Red flag means Danger!

Using red flags in the data mining and risk profiling process.

The media announced in April 2014 that “Crime rate in England and Wales falls 15% to its lowest level in 33 years”. However, what was also pointed out, and perhaps unsurprisingly, was that fraud was up by 25% from the last reported year. For those working within the counter fraud community this was an expected trend. Despite popular belief, fraud is not a victimless crime and in some cases the perpetrator may have been driven to such acts because they themselves were victims of the financial crisis. It has often been said that after a fraud there are two investigations; one to find the perpetrator, and the second to establish why the organisation was blind to the warning signs and red flags that littered the path of the fraud.

Risk profiling and data mining

Fraud risk profiling and the use of data mining and matching techniques provide a cost effective means of detecting such red flags, but they must be part of a holistic approach with leadership from the top. Senior board members must set an example and the organisation needs to recognise that turning a blind eye to “minor” infractions, such as:

• overstating mileage in expense claims;
• splitting the cost of a meal with colleagues and claiming the full amount; and
• accepting a generous gift from a supplier and not declaring the true value have a cumulative and corrosive effect on the organisation and will make it more susceptible to fraud. Before considering an effective data mining strategy it is important to understand who the key opponents are and the sources of data.

Employees quickly recognise and some exploit the weaknesses and blind spots in the organisation. Collusion occurs when the relationship between an employee and supplier becomes too close and pressure is put on the employee to meet targets. Consider the collusion between bankers to manipulate interest rates; could that have happened if the working relationships were not so close and the pressure to achieve not so great? Organised criminals will target and exploit the weakest links, be those employees or suppliers.

Several years ago, I was involved in an investigation where a serial bankrupt and disqualified director convinced a number of legitimate suppliers to an organisation to allow him to use them to front a number of business ventures. Since he was a disqualified director he needed “front companies” to operate from. He then lavishly entertained an employee and compromised him into assisting with a scheme to defraud his employer. There were numerous red flags along the way but none were picked up at the time.

Cost effective data mining tests

So what data mining tests can be quickly and cost effectively used? Many organisations have a “conflict of interest policy” which should record an employee’s outside associations. But how often is this just a vague requirement? And, does the Internal Audit or Compliance function ever validate that information, for example by data matching against its internal suppliers and clients or externally matching against Companies House data to see whether any undeclared relationships exist. Such relationships may not be direct but make use of partners, with potentially different names, living at the same address. Membership of CIFAS would allow the organisation to further data match against known frauds and fraudsters.

Again, many organisations maintain a “hospitality and gifts” register but is this ever really analysed and compared against other internal information? A review of this information will often reveal employees who undervalue the gifts and hospitality because to declare the full amount would put them under the spotlight.

For example, declaring the value of a Christmas gift bottle of wine as £15.00 but then stating that it was a 1998 Grand Cru is a little naïve as a quick internet search will indicate the true price. In one recent case the value was in excess of £100 for such a bottle of wine; falsely undervaluing can only suggest that the employee was embarrassed with the gift and had something to hide. I’ve identified instances where individuals have been invited as guests to major sporting events, such as Rugby World Cup finals or the opening ceremony of the Olympics and because they were “complimentary” there was no associated value. The only reason a supplier would be offering such largess is to get preferential treatment in the future or as a thank you for past assistance. Excessive and lavish entertaining has all too often been the starting point of a corrupt practice and under current bribery legislation organisations will need to be much more proactive in this area. Ensuring that the information recorded is accurate and complete will ensure that any data mining has a better chance of success.

Using link analysis to graphically represent the individuals or organisations who are entertaining the most will identify whether a specific employee or department may be at risk of compromise.

Out of bound data mining

Matching employees’ details against those of suppliers is another useful data mining test, but all too often considered “out of bounds” under privacy and data protection legislation. This is not the case and demonstrates a lack of understanding of the legislation, which is all too often used by HR departments as an excuse not to provide employees’ details. Registration with the Information Commissioner that employees’ data will be used for “crime prevention and detection and the prosecution of offenders” can be submitted on-line in a matter of minutes and then such matching can take place.

Open source intelligence such as the HM Treasury’s sanctions lists or the US Office of Foreign Asset Control “OFAC” can also be used effectively to establish whether Suppliers, Customers or Counter Parties are on international watch lists. Once one starts to research open source (free) data the only consideration is not to be overwhelmed with the results, which will contain many false positives, but to grade the data and refine the profiles to achieve meaningful and practical results.

Richard Kusnierz

IDM Fraud

idmfraud.com