It would be a welcome development if, at some time in the future, we didn’t need an International Fraud Awareness Week. That would mean that our job within Bottomline’s Fraud and Financial Crime team has been done so thoroughly that the financial service industry didn’t need to mark your calendars as a warning. But because the job is not yet done, I’m happy we have this week to call attention to some of the fraud issues that might fly below the radar.

One such issue is investigations. Most companies will have a Fraud Investigations Unit (FIU), and the very name sounds like a TV show that might run after CSI: Vegas. Here’s the FIU breaking down doors, cuffing employees, and interrogating the suspects of financial fraud. Of course, it’s not like that. But in my experience FIs need to know more about fraud investigations, because it helps to illustrate the inner workings of the anti-fraud technology and tactics that defend against them. And it helps to know what will be involved in case something like the following happens to you:

It’s a week before Christmas and your bank’s network is flooded with credit card purchase authorizations in all kinds of formats at all kinds of businesses. But on this day Acme Garden and Lawn Supplies is ringing up a bill at department stores, sporting goods, travel – everything except what Acme usually spends on, which is equipment and inventory. Alerts go off because the spending pattern of Acme is inconsistent and raises red flags on fraud. The cardholder is notified, the account is shut down, but now what?

The bank’s FIU kicks the investigation into gear, and there’s no police involved (yet). There are a lot of data scientists involved, and that’s where the investigation intersects with the defense systems. With the ramp-up in technology and data science over the past few years, there’s always been a plethora of information that exists inside your institution, but also outside of your institution. What I’m finding is that the institutions that can marry all of that data together are able to unlock the most actionable insights. Those insights will allow them to shift from what has typically been a reactive approach to a proactive approach to fraud.

To backtrack to Acme Garden, the fraud analytics team at the bank would generate an alert. Data science is becoming the first line of defense, and the ability to consolidate and process huge amounts of internal and external data unlocks all of the new detection capabilities. Data is a fluid asset and must be continuously ingested and analyzed regardless of its source. Then once you’re able to access the information, one must make sure it is about the relevant entity that is being investigated. That needs to be done through entity resolution. In Acme’s case, it is of paramount importance that they are making sure that the person or organization is in fact accurate before proceeding to process any subsequent money movement. Let’s say the data science team finds that it’s not. Let’s go a level deeper. Let’s use transactional history data to identify the places, people, and organizations that are within Acme’s sphere of influence. Then the analytics can kick into predictive mode, and essentially say: “We’ve seen this type of data before and when we have it has come from a partner of the company being defrauded and typically has come from an unhappy employee.” Not only does that go a long way toward a successful fraud investigation, but it also enables the bank to tell companies like Acme that this scenario is suspect, and should be monitored closely.

Now, here’s another scenario I hope never happens to you. John Smith, an insurance broker somewhere in the Midwest, making $65,000 a year, has made a $125,000 deposit in his account. The bank’s FIU gets an alert and a simple Google and social network search doesn’t show that Smith has a new job, or that he has sold anything that would approach that value. So, it doesn’t look like Smith is a criminal (yet) but he’s on the radar, meaning the data analytics have been calibrated to send an alert if his account shows any more activity that would be inconsistent with his past deposit or spending pattern.

It’s the week after the $125,000 deposit. Smith writes a check to a Los Angeles-based company called Encino Securities. Here’s where AML advances in data and technology come into play. It’s easy enough to stop payment of the check until the transaction is investigated. But the stakes are now infinitely higher. If the bank officer in charge of creating that AML program isn’t brought in immediately, or if other senior executives aren’t notified and involved the risk goes far beyond the $125,000 paid to Encino. If a bank is not in line with AML regulations the fines, personal liability, and corporate reputational damage is potentially severe. The FBI, FDIC, SEC, or any number of organizations are looking for AML as hard as you are.

Scanning technology can quickly get a better picture of John Smith as well as Encino Securities. So as part of the investigation process, you have to look for negative news scans depending on the risk score of the individual. But AML technology can employ AI and machine learning algorithms to find out who John Smith is based on metadata. Are we looking at the right John Smith? Has he opened a new business? Invested in foreign securities? What about Encino Securities? Have they been trading with any organizations on a watchlist? Instead of reacting to the next move by Smith or Encino, data analytics and AML technology have combined to give the bank enough information to proactively investigate the current transaction and stop new ones. Manual processes won’t get this done.

What will get the job done is a partner who has a direct cadence with regulators and investigative entities. It’s that type of cadence that leads to advances in entity resolution, network analytics, and the marrying of internal and external data. Fraud investigations are about data. Handcuffs, not so much.

Subscribe

For further insight into the payments and banking industries, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts engage each other on the real-world factors impacting your industry.

Posted by Albert Laino

Albert Laino supports Bottomline’s Enterprise Cyber Fraud & Risk Management team from a Solutions Consulting capacity. He is a self-proclaimed foodie, cinephile, and financial crime enthusiast who enjoys being able to continually learn about the applications of new technology within the AML and fraud space, and contribute as a trusted advisor to this community.