International Fraud Week is here!
We at SAS have marked the International Fraud Week by going on a Nordic road show throughout this month discussing Risk Based Controls in Government. And it is really a pleasure to be involved with these seminars. A living debate between speakers and participants on various aspects of the subject has been the general picture.
Having addressed the issue specifically in the Nordic countries I cannot help noticing a couple of specific challenges that our customers seem to have in common in our region.
Data to perform analytics
First and foremost the challenge of creating an analytical data layer to perform an efficient and automatized compliance and regulation environment. Typically, data is optimized to support production tasks as opposed to analytics. Data needs to be organized so that there can be performed time series analyses. Also the silos that are typically found in the organization needs to be broken down, so it is possible to get an enterprise view of how a citizen or a company – let’s call them a customer – behaves across the authority. It is compelling to have one common view on data entities, in order to risk assess the customer in question. If it is possible, subject to legal constraints, this even applies to sharing data between authorities. This represents one important challenge we have in our region – the data environment is often subject to change so the solution needs to be very dynamic and easy to adjust.
Risk behavior is not just one thing
Risk based controls are not limited to cope with deliberate, organized fraud from the customers side. The discipline is a complex ranging from the accidently erroneous application for a benefit, due to complicated rules that are misunderstood, through the more opportunistic “out of sight, out of mind” approach with some customers that on the other hand pays when they are met with a claim – and all the way to the international organized criminal organizations that have professionalized the harvesting of resources from the public sector.
When we help our customers building enterprise risk based control solutions, we often find that there is already established a risk model. Typically this is based on an early version of business rules and standard reports showing specific key performance indicators on a specific partition of the population. It is rarely taken into consideration which behavior the customers are performing or what you would assume, would be their next action. But actually, exactly because there are different motives, it is also necessary to work with a variety of different types of analyses to get it right.
You easily find the traditional and well known improper applications by the help from the experts’ business rules. They have seen the errors happen many times before in previous years and can easily identify these. But as the intention becomes more and more targeted on non-compliance, it becomes equally more difficult to differentiate between the improper payment and the proper one. Deliberate fraudsters will attempt to camouflage themselves as real benefit receivers. And if we are met with a professional international organization of fraudsters, they may even have done their research and learned about the business rules in order to go below the radar.
This is where advanced analytical methods as Network Analytics, text mining and predictive models and Self-learning models such as machine learning models, helps identifying change in behavior, patterns never seen before and networks of actors – e.g. strawmen – that you have no knowledge about from previous criminal activities.
Swim in information rather than drowning in data
What we do when we implement risk based control solutions, is that we provide the government sector with automated and self-training decision support. This is in fact a modernization – or in modern terms; a disruption – of the traditional risk control processes. We deliver the solution needed for the professionals to focus solely on taking the right decisions instead of spending time and effort on collecting data and creating trivial business intelligence. Introducing advanced analytics to the process along with the feedback loop, the dynamic scoring and the whole documentation of events, gives the professionals the opportunity to execute on the correct knowledge. In other words, the solution enables you to swim in properly structured information rather than to drown in the ocean of infinitely growing data.
Using a portfolio of different types of analytics gives you a solid web of fact based risk indicators to perform the optimal selection for your time consuming outgoing control visits. As time goes by and the customers change behavior, your flexible hybrid model can be re-calibrated easily, and thus continue to deliver unmatched accuracy.
You cannot create such a hybrid model – alas run it in operational mode without having established an enterprise level Compliance & Regulations environment. We are more than willing to come and share our knowledge of just that with you.
If you want to learn more about this subject, here is a White paper written by my US colleague, Greg Henderson. He is describing the Enterprise Approach in Government in more detail in a White Paper.
If you are interested in a discussion on the Nordic perspective in specific, please do reach out to me at email@example.com