Partner, Forensic Services
Economic crime has become increasingly sophisticated over the years. A close look reveals that the modus operandi of frauds revolves around the same theme, namely the three vertices of famous fraud triangle – opportunity, motivation and rationalisation. Moreover, it is not the modus operandi but the means used for economic crime which have evolved and are more technology-centric then before. Another element that has changed is pre-work by the fraudster, which, if not more meticulous, is certainly more informed as a result of being powered by data and technology.
Let’s take an example of one of the most common frauds – a Ponzi scheme – to understand how economic crime has changed. Named after Charles Ponzi, who used this method in the 1920s, the construct of the scheme is simple – older investors are paid profits from the funds received from newer investors, and there is no real value created by the business. In 2017, a similar fraud surfaced, but with a tech-enabled front. At 3,700 crore INR, it’s turned out to be one of India’s biggest social media Ponzi scams.
The modus operandi was this: People were made to pay to subscribe and then made to ‘like’ false links for handsome returns. They were also incentivised to add more members as subscribers. As with any Ponzi scheme, the ones at the top earned some money, while those at the middle and bottom lost a bit of their ‘investments’.
Fortunately, technology can be used to combat its own misuse. Technology-based solutions, accompanied by a diverse and highly skilled team including analysts, forensic examiners, agents, technicians and engineers who use advanced digital forensics and data-driven analytics approaches, offer protection against frauds.
In this article, we discuss how the application of technology and data-driven analytics can improve fraud-fighting capabilities, as well as how the use of big data and open source technology can help investigators. It must be noted, however, that the technologies used to extract and realise data’s value pose certain challenges of their own.
Advanced analytics are making inroads into fraud investigations, but it’s still early days. Analytics use cases tend to be ad hoc ventures, typically performed by vendors/consultants. Tools are still maturing, a state that complicates long-term planning and investments.
Thus, investigation teams that aim to elevate their fraud-fighting analytics capabilities can expect to encounter several challenges, some of which are touched upon below.
Existing technology may not be adequate: Rules-based monitoring, a commonly used approach by investigators, often produces high volumes of difficult-to-tune alerts and rules, which can consume too much of investigators’ time and efforts. Meanwhile, technologies that might align more effectively with fraud discovery are evolving rapidly, making it harder to choose a path. Investigators often end up buying tools that will be outdated far too quickly, leading to another round of spending to upgrade them. At times, investigators choose bare shell data analytics technologies which require a heavy investment of time and effort to customise/configure.
Current operating structures don’t (yet) align with the tools: Acquisition of new analytics tools is a starting point, not a goal. Deciding how investigators will use the tools requires further investment of time and resources to create use cases and data mapping. Scalability both within the organisation as well as that of tools is also an issue, as companies struggle to manage different investigations and disparate geographies. Even in the most evolved sectors, such as financial institutions, system obsolescence plagues effectiveness over time as a company makes acquisitions and changes the rules, lineage, and auto-closure.
Outsourcing can provide a specific solution. Fraud analytics solutions need to be flexible; they are often required to respond in a matter of days or weeks, as opposed to months or longer. Outsourcing can increase the cost and opacity of solution changes and general upkeep.
Investigators can benefit from technology adoption that combines various investigation components into an integrated, data-driven fraud investigation solution.
Data management: The core functionality while adopting technology includes the architecture, protection and policies associated with maintaining an organisation’s data. As fraud leads are often found in the details, a data management solution is critical to ensuring that adequate and accurate data is readily available for investigation. For instance, data extraction adapters (e.g. a SAP integration adapter) can be used to extract data from an ERP system in a structured way. Banking data can also be standardised by adopting tools such as ReconArt and Cashbook to import and reconcile bank statements.
Data and text mining: The core functionality during technology adoption should include anomaly or outlier detection; advanced analytics to find similarities based on known instances of fraud; and text mining and analysis, often leveraging unstructured data discovery.
Data quality and data assessment: This can be performed through adoption of open source technologies such as Python and R. Available libraries such as the ‘pydqc’ Python library can be used for data-profiling tasks such as quantile statistics, descriptive statistics and correlations.
Case management is useful to detect suspicious activity over a prolonged period, possibly revealing behaviours and patterns.
Robotic process automation (RPA) can serve as an efficient engine to gain access to unstructured and ad hoc non-digital data. Data inputs from hard copy/scanned documents can be critical information for an investigator. RPA adoption can also help investigators in document review, suspect profiling, and elements of third-party due diligence.
Data analysis: Once data standardisation is in place, big data analytics can be applied to analyse all available data to understand fraud patterns and target resources most efficiently.
The exponential changes to human communication, both in medium and form, underscore the need for stretching the boundaries of forensic intelligence. It should include not just traditional and social media and regulatory and legal requirements but also metadata, user-created documents, audiovisual data, transcripts, chatter and more.
Given the latest advancements in data-driven analytics, this set of data can be highly useful to automatically categorise content, generate keywords and topics, manage semantic terms, unearth sentiment and put all that in context.
By applying Python libraries such as NLTK, TextBlob and spaCy, natural language processing (NLP) text analytics can be performed to handle a wide range of tasks such as part-of-speech (POS) tagging, sentiment analysis, and document classification.
Investigators should consider the following aspects while choosing a technology platform:
Search and discovery feature:
Knowledge/alert and intelligent case management:
Entity analytics and resolution:
Companies should adopt technology that helps them in making their counter-fraud response comprehensive and effective. They should base their choice on the six fundamental pillars of organisational change:
Culture – creating a culture that beats fraud and corruption
Capability – ensuring that the range of counter-fraud measures or benchmarks is appropriate to the range of fraud risks
Capacity – deploying the right level of resources to deal with the level of fraud risk
Competence – making sure that the team has the right skills and standards
Communication – raising awareness, deterring fraudsters, sharing information, celebrating successes
Collaboration – working together across internal and external boundaries and leveraging the knowledge of colleagues, other local authorities and SMEs to speed up the investigation