Using Data Science to Combat Internal Fraud


It’s no secret that fraud prevention is a hot button topic in banking, and an increase in internal cybercrime has spawned a new wave of regulations to prevent violations like money laundering and insider trading. One need look no further than the recent allegations of Wells Fargo’s cross-selling misconduct to see the potential for financial and reputational loss.

Banks have long used monitoring and data analysis technology to flag potential instances or transactions related to internal fraud. Now, data science is being used as a tool both to prevent and predict fraud on accounts before it occurs. Here’s how financial institutions are joining forces with data science innovators to help monitor internal behavior to prevent and predict fraud.

Detecting Suspicious Patterns
One of the major areas that companies are looking at is analyzing spending and transaction patterns to detect fraud. This means analyzing the payment and purchase history of each customer on a granular level, and determining if any of those transactions appear to be out of the ordinary. Data science is now pushing the envelope into analyzing these activities for targeted marketing of rewards programs or other products in the future.

In addition, companies like RedOwl are using data analytics to spot internal fraudulent patterns to prevent employee malpractice before it happens. The RedOwl Analytics platform is specifically designed to predict whether an employee is likely to commit certain acts such as insider trader trading or intellectual property theft. Instead of simply monitoring employee emails and messages, RedOwl goes a step further by detecting and analyzing abrupt shifts in communication patterns or behaviors. Behavior such as suddenly changing to different languages, an increase in external messaging or emailing outside of normal work hours are some of the behaviors that may predict fraud and that RedOwl Analytics takes into account.

Monitoring Transactions and Flagging Activity
After suspicious patterns have been detected, the next challenge for big data is to monitor or flag specific transactions in order to step in at the appropriate time. At what point is the likelihood of fraud great enough for bank management, regulators or law enforcement authorities to step in and investigate? Palantir is one of the big players in the space, working with big banks like JP Morgan Chase & Co. to help identify rogue traders, for example.

Such needles in the haystack are tough to find, and that’s why Palantir’s technology is so useful. The Palantir Anti-Fraud platform, which originates from data science technology designed for U.S. Intelligence services, initially monitors and flags attempted hacks into client accounts or ATMs. Today, Palantir’s software monitors a variety of activities to prevent internal fraud as well. This includes a combination of trading data, email communications and keywords used in company phone calls.

Fraud Prediction and Investigation
The key to minimizing financial and customer loss due to fraud is quick detection and resolution. But the challenge is not just to accurately predict fraudulent actors—it’s to investigate and intervene accordingly. That’s where big data companies like Splunk are stepping in, to aid banks in pivoting from monitoring suspicious activity to taking action. One of the unique advantages to Splunk software for fraud prevention is the ability to analyze data from disparate, siloed sources to better predict who may perpetuate fraud.

What Splunk’s anti-fraud software does is establish a risk profile baseline for certain user groups. It then applies statistical analysis to employee activities–stock trading for example–to determine if they are acting within the baseline risk profile. Users whose activities are seen as anomalies by Splunk are then able to be flagged for further monitoring and investigation. Alerts for these anomalies can then be configured in real-time, or over a certain period to further validate potentially fraudulent patterns. Once potential fraud is detected, investigators will then have access to historical data to quickly determine who is involved and what they might be trying to accomplish. Splunk and other fintech companies that use data science techniques are also trying to add another layer to fraud investigation, cross-referencing patterns with other users in the company to determine if that person is acting alone or could be part of a larger ring.

Unfortunately, as of today there is no silver bullet in technology or big data that could prevent each and every instance of internal fraud from taking place. But as fintech innovators like Splunk, Palantir and RedOwl continue to push the boundaries in making sense of big data, banks can at least be more proactive in countering fraud before it happens.

Questions to Ask About Internal Fraud: A Bank Director’s Guide

internal-fraud-12-7-15.pngAmong the many threats to shareholder value that bank directors must address, the risk of internal fraud is among the most challenging. Virtually all bank directors recognize their obligation to actively oversee the way the bank monitors its employees to mitigate the risk of fraud, but most directors also understand the need to avoid micromanaging day-to-day operations.

Treading the fine line between oversight and overstepping can be difficult. Often it means learning to ask the right questions of the right people, particularly of the bank’s senior management team.

Because every bank’s risk profile is unique, no single list of questions can fit every institution. Nevertheless, it is possible to outline some broad principles and useful questions within three general areas of strategic, board-level concern.

Corporate Governance
Major corporate governance elements related to internal fraud comprise management and oversight of the organization including the bank’s published code of conduct, written ethics policy, fraud policies and procedures, and loss reporting practices. Board members should exercise direct and active oversight of these components and be prepared to ask management a broad range of questions, including:

  • How frequently are our code of conduct and ethics policies reviewed and updated?
  • In addition to introducing our ethics policies during new employee training, how else—and how often—are these policies communicated and reinforced?
  • How are fraud losses identified, tracked and reported to the board? Are board members and executives regularly briefed on current fraud issues and trends by the appropriate managers?
  • Are employees able to report suspicious behavior outside the day-to-day management structure, or are they able to report it only through their immediate superiors?
  • Has the bank established a whistleblower hotline that allows employees to report suspected fraud anonymously?
  • How is hotline activity measured and tracked? How is the program’s effectiveness measured and evaluated?
  • How often is the whistleblower hotline publicized and reinforced in regular employee communications?

The Control Environment
The next broad area of board concern, the control environment, addresses the various tools, processes, and other components that implement the fraud policies prescribed by corporate governance. Issues of strategic-level concern in this area tend to revolve around training, accountability, and equitable treatment, as well as the effectiveness, efficiency and reliability of fraud reporting practices. Useful control environment questions for board members to ask include:

  • How is fraud awareness training being provided throughout the organization? Is awareness training tailored to each line of business?
  • Beyond awareness, do employees receive training on ethics, fair service and honest dealing?
  • Are employees being trained on specific anti-fraud practices and controls? Once trained, are they held accountable?
  • Are fraud policies implemented and enforced consistently and fairly? Are senior-level or revenue-producing personnel subject to the same enforcement as junior or administrative staff members?
  • Are anti-fraud controls consistently monitored and tested as part of the internal audit function?
  • Do employees know how to report fraud?

Incident Management and Response
The board of directors has primary responsibility for seeing that there is a defined structure and process for responding to fraud-related incidents and issues, including clearly defined roles and responsibilities. It is important that incident response protocols are applied consistently across the institution, rather than allowing each line of business to pursue its own course. To carry out this responsibility, directors should be prepared to ask questions such as:

  • Is there a high-level, organization-wide policy regarding incident management? Does it set forth adequate protocols including all relevant legal, reporting and regulatory requirements? Is the policy regularly reviewed and updated?
  • Who is the designated management-level employee with the authority to manage and administer fraud investigations and responses?
  • Has management taken adequate steps to support this employee with an appropriate team involving legal, human resources, internal audit, information technology and other departments?
  • Is there adequate oversight to allow fraud inquiries to proceed without interference from the affected lines of business?
  • Does the board receive regular briefings on material issues of fraud or fraud management?
  • How does the organization learn and evolve based on industry events and previous large incidents of fraud?

The scope of a director’s responsibility extends far beyond these three general areas alone, but starting with these broad topics can help board members maintain their focus at the strategic level while still posing challenging questions. In addition to establishing the appropriate “tone from the top,” such questions can help guide the management team toward more active and effective management of internal fraud risk.