WHO Policy on Prevention, Detection and Response to Fraud and Corruption PDF
Document Details
Uploaded by RaptForethought4064
Bangalore University
2022
Tags
Related
Summary
This document outlines the WHO policy on preventing, detecting, and responding to fraud and corruption. It addresses the potential impacts of fraud and corruption on global health outcomes and provides a framework for managing these risks within the organization. The policy covers critical aspects of fraud prevention.
Full Transcript
WHO Policy on Prevention, Detection and Response to Fraud and Corruption Effective 4 July 2022 Office of Compliance, Risk Management and Ethics Office of the Director-General Announcement Type Policy Announcement Title...
WHO Policy on Prevention, Detection and Response to Fraud and Corruption Effective 4 July 2022 Office of Compliance, Risk Management and Ethics Office of the Director-General Announcement Type Policy Announcement Title WHO Policy on Prevention, Detection and Response to Fraud and Corruption Initiator (Department) Office of Compliance, Risk Management and Ethics; and Office of the Director-General Initiator (Unit) Compliance and Risk Management Unit Document Name Information Note Number 12/2022 Subject Preventing, Detecting and Responding to Fraud and Corruption Effective Date 4 July 2022 Applicability All staff, non-staff personnel, and other individuals who work at WHO Addressed to All WHO Offices Revision / Amendment Fraud Prevention Policy & Fraud Awareness Guidelines (effective / Replaces April 2005) Related Documents please refer to Annex 1 WHO Policy on Prevention, Detection and Response to Fraud and Corruption Contents Introductory note............................................................................................................. 4 1 Context....................................................................................................................... 4 2 Purpose...................................................................................................................... 5 3 Scope of application................................................................................................... 5 4 Principles.................................................................................................................... 5 5 Definitions.................................................................................................................. 6 6 Anti-fraud and anti-corruption cycle: prevention, detection, response.................... 7 6.1 Prevention............................................................................................................... 8 6.2 Detection (and reporting)...................................................................................... 8 6.3 Response................................................................................................................. 9 7 Key requirements, roles and responsibilities............................................................ 9 7.1 Key requirements................................................................................................... 9 7.2 Roles and responsibilities..................................................................................... 10 8 Review of this policy................................................................................................ 13 Annex 1. WHO Policies and documents included in WHO’s anti-fraud/anti-corruption framework (chronological order)................................................................................... 14 Annex 2. Examples of conduct constituting fraud or corruption................................... 15 3 WHO Policy on Prevention, Detection and Response to Fraud and Corruption Introductory note This policy encapsulates WHO’s existing rules and practices regarding fraud and corruption (referred to in this document as WHO’s anti-fraud/anti-corruption framework). It reflects the most recent organizational changes in WHO and replaces the Fraud prevention policy and fraud awareness guidelines, issued in April 2005. This updated policy builds on anti-fraud and anti-corruption practices promoted by leading international professional bodies and peer organizations, particularly within the United Nations (UN) system, to adopt a contemporary definition of fraud and corruption and set forth robust mechanisms to combat them. Any question concerning this policy or the other components of the WHO anti-fraud/anti-corruption framework should be addressed to the Office of Compliance, Risk Management and Ethics at WHO Headquarters. 1 Context 1. Fraud and corruption are serious threats to any organization; no organization is immune to them. 2. As established in its Constitution, WHO’s objective is “the attainment by all peoples of the highest possible level of health”.1 Fraud and corruption have the potential to impede WHO’s mission in various ways, for example: (i) by preventing households from receiving the health services they need or by limiting equitable access to health care through inflated household out-of-pocket expenditures; (ii) by increasing the number of substandard and falsified medical products, potentially leading to increased rates of morbidity and mortality; (iii) by causing significant losses of public funds and hindering the implementation of health programmes; (iv) by reducing the ability of Member States to make evidence-based health policy choices, as a result of, for example, misrepresentation of health data or unmanaged conflicts of interest; (v) by eroding trust in WHO’s operations and ability to protect resources, potentially leading to suspension or loss of donor funding, and consequent reduced delivery of essential health services for all. 3. Combating fraud and corruption is therefore critical if WHO is to achieve its mission and mandate. The occurrence of fraud and corruption would also be in contradiction with WHO’s code of ethics and professional conduct, which articulates principles of independence, impartiality, integrity, respect and professional conduct. 4. Fraud and corruption pose significant risks to WHO, and may be harmful to its objectives, reputation and effective governance. 5. In maintaining a framework to effectively manage these risks, WHO provides assurance to its Member States, donors and the public that integrity and accountability are key intrinsic features of all its activities. 6. WHO is committed to addressing fraud and corruption through the cycle of “prevent, detect and respond”. 7. WHO works within a results-based management framework that calls for delegated responsibility, authority and accountability in a decentralized environment at all levels of the Organization as defined 1 Basic documents, 49th edition. Geneva: World Health Organization; 2020 (https://apps.who.int/gb/bd/pdf_files/BD_49th- en.pdf#page=7). 4 WHO Policy on Prevention, Detection and Response to Fraud and Corruption in WHO’s Accountability Framework. 2 In line with this framework, every member of the WHO workforce has a role to play in the achievement of results and the stewardship of resources in an ethical and transparent manner. All parties contributing to WHO’s activities are expected to conduct themselves with integrity and loyalty to the aspirations, goals and values of WHO. 2 Purpose 8. This policy defines an updated anti-fraud and anti-corruption framework that supports WHO’s commitment to preventing, detecting and responding to fraudulent and corrupt practices. Annex 1 lists key reference documents covering different aspects of this framework. 9. The policy: (i) institutes common definitions of a range of fraudulent and corrupt practices, which will apply to all WHO activities as defined below in section 3, (ii) promotes risk-based anti-fraud and anti- corruption approaches across WHO, and (iii) clarifies roles, activities and key principles and requirements for the prevention, detection, reporting, investigation and sanctioning of fraudulent and corrupt practices. 3 Scope of application 10. Covered activities. This policy applies to all WHO activities, which are defined as all activities and operations that WHO engages in or finances, either directly or indirectly through covered parties, in whole or in part. 11. Covered parties. This policy applies to the following categories of individuals and entities: a) WHO staff, independent of their location, grade, type or duration of appointment, including temporary appointment holders and secondees3; b) WHO individual collaborators, notwithstanding their contractual or remuneration status, i.e. individuals who have a contractual relationship with WHO, such as temporary advisers, holders of a Special Services Agreement (SSA) or of an Agreement for Performance of Work (APW), consultants, volunteers and interns, as well as holders of a UNOPS Individual Contractor Agreement (ICA) (“Individual collaborators”); c) Third party entities such as vendors, contractors, grant recipients and technical partners; d) Other entities and individuals who receive WHO funds, execute a project or perform any other work or activities in the name of or for the benefit of WHO; and e) Individuals or their legal representatives who are eligible for WHO entitlements and insurances, such as dependents, retirees and other eligible family members. 4 Principles 12. Anti-fraud and anti-corruption measures advance global health outcomes. WHO recognizes that fraudulent and corrupt practices (also known as prohibited or illicit practices) may take root not only in financial management but also in governance, strategic and operational decision-making processes, and in programme design and reporting (including human resources and data management). Thus, fit-for-purpose prevention, detection and response actions need to be taken in all these areas, in order to advance WHO’s work and achieve the global health outcomes set out in the WHO General Programme of Work and the United Nations’ Sustainable Development Goals (UNSDG). 2 Accountability Framework: https://intranet.who.int/homes/cre/documents/accountability_framework.pdf. 3 Junior Professional Officer (JPOs) and individuals on loan from other entities are also bound by this policy. 5 WHO Policy on Prevention, Detection and Response to Fraud and Corruption 13. Zero tolerance for inaction. WHO takes a zero-tolerance approach to fraudulent and corrupt practices, which means that the Organization maintains a clear and firm stance in responding to all detected instances of such practices. This includes taking timely actions on substantiated cases of fraudulent and corrupt practices, such as disciplinary action, recovery of funds, termination of contractual relationships, referral to law-enforcement, administrative and judicial authorities at national level, debarment and other compensatory or sanction mechanisms, as deemed relevant and applicable by WHO. 14. Accountability and transparency. The WHO mission, values and accountability principles set the strategic direction for the WHO approach to preventing, detecting and responding to fraudulent and corrupt practices. Anti-fraud and anti-corruption measures build on the WHO accountability framework and the principles of responsibility and transparency. 15. Strong engagement with Member States and relevant stakeholders. WHO recognizes that managing the risk of fraudulent and corrupt practices is a collective responsibility of all global health stakeholders that requires strong collaboration for building robust and sustainable health systems. 16. Alignment with international anti-fraud and anti-corruption norms and practices. In implementing this policy, WHO will align, as appropriate, with existing best practices, as set out in international conventions (such as the United Nations Convention against Corruption), as well as with international professional standards of risk management and compliance. 5 Definitions 17. The terms fraud and corruption are commonly used to describe a wide variety of prohibited practices. Fraud and corruption do not necessarily bring immediate financial or other direct or indirect benefit for the individual(s) committing them, but may cause financial, operational or reputational damage to WHO. The following definitions apply to terms as they are used in the context of this policy and override other definitions that may be included in other WHO documents. The following practices will be referred to in this policy as “fraudulent or corrupt practices” or “prohibited” practices: a. Fraud or fraudulent practice is any act or omission, including any misrepresentation, that knowingly misleads, or attempts to mislead, a party to obtain any financial or other benefit or to avoid an obligation, whether for oneself or for others. b. Corruption or corrupt practice is the offering, giving, receiving or soliciting, directly or indirectly, of anything of value to influence improperly the actions of another party. It may reflect an abuse of power or improper use of resources for private gain. c. Theft or misappropriation is the unauthorized taking of anything of value that belongs to another party. d. Collusive practice is an arrangement between two or more parties designed to achieve an improper purpose, including improperly influencing the actions of another party. To avoid any doubt, this includes, without limitation, any arrangement involving covered parties that is intended to override this policy and WHO’s framework to prevent fraud and corruption (see Annex 1), or may have that effect or result. 6 WHO Policy on Prevention, Detection and Response to Fraud and Corruption e. Coercive practice is impairing or harming, or threatening to impair or harm, directly or indirectly, any party or the property of the party to influence improperly the actions of a party. f. Obstructive practice is deliberately destroying, falsifying, altering or concealing evidence relevant to an investigation or making false statements to investigators in order to materially impede an investigation into allegations of corrupt, fraudulent, coercive, or collusive practice; and/or threatening, harassing or intimidating any party to prevent it from disclosing its knowledge of matters relevant to the investigation or from pursuing an investigation; or acts intended to materially impede the exercise of investigation and audit rights or failing to comply with the duty to report as defined in the WHO Whistleblowing and Protection Against Retaliation Policy,4 or under relevant obligations of this policy, including paragraph 32. g. Money laundering is the conversion, transfer, acquisition, possession or use of property by any party who knows, or who may be reasonably presumed to know, that such property is derived from criminal activity or from participation in such activity, including the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, such property, or aiding, abetting and facilitating such acts. h. Financing of terrorism is the provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used, or in the knowledge that they are or will be used, in full or in part, to benefit individuals and entities subject to sanctions imposed by the United Nations Security Council and appearing on the United Nations Security Council Consolidated List.5 Examples of fraudulent and corrupt practices are presented in Annex 2. 18. In addition, the following definitions apply to this policy. a. Credible allegations are allegations or suspicions under the scope of this Policy that, if substantiated, would establish the existence of fraudulent or corrupt practices resulting in financial, operational losses or reputational damage to the Organization or its interests, and that provide sufficient detail or supporting factual basis (i.e. sufficient, plausible, and accurate information) for the matter to be pursued responsibly. b. Conflict of interest occurs when private interests (financial, personal, or other non-WHO interest or commitment) interfere, or could appear to interfere, with the ability of a covered party to act impartially, to discharge their functions or obligations and to regulate their conduct with the interests of WHO only in view.6 6 Anti-fraud and anti-corruption cycle: prevention, detection, response 19. To be effective, the anti-fraud and anti-corruption approach in WHO needs to be implemented as a comprehensive cycle of prevention, detection and response actions supported by clearly defined roles and responsibilities. 20. WHO recognizes the importance of ensuring that sufficient resources are available to effectively implement the activities related to this cycle and described below. 4 https://www.who.int/about/ethics/whistleblowing-and-protection-against-retaliation 5 United Nations Security Council consolidated list. New York: United Nations (https://www.un.org/securitycouncil/content/un- sc-consolidated-list). 6 WHO Code of Ethics and Professional Conduct, see Annex 1. 7 WHO Policy on Prevention, Detection and Response to Fraud and Corruption 6.1 Prevention 21. As part of its activities, WHO implements, maintains and continuously enhances a fit-for-purpose, risk-based, anti-fraud and anti-corruption framework that fosters prevention of prohibited practices and includes: policies and procedures (including an up-to-date accountability framework); mandatory induction, training and refresher courses for staff to raise awareness of the potential fraud and corruption schemes and the related risks (i.e. financial, operational, technological, etc.); strong internal controls, including fit-for-purpose, risk-based preventive measures such as (but not limited to): o access controls and audit trails - appropriate technical and physical mechanisms to protect and safeguard assets and records; o effective automated preventive controls integrated into information systems (ideally combining automation and advanced technologies during their design) to minimize reliance on manual performance of controls; o effective segregation of duties to minimize opportunities for inappropriate assignment or accumulation of incompatible functions; o risk-based due diligence processes – rigorous selection procedures for hiring WHO staff and collaborators and for contracting with third parties; o regular monitoring of the performance of third-party entities such as vendors, contractors, grant recipients and technical partners through performance assessments and feedback mechanisms; effective fraud and corruption risk assessment processes: o addressing root causes of fraudulent and corrupt practices (e.g. dynamic consideration of actual or perceived conflict of interest, unclear flows of funds, of products or of data) o commensurate with the size and complexity of activities or material changes in the way these activities are implemented; o that are subject to periodic updates (at least once a year) to improve resilience; advocacy and communication, including the communication of disciplinary measures taken; effective reporting mechanisms to encourage the reporting of all suspicious activity for consideration by the appropriate authority; adapted anti-fraud and anti-corruption legal clauses for contractual relations with covered parties; coordination and collaboration with the UN system and other international organizations and systems. 22. Fraud and corruption prevention and mitigation measures will be implemented at all levels of the Organization in accordance with WHO’s accountability framework and will be monitored regularly to ensure that fraud and corruption risks are effectively managed. 6.2 Detection (and reporting) 23. All covered parties are expected to take an active role in detecting prohibited practices. WHO will facilitate detection and reporting by: building fit-for-purpose detective controls into programme and project design and planning, based on appropriate fraud and corruption risk assessments; establishing appropriate supervisory mechanisms with clear reporting lines; use of data analysis to detect potential anomalies and exceptions; 8 WHO Policy on Prevention, Detection and Response to Fraud and Corruption regularly monitoring programme results through compliance reviews, internal control assessments, audits and other assurance activities. 24. Suspicions of fraud or corruption and related allegations, made in good faith, must be reported. One of the following channels should be used: Staff members should report their concerns to the Office of Internal Oversight Services (IOS) in WHO Headquarters, or to the Director of Business Operation Services (BOS)/Director of Administration and Finance (DAF) in the regional offices, or the Comptroller / Director of Finance at Headquarters or through WHO's Integrity Hotline. 7 Individual collaborators and other covered parties should report suspicions of fraud or corruption through the Integrity Hotline, or through other similar complaint mechanisms applicable to their situation. People reporting such allegations are protected against retaliation as provided under paragraph 32. 6.3 Response 25. WHO will take corrective measures when the Organization is exposed to fraud or corruption. Fraud or corruption is established when the facts have been found to corroborate the allegations raised through an authorized investigative processes or by law-enforcement, administrative and judicial authorities at national level. 26. The Office of Internal Oversight Services (IOS) will assess the reports of concern received, and under the full authority of the Office decide on and authorize the investigative actions to be taken. Within WHO, IOS has exclusive authority to perform, manage, or authorize others to perform or manage investigations. Internal administrative investigations will be conducted with full respect for confidentiality and due process rights, in accordance with IOS guidelines and established investigative processes and WHO’s applicable rules and procedures. 27. WHO will respond to substantiated cases of fraudulent or corrupt practices by taking appropriate and timely corrective measures, which may include: disciplinary action, recovery of funds, withdrawal of benefits, termination of contractual relationships with covered parties, referral to law-enforcement, administrative and judicial authorities at the national level, debarment (inclusion in the United Nations ineligibility lists), and other compensatory or sanction remedies as deemed necessary and applicable by WHO. Such action may therefore include sharing of relevant information and evidence collected, with third parties, in line with WHO’s policies, procedures and relevant contractual arrangements. 28. When cases of fraud or corruption are substantiated, a “lessons learnt” exercise should be conducted to minimize the risk of similar occurrences in the future. Such an exercise may lead, for example, to strengthening internal controls or raising awareness of staff, individual collaborators and other relevant parties through dissemination of the lessons learnt and related sanctions taken to reinforce a culture of integrity. 7 Key requirements, roles and responsibilities 7.1 Key requirements 29. Compliance. Adherence to this policy and the other components of WHO’s anti-fraud/anti-corruption framework is the responsibility of every covered party, whether an individual or an entity. Covered parties are expected to lead by example, by respecting and communicating this policy in connection 7 https://www.who.int/about/ethics/integrity-hotline 9 WHO Policy on Prevention, Detection and Response to Fraud and Corruption with (i) their own activities, (ii) the activities of any personnel they supervise, and (iii) where possible, in relation to the activities of third parties with whom they work, at the outset of the engagement and regularly thereafter. Failure to adhere to the obligations and principles set out in this policy and the other components of WHO’s anti-fraud/anti-corruption framework may lead to the imposition of disciplinary or other measures in the case of staff, and to actions consistent with the terms and conditions applicable to their legal arrangements with WHO in the case of third parties. 30. Prohibition of fraudulent and corrupt practices. No covered party may, directly or indirectly, participate, aid, abet or conspire with another party in the facilitation or commission of any prohibited practice in connection with WHO activities. As part of its response to prohibited practices, WHO will ensure that due process and accountability are respected when applying the corrective measures described above. 31. Emphasis on conflict of interest. Recognizing that conflicts of interest are often at the root of prohibited practices, WHO emphasizes the necessity for all covered parties declaring and, where applicable, effectively managing conflicts of interest in accordance with this policy and the other components of the WHO anti-fraud/anti-corruption framework, such as the Code of Ethics and Professional Conduct. To this end, an annual declaration of interests by WHO staff and the management of declarations of interest by experts and consultants8 are of critical importance. 32. Duty to report and protection against retaliation. All covered parties must promptly report all suspected fraudulent and corrupt practices. Individuals who report in good faith cases of suspected fraudulent and corrupt practices are entitled to protection against retaliation in accordance with the provisions of the WHO Whistleblowing and protection against retaliation policy.9 33. Right to access. In order to conduct detection and response activities effectively, WHO must be able to check and verify all aspects of its activities that may be exposed to the risk of fraud and corruption. For that purpose, all covered parties must collaborate and participate in, and enable, such verification, notably by taking all reasonable measures to facilitate access for WHO and its mandated representatives (including WHO`s partners) to any records, individuals and sites where its activities are implemented. 34. Communication and dissemination. All covered parties should communicate and disseminate this policy and the components of the WHO anti-fraud/anti-corruption framework to facilitate its implementation to relevant stakeholders. WHO may report violations of the provisions of this policy and the other components of the WHO anti-fraud/anti-corruption framework to other UN system organizations, applicable screening databases, Member States, donors and partners. 7.2 Roles and responsibilities 35. All covered parties need to comply with the principles enunciated in the policy and will be held accountable for failing to do so. This includes, without limitation, the obligation not to engage in, or contribute to, any fraudulent or corrupt practices. 36. In addition to the key requirements listed above and the specific roles and responsibilities described in the WHO internal control framework and the other components of the WHO anti-fraud/anti- corruption framework, the particular obligations of which are outlined below apply. 8 https://www.who.int/about/ethics/declarations-of-interest 9 https://www.who.int/about/ethics/whistleblowing-and-protection-against-retaliation 10 WHO Policy on Prevention, Detection and Response to Fraud and Corruption 37. The Director-General and Regional Directors have overall responsibility for the implementation of this policy and other components of the WHO anti-fraud/anti-corruption framework. Senior management10 with delegated authority are accountable to the Director-General and the Regional Directors for compliance with this policy and other components of the WHO anti-fraud/anti-corruption framework. They are required to: set the tone by emphasizing that fraud and corruption seriously undermine WHO’s values and objectives and are not tolerated; raise awareness of the risks of fraud and corruption through training and guidance; ensure that managers under their supervision implement prevention, detection and response measures as described in section 6 and that resources needed to implement those measures are made available. 38. WHO risk management committees. While the Director-General and Regional Directors have overall responsibility for the implementation of this policy and other components of the WHO anti- fraud/anti-corruption framework, they are assisted in this task by a group of designated senior staff representing key areas of WHO’s work. The WHO Global Risk Management Committee is the “owner” of this policy and oversees its effective implementation across the Organization with the support of the respective regional and local11 risk management committees. 39. Directors of Business Operation Services/Directors of Administration and Finance in the regional offices and the Comptroller and Director of Finance at Headquarters, when receiving reports of concerns, are required to: guarantee the confidentiality of reports received; communicate promptly all reports of concerns of fraud and corruption to the Office of Internal Oversight Services; ensure timely follow-up as appropriate; advise on appropriate measures to protect WHO’s interests. 40. The Office of Internal Oversight Services carries out risk-based, value-added, timely and result- oriented investigations of inter alia alleged fraud and corruption and other violations of WHO’s rules, regulations and policies. In addition to preparing investigation reports on the findings, and conclusions on cases investigated, it reports to WHO’s governing bodies on the activities conducted and issues recommendations on addressing weaknesses in controls and processes, deficiencies in regulatory frameworks, and on other opportunities for improvement identified in the course of its investigations. IOS may also conduct proactive reviews and audits of areas of higher-than-normal risk, based on an assessment of identified concerns or the existence of “red flags” of suspected inappropriate activity. IOS informs the Director-General, the Comptroller/Director of Finance in Headquarters and, where appropriate, the relevant Regional Directors of the outcome of its investigation and recommendations for action, including any follow-up measures and recoveries, as appropriate. The Office administers the Integrity Hotline and maintains an email ([email protected]) to receive directly from individual staff members or other parties, complaints or information concerning the possible existence of fraud, waste, abuse of authority or other irregular activities. 41. The Human Resources and Talent Department (HRT) in WHO Headquarters and individuals in human resources roles in regional and country offices are responsible for ensuring (i) that any administrative or disciplinary measures resulting from investigations have been duly implemented, (ii) that information on possible interim measures 12 is shared with the Director-General, the 10 Executive directors, assistant directors-general, WHO representatives and directors. 11 At country, division or programme level, as relevant. 12 “WHO recognizes that interim measures may be required … to ensure the integrity of the investigation and any evidence, to prevent the occurrence or repetition of prohibited conduct, or to prevent retaliation. Interim measures may also be necessary to 11 WHO Policy on Prevention, Detection and Response to Fraud and Corruption Comptroller/Director of Finance in Headquarters and the relevant Regional Directors, where and as appropriate; and (iii) that Anti-fraud/Anti-corruption training requirements for all staff is included in WHO`s mandatory training programme and related monitoring mechanisms. 42. The Office of Compliance, Risk management and Ethics (CRE), in collaboration with the regional network of compliance and risk management focal points, assists the risk management committees in implementing and monitoring compliance with the policy. The risk management and compliance function in regions is fulfilled by risk and compliance focal points in each major office and/or risk and compliance advisers in major risk areas or complex contexts. The compliance and risk management network (i) provides guidance, support and training in anti- fraud and anti-corruption matters to departments, divisions and country offices, in close collaboration with departments of the Division of Business Operations Services (which includes Finance, Human Resources and Talent Management, Procurement and Supply Services, Security and Information Technology services) and any other relevant technical divisions and (ii) addresses the risk of Fraud and corruption in its compliance activities. Through its ethics function, CRE: (i) administers the ethics office email ([email protected]),13 and the implementation of the Policy on Whistleblowing and Protection against Retaliation and – in collaboration with the Human Resources and Talent Department – the Policy on Preventing and Addressing Abusive Conduct; (ii) provides confidential advice to parties reporting suspected unethical behaviour; (iii) makes recommendations for protection against retaliation as applicable; and (iv) provides guidance and advice in the management of conflicts of interest of individuals. 43. WHO staff and individual collaborators are required to: understand the exposure to fraudulent and corrupt practices across their range of responsibilities; exercise due care in managing the funds, resources and assets of WHO, by applying adequate preventive, detective and response measures in their activities in line with the risk management and internal control mechanisms included in WHO’s anti-fraud/anti-corruption framework; comply with mandatory anti-fraud and anti-corruption training requirements as applicable; promptly report all suspected fraudulent and corrupt practices, in accordance with the requirements of section 6 of this policy. 44. Other covered parties are required to take all necessary measures to prevent, detect and report any fraudulent or corrupt practices when engaging with WHO in compliance with applicable WHO policies (including this policy) and must comply with the terms of their respective agreements with WHO and/or any applicable WHO regulations. In particular, these other covered parties must: promptly report to WHO, through the Integrity Hotline or directly to IOS, any actual, presumed or suspected fraud and/or corruption of which they become aware; and in consultation with WHO, make every effort to recover all funds determined to have been diverted through fraud or corruption and return any recovered funds to WHO. Any resources found to have been misused by covered parties for any fraudulent or corrupt practices shall be repaid to WHO without delay. Furthermore, covered parties who are legal entities must: adopt and enforce robust anti-fraud and anti-corruption policies and procedures incorporating the principles contained in this policy, and apply them to WHO activities; protect the interests of WHO, including the effective functioning of an office.” Preventing and addressing abusive conduct. Chapter 11. Geneva: World Health Organization; 2021. 13 Allegations of fraud and corruption received by the ethics office are referred to IOS. 12 WHO Policy on Prevention, Detection and Response to Fraud and Corruption include appropriate provisions in their agreements with employees, contractors and implementing partners relating to WHO activities to strengthen the prevention, detection and reporting of actual, presumed or suspected fraud and corruption; and in consultation with WHO/IOS agree on the entity responsible for conducting an investigation of allegations of prohibited practices. If the investigation is not conducted by IOS, IOS will be kept regularly informed of the progress, and the outcome, of the investigation by the investigating entity, including on any proposed actions therefrom, in accordance with the respective Organization’s relevant rules, policies and procedures. 45. The Independent Expert Oversight Advisory Committee (IEOAC), an independent committee established by the Executive Board of WHO, reviews the systems established and measures taken by the Organization to prevent, detect and respond to fraud and corruption, and provides advice on the adequacy of WHO’s internal controls and enterprise risk management systems to the Programme, Budget and Administration Committee and the Executive Board. 46. WHO Member States that are signatories to the UN Convention Against Corruption14 are committed to addressing the risks of fraud and corruption by advancing collective efforts in the areas of “preventive measures, criminalization and law enforcement, international cooperation, asset recovery, and technical assistance and information exchange”. In this context, the signatories to the Convention are expected to provide mutual legal assistance in investigations, prosecutions and judicial proceedings in relation to the offences covered by the Convention. 8 Review of this policy 47. This policy will be reviewed and updated when required at least every 5 years, taking into account lessons learned from monitoring the implementation of the policy, any changes in the structures, complementary policies, and context of WHO that would impact the policy. 14 United Nations Office on Drugs and Crime. United Nations Convention against Corruption. New York: United Nations; 2004 (http://www.unodc.org/unodc/en/treaties/CAC/). 13 WHO Policy on Prevention, Detection and Response to Fraud and Corruption Annex 1. WHO Policies and documents included in WHO’s anti-fraud/anti-corruption framework (chronological order) Internal control framework (2013) WHO accountability framework (2015) WHO Corporate Risk Management Policy (2015) WHO whistleblowing and protection against retaliation. Policy and procedures (2015) WHO Code of Ethics and Professional Conduct (2017) WHO Policy on Misconduct in Research. Policy and procedures (2017) WHO procurement handbook (2018) WHO Policy on Preventing and Addressing Abusive Conduct (2021) WHO Policy Directive on Protection from sexual exploitation and abuse (SEA), (2022) and related Policies and procedures WHO Investigation process (2006) UN Supplier Code of Conduct Policies and guidelines relevant to WHO staff: o WHO eManual XII.10. Fraud policies and reporting of suspected fraud o WHO eManual I.6.2. Office of Internal Oversight Services o WHO eManual III.1. Duties, obligations and privileges o WHO eManual III.11. Conduct, administrative leave, disciplinary and non-disciplinary measures o WHO eManual III.12. Informal and formal resolution of disputes o WHO eManual III.10.14. Termination for misconduct o WHO eManual VI.1.2. Principles of WHO procurement o WHO eManual III.1.2. Declaration of Interests o Staff Rules 110.7.1 and 110.7.2 o Other policies and procedures in the WHO eManual and standard operating procedures, including within the areas of procurement, finance, cash management, programme implementation and human resources o Information note 08/2021: Preventing and addressing abusive conduct and procedures concerning harassment, sexual harassment, discrimination, and abuse of authority Any policy or procedure update superseding the above mentioned components of the WHO’s anti-fraud/anti- corruption framework are also considered part of the said framework. 14 WHO Policy on Prevention, Detection and Response to Fraud and Corruption Annex 2. Examples of conduct constituting fraud or corruption As defined in this policy, fraudulent and corrupt practices, also known as prohibited or illicit practices may involve, but are not limited to the following: a. bribery, kickbacks, facilitation payments or economic extortion; b. embezzlement, misappropriation or other financial irregularities; c. informed non-payment by staff of any monies due to the Organization (indebtedness), such as reimbursement of personal telephone calls, overpayment of per diem payments, salary advances, etc. d. health product substitution and counterfeiting (including but not limited to active pharmaceutical ingredients and medical equipment), such as by falsifying representation of product identity, source or marketing authorizations or registrations needed to operate in the market; or modifying packages to intentionally supply medical products and medical devices that do not conform to applicable standards; e. inappropriate use of delegated authority; f. intentional mishandling or breach of WHO’s contractual obligations and relations with third parties; g. forgery or alteration of any financial or official document (e.g. cheques, time sheets, agreements, financial reports and audits); h. misrepresentation or manipulation of any information arising from or relating to WHO activities (including any official technical documents, such as performance data, plans, proposals); i. misrepresentation, forgery, or false certification in connection with any official claim or benefit, including failure to disclose a fact material to that claim or benefit; j. intentionally or recklessly breaching confidentiality obligations, including with regard to personal data or information, or other sensitive/confidential data or information; and/or failing to implement adequate information security measures appropriate for the data or information in question in accordance with WHO’s policies and procedures on information security and confidentiality and personal data protection; k. intentionally engaging in unethical behaviour in clinical research, such as failing to obtain informed consent of a patient/individual with a patient-centered approach or failing to enforce appropriate clinical practice standards; l. intentionally breaching intellectual property rights of third parties; m. impropriety in the handling, recording or reporting of money or financial transactions; n. irregular use of the Organization's assets (including office supplies, letterhead, official vehicles, etc.); o. committing cyber-dependent crime, such as participating in ransomware, malware or social- engineering activities; p. contravention of any regulations, rules, policies or procedures; 15 WHO Policy on Prevention, Detection and Response to Fraud and Corruption q. unauthorized acceptance of honours, gifts or remuneration, seeking or accepting anything of material value from contractors, vendors or persons providing services or goods to WHO; r. intentionally not declaring annual or sick leave taken; s. encouraging, concealing, conspiring or colluding in any of the above actions. The above list is intended to be illustrative and is not exhaustive. 16