What is product diversion?

Those who follow my blog will know that diversion is something I wrote about reasonably often. The reason for this is simple – diversion has a multiplier effect on the business supply chain. It doesn’t just result in a financial loss like theft does, but it also impacts the profitability and engagement of your distributors, the integrity of your channels (in terms of being able to control who sells your product, the quality and integrity of that product, and at what price), and consumer satisfaction in terms of brand perception, warranty coverage and customer service.

How does product diversion occur?

I started researching diversion more generally before Oliver May and I wrote our book ‘Terrorist Diversion’ for the non-profit sector. Unfortunately diversion happens everywhere in business, but the way it happens differs by industry and product. One challenge with diversion is that it can be hard to grasp how it actually happens – diversion is part theft, part fraud, and part breach of contract. To illustrate, when I discuss product diversion with clients, there are six main risks I start with, as follows:

1. Expired, defective or out-of-specification (non-conforming) product is diverted from destruction or reverse supply chains and sold as conforming (on-specification) product
2. Product authorised for sale in one market (e.g. Country X) is actually sold in another, unauthorised market (e.g. Country Y) in breach of contractual obligations between distributors / end users and the manufacturer
3. Product is stolen from the distribution or supply chain and diverted (sold)
4. Product is acquired, repackaged and on-sold by a third party or unrelated party
5. Product sold by a manufacturer for non-domestic use is subsequently sold or re-imported for sale / use domestically in that country
6. On-specification (conforming) product is produced by an authorised manufacture (i.e. a third party) without permission from the Intellectual Property Rights Holder, through practices such as overproduction (see my previous article on Shadow Manufacturing), with that excess conforming product being sold without approval

---

In my previous article on Typologies, I mentioned the importance of getting to what I typically call “level 3 risks” – effectively drilling down to three levels of detail that describes how and where each diversion risk may arise in relation to factors such as your business’s organisational structure, channels, products.

Whilst I won’t be publishing them here due to length, I’ve identified over 25 different ‘Level 3 diversion risks’ at the time of writing. Each of these risks materialises in a different place in the supply chain and has different actors, demonstrating the breadth and complexity of this issue. If your business is experiencing product diversion issues, only focusing on a discreet element of diversion may not solve your broader problem.

If you are concerned about product diversion in your supply chain, you may want to start with my risk taxonomy and customise it to your business. Remember not every risk will apply in your situation, but it is important to understand how and where diversion can occur in your business.

Who perpetrates product diversion?

Product Diversion is predominately a ‘trusted insider risk‘ perpetrated by someone within your organisation or supply chain who has privileged access to your products, processes and information. There are two exceptions to this, one being the involvement of buyers (end users) who purchase conforming product in bulk for unauthorised resale, and the second being criminals who perpetrate cargo or warehouse theft to resell stolen product on the commercial market. Perpetrators of product diversion typically include:

• Employees
• Contractors
• Business Partners
• Suppliers and Service Providers (e.g. reverse logistics, repackaging companies)
• Organised Crime (warehouse and cargo theft)
• Unauthorised End Users (see my previous article on the importance of End User Verification)
• Contract Manufacturers

In some cases, collusion between one or more groups will occur, as well as criminal infiltration between external organised crime and trusted insiders. Trying to perpetrate larger scale or ongoing product diversion as an individual may be challenging and lead to early discovery. In this case, networks such as organised fraud sydndicates tend to emerge.

Where does product diversion arise in your supply chain?

As with any crime, we always talk about means, motive and opportunity as three legs of the crime triangle. Without all three elements, crime is unlikely to occur. From my work, I have identified for main ‘motives’ which should be considered alongside the product diversion risk taxonomy I presented above:

• Steal for self: where a trusted insider diverts the product for their personal use (this is typically small-scale or opportunistic, and commonly falls under the definition of ‘theft’ or ‘occupational fraud’ as opposed to product diverison, which is generally larger in scale and more organised)
• Steal for sale: where a trusted insider with legitimate access to the product (including employees of third parties such as suppliers) diverts the product in a higher quantities for commercial sale
• Buy for resale: where a fake end user purchases product, potentially at a discount, for resale in one or more Territories (countries / regions)
• Buy then dispose: where a legitimate end user purchases product then resells / disposes of product to liquidation firm (such as a retailer who purchases stock but is unable to sell that stock within an acceptable period)

If you are are responsible for managing these risks in your organisation, remember that some positions in your organisation will provide greater access and / or opportunity to perpetrate diversion than others. For the purposes of your security or insider threat management program, you need to consider these High Risk Roles.

High Risk Roles are those positions in your organisation (or in your supplier or business partners’ organisation) that confer privileged or unsupervised access to your critical assets – in the case of diversion, this could be a warehouse manager or team managing reverse logistics and destruction of expired or non-confirming product. My article on High Risk Roles provides more information here.

Key areas where product diversion can occur include:

• Warehouses
• Distributors
• Wholesalers
• Retailers
• Factories
• Contract Manufacturing Organisations
• Third Party Logistics companies
• Liquidation companies
• Repackaging companies
• Product returns companies
• End Users (e.g. for resale)
• Other resellers

As you can see, product diversion can happen anywhere in the supply chain. However, some of the product diversion risks presented in my taxonomy will only manifest in specific parts of the supply chain and / or involve specific actors. This needs to be considered in any risk assessment and treatment plans.

Conclusion

As you can see, product diversion is a complex type of fraud which requires considered thought and planning in order to mitigate. Understanding how and where risk events may materialise is important, as is understanding the perpetrator and their motives. Access to data, and use of data analytics and intelligence is critical to mitigating your organisation’s risk to within your risk appetite.

Further Reading

• Curwell, P. (2021). End User Verification
• Curwell, P. (2021). Magazine article – “Supply Chain Integrity: Detecting Product Diversion”
• Curwell, P. (2022). Theft of fuel from HMS Bulwark – a diversion case study
• Curwell, P. (2022). Typologies demystified – what are they and why are they important?
• Curwell, P. (2022). Understanding High Risk Roles
• Curwell, P. (2022). Understanding the risk of organised crime infiltration in your business

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.