The “bait-and-switch” risk: Capability arbitrage, cost arbitrage, and access harvesting

Bottom line

Unauthorized subcontracting is not just a delivery or quality issue.

In contingent workforce programs, it can become a control, compliance and access risk when work is performed by someone who was never screened, approved, onboarded or contractually bound to the organization.

For procurement and workforce leaders, the issue is not simply whether the work gets done. It is whether the organization knows who is doing the work, who has access and who is accountable.

Executive summary

In contingent delivery, unauthorized subcontracting can sometimes appear harmless. It may be positioned as “help,” “team support” or a way to keep work moving.

But when it is undisclosed and unmanaged, it can create serious risk.

Unauthorized subcontracting may involve:

Capability arbitrage: someone other than the approved contractor performs the most complex or technical parts of the work.
Cost arbitrage: lower-cost labour is substituted without the client’s knowledge or approval.
Access harvesting: approved credentials are used to give unapproved individuals access to systems, data or client environments.

This matters because contingent workforce programs depend on clear visibility, defined accountability and controlled access. When work is passed to someone outside the approved process, the organization may lose confidence in who is performing the work, who is responsible for outcomes and who has touched sensitive systems or information.

For procurement, this is a workforce governance issue.

The risk is not subcontracting itself. Subcontracting can be legitimate when it is disclosed, governed and approved. The risk emerges when subcontracting is hidden, unmanaged and disconnected from the organization’s screening, onboarding, contractual and compliance requirements.

What it looks like

A contractor’s output appears strong, but collaboration is inconsistent.

They avoid meetings, delay live working sessions and provide completed work in batches. The manager notices that the person struggles to explain certain decisions in real time, even though the deliverables themselves appear polished.

Later, the team discovers that multiple people have been contributing behind the scenes.

The organization cannot confirm who completed the work, who accessed systems, who handled data or whether everyone involved was properly screened and approved.

At that point, the concern is no longer just delivery quality. It becomes an access, compliance and accountability issue.

Practical procurement takeaway

Procurement and workforce leaders do not need to eliminate every form of subcontracting. But they do need to define when it is allowed, how it must be disclosed and what approvals are required before work begins.

A stronger approach is to set clear expectations across the workforce program, including:

Where subcontracting is permitted and where it is not.
What disclosure and approval must happen before subcontracted work begins.
Who must be screened, onboarded and contractually bound.
How suppliers confirm who is performing the work.
What access controls apply to contingent workers and any approved support resources.
What should trigger escalation if collaboration patterns suggest undisclosed support.
How incidents are documented and reviewed across suppliers, roles and business units.

The goal is not to create unnecessary friction. The goal is to ensure that speed and flexibility do not come at the expense of visibility, compliance or control.

Start here

Start by clarifying your organization’s position on subcontracting for contingent roles.

Where is it allowed? Where is it prohibited? What must be disclosed? Who approves it? What documentation is required? And how does the organization confirm that anyone performing work has been screened, onboarded and governed under the appropriate terms?

For high-access or high-impact roles, procurement, legal, IT, security, HR, hiring managers and suppliers should align on these expectations before an engagement begins.

The standard should be clear enough that suppliers know what is acceptable, managers know what to watch for and escalation does not depend on individual judgment alone.

What’s next

Unauthorized subcontracting can create hidden risk inside otherwise legitimate workforce programs.

The right workforce partner can help organizations strengthen supplier expectations, improve visibility into who is performing the work and create a more consistent approach to compliance, onboarding and access control.

Read the full whitepaper:
Candidate Fraud in Enterprise Hiring

Cut complexity. Maximize compliance. Work with Procom

Get in touch

About the author

Simon Gray, Vice President, Workforce Solutions

With over 25 years of experience in strategic staffing, Simon leads Procom’s Workforce Solutions division to help clients hire quickly and compliantly.

Tags:

Thought Leadership

“The candidate” may not be a single person: Deepfakes, proxy interviews, and synthetic personas

The credential economy is being counterfeited. Fake company ecosystems are the new resume padding.

The migration thesis: Candidate fraud has entered the workforce supply chain