By Laurent Colombant, Continuous Monitoring Solution Manager at SAS UK & Ireland
The traditional approach to detecting and reducing money laundering, fraud, bribery and corruption is challenging and time-consuming. It involves sending lawyers and forensic investigators around the world to interview people and seize paperwork and hard disks. The aim is twofold. First, it is important to find out what happened and to get the money back if a fraud has been committed. Second, though, it is essential to understand why and how policies and procedures were not followed, to prevent this happening in the future.
This people-based forensic investigation approach is time-consuming and expensive. It is also not necessarily accurate. Unfortunately, those involved are not always prepared to cooperate with investigators, and it can be hard to establish “facts.” Even modern forensic techniques may not be enough.
The lack of data is not the only problem with audit and fraud detection. The traditional approach is also retrospective; it relies on detecting problems after the event. A fraud may have been going on for several months, if not years, before it is detected. And that can mean that the business has already lost a considerable amount of money. There has to be a better way – one that will allow prevention and prediction, not just detection.
A better way?
Analytics offers that potential. Heavily regulated banks and insurance companies have already started to turn to data analytics to detect money laundering and terrorist financing. Anti-money laundering regulations provided the original impetus. However, organizations have now extended those techniques to fraud detection and due diligence for new customers, also referred to as “Knowing Your Customer” or KYC.
However, a recent SAS survey found that machine learning and artificial intelligence are very rarely used as fraud detection techniques by nonfinancial corporations or in the public sector. In fact, 43% of the 850 companies surveyed by SAS in 2019 still rely solely on manual controls to fight procurement fraud. And only 9% use AI techniques to do so (How Smart Analytics Can Stop Procurement Fraud). This is unfortunate, because these approaches are very helpful in identifying risky third parties such as suppliers, business partners and intermediaries, and therefore preventing fraud.
These approaches are key to predicting fraud before it happens, and not just detecting problems after the event. They enable businesses to surface anomalies for review before they make any payments or sign contracts with suppliers. Machine learning enables systems to improve automatically over time and become more efficient. It uses both structured and unstructured modelling techniques, such as clustering and link analysis, to provide highly effective flagging of potential issues.
As Alix Stuart points out in Compliance Week:
“Ferreting out fraud is never easy. For years, compliance professionals have relied on the bravery of whistleblowers, the missteps of perpetrators, and a good amount of luck to uncover wrongdoing both inside and outside their companies. “That may all be changing with the advent of the Big Data era. These days, high powered analytic tools can crunch through enormous quantities of structured and unstructured data, producing an exponentially greater set of comparisons within the data on any given afternoon than a human could in a month. As companies refine their tools and techniques, catching fraudsters may soon become more a matter of learning how to properly interrogate a computer program rather than putting gumshoes on the case.”
Regulation and analytics
It is, therefore, unsurprising to find that this data-based approach is now becoming more mainstream among regulatory agencies. The SEC and DOJ in the US, the Serious Fraud Office in the UK and Agence Française Anticorruption have moved on from relying solely on the knowledge and skills of experienced investigators to enforce their regulations, such as the Foreign Corrupt Practices Act (FCPA).
They now also apply algorithms to the data of audited companies to give them faster and better insights. Analytics also allows regulators to test the efficiency of the company’s internal controls, making fraud less likely in the future.
In 2020, we can expect to see regulators asking how compliance systems are making use of internal company data. They are likely to require better use of automation, as well as improved procedures and training.
A combined (hybrid) approach
Analytics does not remove the need for reliable procedures or well-trained staff. But it improves the monitoring of both. The combination of rules-based and analytical approaches allows businesses to define expectations and then to check performance against them. As the saying goes, trust doesn’t exclude control. Regular and ongoing checks mean that processes are less likely to be breached. They therefore help to close the door against abuse and dishonesty and make both less likely to happen.