By Greg Mason, Partner at Forensic Risk Alliance and Frances McLeod, Managing Partner at Forensic Risk Alliance.
For those not already in the know, Big Data is largely untagged file-based and unstructured data that exists in huge volumes within all companies – including banks and other financial organisations. It has the potential to provide insight into customer behaviour and help develop new highly-marketable bespoke financial products.
The problems is that, due to the unstructured nature of Big Data, banks and financial sector companies aren’t always aware of exactly what information it contains and exactly how to harness, analyse and understand it. This means not only that large quantities of potentially useful data is getting lost, but that fraud, bribery and corruption, money laundering and other white collar criminal activity may remain either very difficult to detect or, even worse, undetected because it lies buried in the morass of data.
Perhaps that is one of the most significant reasons that allegations of cultural failures continue to surface within the financial sector. One only needs to think back to the complaint by NY state Attorney General Eric Schneiderman against Barclays relating to its Dark Pool and, more recently Deutsche Bank’s agreement to pay $258 million in a settlement with New York’s financial regulator and the Federal Reserve. It was alleged that Deutsche Bank used “tricks and cunning” to allow clients from Iran, Syria and other countries to evade U.S. sanctions.
As both these examples show, any financial sector company that does not have sufficiently robust internal controls and security measures is at risk of both internal and external perpetrators leveraging the proliferation of data to their advantage in order to hide fraudulent transactions, improper payments, layering of funds and even “forge” electronic documentation in support of illicit acts.
Equally, we find that financial sector companies with systems are un-integrated or poorly integrated are unable to effectively identify compliance breaches such as the payment of bribes, procurement fraud, money laundering, etc. as they have no means of analysing the complete transaction flow or to identify anomalous or unauthorized payments.
As forensic accountants and data analysts that leverage the strong IT skills required in order to tackle large amounts of data, we frequently identify anomalous, problematic payments in our clients’ financial accounting systems. We also help our clients in the financial sector test the effectiveness of their controls by regularly monitoring high risk payments to ensure that they are appropriate, correctly authorized and supported by a full audit trail. If we are conducting a review or investigation, we rely heavily on data mining.
Data mining combines data analysis techniques with high-end technology for use within a process. The more data sources can be mined, analysed and tested, the more likely anomalies will be detected and/or alerts raised. Further, we find that companies that take an holistic approach and are able to integrate and consistently test and analyse data from systems across geography, business unit, etc. can identify schemes (even if they are cross-border) more quickly and effectively.
Data forensics is also part of our arsenal in the detection of illicit activity that might be hidden within sets of Big Data. Fraud inherently requires efforts at concealment, so detection may require a discreet collection of data belonging to the potential perpetrator, for example where the corporate suspects the theft of commercially sensitive data, collusion or misappropriation of funds. Frequently, when we find a problematic transaction or series of transactions we will leverage our data forensics skills to identify the relevant sources of data, such as email or instant messaging, in support of the investigation.
FRA’s Top Four Best Practices for Implementing Big Data for Fraud Prevention in the Financial Sector
- We recommend starting with small and specific uses for big data. For example, identify one or two business problems or risk areas that can be resolved by improving fraud detection, and create a task force comprised of compliance, legal, IT and business unit representatives to devise an outcome based plan. Get senior level buy in – this is part of a risk management strategy.
- It is critical to ensure that the company is working with high quality data. Impress upon your team (and external consultants, as necessary) the need to ensure the proper data is being collected and the signal is separated from the noise to allow for effective, meaningful data analysis.
Assess and plan for the relevant regulatory environment. It is critical to understand the boundaries for using customer data and the relevant privacy laws. Obtain legal and other expert advice on this area and acknowledge the added complexity for companies that operate globally, particularly in Europe. This will, in our opinion be a, if not the, major challenge.
Finally, we would stress that in our opinion this technology will be most effective if used by experienced forensic accountants, data analysts and both internal and external compliance and security professionals as part of a strategic approach to this aspect of risk management. In our experience over reliance on IT solutions without sufficient human expertise and analysis may lead to at best too many false positives (and a diversion of valuable resource to resolve them) and at worst missed inappropriate activity.
Until such a thorough read-across is undertaken and remediation and monitoring is implemented, we believe the next set of headlines reporting on the next major financial sector investigation remains inevitable.