- Security TWENTY
- Women in Security
How can different information sources and risk profiles be used to reduce threats of internal and collusive frauds? Richard Kusnierz, pictured, explains how the data analytics could identify the exploitation of poor internal controls to disguise collusive and fraudulent activities.
He suggests that organisations could make better use of internal data sources to productively compare such information against a range of open source intelligence (“OSINT”) to detect worrying relationships. The identification of such “red flags” was based on the comparisons of “watch lists” which are updated periodically against information held in core systems. Such correlations may be considered to be examples of “static fraud profiling”. Static profiling is only a small part of how information, both internal and external, can be used to detect, investigate and prevent fraud. In this article, Richard explores the concept of Advanced Investigative Data Analytics and how dynamic data could be included in fraud detection strategies.
Advanced Investigative Data Analytics
Much is being written about how “Big Data” can be used to add value to an organisation by uncovering hidden nuggets of information. The three main facets of big data: Variety, Volume and Velocity have been well documented within a marketing or retail environment to enable organisations to react to changing circumstances and maximise their sales by focusing on specific customer segments. Such big data applications identify how large populations may react to changes in the sales environment. The challenge in using these big data concepts is in the identification of an infinitely small data set, one or two individuals or organisations affecting a much larger population, for example the recent Libor and Forex scandals which have recently been exposed where a relatively small number of traders were able to move the market.
The concept of using Big Data to identify fraud, malpractice or breaches in financial regulations should be expanded outside the confines of structured and unstructured “data” to encompass information in all its forms and locations. The challenge for a counter fraud practitioner is to take all of this information and distil it into “Actionable Intelligence”, a concept which may be referred to as “Advanced Investigative Data Analytics”. In addition to identifying static fraud and risk profiles the practitioner needs to consider how a changing pattern of transactions differs from a norm and develop dynamic profiles.
One easy way of considering a dynamic profile is to consider the way an organisation is invoiced by its suppliers and understand “normal” transaction patterns.
Advanced Investigative Data Analytics makes use of the entire spectrum of information; not just structured computer data held in primary financial systems but unstructured data held in secondary support systems and unstructured information held in end-user maintained lists and spreadsheets. Add to this mix the wealth of information freely available in the social media “twittersphere” and Information Analytics really comes into its own.
Construction and procurement frauds
Wandering around London you will be hard pressed to find an area that is not being demolished and rebuilt. London has multi-billion pound ten-year construction projects underway in Nine Elms on the South Bank and regeneration projects such as Battersea Power Station and New Covent Garden Market. All of these will be at risk of fraud, corruption and collusion. Such is the scale of work that many construction companies have their order books filled until well beyond 2017 and they face a real dilemma with regards to invitations to tender. If they refuse to respond or state that they are too busy they may not be included in the next major construction project at a time when they need the work. As a consequence they may “bid to fail” by inflating the cost of materials or services, with the effect that all the bidders are increasing prices, not because raw costs have increased but because the construction industry is a relatively collegiate environment with companies and sub-contractors bidding against each other on one project and then forming consortia for other major bids. Everyone knows everyone, and the directors may meet in the relative privacy of their clubs to discuss ongoing work. While an electrical estimator may have been pricing a project with a conservative 5pc contingency on materials this is now 17pc upwards. But is this cause for concern in a market driven economy?
If a supplier prices an electrical refit to include 1 kilometre of cable but supplies only 800 metres and charges for a kilometre then deception takes place. If the cable has to meet a particular specification and is priced per metre and a lower grade is provided then again deception is involved. However, if the price is inflated by a 25 per cent plus mark-up in the hope that the bid will be rejected but it is still accepted then has there been any element of deception? If the company accepts the tender it falls under the principle of “Caveat Emptor”, buyer beware. However if the procurement director of the organisation requesting the bid has “given the nod” to such a mark-up then collusion and fraud may have taken place even if the procurement director has received no personal financial gain, his organisation will have suffered a financial loss and if proved, a criminal act will have happened.
In such conditions the use of Advanced Investigative Data Analytics to harvest and analyse information from multiple disparate sources is the only realistic way to uncover potential problems. Most fraud surveys conducted by the ‘big four’ accounting firms and industry bodies such as the Fraud Advisory Panel in the UK or the Association of Certified Fraud Examiners in the USA estimate that over 42pc of frauds are discovered not by proactive routines but by using whistle blowing help lines or by accident. In the procurement example mentioned above there are a range of investigative analytic routines taking information, not just raw data from corporate silos, which can be proactively used to identify whether the organisation is at risk from collusive tendering practices and fraud. These can include:
• Recording dynamic transactional information relating to past unsuccessful tenders. Unfortunately many organisations only systematically record the details of the successful bidder and their pricing and specifications. The details of the unsuccessful bidders may be retained in the procurement file but may never be entered into any corporate system thus making it much more difficult to compare pricing. Such information would allow a company to perform a historical “Win/Loss analysis” which would identify potential collusion and cartel type activities;
• Comparing information against external data and potential watch lists maintained by, but not limited to:
o Competition and Markets Authority which investigates criminal cartels in the building and construction industry;
o The World Bank maintains a register of individuals and organisations who have been banned from applying for construction aid programmes due to fraud and malpractice;
o Construction industry pricing indices
• Employees may move from employment with a client to the provision of services as a supplier, with all the knowledge and understanding of the in-house tendering practices and financial authority limits, not to mention existing relationships. If such “ex-employees” exist in new suppliers care should be taken to ensure that any negotiations are treated at “arm’s length”
• Many organisations maintain hospitality registers and details of outside interests , but very few use this information as part of a corporate due diligence and proactive collusion detection programme;
• Secondary or even tertiary data and information sources such as call logging, analysis of email traffic and even visitors logs should be considered to identify any spikes in activity prior to the issue of major invitations to tender. A review of expense claims by procurement employees may indicate a higher than expected number of visits to a specific supplier;
• The use of social media, “tweets” posted by frustrated and disgruntled employees and honest suppliers is emerging as a more vocal mechanism than the annual supplier surveys, staff suggestion schemes or whistle blowing hot lines.
If one adds to this information the traditional counter fraud profile and data matching routines then the success rate for detecting potential collusive construction and cartel activities is greatly enhanced.
About the author:
Richard Kusnierz has been involved in designing and implementing proactive detection and investigation data analytics for over 20 years. In addition to software development he has assisted blue chip firms world-wide in civil and criminal investigations using investigative data analytics. He recently joined Haymarket Risk Management Limited, a corporate fraud investigation company based in the City.