Protecting the EU’s Financial Interest in the New Recovery and Resilience Facility – The Role of the European Anti-Fraud Office
The Recovery and Resilience Facility (RRF) is a key initiative providing up to €723.8 billion in support of Europe’s economic and social recovery from the Covid-19 pandemic. In light of the unprecedented scale and delivery mechanism of the Facility, the question arises as to how the European Union’s financial interests in the RRF will be protected against fraud and corruption? To answer this question, this article provides an analysis of the legal safeguards in the EU’s Regulation establishing the Recovery and Resilience Facility for the protection of the EU’s financial interests. It also gives a practitioner’s view of the role of the European Anti-Fraud Office (OLAF) in the Commission’s assessment of the national recovery and resilience plans and describes the part OLAF will have during the upcoming implementation phase of the Facility. Ultimately, it is argued that the combined efforts of all actors will be needed to ensure that the funds help accomplish the objectives of the initiative and reach the intended recipients.
The Recovery and Resilience Facility (RRF) is a key initiative of the European Union (EU) to counteract the economic and social impact of the Covid-19 crisis. Both the scale of support and delivery mechanism are unique. With regard to scale, the Facility comprises financial contributions of €723.8 billion1 in loans and grants. These funds aim to help Europe bounce back from the crisis by supporting EU citizens and businesses as well as to contribute to Europe’s green and digital transitioning.
In addition, the RRF employs a specific delivery mechanism. Member States will receive financial support subject to the implementation of national reforms and investments that are outlined in their recovery and resilience plans, provided that these plans have been endorsed by the European Commission and approved by the Council. The Commission will authorise payment based on the fulfilment of milestones and targets reflecting progress on these investments and reforms (which cover areas like public procurement, justice, and public finances). In other words, payment will be linked to performance and not directly to the ultimate costs.
Consequently, the specific features of the RRF affect how the EU’s financial interests are protected. This article aims to explore the impact on the fight against fraud in general and on the role of the European Anti-Fraud Office (OLAF) in particular. The analysis will follow three steps:
First, the article will explore the legal framework set up by the EU’s Regulation establishing the Recovery and Resilience Facility (hereinafter “RRF Regulation”)2 for the protection of the EU’s financial interests;
Second, it will give an overview of the anti-fraud measures in the national recovery and resilience plans;
Third, it will consider the implementation phase of the Facility and examine how OLAF could accompany this phase.
II. Legal Dimension – Anti-Fraud Measures Enshrined in the RRF Regulation
In many ways, the creation of the RRF resembled a journey into unchartered territory, especially with regard to the measures to be implemented to protect the EU’s financial interests. Of interest in this context is which modality of financial implementation was chosen ‒ a question that is not a mere technicality. This refers to the “management mode,”3 which has a significant impact not only on the implementation of the funds as such but also on the corresponding control and anti-fraud framework.
In this respect, Art. 8 of the RRF Regulation clearly states that the “[f]acility shall be implemented by the Commission in direct management.” Compared to other programmes implemented under direct management, however, the RRF is considered a sui generis version of direct management. The main difference lies in the nature of the immediate beneficiary4. Whereas a beneficiary under direct management is usually a natural person or entity, including private companies,5 the beneficiary (or borrower in the case of loans) under the RRF is an EU Member State.6
Under this set-up, how does the RRF Regulation aim to ensure sound control and anti-fraud measures? The answer can be found mainly in Art. 22 of the Regulation, which contains comprehensive provisions on the protection of the EU’s financial interests. A closer analysis of Art. 22 reveals several key features. For the purpose of this article, four features are relevant, namely:
The concept of “serious irregularities”;
The central role of Member States in the protection of the EU’s financial interests;
The explicit empowerment of the Commission, OLAF, the Court of Auditors and, where applicable, the European Public Prosecutor’s Office to exert their rights;
The collection of data on final recipients of funds.
The first feature is of a conceptual nature, as the RRF Regulation introduces the notion of “serious irregularities,” which cannot be found as such in the rules governing the previous and current Multiannual Financial Frameworks.7 Recital 53 of the RRF Regulation defines serious irregularities as “fraud, corruption and conflicts of interest.” This is particularly interesting, as it provides an alternative to the dichotomy of “criminal” versus “administrative” acts used in other areas, for example in the annual reports on the protection of the EU’s financial interests, which distinguish between “fraudulent” and “non-fraudulent” irregularities.8 Following conventional logic, fraud and corruption would fall into the “criminal” category, while conflicts of interest are often considered “administrative” offences in many jurisdictions.9 Nevertheless, for the purpose of the RRF, these three offenses (fraud, corruption, conflicts of interest) are grouped together. This is of particular practical relevance, as the RRF attaches specific importance to the treatment of serious irregularities. In addition to the arrangements to avoid double funding from the RRF and other Union programmes, for example, Member States are required to lay out in detail in their national recovery and resilience plans their system to prevent, detect, and correct serious irregularities; the Commission, in turn, must assess the measures outlined in the plans.10 Another example is the possibility for the Commission to reduce financial support proportionately and recover amounts from the Member States in case of serious irregularities that were not corrected by the Member States or in case of a “serious breach of an obligation” involving the financing agreement concluded between the European Commission and the respective Member State.11
The second salient feature is Art. 22(1) of the RRF Regulation, which clearly identifies Member States and their internal control systems as the main instrument for safeguarding the financial interests of the Union. The provision reads as follows:
In implementing the Facility, the Member States, as beneficiaries or borrowers of funds under the Facility, shall take all the appropriate measures to protect the financial interests of the Union and to ensure that the use of funds in relation to measures supported by the Facility complies with the applicable Union and national law, in particular regarding the prevention, detection and correction of fraud, corruption and conflicts of interests. To this effect, the Member States shall provide an effective and efficient internal control system and the recovery of amounts wrongly paid or incorrectly used. Member States may rely on their regular national budget management systems.
Art. 22(1) is pivotal, as it further clarifies the responsibility of Member States above and beyond the previously specified treatment of serious irregularities. While Art. 22(1) stresses “in particular [the fight against] fraud, corruption and conflicts of interest” [emphasis added], it also clearly recognises the obligation of Member States to protect the EU’s financial interests in their entirety, i.e., to “take all the appropriate measures to protect the financial interests of the Union and to ensure that the use of funds […] complies with the applicable Union and national law.” As a logical consequence of this wording, Member States are expected to correct all types of irregularities12 without distinguishing whether these irregularities were fraudulent, i.e., committed intentionally, or merely “administrative” in nature.
As a third key feature, the RRF Regulation confirms the competence of EU control bodies and investigation bodies applies. In this context, the RRF Regulation implements a general requirement of Art. 129(1) of the Financial Regulation, namely the need to expressly authorise in financial agreements the ability of the Commission, OLAF, the Court of Auditors and, where applicable, the European Public Prosecutor’s Office to exert their competences. This is ensured in Art. 22(2)(e) of the RRF Regulation. Similarly, and in line with the Financial Regulation, this requirement also applies to “all final recipients of funds paid for the measures for the implementation of reforms and investment projects included in the recovery and resilience plan, or to all other persons or entities involved in their implementation.” Hence, Member States must ensure that these rights are properly “cascaded down” to the final recipients of funds.
The fourth feature is the explicit requirement for Member States to collect certain data, in particular the names of final recipients, contractors, sub-contractors, and beneficial owners of RRF expenditure. This constitutes a true novelty compared to the rules in the Multiannual Financial Framework 2014-2020. Given that “following the money” is crucial in financial investigations, these requirements are of particular value in the fight against fraud, keeping in mind especially the performance-based nature of the RRF.
III. Anti-Fraud Measures in National Recovery and Resilience Plans
A further novelty of the RRF process is the drafting of national recovery and resilience plans in advance of the disbursement of funds. In light of the performance-based nature of the RRF, the main purpose of these plans is to develop and describe the foreseen reform and investments, including corresponding milestones and targets. However, the plans are also crucial from an anti-fraud perspective. As mentioned previously in section II, the plans must contain an explanation of the Member States’ proposed systems to prevent, detect, and correct serious irregularities as well as the arrangements taken to avoid double funding from the Facility and other Union programmes. The Commission will subsequently assess the measures outlined in each plan. If a plan fails this assessment with regard to the audit and control elements, it fails in its entirety in accordance with Annex V of the RRF Regulation. These consequences reflect the importance attached to the anti-fraud actions. By assessing each national recovery and resilience plan the Commission also fulfils its role of performing an ex-ante check of the Member States’ audit and control systems for the RRF.
The European Anti-Fraud Office (OLAF) has contributed to the screening and assessment of the national plans. OLAF can build on over twenty years of experience in investigating fraud as well as on its prevention work, which includes practical anti-fraud advice to the relevant Commission services. OLAF has provided its input on whether the control and audit mechanisms described in the plans were solid enough to protect the EU’s financial interests, with the aim of ensuring that the measures were as concrete and operational as possible.
As of September 2021, a majority of Member States’ plans had been approved.13 This confirms that the majority of Member States have put audit and control arrangements into their respective plans that meet the requirements of the RRF Regulation. From a more general perspective, i.e., going beyond the specific conditions of the RRF Regulation, an analysis of the audit and control elements in the available national plans allows for the identification of certain areas that will require close attention in the future:
The plans show that Member States predominantly use existing systems and bodies based on national budget procedures and/or on shared management. In this context, it is important to observe that the RRF will represent an additional source of funding for Member States that already receive contributions from other European funds.14 This may increase pressure on the management and control systems. The implementation deadline for RRF expenditure by 2026 could also be another reason contributing to this pressure.
For some Member States, the Commission will specifically monitor the implementation of certain measures that still need to be developed after approval of the plans, e.g., defining new rules or making technical adaptions to IT systems in order to collect data on the final recipients of RRF funds. This monitoring will be linked to milestones that need to be fulfilled before the first payment request is submitted to the Commission. Beyond the measures to be implemented as part of these milestones, it will be important for Member States to continue to implement other types of anti-fraud measures, such as training and awareness-raising measures.
As the RRF Regulation does not foresee the use of a single IT tool for the collection and storage of data on final recipients, Member States will collect and store this information at the national level. While the EU institutions will have access to this data upon request, the efficiency of such a two-tier structure remains to be tested in practice and will depend on smooth cooperation between the national and EU levels.
With regard to risk analysis, the European Commission strongly recommends the use of “ARACHNE”15 as a single data mining and risk scoring tool, and many Member States have announced that they plan to use this system for the purpose of the RRF. To the extent that some Member States continue to rely on national systems, the Commission will have to make sure this does create a situation that would reduce the ability of different actors and authorities to analyse risk patterns/trends and to identify risky beneficiaries. Consistent use of ARACHNE by all Member States would be beneficial in the long run.
IV. Implementation Phase and OLAF’s Involvement
These measures to protect the EU’s financial interests will soon be tested in practice when the implementation phase begins and the first payments are issued. During this phase, OLAF will fulfil its mandate by conducting administrative investigations into RRF-related expenditure, which the Office has already been doing in other areas of EU funding. Similarly, OLAF will also provide financial support to Member States for anti-fraud measures via a dedicated funding instrument, the Union Anti-Fraud Programme.16
In addition to these “traditional” actions, extra effort will be necessary to ensure that the RRF is securely and effectively protected against fraud. For this purpose, OLAF intends to team up with national authorities and its partners at the EU level, e.g., Europol and, where relevant, the European Public Prosecutor’s Office. Several avenues of cooperation are possible. For example, based on its past experience in shared management operations, OLAF will support the Commission’s services in relation to RRF expenditure by continuing to share dedicated anti-fraud advice on Member States’ management systems. Looking ahead, lessons learned from the screening of the national plans and upcoming investigative experiences gathered in conjunction with RRF expenditure can be integrated into future fraud prevention measures and used to issue warnings and red flags. Reaching out to Member States to raise awareness and, where necessary, developing tailor-made support measures should round off these efforts.
Against this background, the challenge – and ultimate test of success – will be how well different actors cooperate to fulfil their common goal of protecting the EU’s financial interests and ensuring that this extraordinary effort to relaunch Europe after the devastating effects of the pandemic is not undermined by fraud.
The legal framework of the RRF Regulation to protect the EU’s financial interests can be considered robust. Member States, as beneficiaries or borrowers of RRF funds, are obliged to detect and correct all irregularities, especially serious irregularities, such as fraud, corruption, and conflicts of interest. The requirements on the collection and storage of data for final recipients, (sub-) contractors, and beneficial owners are particularly valuable from a control and investigatory perspective. The majority of Member States have submitted national recovery and resilience plans, including outlines of the audit and control systems, which the European Commission has assessed positively with the practical input of OLAF. In addition, Member States’ management and control systems will be supported and complemented by bodies at the EU level, whose power to audit and investigate RRF expenditure has been confirmed. No authority can shoulder the burden of protecting the RRF against fraud on its own. It is therefore fitting that the RRF requires all anti-fraud actors to rethink their priorities, adjust their working methods as necessary, and work together even more closely to ensure the smooth functioning of the control system.
The amount of funding is expressed in 2020 prices, see: <https://ec.europa.eu/info/business-economy-euro/recovery-coronavirus/recovery-and-resilience-facility_en>, accessed 4 November 2021. In contrast, the amount in the RRF regulation is expressed in 2018 prices – hence the number in the RRF Regulation itself appears lower.↩︎
Regulation (EU) 2021/241 of the European Parliament and of the Council of 12 February 2021 establishing the Recovery and Resilience Facility, O.J. L 57, 18.2.2021, 32.↩︎
Art. 62 of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union (the “Financial Regulation”), O.J. L 193, 30.7.2018, 1, outlines three different methods of budget implementation: direct management (by Commission departments and Union delegations), shared management (with Member States), and indirect management (by entrusting budget implementation tasks to certain entities, such as international organisations, third countries, or individual Member State organisations).↩︎
Please note that for the purpose of the RRF and for this article, the term beneficiary refers to Member States, while the term final recipient refers to the entity or natural person ultimately receiving funding with a Member State.↩︎
For 2020, the European Commission’s Financial Transparency System identifies private entities as the top beneficiary group receiving 50% of funding from direct management programmes, see: <https://ec.europa.eu/budget/financial-transparency-system/analysis.html>, accessed 4 November 2021.↩︎
See, for example, Recitals 8 and 18, Art. 4(2) and Art. 22(1) of Regulation (EU) 2021/241, op. cit. (n. 2).↩︎
See, for example, the Common Provision Regulations for the respective Multiannual Financial Frameworks, i.e., Regulation (EU) 2021/1060 of the European Parliament and of the Council laying down common provisions on the European Regional Development Fund, the European Social Fund Plus, the Cohesion Fund, the Just Transition Fund, and the European Maritime, Fisheries and Aquaculture Fund and financial rules for those and for the Asylum, Migration and Integration Fund, the Internal Security Fund and the Instrument for Financial Support for Border Management and Visa Policy, O.J. L 231, 30.6.2021, 159 – 706 and Regulation (EU) No 1303/2013 of the European Parliament and of the Council laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development, and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries Fund, O.J. L 347, 20.12.2013, 320–469. Please note that the current Financial Regulation (op. cit. (n. 3)) uses the term “serious irregularity” in Art. 236 in relation to budget support to a third country, yet without further defining the term.↩︎
See, for example, the 31st Annual Report on the protection of the European Union’s financial interests ‒ Fight against fraud ‒ 2019, pp. 13-14. Available at <https://ec.europa.eu/anti-fraud/sites/default/files/pif_report_2019_en.pdf> accessed 4 November 2021.↩︎
See, for example, N. Nikolov (2013), “Conflict of interest in European public law”, (2013) 20 (4) Journal of Financial Crime, pp. 406-421; J. Oldfield, “Overview of conflict of interest and related offences”, Transparency International <https://knowledgehub.transparency.org/helpdesk/overview-of-conflict-of-interest-and-related-offences> accessed 4 November 2021.↩︎
See Art. 18(4)(r) and Art. 19(3)(j) of Regulation (EU) 2021/241, op. cit. (n. 2).↩︎
Art. 22(2)(5) of Regulation (EU) 2021/241, op. cit. (n. 2).↩︎
In the sense of Art. 1 Council Regulation (EC, Euratom) 2988/95 of 18 December 1995 on the protection of the European Communities financial interests, O.J. L 312, 23.12.1995, 2, which defines irregularity as “any infringement of a provision of Community law resulting from an act or omission by an economic operator, which has, or would have, the effect of prejudicing the general budget of the Communities or budgets managed by them, either by reducing or losing revenue accruing from own resources collected directly on behalf of the Communities, or by an unjustified item of expenditure.”↩︎
See: <https://ec.europa.eu/info/business-economy-euro/recovery-coronavirus/recovery-and-resilience-facility_en> accessed 4 November 2021.↩︎
See, for example, Z. Darvas, , “Will European Union countries be able to absorb and spend well the bloc’s recovery funding?, bruegel Blog Post <https://www.bruegel.org/2020/09/will-european-union-countries-be-able-to-absorb-and-spend-well-the-blocs-recovery-funding> accessed 4 November 2021.↩︎
ARACHNE is an IT tool for data mining and data enrichment developed by the European Commission. It aims to support the controls and checks by Member State authorities in the area of Structural Funds, see: <https://ec.europa.eu/social/main.jsp?catId=325&intPageId=3587&langId=en> accessed 4 November 2021.↩︎
On the new Union Anti-Fraud Programme, see also the article by G. Roebling and S. Buksa in this issue.↩︎