WHO Policy on Prevention, Detection and Response to Fraud and Corruption PDF

Summary

This document outlines the WHO policy on preventing, detecting, and responding to fraud and corruption. It addresses the potential impacts of fraud and corruption on global health outcomes and provides a framework for managing these risks within the organization. The policy covers critical aspects of fraud prevention.

Full Transcript

WHO Policy on
Prevention, Detection
and Response to
Fraud and Corruption
Effective 4 July 2022

Office of Compliance, Risk Management and Ethics
Office of the Director-General
Announcement Type Policy

Announcement Title WHO Policy on Prevention, Detection and Response to Fraud and
Corruption
Initiator (Department) Office of Compliance, Risk Management and Ethics; and
Office of the Director-General

Initiator (Unit) Compliance and Risk Management Unit

Document Name Information Note Number 12/2022

Subject Preventing, Detecting and Responding to Fraud and Corruption

Effective Date 4 July 2022

Applicability All staff, non-staff personnel, and other individuals who work at
WHO

Addressed to All WHO Offices

Revision / Amendment Fraud Prevention Policy & Fraud Awareness Guidelines (effective
/ Replaces April 2005)
Related Documents please refer to Annex 1
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

Contents

Introductory note............................................................................................................. 4
1 Context....................................................................................................................... 4
2 Purpose...................................................................................................................... 5
3 Scope of application................................................................................................... 5
4 Principles.................................................................................................................... 5
5 Definitions.................................................................................................................. 6
6 Anti-fraud and anti-corruption cycle: prevention, detection, response.................... 7
6.1 Prevention............................................................................................................... 8
6.2 Detection (and reporting)...................................................................................... 8
6.3 Response................................................................................................................. 9
7 Key requirements, roles and responsibilities............................................................ 9
7.1 Key requirements................................................................................................... 9
7.2 Roles and responsibilities..................................................................................... 10
8 Review of this policy................................................................................................ 13
Annex 1. WHO Policies and documents included in WHO’s anti-fraud/anti-corruption
framework (chronological order)................................................................................... 14
Annex 2. Examples of conduct constituting fraud or corruption................................... 15

3
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

Introductory note

This policy encapsulates WHO’s existing rules and practices regarding fraud and corruption (referred to in
this document as WHO’s anti-fraud/anti-corruption framework). It reflects the most recent organizational
changes in WHO and replaces the Fraud prevention policy and fraud awareness guidelines, issued in April
2005. This updated policy builds on anti-fraud and anti-corruption practices promoted by leading international
professional bodies and peer organizations, particularly within the United Nations (UN) system, to adopt a
contemporary definition of fraud and corruption and set forth robust mechanisms to combat them. Any
question concerning this policy or the other components of the WHO anti-fraud/anti-corruption framework
should be addressed to the Office of Compliance, Risk Management and Ethics at WHO Headquarters.

1 Context

1. Fraud and corruption are serious threats to any organization; no organization is immune to them.

2. As established in its Constitution, WHO’s objective is “the attainment by all peoples of the highest
possible level of health”.1 Fraud and corruption have the potential to impede WHO’s mission in various
ways, for example:
(i) by preventing households from receiving the health services they need or by limiting equitable
access to health care through inflated household out-of-pocket expenditures;
(ii) by increasing the number of substandard and falsified medical products, potentially leading to
increased rates of morbidity and mortality;
(iii) by causing significant losses of public funds and hindering the implementation of health
programmes;
(iv) by reducing the ability of Member States to make evidence-based health policy choices, as a
result of, for example, misrepresentation of health data or unmanaged conflicts of interest;
(v) by eroding trust in WHO’s operations and ability to protect resources, potentially leading to
suspension or loss of donor funding, and consequent reduced delivery of essential health
services for all.

3. Combating fraud and corruption is therefore critical if WHO is to achieve its mission and mandate.
The occurrence of fraud and corruption would also be in contradiction with WHO’s code of ethics and
professional conduct, which articulates principles of independence, impartiality, integrity, respect and
professional conduct.

4. Fraud and corruption pose significant risks to WHO, and may be harmful to its objectives, reputation
and effective governance.

5. In maintaining a framework to effectively manage these risks, WHO provides assurance to its Member
States, donors and the public that integrity and accountability are key intrinsic features of all its
activities.

6. WHO is committed to addressing fraud and corruption through the cycle of “prevent, detect and
respond”.

7. WHO works within a results-based management framework that calls for delegated responsibility,
authority and accountability in a decentralized environment at all levels of the Organization as defined

1
Basic documents, 49th edition. Geneva: World Health Organization; 2020 (https://apps.who.int/gb/bd/pdf_files/BD_49th-
en.pdf#page=7).
4
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

in WHO’s Accountability Framework. 2 In line with this framework, every member of the WHO
workforce has a role to play in the achievement of results and the stewardship of resources in an
ethical and transparent manner. All parties contributing to WHO’s activities are expected to conduct
themselves with integrity and loyalty to the aspirations, goals and values of WHO.

2 Purpose

8. This policy defines an updated anti-fraud and anti-corruption framework that supports WHO’s
commitment to preventing, detecting and responding to fraudulent and corrupt practices. Annex 1
lists key reference documents covering different aspects of this framework.

9. The policy: (i) institutes common definitions of a range of fraudulent and corrupt practices, which will
apply to all WHO activities as defined below in section 3, (ii) promotes risk-based anti-fraud and anti-
corruption approaches across WHO, and (iii) clarifies roles, activities and key principles and
requirements for the prevention, detection, reporting, investigation and sanctioning of fraudulent and
corrupt practices.

3 Scope of application

10. Covered activities. This policy applies to all WHO activities, which are defined as all activities and
operations that WHO engages in or finances, either directly or indirectly through covered parties, in
whole or in part.

11. Covered parties. This policy applies to the following categories of individuals and entities:
a) WHO staff, independent of their location, grade, type or duration of appointment, including
temporary appointment holders and secondees3;
b) WHO individual collaborators, notwithstanding their contractual or remuneration status, i.e.
individuals who have a contractual relationship with WHO, such as temporary advisers, holders of
a Special Services Agreement (SSA) or of an Agreement for Performance of Work (APW),
consultants, volunteers and interns, as well as holders of a UNOPS Individual Contractor
Agreement (ICA) (“Individual collaborators”);
c) Third party entities such as vendors, contractors, grant recipients and technical partners;
d) Other entities and individuals who receive WHO funds, execute a project or perform any other
work or activities in the name of or for the benefit of WHO; and
e) Individuals or their legal representatives who are eligible for WHO entitlements and insurances,
such as dependents, retirees and other eligible family members.

4 Principles

12. Anti-fraud and anti-corruption measures advance global health outcomes. WHO recognizes
that fraudulent and corrupt practices (also known as prohibited or illicit practices) may take root not
only in financial management but also in governance, strategic and operational decision-making
processes, and in programme design and reporting (including human resources and data
management). Thus, fit-for-purpose prevention, detection and response actions need to be taken in
all these areas, in order to advance WHO’s work and achieve the global health outcomes set out in
the WHO General Programme of Work and the United Nations’ Sustainable Development Goals
(UNSDG).

2
Accountability Framework: https://intranet.who.int/homes/cre/documents/accountability_framework.pdf.
3 Junior Professional Officer (JPOs) and individuals on loan from other entities are also bound by this policy.
5
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

13. Zero tolerance for inaction. WHO takes a zero-tolerance approach to fraudulent and corrupt
practices, which means that the Organization maintains a clear and firm stance in responding to all
detected instances of such practices. This includes taking timely actions on substantiated cases of
fraudulent and corrupt practices, such as disciplinary action, recovery of funds, termination of
contractual relationships, referral to law-enforcement, administrative and judicial authorities at
national level, debarment and other compensatory or sanction mechanisms, as deemed relevant and
applicable by WHO.

14. Accountability and transparency. The WHO mission, values and accountability principles set the
strategic direction for the WHO approach to preventing, detecting and responding to fraudulent and
corrupt practices. Anti-fraud and anti-corruption measures build on the WHO accountability
framework and the principles of responsibility and transparency.

15. Strong engagement with Member States and relevant stakeholders. WHO recognizes that
managing the risk of fraudulent and corrupt practices is a collective responsibility of all global health
stakeholders that requires strong collaboration for building robust and sustainable health systems.

16. Alignment with international anti-fraud and anti-corruption norms and practices. In
implementing this policy, WHO will align, as appropriate, with existing best practices, as set out in
international conventions (such as the United Nations Convention against Corruption), as well as with
international professional standards of risk management and compliance.

5 Definitions

17. The terms fraud and corruption are commonly used to describe a wide variety of prohibited practices.
Fraud and corruption do not necessarily bring immediate financial or other direct or indirect benefit
for the individual(s) committing them, but may cause financial, operational or reputational damage
to WHO. The following definitions apply to terms as they are used in the context of this policy and
override other definitions that may be included in other WHO documents.

The following practices will be referred to in this policy as “fraudulent or corrupt practices” or
“prohibited” practices:

a. Fraud or fraudulent practice is any act or omission, including any misrepresentation, that
knowingly misleads, or attempts to mislead, a party to obtain any financial or other benefit or
to avoid an obligation, whether for oneself or for others.

b. Corruption or corrupt practice is the offering, giving, receiving or soliciting, directly or
indirectly, of anything of value to influence improperly the actions of another party. It may
reflect an abuse of power or improper use of resources for private gain.

c. Theft or misappropriation is the unauthorized taking of anything of value that belongs to
another party.

d. Collusive practice is an arrangement between two or more parties designed to achieve an
improper purpose, including improperly influencing the actions of another party. To avoid any
doubt, this includes, without limitation, any arrangement involving covered parties that is
intended to override this policy and WHO’s framework to prevent fraud and corruption (see
Annex 1), or may have that effect or result.

6
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

e. Coercive practice is impairing or harming, or threatening to impair or harm, directly or
indirectly, any party or the property of the party to influence improperly the actions of a party.

f. Obstructive practice is deliberately destroying, falsifying, altering or concealing evidence
relevant to an investigation or making false statements to investigators in order to materially
impede an investigation into allegations of corrupt, fraudulent, coercive, or collusive practice;
and/or threatening, harassing or intimidating any party to prevent it from disclosing its
knowledge of matters relevant to the investigation or from pursuing an investigation; or acts
intended to materially impede the exercise of investigation and audit rights or failing to comply
with the duty to report as defined in the WHO Whistleblowing and Protection Against
Retaliation Policy,4 or under relevant obligations of this policy, including paragraph 32.

g. Money laundering is the conversion, transfer, acquisition, possession or use of property by
any party who knows, or who may be reasonably presumed to know, that such property is
derived from criminal activity or from participation in such activity, including the concealment
or disguise of the true nature, source, location, disposition, movement, rights with respect to,
or ownership of, such property, or aiding, abetting and facilitating such acts.

h. Financing of terrorism is the provision or collection of funds, by any means, directly or
indirectly, with the intention that they should be used, or in the knowledge that they are or
will be used, in full or in part, to benefit individuals and entities subject to sanctions imposed
by the United Nations Security Council and appearing on the United Nations Security Council
Consolidated List.5

Examples of fraudulent and corrupt practices are presented in Annex 2.

18. In addition, the following definitions apply to this policy.

a. Credible allegations are allegations or suspicions under the scope of this Policy that, if
substantiated, would establish the existence of fraudulent or corrupt practices resulting in
financial, operational losses or reputational damage to the Organization or its interests, and
that provide sufficient detail or supporting factual basis (i.e. sufficient, plausible, and accurate
information) for the matter to be pursued responsibly.

b. Conflict of interest occurs when private interests (financial, personal, or other non-WHO
interest or commitment) interfere, or could appear to interfere, with the ability of a covered
party to act impartially, to discharge their functions or obligations and to regulate their conduct
with the interests of WHO only in view.6

6 Anti-fraud and anti-corruption cycle: prevention, detection, response

19. To be effective, the anti-fraud and anti-corruption approach in WHO needs to be implemented as a
comprehensive cycle of prevention, detection and response actions supported by clearly defined roles
and responsibilities.

20. WHO recognizes the importance of ensuring that sufficient resources are available to effectively
implement the activities related to this cycle and described below.

4
https://www.who.int/about/ethics/whistleblowing-and-protection-against-retaliation
5
United Nations Security Council consolidated list. New York: United Nations (https://www.un.org/securitycouncil/content/un-
sc-consolidated-list).
6
WHO Code of Ethics and Professional Conduct, see Annex 1.
7
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

6.1 Prevention

21. As part of its activities, WHO implements, maintains and continuously enhances a fit-for-purpose,
risk-based, anti-fraud and anti-corruption framework that fosters prevention of prohibited practices
and includes:
policies and procedures (including an up-to-date accountability framework);
mandatory induction, training and refresher courses for staff to raise awareness of the potential
fraud and corruption schemes and the related risks (i.e. financial, operational, technological,
etc.);
strong internal controls, including fit-for-purpose, risk-based preventive measures such as (but
not limited to):
o access controls and audit trails - appropriate technical and physical mechanisms to protect
and safeguard assets and records;
o effective automated preventive controls integrated into information systems (ideally
combining automation and advanced technologies during their design) to minimize
reliance on manual performance of controls;
o effective segregation of duties to minimize opportunities for inappropriate assignment or
accumulation of incompatible functions;
o risk-based due diligence processes – rigorous selection procedures for hiring WHO staff
and collaborators and for contracting with third parties;
o regular monitoring of the performance of third-party entities such as vendors, contractors,
grant recipients and technical partners through performance assessments and feedback
mechanisms;
effective fraud and corruption risk assessment processes:
o addressing root causes of fraudulent and corrupt practices (e.g. dynamic consideration of
actual or perceived conflict of interest, unclear flows of funds, of products or of data)
o commensurate with the size and complexity of activities or material changes in the way
these activities are implemented;
o that are subject to periodic updates (at least once a year) to improve resilience;
advocacy and communication, including the communication of disciplinary measures taken;
effective reporting mechanisms to encourage the reporting of all suspicious activity for
consideration by the appropriate authority;
adapted anti-fraud and anti-corruption legal clauses for contractual relations with covered parties;
coordination and collaboration with the UN system and other international organizations and
systems.

22. Fraud and corruption prevention and mitigation measures will be implemented at all levels of the
Organization in accordance with WHO’s accountability framework and will be monitored regularly to
ensure that fraud and corruption risks are effectively managed.

6.2 Detection (and reporting)

23. All covered parties are expected to take an active role in detecting prohibited practices. WHO will
facilitate detection and reporting by:

building fit-for-purpose detective controls into programme and project design and planning, based
on appropriate fraud and corruption risk assessments;
establishing appropriate supervisory mechanisms with clear reporting lines;
use of data analysis to detect potential anomalies and exceptions;

8
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

regularly monitoring programme results through compliance reviews, internal control
assessments, audits and other assurance activities.

24. Suspicions of fraud or corruption and related allegations, made in good faith, must be reported. One
of the following channels should be used:
Staff members should report their concerns to the Office of Internal Oversight Services (IOS) in
WHO Headquarters, or to the Director of Business Operation Services (BOS)/Director of
Administration and Finance (DAF) in the regional offices, or the Comptroller / Director of Finance
at Headquarters or through WHO's Integrity Hotline. 7
Individual collaborators and other covered parties should report suspicions of fraud or corruption
through the Integrity Hotline, or through other similar complaint mechanisms applicable to their
situation.

People reporting such allegations are protected against retaliation as provided under paragraph 32.

6.3 Response

25. WHO will take corrective measures when the Organization is exposed to fraud or corruption. Fraud
or corruption is established when the facts have been found to corroborate the allegations raised
through an authorized investigative processes or by law-enforcement, administrative and judicial
authorities at national level.

26. The Office of Internal Oversight Services (IOS) will assess the reports of concern received, and under
the full authority of the Office decide on and authorize the investigative actions to be taken. Within
WHO, IOS has exclusive authority to perform, manage, or authorize others to perform or manage
investigations. Internal administrative investigations will be conducted with full respect for
confidentiality and due process rights, in accordance with IOS guidelines and established investigative
processes and WHO’s applicable rules and procedures.

27. WHO will respond to substantiated cases of fraudulent or corrupt practices by taking appropriate and
timely corrective measures, which may include: disciplinary action, recovery of funds, withdrawal of
benefits, termination of contractual relationships with covered parties, referral to law-enforcement,
administrative and judicial authorities at the national level, debarment (inclusion in the United Nations
ineligibility lists), and other compensatory or sanction remedies as deemed necessary and applicable
by WHO. Such action may therefore include sharing of relevant information and evidence collected,
with third parties, in line with WHO’s policies, procedures and relevant contractual arrangements.

28. When cases of fraud or corruption are substantiated, a “lessons learnt” exercise should be conducted
to minimize the risk of similar occurrences in the future. Such an exercise may lead, for example, to
strengthening internal controls or raising awareness of staff, individual collaborators and other
relevant parties through dissemination of the lessons learnt and related sanctions taken to reinforce
a culture of integrity.

7 Key requirements, roles and responsibilities

7.1 Key requirements

29. Compliance. Adherence to this policy and the other components of WHO’s anti-fraud/anti-corruption
framework is the responsibility of every covered party, whether an individual or an entity. Covered
parties are expected to lead by example, by respecting and communicating this policy in connection

7
https://www.who.int/about/ethics/integrity-hotline
9
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

with (i) their own activities, (ii) the activities of any personnel they supervise, and (iii) where possible,
in relation to the activities of third parties with whom they work, at the outset of the engagement
and regularly thereafter. Failure to adhere to the obligations and principles set out in this policy and
the other components of WHO’s anti-fraud/anti-corruption framework may lead to the imposition of
disciplinary or other measures in the case of staff, and to actions consistent with the terms and
conditions applicable to their legal arrangements with WHO in the case of third parties.

30. Prohibition of fraudulent and corrupt practices. No covered party may, directly or indirectly,
participate, aid, abet or conspire with another party in the facilitation or commission of any prohibited
practice in connection with WHO activities. As part of its response to prohibited practices, WHO will
ensure that due process and accountability are respected when applying the corrective measures
described above.

31. Emphasis on conflict of interest. Recognizing that conflicts of interest are often at the root of
prohibited practices, WHO emphasizes the necessity for all covered parties declaring and, where
applicable, effectively managing conflicts of interest in accordance with this policy and the other
components of the WHO anti-fraud/anti-corruption framework, such as the Code of Ethics and
Professional Conduct. To this end, an annual declaration of interests by WHO staff and the
management of declarations of interest by experts and consultants8 are of critical importance.

32. Duty to report and protection against retaliation. All covered parties must promptly report all
suspected fraudulent and corrupt practices. Individuals who report in good faith cases of suspected
fraudulent and corrupt practices are entitled to protection against retaliation in accordance with the
provisions of the WHO Whistleblowing and protection against retaliation policy.9

33. Right to access. In order to conduct detection and response activities effectively, WHO must be
able to check and verify all aspects of its activities that may be exposed to the risk of fraud and
corruption. For that purpose, all covered parties must collaborate and participate in, and enable, such
verification, notably by taking all reasonable measures to facilitate access for WHO and its mandated
representatives (including WHO`s partners) to any records, individuals and sites where its activities
are implemented.

34. Communication and dissemination. All covered parties should communicate and disseminate this
policy and the components of the WHO anti-fraud/anti-corruption framework to facilitate its
implementation to relevant stakeholders. WHO may report violations of the provisions of this policy
and the other components of the WHO anti-fraud/anti-corruption framework to other UN system
organizations, applicable screening databases, Member States, donors and partners.

7.2 Roles and responsibilities

35. All covered parties need to comply with the principles enunciated in the policy and will be held
accountable for failing to do so. This includes, without limitation, the obligation not to engage in, or
contribute to, any fraudulent or corrupt practices.

36. In addition to the key requirements listed above and the specific roles and responsibilities described
in the WHO internal control framework and the other components of the WHO anti-fraud/anti-
corruption framework, the particular obligations of which are outlined below apply.

8
https://www.who.int/about/ethics/declarations-of-interest
9
https://www.who.int/about/ethics/whistleblowing-and-protection-against-retaliation
10
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

37. The Director-General and Regional Directors have overall responsibility for the implementation
of this policy and other components of the WHO anti-fraud/anti-corruption framework. Senior
management10 with delegated authority are accountable to the Director-General and the Regional
Directors for compliance with this policy and other components of the WHO anti-fraud/anti-corruption
framework. They are required to:
set the tone by emphasizing that fraud and corruption seriously undermine WHO’s values and
objectives and are not tolerated;
raise awareness of the risks of fraud and corruption through training and guidance;
ensure that managers under their supervision implement prevention, detection and response
measures as described in section 6 and that resources needed to implement those measures
are made available.

38. WHO risk management committees. While the Director-General and Regional Directors have
overall responsibility for the implementation of this policy and other components of the WHO anti-
fraud/anti-corruption framework, they are assisted in this task by a group of designated senior staff
representing key areas of WHO’s work. The WHO Global Risk Management Committee is the “owner”
of this policy and oversees its effective implementation across the Organization with the support of
the respective regional and local11 risk management committees.

39. Directors of Business Operation Services/Directors of Administration and Finance in the
regional offices and the Comptroller and Director of Finance at Headquarters, when receiving reports
of concerns, are required to:
guarantee the confidentiality of reports received;
communicate promptly all reports of concerns of fraud and corruption to the Office of Internal
Oversight Services;
ensure timely follow-up as appropriate;
advise on appropriate measures to protect WHO’s interests.

40. The Office of Internal Oversight Services carries out risk-based, value-added, timely and result-
oriented investigations of inter alia alleged fraud and corruption and other violations of WHO’s rules,
regulations and policies. In addition to preparing investigation reports on the findings, and conclusions
on cases investigated, it reports to WHO’s governing bodies on the activities conducted and issues
recommendations on addressing weaknesses in controls and processes, deficiencies in regulatory
frameworks, and on other opportunities for improvement identified in the course of its investigations.
IOS may also conduct proactive reviews and audits of areas of higher-than-normal risk, based on an
assessment of identified concerns or the existence of “red flags” of suspected inappropriate activity.
IOS informs the Director-General, the Comptroller/Director of Finance in Headquarters and, where
appropriate, the relevant Regional Directors of the outcome of its investigation and recommendations
for action, including any follow-up measures and recoveries, as appropriate. The Office administers
the Integrity Hotline and maintains an email ([email protected]) to receive directly from
individual staff members or other parties, complaints or information concerning the possible existence
of fraud, waste, abuse of authority or other irregular activities.

41. The Human Resources and Talent Department (HRT) in WHO Headquarters and individuals in
human resources roles in regional and country offices are responsible for ensuring (i) that any
administrative or disciplinary measures resulting from investigations have been duly implemented, (ii)
that information on possible interim measures 12 is shared with the Director-General, the

10
Executive directors, assistant directors-general, WHO representatives and directors.
11
At country, division or programme level, as relevant.
12
“WHO recognizes that interim measures may be required … to ensure the integrity of the investigation and any evidence, to
prevent the occurrence or repetition of prohibited conduct, or to prevent retaliation. Interim measures may also be necessary to
11
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

Comptroller/Director of Finance in Headquarters and the relevant Regional Directors, where and as
appropriate; and (iii) that Anti-fraud/Anti-corruption training requirements for all staff is included in
WHO`s mandatory training programme and related monitoring mechanisms.

42. The Office of Compliance, Risk management and Ethics (CRE), in collaboration with the
regional network of compliance and risk management focal points, assists the risk management
committees in implementing and monitoring compliance with the policy. The risk management and
compliance function in regions is fulfilled by risk and compliance focal points in each major office
and/or risk and compliance advisers in major risk areas or complex contexts.
The compliance and risk management network (i) provides guidance, support and training in anti-
fraud and anti-corruption matters to departments, divisions and country offices, in close collaboration
with departments of the Division of Business Operations Services (which includes Finance, Human
Resources and Talent Management, Procurement and Supply Services, Security and Information
Technology services) and any other relevant technical divisions and (ii) addresses the risk of Fraud
and corruption in its compliance activities.
Through its ethics function, CRE: (i) administers the ethics office email ([email protected]),13 and
the implementation of the Policy on Whistleblowing and Protection against Retaliation and – in
collaboration with the Human Resources and Talent Department – the Policy on Preventing and
Addressing Abusive Conduct; (ii) provides confidential advice to parties reporting suspected unethical
behaviour; (iii) makes recommendations for protection against retaliation as applicable; and (iv)
provides guidance and advice in the management of conflicts of interest of individuals.

43. WHO staff and individual collaborators are required to:

understand the exposure to fraudulent and corrupt practices across their range of
responsibilities;
exercise due care in managing the funds, resources and assets of WHO, by applying adequate
preventive, detective and response measures in their activities in line with the risk
management and internal control mechanisms included in WHO’s anti-fraud/anti-corruption
framework;
comply with mandatory anti-fraud and anti-corruption training requirements as applicable;
promptly report all suspected fraudulent and corrupt practices, in accordance with the
requirements of section 6 of this policy.

44. Other covered parties are required to take all necessary measures to prevent, detect and report
any fraudulent or corrupt practices when engaging with WHO in compliance with applicable WHO
policies (including this policy) and must comply with the terms of their respective agreements with
WHO and/or any applicable WHO regulations. In particular, these other covered parties must:
promptly report to WHO, through the Integrity Hotline or directly to IOS, any actual,
presumed or suspected fraud and/or corruption of which they become aware; and
in consultation with WHO, make every effort to recover all funds determined to have
been diverted through fraud or corruption and return any recovered funds to WHO. Any
resources found to have been misused by covered parties for any fraudulent or corrupt
practices shall be repaid to WHO without delay.

Furthermore, covered parties who are legal entities must:
adopt and enforce robust anti-fraud and anti-corruption policies and procedures
incorporating the principles contained in this policy, and apply them to WHO activities;

protect the interests of WHO, including the effective functioning of an office.” Preventing and addressing abusive conduct.
Chapter 11. Geneva: World Health Organization; 2021.
13
Allegations of fraud and corruption received by the ethics office are referred to IOS.
12
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

include appropriate provisions in their agreements with employees, contractors and
implementing partners relating to WHO activities to strengthen the prevention, detection
and reporting of actual, presumed or suspected fraud and corruption; and
in consultation with WHO/IOS agree on the entity responsible for conducting an
investigation of allegations of prohibited practices. If the investigation is not conducted
by IOS, IOS will be kept regularly informed of the progress, and the outcome, of the
investigation by the investigating entity, including on any proposed actions therefrom, in
accordance with the respective Organization’s relevant rules, policies and procedures.

45. The Independent Expert Oversight Advisory Committee (IEOAC), an independent
committee established by the Executive Board of WHO, reviews the systems established and
measures taken by the Organization to prevent, detect and respond to fraud and corruption, and
provides advice on the adequacy of WHO’s internal controls and enterprise risk management
systems to the Programme, Budget and Administration Committee and the Executive Board.

46. WHO Member States that are signatories to the UN Convention Against Corruption14 are committed
to addressing the risks of fraud and corruption by advancing collective efforts in the areas of
“preventive measures, criminalization and law enforcement, international cooperation, asset recovery,
and technical assistance and information exchange”. In this context, the signatories to the Convention
are expected to provide mutual legal assistance in investigations, prosecutions and judicial
proceedings in relation to the offences covered by the Convention.

8 Review of this policy

47. This policy will be reviewed and updated when required at least every 5 years, taking into account
lessons learned from monitoring the implementation of the policy, any changes in the structures,
complementary policies, and context of WHO that would impact the policy.

14
United Nations Office on Drugs and Crime. United Nations Convention against Corruption. New York: United Nations; 2004
(http://www.unodc.org/unodc/en/treaties/CAC/).
13
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

Annex 1. WHO Policies and documents included in WHO’s anti-fraud/anti-corruption
framework (chronological order)

Internal control framework (2013)
WHO accountability framework (2015)
WHO Corporate Risk Management Policy (2015)
WHO whistleblowing and protection against retaliation. Policy and procedures (2015)
WHO Code of Ethics and Professional Conduct (2017)
WHO Policy on Misconduct in Research. Policy and procedures (2017)
WHO procurement handbook (2018)
WHO Policy on Preventing and Addressing Abusive Conduct (2021)
WHO Policy Directive on Protection from sexual exploitation and abuse (SEA), (2022) and related Policies
and procedures
WHO Investigation process (2006)
UN Supplier Code of Conduct

Policies and guidelines relevant to WHO staff:
o WHO eManual XII.10. Fraud policies and reporting of suspected fraud
o WHO eManual I.6.2. Office of Internal Oversight Services
o WHO eManual III.1. Duties, obligations and privileges
o WHO eManual III.11. Conduct, administrative leave, disciplinary and non-disciplinary
measures
o WHO eManual III.12. Informal and formal resolution of disputes
o WHO eManual III.10.14. Termination for misconduct
o WHO eManual VI.1.2. Principles of WHO procurement
o WHO eManual III.1.2. Declaration of Interests
o Staff Rules 110.7.1 and 110.7.2
o Other policies and procedures in the WHO eManual and standard operating procedures,
including within the areas of procurement, finance, cash management, programme
implementation and human resources
o Information note 08/2021: Preventing and addressing abusive conduct and procedures
concerning harassment, sexual harassment, discrimination, and abuse of authority

Any policy or procedure update superseding the above mentioned components of the WHO’s anti-fraud/anti-
corruption framework are also considered part of the said framework.

14
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

Annex 2. Examples of conduct constituting fraud or corruption

As defined in this policy, fraudulent and corrupt practices, also known as prohibited or illicit practices may
involve, but are not limited to the following:

a. bribery, kickbacks, facilitation payments or economic extortion;

b. embezzlement, misappropriation or other financial irregularities;

c. informed non-payment by staff of any monies due to the Organization (indebtedness), such as
reimbursement of personal telephone calls, overpayment of per diem payments, salary advances, etc.

d. health product substitution and counterfeiting (including but not limited to active pharmaceutical
ingredients and medical equipment), such as by falsifying representation of product identity, source
or marketing authorizations or registrations needed to operate in the market; or modifying packages
to intentionally supply medical products and medical devices that do not conform to applicable
standards;

e. inappropriate use of delegated authority;

f. intentional mishandling or breach of WHO’s contractual obligations and relations with third parties;

g. forgery or alteration of any financial or official document (e.g. cheques, time sheets, agreements,
financial reports and audits);

h. misrepresentation or manipulation of any information arising from or relating to WHO activities
(including any official technical documents, such as performance data, plans, proposals);

i. misrepresentation, forgery, or false certification in connection with any official claim or benefit,
including failure to disclose a fact material to that claim or benefit;

j. intentionally or recklessly breaching confidentiality obligations, including with regard to personal data
or information, or other sensitive/confidential data or information; and/or failing to implement
adequate information security measures appropriate for the data or information in question in
accordance with WHO’s policies and procedures on information security and confidentiality and
personal data protection;

k. intentionally engaging in unethical behaviour in clinical research, such as failing to obtain informed
consent of a patient/individual with a patient-centered approach or failing to enforce appropriate
clinical practice standards;

l. intentionally breaching intellectual property rights of third parties;

m. impropriety in the handling, recording or reporting of money or financial transactions;

n. irregular use of the Organization's assets (including office supplies, letterhead, official vehicles, etc.);

o. committing cyber-dependent crime, such as participating in ransomware, malware or social-
engineering activities;

p. contravention of any regulations, rules, policies or procedures;

15
 WHO Policy on Prevention, Detection and Response to Fraud and
Corruption

q. unauthorized acceptance of honours, gifts or remuneration, seeking or accepting anything of material
value from contractors, vendors or persons providing services or goods to WHO;

r. intentionally not declaring annual or sick leave taken;

s. encouraging, concealing, conspiring or colluding in any of the above actions.

The above list is intended to be illustrative and is not exhaustive.

16