Protecting the EU budget – Better use of blacklisting needed

Executive summary

I The EU and the Member States are jointly responsible for protecting the EU’s financial interests with respect to EU funds. “Blacklisting” (or exclusion) is a key tool that international bodies and national authorities use to protect their public finances. The objective is to avoid entering into financial agreements with untrustworthy counterparties, such as those involved in fraud, corruption, professional misconduct, money laundering, or non-payment of taxes. In 2020, the EU paid out around €150 billion under financial agreements. Since 2016, the Commission has been responsible for operating the Early Detection and Exclusion System (EDES) for the quarter of EU spending (€39 billion) that it manages directly or indirectly through implementing partners in line with the EU’s financial rules. For the three quarters of EU spending involving national authorities (€111 billion), Member States have to follow exclusion-related obligations but they are not required to set up exclusion systems or databases per se.

II The aim of this audit was to assess whether exclusion is being used effectively to protect EU funds from untrustworthy counterparties. We focused primarily on assessing whether the EDES has been operating effectively in direct and indirect management. In particular, we examined the effectiveness of EDES’ exclusion situations, exclusion procedures, blacklist of excluded counterparties, and arrangements for identifying counterparties in exclusion situations. As regards shared management, we selected four Member States to review their exclusion arrangements and to identify good practices. We carried out the audit with a view to contributing to the Commission’s proposals for revising the EU’s financial rules and its plans for enhancing the use of digital tools and data to protect the EU’s financial interests.

III We concluded that exclusion is not being used effectively to protect EU funds from untrustworthy counterparties. Although the EDES has a broad range of exclusion situations and robust decision-making procedures, the Commission services have recorded few exclusions in the system due to shortcomings in the arrangements for identifying counterparties in exclusion situations. In shared management, where EDES does not apply, Member States’ differing approaches undermine the overall effectiveness of using exclusion to protect the EU budget.

IV As regards direct management, we found that the EDES has a broad scope of application and a robust exclusion procedure, based on a central assessment of cases by an independent panel that ensures consistent and fair treatment of counterparties. However, shortcomings in the arrangements for identifying counterparties in exclusion situations have contributed to the low level of exclusions. In particular, responsibility for exclusion is fragmented and Commission departments face legal and technical difficulties in accessing Member State data on exclusion situations, such as business registers and criminal records. Even where relevant data exists at EU level, for example relating to fraud investigations, it is not always used or usable. In practice, the Commission places a high degree of reliance on declarations on honour from EU counterparties regarding the absence of an exclusion situation. In this context, we found limited central monitoring and oversight of the identification and registration of EDES cases and further opportunities to promote the use of the EDES and champion data sharing and digital tools.

V As regards indirect management, we found that implementing partners have made a small contribution to the number of exclusion cases registered in EDES. This is largely explained by the same factors that apply in direct management. Other contributory factors include agreements with implementing partners not covering all exclusion situations and implementing partners not being allowed to exclude counterparties before a final judgement or administrative decision. We also found that the Commission has been slow to complete its assessment of implementing partners’ exclusion arrangements.

VI As regards shared management, which mostly covers agricultural and cohesion spending and is not covered by the EDES, our visits to four Member States highlighted considerable differences of approach to exclusion, which contribute to an unevenness in the protection of EU funds. We also found that some Member States could make better use of EU level data and tools, including data on fraud and irregularities, and the data-mining and risk-scoring tool, Arachne. Finally, we found that the Commission lacks the overview of Member States’ exclusion systems and available data necessary to develop a strategy for improving its own ability, and that of implementing partners and Member State authorities, to identify counterparties in – or at risk of being in – an exclusion situation.

VII We recommend the Commission to:

• extend further the range of exclusion;
• strengthen the implementation of the EDES;
• improve the monitoring of the EDES under indirect management;
• extend the EDES to shared management;
• make better use of data and digital tools for exclusion purposes.

Introduction

EU and Member State responsibilities for protecting the EU budget

01 In 2020, the EU paid out around €150 billion¹ under financial agreements. The agreements mainly cover grant awards, contracts for work, goods or services, and financial instruments, such as loans, guarantees or equity investments. Counterparties to the agreements range from private individuals, such as farmers and researchers, to large entities, such as commercial enterprises, municipalities and non-governmental organisations.

02 The Commission has overall responsibility for managing the EU budget. In 2020, the Commission implemented around 19 % of operational spending (€28 billion) under agreements directly through its own directorates-general and other departments and a further 7 % indirectly (€11 billion)², through selected “implementing partners”, such as the European Investment Bank (EIB) Group. Member State authorities are involved in implementing the remaining 74 % (€111 billion) of annual EU spending through what is known as “shared management”, which mostly covers agricultural and cohesion spending.

03 The Commission delegates responsibility for managing the EU budget in the various policy areas to “authorising officers” in its departments (directorates-general)³. Their duties include signing financial agreements with the EU’s counterparties (under direct management)⁴ or with implementing partners (under indirect management) to entrust them with signing agreements with counterparties on the Commission’s behalf. In shared management, Member States’ managing authorities and paying agencies are responsible for entering into agreements with counterparties.

04 Under EU law, the Commission, implementing partners and Member State authorities must protect the EU budget from fraud and irregularities⁵. To this end, they are required to put in place effective control systems⁶. Member States must take the same measures to counter fraud affecting the EU’s financial interests as they take to counter fraud affecting their own financial interests⁷. The Commission is responsible for ensuring a similar level of protection in all types of management arrangement ­ direct, indirect and shared⁸.

Excluding untrustworthy counterparties from receiving funds

05 Exclusion (or “debarment”) is an important tool that organisations, such as international bodies and national authorities, use to prevent untrustworthy counterparties from applying for and receiving grants or government contracts. The key elements of an organisation’s exclusion system⁹ include:

• a “blacklist” of counterparties excluded from entering into financial agreements with the organisation;
• a set of grounds for excluding a counterparty, such as professional misconduct, fraud, corruption, money laundering, or unpaid taxes (“exclusion situations”);
• a process for adding and removing counterparties to and from the blacklist (“exclusion procedure”);
• arrangements for checking whether counterparties are in an exclusion situation, including use of the blacklist.

06 Figure 1 illustrates the relationships between the key elements of an exclusion system.

07 In effect, the blacklist enables financial managers in one part of an organisation to rely on checks previously carried out on a counterparty by financial managers in other parts of the same organisation. Publication of the names of excluded counterparties extends this benefit to financial managers in other organisations and provides a deterrent effect. The US federal government and the World Bank Group have long used blacklisting and they provided inspiration for the EU budget’s exclusion system. Box 1 provides an overview of the US federal government exclusion system implemented by US federal agencies.

The EU legal framework for exclusion

08 Preventing funds from going to counterparties that are not permitted to receive them is a prerequisite for the protection of the EU’s financial interests¹⁰. The EU’s financial rules (the Financial Regulation)¹¹ require the Commission to set up and operate an early-detection and exclusion system (EDES) for EU funds spent under direct and indirect management. The Commission set up the EDES in 2016.

09 The Financial Regulation provides for excluding and/or financially penalising counterparties found to be in an exclusion situation¹² (Box 2). In severe cases, the name of the counterparty may be published as a deterrent¹³.

10 The Commission’s authorising officers are responsible for identifying excludable counterparties and registering¹⁴ exclusion cases in the EDES database (the “blacklist”). The exclusion procedure to be followed depends on the type of exclusion situation. Authorising officers should directly exclude counterparties for bankruptcy or insolvency as well as for non-payment of taxes or social security contributions based on final judgements or administrative decisions.

11 In other exclusion situations, the authorising officer should send a request for exclusion to the EDES panel. This body is composed of an independent chair, two permanent members designated by the directorate-general for budget, and a representative of the authorising officer making the exclusion request. It is tasked with assessing established facts and findings, and, where there is no final judgement or administrative decision, making a “preliminary classification in law”¹⁵.

12 The EDES panel¹⁶ assesses the cases referred to it by authorising officers and issues recommendations on whether to exclude, financially penalise and/or publicise the name of the counterparty¹⁷. The panel is also responsible for protecting counterparties’ fundamental rights, including the “right to be heard”. After receiving the panel’s recommendation, the authorising officer that registered the case is responsible for taking a final decision on sanctioning the counterparty.

13 Early detection aims to alert the community of authorising officers to risky counterparties¹⁸. Authorising officers should register a counterparty under the early detection mechanism, if they presume it is in an exclusion situation but need to collect the necessary evidence to make an exclusion. They should notify the counterparty, unless doing so would compromise an ongoing investigation. A counterparty flagged as an early detection case may continue to apply for and receive EU funds. Early detection cases should not stay open for longer than one year. To extend the period, the authorising officer responsible should refer the case to the panel.

14 The EDES is currently the only exclusion system operating at EU level. Although Member States are required to set up control systems in shared management to protect the EU’s financial interests, EU law does not require Member States to establish exclusion systems per se¹⁹. Figure 2 highlights the part of the EU budget covered by the EDES.

Audit scope and approach

15 The purpose of this audit was to assess whether exclusion is being used effectively to protect EU funds from untrustworthy counterparties. The audit covered the period 2016-2020.

16 We focused primarily on assessing whether the EDES operated effectively in direct and indirect management. In particular, we assessed whether the EDES:

• exclusion situations provide sufficient scope to exclude untrustworthy counterparties;
• exclusion procedure provides for robust decision making regarding counterparties identified to be in an exclusion situation;
• database of excluded counterparties (the “blacklist”) contains adequate names to make a significant contribution to protecting the EU’s financial interests;
• arrangements for identifying counterparties in exclusion situations are adequate.

17 We collected and analysed information on the operation of EDES from:

• two Commission departments responsible for authorising operational expenditure in direct management – Research Executive Agency (REA) – and indirect management – the Directorate-General for International Partnerships (DG INTPA);
• two Commission departments with cross-policy area responsibilities for protecting the EU’s financial interests –Directorate-General for Budget (DG BUDG) and the European Anti-Fraud Office (OLAF);
• the main partners in indirect management that are responsible for implementing EU financial instruments, namely the European Investment Bank (EIB), the European Investment Fund (EIF) and a selection of its financial intermediaries in four Member States (Estonia, Italy, Poland and Portugal).

18 We compared the EDES to the exclusion systems of the US federal government and the World Bank Group, which we visited in February 2020. In addition, we analysed and cross-checked information on counterparties and exclusion situations in the EDES, the EU accounting system and other EU level databases, national data sources, and a commercially available compliance data tool²⁰

19 As regards shared management, we reviewed the arrangements in four Member States (Estonia, Italy, Poland and Portugal), which we selected to reflect the diversity of approach with respect to the management of public funds. For each of these Member States, we selected one paying agency and one managing authority responsible for agricultural and cohesion spending. Due to the COVID-19 outbreak, we relied on analysis of official documents, written responses from Member State authorities to our questions about their use of exclusion, and remote interviews with officials at those authorities. We also collected and analysed information on exclusion in shared management from the main Commission departments involved, namely the directorates-general for agriculture and rural development, regional and urban policy and employment, social affairs and inclusion. We also used the compliance data tool to screen a stratified sample of counterparties in shared management for possible exclusion situations.

20 We carried out this audit with a view to contributing to the Commission’s proposal for revising the Financial Regulation in 2022 and its plans for enhancing the use of digital tools and data to protect the EU’s financial interests by making available an integrated and interoperable information and monitoring system covering all beneficiaries of EU funds²¹.

Observations

Direct management: despite some strengths of the exclusion system, shortcomings limit its effectiveness

The Commission’s exclusion system has a broad scope and robust exclusion procedures

The EDES covers a broad range of counterparties, types of financial agreement, and exclusion situations

21 To maximise its utility, we would expect an effective exclusion system to apply to all types of potential counterparty, cover all types of financial agreements, and include a comprehensive list of exclusion situations.

22 We found that exclusion applies to all types of EU counterparties that are eligible to apply for and receive funds. However, the possibility of excluding related parties, such as affiliates, beneficial owners, and responsible managers (where they are not themselves recipients of EU funds) are relatively limited under the Financial Regulation²².

23 We also found that, since the 2016 revision of the Financial Regulation, exclusion situations apply to all types of financial agreements, notably contracts, grants, prizes, and financial instruments.

24 Lastly, we found that the Financial Regulation provides for a broad range of exclusion situations, comparable to those used by the US federal government. We noted only one significant difference: EU financial rules do not provide for excluding counterparties having debts towards the EU budget; however, authorising officers can mitigate the risk by offsetting any debts against future payments, so exclusion is not necessary.

The EDES’s procedures provide for robust decision-making on exclusion

25 We would expect a robust procedure for adding and removing counterparties to ensure that decisions on exclusion are valid, consistent, fair and proportionate. Table 1 provides an overview of our comparison of EDES with the US exclusion system. The World Bank Group exclusion system shares features with the EDES and the US exclusion system.

26 We found that the EDES has robust decision-making procedures on exclusion. The validity of decision-making is assured by reliance on final judgments or administrative decisions. In addition, in the absence of a final judgement or final administrative decision (which might take months or even years), the Financial Regulation allows for excluding counterparties, where the EU’s financial interests are at significant risk and the available facts or findings are sufficient to support an exclusion decision. In such circumstances, the authorising officer responsible must refer the case to the EDES panel.

27 As in the US system, the Financial Regulation requires counterparties to be given prior notification and an opportunity to make observations before an exclusion decision is taken. The EDES panel considers counterparties observations alongside the facts and findings provided by authorising officers and issues recommendations. The panel’s assessment procedure protects the fundamental rights of counterparties, such as the right to be heard²³.

28 From 2016 to 2020, authorising officers referred 98 cases to the panel. The panel made 57 recommendations – 43 to exclude and 14 not to exclude the counterparty concerned²⁴. The remaining 41 referrals included cases withdrawn by the authorising officer due to a change in circumstances, cases where the panel was not in a position to make a recommendation, and ongoing cases. Since 2016, authorising officers have always chosen to follow the panel’s recommendations²⁵. The panel’s composition and experience in carrying out central assessments of exclusion cases help ensure consistent decision-making. The team of DG BUDG officials that provides administrative support to the EDES panel also helps ensure consistency by advising authorising officers in other departments regarding whether to refer cases.

29 Once the responsible authorising officer has taken an exclusion decision, other authorising officers are required to respect it until the counterparty has completed the exclusion period. In addition to being able to access the EDES database, departments can check directly in Commission’s accounting system whether a counterparty is listed in the EDES database before entering a new financial commitment. Counterparties automatically cease to be blacklisted in the EDES at the end of their exclusion period. Authorising officers may also request the panel to revise a recommendation on exclusion to take account of new facts or circumstances – for example, once the relevant authority has reached a final judgment or administrative decision, or the counterparty has taken remedial action.

The EDES “blacklist” contains few excluded counterparties

30 The utility of a “blacklist” largely depends on its size and scope, which are mainly determined by other key elements of the exclusion system (see Figure 1 above):

• the range of counterparties, types of financial agreement, and exclusion situations covered;
• the operation of the exclusion procedure; and
• the arrangements made for checking whether counterparties are in an exclusion situation, which provide the main input for the exclusion procedure.

31 We analysed the data on exclusion cases registered in the EDES database during the period 2016-2020. In all, the EU blacklist named 448 excluded counterparties as at 31 December 2020, 430 because of insolvency and bankruptcy and 18 related to other reasons. Insolvent and bankrupt counterparties present little further risk to the EU’s financial interests, as they are unlikely to apply for further EU funds²⁶. Only two cases related to fraud and corruption. Figure 3 provides an overview of exclusions by type of situation.

32 The EU excludes very few counterparties compared to the US federal government and the World Bank. Adjusting for the amount of funds involved, we estimate that the US federal government excludes over fifty times more counterparties than the EU does under the EDES (Table 2). While there are significant differences in the budgets and counterparties of the US government and World Bank compared to the EU, the relatively low exclusion rate for EDES indicates that there may be shortcomings in the EU’s arrangements for identifying counterparties in exclusion situations.

33 The US federal government publishes all exclusions. Under the Financial Regulation, publication is considered to be an additional sanction that must be applied proportionately. As at 31 December 2021, the online EDES database²⁷ listed seven counterparties.

34 We found that counterparties, once excluded, are unlikely to receive further EU funds in direct management. We compared the list of excluded counterparties in the EDES to the list of all open financial commitments registered in the Commission’s accounting system. We did not identify any cases of authorising officers entering into new financial commitments with excluded counterparties.

Shortcomings in the arrangements to check exclusion situations limit the EDES’ effectiveness

35 While the EDES has a broad scope and a robust exclusion procedure, there are a number of shortcomings in the arrangements for identifying counterparties in exclusion situations, which have significantly contributed to the relatively low exclusion rate (see sub-sections below, paragraphs 36-63).

Responsibility for identifying excludable counterparties is fragmented within the Commission

36 In line with its decentralised governance model for financial management, the Commission has delegated the authority to make exclusion decisions to its authorising officers. However, the actual task of checking whether counterparties are in an exclusion situations is usually carried out by “authorising officers by delegation”, multiple staff in each department, who are responsible for making budgetary and legal commitments and authorising payments.

37 The large number of officials potentially involved raises the risk of inconsistent approaches to identifying whether counterparties are in an exclusion situation. Five departments, responsible between them for managing around 50 % of the funds under direct management, accounted for around 80 % of all cases (including bankruptcy cases), with nearly half of all cases registered by the department and executive agency responsible for research and innovation spending (DG RTD and REA). Figure 4 shows EDES cases by Commission department. Looking only at situations not involving bankruptcy and insolvency, we found that 17 of the Commission’s 56 departments and executive agencies registered exclusion cases from 2016 to 2020. Thirty-nine of the Commission’s departments and executive agencies have never registered a non-bankruptcy exclusion case in the EDES.

38 In this context, we note that the Commission’s Internal Audit Service (IAS) reported in 2019²⁸ that the Commission lacked a systematic approach to checking whether counterparties are in an exclusion situation and should be subject to the exclusion procedure. We found that the departments we reviewed have no staff specialised in, or exclusively tasked with, checking counterparties for exclusion situations and registering cases in the EDES. The IAS also reported a general lack of awareness about EDES across the Commission. In response to the report, the Commission has been carrying out training and awareness raising activities, including on the tools authorising officers’ must use to identify and report counterparties in exclusion situations.

39 The fragmentation of responsibility for identifying counterparties in exclusion situations is also apparent with regard to cases of suspected fraud against the EU budget. In such cases, the responsible authorising officer is required to notify OLAF of the suspected fraud and should check whether or not to register an early detection case in the EDES. OLAF is responsible for carrying out investigations and communicating their results in a report with recommendations. However, OLAF is not explicitly required to recommend registering an early detection or exclusion case. The responsible authorising officer should take account of OLAF’s recommendations in general²⁹ and should check whether or not to refer the case to the panel if the OLAF investigation confirms fraud.

40 We found that there were no clear guidelines or procedures regarding OLAF making recommendations to authorising officers about registering cases in the EDES. At the time of the audit, OLAF was revising its procedures for making recommendations and monitoring their implementation. OLAF was also working with DG BUDG on new instructions for the drafting of EDES-related recommendations. In addition, although OLAF specifies in its report the preliminary classification in law of the facts established as required³⁰, the descriptions of the facts require further analysis and more details before authorising officers can refer an exclusion case to the EDES panel.

Commission departments face difficulties in accessing Member States’ data on counterparties

41 The Commission’s arrangements for identifying whether counterparties are in an exclusion situation often rely on access to Member States’ data, as there are no EU wide registers or records. Figure 5 highlights the main types of national data sources for a range of EDES exclusion situations³¹.

42 In direct management, authorising officers may have to deal with counterparties from a wide range of Member States and other countries. In doing so, they face major practical, legal and technical obstacles to accessing data. In general, departments with direct management responsibilities do not have privileged access to Member States’ data and so must rely on publicly available databases that may be fee-based and only accessible in the Member State’s language.

43 We found that data access varies depending on the exclusion situation and the Member State concerned. For example, access to data on bankrupt and insolvent companies is generally good. Estonia, Italy, Poland and Portugal all provided publicly available information on companies’ solvency status; however, the exact nature of the information differs from one Member State to another.

44 The arrangements for checking unpaid taxes and social security contributions also differ among the four Member States. For example, Estonia provides free, public access through its online business register on unpaid tax and social security debts over €100. Poland’s business register also provides free public information on such debts, if still unpaid 60 days after the start of a recovery procedure. In Italy, a specific authority provides a certificate on unpaid tax and social security contributions through a dedicated website but only if the requester registers their identity. In Portugal, information on unpaid tax and social security contributions is restricted to authorised users of the government’s IT platform.

45 In addition, there are legal restrictions on access to relevant criminal records. In particular, information relating to a counterparty may require authorisation from Member State authorities or even the person concerned. In some cases, a person’s criminal record is only available in the form of a certificate whose authenticity may not be readily verifiable by the Commission.

46 A further problem faced by the Commission is identifying the counterparty in the various registers. The lack of an EU unique identifier for a given company or person makes it difficult to match records from different datasets. Such unique identifiers are used in some jurisdictions, such as the US. In the four Member States we reviewed, a company’s or person’s tax identification numbers were available for use by national government offices. However, these identifiers were not published in all the relevant public registers, and so were unavailable to the Commission.

47 One way to mitigate the impact of data fragmentation and the lack of clear identifiers is to use data-mining tools. Such tools are widely used in the financial sector to identify risky counterparties. However, current commercial data-mining tools are not well adapted to the Commission’s needs as they do not cover all EU grounds for exclusion and rely on public data of uncertain quality and completeness. While such tools may bring together information relevant to early detection cases, they cannot provide the facts and findings required for exclusion in the EDES.

48 The Commission has been developing a data-mining and risk-scoring tool, primarily for audit and control purposes in shared management (paragraph 84). This tool could also be useful for direct and indirect management. However, if it is to be useful for identifying counterparties in an exclusion situation, it will need to find solutions to the practical, technical and legal barriers outlined above. This will require EU legislation to open access to existing Member State data, as well as further digitalisation, data sharing and analysis with respect to the management of EU funds.

EU-level data sources are under exploited in identifying excludable counterparties

49 The Financial Regulation provides for authorising officers to make use of a number of EU-level data sources to identify counterparties in certain exclusion situations³². Figure 6 highlights the main exclusion situations for which there are EU-level data sources. Where information from these data sources indicates a risk that a counterparty is in an exclusion situation, the responsible authorising officer should register an early detection or exclusion case³³. The sources overlap to some extent, as early detection and exclusion may result from OLAF investigations originally initiated on the basis of evidence collected during EU-level audits or other checks. We examined the use made of early detection and other sources of EU-level data in checking for exclusion situations.

Early detection

50 As early detection relates to counterparties presumed to be in an exclusion situation, we would have expected it frequently to result in exclusion. In all, there were only 90 cases of early detection closed from 2016 to 2020. Out of the 90 cases, only 15 led to exclusion, eight for bankruptcy or insolvency and seven for other reasons. Of the remaining 75 cases, 13 were closed before the one-year expiry date, with no reason recorded in the EDES database, and 62 expired automatically at the end of the one-year period. As at 31 December 2020, 11 early detection cases were open in the EDES database. The number of cases appears low given the data sources authorising officers are required to use.

51 The automatic expiry of cases after one year³⁴ may undermine early detection’s role in the monitoring of risky counterparties if it takes more than a year to receive a final court judgment or administrative decision. However, authorising officers may only extend the expiry date for cases referred to the EDES panel for exclusion³⁵.

OLAF data on fraud investigations

52 We would have expected a significant proportion of OLAF investigations to result in the counterparties involved being registered as early detection cases. We found that authorising officers register few cases in the EDES in response to OLAF investigations. Out of 257 investigations concluded by OLAF from 2016 to mid‑2020³⁶ in connection with direct management spending, 143 cases were either suspected fraud (76 cases) or irregularity (67 cases). Ten of the counterparties concerned were excluded - five for bankruptcy and five for other reasons. In addition, six counterparties were registered as early detection cases.

53 As outlined above (paragraphs 39 and 40), authorising officers receive information on the results of OLAF investigations in the form of reports. The reports are based on data held in OLAF’s case management system. It is also important for authorising officers to be aware of relevant ongoing investigations. However, data relevant to early detection and exclusion is not directly available to the Commission.

54 Since it began operating in June 2021, the European Public Prosecutor’s office (EPPO) has been responsible for investigating, prosecuting and bringing to judgment crimes against the financial interests of the EU. At the time of the audit, the EPPO was in the process of setting up its own case management system³⁷. In accordance with the EPPO regulation, information exchange on whether a counterparty is under investigation is possible between the OLAF and EPPO case management systems. In addition, the EPPO informs the Commission about the follow-up it gives on cases referred to it³⁸.

Irregularities Management System

55 The Financial Regulation also provides for authorising officers in direct management to make use of the data Member States are required to report on fraud and irregularities in shared management³⁹. Reporting is done through the Irregularities Management System (IMS), which is available to all authorising officers. They are responsible for checking whether any of “their” counterparties are listed in the system⁴⁰. In 2019, the IAS reported that the responsible departments do not systematically check the system for this information⁴¹. Our analysis produced no evidence that any of the 2 473 cases Member States reported from 2016‑2020 were registered in the EDES. However, we identified seven instances of the Commission entering into further commitments in direct management with counterparties registered in the system, but for these we found no evidence of any prior exclusion assessments. These findings indicate that better use could be made of the IMS’s data for exclusion purposes in direct management.

Audits and ex-post checks

56 The Financial Regulation also recognises audits and ex‑post checks by the ECA, the IAS, and Commission departments as potential sources of EDES cases. The ECA transmits the details of irregularities it finds to the Commission and also, in instances of suspected fraud, to OLAF and the EPPO⁴². Similarly, where Commission audits or ex‑post checks identify suspected fraud, authorising officers are required to send the information to OLAF for investigation. Authorising officers are responsible for using these data sources as a basis for early detection and exclusion cases. The Commission has made no exclusions on the grounds of irregularity despite reporting nearly 8 000 irregularities in direct management for 2016‑2020⁴³ based on ex-post checks and audits.

The Commission relies too much on counterparties’ declarations on the absence of an exclusion situation

57 In practice, due to difficulties in checking the counterparty against the main national and EU level data sources (paragraphs 41-56), the responsible Commission departments do not check each counterparty for every exclusion situation before entering into financial agreements. The Financial Regulation normally requires counterparties to declare if they are in an exclusion situation⁴⁴. For example, they may be required to declare any⁴⁵ “facts established in the context of audits or investigations” carried out by the EPPO, the ECA, OLAF or the internal auditor, or established by “any other check, audit or control performed under the responsibility of an authorising officer”.

58 Declarations on honour on the absence of an exclusion situation are required in most cases. Authorising officers may decide not to require counterparties to provide evidence to support the declaration on honour. For example, DG INTPA does not require a declaration on honour for grants under €15 000 or the submission of supporting documents for a declaration for grants under €60 000⁴⁶. For procurement contracts, authorising officers often require counterparties to provide documentary proof, or statements required under the law of their country, that they are not in an exclusion situation.

59 The Commission’s reliance on declarations on honour in its grant award and procurement procedures reduces the likelihood of identifying that a counterparty is in an exclusion situation before the signing of a financial agreement. It also goes against the main rationale for introducing an exclusion system, namely to move away from a model for protecting finances dependent on detection and correction and towards a prevention-based model.

Responsibility for central monitoring and oversight of the identification of excludable counterparties is limited

60 Given that multiple authorising officers across the Commission are responsible for identifying counterparties in exclusion situations, monitoring and oversight of their activities are essential to ensuring the effective operation of the EDES. Although the Financial Regulation stipulates that the central assessment of registered exclusion cases should be done, it does not provide for central monitoring and reporting on the effectiveness of the responsible departments in identifying such cases.

61 In practice, we found limited central monitoring and oversight of the identification and registration of EDES cases from 2016 to 2020. In January 2021, OLAF and DG BUDG reported on the follow-up to recommendations issued between 2012 and mid‑2019 to the Commission’s Corporate Management Board⁴⁷. This exercise addressed an IAS observation on the absence of adequate corporate monitoring on the follow-up of OLAF recommendations⁴⁸. At the time of our audit, no central monitoring had taken place on authorising officers’ use of other data sources, such as IMS cases, ECA and IAS audits, or ex-post checks by Commission departments.

62 The IAS also commented on the need to strengthen guidelines and apply the EDES in practice⁴⁹. In particular, the IAS found that arrangements within departments for identifying cases that should trigger an EDES procedure needed to be improved in order to make this a more integrated part of the internal control system. We note that a corporate guide for the EDES was issued in October 2018. The guide provides clear information on when to register EDES cases and the scope and operation of the exclusion procedure. However, guidance on how authorising officers should use the various sources of data to identify counterparties in exclusion situations is lacking.

63 The lack of central monitoring undermines the Commission’s ability to improve the effectiveness of the EDES. Better monitoring would provide a basis for identifying good practice and developing guidance for authorising officers. Such guidance could help promote a more systematic approach to using available data sources to identify counterparties in an exclusion situation and register them in the EDES database. In addition, the department responsible for carrying out this central monitoring would be well placed to champion improvements in the availability of data at EU and national level.

Indirect management: the implementation of the Early Detection and Exclusion System has taken longer than planned

Implementing partners have made a small contribution to the number of early detection and exclusion cases

64 Since 2016, the EDES has applied to EU funds that the Commission manages indirectly under agreements with implementing partners. We examined the implementation in indirect management of the key elements of EDES (the EDES database of blacklisted counterparties, exclusion situations and procedures, and arrangements for checking counterparties).

65 Under the Financial Regulation, the Commission may rely on implementing partners provided they are capable of protecting the EU’s financial interests to an adequate level. The Financial Regulation⁵⁰ requires authorising officers to make a “pillar assessment” of the financial management arrangements of the Commission’s main implementing partners.

66 Under their agreements with the Commission, implementing partners should not provide EU financial support to a counterparty in an exclusion situation and should notify the Commission of any counterparties they find in such a situation. This enables authorising officers to assess whether the counterparty should be subject to an exclusion procedure covering all directly and indirectly managed funds. However, from 2016 to 2020, we found no evidence in the EDES of exclusion cases relating to notifications from implementing partners. For example, DG INTPA, the Commission department with the most implementing partners, identified only one instance.

67 The lack of EDES cases relating to counterparties of implementing partners is largely explained by the same factors that apply in direct management:

• Fragmentation of responsibility for exclusion - The Commission has agreements with around 200 implementing partners, which may in turn rely on sub‑contractors or other intermediaries to implement EU actions. For example, the EIF provides finance to small and medium-sized enterprises through financial intermediaries. Figure 7 illustrates the many actors and levels of agreement in indirect management.
• Difficulties accessing national data - Implementing partners’ checks on counterparties are constrained by the availability of relevant national data on certain exclusion situations. Many of the main implementing partners, such as the EIB Group, deal with counterparties established in a wide range of jurisdictions.
• EU level data sources - Implementing partners face similar (or even increased) constraints to the Commission with respect to using EU level data sources. For example, unlike Commission departments, intermediaries do not have access to the non-public part of the EDES database or the IMS.
• Reliance on declarations on honour - Implementing partners may (and often have to) rely on declarations on honour regarding the absence of exclusion situations when entering into agreements with counterparties.
• Weak central responsibilities for monitoring and oversight - the Commission has not yet examined why implementing partners have reported so few cases of counterparties in exclusion situations.

68 We found a number of other factors that may also be contributing to the low-level of notifications from implementing partners of counterparties in exclusion situations for grants and contracts:

• Agreements with implementing partners may not cover all exclusion situations as derogations are negotiated to reflect the specificities of implementing partners’ arrangements. For example, the Financial and Administrative Framework Agreements with the EIB⁵¹ and the EIF⁵², cover five of the seven EDES exclusion situations.
• Implementing partners may not be in a position to exclude counterparties before there is a final judgment or administrative decision.

69 As regards financial instruments, effective systems for screening counterparties reduce the likelihood of counterparties in exclusion situations receiving EU financial support. For example, the EIB checks the trustworthiness of its counterparties before considering whether they are eligible for EU support. Similar procedures are applied by the EIF’s financial intermediaries.

There have been considerable delays in completing the assessments of implementing partners’ exclusion systems

70 At the time of the audit, the Commission did not have a comprehensive overview of the specific exclusion situations applied by implementing partners or their exclusion arrangements. This was partly due to delays in the pillar assessments of implementing partners’ financial management arrangements for EU spending during the 2021‑2027 period.

71 The assessments require implementing partners to engage external auditors to examine and report on their systems. Before 2019, pillar assessments did not specifically cover implementing partners’ exclusion arrangements. In 2019, the Commission added a new pillar on exclusion in the implementing partner assessments for the 2021-2027 period⁵³. The EDES provisions are reflected in the pillar assessment terms of reference.

72 As of 31 December 2020, only 5 % of pillar assessments had been updated because of delays resulting from the COVID‑19 pandemic. The Commission extended the deadline for finalising assessments to the end of 2021. By the end of 2021, about 42 % of pillar assessments had been updated. The updated pillar assessments are expected to improve the Commission’s understanding of implementing partners’ use of specific exclusion situations, and their arrangements for identifying counterparties for exclusion. However, without monitoring how the implementing partners subsequently operate, the Commission cannot fully ensure that its overview of the application of exclusion systems is accurate.

Shared management: differences of approach undermine the overall effectiveness of exclusion

Member States’ differing approaches to exclusion contribute to unevenness in the protection of the EU’s financial interests

73 Exclusion systems, such as the EDES, can contribute to ensuring an even protection of EU’s financial interests in EU funds under shared management. We examined Member States’ obligations under EU law in connection with exclusion and reviewed the arrangements that apply to cohesion and agricultural spending in four Member States (Estonia, Italy, Poland and Portugal).

74 EU law does not require Member States to establish exclusion systems comparable to the EDES, neither for EU funds nor for their own public funds. However, the Financial Regulation, sectoral legislation for shared management spending, and EU public procurement directives create a number of exclusion-related obligations for Member States for protecting the EU’s financial interests.

75 The Financial Regulation requires Member State authorities to put in place effective internal control systems to prevent or detect and correct irregularities and fraud⁵⁴, but it does not require them to maintain a blacklist and apply exclusion situations and procedures analogous to the EDES, which only covers directly and indirectly managed spending. The Financial Regulation and sectoral legislation⁵⁵ also provide for Member States to use the IMS to report cases of fraud and irregularity relating to EU funds under shared management⁵⁶. However, the Commission must consult Member States before using data reported in this way⁵⁷ and it can only use the data to exclude counterparties from receiving directly or indirectly managed funds.

76 The sectoral legislation covering shared management spending does not require Member States to establish exclusion systems in the corresponding areas, although some provisions in cohesion and rural development spending are relevant to exclusion. For example, cohesion regulations do not allow companies in financial difficulty to receive EU funds⁵⁸, which is comparable to the EDES exclusion situation regarding bankruptcy and insolvency⁵⁹. In agriculture, except for possibilities to exclude from the same measures for two years⁶⁰, there are no legal requirements for applying exclusion situations to counterparties applying for the entitlement-based payments that make up the bulk of EU spending in that area, even though the recipients may be sizeable companies or high-net worth individuals.

77 The EU public procurement directive⁶¹ requires Member States’ authorities to exclude counterparties in certain situations. The requirement applies to all public procurement in the Member States, including public procurement involving EU funds. The directive lists mandatory and optional exclusion situations for Member States to implement in national law. The optional situations include those that are mandatory for the EDES, such as bankruptcy, insolvency and any analogous situations. In practice, in some jurisdictions Member States’ authorities may exercise considerable discretion as to which exclusion situations to apply in specific procurement procedures.

78 This patchwork of exclusion-related obligations is not an effective basis for using exclusion to protect the EU budget in shared management. In particular, it means that there is no common classification in law of what constitutes an exclusion situation for counterparties receiving EU funds under shared management. It also does not provide for counterparties excluded from receiving EU funds in one Member State to be similarly excluded in other Member States. In addition, Member State authorities are not required to consult or apply the EDES exclusion list (paragraph 83)⁶².

79 In the absence of a coherent set of obligations at EU level, we observed considerable differences in the approach to exclusion taken by Member States. The extent to which Member States use exclusion to prevent untrustworthy counterparties receiving shared management funds depends on their national legislation. None of the four Member States covered by our audit had established a fully-fledged exclusion system covering all the different types of EU funds under their management.

80 The lack of consistency in shared management means that counterparties in similar situations may be treated differently. For example, Poland’s national legislation on public finances establishes a limited exclusion system covering recipients of EU structural funds with debts or convictions of fraud, corruption or other criminal offences against the EU budget. In Estonia, counterparties may be prevented from receiving EU funds if convicted of fraud, corruption or other criminal activities not related to EU funds. In Italy, national legislation requires final beneficiaries to pass anti-mafia checks and obtain a certificate before receiving EU agricultural or cohesion funds. In Portugal, counterparties with cohesion fund debts are not allowed to receive further EU funding.

81 Counterparties in similar situations will also be treated differently under shared management compared with direct management. In particular, there is no EU legal basis under shared management for applying the concept of preliminary classification in law to exclude counterparties. In the four Member States covered by our audit, we found differences, with respect to the various exclusion situations, in the extent to which final judgments or administrative decisions were required before the authorities can exclude a counterparty from applying for or receiving EU funds. In effect, the current EU financial rules provide less scope for using exclusion to protect the EU’s financial interests under shared management than under direct management.

Member States could make better use of EU-level data and tools

82 Member State authorities have three main EU‑level data sources at their disposal for the purposes of exclusion: the EDES; OLAF data on fraud and irregularities; and Arachne, a data‑mining and risk-scoring tool. We examined the use Member States make of the available EU level data sources and tools.

83 While Member States authorities may consult the EDES, they are not obliged to do so by the EU’s financial rules. As the 2019 IAS report on the EDES stated, only 16 Member States had appointed a National User Administrator for the EDES and only four of them had accessed the EDES regularly. Similarly, the IAS found that managing authorities are not aware of OLAF investigations and IMS cases concerning the counterparties of the managing authorities of other Member States.

84 Arachne is the EU‑level data‑mining tool for protecting the EU’s financial interests. It is designed to identify risky counterparties, though not specifically those in exclusion situations. The Commission originally developed Arachne to assist Member States’ managing authorities in cohesion to carry out audits and controls. Under the pilot project for agriculture, seven paying agencies are using Arachne and another four paying agencies are in a testing phase.

85 The utility of a data-mining tool largely depends on the quantity and quality of the available underlying data. We found that the utility of Arachne for exclusion purposes was limited by its restricted scope of application within shared management (cohesion and a pilot project in agriculture) and the lack of:

• EU data from OLAF, the IMS, and the EDES;
• completeness and accuracy checks on projects by Member States;
• clearly defined indicators covering the EDES exclusion situations.

86 We note that the Commission has committed itself to exploring possibilities for extending the use of Arachne to all management types (direct, indirect and shared), as part of its anti-fraud strategy⁶³.

87 The sectoral legislation for the 2021‑2027 period, covering the common provisions regulation funds and the common agricultural policy as well as the Recovery and Resilience Facility, the European Global Adjustment Fund, and the Brexit Adjustment Reserve, provide for using the Commission’s single data-mining and risk-scoring tool (i.e. Arachne). Although the tool will remain voluntary for Member States, the inter-institutional agreement on budgetary discipline for the period commits the Commission to providing the tool with a view to it eventually being used by all Member States⁶⁴.

The Commission lacks the necessary overview of Member States’ exclusion arrangements and data

88 Our interviews with the main directorates-general responsible for shared management revealed that they do not have an overview of Member States’ exclusion arrangements. Such an overview could help direct efforts to improve the use of exclusion to protect EU financial interests in all types of management. It could also be used to inform financial actors involved in the implementation of the EU budget about the availability of national data sources relevant for exclusion. Better use and re‑use of data available nationally and at EU level is a prerequisite for creating an effective data-mining tool capable of helping the Commission’s authorising officers to identify counterparties in – or at risk of being in – exclusion situations.

Conclusions and recommendations

89 The purpose of this audit was to assess whether exclusion is being used effectively to protect EU funds from untrustworthy counterparties. We concluded that this is not the case. Although EDES has a broad scope and robust decision‑making procedures, the Commission had only 18 non-bankruptcy related exclusions recorded in the system at the end of 2020 due to shortcomings in the arrangements for identifying counterparties in exclusion situations. This is mainly due to fragmented responsibility for exclusion, difficulties in accessing Member State data, the under‑exploitation of EU data, overreliance on counterparty self-declarations, and limited central monitoring and oversight. In shared management, where EDES does not apply, differences between the approaches taken by Member States’ undermine the overall effectiveness of using exclusion to protect the EU budget.

90 As regards direct management, we found that the EDES covers a broad range of counterparties, types of financial agreements and exclusion situations. However, there is some scope for expanding the range of exclusion situations (paragraphs 21-24).

Recommendation 1 – Expand the range of exclusion

The Commission should address the following issue when preparing its proposal to the legislator on revision of the Financial Regulation: the exclusion of affiliates, beneficial owners and responsible managers of EU‑counterparties, even if they are not EU‑counterparties themselves.

Target implementation date: 2022

91 We also found that the EDES exclusion procedures provide for robust decision-making on counterparties in exclusion situations. In particular, they permit counterparties to be excluded without having to wait for years for a final judgment or administrative decision. The central assessment of cases by an independent panel helps ensure consistent and fair treatment of counterparties (paragraphs 25-29).

92 However, we found a number of shortcomings in the arrangements for identifying whether counterparties are in exclusion situations. These have contributed to the low number of exclusions:

• Fragmented responsibility for identifying excludable counterparties undermines the systematic assessment of counterparties;
• The Commission does not make sufficient use of some of the main EU level data sources;
• The Commission faces difficulties in accessing national data on certain exclusion situations due to legal restrictions and technical barriers;
• The Commission often relies on counterparties’ declarations regarding the absence of an exclusion situation without further checks (paragraphs 30-59).

93 Limited central monitoring and oversight of the Commission departments’ identification of excludable counterparties have helped to perpetuate these shortcomings. In our view, stronger monitoring and oversight arrangements will be key to making better use of exclusion. Such monitoring would benefit from a case management system that is capable of providing an overview of ongoing and closed cases. It would also benefit from better ex-post checks of whether counterparties are in an exclusion situation, guidance for authorising officers on the use of the available data, and further promotion of the use of the EDES (paragraphs 60-63).

Recommendation 2 – Strengthen the implementation of the early detection and exclusion system in direct and indirect management

The Commission should:

1. Develop a case management system capable of providing an overview of ongoing and closed cases.
2. Strengthen corporate oversight of the effective operation of the EDES, including by monitoring authorising officers’:
   1. follow-up of OLAF and EPPO recommendations concerning early-detection or exclusion;
   2. activities and use of available data sources to identify exclusion cases, such as early detection cases, Irregularities Management System records, ongoing OLAF and EPPO fraud investigation cases, final audit results, competition decisions, and implementing partner notifications;
   3. implementation of the EDES panel’s recommendations.
3. Carry out ex‑post checks to ascertain whether counterparties are in an exclusion situation, in particular where authorising officers rely on declarations on honour.
4. Develop standard procedures and guidelines for authorising officers regarding the use of EU‑level data sources, such as early detection cases, Irregularities Management System records, OLAF and EPPO fraud investigation cases, audit findings, competition cases, and implementing partner notifications.
5. Promote awareness of early detection and exclusion among Commission departments, implementing partners and the Member State authorities involved in the management of EU funds.

Target implementation date: 2023

94 As regards indirect management, we found that implementing partners have made a small contribution to the number of exclusion cases registered in the EDES. This is largely explained by the same factors that apply in direct management. We also found three other contributory factors: agreements with implementing partners that do not cover all exclusion situations; the fact that implementing partners cannot exclude counterparties before a final judgement or administrative decision; and the practice of screening out untrustworthy counterparties before they are considered for EU financial support (paragraphs 64-69).

95 The Commission has been slow to complete its assessment of implementing partners’ exclusion systems. Once this has been completed, the Commission will be in a better position to investigate and address the underlying reasons for the low number of counterparties being excluded in indirect management. It will then also be essential for the Commission to monitor the operation of the exclusion systems that implementing partners have put in place (paragraphs 70-72).

Recommendation 3 – Improve the monitoring of early detection and exclusion under indirect management

To achieve a consistent level of protection of EU funds under indirect management, the Commission should ensure that its partners fulfil their obligation to notify the Commission when counterparties are identified as being in exclusion situations.

Target implementation date: starting in 2023

96 Regarding shared management, which mostly covers agricultural and cohesion spending, we found that there is no EU level mechanism for excluding counterparties. In the absence of a coherent set of obligations for using exclusion, our review of four Member States highlighted considerable differences of approach, which contribute to an unevenness in the protection of EU funds. We also found that some Member States could make better use could of EU‑level data and tools, in particular the EDES database, OLAF data on fraud and irregularities, and the data-mining and risk-scoring tool Arachne to protect the EU’s financial interests (paragraphs 73-87).

Recommendation 4 – Extend early detection and exclusion to shared management

The Commission should address the following issue when preparing its proposal to the legislator on revision of the Financial Regulation: applying the key elements of the EDES to funds under shared management, so that counterparties found to be in an exclusion situation are treated consistently across management modes.

Target implementation date: 2022

97 Finally, we found that the Commission lacks an overview of exclusion systems and data in Member States. Such an overview could help direct efforts to improve the use of exclusion and data to protect EU financial interests in all types of management and to create a data-mining tool to help identify counterparties in – or at risk of being in – exclusion situations (paragraph 88).

Recommendation 5 – Make better use of existing data and digital tools

Within the context of its broader efforts to use data and digital tools to protect the EU budget, the Commission should take measures to improve the use of data that is relevant to exclusion, in particular by:

1. carrying out a mapping exercise to identify the sources of relevant data to protecting the EU budget, including national data, and determine how they can be accessed;
2. proposing an adequate legal basis for the access and use of data on EU counterparties, including national data, for audit and control purposes;
3. developing a common data mining and risk-scoring tool with access to all relevant EU and national data with the ownership at corporate level;
4. ensuring the availability of data and promoting its sharing at corporate level; and
5. developing a strategy to ensure that national and EU data on EU counterparties is digital, accessible, standardised and interoperable.

Target implementation date: for recommendations 5(1) and (2) by 2023, recommendations 5(3) by 2025, recommendation 5(4) beginning of the next Multiannual Financial Framework, and recommendation 5(5) by 2023 for EU data and by the date of application of the revised Financial Regulation for the national data

This Special Report was adopted by Chamber V, headed by Tony Murphy, Member of the Court of Auditors, in Luxembourg at its meeting of 26 April 2022.

Acronyms and abbreviations

Arachne: Data-mining and risk scoring tool developed by the European Commission

DG BUDG: Directorate-General for Budget

DG INTPA: Directorate-General for International Partnerships

EDES: Early Detection and Exclusion System

EIB: European Investment Bank

EIF: European Investment Fund

EPPO: European Public Prosecutor’s Office

IAS: Internal Audit Service of the European Commission

IMS: Irregularities Management System

OLAF: European Anti-Fraud Office

REA: Research Executive Agency

Glossary

Authorising officer: A person responsible for implementing an EU body’s revenue and expenditure.

Common provisions regulation: Regulation setting out the rules that apply to all five of the European Structural and Investment Funds in the 2014‑2020 period.

Digitalisation: The shift towards incorporating and using digital technology and digitised information to make processes and tasks simpler, faster, more efficient and/or more economic.

Direct management: Management of an EU fund or programme by the Commission alone, in contrast to shared management or indirect management.

EIB group: The European Investment Bank and European Investment Fund.

European Investment Bank: EU bank, owned by the Member States, which provides financing for projects in support of EU policy, mainly in the EU, but also externally.

European Investment Fund: A specialist provider of risk finance to small and medium-sized enterprises in the EU and certain non-EU countries. Part of the European Investment Bank Group.

Financial instrument: Financial support from the EU budget in the form of equity or quasi-equity investments, loans or guarantees, or other risk-sharing instruments.

Fraud: Intentional and unlawful use of deception to gain material advantage by depriving another party of property or money.

Managing authority: The national, regional or local authority (public or private) designated by a Member State to manage an EU‑funded programme.

Paying agency: A body appointed by a Member State to administer EU agricultural spending.

Pillar assessment: a Commission assessment of an implementing partner’s financial management arrangements.

Preliminary classification in law: a legal assessment of facts and findings on a specific matter carried out before the competent authority has reached a final judgment or administrative decision.

Public procurement: The purchase by a public body or other authority of works, supplies or services, through an open and competitive procedure, in order to achieve quality and value for money.

Shared management: A method of spending the EU budget in which, in contrast to direct management, the Commission delegates to the Member State while retaining ultimate responsibility.

Small and medium-sized enterprises: A size definition applied to companies and other organisations, based on the number of staff employed and certain financial criteria. Small enterprises have fewer than 50 staff, and turnover or a balance sheet total not exceeding €10 million. Medium-sized enterprises employ fewer than 250 staff, and have turnover up to €50 million or a balance sheet total up to €43 million.

Replies of the Commission

https://www.eca.europa.eu/en/Pages/DocItem.aspx?did=61175

Timeline

https://www.eca.europa.eu/en/Pages/DocItem.aspx?did=61175

Audit team

The ECA’s special reports set out the results of its audits of EU policies and programmes, or of management-related topics from specific budgetary areas. The ECA selects and designs these audit tasks to be of maximum impact by considering the risks to performance or compliance, the level of income or spending involved, forthcoming developments and political and public interest.

This performance audit was carried out by Audit Chamber V Financing and administration of the EU, headed by ECA Member Tony Murphy. The audit was led by ECA Member Helga Berger, supported by Silvia Janik, Head of Private Office and Franz Ebermann, Private Office Attaché; Judit Oroszki, Principal Manager; James McQuade, Head of Task; Tomasz Kokot and Attila Horvay-Kovacs, Auditors. Thomas Everett provided linguistic support.

1^st row, from left to right: Ms Judit Oroszki, Mr James McQuade, Ms Helga Berger, Ms Silvia Janik, Mr Attila Horvay-Kovács
2^nd row, from left to right: Mr Thomas Everett, Mr Tomasz Kokot, Mr Franz Ebermann

Endnotes

¹ Section 2.1.1 of Annual Management and Performance Report for the 2020 EU Budget, excluding “Other services and administration”.

² Ibid.

³ Article 73 of Regulation (EU, Euratom) 2018/1046 (the Financial Regulation).

⁴ Article 74 of the Financial Regulation.

⁵ Articles 36 and 63 of the Financial Regulation.

⁶ Recital 5 of Directive (EU) 2017/1371 on the fight against fraud to the Union's financial interests by means of criminal law (PIF directive).

⁷ Article 325 of the Treaty on the Functioning of the European Union.

⁸ Recital 5 of the PIF directive.

⁹ Identified by the ECA based on analysis of the World Banking Group and the US Federal Government.

¹⁰ Article 135 of the Financial Regulation.

¹¹ Ibid.

¹² Ibid.

¹³ EDES database: List of economic operators excluded or subject to financial penalty.

¹⁴ Article 135(3) of the Financial Regulation.

¹⁵ Article 143 of the Financial Regulation.

¹⁶ Commission Decision (EU) 2018/1220.

¹⁷ Article 143 of Financial Regulation.

¹⁸ Article 135 of Financial Regulation.

¹⁹ Article 142(5) of Financial Regulation.

²⁰ LexisNexis Bridger Insight.

²¹ Paragraph 32 of the Interinstitutional agreement of 16 December 2020 on budgetary discipline.

²² Article 136 (4) of the Financial Regulation.

²³ Article 143 of the Financial Regulation.

²⁴ Annual reports on protecting the EU’s financial interest from 2016 to 2020: SWD(2017)268, SWD(2018)382, SWD(2020)157, SWD(2021)256.

²⁵ Point 7 of SWD(2020)157.

²⁶ Article 167(2) and Article 198(2) of the Financial Regulation.

²⁷ EDES database: List of economic operators excluded or subject to financial penalty.

²⁸ IAS audit report: IAS.B4-2017-BUDG-001 of 25 January 2019.

²⁹ Article 136(2) of Financial Regulation.

³⁰ Article 11 ofRegulation 883/2013 on investigations conducted by OLAF.

³¹ Article 136(1) (a) to (d) of the Financial Regulation.

³² Article 136(1) (d), (e) and (f) of the Financial Regulation.

³³ Article 142(2) of the Financial Regulation.

³⁴ Article 142(4) of the Financial Regulation.

³⁵ Ibid.

³⁶ Data supplied by OLAF at the request of the ECA.

³⁷ Article 44 of Regulation EU/2017/1939.

³⁸ Article 6 of the Agreement establishing the modalities of cooperation between the European Commission and the European Public Prosecutor’s Office.

³⁹ Article 142.2 (d) of the Financial Regulation.

⁴⁰ Article 136.2 (d) of the Financial Regulation.

⁴¹ IAS audit report: IAS.B4-2017-BUDG-001 of 25 January 2019.

⁴² Administrative Arrangement between the European Court of Auditors and the European Public Prosecutor’s Office.

⁴³ Table DM3 on p.133 of Part 2 of Statistical evaluation of irregularities reported for 2020 - SWD(2021) 258 final.

⁴⁴ Article 137(1) of the Financial Regulation.

⁴⁵ Example of a Commission template of a declaration on honour.

⁴⁶ Contract Procedures for European Union External Action – A practical guide.

⁴⁷ Minutes of the meeting of the Corporate Management Board of 27 January 2021.

⁴⁸ IAS audit report: IAS.B4-2017-BUDG-001 of 25 January 2019.

⁴⁹ Ibid.

⁵⁰ Article 154 of the Financial Regulation.

⁵¹ Financial and Administrative Framework Agreement of 8 October 2019.

⁵² Financial and Administrative Framework Agreement of 14 February 2020.

⁵³ Commission Decision 2019/C 191/02 of 17 April 2019.

⁵⁴ Article 36(2)(d) of the Financial Regulation.

⁵⁵ Article 144 of the Financial Regulation, Article 5 of Commission Delegated Regulation (EU) 2015/1971 and Article 5 of the Commission Delegated Regulation (EU) 2015/1970.

⁵⁶ Article 122(2) of Regulation (EU) 1303/2013; Article 50(1) of Regulation (EU) 1306/2013, Article 30(2) of Regulation (EU) 223/2014; Article 5(5) of Regulation (EU) 514/2014; Article 21(1)(d) of Regulation (EU) 1309/2013.

⁵⁷ Article 144 of the Financial Regulation.

⁵⁸ Regulation (EU) 1301/2013 on the European Regional Development Fund and Regulation (EU) 1300/2013 on the Cohesion Fund.

⁵⁹ Article 136(1) (a) of the Financial Regulation.

⁶⁰ Article 19 and 35(5) of Regulation 640/2014.

⁶¹ Article 57 of Directive 2014/24/EU on Public Procurement.

⁶² Article 142(5) of the Financial Regulation.

⁶³ Commission Anti‑Fraud Strategy: enhanced action to protect the EU budget COM/2019/196 final.

⁶⁴ Paragraph 32 of the Interinstitutional agreement of 16 December 2020 on budgetary discipline.

Contact

EUROPEAN COURT OF AUDITORS
12, rue Alcide De Gasperi
1615 Luxembourg
LUXEMBOURG

Tel. +352 4398-1
Enquiries: eca.europa.eu/en/Pages/ContactForm.aspx
Website: eca.europa.eu
Twitter: @EUAuditors

More information on the European Union is available on the internet (https://europa.eu).

Luxembourg: Publications Office of the European Union, 2022

PDF	ISBN 978-92-847-7761-7	ISSN 1977-5679	doi:10.2865/451224	QJ-AB-22-006-EN-N
HTML	ISBN 978-92-847-7752-5	ISSN 1977-5679	doi:10.2865/871247	QJ-AB-22-006-EN-Q

COPYRIGHT

© European Union, 2022

The reuse policy of the European Court of Auditors (ECA) is set out in ECA Decision No 6-2019 on the open data policy and the reuse of documents.

Unless otherwise indicated (e.g. in individual copyright notices), ECA content owned by the EU is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. As a general rule, therefore, reuse is authorised provided appropriate credit is given and any changes are indicated. Those reusing ECA content must not distort the original meaning or message. The ECA shall not be liable for any consequences of reuse.

Additional permission must be obtained if specific content depicts identifiable private individuals, e.g. in pictures of ECA staff, or includes third-party works.

Where such permission is obtained, it shall cancel and replace the above-mentioned general permission and shall clearly state any restrictions on use.

To use or reproduce content that is not owned by the EU, it may be necessary to seek permission directly from the copyright holders:

Figure 7: Icons made by Pixel Perfect from https://flaticon.com)

Software or documents covered by industrial property rights, such as patents, trademarks, registered designs, logos and names, are excluded from the ECA’s reuse policy.

The European Union’s family of institutional websites, within the europa.eu domain, provides links to third-party sites. Since the ECA has no control over these, you are encouraged to review their privacy and copyright policies.

Use of the ECA logo

The ECA logo must not be used without the ECA’s prior consent.

GETTING IN TOUCH WITH THE EU

In person
All over the European Union there are hundreds of Europe Direct Information Centres. You can find the address of the centre nearest you at: https://europa.eu/european-union/contact_en

On the phone or by e-mail
Europe Direct is a service that your questions about the European Union. You can contact this service

• by freephone: 00 800 6 7 8 9 10 11 (certain operators may charge for these calls),
• at the following standard number: +32 22999696 or
• by electronic mail via: https://europa.eu/european-union/contact_en

FINDING INFORMATION ABOUT THE EU

Online
Information about the European Union in all the official languages of the EU is available on the Europa website at: https://europa.eu/european-union/index_en

EU Publications
You can download or order free and priced EU publications at: https://op.europa.eu/en/web/general-publications/publications. Multiple copies of free publications may be obtained by contacting Europe Direct or your local information centre (see https://europa.eu/european-union/contact_en)

EU law and related documents
For access to legal information from the EU, including all EU law since 1951 in all the official language versions, go to EUR-Lex at: https://eur-lex.europa.eu/homepage.html?locale=en

Open data from the EU
The EU Open Data Portal (data.europa.eu/en) provides access to datasets from the EU. Data can be downloaded and reused for free, both for commercial and non-commercial purposes.