 to 1 562 in 2016 an increase of 16.1%, with particularly positive results in the areas of:

a) tobacco, where the cigarettes seized in 2016 were 456 146 604 pieces, compared to 327 466 935 pieces [sic] in 2015 (an increase of 39.3%). A particularly large increase in seizures occurred in all tobacco product groups.

b) cash, where EUR 7 557 630 were attached in 2016 (the Euro equivalent of all currencies attached) and fines were imposed to the amount of EUR 1 933 009, compared to EUR 5 188 383 attached (and fines amounting to EUR 1 330 226 ) in 2015, i.e.an increase of 45.7%.

c) narcotic drugs, where, among other narcotic substances, the quantity of 422 543 (grams) of Indian cannabis was seized in 2016, against 91 748 (grams) in 2015, or an increase of 361%; 25 835.80 grams of heroin were seized in 2016, compared to 1 083 grams in 2015.

d) spirits, where 249 908.68 litres of Tsipouro/Tsikoudia were seized in 2016, compared to 52 291 in 2015 (an increase of 378%) in 45 illegal stills, compared to 24 in 2015 (an increase of 87.5%).

e) cars, where 285 passenger cars for private use were confiscated in 2016, compared to 210 in 2015 (an increase of 35.7%).

Regarding the quantities of fuel seized reported in the tables below, it should be noted that in the case of use of adulterated petrol in truck tanks (smuggling) the petrol is not seized, on the one hand because it is not possible to pump it out, and on the other hand because the official chemical analysis is issued at a later stage.

The object of smuggling in this case is considered “forgone seizure” and the offender is charged (in addition to the increased rate of duty) also other taxes corresponding to the amount of adulterated fuel.

Customs duties, taxes and fines are also levied in ex-post checks where the object of smuggling cannot be seized as it has already been released for consumption.

TABLE 1. 2016 SEIZURES/ATTACHMENTS BY CUSTOMS

TABLE 2. COMPARISON (SEIZURES/ATTACHMENTS) WITH 2015

ES

There is no doubt that budgetary constraints affect the number of staff that can be assigned to control activities.

However, since the control system is based largely on the use of information technologies, whose development can offset the loss of human resources, an adequate level of protection of the EU’s financial interests is ensured.

As regards the balance between trade facilitation and the protection of financial interests, control at the time of customs clearance is based on an entirely computerised risk analysis, supplemented by ex-post controls. Controls at the time of customs clearance should be those which are most effective at that time, e.g. by requiring a physical examination of the goods, an analytical opinion or, where necessary, a guarantee before release, such as in cases of undervaluation in which post-clearance controls pose serious difficulties in terms of implementation and debt recovery.

On the other hand, cases which are more conducive to ex-post verification, e.g. those which require verification of commercial accounts or detailed analysis of bank movements, are carried out preferably using post-clearance controls/audits.

As regards the incorporation of information received from other Member States or the Commission into the risk analysis system, all the information received through the relevant applications is analysed in the central services of the Department of Customs and Excise and is taken into account, where appropriate, for the purposes of activating a risk profile or the ex-post control measures that are deemed most appropriate in the light of the information received.

Examples of implementing information exchange and cooperation with other Member States and the Commission would be the RIFs issued by Spain with refs ES/2014/043, ES/2014/055 and ES/2014/067. On the basis of controls carried out by Spanish customs on undervaluation, we warned in those cases of a risk of diversion to other Member States (France and Portugal in particular) by means of transit operations. That led to investigations after OLAF had organised several co-ordination meetings. Similarly, mention could be made of reports from the Spanish administration to OLAF about suspected cases of fraud involving anti-dumping duties established by the EU, e.g. with regard to the origin of solar panels and citric acid.

In 2015, ‘voluntary admissions’ became a more important source of irregularity detection. In the light of this, the outcomes of voluntary admissions need to be taken into account when planning future control strategies, in particular for post-clearance controls but also when adapting the control strategies and so that it is possible to conduct oversight on self-assessed operators in the future. Above all, ex post adjustments of customs value need to be taken thoroughly into account.

FR

Firstly, Article 78 of the Community Customs Code (CCC), in force at the time of the findings and recommendations of the European Court of Auditors set out in the Commission report, provides that ‘the customs authorities may, after releasing the goods and in order to satisfy themselves as to the accuracy of the particulars contained in the declaration, inspect the commercial documents and data relating to the import or export operations’; it is therefore for the customs authorities of the Member State where the customs clearance formalities are carried out — and which therefore have the supporting documents — to carry out the ex-post compliance check. This means that companies registered in France which clears all their imports at customs offices in other Member States cannot be selected for compliance checks in France. Indeed, any selection of the operations in question would have to be carried out by the customs authorities of the Member States where the import declarations were lodged. Furthermore, businesses which do not perform any customs operations in France, even if their registered office is on national territory, are under no obligation to register with the French customs administration.

There may also be bias in the risk analysis of operations carried out by operators that clear their imports in several Member States, because it is impossible, in principle, to have a complete overview of the trade flows for these operators; however, foreign operators that carry out clearance operations in France are never completely excluded from selection for inspection, since their import operations carried out on French territory form part of the population of declarations to be selected for ex post controls.

Furthermore, the instructions to departments, and in particular the guide on the procedures for clearance checks (last update: October 2015), recommend compensating for the deactivation of the automated national selection profile (PRONAT) by setting up a regional automated selection profile (PROREG) or a local automated selection profile (CRILOC) based on the same selection principles as PRONAT; even though the aim in deactivating PRONAT is to exclude from the system companies whose reliability is not in question, ‘operators excluded from PRONAT must not be excluded from all checks and must be put through CRILOC on a temporary basis or subjected to first level ex post checks’ which are themselves programmed to run periodically, on the basis of a risk analysis. In addition, the services are asked to prioritise less reliable companies which manage sensitive traffic and/or procedures (‘However, the service shall verify, at least once a year, operators that have not been subject to other checks during the period’). Thus, in France, all operators clearing imports in the country must undergo regularity and compliance checks at least once a year.

The aim of the control system in France is to step up checks on high-risk operators without totally excluding reliable operators from the inspections.

Indeed, the control system in place in France, which is based on a detailed risk analysis, effective targeting and three supplementary levels of control (ex ante and first and second level ex post checks), provides for highly effective coverage of all customs operations and operators.

Furthermore, foreign companies clearing customs in France account for a low percentage of total operations (6.3 % of traditional and postal freight in 2014). These operators are mainly, but not exclusively, subject to ex-ante controls.

Statistics released by CANOPEE 28 show that in 2014 and 2015, around 1 % (1.07 % and 0.97 % respectively) of import declarations lodged in France by a foreign importer using Delt@-C 29 and -D2 eprocedures were targeted by an ‘own resources’ profile or randomly selected for ex ante control. These declarations were targeted mainly because of risks in connection with procedure 42, problems with customs values (implementation of IMAA 30 ) or with passing on RIF 31 messages. Nevertheless, the rate is still close to the control rate of import declarations targeted by an ‘own resources’ profile (or by automated random sampling) for all operators taken together (1.09 % in 2014 and 1.02 % in 2015). The discrepancies observed are not significant in relation to the size of the population of foreign importers compared to the total population of importers clearing customs in France. (Foreign importers accounted for only 4.55 % of imports in 2014 and 5.11 % in 2015. These percentages concern imports via Delt@-C and -D e-procedures and therefore exclude express and postal freight.)

France also receives information from other Member States for monitoring foreign operators clearing customs in France via IMAA, RIF and SCENT 32 messages and MA 33 communications. Particularly in connection with MA communications on ADD fraud 34 , when it comes to largescale fraud, customs officials in other Member States act on requests for assistance in checking French companies carrying our clearance operations on their territory.

The forthcoming implementation of GRINAR 35 V2 will provide better visibility of all highrisk operators, in particular foreign operators clearing customs in France, and which are not covered by GRINAR V1.

Finally, given what is at stake and the potential bias in the risk analysis of operations carried out by operators that clear customs in several Member States (see above), and with a view to making its customs controls more effective, France will participate in the Customs 2020 project group dedicated to following up the European Court of Auditors’ recommendations on the subject. It will host the first meeting (6-7 February 2017) of the subgroup on the exchange of data between the Member States in order to gauge the scale of the phenomenon and provide the most appropriate response.

Here, the statistical study on imports into France by Community operators for onward shipment to another Member State shows that the vast majority of the companies concerned have been audited by the French customs authorities (data source: reconciliation of data from the CANOPEE 2 application and BANACO 36 ). These official controls consist of ex-ante and/or ex-post controls.

As for the French operators that carry out customs clearance in another Member State, while risk analysis on those operations is not integrated in the same way as for other operators (since there is no tool that provides access to all the declarations in question), checks are carried out none the less. Indeed, the French customs authorities apply Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States in respect of operators deemed high risk and they consider that they make an effective contribution to protecting the EU’s financial interests by providing information to the customs authorities of other Member States through IMAA, RIF and SCENT messages or MA communications.

A task force has also been set up within the DNRED 37 to combat fraud under procedure 42, focusing primarily on textiles from China and on companies that sell their imports on French territory. In addition to seeking information on the identities of companies at risk to pass on to the customs authorities of other Member States, some thirty checks were carried out on Chinese containers cleared through customs in another Member State, resulting in 10 cases of litigation in 2014 and 2015.

For this, the French customs administration also relies on the work of the abovementioned Customs 2020 project group, in which it is an active participant, to continue improving the response to the problem identified by the Community authorities.

HR

A)If budgetary cuts have impacted on the level of staff at control level

In the Republic of Croatia, budget constraints did not lead to a reduction of staff in charge of controls, therefore Customs service continued to operate with the same number of Customs officers.

B)Whether and how the right balance between budgetary cuts, trade facilitation and the protection of the EU financial interests have been ensured:

As stated in part A) Customs service did not reduce the number of staff in charge of controls. Sector for customs controls in Central Office of Customs Directorate for each year brings Annual working plan, and all controls have been carried out according to the Annual Plan. Such plan also includes the inspections on operators/companies.

C)Whether and how the information received from other Member States or the Commission departments through the CRMS, AFIS and OWNRES systems is incorporated into risk management and complements the national populations used for risk management purposes:

All information received from other Member States in the framework of the mutual assistance, including both requests for mutual assistance and spontaneous information, are being analysed, and in case if such information is of the interest, and if it is important for further proceedings for customs officers, such information is being integrated in risk management system.

Also, all information received from Commission departments through CRMS, AFIS and OWNRES systems is being analysed, and such results are taken into account and being incorporated in risk management systems, in order to perform needed operations. Also, such information is taken into account while planning and executing further operations.

D)Examples about how cooperation the information exchange has been developed. In particular for companies which are established in country but which clear all their imports at customs officers in other Member States.

Representatives of Customs Directorate of the Republic of Croatia cooperate with the neighbouring countries (SI, IT, HU) and participate in the Quadrilateral meetings - Q4, where mostly the operational issues are being discussed. The one of the concerns are the transports of lubricant shipments, where a big number of irregularities are being detected.

In such cases the fast and accurate exchange of information regarding the companies, vehicles, documentation (mutual assistance) was needed, and such reply is crucial for the proceedings at national level. In relation to the information exchange about customs procedure CP 42, with Slovenia and Hungary, Croatian Customs service has signed Memorandum of Understanding. It has been noticed that such procedure is usually being misused by the operators with the aim to avoid national VAT payment.

IT

1. The Customs and Monopolies Agency has always aimed to achieve a balance between the need to protect the budget (EU and national) and public security and the need to expedite and facilitate legitimate trade. In that continuous and dynamic process of adjustment, within the relevant regulatory frameworks, the use of resources (financial, human and material) has had and continues to have an important role, and it is by optimising the combination of the various factors that make up the ‘resources’ that it has been possible effectively to guarantee that the above needs are met. With financial resources under pressure and staff numbers falling, the strategic choice has been made to keep both online and ex post controls at a fairly constant level - as can be seen from recent CUP reports published by the Commission - and to support these activities with an increasingly robust and refined risk analysis and the digitisation of tasks, which has led to fully computerised management of customs clearance procedures and selection of online checks, along with the development of a special procedure, also based on centralised risk analysis, to identify sensitive sectors to undergo ex post controls. The high level of computerisation of the dialogue between operators and customs has thus made it possible to optimise declining available resources and to maximise management efficiency and the effectiveness of controls.

2. We note an increase in relations and cooperation with customs officers from certain countries such as Germany, the United Kingdom, France and Belgium.

Given the activities carried out with customs officers from Germany and Belgium in particular, we can say that the exchange of information and operational coordination with those countries is now fully established.

For example:

Under the Naples II Convention, the Joint Investigation Teams agreement established under Article 24 of the Convention (joint special investigation teams) between the Interregional Anti Fraud Unit of the Interregional Directorate for Liguria, Piedmont and Valle d’Aosta and the Berlin Zollfahndungsamt - Smuggling of foreign manufactured tobacco products - was extended until 31 December 2015. Steps were taken simultaneously in Italy and in Germany culminating, in November, in the enforcement of 11 pre-trial detention orders issued by the judge for preliminary investigations in Turin and the enforcement of a further six in Germany by order of the German courts. The Italian facility was seized and other searches were carried out, again simultaneously, in Italy and Germany. In December there was a debriefing meeting in Cologne, attended by officers from the Interregional Anti-Fraud Unit of Turin.

3. First of all, customs risk management must be understood in a very broad sense, to include, pursuant to Article 13 of the Community Customs Code 38 , all risks arising from threats to the correct application of any legislation governing the entry, exit, transit, final destination and EU position of the goods with regard to the customs territory of the Union. That definition therefore includes risk management activities relating to threats in general 39 and similar activities relating to security and safety risks which, inevitably, overlap with earlier ones 40 .

The CDC risk profiles during the period under consideration have been refined through analysis and evaluation of:

onon-conformities detected during checks at the time of customs clearance;

odata communicated by the operational offices (irregularity sheets entered in the Anti Fraud Database, local risk sheets and negative control reports) or by other branches of the Agency or by national, Community and international bodies (ministerial orders, INF-AM, RIF, etc.);

the results of analyses carried out by the new risk analysis model known as SIDDA, which allows statistical analysis of the data submitted with the customs declaration against an outlier detection system. The results of this initiative were presented by Italy in an EU working group which is introducing measures into TARIC to automatically select or reject ‘outlier’ entries, and also in a second EU initiative on ‘data mining’;

·national and Community legislative provisions (tariff changes, anti-dumping duties, countervailing duties, opening and closing of economic and tariff quotas, etc.);

·objective and subjective data retrievable through the available databases (flows, statistics, etc.);

·data on trade movements compared with equivalent periods;

·how profiles are working over time, their efficiency and effectiveness, and how they are consequently updated;

·data available through access to the movement systems of consignments of international air couriers.

For those purposes, during the period under consideration the following were analysed, inter alia, bearing in mind the scale of the threats and the level of human resources available 41 :

·28 INF-AMs and thousands of irregularity sheets from the Anti-Fraud Database;

·some 13 000 corrections of discordant declarations;

·the reports on adjustments of assessments submitted by the operational departments each month;

·all Risk Information Forms (RIF) produced by the National Risk Analysis Centres (NRAC), by the operational offices and by the Commission;

·local risk survey sheets;

·other alerts from other branches of the Agency and national, Community and international organisations.

4. In addition to the Commission’s recommendations, cooperation and exchange of information with the other customs authorities of the Member States and with the police forces and courts are being constantly and significantly improved, both on the initiative of the Agency (as a result of findings of investigative and strategic activities carried out independently) and in response to requests received from the other authorities; this improvement is necessary and consistent with the marked similarity of fraud phenomena at international and trans-national level.

The legal instruments used - Regulation (EEC) No 515/1997 on mutual customs assistance between the Commission and Member States and the Naples II Convention on mutual assistance and cooperation between customs authorities, including courts - provide a framework for various cooperation and exchange activities, which are nevertheless always characterised, at all stages of implementation (upstream, on-going and downstream), by complementary and cross-cutting investigative activities, which overall, also in 2015 have led to important outcomes for the prevention and combating of fraud.

As requested by the Commission, these are examples of the main activities:

·Continuous cooperation with OLAF on protection of Traditional Own Resources takes place in the context of mutual assistance, i.e. AM Communications (AM = Assistance Mutuelle) which OLAF sends to the Member States.

The steady increase in communications received in the period 2011-2014 dipped slightly in 2015, which saw 27 AM communications compared with 39 in 2014, as shown below:

However, there is a fully confirmed trend towards more complex cases and actions taken, including with regard to the follow-up to previous Mutual Assistance communications, which can be attributed to the increased complexity of trade and the characteristics of infringements. The 27 AM communications of 2015 were as follows:

·infringements concerning: antidumping, with false/incorrect declaration of origin and/or type and/or value of goods; counterfeiting; illegal drug trafficking;

·types of goods: chemical and pharmaceutical products, tube or pipe fittings, aluminium wheels, fibreglass fabrics, textiles and footwear, semiconductors, integrated circuits, citric acid, tuna-based food preparations, solar panels, steel fasteners (industrial), other iron and steel articles, drugs and precursors, bicycles, cast threaded pipe fittings, soya concentrate, hand pallet trucks, bearings;

·Third countries concerned: China, Taiwan, Malaysia, Vietnam, Cambodia, Thailand, Singapore, India, Bangladesh, Indonesia, Philippines, Hong Kong, United Arab Emirates, Pakistan, Moldova, Brazil, Argentina and Papua New Guinea.

   Many Mission Reports were also received in the course of 2015, and Final Reports with ‘Recommendation for action to be taken following an OLAF investigation’; essentially there was follow-up to further measures to recover evaded duties, based on supporting documents drawn up by OLAF following specific on-the-spot missions in the third countries concerned, and comparative analysis of the data collected with those relevant to imports to the Member States.

   The methodologies used in this specific area of cooperation were refined through intervention and coordination measures (with guidance instructions, practice memos, a ‘top down’ training action) in the Agency’s peripheral structures, in particular those structures specially set up the year before in 2014 (INF AM Groups) to supervise and monitor activities on the ground, including those relating to the quality of data in the IT systems used to record instances of fraud in the national databases 42 , and consistency with the data on recoveries in the EU’s OWNRES database.

·Collaboration and operational cooperation in the field of Joint Customs Operations (JCO) and Joint Police and Customs Operations (JPCO) was also important; cooperation with EUROPOL was also enhanced, and it is worth noting the attention given in the Council of the European Union, in the Customs Cooperation Working Party, to improving the exchange of inter-institutional information to combat fraud.

·There has been a further increase in the number of requests for mutual assistance under the Naples II Convention, with a concomitant increase in the complexity and variety of circumstances, both sent abroad and received from abroad, leading to equally complex verification and operational activities.

   The above legal instrument continues to be particularly flexible and capable of preventing and combating infringements in the context of transnational organised crime.

The following graph shows the volume of cases in recent years: in 2015 a total of 301 actions were taken in respect of 184 cases opened (each individual request file corresponding to ‘n’ actions, depending on the complexity of the case).

·Again under the Naples II Convention, in 2015 three joint special investigation teams were decided and set up, two between Italy and Austria and one between Italy and Germany.

·Under the same Convention some important investigative and cooperation activities were carried out involving the Agency, the Italian judicial authorities and the corresponding customs and judicial authorities of certain other Member States (Austria, Belgium, Germany, the Netherlands, Poland, the United Kingdom and Hungary), including eight particularly significant cases.

The activities led to the detection and combating of instances of organised crime against the EU and national budgets and, in some cases (activities are still ongoing in others), to the adoption of restrictive and precautionary measures against the suspects and their movable and immovable assets.

Finally, we would point out that the principles laid down in the document in question have been included, as appropriate, in the guidelines on Post Clearance Audit to be published soon.

As regards cooperation and the exchange of information among the customs authorities of more than one Member State, where a person established in one Member State carries out customs operations also in other Member States, in addition to application of the instruments provided for in Regulation (EC)No 515/97 and in the Union Customs Code (formerly the Community Customs Code) with respect, for example, to authorisations for customs procedures (now special procedures), we would cite as an example the bilateral cooperation with Slovenia in the exchange of information regarding the use of customs procedure 42, which led to targeted checks in both countries on the proper payment of customs duties (mainly VAT on imports).

Contribution by the Guardia di Finanza

With regard to point d) of the Notes to Recommendation 1, the General Headquarters – Division II of the Guardia di Finanza is continuously monitoring the information forwarded by the Member States via the AFIS system. If examination of the information received through the system (a significant proportion of which relates, in turn, to cases that fall within the Agency’s remit) leads to the discovery of situations of interest to the Guardia di Finanza, the units of the Guardia di Finanza are informed promptly, so that - possibly after risk analysis at local level - appropriate action can be taken.

CY

a) Budgetary cuts have impacted up to a certain extent on a level of staff at control level mainly due to the fact that no public sector job vacancies have been created as a moratorium for the last four years up to end of December 2016, and, at the same time, staff retired each year let alone the fact that staff have also taken the early retirement option because of the fear regarding the economy. These resulted in a substantial decrease in the number of staff. However, due to a rise in illicit trade, the Department of Customs and Excise of the Republic of Cyprus has increased random controls in order to trace and thus attempt to diminish this phenomenon.

b) It seems that, despite the problems the Republic of Cyprus has been facing due to the economic recession over the last five years, such as reduction in the number of staff described above, the right balance between budgetary cuts, trade facilitation and the protection of the EU's financial interests have been ensured by random controls in order to trace illicit trade movements at ports and airports as well as at crossing points provided by Regulation 866/2004 and in warehouses or other premises where according to a valuated information, smuggled goods are being placed.

c) The Customs Administration has dealt with this situation by assigning more duties as well as more responsibilities to the existing staff and performs random checks as explained in (a) and (b) above.

d) The Customs Officers involved in risk analysis and information exchanged, at local and central level, have access to CRMS and AFIS systems. At central level the information is processed and accordingly is decided to:

·Create national profiles in the electronic risk analysis systems

·Send alert messages to front line officers

·Disseminate the information to the appropriate sections (e.g. post control section, investigation section, IPR section and so on) for their own actions.

·Provide feedback

OWNRES is managed mainly by the post control section which is using the risk information for post control checks.

e) Examples about how cooperation and information exchange has been developed include the MOUs and the mutual administrative assistance. For the second part of the question, due to the fact that the Republic of Cyprus is an island, we do not have cases that have been encountered here for companies which are established in one country but which clear all their imports at customs offices in other Member States.

LV

a) to c) points above are not applicable for the State Revenue Services, as no budgetary cuts have had affected its work.

d)    whether and how the information received from other Member States or the Commission departments through the CRMS, AFIS or OWNRES systems is incorporated into risk management and complements the national populations used for risk management purposes;

The Customs Board of the State Revenue Services informs that the national and international information is circulated in according to the State Revenue Service’s (hereafter - SRS) internal rules and regulations, including information that has been received via CRMS and AFIS.

The received information on risks is integrated into the risk management process, thus the Customs Board ensures that the information that has been received via CRM and AFIS is registered and disseminated to relevant Customs Board structural units and other competent SRS’s permanent structures. The information received via CRMS and AFIS is evaluated in order to make a decision to impose the necessary risk mitigating measures. The mutual assistance requests received from the AFIS system is regulated by the internal procedure ”Procedure for processing the information between the SRS units on the OLAF requests for mutual assistance and the cooperation between such institutions in line with the provisions set in the EC Regulation No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters”

e)    Examples about how cooperation and information exchange has been developed. In particular for companies which are established in one country but which clear all their imports at customs offices in other Member States.

The Customs Board of the State Revenue Services informs that for the risk mitigating measures and customs offenses need to get information from another EU Member State, the Customs Board is preparing requests on the basis of the EC Regulation No 515/97 in order to obtain assurance that the provisions of the Regulation has been correctly applied. Such practice also applies to transactions of imports if the Company is registered in certain Member State but customs clearance done in another Member State. Whereas, in regards to the customs procedure No.42 that lays down provisions for customs clearance for financial beneficiary that is registered in another country, by applying a 0% VAT rate, for information control purposes the information is exchanged by using the SCAC’s (Standing Committee on Administrative Co-operation) harmonized electronic template.

LT

Within the framework of the programme Customs 2020 (financial code CPG/136/002), the Customs of the Republic of Lithuania participate in the EC Expert Group on Post-Clearance Audit under the project on financial risk management where decisions are taken on further actions regarding the issues raised by the European Court of Auditors and information on risk management in the area of customs audit is exchanged.

Lithuanian Customs contribute to the collection and analysis of data on customs procedures for imports conducted by economic operators in a country other than that in which they are set up or registered. The Customs also exchange information on the customs procedures for imports of the aforementioned economic operators which is relevant to risk management with other EU member states via CRMS. Information received from CRMS is subject to regular analysis and assessment.

On the basis of AFIS AM, investigations are carried out and risk profiles are developed. On a case-by-case basis, information is forwarded to other competent customs units for further investigation. Having carried out the investigations, customs officers reassess risks against the risk criteria. Afterwards, within the set deadline they inform the OWNRES case investigators on additional risk mitigation measures.

LU

Question a) Not the case

Question b) Not applicable

Question c) Not applicable

Question d) Yes, establishment and use of risk profiles and update of existing ones.

Question e) No particular example for import clearance under the scope of the centralized clearance.

HU

As regards the balance between trade facilitation and the protection of the EU’s financial interests, selection for the controls built in the process of base case customs procedures is made by taking into account the risk profiles developed as a result of central risk analysis activities, as well as local risk assessments and case specific decisions taken by the customs body (in the case of customs procedures for release for free circulation, accounting for the largest share of import flows, this means a control level of 5% at a minimum).

In addition to the above, EU and national efforts for the simplification and acceleration of customs procedures indicate that, simultaneously with the shift towards electronic and simplified customs procedures, emphasis should be shifted from the process of base case customs procedures to controls to be carried out after the release of goods. That control option includes individual inspections of customs declarations as well as more comprehensive audits of foreign trade activities subject to customs control.

In order to achieve the stated objectives and the appropriate level of control, having regard to the expectations of external control bodies, a minimum control level of 5% needs to be ensured in annual terms, based on selection made on the basis of risk analysis, in the case of postrelease controls.

As regards the exchange of experiences among Member States, it takes place in the framework of the regional customs cooperation of the Visegrád countries (the V4: Czech Republic, Poland, Hungary and Slovakia), more specifically at the annual meetings of the Member States’ customs leaders and through the discussions in the expert groups. At their meetings, the customs leaders evaluate the experiences of the past year and define the tasks for the next period.

On a proposal from the Czech Customs Administration, the first meeting of the V4 countries’ working party for customs ex-post controls was held in Prague in December 2014. The aim of this working party is to support the post-release (ex-post) controls carried out by the customs authorities of the V4 countries by sharing risk information, best practices and legal interpretations. The December 2015 meeting was hosted by the Slovakian customs administration, and the December 2016 meeting was organized by the Hungarian customs administration, based on the items on the agenda of the previous working party meetings. The working party sub-group is working effectively and productively. The next meeting is planned for late 2017.

In the framework of the V4 customs cooperation, a separate working party deals with the issue of under-invoicing footwear and textile products arriving from the Far East. Under the Trencin Declaration for joint action by the V4 against under-invoicing, the Member States undertook to introduce trigger prices for a certain number of products from 1 January 2016, based on the EU-28 fair prices captured by the AREP AMT (Automated Monitoring Tool). In accordance with the Declaration, the risk profiles developed to combat under-invoicing were updated on 1 January 2017.

Furthermore, as regards the exchange of experiences among Member States, it also takes place in the context of the regional customs cooperation of the Q4 (Quadrilaterale) countries (Croatia, Italy, Slovenia and Hungary), more specifically at the regular meetings of the Member States’ customs leaders and through the discussions in the expert groups. At their 2016 meeting held in Villány, the customs leaders adopted a decision on continuing the activities of the Q4 working parties. Working parties of experts will be set up for in-depth control, increasing the effectiveness of the fight against under-invoicing and the application of the Union Customs Code, the members of which will consult each other on the relevant issues.

In the regional cooperation of the Q4, the National Tax and Customs Administration of Hungary (NAV) plays a highly important coordinating role by regularly informing the customs leaders of the Q4 countries about the work done and the results achieved in the well-functioning and active Visegrád expert groups and, as a result, involving the Q4 experts in the work of the Visegrád experts. As regards information received from other Member States or Commission departments and point d) of the request for information attached to the recommendation, such information (e.g. AM, RIF messages, customs information exchange agreements, data and information received in the context of voluntary assistance) are constantly analysed and evaluated during risk analysis, which may result in customs inspections.

As regards closer cooperation among Member States and point e) of the request for information attached to the recommendation, the Hungarian customs authority has concluded or intends to conclude bilateral agreements for the mutual exchange of data on customs procedures for customs control purposes with several EU countries. Bilateral agreements are currently in force between Hungary and the customs authorities of Slovakia, Romania, Slovenia, the Czech Republic, Poland and Croatia. Negotiations for a bilateral agreement are currently underway with the customs administration of Greece.

In accordance with these agreements, data are provided regularly within the framework of voluntary assistance by the customs authorities of other Member States on the customs procedures initiated in the given Member State in respect of operators established in Hungary, and by the Hungarian party on the Hungarian customs procedures concerning operators established in the given Member State.

The central body carrying out the risk analysis periodically involves the data in a complex analysis and informs the customs administration (control) function in case risks are identified. The relevant risk information is also notified to the foreign customs administration concerned, in the framework of voluntary assistance.

In addition to the above, under the framework or empowerment provided by EU and national legislation, the Hungarian customs authority also cooperates with domestic partner organizations in order to support the customs control activities.

MT

a) if budgetary cuts have impacted on the level of staff at control level;

To a certain extent yes.

b) whether and how the right balance between budgetary cuts, trade facilitation and the protection of the EU’s financial interests have been ensured;

Yes.

c) if a) and/or b) yes, how Member States have dealt with this situation in order to ensure that the efficiency of the control system remains unaffected;

We have re-structured and joined a number of sections, which operate within the same area, thus making better use of our present human resources. Also, we are reviewing the Department’s work practices in order to identify out-dated practices and correct them.

d) whether and how the information received from other Member States or the Commission departments through the CRMS, AFIS or OWNRES systems is incorporated into risk management and complements the national populations used for risk management purposes;

Yes indeed. All foreign information is evaluated by our Risk Management Team and when applicable that intelligence is incorporated into our national profile system for eventual targeting.

e) examples about how cooperation and information exchange has been developed. In particular for companies which are established in one country but which clear all their imports at customs offices in other Member States.

Information is provided under the Naples II Convention on Mutual Assistance and Co-operation between Customs Administrations and Reg. 515/97; other bilateral agreements also make this possible. On numerous cases we assisted OLAF and other EU Customs Administrations with information about shipments (which included LUBRICATING OILS and TOILETRIES) and which are despatched from a Member State with Malta as the declared place of final delivery – the shipments never materialise. These are normally MTIC cases.

NL

In the Netherlands there was no budgetary cut to Customs that affected staff numbers. The UCC had more impact: due to the necessary changes to agreements, permits and audit files the total number of post-clearance audits in 2016 was smaller compared to 2015. This will also have an impact in 2017. This is partly offset by a different way of organising audits (cyclical monitoring).

We will always consider what the most relevant issues are and ensure that we find the right balance between trade facilitation and protection of EU financial interests. All clearance controls (at the time of clearance and post-clearance) are risk-based (incl. ad random) and information from other Member States is taken into account. Successes and noteworthy information of possible interest to other Member States are shared by the CRMS system. Pursuant to the Regulation all relevant findings (cases of fraud or irregularity) are reported in Ownres. The most recent relevant examples are the CRMF information exchanges relating to antidumping fraud with solar panels in recent years.

AT

No Information Provided

PL

The actions suggested in the recommendations are being implemented in Poland through the:

·Reorganisation of the institutions and services also competent for protecting the EU's financial interests by bringing together the Customs Service, Tax Administration and Treasury Control to form a national tax authority from March 2017. This solution is aimed at increasing the efficiency and effectiveness of the checks carried out, including checks on traditional own resources;

·Intensive use of available information channels, including the CRMS and AFIS systems for exchanging experiences in cases where the customs authorities have been particularly effective in detecting irregularities during customs clearance;

·On-going use of information received from other Member States or the Commission through the CRMS and AFIS systems in risk management. The centralised body coordinating this process is the Customs Service’s Strategic Analysis Centre;

·Increase in international cooperation activities by the Customs Service, particularly in cases involving the declaration of low transaction values for goods. The Customs Service is also looking forward to improved cooperation from other Member States with regard to the transfer of information by Polish operators for declarations under customs procedure 4200 concerning significant quantities of goods imported from Asia in sea containers and with a value close to the threshold values (used in risk analysis). In such cases, the likelihood of detecting fraud in the form of the under-declaration of transaction values during customs clearance is low. That is why the Commission suggested focusing more on the transfer by Member States with key cargo sea ports of information on operators declaring low transaction values under customs procedure 4200. This information could be used in ex-post controls (information exchanges via the Eurofisc network cannot replace the proposed cooperation at the moment, as not all EU Member States with key cargo sea ports are part of Eurofisc and, equally important, the Eurofisc data concerning consignments with a value of EUR 25 000 or over, for example, do not include a significant number of container consignments with a lower transaction value).

PT

The recommendation under consideration does not fall directly within the scope of the work of entities involved in managing the European Structural and Investment Funds (ESI Funds).

However, the Agency for Development and Cohesion (AD&C) reports that in the field of ESI Funds, all transactions and suppliers (national and foreign) are included within the scope of expenditure that might be examined by the Managing Authorities as part of management checks (administrative or on-the-spot), and might also be subject to audits, where required, in the framework of audits of operations.

RO

Following the reorganisation of customs activity resulting from the entry into force of Government Decision No 520/2013 on the organisation and functioning of the National Tax Administration Agency, published in Official Gazette No 473 of 30 July 2013, the operational staff performing customs control activities has increased, enhancing the capacity for customs control and supervision at the EU’s external border.

Selection for control based on risk assessment at local or national level by means of the RMF (Risk management framework) IT system, the computer processing of customs declarations by means of the SIIV (Integrated customs IT system), the implementation of computerised transit systems (NCTS), the excise goods movement system (EMCS), the prior auditing of authorised economic operators (AEO), simplified customs procedures and the green clearance channel, make it possible to facilitate transport and international trade by reducing border and inland clearance times and to perform more effective customs controls.

Information on risks identified in international trade operations received via the CRMS-RIF, AFIS mail and OWNRES systems are examined at national or local level, as relevant, and risks identified as being applicable in Romania are subjected to customs surveillance measures implemented at national level in the RMF IT system in the form of risk profiles or in the ADIS system in the form of alerts.

In order to obtain data and information relating to customs activity carried out in other Member States by operators registered in Romania, use is made of mutual assistance and administrative cooperation, as set out in Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters.

ADDENDUM

c) Ensuring the efficiency of the control system

Although the Directorate-General for Customs has fewer staff following the reorganisation of customs activities resulting from the entry into force of Government Decision No 520/2013 on the organisation and functioning of the National Tax Administration Agency, published in Official Gazette No 473 of 30 July 2013, the balance between the need to facilitate trade and the protection of the EU’s financial interests has been achieved through the implementation and development of new systems for selection for control of customs operations, as follows:

- over the period 2013-2015, the operational staff performing customs control activities at border customs offices has increased by more than 800, enhancing the capacity for customs control and supervision at the EU’s external border both in terms of the number of physical checks carried out and the use of non-destructive scanning techniques (RAPISCAN).

- the use of selection for customs control based on risk analysis has facilitated the implementation of clearance channels, customs declarations accepted via the green clearance channel following a process of post-clearance customs control.

- close cooperation with the European Commission’s Anti-fraud Office (OLAF) with a view to obtaining data and information for use in combating customs fraud and improving the performance of the national risk management IT system RMF (Risk Management Framework) has facilitated selection for control on the basis of risk assessment at local or national level, leading inter alia to a reduction in cases of undervaluation of the customs value declared on import of textiles and footwear from China and Turkey.

- the application of the provisions of Regulation (EU) No 952/2013 laying down the Union Customs Code and subsequent regulations has led to the development of working procedures based on modern principles, developing the system of audit at the premises of economic operators (AEO), extending local clearance procedures (entry in the records), customs transit procedures based on authorisations of approved recipients etc., and shortly centralised clearance, control methods which benefit from the cooperation of economic operators and release customs staff from performing inefficient routine checks.

e) Examples of the development of cooperation and the exchange of information:

Romania currently carries out exchanges of customs information with Member States on the basis of Regulation 515/1997, exchanges of data and information which are used for carrying out checks of customs declarations, and through the AFIS, CRMS-RIF or CEN IT systems, and agreements concluded between the EU and non-EU States, in individual cases of breach of customs legislation and on a reciprocal basis.

For example, using OLAF’s AFIS platform, an exchange of information takes place between Romania and Hungary on import transactions under procedure 42 approved in those two Member States, information which can be used to tackle VAT fraud. Furthermore, at the border customs office of Giurgiuleşti, the Romania-Moldova-Ukraine trilateral contact centre also operates, for the operational cross-border exchange of information with a view to combating more effectively the phenomenon of illicit trafficking at the EU’s eastern border.

With regard to Romanian companies which clear entirely in other states, their activity is not controlled because there is no legal customs relationship. At the request of Member States in which these customs assistance operations take place, targeted checks are performed in accordance with such requests.

With regard to imports into Romania by companies established in other Member States, given that, together with customs duties, national consumption taxes, VAT and excise duties are also paid on import, customs declarations by economic operators established in other Member States can only be submitted by a tax representative. These operations are recorded in the Integrated Customs Information System (SIIV) and are subject to the same filters and automated risk assessment performed with the aid of the RMF as other customs declarations submitted by operators established in Romania.

Sl

Questions: (a), (b), (c):

In order to reduce administrative costs and optimise operations the customs and tax administrations were merged into a single Financial Administration of the Republic of Slovenia (FURS) in 2014. The consolidation was followed by staff rationalisation, which resulted in optimisation and fewer customs inspectors. Three competent units in charge of inspections were created in 2016 for optimisation and rationalisation purposes and with a view to increasing efficiency.

All declared shipments in the clearance process are automatically subjected to electronic risk analysis, which uses risk profile templates that cover a variety of risk areas. Whenever a risk profile is identified, a risk assessment is carried out, followed by a control and the recording of control results. Risk profiles are updated daily on the basis of available information.

(d) Thanks to bilateral agreements with Italy, Hungary and Croatia, the FURS exchanges information on customs procedures 42 and 63 carried out by economic operators established in those Member States, with the clearance procedure being carried out in the other of the two signatories.

All information received through the CRMS system is evaluated, processed and recorded in the national risk analysis record. Additional information may be requested through the CRMS system, if needed, for the purpose of risk analysis. Once risk analysis and assessment findings are obtained, all the necessary measures are taken for mitigating risks in customs procedures, including the creation of corresponding risk profiles and the submission of information to the competent authorities (e.g. ex-post control) or other bodies. Information on all the measures and activities undertaken and new risks identified is transferred through the CRMS system.

Any useful information transmitted through the AFIS system (e.g. AM-messages, rejections, etc.) is also entered in the national risk analysis record where it is further processed and analysed to create risk profiles; where any similar previous cases are identified a proposal is generated for an ex-post control.

Entries in the OWNRES application mainly concern additional payments following controls.

Information on any newly discovered irregularities in customs procedures, excise duty procedures, ex-post controls or other controls for which the FURS is in charge (e.g. mobile units) is exchanged through the national VIR system, which supports the creation of local SAT profiles for customs procedures and enables the monitoring of import, export and transit customs controls.

(e) Italy, Croatia and Hungary report to us on the import of goods into their respective countries under procedures 42 and 63 by Slovenian-based companies, while we provide them with data on import procedures 42 and 63 for imports into Slovenia by companies established in any of the three countries. The data is analysed and corresponding risk profiles are created where required, after which the information is fed to the department in charge of ex-post controls. The exchange of information makes it possible to more effectively fight financial irregularities and the ensuing losses.

SK

Due to the fact that such reduction actually started to be applied since the end of previous year we have no information about such impact in relation to the budget cuts.

a) Information received through the systems are analysed and incorporated into the national risk profiling system, moreover information from the CRMS system are monitored and processed continuously in a unit 24/7.

CRMS

Cases reported via CRMS application by Member States represent information base on identification of trends in violation of customs legislation. Reported cases and described situations about the movement of imported goods, behaving the people and ways of committing unlawful acts serve as knowledge base for the operational departments. By verification of specific situations described in CRMS it was found e.g., that false identification documents were used. Smugglers submitted false documents to the customs authorities. There was also found the vehicle registered in one of the Member states which, after deregistration, becomes the possession of a third-country citizen. This person used it for smuggling of small arms in its hidden shelter.

AFIS

This application is permanent tool which allows, to the analytical units, to have data coming from various sources in a real time. Having such safe international communication channel is currently also valuable tool to avoid & prevent cyber-attacks. Information from AFIS enables us to identify transit operations where exists any doubts of data authenticity.

AREP application and its Automated Monitoring Tools Reports (AMT Dashboards) allow focusing on diversion of customs values during customs clearance processing for selected nomenclatures. The low number of analysts which are able to work with this on-line tool and also persons which are able to read data from the reports caused poor transformation of such information to the units which carry out customs clearance itself.

FIDE application is also valuable on line resource. It’s used, by investigation bodies in their search operations, in framework of recorded violation of customs regulations.

The information about possible fraud, for companies established in other Member states, are forwarded to the particular Member states on the basis of Reg. 515/1997 („Mutual assistance“). Close cooperation is conducted also in the exchange of information, in framework to the control of companies that are established in one EU country but all their customs formalities for the import of goods are made in another EU country, especially in controlling the dispatch of goods within the procedure 42 for V4 countries (SK, CZ, PL, HU). In addition to this agreement the Slovak Republic, at the level of Heads of customs administrations of the V4 countries, also signed the agreement in relation to risk analysis and excise duties."

FI

During the past years person-years have been decreasing because of the different governmental programs aiming at savings and at intensification in administrative work.

The figures are the following regarding development of person-years in the Finnish Customs: 2015: 2202 person-years, 2016: 2160 person-years and 2017 started with 1925 person-years.

From the beginning of the year 2017 Tax administration is responsible for excise duties, car tax and also for the VAT in importation from January 1st 2018. The tasks were transferred from Customs to Tax administration and 196 employees were relocated to Tax administration. Tasks related to control activities are shared.

Generally the Customs has been developing more efficient and more sophisticated electronic declaration systems and systems and IT-tools for Risk Management purposes.

Question 1 (d) CRMS and AFIS are everyday tools in risk management work. OWNRES is also used but less frequently.

Question 1 (e) Permanent Customs 2020 project group DK-FI-SE concerning risk management and control of own resources was established in the year 2016 in order to change regularly information of post-clearance controls/audits, irregularities at the time of clearance as well as the tools, methods and results of risk management. One target area of this group is the companies which are established in one country but which clear imports at other Member States.

Representative of Corporate Audit of Finnish Customs is a member of the C2020 Project Group on post clearance audits - follow-up of annual ECA findings and recommendations. The project group works out the state of affairs of the companies which are established in one country but which clear all their imports at customs offices in other Member States.

SE

a) if budgetary cuts have impacted on the level of staff at control level;

It has not affected the number of staff at control level since the budget has not been reduced but rather increased in 2015.

b) whether and how the right balance between budgetary cuts, trade facilitation and the protection of the EU’s financial interests have been ensured;

See answer to a). The balance between trade facilitation and the protection of financial interest of EU is always a high priority for Swedish Customs. Within Swedish Customs it is an issue that is under the responsibility of the Directors responsible for the Department of Law Enforcement and the Department of Managing the trade.

c) see answer to a)

d) whether and how the information received from other Member States or the Commission departments through the CRMS, AFIS or OWNRES systems is incorporated into risk management and complements the national populations used for risk management purposes;

Yes, Swedish Customs uses the information obtained through the CRMS, AFIS and OWNRES insofar as it is relevant to our priority risk areas. Furthermore, such information, together with other information, serves as basis for identifying new priority risk areas.

e) examples about how cooperation and information exchange has been developed. In particular for companies which are established in one country but which clear all their imports at customs offices in other Member States.

Swedish Customs has during the year participated in an initiative under Customs 2020 programme to form a working group together with Denmark and Finland with a focus on control issues regarding anti-dumping. Furthermore, our experience is that it is easy to ask another MS for assistance in the event that we have a control problem with a company in another MS.

Swedish Customs think that it's SASP (which will be replaced by centralized clearance) that is meant in the working documents. We are unaware of to what extent operators import through other MS anyway. No Swedish economic operators have SASP permit. Customs' current stance is to only participate in the licensing of exports under the condition that other MS issued the permit. Sweden is participating in two events in which the license was granted in Germany. In the two cases, Customs in Germany, who grants the authorization, develops a control plan that tells us what Sweden and Germany should do. The main rule is that the controls are made in Germany, although Sweden also has the opportunity to perform a control of a stock that the economic operator has in Sweden.

Swedish Customs are participating in the EU common priority control areas (PCA). Furthermore, Swedish Customs are active in efforts to develop the working method SBA (system-based approach). We participate in the SBA network and also in the project. It may also be mentioned that some people from Swedish Customs will make a working visit to Belgium during February 2017 to study the Belgian Customs work with the SBA, in order to develop it further in Sweden.

As for cooperation and information exchange in general, we do it in the form of Mutual Assistance, OLAF-AM and Risk Information Form.

UK

a)    The UK’s approach to control continues to be effective and proportionate, using a risk based approach and a range of tools to address the spectrum of non-compliant behaviours.

b)    The UK has struck the right balance working hard to understand our customers and their behaviours to enable us to continue to do so.

c)    The UK maximises the effective use of resources to assure compliance through systems based control and a sophisticated and mature risk management and intelligence led approach that targets the highest compliance risks.

d)    Yes. The UK has an effective process to manage cases that impact on risks in the UK. The UK uses information stored in the AFIS system to identify risks and to direct actions towards high risk traders.

e)    Operation Octopus in 2016. The UK worked with OLAF/French Customs to provide near real time information on consignments of textiles travelling under CPC42. This was followed up with debriefing of the findings with our French and other partners

BE

SPF Finances

Voluntary admission records entered in OWNRES are categorised as follows:

It can be concluded from these figures that this is a marginal phenomenon in Belgium. Furthermore, for a relatively constant total annual number of records, the number of voluntary admission records is also relatively constant. Therefore, this phenomenon does not constitute an emerging trend in Belgium.

There is no national definition of ‘voluntary admission’.

Question a

Since several years, BE Customs has extended the risk analysis activities starting from the transaction based approached to an integrated approach of the couple “transactions and economic operators”: the on-going situation is to complete the overall landscape of risk analysis control activities with a more direct input on post-clearance audits.

·Post-clearance controls via the clustering of subset of yearly declarations controls to be performed by 2nd line teams;

·National thematic controls (e.g. undervaluation, origin, misclassification,…) driven by fraud detection data-mining models, to be executed by 2nd line audit teams and based on effective fraud cases;

·Those risk analysis triggers can be taken on board in post-clearance audits and if applicable, the ‘auto-conducting’ methodology implies that in some cases, the proposition is made to the economic operator for applying “voluntary admission” as a solution to resolve some cases;

·In some instances, a case is propagated nationally through the risk management channel, for regularization.

Question b

The compliance policy is not yet totally completed nationally.

Some initiatives indicate that it should be developed more comprehensively / holistically: requests for regularizations of minor systematic errors in an economic operator’s declarations (with no impact on Traditional Own Resources) are well appreciated.

BG

The check conducted in the OWNRES system of the European Commission of the entire period from 1 January 2007 to date did not return any entries relating to ‘voluntary admissions’ that have resulted in detected irregularities.

Similarly, no cases of voluntary admissions of neither economic operators nor additional amounts to be collected were identified on the basis of ex-post controls.

CZ

The Czech customs administration's adaptations of the control strategy have yielded, for example, the following results:

If whilst post-clearance controls are being carried out, an entity submits its own request for SAD rectification, the system automatically flags up the fact that procedures are being conducted in respect of that entity; hence a SAD rectification cannot be requested. The purpose of this is to prevent entities from evading the requirement to pay default interest.

Furthermore, once post-clearance controls have been carried out, information concerning the places in which infringements have been detected is processed and the findings are fed into the AVR application, which automatically assesses risk in the case of the entities concerned. At the same time the findings are compiled in the form of a newsletter issued four times a year and distributed within the customs administration (to customs offices and to specialist departments), thereby ensuring more effective targeting of post-clearance controls as reflected in the relatively high effectiveness rate: the average figure over the last four years exceeds 78 %.

DK

SKAT has set up a unit to deal with companies’ voluntary notifications in SKAT’s areas of competence, i.e. taxes, VAT, excise duties, etc. When a company contacts SKAT to ensure, for example, correct customs clearance, the company’s notification is referred to the Customs Department for subsequent control assessments.

DE

Information from voluntary notifications, including tip-offs from citizens, other operators, anonymous tip-offs or information from any other source, are included in the national risk analysis and control strategy. When voluntary notifications are made, the normal procedure is to check, as part of risk analysis and market monitoring, whether any other market operator in that sector, apart from the notifier, has been acting fraudulently. The category of ‘voluntary notifications’ includes cases in which the correction or the recording of the data is based on the parties’ (corrective) applications. The term ‘voluntary notification’ in the OWNRES application specifies the ‘type of control’ with which the irregularity was discovered. A survey of the OWNRES database for the 1st half of 2016 in Germany has revealed that out of 10 363 records only 184 cases (around 1.8%) were marked as ‘voluntary notification’.

The number of Member States which discover and report a sizeable number of fraudulent irregularities has increased; this shows their commitment to the fight against fraud affecting the financial interests of the EU.

The Commission remains concerned about the comparatively low number of potentially fraudulent irregularities notified by some Member States. In particular the progress in certain Member States highlighted in the 2014 Report either stagnated or even declined in 2015.

Although the quality of the irregularities reported is satisfactory, it could be further improved to enable a more in-depth analysis of the underlying phenomena.

EE

As far as we understand 'a contact without proceedings' is in question – where a person after the contact with ETCB submits voluntarily an amendment to the declaration (application for amendment of the customs declaration). A contact with ETCB may be a telephone call, an e-mail or a meeting (less often several of these together). During this, the official may ask and / or the person may submit documents / certificates in addition to his / her explanations but need not.

The description in the tax auditor’s work procedure is the following:

The objective of a contact without proceeding is to direct the person voluntarily to correct his / her tax returns without conducting a control procedure, if the tax authority has the information that the present data are incorrect.

A contact without proceedings is appropriate in the situation where the tax authority becomes aware of the circumstance increasing the tax liability when checking another person or in some other way. For example, it appears that the transaction partner has not declared the sales invoice in turnover but the person being checked has reflected it in his / her acquisitions, or the tax authority has become aware of some other inescapable circumstance increasing the tax liability.

In follow-up controls both the persons who have been selected for control and those who have voluntarily corrected their customs declarations shall be taken into consideration.

IE

In the last number of years we have had only a very small number of voluntary admissions.

Generally we consider the outcomes of all audits and apply what we have learned in one case to others. This would for example include risks relating to the 2500 code and authorised IP traders.

Where a voluntary admission is made an issue is identified as a result we carry out checks to see if that issue has arisen or could arise in other importers’ transactions, and accordingly we will implement necessary changes to our customs control strategies. Risk management is at the core of protecting taxes and duties and our systems are developed and updated as necessary with this in mind.

The principles around tax and duty disclosures and how they are defined are set out in the Revenue “Code of Practice for Revenue Audit and other Compliance Interventions”.

EL

Planning of Staff:

a) in the last quarter of 2016 Greek Customs completed a quantitative and qualitative upgrade of the permanent positions for the staff of advanced qualifications of the Customs Administration;

b) there has been adopted a 2 years plan (2017-2018) for new recruitments, in order almost all of the available vacant positions to be covered.

The above actions in combination with sustained and targeted education and training aim to ensure on a mid-term basis the quality and effectiveness of on-going anti-fraud controls, despite budget constraints.

ES

The second recommendation relates to the treatment of voluntary admissions, in so far as they generate an OWNRES report to be sent to the Commission. All payments of import duties, thus including those which derive directly from the information voluntarily provided by operators, are recorded in the IT system and are taken into account in the risk analysis and drafting of control plans, both in relation to the operators which provide the information and others whose operations are of a similar nature.

FR

OWNRES statistics for France, from the EU portal, are as follows:

2011: 3 voluntary admissions out of a total of 267 irregularities (i.e. 1.12 % of cases);

2012: 10 voluntary admissions out of a total of 264 irregularities (i.e. 3.79 % of cases);

2013: 16 voluntary admissions out of a total of 260 irregularities (i.e. 6.15 % of cases);

2014: 40 voluntary admissions out of a total of 289 irregularities (i.e. 13.84 % of cases);

2015: 11 voluntary admissions out of a total of 269 irregularities (i.e. 4.09 % of cases);

2016 (for the first 3 quarters only): 11 voluntary admissions out of a total of 204 irregularities (i.e. 5.39 % of cases - 7.84 % including drafts).

France is not concerned by the statement of the Community authorities, i.e. that voluntary admissions are the second most common method of detecting irregularities reported in OWNRESweb, accounting for 16 % of the said irregularities. There is no apparent explanation for the significant increase in the number of irregularities observed in 2014, other than the fact that the increase coincides with a major operation to update the database and make it more reliable, as requested on several occasions over the years by the Commission, during its inspections of traditional own resources (a simultaneous increase has been observed in the number of irregularities reported and in the number of voluntary admissions among them, but at different rates).

The aim of the French customs administration, in fulfilling its role in regulating trade, is to strike the right balance between facilitating trade and detecting and preventing fraud. The effective application of the principles of risk management should make it possible to achieve this balance. Risk analysis is therefore a key element of the revised control policy of our administration.

Risk analysis can be defined as a working method which aims to identify and assess all the components of fraud risk and to bring them together in an organised fashion, using a method that enables fraud risk to be established in respect of a specific target (natural or legal person, product, industry, customs procedure, means of transport, etc.), which can only be confirmed or ruled out through investigation or audit.

Risk analysis therefore constitutes an important aid to decision-making for planning and targeting first and second level ex ante and ex post controls.

It is possible to identify two main types of risk: real risks of fraud and potential risks of fraud. In the context of this recommendation, only the first type of risk will be presented, i.e.: the real risks of fraud in connection with a firm or operator.

The analysis of real risks of fraud relates to the ‘history’ of companies or operators and products, in as far as they have already been identified during inspections or in connection with established cases of fraud.

For risks linked to an undertaking or operator, analysis is required on:

·the frequency of the controls already carried out in the company or on the operator’s premises and the results thereof (study based primarily on data from the National Control Database (BANACO));

·previous disputes: type, number and seriousness of the infringements detected. The study was carried out using SILCF 43 data, particularly notable cases, and information gathered under the mutual assistance arrangements (IMAA) or in collaboration with the European Anti-Fraud Office (OLAF).

The SILCF includes all litigation files, particularly those relating to voluntary admissions, which are fully covered by the risk analyses.

Once the high-risk undertakings or suspected perpetrators of fraud in relation to particular goods or vectors have been identified through an analysis of the economic climate and, where possible, a statistical analysis, enquiries have to be made into their litigation history, with possible consultation of files held by other customs authorities or other bodies to which the customs administration has access.

Consultation of the SILCF reveals any previous disputes involving the same companies or offenders, and the gravity of any infringements uncovered.

It is also useful to consult BANACO, in particular operator files or data retrieved using the advanced search tools.

In parallel, an analysis can be carried out on cases of fraud already detected in respect of the product or vector. This makes it possible to determine:

·the number of cases of fraud detected, i.e. the number of irregularities identified by country of origin or destination, by the amount of duties and taxes at stake and by type of offence (by consulting the SILCF and BANACO);

·the types of fraud in respect of the product or the vector identified via notable national cases flagged up in the SILCF or Community cases flagged up under the mutual assistance arrangements (MA cases).

In conclusion, it is apparent that all previous disputes, including irregularities in respect of which the operators have made ‘voluntary admissions’, are taken into account when preparing the risk analysis and scheduling the inspections.

HR

Whether they have taken into account the remarks of the Commission:

In relation to the fact that a “voluntary admission” became a more important source of irregularity detection, we would like to inform you that in the Republic of Croatia, such method is not yet recognised to be one of the methods of detection of cases reported as non-fraudulent.

If yes, whether these adaptations have produced results. The Commission would welcome concrete results:

Customs Directorate of the Republic of Croatia will, upon to the recommendations given by the Commission closely monitor, look and coordinate the activities of the local level – customs units for the clearance of goods, in order to make better coordination with units for inspections (post verification of information).

IT

Point 1)    

‘Voluntary admissions’ or own-initiative requests for review of customs assessment are taken into consideration for the purposes of planning ex post controls. For the related arrangements see point 2 below.

Point 2)     

The instrumental analysis, aimed at minimising risk in the field in question, is as follows:

·each month the Risk Analysis Office prepares a file on the list of assessment reviews sent to the Agency’s competent IT department;

·after that stage, ‘potential risk’ factors are taken into consideration and analysed.

These include:

a)whether the person concerned is in the Anti-Fraud Database; if they are, the information entered in the database is examined;

b)if requests for review of assessment are repeated, with an indication of the frequency of requests over the previous three years;

c)examination of the type of error, formal or substantial, for which review of assessment is requested;

d)on the basis of all the above factors, an assessment is made of the possible inclusion of a ‘subjective’ risk profile and ‘monitoring over time’ of how the profile develops.

Point 3)

For the Agency this modus operandi has always been the general rule, stated in various regulations on ex post controls, the most recent being the ‘Manual of Procedures for reviewing assessment and management the correction of customs declarations’ (document No 151197RU of 27 December 2013), which states as follows: ‘It is of course understood that, at the end of the review procedure, a copy of the relevant acts must be sent to the customs offices where the declarations subject to review were originally accepted, with a view to updating the records in order to adopt subsequent acts (updating of local risk sheets, evaluation of the possibilities of extending the verification to other persons that break the law in the same manner, updating of records of customs declarations, etc.).’ and to state whether these adaptations have produced results, and if so please give concrete examples.

As for concrete examples, the Customs and Monopolies Agency would point out that in view of the extent of this methodology, it will be possible to provide more detailed information on areas of particular interest.

CY

a) In every case we have voluntary admission regarding mistakes and/or irregularities in declarations, we do proceed in a risk management process in order to establish whether similar cases which had existed in the past, concerning the behaviour of the same importer in previous declarations, or other similar declarations applied from other importers.

The findings of this kind of risk management are evaluated and Emergency Action Plans for Post Clearance Control and Audit are prepared and executed immediately. We consider that such cases are better handled with the preparation and execution of Emergency Action Plans instead of Annual Plans because by using this method we have a better timing in action.

b) A recent concrete example is the Emergency Action Plan prepared for the couriers DHL, UPS, TNT, and ARAMEX, which has been prepared and executed by the central team of Post-Control Section on 24th and 25th of November 2016 in the relevant Airfreight Store of Larnaca Airport.

The most important findings in these false declarations do not seem to involve the four above mentioned couriers but the different supplier companies.

As regards voluntary admission, we do not have a concrete or legal definition but each and every time we have such voluntary admissions, its time duration has to be taken account, and obviously not after the importer has been informed about a Customs Control.

LV

The Customs Board of the State Revenue Services informs that the merchant has been put request for large scale of corrections to be made for goods. The information shall be registered in the national risk management correspondence recording system. In fact, such request does not mean that there will be immediate sanctions put for the merchant. Such information is collected and maintained for the risk analysis purposes when planning the risk mitigating measures. In case when the systemic nature of corrections are being recognized for the goods origin, value etc., the Customs Board may develop and implement risk mitigation measures to ensure that no violation are done in regards customs rules and regulations. The control procedure is done as far as to obtain assurance whether the risk has been corrected. The Customs Board in practice do not impose extensive measures for merchants that have been requested the corrections for the goods customs applications.

LT

The number of officers required for ex post verification of information received by voluntary admissions is not subject to planning. Ex post verification of information received by voluntary admissions is carried out by the same customs unit that carries out post clearance verification of declarations on the customs initiative (other post clearance verifications than customs audit). However, planning and monitoring are applied as concern the number of verified declaration where requests made by individuals are examined in the area of tariff regulation and customs valuation (a percentage of the total goods verified in conducting other post clearance verifications than customs audit). For the ex post verification of information received by voluntary admissions as well as for the declaration verifications on the customs initiative, Sub-system “Verification of Individuals” of the Risk Assessment and Control System (RACS) is used. This computer-based system contains, inter alia, information on all the post clearance verifications of declarations and individuals (area in which declaration was verified (classification, origin, value, etc.), whether verification was carried out on the customs initiative or at the request of an individual, nomenclature codes of verified goods, results of verification (discrepancies detected/no discrepancies), calculated tax changes at the moment of verification and copies of verification reports). This information is used for risk analysis. It has been collected prior to the issue of this recommendation as well.

With the help of special risk assessment rules and profiles, the RACS sub-system “Verification of Individuals” produces risk points with regards to import declarations executed over the last 3 years (customs procedure for release for free circulation) on the basis of individual risk areas and the overall risk point of the declaration.

Regarding risk assessment of economic operators, Lithuanian Customs may apply risk mitigation measures under the RACS (e.g. profiling), carry out risk assessment of economic operators and draw up early plans of verifications.

LU

No information provided.

HU

The full implementation of control tasks is ensured by an annual control plan developed with a view to achieving the principal objective that the inspection of the activities of operators identified as presenting a genuine risk should give a picture of the lawful and unlawful practices related to the field targeted by the control activities.

The plan is developed by taking into account that, in line with the principles contained in the Customs Audit Guide published by the European Commission, the primary objective of post-release (ex post) controls is prevention and steering the activities of operators towards lawfulness; naturally, an additional priority objective is to maintain the EU budget and the central budget of Hungary at the highest level possible through the post-clearance recovery of any amounts unpaid during the basic procedures, using the available audit resources in the most efficient and effective way.

In order to achieve the stated objectives, having regard to the expectations of external control bodies, a minimum control level of 5% needs to be ensured in annual terms, based on selection made on the basis of risk analysis. In theory and practice, the risk information obtained by the customs authority include information resulting from checks carried out following voluntary admissions (typically requests for amendment filed by clients). Such risk information are analysed, evaluated and processed as described above. In the light of the foregoing, all in all, voluntary admissions are dealt with as part of the risk management process.

MT

a) whether they have taken into account the remarks of the Commission;

Yes.

CHAPTER 37 - CUSTOMS ORDINANCE

Article 62 (M)

Provided that a person who makes an incorrect declaration and informs the Commissioner in writing about the said incorrect declaration –

(i) before the Commissioner informs the person that the particulars of the customs declaration are not correct, and

(ii) during the period where it is not yet established, in the systems relating to the processing of customs declarations, whether manual or electronic, if control of the goods will be exercised, or when it is established that such control is not to be exercised, and

(iii) such information is given to the Commissioner by not later than ten working days from the date of release of the goods, and

(iv) such incorrect declaration does not tend to make the declaration applicable to goods, other than those which were originally covered by the declaration, such person shall be deemed not to have committed an offence under this paragraph.

b) if yes, whether these adaptations have produced results. The Commission would also welcome concrete examples.

We had a number of cases when traders quote the wrong currency or incorrect values and inform customs before the declaration has reached its timeout. This is considered as a voluntary admission which exonerated that particular trader from being subjected to additional fines.

NL

The notes from the Commission were taken into account, but we did not detect any increase in voluntary admissions in the Netherlands. As a result, no adaption of the number of staff and/or resources is necessary. We find that staff numbers and resources are sufficient to deal with the volume of post-verification and/or information received. The small number of these in the Netherlands can be handled by the number of staff assigned to this task.

As already observed in the first recommendation, all audits are based on risk management, all information, e.g. voluntary admissions, will be taken into account, and there will always be a broader scope concerning other economic operators with comparable business or operations. A voluntary admission is an input for intelligence and will be part of the risk analysis concerning these companies and/or the commodities.

We do see voluntary admissions by AEOs. This is the result of the agreements associated with the certificate. We don't have any actual examples available of voluntary admissions as requested in sub b. There is no national definition of voluntary admission in place.

AT

No Information Provided

PL

Information on the risks arising from customs proceedings instigated at the request of the party concerned is included in the control system implemented by the Customs Service. Depending on the assessment of the risk of irregularities detected as a result of voluntary declarations, ex-post controls are carried out on economic operators carrying out similar activities. In addition, there are plans to step up analytical activities concerning risks identified in customs proceedings instigated at the request of the party concerned

PT

The management checks carried out by the competent Managing Authorities are generally based on a random sample. However, where this random sample does not alleviate concerns with regard to all the identified risk factors, a further investigation must be carried out which takes these into account.

Where voluntary admissions are understood by the MA to be a risk factor, this will be analysed.

RO

-    Information from the business sector on potential violations of customs legislation in the customs declaration process in Romania is assessed and, if it is pertinent, is entered in the RMF and ADIS systems in the form of risk profiles and alerts.

-    In accordance with OVANAF No 7521/2006, customs control teams can extend checks to all economic operators falling within the risk profile. With a view to disseminating information held at local level, the ‘Tema de studiu’ document is drawn up, setting out the risks and the fraud mechanism identified in the local risk assessment with a view to performing checks at national level of operators falling within the risk profile.

-    In national legislation there is no definition of the term ‘voluntary admission’.

SI

Recommendation 2 is currently being examined and analysed. Depending on the results of a study on the voluntary payment of customs duties, risk indicators may be drawn up, which will serve as the basis for producing the annual plan of customs inspections and ex-post controls. Controls will ensue where risk is identified as high.

SK

With the creation of annual planning of controls, information about voluntary admissions was taken into account. The form of voluntary admission is used by economic operators which, after their findings of additional costs associated with importation of goods, request for amendments of customs declaration after release of goods (Art.173 (3) UCC). In Slovak Republic we only registered 3 cases of voluntary admission for which related duty exceeding 10 000 €. All of them were notified via OWNRES to the European Commission (DG BUDG).

FI

The analysis of post clearance recoveries is one of the criteria of the risk management and audit but the focus has been rather on the recoveries made based on risk analysis and audit by the Customs than on Voluntary admission.

We understand that Voluntary admission mean the recoveries which are made by request of the importer.

SE

Yes, if the declarations are initiated by Customs for example in cases where the gods have not been declared at the customs border and the company wants to declare it afterwards. Information on customs initiated declarations is passed forward to the analysis unit. The result of the analysis is then used for post clearance examination, for example audits and has in some cases resulted in charges for customs duty.

UK

a)    The UK has always reviewed Customs Debts of any type, including voluntary admissions, through our risking and intelligence service. The UK uses this data on every project commissioned via the National Work Programme.

b)    This data feeds all cases and the UK’s assessment of associated potential risk. The UK has run specific projects around trade statistical errors where voluntary admissions were included. The most recent project resulted in recovery of £4 million across 129 cases, with an associated hit rate of 33%.

BE

No information provided

BG

Bulgaria ensures strict compliance with its obligations to report irregularities to the European Commission within the relevant timeframes laid down by law. In line with the national mechanism for irregularity reporting put in place the AFCOS Directorate of the Ministry of Internal Affairs (MVR) makes arrangements for and co-ordinates the reporting of irregularities to the competent national authorities and the European Commission at national level and monitors and controls the process.

By the end of each month following the previous quarter, the units responsible for the administration of EU funds, instruments and programmes report all new detected irregularities and actions taken to rectify them to the AFCOS Directorate, which then reports all irregularities subject to a requirement for reporting to OLAF within the second month following the end of each quarter. As a result of the controls conducted by the AFCOS Directorate on the process of reporting irregularities, the quality of reporting to OLAF has improved.

The AFCOS Directorate is responsible for ensuring and monitoring compliance with irregularity administration procedures within the units responsible for the management of EU funds. The outcomes of conducted checks are set out in dedicated reports, containing the relevant findings, along with recommendations and timeframes for their implementation.

The AFCOS Directorate coordinates the use at national level of the electronic Irregularity Management System (IMS) in line with the relevant OLAF guidelines, thereby ensuring its proper functioning. IMS maintenance and administration requires daily correspondence with OLAF and the national units authorised to use the system to ensure access, troubleshooting and other technical and methodological support. The AFCOS Directorate conducts training events for the employees of the competent institutions on IMS use.

CZ

No information provided.

DK

Denmark gives priority to observing the Commission’s guidelines for reporting via IMS. With regard to irregularities involving the agricultural funds, in 2014-2015 Denmark revised the reporting procedure, thus greatly improving the consistency and accuracy of reports.

In line with the current internal organisation of the structural funds’ managing authority, which aims to ensure enhanced and consistent assessment of cases of suspected fraud, emphasis is also placed on improving the internal procedure for reporting irregularities, including the information transmitted via IMS.

The structural funds’ managing authority also keeps abreast of the Commission’s and Member States’ activities for drawing up more detailed guidelines for reporting irregularities.

DE

No information provided

EE

So far OLAF has not had any complaints regarding the quality of the reports on Estonian irregularities. Our SF Managing Authority, who is responsible for the irregularity reporting to OLAF, does thorough data checks and approves correct data only. The 2nd level Intermediate Authorities must enter into our Managing Information System (MIS) an irregularity report as soon as they have first or new additional information. That means, we do not have an extra burden at the end or beginning of each quarter. The Managing Authority just imports from the MIS into the IMS all irregularity reports exceeding EUR 10 000 in the specific quarter.

OLAF initiated the case closing campaign for PAA measures recently and we will send all required additional reports.

Our institutions detect a few fraudulent irregularity cases every year and we keep OLAF informed of the situations of the cases by sending via the IMS additional reports with essential information quarterly until the case is completely (if applicable, including judgement) and finally solved.

IE

No information provided.

EL

No information provided

ES

 1) As regards the quality control of the information on irregularities sent via IMS, it should be pointed out that Spain has a highly decentralised administrative structure in which the Autonomous Communities manage a substantial share of European funds, each of them in turn through a multitude of bodies and entities.

This coupled with the plethora of intermediate bodies at national level, means that a large number of bodies and entities are obliged to report irregularities in Spain, which hampers effective coordination.

In the light of the problem raised in the 2015 PIF report, and with a view to improving reporting of irregularities, at the meetings held over the year with the various bodies and entities which report irregularities – and thus must fill in the necessary fields – it was found that the cause of the shortcomings in the information provided is usually the lack of clear instructions on how to fill in the different fields in the system.

In order to solve this problem, once IMS 5 is operational – and both the entities reporting irregularities via IMS and those that will have to start doing so in the new 2014-2017 framework are familiar with the new system and have solved the problems arising from the transition from one system to another — in the course of 2017 the National Anti-Fraud Coordination Service and the National Audit Office, which is responsible for validating the reports of irregularities by all the bodies and entities in the system before they are sent to OLAF, intend to organise a number of training days for those responsible for filling in the necessary fields for reporting irregularities.

The training will be eminently practical and aimed at pointing out the most relevant fields of the IMS system that should be filled in in every case, as well as the specific information to be included in each field, thereby clarifying any doubts which people may have.

2) With regard to the need to improve the reporting of irregularities which constitute fraud or suspected fraud, it should be noted that on 3 February 2016 the National Anti-Fraud Coordination Service adopted criteria on the classification of and procedure on action to be taken in relation to irregularities and suspected fraud in operations or projects subject to criminal proceedings, addressed to all the authorities responsible for the management, certification and audit of all European funds which are required to report irregularities via the IMS system.

The criteria are based on the assumption that, in accordance with the applicable European rules, suspected fraud means ‘an irregularity that gives rise to the initiation of administrative or judicial proceedings at national level in order to establish the presence of intentional behaviour, in particular fraud, as referred to in Article 1(1)(a) of the Convention on the protection of the European Communities’ financial interests’.

The existence of administrative or judicial proceedings aimed at establishing the presence of fraud is thus a decisive factor in classifying a given irregularity as suspected fraud for the purpose of reporting it to OLAF.

In this context, section 5.1 (on the concept of ‘suspected fraud’) of the working document on the fight against fraud and other illegal activities - requirements for the reporting of irregularities by the Member States, drawn up by the European Anti-Fraud Office (OLAF) in 2011, states among other things that any irregularity should be classified as suspected fraud if it is reported to the public prosecutor for the purpose of taking the appropriate action.

That being the case, the fundamental idea behind the above criteria established by the National Anti-Fraud Coordination Service (a copy of which is attached as an annex to this document) is that whenever knowledge is acquired by any truthful means of the existence of legal proceedings aimed at establishing conduct which may constitute a criminal offence affecting operations or projects funded in whole or in part by one of the funds under the IMS system, all irregularities detected in those projects or operations must be classified as ‘suspected fraud’ for the purpose of reporting them to OLAF under the procedures for reporting irregularities set out in the Community rules referred to above.

A procedure is also established for the National Anti-Fraud Coordination Service to follow up on those irregularities.

Thanks in part to the adoption of the above criteria by the National Anti-Fraud Coordination Service, a large number of irregularities in 2015 have been classified as suspected fraud. As can be seen in the IMS application, at present 102 irregularities are classified as suspected fraud in Cohesion Policy – compared with a single case in the 2015 PIF report – and one irregularity is classified as suspected fraud in the Common Fisheries Policy, compared with no cases in the 2015 PIF report.

In addition, the data currently contained in IMS show, in the context of the Cohesion Policy, an increase in irregularities reported as suspected fraud in 2016 (5) compared with those initially reported in 2015 (1). Irregularities for the last quarter of 2016 are still to be reported; the deadline being the end of February.

Finally, two cases of irregularities reported as suspected fraud in 2016 under the Common Agricultural Policy were based on the application of the criteria of the National Anti-Fraud Coordination Service referred to above.

CRITERIA ON THE CLASSIFICATION OF AND ACTION TO BE TAKEN IN RELATION TO IRREGULARITIES AND SUSPECTED FRAUD IN OPERATIONS OR PROJECTS THAT ARE SUBJECT TO CRIMINAL PROCEEDINGS.

Suspected fraud means ‘an irregularity that gives rise to the initiation of administrative or judicial proceedings at national level in order to establish the presence of intentional behaviour, in particular fraud, as referred to in Article 1(1)(a) of the Convention on the protection of the European Communities’ financial interests’. 44

The existence of administrative or judicial proceedings aimed at establishing the presence of fraud is thus a decisive factor in classifying a given irregularity as suspected fraud for the purpose of reporting it to the Commission.

In this context, paragraph 5.1 (on the concept of ‘suspected fraud’) of the working document on the fight against fraud and other illegal activities - requirements for the reporting of irregularities by the Member States, drawn up by the European Anti-Fraud Office (OLAF) in 2011, states among other things that any irregularity should be classified as suspected fraud if it is reported to the public prosecutor for the purpose of taking the appropriate action.

In view of the above, and specifically with respect to legal proceedings, this document sets out the criteria and procedures for the national authorities responsible for reporting irregularities to the Commission to have access to information regarding the legal proceedings aimed at establishing conduct which may constitute a criminal offence affecting operations or projects fully or partly financed with funds from the European Union, and to classify the irregularities relating to those projects or operations under the procedures for reporting irregularities to the European Commission in order to ensure uniform and coordinated action by the national authorities involved.

The 25th additional provision of Law 38/2003 of 17 November 2003 (General Law on Subsidies – LGS) states in paragraph 2c) ‘it is for the National Anti-Fraud Coordination Service ... to establish channels for coordinating and sharing information on irregularities and suspected fraud between the various national bodies and OLAF’. The Service is thus responsible for establishing the procedures and common guidelines for action referred to in the preceding paragraphs, as well as managing relations with OLAF with regard to the information the latter may request in relation to the follow-up of irregularities which in accordance with these instructions have been classified as suspected fraud.

ONE – Purpose.

This document is intended to establish guidelines on the classification as suspected fraud of irregularities detected under the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Maritime and Fisheries Fund, the European Agricultural Fund for Rural Development, the European Agricultural Guarantee Fund, the Fund for European Aid to the Most Deprived, the Asylum, Migration and Integration Fund and the instrument for financial support for police cooperation, preventing and combating crime, and crisis management, where the existence of legal proceedings aimed at establishing conduct which may constitute a criminal offence affecting operations or projects fully or partly financed by those Funds becomes known.

The classification of an irregularity as a suspected fraud in accordance with these provisions shall be solely for purpose of reporting to the European Commission under the procedures for reporting irregularities under those Funds set out in Delegated Commission Regulations (EU) 2015/1970, 2015/1971, 2015/1972, 2015/1973 of 8 July 2015, and Commission Implementing Regulations (EU) 2015/1974, 2015/1975, 2015/1976 and 2015/1977 of 8 July 2015, or in those replacing them in the future.

TWO – Classification of irregularities as suspected fraud.

Whenever by any truthful means the existence of legal proceedings aimed at establishing conduct which may constitute a criminal offence affecting operations or projects fully or partly financed from one of the Funds referred to in section ONE becomes known, all irregularities detected in those projects or operations must be classified as ‘suspected fraud’ for the purpose of reporting them to the European Commission under the procedures for reporting irregularities set out in the Community Regulations referred to above.

For the purposes of implementing the above paragraph, the procedure set out below shall be followed.

THREE – Procedure to be followed for the irregularities already detected and reported to the European Commission.

1. As soon as the existence of the legal proceedings referred to in section TWO becomes known, the National Anti-Fraud Coordination Service shall identify the irregularities detected in operations or projects concerned by those proceedings that have been notified to the European Commission under the procedures set out in the Delegated and Implementing Regulations referred to above.

2. Subsequently, the Service shall notify the authorities which reported those irregularities of the existence of criminal proceedings affecting the operations or projects in which the irregularities were detected and instruct them to immediately update the initial report for the purpose of classifying the irregularities as suspected fraud.

Where the person or entity subject to the legal proceedings is known, but none or only part of the operations or projects concerned could be identified, the National Anti-Fraud Coordination Service, in the light of the circumstances of the case, shall consider how to deal with the irregularities reported to the European Commission in relation to that person or entity, as regards their classification as suspected fraud. The same shall apply to irregularities detected and/or reported in relation to that person or entity after the notification referred to point 1 of section FOUR.

3. After updating the reports through the procedures set out in Community legislation, each of the authorities referred to in the previous paragraph shall notify the National Anti-Fraud Coordination Service of the update and shall forward to it, within 15 days, a copy of the report or measure in which the administrative authority confirms the existence of the irregularities concerned, as well as any other documentation that the Service may request in that regard.

4. Where the circumstances of the case allow, the National Anti-Fraud Coordination Service shall inform the public prosecutor or the court concerned of all the irregularities detected in operations or projects subject to the legal proceedings and may provide them with any related documentation from the competent authorities under the provisions of the previous point of this section, and shall inform them in any event that the documentation relating to the irregularities is available from the National Anti-Fraud Coordination Service.

FOUR – Procedure to be followed for the irregularities subsequently detected and/or reported to the European Commission.

1. Without prejudice to the procedure set out in section THREE, and as soon as the Member State becomes aware of the existence of the legal proceedings referred to in section TWO, the National Anti-Fraud Coordination Service shall notify all administrative authorities with responsibility for the management, certification and audit of the EU funds which financed the projects or operations of the existence of the proceedings and the operations or the projects affected by them.

The notification shall specify that, from receipt of that notification, any new irregularity subsequently detected and/or reported to the European Commission in relation to those projects or operations must be classified from the outset as suspected fraud under the procedures for reporting irregularities set out in the Delegated and Implementing Regulations referred to above.

2. Where any of the actions that were the subject of the criminal proceedings aimed at establishing whether they constituted a criminal offence was not reported as an irregularity under the procedures referred to above, the National Anti-Fraud Coordination Service shall assess the circumstances for the purpose of reporting the conduct in question as an irregularity to the European Commission. The irregularity shall be classified as suspected fraud, the costs being borne on the basis of the outcome of the legal proceedings and, therefore, there would be no need to initiate a recovery procedure until the irregularity is established in the judgment closing the legal proceedings.

3. For the purposes of the previous paragraph, and in the light of the information obtained on the criminal proceedings, the National Anti-Fraud Coordination Service may recommend to the competent administrative authorities that additional measures or controls be carried out on operations or projects implemented by the same entity or related to those that are subject to the criminal proceedings.

4. Each time that, through the procedures set out in Community legislation, the competent administrative authorities report a new irregularity in operations or projects concerned by the criminal proceedings, the reporting authority shall notify the National Anti-Fraud Coordination Service and shall forward to it, within 15 days, a copy of the report or measure in which the administrative authority confirms the existence of the irregularity, as well as any other documentation that the Service may request in that regard.

5. The provisions in point 4 of section THREE of these rules shall apply to irregularities that the competent administrative authorities detect and/or report to the European Commission after the notification referred to in point 1 of this section in respect of operations or projects affected by the criminal proceedings in question.

FIVE – Measures to be taken after criminal proceedings.

1. After the end of the criminal proceedings referred to in the above sections, the National Anti-Fraud Coordination Service shall analyse the final judgment and identify any conduct classified as a criminal offence therein.

2. In view of the content of judgment, the following action shall be taken in respect of the irregularities detected in the operations or projects concerned by the criminal proceedings:

a) Those irregularities reported to the European Commission which correspond to conduct classified as a criminal offence in the judgment must be classified as ‘established fraud’ for the purpose of reporting to the European Commission under the procedures for reporting irregularities set out in the Delegated and Implementing Regulations referred to above.

b) In relation to irregularities reported to the European Commission which do not correspond to any of the acts classified as a criminal offence by the judgment, the reporting of these irregularities to the European Commission must be updated to the effect that they are no longer classified as ‘suspected fraud’ under the procedures for reporting irregularities set out in the Delegated and Implementing Regulations referred to above.

This applies without prejudice to any further measures or pending legal proceedings which might affect the entity or the operations or projects concerned by the judgment, provided that such measures have not been completed.

Without prejudice to the previous paragraphs, if, prior to the completion of the criminal proceedings, the National Anti-Fraud Coordination Service has clear evidence that any of the irregularities detected in the operations or projects concerned is in no way related to the conduct under investigation or are being prosecuted, it may instruct the reporting authority to withdraw the classification as suspected fraud by updating the report under the procedures for reporting irregularities laid down in Community legislation.

c) In relation to conduct classified as a criminal offence by the above judgment which did not give rise to any reporting of irregularity under the procedures for reporting irregularities referred to above, the National Anti-Fraud Coordination Service shall inform the European Commission under those procedures of an irregularity for each act, and shall be required to classify them as ‘established fraud’ for the purposes of that reporting.

3. For the purposes of complying with the provisions in point 2 of this section, the National AntiFraud Coordination Service shall forward the final judgment to the authorities which notified the European Commission of the irregularities detected in operations or projects concerned by those proceedings.

It shall also indicate separately to each of those authorities the irregularities which fall under 2a) of this section and those which fall under 2b) of this section.

In the subsequent notification to the Commission the authorities shall update their reports on those irregularities as established for each case in point 2 of this section, as well as reporting the update to the National Anti-Fraud Coordination Service.

The National Anti-Fraud Coordination Service shall also send the judgment to the other administrative authorities with responsibility for the management, certification and audit of EU funds which financed operations or projects concerned by the criminal proceedings.

4. From the moment the authorities referred to in the preceding point receive the final judgment from the National Anti-Fraud Coordination Service, the classification of the new irregularities detected in the operations or projects concerned by the proceedings shall be conducted in accordance with the guidelines set out in Community legislation and in any instructions approved by the competent bodies.

5. The measures referred to in the previous sections shall be carried out provisionally where the initial judgment has been delivered and, if necessary, amended, once the judgment has become final.

SIX – Measures to be taken when the authorities responsible for the management, certification or audit of the funds referred to in section ONE are aware of the legal proceedings.

Where, prior to receiving any notification from the National Anti-Fraud Coordination Service, an administrative authority responsible for the management, certification or audit of one of the funds referred to in section ONE is aware of the existence of the legal proceedings referred to in that section, the authority concerned shall inform the Service so that the latter may initiate the measures referred to in sections THREE and FOUR of these rules.

If possible, the authority concerned shall immediately inform the National Anti-Fraud Coordination Service of the irregularities reported in relation to the operations or projects that were subject to the criminal proceedings and submit to the Service a copy of the report or measure in which the administrative authority confirms the existence of the irregularities in question.

SEVEN – Relations with the European Anti-Fraud Office (OLAF) in relation to irregularities classified as suspected fraud.

In the event that the European Anti-Fraud Office (OLAF) requests information on the follow-up of irregularities classified as suspected fraud under these rules, and the request was addressed to the administrative authority which had reported the irregularities concerned, the National AntiFraud Coordination Service must be notified of the request, so that it can manage relations with OLAF with regard to the follow-up of the irregularities.

The administrative authority which received the request from OLAF must notify OLAF that the classification of the irregularities as suspected fraud was carried out in compliance with these rules and that the measures have been sent to the National Anti-Fraud Coordination Service, which OLAF may contact to obtain the information requested.

EIGHT – Compatibility with existing instructions or rules in other areas.

These provisions are without prejudice to the rules on reporting of irregularities and suspected fraud set out in General Instruction 2/2015 of the Spanish Agricultural Guarantee Fund on measures for fraud prevention and detection.

FR

In response to recommendation No 3 on improving the quality of the information submitted on irregularities, which recommends that efforts be stepped up in detecting and/or reporting on fraud, the French authorities have implemented the following measures:

- the Inter-ministerial Commission for the Coordination of Inspections (CICC), audit authority for EU funds in France (CICC-Structural Funds), has developed new instruments to help its operations auditors incorporate the anti-fraud dimension in the performance of their tasks. This was particularly the case when the list of public procurement controls was being reviewed to ensure proper use of the ARACHNE tool in accordance with the instructions issued by the department responsible. The CICC has also developed a training programme for its operations auditors. One of the training modules focuses on raising awareness of issues related to detecting fraud or suspected fraud.

- the Office of the Commissioner General for Territorial Equality (CGET) has organised regular meetings for all the authorities responsible for European programmes, covering different topics including the fight against fraud; the aim is to facilitate and safeguard the implementation of programmes co-financed by the European Structural and Investment Funds (ESIF). Since 2013, the CGET has set up an inter-fund working group on this subject in direct response to requests by the authorities responsible for European programmes (internal control, conflict of interest, whistle-blowers, etc.) and has also drawn up reference documents. Furthermore, in the context of fortnightly meetings with the Directors in charge of implementing the operational programme, the CGET has invited a representative of the National Anti-fraud Delegation (DNLF - the French Antifraud Subcommittee (SCAF)/Anti-fraud Coordination Service (AFCOS) to come and outline the Commission’s expectations with regard to the fight against fraud under the Structural Funds. The tools developed by OLAF and the DNLF for detecting fraud in connection with the ESIF are available on the CGET’s digital platform, bringing together all actors involved in implementing the ESIF in France. Finally, the national technical assistance programme 2014-2020 plans to fund training courses for programme management authorities, certifying authorities and audit authorities on different areas, including public procurement, taking particular account of the European Court of Auditors’ Special Report on problems with public procurement in connection with the ESIF. A national-level working group has been set up to organise the implementation of these training courses, in particular in the following areas:

the rules applicable to public procurement;

The main irregularities detected and the financial corrections to be applied.

- Finally, the paying agency for agricultural aid (FranceAgriMer - FAM) bolstered its internal control action plan in 2015 with anti-fraud measures (awareness-raising activities for staff, educational initiatives: analysis of fraud cases encountered and exchanges on these cases, etc.). A memorandum stressing the sensitive nature of the subject of ‘fraud’ and describing the action plan to be deployed was circulated to all staff on 16 June 2015. It was accompanied by a memorandum on the agency’s internal control policy and a presentation on the different components of the plan.

The specific actions mentioned were deployed in 2016, including:

·awareness-raising sessions focusing on the prevention, detection and handling of fraud risks. 454 people were trained (including 96 in the regional departments). The 3 EU funds in which the institution is involved, either as paying agency — PA (EAGF) or intermediate body — IB (FEAD and EMFF) are covered as are the authorities dealing with public procurement matters;

·the formalisation of alert procedures in the event of suspected fraud, either external or internal, or where there is a risk of conflict of interest;

·a specific approach to fraud risk implemented as part of the review of risk analyses by measure (fisheries sector — EMFF);

·a review of the fraud penalty systems provided for in Community horizontal and/or sectoral legislation, and if necessary, the improvement of the national framework (agricultural sector);

·the improvement of knowledge sharing in respect of cases of fraud or attempted fraud detected by the institution and the external control bodies: the establishment of a factsheet on fraud cases, sharing of the factsheets with all stakeholders (management and on-the-spot checks; accounting department), proposal for the improvement of the control systems;

·first meeting of the dedicated governance body (validation of the alert procedures; presentation of the fraud statistics following ex-post controls (EAGF non-IACS — integrated management and control system);

·development of an area dedicated to dealing with fraud risks on the institution’s intranet (rules, instructions, alert procedures, minutes of knowledge-sharing meetings, etc.).

·stepping up cooperation in the fight against fraud between the paying agency and the external control bodies: organisation of information exchange meetings on dealing with intentional noncompliance with a view to establishing an early warning system for cases of suspected fraud identified during post-clearance controls.

HR

In order to improve the quality of irregularity reports within IMS, Service for Combating Irregularities and Fraud (hereinafter: SCIF) drafted new version of Guidelines on Irregularity Management in the context of Structural instruments and ESI Funds (hereinafter: Guidelines) which were adopted by Minister of Finance on December 7, 2016. Purpose of Guidelines is to prescribe procedures for prevention, detection, treatment, reporting and follow up of established irregularities related to the use of Structural instruments and ESI Funds in the context of irregularity reporting. According to Article 5 (3) a of Regulation on the Institutional Framework of the System of Combating Irregularities and Fraud (OG 144/2013) Irregularity Reporting System bodies (IMS users) are obliged to follow procedures which are described within the Guidelines concerned.

Furthermore, during 2016, SCIF organized several workshops in regards to use of IMS for the relevant IMS users. During workshops special emphasis was put on the improvement of quality of irregularity reports within IMS.

Moreover, SCIF continuously conducts regular meetings with Irregularity Reporting System bodies (IMS users) in relation to implementation of Guidelines in the context of Structural instruments and ESI Funds as well as it conducts meetings with AFCOS Network bodies in cases of suspected fraud.

Additionally, SCIF as a coordinative body of the AFCOS system in Croatia and main contact point with OLAF checks quality of irregularity reports prior to reporting to OLAF and if necessary returns reports to a body concerned for a correction.

Planned activities in 2017 regarding improvement of irregularity reporting are:

·Continuous maintenance of IMS

·Organizing seminars/work-shops if needed/requested by relevant institutions concerned

·Updating Guidelines on Irregularity Management if needed/requested by relevant institutions concerned

IT

No information provided

CY

No information provided

LV

The Managing Authority for EU structural funds and the Cohesion Fund, Namely ESF, CF and ERDF has made the following improvements:

To ensure the best possible analysis of irregularities concerning breaches of procurement rules, Latvia introduced a new drop-down-list for irregularity type “Breaches of the procurement rules” in the national Cohesion Policy Funds information management system analogous to drop-down-list of type of irregularity “Public procurement” in European Anti-Fraud Office Irregularity Management system. Mentioned measure has been implemented in order to provide exceptionally detailed analysis of breaches of the procurement rules, as a result it will contribute towards enhancement of measures aimed to reduce the amount of irregularities in procurement sphere, as well to provide methodology support, aimed to the most weakness branches of procurement as a control mechanism.

In addition once a year after OLAF request to check data indicated in IMS (in order to ensure that all figures are correct in Annual Reports on the protection of the EU's financial interests), the Managing Authority of Latvia (hereinafter – MA) exports prior year irregularities from IMS in order to check correctness of the data and is it necessary to update information about irregularity.

In order to strengthen the effort to detect fraud, Latvia has taken measures listed below:

•    Single Co-operation authority;

•    Single IT system;

•    Separation of functions within one organization;

•    Cooperation with law enforcement authorities;

•    Checks of procurement documents;

•    Checks of payment applications;

•    Development of national guidelines and common methodology;

•    On-the-spot checks, based on the risk analysis;

•    Seminar organization and exchange of best practices;

•    Fraud web reporting.

In regards to the FEAD: The Ministry of Welfare as a FEAD Managing authority has delegated to FEAD Intermediate body establishing and maintaining FEAD Information system, in which the FEAD Certification authority gathers and saves information of amounts due to be recovered, and of amounts withdrawn following cancellation of all or part thereof (in accordance with Article of Regulation No 223/2014 32. Article 2 () ("d", "e" and 33 'd "," g "," h "().

Information about irregularities in OLAF reporting system is detected by FEAD Intermediate body, which is responsible for decisions regarding the acceptance of irregularities.

There have not been identified fraud activities within FEAD in 2016.

In regards Agricultural funds and Fishery funds:

In order to ensure that the data and information provided is relevant and qualitative, the examination of the reports cross-checks are done on two levels - both paying agency level, which is responsible for reporting, verification and transmission of information to the Managing Authority by using the IMS facilities, as well as on the level of the Managing Authority who’s responsibility is to evaluate the report, to verify it and submit to Commission, via the IMS. Each institution level checks respects the four-eye principle, thus providing relevant data and information relevance and quality. IMS reports are filled in accordance with the respective requirements and quality.

Part 2 of the Recommendation: Not applicable

LT

The procedure of detection, investigation and reporting of irregularities related with the projects co-financed from the EU structural funds (further - projects) is established in the legal acts regulating the administration of the EU structural funds. The established procedure provides for the detection and investigation of irregularities by the project Implementing Authority (further – IA).

IA may suspect irregularities and institute the investigation of irregularities in the course of administration of the project, having noticed information in the mass media or having received information from other institutions (e.g. managing authority, certifying authority, audit authority, other IA, EC, European Court of Auditors, Public Procurement Office, Competition Council, Financial Crime Investigation Service (FCIS), Special Investigation Service (STT, anticorruption agency), the public or any other sources).

In the case of suspecting criminal acts, IA should immediately inform about that relevant pre-trial investigation institutions such as FCIS (in the case of suspected fraud) or STT (in the case of suspected corruption) that shall take a decision on the institution of a pre-trial investigation.

Having detected irregularities (i. e. having taken a decision that the irregularity has been committed and related ineligible costs have been identified), IA reports these irregularities to the EC taking onto account the exceptions provided for in the EC regulations.

Irregularities are reported electronically to the EC during a 2-month period that follows the quarter in which the irregularity was detected via the Irregularities Management System (IMS) administered by OLAF. Irregularities whereon pre-trial investigation institutions are informed or which are related with pre-trial investigations conducted by these institutions with regard to a respective project are qualified as a Suspected Fraud (IRQ3) and are reported via the IMS.

In cases where IA suspects a criminal act but on the basis of the assessment of all the circumstances related with it has no grounds, within the scope of its competence, to establish the occurrence thereof (e.g. is not entitled to state that a proof of expenditure raising the suspicion of fraud is actually forged), the investigation of the irregularity is terminated without establishing the irregularity and the results of pre-trial investigation and court decision regarding the criminal act are anticipated. Having received the court decision, the investigation of the regularity is reopened, the occurrence of irregularity is approved and it is classified as Fraud (IRQ5). If the irregularity in question were related to amounts of more than EUR 10 000 chargeable to the general budget of the European Communities, the EC would be notified via IMS.

During the administration of projects in the programming period 2007-2013, 14 irregularities classified as Suspected Fraud (IRQ3) were reported to the EC via IMS before 19 January 2017 (see the attached list). Furthermore, the EU Structural Assistance Computer-Based Information Management and Monitoring System (SFMIS) show that on 15 December 2016 the court recognised criminal offences in two projects (No. VP3-1.3-ŪM-06-K-02-075 and No. VP2-2.1-ŪM-02-K-02-153). On this basis, information on them will be updated in IMS (IMS case No. 96159 and No. 88849) after the updated reports on the irregularities are received from the IA administering the projects.

In order to strengthen cooperation of institutions administering the EU structural funds and pre-trial investigation institutions and enhance their administrative capacities in counteracting fraud and corruption in the area of administering the EU structural funds, the following measures were implemented in 2016:

·the EU structural funds administration system 2014-2020 including, inter alia, Financial Crime Investigation Service (FCIS), has also incorporated the Special Investigation Service (STT) responsible for detection and investigation of corruption-related criminal acts and development and implementation of corruption prevention measures (Resolution of the Government of the Republic of Lithuania No. 473 of 11 May 2016 „On the Amendment of the Resolution of the Government of the Republic of Lithuania No. 528 of 4 June 2014 'On the Allocation of Responsibilities and Functions among the Institutions Implementing the Operational Programme for the European Union Structural Funds Investments in 2014-2020'). Both pre-trial investigation institutions participate in the implementation of the Operational Programme for the European Union Structural Funds Investments in 2014-2020 approved by the EC Implementing Decision of 8 September 2014 (notified under document No. C(2014)6397);

·the procedure for the provision of information on pre-trial investigations to the managing authority has been adjusted. It has been established that STT and FNTT should inform the managing authority in accordance with the procedure prescribed by laws on the opened and/or terminated pre-trial investigations into the suspected criminal acts related with the unlawful receipt and/or use of the EU structural funds. The managing authority, ministries and implementing authority must immediately report the suspected corruption-related criminal acts and suspected fraud cases to STT and FNTT respectively. Information on the afore-mentioned offences must be accordingly provided to the managing authority, implementing authority and the respective ministry (Resolution of the Government of the Republic of Lithuania No. 485 of 18 May 2016 “On the Amendment of Resolution of the Government of the Republic of Lithuania No. 1090 of 3 October 2014 “On the Approval of the Rules of Administration of the Operational Programme for the European Union Structural Funds Investments in 2014-2020”; Order of the Minister of Finance of the Republic of Lithuania No. 1K-184 of 18 May 2016 “On the Amendment of Order of the Minister of Finance of the Republic of Lithuania No. 1K-316 of 8 October 2014 “On the Approval of the Project Administration and Financing Rules”);

·the Working Group of the EU funds irregularities inspectors set up by Order of the Minister of Finance of the Republic of Lithuania No.1K-115 of 16 April 2009 “On the Establishment of the Working Group of the EU Funds Irregularities Inspectors” (as amended by Order No. 1K-75 of 2 March 2016) has incorporated the STT representatives as observers. The working group is responsible for both 2007-2013 and 2014-2020 programming periods and tackles the issues related with detection, investigation, elimination and prevention of irregularities (including the suspected fraud cases), coordinates the respective activities and addresses the issues on irregularities and suspected fraud risk management. For example, the meeting of the Working Group on 29 November 2016 discussed the amendments to the legal acts on the administration of irregularities, other relevant issues raised by institutions, would-be and already implemented anti-fraud and anti-corruption measures as well as actions to be taken upon the suspicion of criminal offences.

LU

IMS is used by the Management Authority of FEAGA/FEADER for their declarations.

HU

No information provided

MT

No information provided.

NL

No information provided

AT

IMS information quality:

The new IMS reporting system means that 2015 was a year of ‘apprenticeship’ for Austria. The following is to be noted:

The printout of a dossier currently requires 12 pages (rather than the previous maximum of 3 pages) for the same volume of information. This makes quality control more difficult.

Page 4, ‘Operation specific-Project’ cannot be meaningfully filled out for the agricultural sector.

Information relevant to agriculture is found on page 5: ‘Operation specific-Agriculture’. Page 4 (Operation specific-Project) is not therefore filled out.

Several drop downs did not yet function in 2015.

When account is taken of the abovementioned points, Austria's reports on the agricultural sector for 2016 should already be almost fully complete.

Low number of fraud cases:

It should be borne in mind that aid in the agricultural sector is disbursed by officially authorised paying agencies which are supervised by the Member State and by the Commission.

A comprehensive monitoring system is in place to detect any irregularities and fraud in relation to these payments. The system encompasses all stages, from the submission of an application to disbursement. The relevant conditions are set out in Regulations Nos 1306/2013, 907/2014 and 908/2014.

Depending on the aid measure, the required on-site inspections are carried out for between 5 % and 100 % of the aid applications. Risk factors are to be taken into account in the selection of control samples, whereby factors such as

·the amount of the (annual) payment and

·any irregularities that are already known (concerning the applicant and/or measure) are to be considered.

All the planned control measures are aimed at detecting any irregularities before disbursement, where appropriate taking account of penalties when calculating the aid payment.

Furthermore, recoveries relating to one or more years earlier can also be made in the case of multiannual commitments (in particular for agri-Furthermore, recoveries relating to one or more years earlier can also be made in the case of multiannual commitments (in particular for agri-environmental measures). The high number of administrative checks carried out in this sector means that cases of fraud can generally no longer occur. There are therefore de facto now only very few, sporadically arising cases of suspected fraud. In nearly all cases, the irregularity consists simply in the non-fulfilment of one or more of the funding conditions. The subsequent recoveries (starting from 1 euro cent) are registered immediately and more than 90 % are made within a year by setting them off against other claims.

PL

-Poland is doing everything it can to meet its obligations under the rules governing the process for reporting irregularities. As show in the Commission’s annual PIF Report, Poland also differs from other Member States with regard to the cases of irregularities and suspected fraud it reports to the Commission, in that it is quick to pass on data it obtains to the Commission, enabling appropriate risk analyses to be carried out in this area and used for their intended purpose. Over the last few years, Poland has built up considerable experience on the reporting of irregularities; it has been actively involved in COCOLAF and has helped the Commission draft implementing and delegated acts on the reporting of irregularities for the period 2014-20 and draw up the new Guidelines.

-Poland has duly implemented uniform national procedures and guidelines for individual reporting for the period 2000-20. In each reporting period, it continuously monitors and verifies the accuracy of the reports submitted. In the light of the above, all declarations sent by Poland contain information of similar quality, scope and level of detail and, in each case, meet the requirements laid down in EU legislation.

-Any shortcomings identified by the Commission in the IMS database are, however, to be linked to the migration of data during the Commission’s implementation of successive IMS versions over the last few years. These successive versions merged individual modules, codified data, modified the report form and transferred certain content to other fields, which resulted in part of the information being irretrievably lost. This loss cannot be blamed on Member States because the entire migration of data was carried out without their participation by the Commission alone, in line with the strategy adopted. Another example of Commission actions that have had a very negative effect on the quality of IMS data is the deletion of names and project numbers in all declarations in the database, along with the locking of the manual adjustment to make way for a drop-down list in the future (this turned out not to be technically feasible as, for example, in Poland, just for cohesion policy for the periods 200713 and 2014-20, over 160 000 agreements have been signed to date for funding projects, and more are being signed every day). In Poland’s opinion, the day-to-day management and updating of such a list of all projects, only a small percentage of which are affected by irregularities and actually used by IMS, is unnecessary and practically impossible. Moreover, in subsequent IMS versions, the Commission dropped functionalities that served to prevent errors (e.g. automatic totalling of amounts or system corrections for subsequent fields in the form).

-In relation to the above, we would point out that it is not just the Member States that are responsible for the quality of IMS data, the Commission’s actions also have a major impact here.

PT

No information provided;

RO

No information provided.

SI

The reply is in two parts.

Part 1: reply from the Agency for Agricultural Markets and Rural Development of Slovenia (AKTRP)

When filling in the report in the IMS system, the AKTRP always seeks to provide a detailed description of the irregularities under the heading Modus Operandi. The description, for the most part, is taken verbatim from the request for the recovery of funds sent to the client by the paying agency.

AKTRP is working to improve on identifying fraud. Lately the emphasis has been on improvements to the register of fraud indicators.

Part 2: reply from the Government Office for Development and European Cohesion Policy

When reporting on irregularities in Slovenia under Objective 1, the reviewer (acting as the manager) particularly closely inspects whether all the required fields have been completed; we pay utmost attention to the completion of fields 1.16 and 1.17 in conjunction with the data entered under points 3 and 4, 6 and 7, and also 8 and 9. The last two concern the financial consequences of an identified irregularity and the recovery of funds. Where no, incomplete or inconsistent data is entered, the manager will reject the report and send it back to the author with comments. Support to the manager is provided in the form of the IMS manual (which could be more detailed) as well as any information and instructions received by email from OLAF (Unit 2D) on how to enter data into the IMS. This information, i.e. guidelines, is being forwarded to report drafters as assistance for entering data, i.e. reporting on irregularities.

SK

No information provided

FI

In the area of agriculture the anti-fraud training has continued as part of the EU Paying Agency’s training activities. Efforts have been made in order to raise the level of fraud awareness among the controllers and auditors of the funds. In addition, the checklists used by the controllers have been updated and more fraud-related questions added. A new information system with reporting tools also allows more specific statistical analysis.

SE

No information provided.

UK

The UK’s approach to CAP fraud is based on prevention during the claim processing, administration and payment processes. For EU funding programmes, all UK agencies with responsibility for distributing CAP funds have processes in place to monitor and report fraud in line with current regulations. The high standard of checks means that levels of such fraud are low in the UK. Any cases of fraud pre/post-payment are reported to the EU Anti-Fraud Office. The low levels of reporting show that the UK’s approach is effective. Nevertheless, the UK Authorities continue to strive to do more to address this important issue.

The requirements to safeguard the CAP from fraud are contained in Regulation 907 of 2014. Paying agencies in the UK are audited annually by the Certifying Body and are assessed by the auditors against Reg 907/2014 accreditation criteria and we have not been found to be deficient in this area.

Recommendation 4

Given the complexity of the operations managed and the high number of beneficiaries concerned, Member States (managing authorities/paying agencies and audit/control authorities) are invited to plan and focus their audits and control activities on the basis of risk analysis and performing IT tools.

The Commission has developed and put at the Member States’ disposal systems and tools such as Arachne, IMS and the Fraud Risk Assessment tool. The Commission encourages Member States to use these systems and tools more systematically and efficiently, unless other comparable alternatives are already available to them.

BE

a) REPLY from the Walloon Region:

Managing Authority of the Regional Operational Programme ‘Wallonie-2020.EU’

The anti-fraud and irregularity policy applied to the management of ERDF programmes in Wallonia is centred on detecting and preventing risk, correcting possible irregularities or fraud, and prosecutions.

1. Risk detection

Except for the handful of adaptations imposed by regulatory changes, the 2014-2020 management and control system of the ERDF managing authority in Wallonia is identical to that used during the 2007-2013 programming period. The risks identified (gross risks) at the start of the programming period are therefore broadly the same.

As well as identify based on experience and previous audits, the Walloon managing authority is considering using the ‘fraud risk self-

Assessment tool’ established by the European Commission 45 , or a similar approach.

In addition, the managing authority is set to use the Arachne system, which is a tool for identifying operations that are liable to exposure to risk of fraud, conflicts of interest or irregularities.

2. Risk prevention

The measures taken to prevent (or mitigate) these risks follow on from those applied during the 2007-2013 programming period, bearing in mind the highly positive results of the 2007-2013 system audits on the selection and approval of projects and their implementation, as well as on expenditure. The same was true for the system audits performed in the departments of various functional administrations and intermediate bodies.

This documentation was therefore essential in estimating a low probability of net risks, as well as in capitalising on skills and knowledge. The entities participating in the management and implementation of the 2014-2020 Walloon ERDF OP are mostly the same as in previous programming periods and the degree of experience acquired contributes to programme management being more effective and efficient, thereby minimising the probability level of risks occurring.

Risk prevention measures include the following:

-    project selection by a group of independent experts,

-    a communication to beneficiaries on their rights and obligations, on a regular basis and immediately following a call for projects (keeping proper accounts, public procurement, the existence of various levels of control, retention of supporting documents, penalties applicable, etc.). Work tools (vademecum, user manuals, templates, etc.) are also made available to them, in particular through the website WalEurope , which is updated daily;

-    the existence of clear, relatively simple eligibility rules specific to the operational programme;

-    the exhaustive nature of first level document checks;

-    a reliable and efficient computerised project monitoring system;

-    support from functional administrations (FA) through ad hoc forums;

-    a check performed by the FAs, whose systematic validation of indicators

allow the programme’s physical progress to be monitored, as well as their verification based, in particular, on the content of progress reports and during on the spot checks;

-    the clear separation of functions between the three Authorities;

-    the regular dissemination of information for Managing Authority staff on the application or development of the rules, including on irregularity and fraud (in particular via the OLAF working party);

-    the organisation of seminars and/or training days on the applicable regulations,

including on the fight against fraud;

-    The strict adherence by Managing Authority staff (as agents of the Public Service of Wallonia) to the ‘Code of Good Administrative Conduct’, which incorporates principles of ethics and integrity. The latter can be found in Annex I to the Walloon Government Decree of 18 December 2003, as amended, on the Walloon Civil Service Act. A part of the Act, which is applicable to statutory staff, also concerns contract staff, in accordance with the provisions of the Walloon Government Decree of 18 December 2003 on the conditions of engagement and the administrative and financial situation of contract staff. In particular, Article 2 of the Act incorporates principles of integrity, conscience, loyalty, non-discrimination and responsibility;

-    the participation of the three Authorities in the OLAF working party, allowing effective and reciprocal information to be provided from those Authorities relating to cases of irregularity and fraud.

Domains where risks of fraud or irregularity are higher systematically draw more attention, and specific action plans are applied. This has been the case with public procurement, in particular following the ‘Pressetex’ judgment (CJUE, 454/06). Therefore, a useful written instruction has been distributed and related training organised for the beneficiaries. The following, in particular, was used as support: Guidance on public procurement for practitioners ‘On the avoidance of the most common errors in projects funded by the European Structural and Investment Funds’ (European Commission, 2015).

3. Correcting cases of irregularity and fraud

Irregularities and cases of fraud must be communicated to the European Anti-Fraud Office (OLAF). These procedures are described in the rules of procedure of the working group responsible (at OP ERDF level) for referring cases of irregularities to OLAF.

Following a meeting of the OLAF working party, functional administrations (AF) must apply the necessary measures to irregularity cases falling within their remit. If it emerges that an FA has not satisfactorily followed up a case three months after its referral to the OLAF working party, the case will be submitted to the Minister responsible for the Structural Funds, to the Minister who is competent at functional level and, where appropriate, to the Walloon Regional Government, in order to determine measures to be implemented

Any irregularity or case of fraud detected will systematically trigger a procedure to recover any sums paid unduly.

4. Proceedings

If appropriate for the case, criminal and civil proceedings are launched. In accordance with Article 29 of the Code of Criminal Procedure, any public official who suspects fraud while carrying out his or her duties must inform the public prosecutor about the matter and pass on all information, statements and acts in connection with the suspicion.

b) Contribution of the Department of Agriculture and Fisheries (Departement Landbouw en Visserij) – Flemish paying agency for agricultural funds

The specific IT tools offered by the EU, such as ARACHNE, are less useful for agricultural funds.

When the annual accounts are submitted, the director of the paying agency confirms in his annual management declaration that, in accordance with Article 58 of Regulation (EU) No 1306/2013, effective and proportionate anti-fraud measures have been introduced which take the risks identified into account. The layout and application of the risk analysis is sector specific and offers adequate assurance in terms of combating and preventing fraud. The 2017 risk management scheme of the Flemish Government’s Department of Agriculture and Fisheries will take more structured account of existing efforts.

c) Reply from the Flemish WSE (‘labour and social policy’) policy area’s ESF department responsible for implementing the 2014-2020 ESF, AMIF, EGF and YEI programmes as managing/certifying authority

The ARACHNE, IMS and Fraud Risk Assessment tools are used. The ‘integrity policy and code of ethics’ (Integriteitsbeleid en Deontologische code) was adapted based on the risk analysis. The managing authority also uses random samples of data available from the ARACHNE tool to conduct on-the-spot checks.

d) ERDF Flanders

Please note that ERDF Flanders will use the Commission’s ARACHNE tool for the 2014-2020 programming period.

e) Federal Public Service of the Interior, European Funds unit

The EU funds unit of Belgium for the AMIF-ISF funds (DG Home) uses the Fraud risk assessment tool to elaborate our anti-fraud policy and to implement the necessary fraud risk detection and prevention measures. This is an ongoing process that has been validated by our Audit authority.

• One of the possible measures of the Fraud risk assessment tool is the use of the Arachne tool. Arachne is a risk-scoring tool that helps to reduce the error rate and detects and prevents potential irregularities in projects or contracts. We’ve explored the tool during an information session together with representatives from DG Home and DG Employment. In order to use the Arachne tool for the AMIF-ISF funds it is necessary to have enough participating Member States to justify the supplementary cost for using the tool. At this moment this is not the case. We are waiting for a participation of other Member States. To finance the supplementary licenses for the tool DG Home wants a minimum number of participating Member States.

• Concerning the irregularity management system (IMS) of OLAF, access has been granted by our liaison officer. Actually we are setting up the login procedure (passwords, certificates, etc.). In our anti-fraud policy it is foreseen to use the IMS tool to report fraud and irregularities.

• We have not yet encountered any fraud or irregularities in the on-going projects.

BG

А. OPERATIONAL PROGRAMMES, APPROVED FOR THE PERIOD 2014-2020, CO-FINANCED BY THE EUROPEAN STRUCTURAL AND INVESTMENT FUNDS (ESIF) AND THE FUND FOR EUROPEAN AID TO THE MOST DEPRIVED (FEAD)

1.EXECUTIVE AGENCY AUDIT OF EUROPEAN FUNDS

The risk assessment model used by the Audit Authority for strategic planning purposes is based on an analysis of the risks for compliance with various Key Requirements (KR) for the management and control systems in line with the European Commission’s Guidance note on assessment of management and control systems. The following risks have been identified:

§Importance of KR as an instrument used to limit the certification of ineligible expenditure;

§Risk of fraud, including conflict of interest;

§Systemic deficiencies detected in the framework of conducted audits on operations;

§Number of low, medium and high priority findings from previous systems audits;

§Major changes to legislation as compared to the previous period.

The risk level for each Key Requirement is an aggregate value resulting from the assessment of all risk factors. Risk level is graded on a scale comprising three categories (low, moderate and high risk), the aim being to cover all key requirements within the three-year period 2016 – 2018.

Risk factors are rated on a scale from 1 to 4 (1 indicating the lowest and 4 the highest level of risk, respectively). The risk key requirements associated with high and moderate levels of risk are subject to more frequent checks.

When developing its audit methodology, the Audit Authority conducts an assessment of the steps in the respective processes that carry the highest risk and includes detailed checks in the relevant checklists to ensure detection of all irregularities in high-risk areas. The checklists contain guidance on conducting an in-depth analysis of the detected irregularities on the basis of which auditors form an opinion on the presence/absence of suspected fraud. Given the very high share of detected irregularities with implications for public procurement (more than 90 %), the checklists used to assess the legality of public procurement calls are very detailed and fully in line with the Guidelines for determining financial corrections to be made to expenditure financed by the Union under shared management, for non-compliance with the rules on public procurement (European Commission Decision of 19 December 2013). According to the European Union the checklists used by the Audit Authority are adequate and sufficiently detailed and their use by all bodies concerned in the management of EU funds has been recommended as a good practice.

2. ACCREDITATION AUDITS OF THE MANAGING AUTHORITIES

In accordance with Article 124(2) of Regulation (EU) No 1303/2013 the Audit Authority has conducted accreditation audits on the managing authorities of all nine operational programmes, co-financed by the ESIF and the FEAD and approved for the programming period 2014 – 2020, notably: OP Regions in Growth (OPRG); OP Environment (OPE); OP Transport and Transport Infrastructure (OPTTI); OP Innovation and Competitiveness (OPIC); OP Initiative for Small and Medium-sized Enterprises (OPISME); OP Human Resources Development (OPRD); OP Good Governance (OPGG); OP Science and Education for Smart Growth (OPSESG); and OP Food and/or Basic Material Aid (OPF), cofinanced by the Fund for European Aid for the Most Deprived.

The audits were conducted in accordance with the European Commission’s Guidance for Member States on Designation Procedure (EGESIF_14-0013-final of 18 December 2014) and include an assessment of the criteria for designation of Managing Authority (MA) and Certifying Authority (CA) as regards the procedures put in place for monitoring and reporting of irregularities, risk management and effective and proportionate anti-fraud measures.

On the basis of the conducted audits the Audit Authority has ascertained that written procedures for administering irregularities, including fraud, have been approved under all programmes. The procedures in question include rules for the detection, registration and reporting of irregularities, including suspected and ascertained fraud, and monitoring the progress achieved in administrative and criminal proceedings relating to detected irregularities. Rules on the co-ordination of anti-fraud measures have been approved, including an obligation for quarterly reporting to the AFCOS Directorate. Detailed descriptions of the duties and responsibilities of staff, including in relation to the reporting of irregularities and fraud, have been compiled. The anti-fraud measures are structured around four key elements of the anti-fraud cycle — prevention, detection, rectification and prosecution.

The descriptions compiled by all relevant bodies contain risk assessments at both programme and project level to be conducted in line with the Commission’s Guidance Note on Fraud Risk Assessment and Effective and Proportionate Anti-fraud Measures — Ares(2013)3769073 — 19/12/2013, EGESIF 14-0021-00/16/06/2014) EGESIF_14-0021-00).

In line with the above-mentioned Guidance Note, for the purpose of risk assessment in the context of monitoring, including of the risk of fraud, at project level, the respective organisations have taken on a commitment to use the specialist risk scoring tool ARACHNE. Its use does not require additional effort from staff as the Managing and Monitoring Information System (MMIS) for the programming period 2014 – 2020 has already been rolled out and is fully functional. Automated interface of the MMIS ensures access to all requisite data in a predefined and structured format. Where information is detected via ARACHNE that indicates a higher risk of irregularity and fraud under a project, the experts responsible for monitoring take mitigating measures by conducting unannounced on-the-spot checks, modifying the terms and conditions for project implementation, issuing mandatory guidelines for beneficiaries, notifying the competent bodies, etc. The use of the risk scoring tool ARACHNE is expected to enable the bodies responsible for the management and monitoring of funds available under the operational programmes to raise the efficiency of project selection, verification and audit and further improve the identification, prevention and detection of fraud.

The Central Co-ordination Unit Directorate of the Council of Ministers is the designated national coordinator for ARACHNE and manages system access and access profiles. By Order No R-249 of the Deputy Prime Minister responsible for EU Funds and Economic Policy of the Republic of Bulgaria of 2 December 2015 a procedure for the management of access to the ARACHNE irregularity and fraud risk scoring tool was approved. In 2016, profiles enabling the access of 51 users from all managing authorities were created.

The preliminary audit reports on accreditation detail certain detected deficiencies and set out corresponding recommendations for improvement of the descriptions of the systems put in place by the management authorities for irregularity reporting and monitoring, risk management and introduction of effective and proportionate anti-fraud measures. The managing authorities have accepted all recommendations, implementing most of them by the time the final audit reports were published. In particular, the following recommendations have been fully or partially implemented:

1)that the managing authorities make arrangements enabling the use of ARACHNE and/or develop a detailed procedure for the use of ARACHNE under OPRG, OPE, OPTTI, OPIC, OPISME, OPRD, OPGG and OPF (fully implemented);

2)That the MA conducts an initial fraud risk assessment following the designation of the bodies responsible for the management of the OPRG, OPE, OPTTI, OPIC, OPISME, OPRD, OPGG and OPF (ongoing implementation);

3)All other recommendations (see below) were implemented by the time the final audit reports were published:

-3.1) compile a more detailed description of the Risk Assessment methodology for the OPE, OPIC, OPHRD, OPSESG and OPGG;

-3.2) develop a procedure for providing information to the Audit Authority and other competent national bodies about cases of suspected fraud under the OPTTI that were detected by the MA;

-3.3) introduce a requirement for the reporting of irregularities by the staff responsible for the management and monitoring of the OPISME;

-3.4) develop a procedure for the prevention of conflicts of interest in line with the principle of impartiality and independence in the management and implementation of the OPSESG;

-3.5) develop rules for the recovery of unduly paid amounts/financial corrections in respect of expenditure that has been certified and declared to the European Commission under the OPSESG.

The implementation of the recommendation for conducting an initial assessment of the risk of fraud under the operational programmes was verified during the systems audits and the relevant findings set out in the accreditation audits were closed.

3. SYSTEMS AUDITS

In 2016, the Audit Authority conducted systems audits on six out of the nine approved operational programmes in line with Article 127 of Regulation (EU) No 1303/2013 in 2016. The programmes in question are OPTTI, OPE, OPIC, OPHRD, OPGG and OPF. The audits were conducted in line with the Guidance Note for the Commission and Member States on a common methodology for the assessment of management and control systems in the Member States for the programming period 2014 – 2020 (EGESIF_14-0010-final 18/12/2014). The audits focused on an assessment of the management and controls systems put in place by the managing authorities to ensure compliance with Key Requirement 7 Efficient implementation of proportionate anti-fraud measures. The aim of the audit checks was to verify whether the managing authorities:

§had conducted a risk assessment at the beginning of the programme implementation period to determine the probability of fraud risk realisation and its impact on the key processes relating to programme implementation;

§had developed anti-fraud measures that are structured around four key elements of the anti-fraud cycle — prevention, detection, rectification and prosecution;

§had introduced adequate and proportionate preventative measures tailored to address specific situations with a view to reducing residual risk to an acceptable level (mission, code of conduct, top to bottom communication lines, separation of duties and responsibilities, training and awareness raising activities, data analysis and up-to-date knowledge of the red flag warnings and indications of fraud;

§had introduced and are effectively applying red flag detection measures;

§had put in place a procedure for the follow-up actions to be taken in the case of suspected fraud to ensure that clearly defined and coordinated mechanisms are in place for reporting suspected fraud and deficiencies in the controls carried out vis-à-vis the Audit Authority, the competent investigating bodies of the Member State and OLAF;

§had put in place appropriate processes enabling follow-up in all cases of suspected fraud and the actions to be taken to recover unduly paid EU funds in such cases;

§had introduced procedures that enable proper follow-up on all processes, including control procedures and mechanisms in connection with potential or actual fraud, and reporting the results of the follow-up actions taken to ensure that they are taken into consideration for the purpose of subsequent reviews of fraud risk assessment.

On the basis of the conducted systems audits certain deficiencies were detected, which prompted the following recommendations:

The checklists used to conduct controls on the selection of operations, project implementation by beneficiaries and verification of expenditure by the managing authorities of the OPGG, OPHRD, OPF, OPIC and OPTTI do not contain detailed instructions for analysis of detected irregularities with a view to identifying fraud indicators (red flags), including the actions to be taken in such cases. Detailed instructions were solely included in the checklists to be used to document the controls performed on the contractor selection procedures conducted by beneficiaries. In connection with this, a recommendation was given to modify the checklists by including detailed instructions on the fraud indicator (red flag) identification.

The recommendation was accepted and implemented by the managing authorities of the OPF and OPHRD by the time the final audit reports were published and is currently being implemented by the managing authorities of OPGG, OPIC and OPTTI.

1)A recommendation has been given to the managing authorities of the OPIC and OPGG to adopt dedicated anti-fraud rules/policy in line with Annex 3 of the Commission’s Guidance Note on Fraud Risk Assessment and Effective and Proportionate Anti-fraud Measures (EGESIF_14-0021-0016/06/2014). The managing authorities have accepted the recommendation and its implementation is ongoing;

2)A recommendation has been given to the MA of the OPGG to compile a detailed description of the minimum set of documents/evidence to be annexed to the irregularity files and introduce appropriate controls to verify the completeness of irregularity / suspected fraud files. The Managing Authority has accepted the recommendation and its implementation is ongoing;

3)A recommendation has been given to the MA of the OPHRD to expand the list of identified risks for 2015 and 2016 and the Risk Management Plan with examples of fraud affecting the programme implementation processes set out in the Commission Guidance Note. The recommendation has been accepted and implemented;

4)A recommendation has been given to the MA of the OPIC to clearly define the duties and responsibilities of MA staff in connection to the processes of preventing, detecting and rectifying cases of fraud. The recommendation has been accepted and in currently being implemented;

5)A recommendation has been given to the managing authorities of the OPHRD, OPIC and OPF to develop detailed rules for the use of the ARACHNE risk scoring tool and designate users to whom access to the system be granted. The MA of the OPF has implemented the recommendation and the managing authorities of the OPHRD and OPIC are currently working to ensure its implementation;

6)A recommendation has been given to the MA of the OPTTI to conduct a risk assessment and develop an action plan for risk mitigation that sets out specific steps, actions, responsibilities and timeframes to ensure implementation of planned controls. The recommendation has been accepted and is currently being implemented.

In the framework of the system audits performed the Audit Authority followed up on the implementation of the recommendations for conducting initial assessments of the risk of fraud under the operational programmes and closed the findings set out in the accreditation reports.

4. CERTIFYING AUTHORITY

The Certifying Authority (Directorate National Fund of the Ministry of Finance) makes full use of the systems and tools made available by the European Commission. The officials to whom access to the ARACHNE tool system has been granted were designated by an order issued by the Minister of Finance.

B. RURAL DEVELOPMENT MEASURES FINANCED BY THE EUROPEAN AGRICULTURAL GUARANTEE FUND (EAGF) AND THE EUROPEAN AGRICULTURAL FUND FOR RURAL DEVELOPMENT (EAFRD)

1.EXECUTIVE AGENCY CERTIFICATION AUDIT OF EUROPEAN AGRICULTURAL FUNDS

Executive Agency Certification Audit of European Agricultural Funds (IASOSEZF) was established pursuant to Council of Ministers’ (CoM) Decree No 89 of 18 April 2016, amended and supplemented by CoM Decree No 218 of the Council of Ministers of 25 August 2016, and became fully operational after August 2016. During the period April – September 2016 efforts were focused on staff recruitment, creating an appropriate work environment and launching certification activities.

At the stage of strategic planning of its work the IA SOSEZF chose to apply a certain risk assessment model. In line with the European Commission’s Guidelines for the Certification Audit of EAFG/EAFRD Accounts, the developed model for material misstatement risk assessment includes audit procedures for risk identification in several stages:

-gaining an understanding of the Paying Agency (RA) and its environment — a review of applicable legislation, internal rules and procedures, and conducting interviews;

-assessment of the changes to the internal control system;

-assessment of the efficiency of the risk management process put in place by the RA;

-verification of identified risks and determination of target functions.

The risk of material misstatements for the financial year (FY) 2016 is to be assessed on the basis of an internal control system assessment performed by the previous Certifying Authority. Following that assessment, the underlying assumptions as regards the level of control risk, respectively risk of material misstatements, are to be reviewed, if necessary, including by expanding the scope of the work to be carried out. The audit procedures performed confirmed the initial assumptions and a further review of planned indicators were deemed unnecessary.

The Certifying Authority conducted the checks on the management and control systems of the Paying Agency in line with the Guidance Note on Anti-fraud Measures as foreseen in the context of Accreditation Criteria, 26 February 2014) of Directorate-General for Agriculture.

2.PAYING AGENCY – STATE FUND AGRICULTURE

In 2016, the State Fund Agriculture (DFZ) continued to apply an effective fraud and irregularities prevention approach, conducting checks based on an analysis of risk criteria for fraud with implications for the EU and national budget under various support measures.

Risk analysis is performed on the basis of:

-    The operational experience of the Anti-fraud Department;

-    Omissions and deficiencies detected prior to conducting the risk analysis in the checks performed on grant applications in accordance with the accredited rules of procedure of Directorate Contracting for the Implementation of Rural Development Measures (PMRSR).

-    The use of the full functionalities of IACS and EXCEL;

Risk analysis is also performed by the Internal Audit Department of the DFZ within the framework of strategic and annual planning and the scope of individual audits. The analysis was conducted on the basis of pre-defined criteria, including an assessment of the quality, adequacy and capabilities of the control environment and the controls out in place to prevent fraud and irregularities. One of the tools used by the Internal Audit Directorate is the specialist software Arbutus.

Examples where the RA was particularly successful in applying risk analysis to detect fraud:

ØBy Order No 03-RD/176 of 25 January 2016 of the Head of the State Fund Agriculture a working group was tasked with conducting an additional check to ascertain cases of fraud and irregularities and verify the compliance with applicable law of the grant applications submitted under Measure 4.1 Investment in agricultural holdings of the Rural Development Programme during the period stipulated in Order RD 09-213 of 27 March 2015 of the Minister for Agriculture and Food.

The check was to be performed on the basis of risk analysis on 30 approved grant applications received during the period for submission of applications specified in Order RD 90-213 of 27 March 2015, which were rated as carrying the highest overall risk.

The following criteria and corresponding weight factors were taken into account for the purpose of risk assessment:

-a weight factor of 0.2 assigned to grant applications seeking the highest amounts of investment funding;

-a weight factor of 0.2 assigned to grant applications, where the staff of the MPRSR Directorate have modified the status of an applicant into the Integrated Administration and Control System (IACS) from ‘negative compliance assessment report’ to ‘ongoing entry of data from order on application refusal’;

-a weight factor of 0.2 assigned to grant applications, where reference prices were used to calculate the eligible amount of support for the acquisition of assets (agricultural equipment);

-a weight factor of 0.2 assigned to grant applications seeking investment support for planting and/or replanting perennial crops;

-a weight factor of 0.2 assigned to grant applications that were awarded 8 points for energy efficiency in the ranking;

An order was issued to apply the following additional criteria to high-risk grant applications in order to select 30 that carried the highest overall risk:

-grant applications seeking support for investments to be made in geographic areas situated in close proximity;

-grant applications submitted by natural and legal persons entered into the commercial registry after 1 October 2014.

Checks were initially conducted on 30 projects. On the basis of the report drawn up by the working group specific guidelines and recommendations were issued for all grant applications. On the basis of the outcomes of conducted checks, cases of suspected irregularities and fraud were singled out and additional checks based on tips were carried out on 100 projects. Irregularities were detected under 32 projects and in 23 cases the information was referred to the Prosecution Service for investigation. In 9 cases the checks revealed that artificial conditions for financing had been created in order to obtain an advantage in breach of the aims of the measure.

ØBy Order No 03-RD/2005 of 29 June 2016 of the Executive Director of the DFZ, the working group was instructed to carry out an additional check - for irregularities, fraud and compliance with applicable law – on the procedure for receiving and processing applications for assistance under sub-measure 4.2 Investments in the processing/marketing of agricultural products of the RDP 2014 – 2020.

The check was to be performed on applications for assistance which were received during the period for receipt specified in Order RD 09-781 of 6 November 2015 of the Ministry of Agriculture and Food and allocated for processing; on the basis of a risk analysis, the 15 applications with the highest comprehensive risk indicator were to be determined.

The following criteria and corresponding weighting factors were taken into account in the risk assessment:

-a weighting factor of 0.2 was assigned to applications seeking the highest amounts of investment funding;

-a weighting factor of 0.1 was assigned to applications with a confirmed negative compliance report;

-a weighting factor of 0.1 was assigned to applications where, in the calculation of activities/assets costs eligible for assistance, the reference prices were not used and the respective activities/assets accounted for more than 50 % of the costs for which assistance was applied for under the project;

-a weighting factor of 0.2 was assigned to applications submitted by beneficiaries who had projects approved under Measures 121 and 123 of the RDP 2007 – 2013 and/or sub-measure 4.1 of the RDP 2014 –2020;

-a weighting factor of 0.2 was assigned to applications submitted by beneficiaries whose owners/managers/representatives had been reported to the Prosecution Service by the DFZ or had had pre-trial proceedings initiated against them in connection with misuse of EU funds;

-a weighting factor of 0.2 was assigned to applications submitted by natural and legal persons entered in the Commercial Register after 1 January 2015.

Checks were initially conducted on 15 projects. After a report had been drawn up by the working group, specific guidelines and recommendations were issued for additional checks on all applications for assistance. As a result of the actions taken, suspicions of irregularities and fraud were expressed, and checks were carried out in response to reports of irregularities in 22 projects. Irregularities and fraud were established in 13 of those projects, and 5 cases were referred to the Prosecution Service. In 8 cases, the checks revealed that artificial conditions for funding had been created in order to obtain an advantage contrary to the objectives of the measure

MARITIME AND FISHERIES PROGRAMME

The Maritime Affairs and Fisheries Directorate of the Ministry of Agriculture and Food is the designated Managing Authority of the Maritime and Fisheries Programme 2014 – 2020 (MFP), having taken over the functions of managing authority from the Executive Agency for Fisheries and Aquaculture (IARA), with a large number of the Agency’s employees being transferred to the Directorate.

The "Description of the functions and procedures of the MFP 2014 – 2020 and MFP Manual", approved by the Head of the Managing Authority of the MFP, sets out detailed rules and procedures for the administration of irregularities and the effective prevention and combating of fraud to be followed both by the Managing Authority and the Intermediate Body (State Fund Agriculture). A procedure for the provision of access to the ARACHNE tool was also approved.

It is laid down that, at the first stage of project proposal assessment, the MA of the MFP must request an excerpt from the Irregularities Register for the Operational Programme Fisheries Sector Development 2007 – 2013 kept at the IARA and the DFZ, along with a report on bad debtors from the DFZ's register. Potential beneficiaries must be required to declare, in an annex to the application form, that they are familiar with the definition of an irregularity laid down in Article 2(36) of Council Regulation (EU) No 1303/2013.

Given that the Managing Authority is a completely new unit with new functions, additional staff training will be provided in the near future to raise awareness levels in connection with the fight against fraud and irregularities. In addition, members of staff will be designated for work involving use of IMS, ARACHNE and the EDES-DB database.

The information system used for the programme is UMIS 2020, which permits fully electronic submission of documents and - at a later stage - reporting on project implementation.

INTERREG IPA CROSS-BORDER COOPERATION PROGRAMMES

The functions of Managing Authority for the Cross-border Cooperation Programmes under the Instrument for Pre-accession Assistance 2014 – 2020 (IPA) are carried out by the Territorial Cooperation Management Directorate of the Ministry of Regional Development and Public Works (MRRB). The Directorate has implemented a fraud risk self-assessment tool and identified 14 risks spread over 5 key processes relating to the implementation of the IPA Cross-border Cooperation Programmes between Bulgaria and Serbia, Bulgaria and Macedonia and Bulgaria and Turkey.

CZ

In the case of the Czech Republic, both the relevant managing authorities and the audit authority used the ARACHNE information system in the 2007-2013 programming period as a pilot verification tool for identifying the corresponding risks within selected operational programmes (in particular the ESF). No case of confirmed fraud has been identified by means of this tool.

For the 2014-2020 programming period the ARACHNE information system was incorporated into the management and control system of all operational programmes; only with one operational programme is a similar system used (Cribis). This tool is included in ex-ante, interim and ex-post control activities at managing-authority level and it supports the audit authority's activity.

Following the identification of risks in the operational programmes for the 2014-2020 programming period, use has been made of the June 2014 Guidance for Member States and Programme Authorities entitled 'Fraud Risk Assessment and Effective and Proportionate Anti-Fraud Measures', including Annex I thereto: 'Fraud risk assessment tool and instructions on how to use the tool' (EGESIF_14-0021-00). Own risk analysis has been carried out in accordance with the procedure laid down at national level by the coordinating body and adapted to the individual operational programmes. Risk analysis serves to identify associated risks (including the risk of fraud) and use thereof enables management and control systems to be set up. In the context of designation audits, verification is carried out by an independent audit body and subsequently by means of an audit procedure forming part of the Audit Authority's system audits.

IMS: this information system is mainly used by the LKB and the AFCOS Central Contact Point for forwarding information relating both to newly detected irregularities and to the acquisition of up-to-date information concerning developments in the investigation of previously reported irregularities detected in connection with the implementation of EU funds externally. In this connection the system will in future serve also as a tool for producing statistics and analyses.

DK

Danish Customs’ analysis units conduct risk analyses on data from a number of sources - mainly declaration information in the customs system. The data is analysed in the Business Intelligence (BI) and Tableau IT systems. An advantage of Tableau is its effectiveness in enabling trends and irregularities in import patterns to be visualised.

In 2016, SKAT launched the process for analysing data, which mainly concerns declaration information in the BI and Tableau IT systems. Greater use of Tableau should make it easier to identify fraud patterns.

A project involving BIC DATA is a new initiative launched by SKAT’s Customs and IT departments. This project also supports a similar initiative by the Commission in which Denmark is participating.

The relevant Danish managing authorities systematically use the IMS IT tool for reporting.

The structural funds’ managing authority regularly communicates with the Commission regarding the implementation of Arachne. On 9 June 2016 there was a visit by the Commission to present Arachne and discuss questions relating to the Personal Data Act. The Commission is drafting an Arachne charter to be concluded between the Commission and the Member States wishing to use Arachne. The Danish managing authorities are still awaiting the Commission’s final charter before they launch Arachne, so as to ensure compliance with the Danish Personal Data Act.

The structural funds’ managing authority used the Commission’s Fraud Risk Assessment Tool when implementing its anti-fraud action plan at the start of the current programming period. The authority intends to use the tool again when reviewing the administrative set-up later in the programming period.

DE

ERDF/ESF:

On the expenditure side the managing authorities implementing the programmes are primarily responsible for setting up effective control systems and taking effective measures to prevent and combat fraud. The following are the managing authorities’ systems and tools for implementing risk assessments and for taking fraud prevention and anti-fraud measures together with the certifying bodies:

The risk management and anti-fraud systems are essentially based on:

·the legal system in force for tackling fraud in the Federal Republic of Germany or the country concerned,

·the procedures/measures of the management and control system (MCS) and inhouse instructions on how to combat fraud for the administrative authority (e.g. administrative rules, e-learning etc.) and the intermediate bodies (banking standards, internal rules etc.),

·the regular programme-specific risk assessment (including prevention of corruption and fraud) carried out by a dedicated self-assessment team, in accordance with the ‘Guidelines on assessing the risk of fraud and effective and proportionate anti-fraud measures for the programming period 2014-2020’.

In order to identify the risks the following documents/information were used:

·COCOF 09/0003/00 of 18 February 2009 – Information Note on fraud indicators for the ERDF, the ESF and the Cohesion Fund;

·OLAF guidance document on ‘Identifying conflicts of interest in public procurement procedures’; 

·OLAF guidance document on ‘Identifying falsified documents’;

·Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee of 6 June 2011 on Fighting Corruption in the EU (COM(2011) 308);

·Transparency International’s Corruption Perceptions Index and the National Integrity System Report;

·Irregularities and cases of fraud during the funding period 2007-2013;

·Report from the Commission to the European Parliament and the Council - Protection of the European Union’s financial interests –Fight against fraud – Annual Report 2012 (COM(2013) 548 final) and 2013;

·Report from the Commission to the European Parliament and the Council – EU AntiCorruption Report (COM(2014) 38 final);

·the results of the EU Justice Scoreboard;

·the findings from sample checks and system audits carried out by the Audit Authority and other audit bodies.

Procedures for risk assessment:

Self-assessment teams have been set up for this task; these teams can consist of staff of the certifying authorities, managing authorities (management and control systems and technical assistance), possibly the intermediate bodies and contracting entities, and anticorruption officials from the relevant ministries. Representatives of the audit authorities may participate in an advisory capacity. The composition of the teams varies partly according to the action to be evaluated, but sometimes also depending on:

·the fund concerned (ERDF/ESF)

·the authorising agency concerned

·the individual financial instruments

The Commission’s self-assessment tool has been reviewed and adapted to the specific situations in the German Länder, and further risks have been identified and added.

If the systems and operational audits reveal audit findings in relation to fraud and corruption, suspicions of fraud or corruption or fraud-related irregularities, or if new systems are set up during the funding period, the assessment tool for the relevant groups are updated on a caseby case basis, reassessed, or, if necessary, extended to include an action plan. Systems which do not already require updating on a case-by-case basis are subject to a review at regular intervals.

The risk management team regularly examines the level of risk of each administrative rule and each stage of the selection, authorisation, payment, finalisation and sustainability testing procedure, using the previous funding periods, available data and audits carried out by external bodies and the managing authorities as a basis. These checks include documentation and individual invoice checks, on-the-spot checks and, where necessary, checks on the data supplied for indicators. Each of these checks includes a risk assessment, on the basis of which a decision is taken. The on-the-spot checks and the payment procedures, for which random checks are carried out in line with the risk involved, merit special mention here. Should risks be identified, the risk management team draws up corrective measures and monitors their implementation. These measures may be preventive or systemic. Irregularities are dealt with in a systematic manner.

The self-assessment tool covers the three areas proposed by the Commission:

·Selection of applicants

·Implementation of the projects by the beneficiaries with special attention paid to public procurement

·Certification of expenditure by the certifying authority and partly supplemented by the Managing Authority.

For this reason the risk management team in each federal state regularly examines the level of risk of each administrative rule and each stage of the selection, authorisation, payment, finalisation and sustainability testing procedure, using the previous funding periods, available data and audits carried out by external bodies and the managing authorities as a basis. In individual cases the managing authority prepares fraud statistics, based on Sections 263 et seq. of the Penal Code (StGB), and reviews the risk using the Commission’s assessment tool on the basis of the risk management team’s findings.

Should risks be identified, the risk management team draws up corrective measures and monitors their implementation. These measures may be preventive or systemic. Irregularities are dealt with in a systematic manner.

The strategic approaches to prevent and combat fraud and corruption are laid down in more detail in the management and control systems of the individual operational programmes at Federal Government or federal state level. These programmes have already been largely checked and confirmed by the audit authorities in the context of the designation procedures for the 2014-2020 programming period.

Measures at the level of the audit authorities:

When checking the functioning of the management and control systems, the audit authorities also assess the effective application of anti-fraud measures set up by the managing authorities. The systems audits are mainly based on risk assessments supported by Excel or other commercial IT products. The risk assessment table provided by the Commission in chapter III of its ‘Guidance for Member States on Audit Strategy (programming period 2014-2020)’ - EGESIF_14-0011-02 final - of 27 August 2015 is also used. Details of the approach are explained in the respective audit strategies of the audit authorities.

Agricultural (EAGF, EAFRD) and Fisheries Funds (EFF/EMFF):

Alongside IMS, standard Office programmes such as Excel and Word are used for risk assessment. Other applications are also used to support the business processes in the management and implementation of the programmes. These include Monitoring Statistik, QChess, IDEA and efReporter (a database system for the exchange of information). In some federal states the fraud risk assessment tool is also used for the EMFF.

AMIF/ISF:

Risk assessments are carried out using the standard Office programmes Excel/Word, taking into account relevant parameters such as financial volume, type of project selected, project duration and project partners (increased management requirements, legal form, experience of project implementation).

EE

We tested Arachne last year and it appeared that Arachne does not comply with our MIS at the moment. There have been some serious data matching issues that we have to solve before – in our MIS we use business entities’ registration codes (ID code) but Arachne needs VAT numbers to find the overlaps. Until these problems are solved we cannot make our final decision about using Arachne. When we have resolved these problems, the main potential of Arachne for Estonia will be international data. Therefore, we are thinking of using only some of the risk scores from Arachne, not all of them. Our own national systems (for example, tax and customs data) have specific data for the input and are therefore more substantial for assessing risks.

We used the Fraud Risk Assessment tool developed by the Commission last year and got general results only. We plan to improve the risk assessment exercise but have not started to develop our red flag system in our MIS yet. We plan to amend our national law first, which would give us more possibilities and opportunities to plan risk-based controls. Our implementing bodies can use national MIS to plan the risk-based controls already now - they have an overview of all irregularities detected and information and knowledge on the fraud risks.

We have already made some changes to our national public procurement register. Therefore, in some structural fund measures the private companies are required to use the public procurement register for their supplies. It has already reduced the costs of the goods or services and helps to use EU funds more economically and efficiently.

IE

Regarding Recommendation 4, Ireland is currently evaluating the potential implementation of Arachne as a risk analysis tool for the Structural Funds programmes. We are working closely with our counterparts in the European Commission to evaluate the suitability of this tool in the context of the structure of the Irish ERDF and ESF programmes.

In Ireland a central area has the primary focus of ensuring that Customs EU obligations are met by supporting compliance across the administration as well as co-ordinating appropriate standards for audits nationally. The central area advises on a common audit strategy and strives to ensure that there is a harmonised implementation of customs post clearance intervention policy nationally. Ireland’s customs audit policy is aligned to our national corporate audit framework in the context of our broader audit policies, plans and code of practice.

Our customs post clearance intervention targets are agreed and signed off by senior management at the start of each year as part of an operational plan to achieve satisfactory coverage and control of economic operators nationally. An additional reporting structure is provided through regional networks comprised of officers that have a key role in ensuring the effective management of our customs post clearance intervention programme. In Ireland, cases for post clearance intervention are evaluated by sourcing the necessary information and carrying out an assessment of the risks involved. All available systems are utilised in this risk assessment process.

Our primary customs case select tool however, is our Customs Risk Intervention Selection Programme (CRISP) which is based on a number of risk indicators. CRISP carries out an analysis of all available data and the results outline the ‘riskiest’ declaration in relation to post clearance checks and ‘riskiest’ traders in relation to customs audits. CRISP uses the ESKORT risk engine for our profiling. It consists of two sets of rules, one for Audit and one for Post Clearance Checks (PCC). An Audit run is done bi-annually in May and November, while a PCI run is done tri-annually in February, June and October.

Importers receive a CRISP ranking in each Audit run, while declarations are ranked in the PCC run.

The Audit run contains an analysis of declarations from the three previous years plus the current year. The PCC run is based on the four previous months’ Declarations and the analysis is carried out on each individual Declaration.

The output from each run is made available to our control officers and customs auditors and CRISP is the primary case select tool in Ireland for Customs audits and PCCs.

CRISP has proven highly effective in harmonising our customs case select programme nationally. We continue to enhance the rules contained within the system using all currently available risk information to ensure it remains and an up to date and effective customs case select system based on relevant risk information

EL

As regards to Actions of Programming Period of 2014-2020, funded by ERDF, ESF, TF.

The Management and Control System-MCS incorporates a comprehend and cohesive scheme of working flows, procedures, roles and competences for the prevention and detention of fraud based on the legislative, organizational and operational framework .

All these provisions, fully developed in the Manual of Procedures 2014-2020, aim to ensure fight against fraud on a systematic and regular basis as well as to the continuous improvement and reinforcement of the System.

Implementation of procedures is supported by certain IT systems and tools. The most important are:

The Monitoring Information System - MIS is the central System as required by regulatory provisions. It incorporates MCS information and procedures, which cover all levels, aspects and stages of NSRF OP’S and Actions and it serves for the data exchange between the involved authorities. Use of the system ensures the imprint of full and clear control path e.g. information on all procedures and outcomes in the lifecycle of Actions. The System is used as for Audit sampling and monitoring while applications for multiple criteria data retrieval and analysis allow complex and targeted sampling methodologies. This function can be reported as a good practice.

The Risk Assessment Tool as adapted to and optimized for the Greek context. The tool is applied on a regular basis by all MA’s. It is of a significant added value the fact that its results are further examined in the perspective of possible amendments and adjustments to the System.

The Irregularity Management System – IMS is used by all MCS involved national authorities for reporting irregularities and suspected fraud as requested by Regulatory provisions. Country officer is EDEL, the national Control Authority. Information included to this reporting and follow up can contribute to fight against Fraud.

The Information System for State Aid serves for the lifecycle management of the business projects, whereas the Information System for State Aid accumulation (SACS) supports the control on the State aid cumulating thresholds. The two systems in combination allow a thorough and complex scheme of monitoring and reporting over data.

As regard to funds by EAFRD

The Management Information System for Rural Development is the central sectoral System as required by regulatory provisions. A distinct functional area of the system supports the Risk analysis and sampling methodology needs. This methodology incorporates a complex correlation of factors and indicators, leading to an advanced and multi parametrical sampling.

A more detailed description, as follows (in Greek):

As regards risk analysis tools used in auditing non-area-related and non-animal-related Rural Development Measures (under Regulations (EU) No 1303/2013 and No 1305/2013 and Council Regulation (EC) No 1698/2005), the Managing Authority (Audit Unit of the RDP Special Implementation Service 2014-2020) conducts on-the-spot sampling and ex-post checks through a specific subsystem of the Rural Development and Fisheries Integrated Information System (OPSAA). The subsystem is configured in accordance with Articles 50 and 52 of Implementing Regulation (EU) No 809/2014.

Expenditure covered by on-the-spot checks represents at least 5% of the expenditure co-financed by the EAFRD concerning the Measures referred to in Article 46 of Regulation (EU) No 809/2014 and is to be paid by the Paying Agency each calendar year. Also, the ex post checks carried out each calendar year must cover at least 1% of EAFRD expenditure for operations that are still subject to attachments and for which the final payment has already been made.

The risk-analysis sample is selected by taking into account the risk factors identified in national and EU checks, the risk of error occurrence in transactions/operations related to parameters such as the type (functional direction, category of investment, investment sector) and size of operations, as well as the financial consequences from error occurrence in transactions.

Moreover, the checks are carried out according to an appropriate combination of measures/sub-measures/types and sizes of operations/actions, taking into account the need to maintain the balance between them. 30-40 % of the sample on-the-spot checks and 20-25 % of the sample ex-post checks are extracted by random sampling through the OPSAA.

As regard to funds by EAGF

A Risk Analysis Information System is used also for the needs of audits for funds by EAGF. Sampling methodology is multifunctional. The full risk analysis report including the previous year evaluation is submitted annually in November to the EC .

A more detailed description, as follows (in Greek):

The Directorate for Economic Controls and Inspection (EAGF Expenditure Auditing Section) carries out ex post checks of commercial documents of entities that are beneficiaries or debtors related directly or indirectly to the financing system set up by the European Agricultural Guarantee Fund (EAGF), or their representatives, in application of Regulation (EU) No 1306/2013 of the European Parliament and of the Council, in order to ascertain whether transactions forming part of the EAGF financing system have actually been carried out and have been executed correctly.

The Directorate for Economic Controls and Inspection prepares audit plans using an information system which has been presented to the European Commission’s audit teams and which has been designed on the basis of risk analysis that has been computerised, so that the greatest possible number of risk parameters is scored and visualised, reducing the likelihood of errors made in the selection process for beneficiaries to be audited and the monitoring of control programmes.

The system selects the undertakings to be audited within the annual audit programme by applying a risk analysis methodology. In particular, the selection of undertakings for audit is based on established risk criteria for each risk factor, to which weight factors on a scale from 0 (zero risk) to 3 (greatest risk) are applied. The risk analysis methodology calculates the Risk Amount for each undertaking, which is the result of the product of the scoring of criteria against the amount of the financial aid. The undertakings associated with the greatest risk are selected first.

Proposals for the use of risk analysis are presented to the competent department of the European Commission each November. They include the assessment of the previous year’s risk analysis, the weighting of risk factors and all relevant information concerning the approach to be followed, the techniques, the criteria and the method of implementation, in accordance with Regulation (EU) No 1306/2013 of the European Parliament and of the Council and the Implementing Measures thereof.

In addition, the Directorate for Economic Controls and Inspection selects transactions to be audited by applying a risk analysis methodology (risk analysis of businesses) so as to target correctly and efficiently the audit work, while taking into account relevant, reliable and independent evidence.

ES

As regards the need to plan control activities on the basis of risk analysis, it should be noted that most of the authorities responsible for managing European funds are opting to use the Commission’s fraud risk assessment tool as a reference, albeit adapted to their specific characteristics.

For example, the managing authority for the European Social Fund (ESF) has developed a tool for risk assessment and management comprising two risk matrices (ex-ante and ex-post) which complement and feed into each other.

The ex-ante matrix is a reporting and prevention tool which aims to identify the risk level (occurrence) associated with each method (grants, procurement and/or own resources) used for the management of the ESF. The ex-post matrix is a tool which identifies and quantifies the risks occurring by operation, i.e. the ‘materialisation of the risk’.

The results of both matrices can be compared to assess an operation and consider, on a case-by-case basis, to what extent additional controls must be stepped up on the sample of checks.

For its part, in the European Territorial Cooperation (ETC) programmes in which Spain participates, the Directorate-General for Community Funds set up a working group in 2016 comprising the Spanish national authorities involved in the management of such programmes and the National Anti-Fraud Coordination Service, with a view to adapting the Commission’s fraud risk assessment tool to the specific characteristics of the programmes by agreeing on the risks specific to each area of action and the control measures necessary to mitigate, where applicable, each of those risks, so as to ensure a homogeneous and consistent approach is applied by those authorities.

In addition, as another example, in the area of agricultural policy, the Spanish Agricultural Guarantee Fund (FEGA) set up an anti-fraud working group made up of the FEGA itself, the paying agencies of all the Autonomous Regions and the National Anti-Fraud Coordination Service. Among other things, its aim in 2016 was to pool fraud risk indicators (‘red flags’), with a view to drawing up a catalogue or register of such indicators to be taken into account by those bodies in planning control measures. The register will be updated at future meetings of the working group on the basis of the experience they acquire from implementation.

In relation to the possibility of using IMS in the assessment of risks of fraud or irregularities, it should be pointed out that the difficulties for Member States to exploit on a massive scale the information contained in IMS and the lack of clear instructions on how to register different fields – with the resulting poor quality of data in the system – hamper its use by the Spanish authorities in assessing the risk of fraud or irregularities.

Finally, in relation to the Arachne tool, the authorities responsible for managing EU funds (which are responsible for the decision to use the tool) are in the process of evaluating its advantages and disadvantages for decision-making under the procedures for awarding, justifying and monitoring co-financed aid. The vast majority have not yet taken any formal decision on its use.

In that regard, the problems pointed out by those bodies include the inability to adapt the tool to the needs and specific characteristics of each entity or body (e.g. you cannot select certain risk indicators to be taken into account, leaving out others deemed irrelevant) and doubts about the cost of using the tool for Member States once it is no longer offered free of charge by the Commission.

FR

The French authorities are able to announce the following measures:

- the Ministry of Agriculture stresses that the control system for EU agricultural funds is subject to a framework laid down by various EU Regulations, in particular Council Regulation 1306/2013 of 17 December 2013 and its implementing Regulation No 908/2014 of 6 August 2014. The control systems set up by France comply fully with the EU framework. In addition to simultaneous checks by paying agencies before aid is paid to beneficiaries, ex post checks are carried out after all aid (other than direct aid) is paid out, based on an annual risk assessment submitted for approval to the European Commission, and which forms the basis of the annual control programme. This risk assessment takes into account several parameters, including the measures themselves, the amount of aid paid and the outcome of previous checks. It helps to predict and to better target cases where irregularities are most likely, thereby improving fraud prevention and detection.

- the Interministerial Commission for the Coordination of Inspections (CICC), audit authority for EU funds in France (CICC-Structural Funds), points out that in the context of the designation procedure, the model for the description of the management and control system (DSGC) provided for in Annex 3 of Implementing Regulation 1011/2014 of 22 September 2014 as well as the selfassessment list contained in the annex to the guide on the designation procedure (EGESIF 140013 of 18 December 2014) place the emphasis on risk mapping by the managing and certifying authorities and the adoption of proportionate anti-fraud measures (in the light of the guidance note on fraud prevention — EGESIF 14-0021 of 16 June 2014). The CICC was therefore required to make this issue a priority for analysis during its documentary checks and on-the-spot audits. It found that the managing authorities had decided to use the ARACHNE tool proposed by the Commission services and had incorporated into their manuals of procedure, protocols for use of the tool on the basis of the results of the risk mapping. For the programming of its system audits, the CICC will identify its priorities, taking particular account of the conclusions and findings of work carried out in connection with the designation procedure.

- the Office of the Commissioner General for Territorial Equality (CGET), acting as a cross-fund coordination authority, has been working in the framework of the Working Group on rules with a view to presenting the various checks for 2014-2020 (scope, objectives and main audit points). At regular network meetings on the subject of fighting fraud in the framework of the European Structural and Investment Funds (ESIF), the CGET recalls the legal basis for internal control with reference to the European Commission guidance of 19 December 2013 on preventing and combating fraud and the guidance on management checks on projects co-financed by EU funds. Within the Working Group on rules, a number of supporting documents have been developed and made available to all managing authorities, including sample risk maps, which can be changed and adapted to suit the particularities of each operational programme and a note recommending use of the ARACHNE tool. There have also been regular exchanges with the European Commission about the ARACHNE information system and its content.

HR

As regards systems and tools used to perform a risk analysis in the preparing of audits and control activities, the Republic of Croatia (managing authorities/paying agencies and audit/control authorities) has a number of systems and tools at its disposal in order to perform efficient risk analysis varying from ARACHNE risk scoring tool, IMS (Irregularity Management System), ESIF MIS (Management Information System), risk assessment methodologies, Irregularity and Fraud Risk Management Methodology, Methodology for the ex ante and ex post verification of the procurement documentation based on the risk analysis related to individual procurements, appointing Risk Coordinators etc. Also, competent bodies within the system are continuously improving their tools and systems.

Bellow, examples will be given in order to present systems and tools used to perform a risk analysis.

Ex. 1. Ministry of Regional Development and EU Funds as the Managing Authority for Operational Programme Regional Competitiveness 2007 – 2013 and the Managing Authority for Operational Programme Competitiveness and Cohesion 2014 - 2020

Managing Authority (MA) is responsible for the performance of the Management and Control System (MSC) of the Operational Programme Regional Competitiveness (OPRC) and Operational Programme Competitiveness and Cohesion (OPCC).

The MA’s management and control strategy follows the principles of economy, efficiency and effectiveness, and simultaneously ensures reasonable assurance over regularity and legality of expenditure. The MA’s control activities are designed to provide for a balanced and efficient mix of ex-ante and ex-post controls (verifications). Controls by the MA over the IB activities / outputs cover:

·ex-ante review and approval of the criteria and methodology (guidelines) for selecting the operations;

·ex-ante review and approval of all versions (including modifications) of the manuals of procedures of IBs (including review and approval of risk assessment methodologies for sampling);

·ex-post controls over the performance of IBs - system level verifications (SLV).

Regular SLVs are performed by the MA to get a reasonable assurance on adequate performance of the Intermediate Bodies, which serve as complementary controls to MA’s ex-ante verifications.

During SLVs, adequacy and compliance of the main processes performed by the IBs are verified by the MA. SLVs are performed based on the risk assessment of the IB’s activities and risk assessment of the IB’s transactions (Calls for proposals / Contracts / Applications for Reimbursement). Both risk assessments include also relevant information on irregularities, frauds, previous audit and SLV recommendations and annual risk assessment of activities and processes in a controlled IB.

The SLVs are performed in accordance with the Annual SLV Plan, to cover and get additional assurance over the legality and regularity of expenditure to be entered into the annual accounts. SLVs include administrative (desk) verifications and on-the-spot verifications at IBs (and beneficiaries, if appropriate). Verification methods include (1) interviews, (2) walk-through tests of documents, (3) analytical procedures, (4) reconciliation of data and (5) re-performance.

The errors/weaknesses identified during the above ex-ante and ex-post verifications by the MA are assessed and registered, corrective actions performed, if appropriate, and taken into consideration when drafting Management Declaration and Annual Summary.

Intermediate Bodies level 2 (IB2) carry out ex ante and ex post verifications of the procurement documentation. Methodology for the ex ante and ex post verification is based on the risk analysis related to individual procurements, ensuring that all the procurements with estimated value equal to or higher than EU thresholds are chosen for the ex ante verifications. Risk analysis takes into consideration: value of procurement item; complexity of procurement procedure and/or complexity of procurement item; procurement impact on the project implementation; experience of the subject in procurement implementation and contract execution; status of beneficiary/subject who is implementing the procurement (public administration body; legal entity with public authority, office for central public procurement, etc.); stated irregularities in previously implemented procurements; applicable procurement procedures (public procurement or other) etc. After performed risk assessment, selected procurements for ex ante and ex post verification are communicated to the Beneficiary. In ex post verification Beneficiary submits to the IB2 all the documentation related to the specific procurement. Ex post verification is generally linked to the process of submission of the Application for Reimbursement. The scope of this verification is verification of the eligibility of the expenses submitted in Application for Reimbursement and legality of the procurements performed according to the Public Procurement Act or procedures for Non-Purchasing Organizations.

IBs 2 also verify and approve Applications for Reimbursement submitted by beneficiaries. IB2 verifies all submitted Applications for Reimbursement and choose a sample of the claimed cost items for the verification of all the applicable elements based on the risk assessment methodology approved by MA. Risk factors must be taken in consideration (value of cost item, individual procurements, type of beneficiary, previous experience) when choosing claimed cost items. This sample is complemented by a randomly chosen sample to make sure that there is an equal probability for all the cost items to be chosen. It is necessary to determine corresponding indicators and parameters so that verification results based on a sample can be used for the projection of error on the unverified part. If, during the sample based verification, notable amount of ineligible cost is determined, it is recommended to expand the sample on all the claimed cost items.

IB2 also applies risk assessment methodology for planning on the spot verifications. Methodology is prepared by IB2 and approved by MA. Extent of the verification corresponds to the level of risk related to project - projects with higher level of risk are subject to stricter verifications. While developing the methodology, the following factors are taken into consideration: complexity of project, amount of financial support, level of established risks, results of administrative verifications and audits carried out by Audit Authority (AA) and type of documentation delivered by beneficiary. This will result in a certain intensity and frequency of on the spot verifications.

MA OPCC has introduced procedures for the use of ARACHNE risk scoring tool in the implementation of the Operational programme. The usage of ARACHNE in implementation of the OPCC is described in the OPCC Common National Rules No. 6 and 10 (related to selection of operations and risk management).

Croatian authorities point out that 391 user accounts have been opened for Croatian users of ARACHNE (including OPCC and OPEHR management and control system). The current stage of the OPs implementation does not enable an intensive usage of ARACHNE, but other ARACHNE functions are being used, in particular those related to identification of relations between legal entities and/or persons for the purpose of identifying a possible conflict of interest. In addition, further improvement of ESIF MIS system in the next months will facilitate a more intensive usage of ARACHNE.

Croatian authorities consider ARACHNE as one of the tools used by the MAs for fraud prevention, complementary with other tools and measures. We are dedicated to getting the best possible benefit from using ARACHNE. In this light, we would like to advise that Guidelines for the usage of ARACHNE risk scoring tool in line with the Common National Rules were prepared by the MA OPCC in May 2015 and sent to the bodies of the MCS.

Besides ARACHNE, there are also other national databases used by MCS bodies for the same purpose: Court Register, Financial Agency database, Poslovna.hr etc.

Furthermore, MSC bodies are obliged to assess systemic risks and fraud risks twice a year (in March and in September). According to the procedure, they send Risk Register and Action Plan for Risk Mitigation to MA. Every MCS body must appoint Risk Manager and Deputy Risk Manager. MA appoints Risk Coordinator for all bodies of MCS. Risk Coordinator once a year organizes a meeting with Risk Managers for coordination of risks at the level of OPCC. If necessary, the meeting can be organized more than once a year. Also, Risk Coordinator organizes a meeting of Fraud Risk Assessment Group on the level of OP twice a year, and if necessary, it can be organized even more often. Every MCS body can appoint Coordinator for Antifraud Actions to be responsible for fraud risks (if there is no such appointment, Risk Manager is responsible). Procedures for systemic and fraud risk assessment are described in OPCC Common National Rules, Rule No. 10 related to risk management. We would also like to stress that procedures for fraud risk assessment together with relevant annexes, including those related to red flags, were introduced to the Common National Rules, Rule No. 10, from the COCOF 09/0003/00-EN - Information Note on Fraud Indicators for ERDF, ESF and CF document in order to ensure a full awareness of the Fraud Indicators in all management and control system bodies.

MA OPCC has established also Irregularities Management Network and its first meeting was held on 12 January 2017. It is envisaged that meetings of this Network are held at least on a quarterly basis.

Ex. 2. Audit Authority (Agency for the Audit of European Union Programmes Implementation System – ARPA)

1.    Usage of IMS in Audit Authority (AA)

The usage of IMS is widely spread and regular in planning and performing daily audit activities. Currently, two auditors from Audit Authority (AA) have access to IMS (as the “observer” function) and other auditors from all AA services for audits (in AA) get from those two auditors the needed information on irregularities reported to the Commission. The irregularity reports are exported from the IMS system into Excel sheets with all embedded information. The excels are then sent to the responsible auditors who use the information for their work. This practice has been conducted and followed in AA for several years already and will be further conducted and applied for performing risk analyses.

2.    Anti-Fraud Measures and Arachne in Operational Programme Competitiveness and Cohesion

·Each body in Operational Programme Competitiveness and Cohesion (OPCC) is obliged to appoint person for management of irregularities and fraud prevention and Coordinator in MA.

·At the level of OP Group for assessment the risk of fraud is established and convened by the Coordinator.

·The anti-fraud measures are addressed in various documents such as the National Anti-Fraud Strategy in the Field of Protection of EU Financial Interests for the period 2014–2016; Common national rules (CNR): No. 6 Selection of projects, No. 10 Risk management and No. 13 Irregularity; Description of the system point 2.1.4 and Manuals of procedures.

·In CNR No.10 Risk management, it is determined that bodies in MCS of OPCC are obliged to follow the Guidance “Fraud Risk Assessment and Effective and Proportionate Anti-Fraud Measures” EGESIF_14-0021-00, 16/06/2014.

·In CNR 6 Selection of projects, it is determined that bodies in MCS of OPCC are obliged to provide an audit trail that they have checked in, at least, 3 searches of data base by displaying the searching results from: ARACHNE as risk scoring tool, insight into the Court Registry; relevant chambers and professional bodies; for example, Croatian Chamber of Economy, Croatian Chamber of Civil Engineers, etc.

·AA will follow Guidance on “Fraud Risk Assessment and Effective and Proportionate Anti-Fraud Measures” and Annex 4”Verification of the MA compliance with article 125 (4) of Common provisions regulation (Regulation 1303/2013)”.

·AA decided to use ARACHNE application for performing additional verification regarding projects, beneficiaries and contractors.

Following the above mentioned Common national rule No. 13 Irregularity, the AA is on a daily basis informed by e-mails about the issued Decisions on established irregularities within projects implemented under OPCC and on suspected cases of frauds (and in ESF as well). These information and documents are received by responsible auditors in relevant AA services for audits and are further addressed and reviewed during planning or conducting audits.

As regards the usage of ARACHNE in the AA, nine auditors have access to ARACHNE application. During conducting audit of operations in 2016, ARPA auditors used ARACHNE to get better overview of the internal and external data regarding projects, beneficiaries and contractors. Among other data, we have checked legal links between persons, relations between involved companies, financial data and related risks of a company.

As regards other OPs which are implemented in Croatia, during 2016 AA services for audits of these programmes have not yet used or relied on the ARACHNE.

Ex. 3. Service for Combating Irregularities and Fraud (AFCOS Service in Croatia)

Service for Combating Irregularities and Fraud has developed Irregularity and Fraud Risk Management Methodology. According to the Methodology, Irregularity Reporting System bodies, AFCOS Service (Service for Combating Irregularities and Fraud) and AFCOS-Network bodies are obliged to conduct assessment of risks related to irregularities and fraud in line with their competences.

Purpose of the Methodology is to provide instructions and tools for irregularity and fraud risk management. The implementation of the Methodology is expected to result in 1) identification of the riskiest projects, 2) assessment of exposure of managing authority and certifying authority to fraud risks, 3) assessment of exposure of AFCOS to risks threatening its objectives and 4) identification and implementation of corresponding risk mitigation measures.

The Methodology is aimed at European Structural and Infrastructure Fund management and control system bodies, AFCOS-service and AFCOS-network.

Results of the implementation of the Methodology will be used for development of the National Anti-fraud Strategy.

IT

Contribution of the Italian AFCOS:

Italy uses information retrievable from the European Commission’s information systems. For anti-fraud purposes, the national authorities will use the ARACHNE system, pending completion of a national anti-fraud database, which is being developed by the Italian AFCOS.

With regard to what is requested in the Notes to Recommendation 4, the Guardia di Finanza has recently developed an IT tool to enhance action to combat fraud in the receipt of Community funds, called the Anti-Fraud Information System (Sistema Informativo Anti Frode - SIAF), financed under the national operational programme ‘Governance and Technical Assistance 20072013’.

The application, which will be made available only to operational units of the corps operating in regions covered by the Convergence Objective (Campania, Calabria, Puglia and Sicily), comprises an integrated technology platform that brings together in a single analysis environment information on disbursed EU funds contained in the databases used, in most cases, by the bodies responsible for managing those funds, with a view to targeted, effective selection for inspection of recipients of public funds identified as ‘at risk’ on the basis of specific indicators.

CY

Managing Authority- Management and Control system and use of Fraud Risk Assessment Tool:

The Managing Authority in Cyprus has designed and fully implements a Management and Control system regarding European Structural and Investment Funds. The design and the implementation of the management system and control procedures include among others the following in relation to risk analysis and fraud prevention:

·A detailed and clear description of the responsibilities of each institution involved in management and control and the allocation of functions within each body to ensure compliance with the principle of separation of powers where necessary

·The existence and implementation of procedures to ensure the legality and regularity of expenditure claimed and to ensure an adequate audit trail

·The operation and use of the Integrated Information System for the electronic storage and exchange of data, and to support the monitoring and control of the implementation of the OP

·The existence of procedures for preventing, detecting and correcting irregularities, through which identified and cases of suspected fraud

·Informing each stakeholder to describe the management system processes and control and for any possible amendment through relevant documents, directives and guidelines issued by the MA.

·The existence of national codes and ethical codes for public officials and services of the country (Conduct and Ethics Guide for Public Officials, National Code of Conduct for the award of Public Procurement, Code of Ethics of VAT Service- Ministry of Finance, Code of Ethics of Certified Public Accountants Cyprus).

·Conducting training and awareness actions of staff involved in management and control processes, institutions and organizations, both theoretical and practical issues (prevention procedures, detection, correction and prosecution of fraud, warning signs and indicators of fraud, etc. .) in order to consolidate the discouraging mentality fraud and to provide all possible expertise to identify and address fraud risks.

In addition to the general monitoring the sound application of the procedures of management and control system, the MA as part of preventive measures to combat fraud, applies the fraud risk assessment process, through which is the evaluation of the impact and likelihood of potential fraud risks that could affect the EU's financial interests.

The fraud risk assessment carried out in accordance with the EU Guidance and using the Fraud Risk Assessment Tool.

Audit Authority-Risk assessment

The Audit Authority and as per the provisions of the Common Provisions Regulations (Reg. (EU) No 1303/2013) and the Commission Implementing Regulations (Reg. (EU) No 2015/2007) sets up an overall risk assessment for prioritizing the system audit work on the Bodies (MA, CA and IB’s) and key requirements of the Programs concerned.

Risk factors such as prior experience of the bodies in previous PP, complexity of functions of the Bodies, value of projects under management are taken into account when performing the risk assessment and are weighted accordingly. The results of the risk assessment are reported in the Audit Strategy of the Audit Authority which is updated on an annual basis and when deemed necessary. As per the provisions of the Guidance of the Commission on a common methodology for the assessment of management and control systems, the responsibility for the effective implementation of proportionate anti-fraud measures lies with the Managing Authority under Key Requirement 7. The audit by the AA of the MA’s Fraud Risk Assessment and its anti-fraud measures is covered during its system audits. The AA also reviews the implementation of effective and proportionate anti-fraud measures at the level of IB’s as part of its system audits.

The procedures in place for audits of operations and sampling methodology is determined by the AA based on professional judgment and taking into account the regulatory requirements and factors such as the characteristics of the population and the expectation regarding the level and variability of the errors. The sampling methodology followed is in line with the regulatory framework, EU relevant Guidance and Internationally Accepted Standards.

Any instances of suspected fraud occurring during the audits of operations and system audits, the Audit Authority follows the procedures set by the National framework and legislation and the provisions of Internationally Accepted Standards. In addition, according to international accepted standards ISSAI 1240, ISA240, the Audit Authority conducts administrative and not criminal procedures. The scope of its power and authority is therefore rather limited when it comes to detecting the particular circumstances of suspected fraudulent activity. In addition, the key objectives of criminal and audit procedures are different. An audit of operations is of administrative nature aiming to assess the legality and regularity of the implementation of a project, while the criminal procedures claims to detect and investigate operations to provide evidence for the intention to defraud.

LV

The Managing Authority for EU structural funds and the Cohesion Fund, Namely ESF, CF and ERDF provides its information in regards to the risk based approach: 

1)For the implementation of Article 125 (4c) of Regulation 1303/2013 46 , the MA on the basis of the European Commission (hereinafter – EC) guidance on fraud risk management 47 laid down national guidelines for specific fraud and corruption risk prevention in ERDF, ESF, CF project implementation in the 2014-2020 programming period (documents are published on the Internet http://www.esfondi.lv/risku-parvaldiba ). To make sure that risks of fraud and corruption are assessed as well as effective and proportionate measures are implemented, institutions involved in the management of ESI funds on the request of the MA once a year fill out the fraud risk self-assessment tool which is attached to the national guidelines and then MA analyses this information in order to revive The Action Plan for minimizing risks of fraud and corruption. MA considers above mentioned EC guidelines as very useful tool to assess several risk scenarios particularly relevant to the key processes and later identify and evaluate the effectiveness of controls already in use to mitigate against these risks of fraud either from occurring or ensuring that fraudulent behaviour does not remain undetected.

2)Latvian authorities are still working on integration of the Arachne risk scoring tool, developed by the EC, into the management verification processes for the 2014-2020 programming period. On 13th of October 2016 the project data file for testing Arachne (acceptance version) was delivered by the Co-operation Institution and in the first EC analysis of the data was concluded that data quality and quantity is sufficient, although some minor data issues occurred. Currently, Co-operation Institution is analysing information and results of potentially most risky ESI projects (red-flags), available in the Arachne acceptance environment.

3)One of the functions of the MA is the control of intermediator’s delegated functions by overseeing and revising checks, made by Co-operation Institution, such as checks of procurement documents, checks of payment applications, on-the-spot checks e.t. as well as revising procedures of Co-operation Institution.

Control of delegated function is being planned on the basis of the risk-cantered approach while taking into account risky spheres, which were identified during the time of previous checks. Information on risky spheres is being accumulated in internal registers of the MA. Inspection is being performed taking in account also an analysis of all available information including information, which has been provided by other departments within the MA as well as by third persons. The MA is using not only publicly available data bases, but is also planning to use European Commission’s ARACHNE information system as an additional inspection tool in cases when the possibility of fraud exists within the process of checks and as soon as the system will be implemented.

The Ministry of Environmental Protection and Regional Development of the Republic of Latvia ensures financial control of the European Territorial Cooperation programmes for 2014 – 2020 planning period project partners from Latvia. Latvian financial control institution has elaborated internal procedures for financial controllers:

1)For carrying out random sample check of the Latvian beneficiary’s procurements planned within the project with regard to procurement documentation after announcement of the procurement and procurement procedures before the conclusion of a procurement contract in order to prevent risks before the conclusion of a procurement contract in the projects.

2)For carrying out on-the-spot verifications for high-risk projects based on risk analysis and for low-risk projects selected by random sampling method.

3)For carrying out 100% desk-based administrative check.

In order to achieve a common understanding and interpretation of European Territorial Cooperation programmes rules Latvian financial control institution organized seminars for the Latvian beneficiaries and elaborated Guidelines for Latvian beneficiaries, which describe first level control system and requirements for the beneficiaries. Guidelines provide the compilation of information in Latvian language with the deadlines set in national regulations, procedure of the reporting processes, including order of the pre-check of the public procurement procedures. The Guidelines and related documents and templates are available on the web page of The Ministry of Environmental Protection and Regional Development of the Republic of Latvia.

-    On 2015 100% desk-based administrative check and on-the-spot checks were made to all Latvian beneficiaries.

-    On 2016 the financial control institution has made 100% desk-based check to all Latvian beneficiaries and carried out random sample check of the Latvian beneficiary's procurements planned within the projects with regard to procurement documentation after announcement of the procurement and procurement procedures before the conclusion of a procurement contract.

-    Starting from 2017 the financial control institution will carry out on-the-spot verifications of the Latvian beneficiaries’ projects. These on-the-spot verifications will be based on risk analysis - for high-risk projects at least once during the project implementation and for low-risk projects selected by random sampling method, ensuring that any low-risk project may be selected for verification. Latvian financial control institution doesn’t intend to use IT tools.

In Interreg VA Latvia – Lithuania cross-border cooperation programme (LV-LT programme) where Latvia fulfills functions of Managing Authority in order to ensure effective and proportionate anti - fraud measures and appropriate overall risk management including effective prevention, detective efforts (fraud risk self – assessment) and fraud reporting mechanisms, the Risk management group is set up and Risk management procedure for the LV-LT programme is issued.

The controls carried out by LV-LT programme management bodies and the Financial Control have been designed to detect fraud effectively and proportionately. The error rate of the 2007-2013 programming period was very low, thus providing assurance that the system works well. Correction of irregular amounts will take place according to the respective procedure.

In addition, for preparation of the Programme risk management plan which will include also fraud risks in case they are identified, will be used Annex 1 of the European Commission guidance”Fraud Risk Assessment and Effective and Proportionate Anti – Fraud Measures”) with focus to fraud risks in three key processes – selection of applicants, implementation and verification of projects, including public procurement related fraud risks and certification of expenditure and payments.

For the FEAD there are not any special IT tool (system) for FEAD risk analysis performing by FEAD Managing authority and FEAD Certification authority. There have not been identified fraud activities within FEAD in 2016.

As regards AGRI and Fisheries funds: The Rural Development Service is using its own internal control mechanisms that have been established for the fraud and corruption risk prevention (red flags).

The Audit Authority for EU Funds (ESF, CF, ERDF, FEAD, ISF and AMIF) in its system audits are strongly focusing on the most risky areas. The separate risk assessment is done to identify the most risky areas that are exposed to the fraud and corruption where in turn further audit procedures are focused on. Auditors are consulting our national EU Funds Management Information System (For project information), the ARACHNE tool (for related persons, companies, red flags) and State Revenue Service’s databases (for company owners, employees, business area, related persons, VAT arrears). Also under audits of operations auditors are trained to oversee red flags and consult the competent authorities upon necessity. As for planning purposes the complaints log and black list of project and companies is consulted to identify the weight of the risk.

LT

Ministry of Finance as a Managing Authority is responsible for the implementation of the requirement related with putting in place effective and proportionate anti-fraud measures provided for in Article 125 (4) (c) of the Regulation (EU) No. 1303/2013 of the European Parliament and of the Council of 17 December 2013. Ministry of Finance, taking into account this requirement and the EC recommendations on the use of the Arachne Risk Securing Tool, has acknowledged the Arachne’s functionalities:

- representatives from the institutions administering the EU and EC structural funds and institutions participating in the administration met on 9 December 2015 in Vilnius to familiarize with the purpose and basic functionalities of Arachne. It was also agreed on the provision the EC with data on the projects stored in the EU Structural Assistance Computer-Based Information Management and Monitoring System (SFMIS) that are necessary for testing Arachne;

- managing authority in cooperation with EC arranged an interactive training in Vilnius on 19 July 2016 where the representatives from the Implementing Authority, STT, FCIS and National Audit Office of Lithuania were acquainted with the functionalities of Arachne and the results of the analysis of the tested project data;

- on 29 September 2016 and 11 November 2016, the managing authority submitted to the EC questions concerning the elimination of drawbacks identified in testing Arachne (such as incompatibility of Arachne’s internal processes with the requirements for audit sequence, inaccurate financial data on enterprises, inappropriate methods for the calculation of risk indicators, etc.);

- on 5 December 2016 and 23 December 2016, EC informed the managing authority on the completed new version Arachne 2.0 and provided technical documentation on the modifications. EC also informed that upon the receipt of the recommendation of the European Data Protection Supervisor on the improvement of internal procedures, the release of Arachne 2.0 is postponed until March-April 2017.

National Paying Agency under the Ministry of Agriculture (further – Agency) regularly reports irregularities to OLAF via IMS during a 2-month period that follows the quarter in which the irregularity was detected as provided for in the Regulations (1848/2006, 498/2007, 1306/2013, 1971/2015). With a view to preventing beneficiaries from the unlawful use of assistance, the Agency also uses internal systems containing information on the projects provided by law enforcement institutions, information on on-going/conducted irregularity investigations, on-going/conducted project risk analyses and information on risks related with allegedly illegal conditions for assistance. It also uses external systems such as Creditinfo containing information on artificially created conditions, financial capacity as well as other external registers enabling to prevent certain risks.

On the basis of the methodology for establishing allegedly illegal conditions for assistance approved by the Minister of Agriculture of the Republic of Lithuania No. 3D-285 of 5 May 2016, the Agency assesses projects taking into account the risks for applicants to seek illegal conditions for assistance.

The Agency also has in place the Description of the Procedure for Provision/Receiving of Information to/from Law Enforcement Institutions approved by the Order of the Agency Director which contains a list of elements of alleged criminal offences.

Agency staff is also entitled to follow the Description of the Risk Assessment and Management Procedure regarding the projects under the Rural Development Programme 2014-2020 and Operational Programme of the Lithuanian Fisheries Sector 2014-2020 for conducting risk analyses and the Description of the Systemic Risk Analysis Procedure for carrying out risk analyses in a systemic manner.

With the help of the RACS sub-system “Verification of Individuals”, Lithuanian Customs carry out risk assessment as concerns individuals and customs declarations, select individuals and/or their declarations for post clearance verification and record verifications, their results and residual risk assessments. For the automated risk assessment of individuals and declarations more than 100 risk assessment rules (algorithms) are used and assessment results are aggregated on the basis of the defined risk assessment areas.

In view of the European Court of Auditor's recommendations, the methodology for customs verifications was updated. The procedure provides for the planning of verification of individuals and customs declarations as well as their selection for verification. The mentioned actions are carried out taking into account the highest risk assessment values under the RACS sub-system “Verification of Individuals”.

For the risk assessment in the area of customs valuation, tariff regulation and other areas, the Lithuanian Customs use RACS as a basic IT system consisting of two parts – one is used for the risk assessment at the moment of clearance and the other is used for post clearance risk assessment. It also uses data received from the EC systems AFIS and CRMS and takes benefit of the OWNRES information on the detected irregularities. To identify customs value risks, information on fair prices provided by OLAF is used.

LU

Arachne is currently implemented by the Managing Authorities of FSE and FEDER (cf. PIF 2016 report) and the EU Commission is currently discussing with them the management of their internet platforms, used by promoters to upload information regarding, inter alia, expenses. These Management Authorities use the internet platform as a management control tool for their projects as all the information is centralised on it. Part of the collected information is also inputted in Arachne.

As for the Management Authority of INTERREG, it has recently taken the decision to implement Arachne as well. Further, this Authority has made use of the Risk Assessment Tool in the framework of the establishment of their management control system. Its procedures have been drafted and adapted based on the results from the Risk Assessment Tool. It is planned to update the Tool on a yearly basis.

HU

I.    Directorate General for Audit of European Funds as Audit Authority

The Directorate General for Audit of European Funds (hereinafter referred to as “Directorate General”) uses risk analysis to select the focus of the system audits referred to in Article 127 of Regulation (EU) No 1303/2013 (hereinafter referred to as “CPR”). The risk analysis is based on the outcomes of previous audits (system audits and project audits carried out on a sample basis) and audits carried out by external audit organisations (e.g. European Commission, European Court of Auditors). In addition, the Directorate General selects the focus of system audits and develops system audit plans by using all available information and working documents, including the present follow-up report. The Directorate General also conducts project audits on a sample basis, which means the sample-based audit of expenditures declared in the previous year for each operational programme. The sample is taken on the basis of the expenditure declared to the European Commission in the previous year. Based on the above, as opposed to the system audit plans, the sample-based audit plans are developed by using statistical sampling methods based on the guidelines published by the European Commission and the international audit standards.

The priority objective of checking funds from Union sources in the framework of the sample-based project and system audits carried out by the Directorate General is to prevent irregularities and to pursue successfully and effectively the frauds detected on the occasion of such checks. In order to achieve the above mentioned objectives of the control activities, the checklist in Annex 4 of Guidance No EGESIF_14-0021-00 of the European Commission on Fraud Risk Assessment and Effective and Proportionate Anti-Fraud Measures (hereinafter referred to as “Guidance”) was incorporated into our methodologies, while taking into account anti-fraud considerations, after the Guidance was published. In accordance with the Guidance, the aforementioned checklist was used to assess the compliance of the management and control system with Article 125(4)(c) of the CPR and the other requirements contained in the Guidance during the audit carried out for the purpose of designation, as referred to in Article 124 of the CPR, in 2015, and during the system audit referred to in Article 127 of the CPR in 2016. The aforementioned audits also involved a review of the Managing Authorities’ fraud risk analyses, strategic documents relating to anti-fraud measures, guidelines and internal regulations.

The Directorate General has applied for access to the ARACHNE data analysis tool developed by the European Commission. A review of the methodologies of the Directorate General has been carried out to amend the audit aspects where the use of the ARACHNE database may provide useful information and thereby increase audit efficiency.

In addition to the aforementioned database, a number of public and publicly available databases are applied (including the company database, the electronic reporting portal, the database of taxpayers without public debt, public procurement databases, monitoring system data (Unified Monitoring Information System (EMIR), EU Programmes System (EUPR)), Internet websites).

The auditors of the Directorate General regularly participate in internal and external training programmes and professional conferences and, after due consideration, the newly acquired professional knowledge is incorporated in the control methodology.

II.    Prime Minister’s Office

Regarding the operation of the Arachne risk-scoring tool used for risk analysis and made available by the Commission, the following can be reported:

II.1    Application

The Arachne software has been installed for all Managing Authorities (MA). The intensity of use depends on the beneficiaries belonging to the MA concerned. The MAs which typically cooperate with budgetary units do not use Arachne, because the fraud prevention function of the system used internally, i.e. the EU Programmes Subsystem of the Development Policy Database and Information System (FAIR EUPR), provide sufficient information to them.

The MAs which use the Arachne system give priority to Arachne in the pre-decision process in the following cases:

·checking SME status, exploring related parties

·information on transparency: ownership links

·examination of financial stability and risk of bankruptcy

·existence of an established company in the case of non-resident suppliers

·general information: address, telephone number, etc.

II.2    Methodology

Methodological guidance for the use of Arachne has been prepared with a focus on case management (responsible persons, deadlines, procedures). The essence of this is that where the Arachne system indicates a high risk, the staff of the MA must investigate the matter. This includes a review of the documents of the project concerned and, where available, the records of on-the-spot checks. The audit report must specify whether or not the risk classification is deemed justified. Where classification in the high risk category is not justified, a modification of the classification is initiated; where the classification is justified, arrangements are made for reporting the suspected irregularity.

III.    Hungarian State Treasury, Hungarian Agricultural Paying Agency

In close connection with the anti-fraud strategy of DG AGRI, Article 24(3) of Commission Implementing Regulation (EU) No 809/2014 of 17 July 2014 laying down rules for the application of Regulation (EU) No 1306/2013 of the European Parliament and of the Council with regard to the integrated administration and control system, rural development measures and cross compliance provides that the results of the administrative and on-the-spot checks shall be assessed to establish whether any problems encountered could in general entail a risk for other similar operations, beneficiaries or other bodies. The assessment shall also identify the causes of such situations, any further examination which may be required and necessary corrective and preventive actions.

The Hungarian Agricultural Paying Agency (hereinafter referred to as “Paying Agency”) carries out risk analyses for the following purposes:

1.    Selection of projects for on-the-spot check

•    in respect of a given payment period of a given budget line,

•    where the aim of risk analysis is to reveal frequent and typical errors rather than detecting disguised frauds.

In respect of the risk analyses for the on-the-spot checks, the sample is mostly selected by using statistical data mining procedures, applying the necessary software, which have taken the place of the initially used expert scoring systems from 2007 onwards.

2.    For administrative checks, a client risk assessment geared toward agriculture and rural development is currently being developed jointly by the Paying Agency and a developer to enable the complex assessment of the following:

·earlier and current applications for EU funding (primarily under the EAGF or the EAFRD) submitted by a given client,

·the history of these,

·size of the client/business concerned (small and medium-sized enterprise (SME), standard output (SO),

·the client’s network of relationships (Social Network Analysis (SNA)),

·creation of artificial conditions,

·it provides IT support for the assessment of the conditions necessary for granting support (SME, SO, transparency),

·its result is used for the selection for on-the-spot check in respect of each risk aspect.

At the Paying Agency, the client risk assessment geared toward agriculture and rural development, which is currently under development, is implemented in the framework of the Client Risk Analysis, Social Network Project.

Background of the Client Risk Analysis, Social Network Project: In order to be able to meet European Union expectations with regard to client risk assessment, the Hungarian Paying Agency launched in the first trimester of 2014 a Pilot Project on Social Network Analysis (SNA), which all professional units could learn about, test and found successful. The aim of the Social Network Analysis was to ensure compliance with the requirement of Article 24(2)(e) of Commission Regulation (EC) 65/2011 laying down detailed rules for the implementation of Council Regulation (EC) No 1698/2005, as regards the implementation of control procedures as well as cross-compliance in respect of rural development support measures, whereby administrative checks shall include verification of: “the reliability of the applicant, with reference to any previous co-financed operations undertaken since 2000”.

Following the Pilot Project on Social Network Analysis (SNA), the need emerged for the development of the Client Risk Analysis, Social Network Project at the Paying Agency, given the above-mentioned requirement laid down in the anti-fraud strategy of DG AGRI and Article 24(3) of Commission Implementing Regulation (EU) No 809/2014. The aim of the Client Risk Analysis, Social Network Project is to provide the Paying Agency with an effective tool which enables the prevention and detection of any misuse of funds provided from the European Agricultural and Rural Development Fund in the 2014–2020 programming period, in particular as regards the regular use of funds approved for high value projects.

The Client Risk Analysis, Social Network Project comprises three phases. Phase 1 essentially includes planning, while phases 2 and 3 basically comprise deployment and operation of the system in practice. For the practical applicability of the project, all three phases need to be implemented.

The implemented phase 1 activities include conceptual planning, requirement analysis and SO prototype development. SME prototype development is being currently implemented.

Phases 2 and 3 include the deployment and operation of SME and SO support, SO and SME automation, as well as the implementation of the artificial conditions, social network analysis, client risk and transparency assessment modules. However, these are conditional upon the development and implementation of the operational architecture, and then the system must be made fully operational. A centralised public procurement procedure for the tasks of phases 2 and 3 is currently in progress. The funding contract will be made for the period from 2 January 2017 to 15 December 2017. (The next phase of development has not started yet, because the necessary administrative measures are still underway.)

The operation of the Client Risk Analysis, Social Network Project will be based on the data of existing clients included in the records of the Paying Agency (SAPARD, Agriculture and Rural Development Operational Programme (AVOP), New Hungary Rural Development Programme (ÚMVP), Rural Development Programme (VP), direct aids and market measures), as well as publicly authentic data sources (National Tax and Customs Administration and Central Office for Electronic Public Services, Microsec, National Food Chain Safety Office).

The Client Risk Analysis, Social Network Project concerns all professional functions of the Paying Agency, and several organisational units will be able to make use of both the sub-processes (calculation of plant size expressed in SO, SME classification, transparency, related parties, detecting cases of creating artificial conditions) and the final outcome of client risk analysis (for making funding decisions and increasing the efficiency of selection for on-the-spot check).

When fully implemented, the social network analysis will enable the exploration, visualisation and evaluation of the link(s) between individual participants and entities, going beyond individual characteristics. It reveals hidden relationships and statistics that could not be seen at the level of individual cases and participants. The full implementation of the Client Risk Analysis, Social Network Project will make it possible for the Paying Agency to make an inventory of all horizontal risks which may occur when dealing with support for investment provided from the EAFRD (in the three areas of commitment of funds, audit of accounts and operation) and where there is a potential for irregularities during implementation. Owing to clients identified as presenting a risk, the loss of EU funds can be reduced to a minimum by selecting such clients for (central) control, and the implementation of the programme can also ensure the gathering of all other potential risk elements on a single interface.

In addition to the assessment made on the basis of the currently used risk scores, the Client Risk Analysis, Social Network Project will be able to provide substantial help to the assessment of the risks inherent in clients and applications, because it will enable the control of links on a real time basis, in close connection with the administrative work, in order to find out how the supplier, the bidder, the beneficiary, the company representative, the tender writer, the machine, the equipment, the place of implementation, etc. relate to one another and to other applications, accounts, decisions issued and irregularities detected earlier, also using data from external records (e.g. company database) in the course of analysis.

Overall, experience with use so far suggests that the above mentioned Pilot Project, which all professional units could learn about, test and found successful, can be developed into an IT tool performing daily routine tasks (Client Risk Analysis, Social Network Project), and its completed components with autonomous functions (to date, SO calculation in its entirety) are put into use instantly. The IT support for SME classification and transparency assessment may be rolled out soon.

MT

Feedback provided by the Audit Authority, Managing Authority & Agriculture & Rural Payments Agency:

For the new programming period 2014-2020, the Maltese Audit Authority is planning to introduce an IT audit software. The software will assist the auditors in carrying out the requested audit fieldwork. Moreover, it will include a database where to record all financial irregularities and classified by type. This feature will be beneficial from two aspects:

1.At planning stage, the auditor can refer back to previous irregularities detected and ensure that the respective system/audit of operation does not have similar irregularities.

2.The typology of errors can be shared with the Managing and Certifying Authorities so as to be proactive in identifying potential financial irregularities.

In addition, the Audit Authority is also planning to use Arachne as a risk scoring tool.

Managing Authority: The Planning and Priorities Coordination Division (PPCD) and ‘the EU Territorial Programmes Unit’ within the Funds and Programmes Division (FPD) are proceeding with the preparations for the full adoption of the Arachne risk scoring tool which assists Member States in identifying the most risky projects. We were informed that the updated version of Arachne will be launched next March/April 2017, at which stage it is envisaged that we will be in a position to fully deploy the tool.

To assess the impact and likelihood of any potential fraud risks which could harm the EU’s financial interests, the Commission recommends that Managing Authorities apply a ‘fraud risk assessment tool’. Along with other tools, the Commission made available also a ‘template fraud risk self-assessment tool’ and this is being made use of by both PPCD and FPD; as per the Commission’s EGESIF_14-0021_00, this tool targets the main situations where key processes in the implementation of the programmes could be most open to manipulation by fraudulent individuals and organisations. According to the Commission , three selected key processes considered to be most exposed to specific fraud risks are:

(i) Selection of applicants;

(ii) Implementation and verification of the operations;

(iii) Certification and payments.

This process of identification of risks trickles down onto the beneficiaries implementing the projects.

On similar lines, risk registers have also been drawn up to capture, maintain and monitor information on all identified risks to a specific organisational activity and the associated controlling actions that have been identified; project risk assessment is an ongoing process.

Both divisions have adopted an anti-fraud policy and an anti-fraud strategy. The objective of the policy is to promote a culture which deters fraudulent activity and to facilitate the prevention and detection of fraud and the development of procedures which will aid in the investigation of fraud and related offences and which will ensure that such cases are dealt with timely and appropriately. The strategy sets out the Managing Authorities’ commitment to preventing, detecting and deterring fraud and corruption and to taking action where it is suspected or detected. The strategy is based around the four key themes: prevention, detection, investigation and prosecution and reparation.’

Re Agriculture: the Agriculture & Rural Payments Agency (ARPA) has various features embedded into its organisational structure and operations that allow it to prevent and detect fraud. These include the Internal Audit and the Quality Control Units which specifically deal with checks on the work being performed by the Agency. Due to the nature of their work, these Units are very likely to encounter fraud and they are also able to suggest new ways of doing things in order to narrow down the situations for which fraud risk is high.  Furthermore, each of ARPA’s departments has an operational procedure that centres around the legal expenditure of EU funds in line with the relevant regulations. When one observes these regulations,  fraud is automatically being avoided. Hence, all the efforts of the Agency in complying to all the relevant EU regulations are an automatic effort to prevent fraud. This since, a payment affected outside the remits of the regulation is automatically fraudulent.

Amongst the tools utilised by the Paying Agency to prevent and detect fraud in addition to the in-built organisational practices mentioned above, there are the following:

·VIES Website: VAT numbers of beneficiary quotations and invoices, especially for investment measures, are tested using the VIES site in order to ensure that the VAT number is actually valid and is related to the supplier in question.

·Registrar of Companies: The registrar of companies website is used in order to detect whether related companies are issuing quotations to the same beneficiary for the same line item, with an intention to distort the proper testing of the market when beneficiaries submit quotations with their applications. This test is done by identifying the ultimate beneficiaries of the companies in question and establishing whether these are closely related or not.

·EU Funds Committee: A committee composed of all the authorities administering the disbursements of EU funds meets regularly in Malta with the main intention of assessing projects submitted by the same beneficiary with the primary aim of establishing whether or not such projects are closely related with possible intention for double funding.

·On-the-spot Checks: Samples for beneficiaries to test on the spot are selected using a sampling software embedded within our IT system. In accordance to the requirements of the regulation, these samples are selected both on a risk basis and on a random sample basis. Through on-the-spot checks, irregularities and fraud can be easily identified.

ARPA also regularly trains its staff on fraud as such training is crucial to develop the ability of its staff compliment to be able to raise the necessary flags when they detect possible cases of fraud.

NL

The use of IT options varies per fund.

The European Social Fund (ESF) in the Netherlands wants to use ARACHNE. The first 'pilot’ to determine whether ARACHNE offers the ESF in the Netherlands added value has been completed successfully. A second 'pilot’ is now on-going, in which a number of sample cases are being used to determine how a work instruction should inform staff.

The ERDF is investigating ARACHNE’s suitability since not all Member States are already using or adopting this instrument as yet. The Netherlands is also actively preparing a new fraud register incorporating some ARACHNE functions. The European Maritime and Fisheries Fund (EMFF) does not use ARACHNE.

For years, the IMS system has been used by the Netherlands to report irregularities to OLAF and in practice is only used for this purpose. Historical data for new project audits are recorded differently. The ERDF, the Fisheries Fund and the Agricultural Funds efficiently use IMS version 5 as a matter of routine. For the 2014-2020 programming period we are producing an ‘irregularities roadmap’ integrating the IMS user instruction with definitions and criteria for notifications.

The audit authority runs the Fraud Risk Assessment tool prior to the designation audit. This has resulted in a number of additional measures, such as:

The program is required to run up until the monitoring phase of a number of projects. So far no suspected fraud has been detected. We are unable therefore to provide examples. The ERDF runs the Fraud Risk Assessment tool at least twice a year. The mid-2015 assessment was discussed in 2016; a follow-up is planned in 2017.

The EMFF uses a totally new ICT system: the implementation platform (IP). This system’s design, which includes automated follow-up action, substantially reduces the risk of error and streamlines the audit process. The EMFF is also now using a risk-analysis list that records identified risks which it then follows up and acts upon. As the IP application has only been in use for a short time to compile the risk-analysis list, it is too early to provide information on the impact of these instruments.

AT

No Information Provided

PL

-With regard to the IT tools adopted by the competent institutions to assist with planning and managing audits and controls, all the competent national institutions use the IMS. Information on any irregularities is used in risk analysis, as they constitute one of the possible risk factors.

-The Fraud Risk Assessment Tool provided by the Commission is used to directly implement operational programmes for European Structural and Investment Funds (ESIF). If an institution decided to not use this tool, it would need to introduce appropriate organisational tools, e.g. by creating risk registers (documents constituting the end product of the risk management process in the individual entities and institutions involved in implementing the programme). Furthermore, some institutions use other IT tools, such as solutions provided by economic intelligence services, databases for analysing information on tender procedures for roads and railways for warning signs of collusive bidding or risk assessment spread sheets as an element in the method for sampling projects for audits. The Arachne financial fraud risk scoring tool is currently being tested by some institutions. The result of this testing should help Poland to evaluate the tool in practice. Irrespective of such tools, a Competition Database is used in all ESIF programmes; this IT tool should ensure compliance with competition rules regarding eligible expenditure for the European Regional Development Fund (ERDF), European Social Fund and Cohesion Fund (CS) in the period 2014-20.

With regard to the CAP and the use of efficient IT tools to combat fraud, the competent institutions use dedicated applications and registers, always in response to the needs they have identified. Suitable mechanisms for combating fraud use the methodology set out in DG REGIO’s study Cover note on financial fraud risk assessment and efficient and proportional measures for combatting financial fraud. The accreditation criteria set out in Annex I to Commission Delegated Regulation (EU) No 907/2014 and the designation criteria set out in Regulation (EU) 223/2014 of the European Parliament and of the Council, including the requirements to implement effective measures to combat financial fraud, are also applied to risk analysis. The above guidelines should be taken into account when carrying out audits and controls, both for the risk analysis required preparing the annual CAP audit plan and for the risk analyses and planned assurance tests required to carry out the audit tasks covered by the accreditation and designation criteria.

PT

The methodology applied for the selection of the sample of operations audited by the separate audit unit of the Development and Cohesion Agency (AD&C) complies with the principles set out in Article 28 of Commission Delegated Regulation (EU) No 480/2014 of 3 March 2014, which provides for the adoption of a statistical sampling method ensuring a random selection of sample items.

However, for the purposes of the audits data are always collected with a view to analysing the underlying risk, namely from the IMS and the information system regarding the suitability, reliability and debt of the beneficiary entities. This information system aims to provide the various parties concerned with a tool for detecting early warning signs (red flags) and indicators of fraud.

The information on the suitability, reliability and debt of the beneficiaries of ESI funds is kept in a dedicated information system which supports the activities of all entities receiving assistance under Portugal 2020.

The purpose of the suitability, reliability and debt codes is to identify situations where there is a particular risk of the principle of sound financial management being violated. This is the guiding principle of the ESIF co-financing system, which justifies blocking access to these funds during a specific period of time or tighter control by the Managing and Auditing Authorities.

As regards the European Agricultural Fund for Rural Development (EAFRD) (CAP) and the European Maritime and Fisheries Fund (EMFF), the Financial Institute for Agriculture and Fisheries of Portugal (IFAP) reports the development and implementation of anti-fraud measure, which are systematised and summarised in the chart in ANNEX I, the emphasis this financial year being on:

·the consolidation and improvement of functionalities requiring beneficiaries to declare any special relations when submitting payment claims under EAFRD Investment. If this is the case, the claims are examined in order to assess the reasonableness of any costs related to such situations;

·consolidating and improving the system for verifying the reliability of beneficiaries within the framework of the investment;

·drafting of a new standard for the management of debtors (with a greater focus on fraud and communication of irregularities to OLAF).

With regard to the EMFF, it should also be noted that the process of describing the management and control systems of the MA and CA is currently on-going.

RO

The key elements in preventing and combating irregularities and fraud at the level of managing authorities (MA), and in the process of identifying and assessing risks (including the risk of fraud), are the design and implementation of internal control systems, together with effective measures to detect and report irregularities and fraud through the use of IT systems and tools in the process of managing European funds, in order to identify non-conformities and patterns of fraud, such as ARACHNE, the Fraud Risk Assessment Tool and AFIS-IMS. In this respect, the majority of managing authorities use IT systems such as ARACHNE, the Fraud Risk Assessment Tool and AFIS-IMS.

The ARACHNE IT tool has been used successfully by, for example: the Managing Authority for the Competitiveness Operational Programme (MA COP) in the process of verifying the classification in the SME category of projects under Priority Axis I – SOP IEC, carried out by beneficiaries, through the consultation of databases on the ownership of commercial and public companies, as well as natural and legal persons associated with commercial companies, thus reducing the error rate in the use of EU funds and ensuring the legality and regularity of the expenditure certified.

The audit authority plans and guides its audit activities in accordance with the requirements laid down in the European regulations for each funding programme audited. The planning of audit activities is generally based on a risk assessment which makes it possible to focus audit checks on areas exposed to a high risk of irregularity/fraud, and specific audit procedures can be established to reduce risks.

In accordance with the Commission’s Guidance note on a common methodology for the assessment of management and control systems in the Member States (EGESIF_14-0010-final) and the Commission's Guidance note on fraud risk assessment and effective and proportionate anti-fraud measures (EGESIF_14-0021-00), the audit authority assesses annually, as part of the system audit, Key requirement 7 – effective implementation of proportionate anti-fraud measures, at the level of the main national authorities responsible for the management of European funds. On that occasion, the audit authority assesses the quality of the fraud risk assessments carried out at the level of managing authorities, using the ARACHNE IT system, in accordance with the internal procedural provisions of those managing authorities. This contributes to the operationalisation of the management checks. Furthermore, the impact of the use of this IT tool in detecting and correcting fraud at management authority level can be assessed.

During the system audit, an assessment is also made of how the responsible national authorities use the Fraud Risk Assessment Tool, provided by the Commission as an Annex to its Guidance note on fraud risk assessment and effective and proportionate anti-fraud measures (EGESIF_14-0021-00).

According to the results of the audit checks carried out, the audit authority can make recommendations to the responsible authorities to improve the use of these IT tools, with a view to enhancing the prevention, detection and penalising of irregularities and to ensure that the European Union’s financial interests are protected.

In addition to these IT tools, managing authorities also use IT tools, e.g.: the Directorate for Control and Anti-fraud, within the Agency for the Financing of Rural Investments (AFIR), carries out sample checks of projects, including checks from the submission of the funding request to the finalisation of the project (ex-ante) and during its monitoring period (ex-post). The sample consists of a segment of subjects identified according to predetermined criteria with a well-defined objective based on the risk assessment method.

Check samples of the Directorate for Control and Anti-fraud:

a)    Control of projects in the process of implementation, for projects contracted under investment measures (sample to be selected throughout the year, taking account of the following considerations):

-    based on the types of irregularity identified in the quarterly information notes drawn up by DCA-SCOE on the main types of irregularities;

-    After receiving DG AGRI’s report on the management, control and penalty system for investment measures under NRDP 2014-2020 or relating to NRDP 2007-2013 where they are taken over in accordance with Chapter 19 of NRDP 2014-2020, in the event that certain types of irregularities are identified for funding measures, the DCA will draw up a sample for checking, comprising at least the same number of projects as those checked by DG AGRI in the field, for the same measures. The projects to be included in the sample will be selected according to the same algorithm used by DG AGRI when determining the sample to be checked during that mission. The aim of this action is a broader check of projects, in order to anticipate the scale of the irregularities found and the possible financial impact. Projects taken over in accordance with Chapter 19 of NRDP 2014-2020 will be identified in the sample control plan by the new project code allocated following the change to NRDP 2014-2020.

b)    ex-post control, sample of at least 1 % of the total value of the eligible expenditure settled in relation to projects contracted and finalised under investment measures, selected on the basis of the risk assessment method, to which randomly-selected projects are also added.

Furthermore, AFIR’s Internal Audit Directorate uses its own methodologies developed internally to analyse and evaluate those risks, including the identification of fraud risks associated with its own planning and assessment activities, carried out both in order to identify auditable areas with high risk (strategic and annual internal audit planning) and in order to identify risks associated with areas actually audited during the missions carried out.

Also, to assist in the performance of the risk assessment and the selection of the sample of operations to be checked during internal audit missions, AFIR-DAI has used, and still uses, a CAAT tool (Computer assisted audit techniques) and IBM SPSS (Statistical Package for the Social Sciences). Furthermore, AFIR-DAI is in the process of analysing internally and testing the use of ‘open source’ tools, such as VERINICE (tool developed to support the analysis and evaluation of risks associated with information security).

Furthermore, the National Integrity Agency (ANI) supported the design and implementation of the ‘PREVENT’ system, the purpose of which is reflected in its name, i.e. to prevent corruption. The general purpose of the mechanism is to prevent conflicts of interest in the award of public contracts through the introduction of ex-ante checks in situations which could cause conflicts of interest in the electronic public procurement process, so that they can be eliminated without affecting those procedures.

This system has been implemented following the Commission’s recommendations in the CVM report on protection against conflict of interest in the management of public funds. In Romania and in many other countries, public procurement is prone to corruption because of the custom of awarding public contracts to companies owned by family members of local public officials.

The Government has therefore adopted a memorandum which has enabled the ANI to implement an integrated IT system to prevent and identify conflicts of interest (PREVENT).

The contracting authority is obliged to fill in the relevant data and information for the decision makers in the authority and tenderers each time a procurement procedure is opened and at the time of the submission of bids. The type of information is entered in a new form - the integrity form - which will be available in SEAP.

Furthermore, the integrity form must be uploaded to the PREVENT system, where several databases of relevant systems (the Commercial Register, personal IDs, assets/interests declared etc.) will work together to carry out an intelligent analysis of the data, with a view to detecting any potential conflict of interest. If a potential conflict of interest is identified, an integrity warning is issued to the head of the local authority in question, which must take measures to eliminate the party (or parties) with a conflict of interest.

The ANI will continue to monitor the integrity warnings issued and, if no action is taken, it will be able to establish a conflict of interest or to notify other competent authorities (e.g. the National Anti-corruption Directorate, the Anti-fraud Department etc.).

This innovative ‘business intelligence’ solution in which multiple databases work together in an integrated system makes a significant contribution to effectively preventing conflicts of interest in a public procurement market of approximately EUR 17 billion.

Law No 184/2016 establishing a mechanism for preventing conflicts of interest in the award of public procurement contracts was promulgated by the President of Romania on 17 October 2016 and was published in the Official Gazette of Romania, Part I, No 831, on 20 October 2016.

SI

Part 1: reply from the Agency for Agricultural Markets and Rural Development of Slovenia (AKTRP)

The Control Unit (Služba za kontrolo) uses the information on cases reported through the IMS in order to select applications for on-the-spot controls under different measures. Every year template applications for control are designed under different measures both for random controls and those based on risk factors. As a rule, one of the principal risk factors is the one based on the list of applications reported through the IMS.

Part 2: reply from the Government Office for Development and European Cohesion Policy (provided in EN)

The MA and IB have prepared fraud risk self-assessment, Strategy MA for the development of an anti-fraud on the area of cohesion policy, training of the members of MA on the area of frauds (with help of police). For the purpose of on the spot verifications the MA has prepared risk analysis, based on different indicators (depending on found, on beneficiary…) which could be amended, changed in later stages, according to the findings of the management verifications, audits… Regarding possible use of Arachne tool Slovenia (Investment for growth and jobs) is currently in a reflexion phase.

SK

THE CENTRAL CONTACT POINT FOR OLAF

The Central Contact Point for OLAF quarterly reports the irregularities through the IMS. Pursuant to the Commission Regulation (EC) No 1828/2006 of 8 December 2006 setting out rules for the implementation of Council Regulation (EC) No 1083/2006 laying down general provisions on the European Regional Development Fund, the European Social Fund and the Cohesion Fund and of Regulation (EC) No 1080/2006 of the European Parliament and of the Council on the European Regional Development Fund, to Slovak Republic has the obligation to report all irregularities to the Commission:

- which financial impact for EU source exceeds EUR 10 000, -EUR and which have been subject of a primary administrative or judicial finding,

- which has shown the "suspicion of fraud" within the meaning of the Convention,

- which expected consequences outside the Slovak Republic,

- which indicated new methods and new practices of committing fraud.

ARACHNE

Currently, Slovak national authorities incorporate the Guidelines on ARACHNE system to national legislation.

THE MINISTRY OF FINANCE OF THE SR

The Ministry of finance of the SR is under national legislation the Certification authority. According to competencies, which arise to Certification Authority from the Art. 126 of the regulation (EU) No 1303/2013 of the European Parliament and of the Council of 17 December 2013 laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries Fund, the Certification authority plans to use Arachne tool in relevant cases to browse and analyse data in order to identify possible fraud risk, irregularities and on-going investigations during the certification of expenditures to European Commission.

The Ministry of finance of the SR is the audit authority in the SR. Risk assessment is a basic element for determining the priorities of the planned audit activities based on an objective analysis of the risk factors of the Management Control System (hereinafter “the MCS”) at the level of all management and control authorities:

•    at the strategic level (authorities covering horizontal areas), and

•    at the programme level, i.e. those covered by system audits .

Basic rules for the risk assessment:

•    all bodies involved in the MCS are subject to an annual risk assessment, whereas the risk assessment is carried out for each authority separately,

•    the risk assessment is performed on an annual basis usually by 15th January, whereas the risk assessment concerns the previous accounting year.

Based on the risk assessment, an indicative plan of system audits (for the entire programming period 2014 – 2020), a plan of system audits (3-year rolling plan) and an annual plan of system audits is developed.

The risk assessment is not carried out for the AA, as the AA cannot audit its own processes. An independent audit body can perform the audit of the AA, if needed.

Connecting Risk Assessment Results to the System Audit Plan

The AA shall create a plan of system audits based on the results of the risk assessment in 2 steps:

1. Determining in which year within the 3-year plan of system audits, a system audit of an authority/body should be performed.

2. Determining the areas of the system audit based on the evaluation of the MCS of the assessed authority/body (if relevant).

Ad 1/ Determining in which year of the 3-year plan of system audit, a system audit of an authority/body should be performed

Within the 3-year plan of system audits, authority/body with higher risk level is prioritised time-wise for the performance of a system audit compared with authority/body with lower risk level.

Ad 2/ Determining the focus areas of the system audit

The areas for the performance of the system audit shall only be determined for the authority/body at the programme level – the Management authorities, Controller(s), Certification authority and IS administrators – by aiming at the specific area of the MCS (hereinafter “the KR”) that was assigned with the highest risk level by assessing the control risk, i.e. medium and high risk level.

For other authorities/bodies such as the Central Coordination Authority, CCP OLAF and others, given their specific role in the assessment of the MCS, all KRs of each authority/body will be audited as a part of the system audit.

THE SUPREME AUDIT OFFICE OF THE SLOVAK REPUBLIC

Within planning the audit activities the Supreme Audit Office of the Slovak Republic uses the risk analysis and catalogue of the risks, which is updated annually. During preparation of the audit to be carried out at an entity, the inherent, control and detect risks are assessed (and re-assessed).

Except of MS Excel, in the risk-assessing process, the Supreme Audit Office of the Slovak Republic uses also its own specialised information system (Audit Information System) that includes the tools risks identification and risks assessment. The IT tool provides a support for strategic and annual planning.

The Supreme Audit Office of the Slovak Republic used the ARACHNE System during the execution of audits in 2016. As of today the tool is not full operation and it is missing full support at the national level.

THE SLOVAK AGRICULTURAL PAYING AGENCY

Each year the Slovak Agricultural Paying Agency elaborates yearly plan of internal audits and ex-post controls on the basis of risk analysis. Internal Audit Department evaluates all relevant risk factors for all significant areas and selects areas for auditing and ex-post controls in the current year. One of the main risk factors is risk of fraud. In addition, within the preparation of each audit the relevant risk factors including risk of fraud are taken into account.

They have to stress that the Agricultural Paying Agency currently does not use any IT tool for internal audits planning.

FI

The Managing Authority of the Structural Funds is considering the use of Arachne as a tool for fraud risk assessment. The Arachne is currently being tested with national data from the Structural Funds and it will be decided later on, if the Managing Authority will start permanently using the system.

SE

Swedish Customs uses three national IT-systems, called TDS Spärr, Selection of the flow of goods SIV and LEGO, to help select information in the import-, export- and transit-declarations and the manifests.

ISF: Due to the early stage of ISF, no experiences regarding detecting fraud or irregularities can yet be presented.

ESF and FEAD: The report drawn up when preparing each project application contains questions aimed at ensuring that the applicant is liquid, is not bankrupt and has administrative and financial capacity. The report also assesses the applicant’s capacity to make competitive purchases. A risk assessment plan is also drawn up for each project. The preventive work is carried out in the risk assessment plan. The plan also identifies a number of different risk areas, which are each assessed in turn. The risk areas are identified based on experience from audits and on the Commission’s requirements. The risk areas are therefore identified on the basis of risk and materiality.

An examination report based on the risk assessment plan is also drawn up for each payment application. This report identifies what is to be examined and how based on the risk level selected in the risk assessment plan. It also describes any measures to be taken. The risk assessment plan can be updated after each payment application if the reviewer considers that the risk profile has changed.  

On-the-spot checks are also carried out, and special procedures have been established for these. On-the-spot checks must be carried out at least once per project, and are based on the costs for which the beneficiary requested aid. The on-the-spot check must be carried out when the project is in full swing both operationally and financially, and must complement the administrative check.

In addition, a self-assessment group at the authority analyses every year the risk that the authority will fall victim to fraud. The group works on the basis of the Commission guidance EGESIF_14-0021 on fraud risk assessment and effective and proportionate anti-fraud measures.

ERDF: The Swedish Agency for Economic and Regional Growth has an IT system called NYPS. It also has a team tasked with developing an anti-fraud policy aimed at preventing, detecting and stopping fraud in accordance with Article 125(4)(c). The team has drawn up an anti-fraud strategy and action plan which will be adopted in the near future. The strategy will be revised every other year and the action plan every year. The Nyps 2020 system has a number of in-built checks to prevent fraud.

Example of a check: Procedure for checking and recording the payment method for a project in Nyps 2020

The case officer enters the organisation’s number, its SSEL number, the Nyps ID and the company’s name together with the desired bank or postal giro account number. Note that bank account numbers are not accepted. The data controller searches the organisation in Nyps 2020 and checks the bank giro account number against www.bankgirot.se . They ensure that, according to the bank transfer centre [bankgirocentralen], the bank giro account number corresponds to the organisation’s number and company name. The same procedure is followed for plus giros, but the search is made on http://www.plusgirot.se/ .

Rural Development Fund, Guarantee Fund and Fisheries Fund: Every year the Board of Agriculture prepares risk analyses for the areas it is responsible for. Identifying and assessing the risk of fraud is one of the parameters in its risk assessment and identification. In addition, the Board has developed a separate risk analysis (not yet adopted) for fighting fraud for use by the bodies that develop risk analyses.

AMIF: The Funds department carries out the mandatory administrative checks (desk checks) for each payment application submitted by the beneficiaries each quarter. A risk assessment model is used to determine whether extended administrative checks and/or on-the-spot checks should be carried out for each project, and a risk assessment plan is drawn up for each project. Four risk areas are identified in this risk assessment model: operational implementation capacity, target group, administrative implementation capacity and the purchase of goods and services. These risk areas are identified so that the measures and examinations focus on the most at-risk areas. Depending on the selected level of risk, different types of checks (extended checks or on-the-spot checks) are carried out. The risk level also determines how in-depth the checks will be. The risk assessment tool is also flexible in that it is often possible to adapt the measures to the individual circumstances of the project. In this way, the Funds department is able both to prevent and detect irregularities because it carries out regular and rapid checks on every beneficiary and every project.

The SEFI Council’s Guidelines for the handling of suspected crime in connection with the management of EU funds is used as the basis and a tool for assessing whether certain actions should be treated as a suspected crime. The Funds department is currently working on developing an anti-fraud strategy and a procedure for dealing with fraud.

Each payment is certified by at least two mutually independent bodies. Information on the bank/postal giro number and the recipient’s organisation number are checked against the Swedish Companies Registration Office records to ensure that the beneficiary is correct. No payments can be made to beneficiaries that are not in the Agresso register of suppliers.

There are no examples of detected irregularities and/or fraud because the AMIF projects started late and only one application for payment has been submitted and checked.

UK

The recommendation is broadly welcomed by UK Managing Authorities. The tools mentioned in the recommendation are used across different UK Managing Authorities, though Gibraltar use a different system which has specifically been designed to take the small programme size and the limited amount of projects into consideration. They will therefore not be using the Commission tools as and they feel that they already have an effective system in place. For those MAs that were using the tools, they were broadly considered positively, though did have some concerns (see below).

The tools used by each Managing Authority are as follows:

ESF England (DWP) had some concerns with ARACHNE v1, noting that the system requires further refinement for searches, and that ARACHNE produces red flags if a beneficiary has more than one project, but which does not necessarily mean there has been a conflict. Welsh Government are fully utilising ARACHNE, though feel that the ARACHNE tool could cater more widely for voluntary sector organisations and other small organisations.

IMS was in use across all of the UK Managing Authorities, with Northern Ireland commenting that the recently launched update showed improvement in user friendliness, and welcomed that it allowed MS users to close irregularities without having to submit them for OLAF permission to proceed. They also noted that the Commission’s support team for the software had proved helpful and efficient.

The Fraud Assessment Tool had been adopted across the UK MAs, and it seems to be valuable in identifying risks and controls in the management of the programmes. The use of pre-populated templates helps with full consideration of potential risks, but could limit tailoring to local needs. There may be a case for including less pre-defined risks and controls in the tool itself to encourage this.

In answer to the systems and tools used to perform a risk analysis, most of the MAs and DAs have their own audit strategies. DWP utilise the Fraud Risk Assessment Tool. Whiles Scotland have a Management and Control System in place that includes processes for setting levels of management and administrative verification and relate these to their risk mechanism.