Fandhy H. Siregar, Cisa, Crisc, Cgeit, Cism, Cissp, Cia, Crma, Ccsa (Works As Chief Audit Executive, An Experienced Auditor And Enthusiasts In Cybersecurity)
Combating financial crime can no longer be an acceptable cost of doing business. At the same time, financial service produces billions of data from their activities every day. Financial service institution is operating in highly regulated industry whereby protection of customer assets is essential as there are also complex compliance requirements to be adhered with. Financial products are becoming more complex which transactions were digitized as the global economy also shifted to online-based system. All of these inevitabilities are possible because of the presence of modern technology. Moreover, the availability of modern technology has enabled fraudulent techniques to become more sophisticated, however technological advances also allow better ability to detect and prevent fraud.
The old method of responding to fraud right after the fact is unsound in this new world of sophisticated financial crimes. Financial institutions are also moving to cloud computing, accelerated mobile applications and enterprise social media, which can add to the vulnerabilities. Nowadays, financial service institutions are becoming more adaptive in dealing with large volume of data. However, it is not only the reason why we call it ‘Big Data’. The amount of data isn’t necessarily that important, the ability to combine existing data from various origins with public data such as social media, websites, and blogs is what this type of solution becoming more exceptional. Analyzing the volatility of data is also an important factor to be considered in designing the capability of dealing with real-time data access.
Big data requires a multi-layered implementation approach. The big data system is made up of three tiers that include data, integration, and visualization and analytics. The latter will provide information for decision making process and can be utilized as detection control. Typically, the fraud investigation team relies on a data analyst team to perform a search on data warehouses using SQL queries that store large amounts of transaction data, customer data, and other information. Because of the size, volatility, and variety of data stored in the data warehouse, this search process can take a long time before enough evidence and sufficient in the investigation and prosecution process. The longer it takes to detect fraud, the more difficult it is to uncover the fraud, in addition, the more detrimental for the institution.
Basically, there are five essential components of effective anti-fraud program
a) Prevention: Improve internal controls to prevent fraud.
b) Detection: Predict the fraud before it occurs.
c) Responding: Applying an understanding of the latest fraud mode.
d) Investigation: Conduct intelligence fraud to look for causes and offenders.
e) Continuous Improvement: Make use of historical fraud data that has occurred for the purpose of continuous anti-fraud cycles.
In this paper, we will focus on the second component, Detection. This fraud detection system can be designed once and used many times using the data analytic tool. Given the amount of data that investigators need to filter out to find the pattern of fraud, a massive data and a viable searching system is the most feasible approach. Information sourced from the public is collected and processed through a large data framework, afterward a process of data cleansing and normalization process are conducted before distributing data to multiple data-mart/store. The processed data is also entered into the search engine. The predictive analysis system works to show the fraud indicators and proactively detects suspicious activity. Usually these red-flags or fraud indicators have been developed and coded into the predictive analysis program and executes according to pre-determined schedule to generate an exception/indication report. This report will become a source for further analysis by fraud analyst/investigator. A search-based graphical interface is also provided to researchers for analysis and documentation of evidence.
Furthermore, leveraging information from other sources such as conversation notes, email correspondences, and social media, are among the benefits of a big data approach, whereby unstructured sources are combined with official (structured) data. Identifying hidden relationships through network analysis and data correlation are further enhanced data analytic methods. Imagine that you can find a potential conflict of interest by looking at the similarity of geographical location of vendor/third-party address with you employee address.
Complex data architecture enables fraud detection efforts in financial services institutions to become more measurable, faster, and more accurate. Because the system actually processes and analyzes any existing data, fraud analysts also give more confidence to their discoveries. Indicators have been built in a continuously approach whereby a new knowledge of fraudulent activity mode will enhance the current predictive analysis program or create new indicator along the life-cycle of the fraud detection system. At this point of time, it may requires human intervention to renew or enhance the analytical program. Moreover, if it has ability to automatically learn and improve from experience without being explicitly programmed, it will allow to another milestone in building the adaptive model. The approach that is commonly known as Machine Learning with regards to fifth/last component above.
And the rise of big data analytics tools like ones which developed as open-source software such as Apache Hadoop® for massive data distribution and Apache SparkTM for massive data processing tool, or using cloud-repositories like Microsoft Azure as your infrastructure as a service (IaaS), will allow more powerful implementation of this adaptive and robust solutions in the future. Another skill to handle a programmable audit tool is also necessary while the basic ingredient of this skill set is indeed a knowledge of business acumen.
The maturity of fraud risk awareness in your institution is also a significant factor to have successful implementation. A voluntary whistleblowing system will enrich information gathering on potential misconducts and improper behaviours based on volunteer observation. Together, they will build a complete anti-fraud program and improve the chance of winning the battle against fraudulent activities.