The traditional approach to detecting and reducing money laundering, fraud, bribery and corruption is challenging and time-consuming. It involves sending lawyers and forensic investigators around the world to interview people and seize paperwork and hard disks. The aim is twofold. First, it is important to find out what happened and to get the money back if a fraud has been committed. Second, though, it is essential to understand why and how policies and procedures were not followed, to prevent this happening in the future.
This people-based forensic investigation approach is time-consuming and expensive. It is also not necessarily accurate. Unfortunately, those involved are not always prepared to cooperate with investigators, and it can be hard to establish "facts." Even modern forensic techniques may not be enough.
The lack of data is not the only problem with audit and fraud detection. The traditional approach is also retrospective; it relies on detecting problems after the event. A fraud may have been going on for several months, if not years, before it is detected. And that can mean that the business has already lost a considerable amount of money. There has to be a better way – one that will allow prevention and prediction, not just detection.
A better way?
Analytics offers that potential. Heavily regulated banks and insurance companies have already started to turn to data analytics to detect money laundering and terrorist financing. Anti-money laundering regulations provided the original impetus. However, organizations have now extended those techniques to fraud detection and due diligence for new customers, also referred to as "Knowing Your Customer" or KYC.
However, a recent SAS survey found that machine learning and artificial intelligence are very rarely used as fraud detection techniques by nonfinancial corporations or in the public sector. In fact, 43% of the 850 companies surveyed by SAS in 2019 still rely solely on manual controls to fight procurement fraud. And only 9% use AI techniques to do so (How Smart Analytics Can Stop Procurement Fraud). This is unfortunate, because these approaches are very helpful in identifying risky third parties such as suppliers, business partners and intermediaries, and therefore preventing fraud.
These approaches are key to predicting fraud before it happens, and not just detecting problems after the event. They enable businesses to surface anomalies for review before they make any payments or sign contracts with suppliers. Machine learning enables systems to improve automatically over time and become more efficient. It uses both structured and unstructured modelling techniques, such as clustering and link analysis, to provide highly effective flagging of potential issues.
Another perspective
As Alix Stuart points out in Compliance Week:
Regulation and analytics
It is, therefore, unsurprising to find that this data-based approach is now becoming more mainstream among regulatory agencies. The SEC and DOJ in the US, the Serious Fraud Office in the UK and Agence Française Anticorruption have moved on from relying solely on the knowledge and skills of experienced investigators to enforce their regulations, such as the Foreign Corrupt Practices Act (FCPA).
They now also apply algorithms to the data of audited companies to give them faster and better insights. Analytics also allows regulators to test the efficiency of the company’s internal controls, making fraud less likely in the future.
In 2020, we can expect to see regulators asking how compliance systems are making use of internal company data. They are likely to require better use of automation, as well as improved procedures and training.
A combined (hybrid) approach
Analytics does not remove the need for reliable procedures or well-trained staff. But it improves the monitoring of both. The combination of rules-based and analytical approaches allows businesses to define expectations and then to check performance against them. As the saying goes, trust doesn’t exclude control. Regular and ongoing checks mean that processes are less likely to be breached. They therefore help to close the door against abuse and dishonesty and make both less likely to happen.
To read more about how an integrity-based approach, combining typical controls and processes with continuous monitoring, can help early detection and correction, check out the paper Procurement Integrity Powered by Continuous Monitoring.