Fraud Analytics

Data underpins everything we do and is the world’s most valuable asset. The key challenge is transforming this data into information that can be used in the constant battle against fraud which the Association of Certified Fraud Examiners reports can be on average of 5 per cent of revenue.

1. The importance of knowing what you want to look for
2. Context is key
3. The predictability of human behaviour
4. Prepare yourself to be technology agnostic by investing in people
5. Using fraud analytics to help drive operational improvements

1) The importance of knowing what you want to look for

Upfront fraud risk assessment exercises are vital in ensuring that your subsequent fraud analytics can operate effectively:

• What are the key fraud risks within the organisation?
• Which of these would have the most material impact on the organisation?
• How might the fraud risk be realised?
• What data points do you need to track the potential fraud risk?
• Are these data points readily available within systems data?
• If they are not available, how could you make them available?

The KPMG Fraud Navigator is a tool we use to consider an organisation’s fraud risk management framework including the use of data, technology and analytics.

2) Context is key

The uncomfortable truth is that, from a basic data point perspective, the characteristics of a fraudulent transaction are very similar, if not identical, to those of a valid transaction.  Fraudsters rely on this fact.

True, there are some organisations still on the very low end of the maturity curves and with juvenile control frameworks that can be easily circumvented.  But for the majority of organisations these days the controls they have in place are close to being as good as they can be in preventing fraud without having a material impact of the operations of a business.

If that’s the case – how do I detect fraud? 

You need context from other frames of reference. There are external data sources that can assist, such as our global ‘signals repository’ that we use at KPMG, but it’s about using your own internal data as effectively as possible:

• Does the transaction make sense in the context of this wider picture?
• Is the volume of business with a supplier commensurate with its profile?
• Does an individual have an usual level of control over a particular area of operations?
• Learning from historical issues, and how your systems and controls were circumvented
• Benchmarking data between locations and operations
• Process mining your data to sufficiently understand the workflow and approvals process
• Linking emails and other unstructured data with structured transactional data to look for anomalies

3) The predictability of human behaviour

Even with additional data points, in isolation a particular transaction may still appear to be perfectly valid, so how do I go about identifying an outlier as well as minimising my false positives?

Using historical datasets, once you have focussed in on what areas you consider important, you can train AI to understand and define what “normal” looks like. For example:

• Are pricing deviations within expected norms?
• Is the level and type of comms with a supplier as expected?
• Is the shop/operational entity as profitable as you would expect for its size/location/type?

4) Prepare yourself to be technology agnostic by investing in people

Technology is disposable. It is abundantly available and constantly improving. What you use currently, if the market leader now, might not be in a few years’ time. For too long now we have been attaching ourselves to specific software vendors and licensing agreements.

People however, are not disposable. A thorough understanding your business and operations is vital to effective fraud and operational analytics. Every organisation I have worked with over the last 12 month is struggling to find and retain the right people to deliver. 

For fraud analytics, don’t trust in a black box whizzy solution to find all your problems. Invest in finding and retaining the right people who understand your business and have the technical know-how. The technology will then follow.

5) Using fraud analytics to help drive operational improvements

The first rule of effective fraud detection is that the amount you spend to detect the fraud needs to less than, or at least close to, the value which is being leaked otherwise it’s not worth looking for it. 

There was a time where we threw every known analytics test we could think of at a dataset in order to maximise the outliers – the problem is a business doesn’t have the appetite and certainly not the resource to address the red flags this approach raises. With this historical context, fraud analytics is often seen as a problem child that is expensive and unproven.

With current regulatory pressures like UK SOx, the view on fraud analytics is changing slowly, and we are seeing a flurry of activity in this space. However, particularly in cost-conscious times such as now, persuading budget holders to dabble in the world of fraud analytics can be real a challenge. 

We need buy-in from key stakeholders from both a timing perspective and a cultural perspective – take the taboo out of fraud in an organisation, so that management is happy to go looking for it and deal with it.

Flip the viewpoint such that you’re helping the business save money, rather than spending money trying to find fraud. At their core, fraud analytics help organisations spot problem areas: while these areas might be caused by fraud, they could also be the result of operational inefficiencies or process issues.

Fixing these has a real add-on value to the organisation:

• Rather than trying to spot procurement fraud on its own, use it as part of a contract compliance management exercise to minimise unnecessary overspend on suppliers;
• Rather than trying to look for inventory/consumables fraud, incorporate it into an exercise where you are minimising purchase price and volume of wastage.

Used effectively, fraud analytics has a much wider value to an organisation than just looking for fraud.