Managing Public Procurement Risks in Romania

As shown in Figure 3.1, the majority of respondents to the OECD’s 2024 survey on the Recommendation on Public procurement have put in place strategies or tools to management public procurement risks. More than a quarter of the respondents (12 out of 40) have developed a strategy specifically for managing public procurement risks while others have instead integrated public procurement into a broader risk management strategy (28% or 11 out of 40).

Challenges or weaknesses in the public procurement system often manifest as risks; conversely, a risk management approach can help to address broader challenges or weaknesses. For example, a lack of professionalisation in the procurement workforce can increase operational risks through implementation delays, increase integrity risks through conflict of interest, and increase environmental risks through a lack of technical knowledge. Public procurement risk management must therefore take a comprehensive approach and consider both specific incidents and system-wide challenges. This is particularly true for integrity and corruption risks, which can be addressed by specific tools and processes (e.g. checklists, risk registries) and by efforts to address broader systemic factors (e.g. codes of conduct, training). Box 3.1 provides examples from Greece and Tunisia of different approaches to the implementation of risk management in public procurement.

In line with the OECD Recommendation and good practices, Romanian authorities have put in place anti-corruption frameworks, processes and measures at different points in the procurement process, as well as general support for public procurement risk management. Some of these processes and measures are directly aimed at public procurement, while others relate to integrity or operational risks more generally.

This chapter evaluates Romania’s implementation of risk management in public procurement, with a focus on integrity and corruption risks. The first section provides an overview and analysis of the key risk management frameworks applicable to public procurement. The second section does the same for risk management tools.

From a legal perspective, Romania has made significant efforts to enhance the management of risks threatening the functioning of public administration, the protection of public funds and the delivery of public services. In this context, Government decision no.599/2018 and the risk management standard within the internal control standards (the Code of Internal Managerial Control) are particularly noteworthy.

The Romanian government issued Government Decision no.599/2018 as part of the NAS (2016-2020), requiring central public authorities and institutions to develop a corruption risks registry and an integrity incident registry. The Decision provides a methodology for evaluating and managing corruption risks and a standard procedure for evaluating integrity incidents. It also includes annexes with corruption risk and incidents registry templates and guides on how to complete them (OECD, 2023[3]).

The corruption risk registry and the integrity incident registry are designed to be complementary. The corruption risk registry records preventive measures, while the integrity incident registry is a post-evaluation tool to document breaches. To identify risks, assess their consequences, develop control measures and monitor their effectiveness, Decision 599/2018 calls for the creation of a working group in each entity. For regular-sized organisations, the working group must include members from integrity, internal control, disciplinary responsibility, internal audit, human resources, internal managerial control, public procurement and financial areas. When an integrity incident is registered, it is used by the entity as an input to analyse the incident's causes and circumstances and to propose corrective measures.

The Ministry of Justice collects integrity reports and prepares an annual report that serves as an input for identifying corruption risks (OECD, 2023[3]). While the Ministry does not collect or monitor corruption risk registries, it monitors public authorities’ implementation of Decision 599/2018 to identify and correct practical problems encountered in its application and increase awareness, understanding and implementation. The monitoring has revealed issues such as incomplete corruption risk registries or integrity incident registries and limited internal reporting of integrity incidents. Through this process, the Ministry has made recommendations to public authorities aimed at improving internal communication and coordination processes on integrity incidents, strengthening whistleblower processes, and aligning reporting with the standards set by Decision 599/2018.

Romania’s public procurement legal framework further supports risk management by embedding integrity and ethics provisions that ensure the application and adherence to integrity rules. Public procurement officials are subject to general administrative law, which outlines comprehensive conduct and ethics regulations. This legal framework includes rules on financial disclosure, conflict of interest verification, incompatible positions, audit and control standards, and whistle-blower protections (World Bank, 2021[4]).

The NAS (2021-2025) complements these procurement-specific measures by providing a broader national approach to combating corruption. It includes initiatives that support the implementation of risk management practices across all areas of public administration as well as procurement-specific measures (Ministry of Justice, 2021[5]). Additionally, risk management in public procurement is reinforced by the development of general codes of ethics and integrity by public entities, as mandated by the relevant laws.

Despite the frameworks summarised above, the implementation of risk management in public procurement in Romania is often inconsistent. Where contracting authorities do address risks, their approaches are often fragmented and reactive rather than proactive. Many contracting authorities do not take a structured approach towards risk management, such that risk analysis is generally not considered during the full end-to-end procurement process and there are limited contributions from across the organisation. This reflects many of the challenges described in Chapter 2: a weak culture of integrity, a lack of coordination between stakeholders, and the capacity and capabilities of the public procurement workforce. The effectiveness of these existing risk management tools would be significantly enhanced by harmonising their implementation.

Many Romanian contracting authorities do not fully grasp the strategic importance of risk management. For example, internal managerial controls are often seen as tasks to fulfil legal requirements and comply with audit recommendations, rather than as opportunities to proactively identify and mitigate risks. The tendency to address problems only when they arise, instead of taking preventative measures, undermines the effectiveness of risk management. Risk management is often implemented by public buyers without being formalised, communicated or documented. The extensive frameworks can mask challenges and completing them can be a mere formality.

While Romania has made significant strides in putting in place these risk management frameworks and addressing risks related to corruption and fraud, their implementation lacks a strategic and harmonised approach. The various risk registers and processes are often duplicative and administratively burdensome rather than being complementary. For instance, the general risk registries required by the General Secretariat of the Government are not aligned with the corruption risk registry established under Decision 599/2018, leading to inefficiencies.

At the policy making level, there are indications that increased harmonisation could be beneficial. The interviews for this project revealed, for example, differing views between key institutions over whether or not the risk management standard applied to public procurement.

Romania would benefit from harmonising public procurement risk management efforts and ensuring that general frameworks are applied consistently in public procurement. This could begin with a comprehensive mapping and assessment of how frameworks are applied to public procurement, with the goal of identifying gaps and overlaps. Based on this analysis, Romania could develop specific guidance tailored to integrating these frameworks into procurement processes. This effort would require the involvement of multiple stakeholders (e.g. through the Inter-ministerial Committee for Public Procurement).

Furthermore, while the Ministry of Justice has taken efforts to increase capacity through the NAS, the OECD’s 2023 report, “Promoting Corruption Risk Management Methodology in Romania: Applying Behavioural Insights to Public Integrity”, found that implementation of Decision 599/2018 has been uneven. While some organisations correctly identify vulnerable activities, describe the risks and propose meaningful interventions, others lack understanding of each step’s requirements or do the minimum to comply with the regulation. The Ministry of Justice offers support and assistance on demand, but this support is not well known and not often requested (OECD, 2023[3]). During interviews conducted for this project, stakeholders also indicated that public officials completing the registries did not always feel comfortable identifying vulnerabilities and risks that implicated senior officials or politicians.

While not able to provide a comprehensive overview of the implementation of the corruption risk and integrity incidents registries with respect to public procurement, Romanian officials noted that contracting authorities’ approaches to the identification and evaluation of corruption risks and integrity incidents were inconsistent. For example, some contracting authorities identified specific mitigation actions tailored to identified public procurement risks, while others identify more general approaches such as training and promoting integrity norms. In the 2024 survey of public procurement professionals carried out by the OECD, only 49 (37%) and 29 (22%) out of 134 respondents indicated that they were aware of the corruption risk registry and integrity incident registry respectively.

Romania would benefit from providing more guidance on the identification and evaluation of corruption risks and incidents under Decision 599/2018. This would help standardise processes across contracting authorities and provide officials with support in recognising vulnerabilities. The risk map developed under this project can also be a key input for contracting authorities (see Chapter 4).

In addition to this wider approach, Romania has specific tools to support risk management in public procurement. This section provides an overview and analysis of the key public procurement risk management tools. These tools include an ex ante verification mechanism for conflict of interest, and extensive guidance for practitioners, as well as specific good practices implemented by individual contracting authorities. This approach is aligned with the OECD Recommendation on Public Procurement, which advises adherents to develop tools to identify and address threats to the public procurement system and to tailor general public sector integrity tools to the specific risks of the procurement cycle (OECD, 2015[1]).

Stakeholders repeatedly noted that the challenge was not primarily a lack of tools or guidance, but of the ways in which tools and guidance are put into practice. This fragmented approach undermines the overall effectiveness of risk management efforts in Romania's public procurement system.

Managing public procurement risks requires having a good knowledge of the public procurement framework. ANAP has developed a series of tools and supports related to public procurement risk management. The most prominent and comprehensive is the Online Public Procurement Guide, which was developed to provide operational support to practitioners involved in the national public procurement system and covers all stages of the public procurement process. In the OECD’s survey of public procurement professionals, 81% of respondents were aware of the Online Public Procurement Guide, the highest awareness of the different tools and measures surveyed. In questionnaires and interviews, stakeholders generally indicated that they found the Guide a useful tool.

The Online Public Procurement Guide includes specific guidance on risk management, outlining the need to ensure the review of risks at all stages of the procurement process, from planning to contract implementation, a risk registry with examples of risks throughout the procurement process. Interestingly, this specific element of the Guide was not mentioned by stakeholders during interviews for the project. In the OECD’s survey, only 52% of those aware of the Online Public Procurement Guide were also aware of its risk management components. Of these, 59% indicated that their organisation used the risk registry; however, this is only 25% of the total respondents to the survey. ANAP could further promote the existing guidance on risk management. In addition, given that risk management is a professional area on its own, and that procurement professionals are not highly knowledgeable on this area, it could be beneficial to further simplify the guidance to adapt it to the audience.

ANAP has also developed guides on common non-compliance issues and corrective measures. These guides cover the most common issues of non-compliance identified in award documentation for goods, services and works contracts as identified through ANAP’s ex ante control activities. In the survey of public procurement professionals carried out by the OECD, 75 out of 134 respondents (56%) indicated that they were aware of the ANAP guides on common non-compliance issues and corrective measures. This is accompanied by guidance on a broad range of issues, from how to deal with minor technical deviations in tender evaluation, to the suitability of requests for demonstrations in the purchase of IT systems, to the relevance of project management certificates (National Agency for Public Procurement, n.d.[6]).

A "Guide on the implementation of internal managerial control standards in public procurement by the contracting authorities" was also developed with the European Investment Bank. It includes a series of recommendations and tools for the implementation of the standard on risk management (Standard 8) from a practical perspective of the public procurement process (European Investment Bank, 2018[7]).

ANAP could further promote its guides and methodological support and make them accessible to practitioners. While ANAP’s Online Public Procurement is widely known and considered a useful tool, there is less awareness of components of the tool related to risk management and compliance. Promoting these existing tools to practitioners and raising awareness of how they can be applied would be a cost-effective way to improve risk management in public procurement. This could be accomplished by incorporating them into training, communication, and workshops. ANAP should also ensure that guides and support are adapted to and can be applied by the broad range of officials who carry out procurement (e.g. by producing accessible summaries).

Conflict of interest has been identified as a key issue in the Romanian public sector and in particular in the public procurement field. In response, ANI developed and implemented PREVENT, a successful integrity risk management tool in use across the Romanian procurement system. PREVENT acts as an ex ante verification mechanism which allows ANI to identify potential conflict of interest between individuals in contracting authorities and economic operators.

First, an integrity form is completed in SEAP by the contracting authority and by the economic operators submitting tenders. Within the contracting authority, information on all individuals involved in the procedure (including persons with decision-making positions, the evaluation committee, and any consultants or experts) must be included. PREVENT then automatically checks this information against databases related to citizenship, the commercial register, and declarations of assets and interests for public officials (World Bank, 2021[4]). The PREVENT legislation provides specific deadlines that must be respected by contracting authorities and by ANI (e.g. the integrity form must be submitted within five days of bid opening and, if an integrity warning is issued, ANI must send it to the contracting authority within three business days).

Key strengths of PREVENT are that it verifies all procurement procedures (rather than on a sample basis) and that it allows conflicts to be addressed without delaying the public procurement procedure. Between June 2017 and December 2023, 183 integrity warnings for potential conflict of interest in public procurement procedures were issued, amounting to over RON 9.4 billion (over EUR 1.9 billion). In approximately 99% of cases, contracting authorities reported addressing the causes of the conflict. The number of identified conflict of interest decreased by half over the first two half years of PREVENT’s implementation, demonstrating a clear impact (National Integrity Agency, 2024[8])

Stakeholders generally agreed on PREVENT’s effectiveness. However, they raised a few areas for improvement:

• There can be inconsistencies in which roles are identified in the integrity form and in keeping information up to date through the procurement process. All procurement officials involved in the procurement process (including from the technical areas) should be identified in these forms. However, in practice, discussions with stakeholders highlighted that they were not always mentioned. During interviews, stakeholders largely attributed these lapses to errors rather than fraud: those completing integrity forms often have high turnover and limited training. In the 2024 survey of public procurement professionals carried out by the OECD, only 31% of 134 respondents indicated that they were aware of PREVENT. While ANI has previously organised courses on using PREVENT under an EU-financed project, it has limited capacity for awareness raising and training activities and has tried to decentralise this role by encouraging organisations to develop their own training. Through the RRP, ANI will receive funding to develop a platform to answer questions and provide reference cases on integrity issues (European Commission, 2021[9]). It would be beneficial to use this opportunity to raise awareness on how integrity forms should be completed (including all officials contributing to the tender documentation, including the technical specifications). This could be done by publishing and disseminating a dedicated note to contracting authorities.

• A lack of funding for system maintenance and the reliance on databases maintained by other institutions can create technical challenges. Through the RRP, investments are being made to upgrade PREVENT’s system infrastructure, such as improving technical connections between databases and limiting manual data entry (European Commission, 2021[9]). Romania should ensure stable funding for the ongoing operation and maintenance of PREVENT.

• PREVENT is limited to the legal definition of conflict of interest and what can be identified by the information in SEAP and the linked databases. This means that procedures that are not carried out on SEAP (such as direct awards) cannot be verified. Some stakeholders also suggested that the decline in the number of identified conflict of interest could be partially attributed to more sophisticated activity by those seeking to avoid detection. A Transparency International report identified conflict of interest among friends and distant relatives, which would not be flagged by PREVENT, as among the most common types of corruption in public procurement (Transparency International Romania, 2023[10]). Romania could consider mandating the use of SEAP for a broader range of procurement procedures and undertaking the necessary developments to the platform.

Recognising that public procurement is a high-risk area, the development of a dedicated risk register to support the identification and management of public procurement corruption risks is a specific measure under the NAS (2021-2025. The risk register is being developed through the project funded by the European Commission and implemented by the OECD “Support in implementation of the integrity and anti-corruption framework in Romania, including reducing the risk of corruption in public procurement”; Further details on the development and content of the risk map is provided in Chapter 4. In the survey of public procurement professionals carried out by the OECD, 48 out of 134 respondents (36%) identified a public procurement risk register (with a focus on integrity risks) as a useful tool, suggesting further work may be necessary to promote and support the risk map’s implementation.

Risk management is addressed in the Annual Public Procurement Strategy and the Contracting Strategy that contracting authorities are required to develop and publish (Government of Romania, 2001[11]) (Government of Romania, 2024[12]). A risk register is included in both the Annual Public Procurement Strategy (at the level of the contracting authority) and in the Contracting Strategy (at the level of the individual procurement process). ANAP’s Online Public Procurement Guide contains extensive support and guidance on the Annual Public Procurement Strategy, such as a calendar to plan its development.

The Contracting Strategy template asks buyers to include a risk register as an annex and to specify the sources of risk identified and whether and to what extent the risks identified were taken into account when establishing the procurement methods and the content of the procurement documents. Similarly, the template for the Annual Public Procurement Strategy requires that a risk register be attached to the document. The risk register should identify risks and document the measures established to manage those risks.

Romania could promote the use of the comprehensive risk map developed under this project (see section above) in the development of contracting authorities’ Public Procurement Strategies and Contracting Strategies. The risk map could be used as a key input for contracting authorities to identify and manage different risks threatening the achievement of their public procurement objectives.

Romania is a significant recipient of EU funds aimed at aligning the country with European priorities and supporting investments. For instance, Romania’s RRP totals EUR 28.5 billion in the 2021-2027 period (EUR 14.9 billion in loans and EUR 13.6 billion in grants). These funds, focused on areas such as green energy generation and infrastructure development, will be largely implemented through public procurement (European Commission, n.d.[13]).

The Ministry of European Investments has put in place operational procedures for the verification of public procurements, including checklists. The checklists contain questions regarding regulatory and legal compliance, indicating the main legislative provisions that must be respected.

The checklists are designed for the main phases of a procurement process, including publication, choice of procedure, qualification and selection criteria, award criteria, evaluation of offers, communication of the results, signing of the contract, and award notices. They identify risk factors for conflict of interest and fraud and additional steps to be taken if the risk factors are present. These include, for example, that unsuccessful bidders are sub-contractors or employees of the successful bidder, indicating potential collusion or bid-rigging.

ARACHNE is a risk scoring tool developed by the European Commission with the aim of supporting managing authorities responsible for the European Structural and Investment Funds to identify effectively and efficiently most risky projects, contracts, contractors, and beneficiaries. ARACHNE establishes a comprehensive database of projects and enriches the data with publicly available information from external data sources (such as Orbis and World Compliance) to identify, based on a set of risk indicators, the projects, beneficiaries, contracts, and contractors which might be susceptible to risks of fraud, conflict of interest and irregularities. The tool provides risks alerts to help management verifications, but it does not supply proof of error, irregularity, or fraud (European Commission, n.d.[14]). A 2022 European Parliament report found that ARACHNE provides value in assessing conflict of interest and identifying red flags but issues include data collection (administrative burden), accuracy issues (high number of false positives) and legislative barrier (in particular regarding national data protection laws) (European Parliament, 2022[15]).

In Romania, the Reforms and Investments Coordination Unit of the Ministry of Justice uses ARACHNE to carry out checks for the prevention, detection and correction of conflict of interest arising in public procurement procedures carried out by beneficiaries, for bidders registered outside Romania or holding companies registered abroad, as they are not registered in the Trade Register database and cannot be checked through the PREVENT system (Ministry of Justice, 2024[16]). Managing Authorities for EU Funds, such as the General Directorate of the Health Operational Programme in the Ministry of European Investments and Projects, also reported using ARACHNE in the context of monitoring public procurement.

Romania should consider the broader application of these processes and tools for national funds. Extending the use of these processes and tools could help align national practices with the standards required for managing European funds, fostering trust and supporting risk management. However, their broader application may increase administrative burden and require adjustments to the tools and processes or additional resources.

Individual contracting authorities have also implemented good practices in risk management. Generally, larger contracting authorities have the resources to put in place more sophisticated risk management tools and processes. For example, one contracting authority undertakes counter-party evaluation, initially conducted by consultants and later advanced by the risk department. This involves a detailed questionnaire with 13 questions that assess suppliers' and clients' compliance systems, covering areas such as anti-corruption policies, political influence among shareholders, past procurement cancellations due to corruption, and the presence of offshore shareholders. Based on the results, parties are classified as low, medium, or high risk, with corresponding actions such as sending anti-corruption policies for medium-risk parties or providing in-person training for high-risk entities. Another contracting authority has developed an app to help employees manage integrity risks, including conflict of interest, by making it easier to upload critical information.

These efforts suggest opportunities for learning and the exchange of good practices between contracting authorities. Establishing and expanding mechanisms such as workshops, peer-to-peer learning initiatives and good practice-sharing platforms could facilitate the spread of effective risk management tools. The communities of practice recommended in Section 1.1.3 would be one such approach.

[9] European Commission (2021), Analysis of the recovery and resilience plan of Romania.

[14] European Commission (n.d.), ARARCHNE risk scoring tool, https://ec.europa.eu/social/main.jsp?catId=325&intPageId=3587 (accessed on 23 August 2024).

[13] European Commission (n.d.), Romania’s recovery and resilience plan, https://commission.europa.eu/business-economy-euro/economic-recovery/recovery-and-resilience-facility/country-pages/romanias-recovery-and-resilience-plan_en (accessed on 17 January 2025).

[7] European Investment Bank (2018), Ghid Privind Implementarea Standardelor de Control Intern Managerial În Achizițiile Publice de Către Autoritățile Contractante, https://anap.gov.ro/web/wp-content/uploads/2018/03/Ghid-Control-Intern_08.02.2018.pdf.

[15] European Parliament (2022), Instruments and Tools at EU Level and Developed at Member State Level to Prevent and Tackle Fraud - ARACHNE, https://www.europarl.europa.eu/cmsdata/259102/ARACHNE%20Briefing.pdf.

[12] Government of Romania (2024), HOTĂRÂRE nr. 395 din 2 iunie 2016, https://anap.gov.ro/web/wp-content/uploads/2022/09/HOTARARE-nr.-395-2016-1.pdf (accessed on 30 August 2024).

[11] Government of Romania (2001), LEGE nr. 544 din 12 octombrie 2001, https://legislatie.just.ro/Public/DetaliiDocument/31413 (accessed on 30 August 2024).

[16] Ministry of Justice (2024), Instruction No. 5, https://www.just.ro/wp-content/uploads/2024/02/Instructiune_5_UCRI_09022024.pdf.

[5] Ministry of Justice (2021), National Anti-Corruption Strategy 2021-2025, https://sna.just.ro/en/c/sna-2021-2025.

[6] National Agency for Public Procurement (n.d.), Guides and Useful Documents, https://anap.gov.ro/web/ghiduri-documente-utile/ (accessed on 21 October 2024).

[8] National Integrity Agency (2024), Results of the PREVENT system in 2023, https://www.integritate.eu/Admin/Public/DWSDownload.aspx?File=%2fFiles%2fFiles%2fPrevent%2fRezultatele+sistemului+PREVENT+%26icirc%3bn+anul+2023.pdf.

[3] OECD (2023), Promoting Corruption Risk Management Methodology in Romania: Applying Behavioural Insights to Public Integrity, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/ceb6faec-en.

[2] OECD (2019), Public Procurement in Kazakhstan: Reforming for Efficiency, OECD Public Governance Reviews, OECD Publishing, Paris, https://doi.org/10.1787/c11183ae-en.

[1] OECD (2015), Recommendation of the Council on Public Procurement, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0411.

[10] Transparency International Romania (2023), Boosting Integrity in Public Procurement, https://www.transparency.org.ro/sites/default/files/pp_boosting_integrity_in_romanian_public_procurement.pdf.

[4] World Bank (2021), Report on the overall assessment of the public procurement system, http://documents1.worldbank.org/curated/en/099011924055530012/pdf/P169141169909e0a21b09b1c19edc005458.pdf.