Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Simon Yarwood and Ching Liu, from Control Risks looks at how financial organisations can reduce the risks created by the explosion of data in the fight against fraud and corruption.

Fraud is changing and so too are the means required to fight it. As businesses venture into new markets and get involved with suppliers, partners and customers in unfamiliar environments, the risks of doing business are increasing. Meanwhile corruption and bribery also pose an increasing reputational and financial risk for the financial sector as the law gets tougher and public scrutiny grows.

Ching Liu
Ching Liu

The almost total reliance on technolog
y to trade is also creating vulnerabilities for many financial organisations. The exponential growth and amount of data that is generated and stored by companies’ means that the data must be organised appropriately in the event of a fraud investigation, enabling rapid retrieval and analysis.  Failure to do this will expose organisations and significantly complicate the fight against fraud and corruption.

In the event of an investigation, we are almost always presented with vast quantities of data – not just unstructured data such as emails and documents, but also database information such as accounting and banking records, communication recordings and social media interactions.  These are stored in a wide variety of locations and formats, increasingly including the ‘Cloud’.

This creates a problem for investigators because it makes it much more difficult to identify the issue quickly and anything that slows down the investigation process can be costly – both in monetary and reputational terms. When a fraud is uncovered, quickly finding its source and addressing any vulnerability in the company’s processes and systems is essential to stem the flow of losses. When it comes to shutting down a fraud, time really is money.

Bringing order to chaos

The growth of big data has had a number of profound implications for the roles of the professionals (such as lawyers, digital forensics, and forensic accountants) that are tasked to investigate major frauds. The first task is to locate the data, work out who the custodians of it are and what format it is in. Once the data mapping has been performed and the relevant sources identified, it will need to be secured in an evidential and defensible manner. It can then be analysed to quickly and efficiently focus on the key issues and to filter out any irrelevant information.

Simon Yarwood
Simon Yarwood

One consequence of this is that the role of the forensic accountant has grown in importance as has the need for forensic computing expertise. The vast quantities of data that organisations now generate can make it much more difficult, time-consuming and expensive to identify the evidence required to commence legal or disciplinary proceedings. The specialist tools available to forensic accountants and forensic computing consultants enable them to identify and focus quickly on the transactions, correspondence or other evidence, that shows exactly what occurred. Whilst doing this, the forensic accountant can also identify any weaknesses or vulnerabilities in internal systems and controls that allowed the fraud or other misconduct to take place.

The role of other professional groups in fraud investigations is also rapidly changing, in particular that of the lawyers involved. Legal professionals are now the golden thread that runs through the whole investigation from start to finish, as so much business data is now spread across a range of legal jurisdictions and data protection and privacy rules vary widely from country to country. In some it can be a criminal offence to move data beyond its borders; in others it can be illegal to recover information from employees’ devices without a court order, even if both the machine and the data it contains are the property of the company.

Consequently, legal advice is required at the outset of an investigation to ensure that it can be recovered lawfully and handled correctly to ensure its evidential integrity. Evidence gained by lawyers is usually subject to legal professional privilege, which can be important in some situations, and lawyers also have extremely useful experience of information management and handling gained from the ‘e-discovery’ process that has become an essential part of major litigation.

Preparing for the worst

All of this comes at a price, and the more professional time that needs to be allocated to a fraud investigation, the greater the cost can be. There are, however, a number of things that companies can do to ensure that any future fraud investigations can be conducted efficiently.

The first is for companies to develop a good understanding of where their information is held – and by whom – and to have a clear idea of how and where new data is generated, as well as how data is handled historically. In our experience, financial institutions generally have a good grasp of this, but the speed at which the information infrastructure financial businesses develops means that the data map needs to be redrawn regularly if it is to remain relevant.

Secondly, it is essential to have clear policies on how employees store data and what they can and cannot do with their devices. If data is to be collected efficiently in the event of an investigation, It is not only important that these policies are in place, but that employees are aware of them and have consciously agreed to them.

For multi-national businesses these policies need to comply with the data protection, privacy and employment laws of each of the jurisdictions in which they operate and in many cases will also need to consider the use of personal devices for business purposes. In latter regard, technical solutions are also available to segregate personal from business data to enable company information to be recovered without intruding on private information.

Finally, it should be recognised that data preparedness needs to be considered to be a critical part of a business’s crisis management and business resilience plans. By treating information governance as a potential ‘crisis management’ issue in this way, the reputational and financial damage of fraud and corruption can be considerably reduced.  Moreover, a happy side effect of keeping on top of your data is that good information governance will significantly reduce your exposure to fraud.

About authors

Simon Yarwood is Associate Director for Forensic accounting within the Corporate Investigations division. He provides specialist financial and accounting assistance to clients conducting internal or external investigations, or involved in complex legal disputes. [email protected]

Ching Liu is Practice Leader for Digital Forensics at Control Risks. He is a forensic specialist in many different operating systems, ranging from personal devices to business networks and mainframe architecture. Since joining Control Risks he has been involved in numerous civil and criminal cases involving computer fraud and [email protected]