In 2014, the World Bank's Board of Governors approved a $400 million fast-track financing package for the West African Ebola response. The Inter-American Development Bank, the African Development Bank, and bilateral donors from the US, UK, EU, and Gulf states followed with commitments that brought the total pledged response to over $3.4 billion within four months of the WHO's emergency declaration. The speed was necessary — the 2014–2016 outbreak in Guinea, Sierra Leone, and Liberia killed more than 11,000 people, overwhelmed health systems that were already operating at the margins, and threatened to spread into densely-populated urban corridors that would have been almost impossible to contain.
That same speed created ideal conditions for financial crime. Emergency procurement processes bypassed normal competitive tendering. Oversight mechanisms designed for steady-state aid flows were not calibrated for the volume and velocity of emergency disbursement. Intermediary entities — logistics companies, medical supply distributors, community health contractors — were engaged without standard due diligence because the alternative was delayed response. And the governments receiving the funds were, in several cases, functioning under severe institutional stress, with public finance management systems that were already fragile before the outbreak began.
The financial crime risks associated with disease outbreaks are not a secondary or incidental concern — they are a predictable consequence of the structural conditions that emergency response creates. Understanding who benefits financially from an outbreak like Ebola, and through what mechanisms, is a prerequisite for building the compliance frameworks that currently do not exist at adequate scale.
The Beneficiary Landscape
Framing the question as "who benefits" requires distinguishing between two categories of financial benefit: legitimate commercial and public health benefit — the pharmaceutical companies that accelerate vaccine development, the logistics firms that deploy supply chains, the health workers who are paid — and illegitimate benefit captured through financial crime. Both are real. The second is the subject of this analysis, but it cannot be understood without mapping the first, because illegitimate benefit almost always exploits the commercial structures through which legitimate benefit flows.
The primary categories of financial beneficiary in a major Ebola outbreak are: pharmaceutical and biotech companies holding or developing relevant vaccines and treatments; medical supply and personal protective equipment manufacturers and distributors; logistics and humanitarian aid contractors; national government officials with discretionary authority over emergency funds; international organisation staff with procurement authority; and, increasingly, actors exploiting the information environment around outbreaks for financial or political gain. Each category presents distinct financial crime risks.
Pharmaceutical and Biotech: The Vaccine Economy
The development of effective Ebola vaccines — rVSV-ZEBOV (Ervebo), approved by the FDA in 2019, and the two-dose regimen developed by Janssen — represents a genuine scientific achievement that emerged directly from the pressure created by the 2014–2016 outbreak. Merck, Johnson and Johnson, and several research partners invested substantially in development work that produced tools that have demonstrably saved lives in subsequent outbreaks. That commercial and public health benefit is real and should be acknowledged.
The financial structures through which vaccines are procured and distributed in emergency contexts are, however, significantly less transparent than the development process. When GAVI, the Coalition for Epidemic Preparedness Innovations (CEPI), or bilateral government donors procure vaccines for emergency use, those procurement decisions are made under time pressure, often involve advance purchase commitments that lock in pricing before efficacy data is fully established, and are documented in contracts that are frequently not subject to public disclosure requirements. The pricing of emergency vaccine procurement — how the unit cost is set, what margin the manufacturer retains, how advance purchase premiums are calculated — is determined through closed negotiations between well-resourced institutional counterparties with significant information asymmetries.
This does not mean that vaccine procurement is corrupt. In most cases it is not. But the structural conditions — closed pricing, advance commitments, limited public transparency, significant public funds at stake — create opportunities for the kind of rent extraction that, in other public procurement contexts, would be classified as corruption risk. The distance between aggressive legitimate pricing strategy and procurement corruption is shorter in emergency contexts than in normal commercial ones, and the oversight mechanisms that would detect movement across that line are weaker.
The market for diagnostics and ancillary medical products presents sharper risks. Rapid diagnostic tests, PPE, clinical monitoring equipment, and pharmaceuticals used in outbreak response are procured at scale through emergency channels from a global supply chain that is specifically characterised by opacity, intermediary concentration, and limited regulation. The COVID-19 pandemic documented at extraordinary scale what the Ebola response literature had identified at smaller scale: emergency medical supply procurement generates significant corruption risk, with PPE and diagnostic supply chains specifically showing patterns of inflated pricing through intermediary companies, fictitious supply, and diversion of procured goods into secondary markets.
The Aid Diversion Problem
Aid diversion — the capture of funds intended for humanitarian or public health purposes by officials or intermediaries who redirect them to personal enrichment — is the most thoroughly documented financial crime in outbreak response contexts. The Ebola response in Guinea, Sierra Leone, and Liberia produced documented diversion cases at national, subnational, and community health levels.
In Sierra Leone, an audit by the Auditor General's Office covering the period of peak outbreak response identified irregularities across the majority of government agencies involved in the Ebola response. The specific findings included: payments to health workers for days not worked; procurement of supplies that were never received or were received at quantities below those invoiced; per diem payments that exceeded authorised rates by significant margins; and transfer of response funds to accounts not registered in the government financial management system. The audit found not a few isolated incidents but a systemic pattern of diversion running through the institutional response.
The structural conditions that created this pattern are not specific to Sierra Leone or to the 2014 outbreak. They are predictable features of emergency response that create financial crime vulnerability whenever they occur. Emergency disbursements move through government financial management systems at higher volumes than those systems were designed to handle. Normal procurement procedures — competitive tendering, multi-level approval, independent audit — are suspended or waived in the name of operational speed. Staff who would normally process modest budgets are suddenly responsible for very large ones. And the oversight institutions — internal audit, external audit, legislative scrutiny — are either overwhelmed or, in the most severely affected jurisdictions, themselves functioning with reduced capacity because their staff are subject to the same public health emergency as everyone else.
The consequence is a procurement environment that is nearly ideal for diversion: large funds, fast movement, weak documentation, overwhelmed oversight, and emergency legal cover for procedural deviations that would normally require explanation.
The Intermediary Economy
Between the international donors who pledge emergency response funds and the communities receiving services, there is typically a chain of implementing partners and contractors whose due diligence, financial management, and accountability standards vary enormously. In a major Ebola outbreak, that chain might include: an international NGO receiving a USAID or FCDO grant; a national NGO subcontracted to implement community health activities; a local logistics company hired by the national NGO to distribute supplies; and a network of community health workers paid by the logistics company to deliver services in rural areas. At each level of this chain, oversight capacity decreases, documentation standards decline, and the opportunity for diversion increases.
The intermediary level is where some of the most significant financial crime in outbreak response occurs, precisely because it is the furthest from the donors' audit capacity and the closest to the cash. Per diem payments to community health workers — in-person cash payments, often the only practicable distribution mechanism in areas without banking infrastructure — are almost impossible to audit retrospectively. A roster of 500 community health workers paid $30 per day across a six-month response can represent significant total disbursement, and the verification of whether those workers actually received those payments, or whether the roster contains fictitious entries controlled by the contracting official, requires field presence that most implementing partners do not have at the scale the verification would require.
The problem is compounded by the political economy of emergency contracting. In-country logistics and service delivery contracts in outbreak-affected countries are typically awarded to a small number of firms with pre-existing relationships with health ministry officials. Competitive tendering for emergency contracts is legally waived in most jurisdictions. The practical result is that emergency contracts go to the companies with the best ministerial relationships, not necessarily the best operational capacity — and those ministerial relationships are maintained, in some cases, through arrangements that would constitute bribery in normal commercial contexts but are normalised within the emergency contracting environment.
Information Asymmetry and Financial Manipulation
A category of financial benefit from outbreaks that receives relatively little AML attention, but that has become increasingly significant, is the exploitation of information asymmetries created by outbreak dynamics for market manipulation and financial fraud.
The COVID-19 pandemic provided an extreme example of a pattern that exists at smaller scale in every significant outbreak: the announcement of outbreak-related developments — vaccine efficacy data, regulatory approvals, new outbreak sites, international response decisions — moves equity prices in the pharmaceutical, diagnostics, logistics, and insurance sectors before that information is publicly disclosed. Individuals with advance access to material outbreak information through their positions in international health organisations, government ministries, or regulatory bodies have both the opportunity and, evidently in documented cases, the motivation to trade on that information.
The same dynamic applies to commodity markets touched by outbreaks. Major Ebola outbreaks in West and Central Africa have coincided with disruptions to agricultural commodity exports — not because the outbreaks themselves damage crops, but because response measures create border closures, movement restrictions, and labour disruptions that affect harvest and export logistics. An actor with early intelligence on outbreak trajectory and likely response measures can take commodity positions that benefit from those disruptions. The connection between outbreak intelligence and commodity market behaviour is not well-monitored by financial regulators, and the jurisdictions where the relevant information originates — health ministries, WHO regional offices, national public health institutes — are not typically within the scope of financial market surveillance.
At the retail fraud level, disease outbreaks generate predictable waves of charitable fraud — fictitious collection entities that direct donations to personal accounts, false representation of NGO affiliation, and investment fraud premised on supposed vaccine or treatment development breakthroughs. These schemes are well-documented in the COVID context and follow patterns established in Ebola, SARS, and H1N1 responses. They are not structurally sophisticated, but they move significant volumes in aggregate and affect a population of victims — typically the general public responding to humanitarian appeals — who have no obvious means of conducting due diligence on the entities they are donating to.
The PEP Risk Dimension
Ebola outbreaks have occurred predominantly in Central and West Africa — specifically in the DRC, Guinea, Sierra Leone, Liberia, and Uganda. These jurisdictions share several relevant characteristics from an AML risk perspective: high FATF/FATF-style body risk ratings, significant concentrations of politically exposed persons in positions with discretionary authority over public funds, weak public financial management systems, and limited capacity for forensic accounting and corruption enforcement.
For financial institutions processing transactions related to outbreak response in these jurisdictions, PEP risk is not a secondary concern — it is the primary risk vector. The most significant diversion of outbreak response funds has consistently involved government officials with PEP status: health ministers, deputy ministers, procurement directors, and senior civil servants who are definitionally PEPs under FATF standards and who require enhanced due diligence from any financial institution that banks them or processes transactions on their behalf.
The challenge for compliance teams is that PEP risk in outbreak response contexts presents differently from PEP risk in normal commercial banking. The typical narrative is not a large individual transaction that triggers a manual review. It is a pattern: a health ministry official whose personal account begins receiving regular transfers from companies that have recently received government health procurement contracts; a company registered shortly before the outbreak that receives multiple large procurement payments and transfers the proceeds to an offshore account beneficially owned by a minister's family member; a logistics contractor whose invoice values escalate sharply after the emergency procurement waiver is issued. These patterns require behavioural transaction monitoring calibrated to the outbreak response context, not just static PEP screening at account opening.
International Organisation Procurement and the Accountability Gap
International organisations — the WHO, UNICEF, UNDP, WFP, and the various UN specialised agencies involved in health emergency response — manage substantial procurement budgets during major outbreaks, and their accountability frameworks for that procurement are generally more robust than those of the affected governments. However, they are not immune to financial crime risk, and the accountability gap between their formal standards and their operational practice is relevant to financial institutions processing their transactions.
The United Nations Board of Auditors and the UN Office of Internal Oversight Services have documented procurement irregularities in humanitarian operations including outbreak responses across multiple years. Findings have included: single-source procurement without adequate justification; inadequate supplier due diligence; payments to vendors who did not meet stated qualification requirements; and, in isolated but documented cases, collusion between procurement staff and vendors. The UN system's accountability framework — internal audit, external audit, investigation mechanisms — is designed to detect and address these problems, but it operates on a cycle that is significantly slower than the procurement decisions it is auditing.
For financial institutions, the UN system's institutional complexity creates a due diligence challenge. The WHO, for example, processes payments through financial institutions across dozens of jurisdictions. Those payments may be to member state government accounts, to international NGO implementing partners, to commercial contractors, or to individual consultants. The volume and diversity of WHO payment flows, combined with the institutional complexity of the procurement arrangements behind them, means that a financial institution processing WHO-related transactions cannot practically conduct full due diligence on every payee — yet the population of payees includes entities with significant financial crime risk profiles.
Cryptocurrencies and Digital Assets in Outbreak Response
Since the COVID-19 pandemic, cryptocurrency and digital asset channels have become an increasingly significant vector for both legitimate and fraudulent donations in outbreak responses. Legitimate humanitarian organisations have expanded their capacity to accept cryptocurrency donations. Fraudulent charity schemes have exploited the same channels, with significantly lower barriers to entry and significantly greater difficulty in recovering diverted funds.
The charity fraud risk in outbreak contexts is well understood. Less well understood — and more consequential for institutional compliance teams — is the use of cryptocurrency rails to process procurement and aid disbursement payments in jurisdictions where formal banking infrastructure is severely constrained. Several outbreak response implementing partners, particularly those operating in eastern DRC where banking infrastructure has been repeatedly disrupted by conflict, have explored mobile money and cryptocurrency-adjacent payment systems as alternatives to cash disbursement for community health worker payments. These systems reduce the physical security risk of cash distribution but create new AML challenges: the transaction trails are less auditable than bank transfers, the regulatory framework is in most cases non-existent at the local level, and the capacity for retrospective forensic analysis of suspected diversion is limited.
Red Flags for Compliance Teams
Financial institutions processing transactions related to outbreak response — whether they bank governments in affected countries, international implementing partners, medical supply companies, or the personal accounts of senior health officials — should maintain outbreak-specific typology awareness during and after major public health emergencies.
- Newly-incorporated companies receiving large health procurement payments: Entities registered shortly before or during an outbreak that receive significant payments from health ministry or emergency response fund accounts, and that cannot demonstrate operational capacity to deliver the contracted goods or services, are a primary indicator of shell company procurement fraud.
- PEP-connected accounts receiving transfers from procurement contractors: Transfers from companies receiving outbreak-related procurement contracts to accounts beneficially owned by or connected to government officials with procurement authority — whether directly or through immediate family members — warrant immediate SAR consideration and enhanced due diligence.
- Rapid asset acquisition by health officials during outbreak periods: PEPs in health ministry or emergency response roles who acquire significant assets — real estate, vehicles, foreign bank accounts — during or shortly after an outbreak response period, with no credible source of wealth explanation, present a clear diversion indicator.
- Procurement payment patterns inconsistent with goods or services volumes: Invoice values that are significantly inflated relative to market rates for the goods or services described, or payment patterns that do not correspond to realistic delivery schedules for the contracted items, suggest fictitious or inflated procurement.
- Emergency fund flows through non-registered or recently-registered entities: Government emergency response funds that flow through entities not registered in the government's contractor or supplier register, or through entities registered after the procurement decision, suggest off-system procurement designed to avoid normal oversight.
- Pharmaceutical or diagnostic companies receiving advance purchase payments from unusual government counterparties: Payments to medical supply companies from government accounts in outbreak-affected countries where the supplier has no documented history of supplying that government, particularly where the payment terms are unusually favourable to the supplier, warrant enhanced due diligence on the beneficial ownership of both parties.
- Securities trades in pharmaceutical or medical supply sectors preceding outbreak-related announcements: Trading in the securities of companies with material exposure to outbreak-related developments — vaccine manufacturers, PPE suppliers, diagnostics companies — in the period preceding material public announcements involving the relevant company, particularly by accounts with connections to health organisations or government health ministries, is a potential insider trading indicator.
- Charitable collection accounts with limited or no NGO registration credentials: Donation collection entities operating during an outbreak that cannot demonstrate registration with a charity regulator, have been registered recently, and are receiving significant inflows from the general public, warrant SAR consideration on the charitable fraud typology.
Building Outbreak-Responsive AML Frameworks
The financial crime risks of outbreak response are predictable — they follow from structural conditions that repeat across outbreaks and jurisdictions. The enforcement literature on aid diversion, the UNODC typology reports on corruption in humanitarian response, and the audit findings of the UN system and bilateral donors have documented these patterns consistently enough that the underlying risk architecture is well understood. What has not kept pace is the AML framework at the financial institution level.
Banks and payment processors serving governments in outbreak-prone jurisdictions, international implementing partners, and medical supply chains need outbreak-specific risk assessment components that are activated when a relevant public health emergency is declared. Those components should include: enhanced PEP monitoring for health ministry officials in affected countries, procurement payment monitoring calibrated to the emergency contracting context, and heightened scrutiny of newly-incorporated entities in affected jurisdictions receiving large payments from government or international organisation accounts.
The FATF typologies on corruption in public procurement — which are directly applicable to outbreak response contexts — provide a well-documented basis for this work. What is required is not new analytical insight but the operational translation of existing typology knowledge into monitoring parameters and EDD processes that are deployed systematically rather than reactively.
amlx.io monitors AML developments across sectors including public procurement, aid finance, and pharmaceutical supply chains. For compliance teams who need current intelligence on PEP risk in outbreak-affected jurisdictions or who are assessing their exposure to outbreak-related procurement flows, it provides real-time aggregation of the enforcement, regulatory, and typology developments that inform outbreak-responsive risk management.
If your institution has exposure to governments, international organisations, or commercial sectors involved in outbreak response — and you want to assess whether your current controls reflect the financial crime risks the enforcement record documents — the Four CCCC team works with financial institutions on sector-specific AML frameworks including public sector and humanitarian finance. The question of who benefits from an outbreak does not have a simple answer. The question of whether your institution's controls are adequate to the risks those beneficiaries create does — and building those controls is entirely achievable with the right framework.