Wed, Sep 26, 2018

Data Analytics: The Needle in the Haystack Isn’t Always so Hard to Find

Kroll’s Global Fraud and Risk Report survey found that 44% of fraud had been discovered by a whistle-blower, while 39% had been discovered by internal audit, and 32% by management at the company. Detecting and dealing with issues before they trigger whistle-blower or regulatory procedures has clear financial, reputational, and resource benefits. How can companies stay on the front foot when combating fraud, bribery, and corruption?

Using your company’s data to detect fraud, bribery, and corruption

'Data analytics’ has become a buzz word in consultant speak in recent years. But there is little explanation of its practical applications for companies. At a basic level, data analytics is simply taking raw data from a company’s operational and financial systems and analyzing it to draw conclusions. Most of us have been doing this for years.

The key is how to analyze the data in an efficient and effective manner to identify trends and anomalies for the end user and employ the best available tools.

Historically, fraud, bribery, and corruption investigations were carried out through a sampling approach to transactions and supporting documentation. However, data analytics can now be applied to interrogate a company’s financial records for red-flag transactions, to focus investigative activities.

The issue is how to interrogate this data to identify risks of bribery and corruption and to assess what constitutes a red-flag transaction.

Highly skilled data analysts are required to undertake such analyses. For instance, if millions of transactions from a company’s accounting system have to be reviewed, such an analysis would not be possible using basic tools such as Excel. Experts would use more sophisticated data analytics tools such as SQL to find patterns that reveal potential wrong-doing.

How can companies use data analytics to detect fraud, bribery, and corruption?

Companies are becoming aware that the volumes of historical financial and operational records available to them can be a valuable source of supplementary data to a more proactive anti-bribery and corruption compliance program.

The issue is how to interrogate this data to identify risks of bribery and corruption and to assess what constitutes a red-flag transaction.

When this happens, we at Kroll take extracts of accounting ledgers, in some cases the entire system, and mine that data (sometimes combining it with data external to the organization) to identify questionable transactions.

This process involves highly skilled data analysts, but most importantly we apply a suite of queries developed over years of conducting such investigations. These are designed to quickly identify transactions and relationships that display the attributes of a fraudulent or corrupt payment. The queries are supplemented with company or industry-specific queries in order to identify other potentially suspicious transactions.

Not every red-flag transaction is problematic. The purpose of the exercise is to highlight unusual trends, customer or supplier relationship patterns, or specific payments that the business can explore and investigate further. While some may be justified, others represent a cause for concern.

This risk-based approach delivers cost and time efficiencies, enabling the company to manage the process and outcome. If an issue is identified, the company can investigate and assess it, seek advice, and proactively take control of the situation – a far preferable environment than an out-of-the-blue whistle-blower email or letter from a regulator.

What are the current trends and best practices, and how is this practice evolving?

Bribery and corruption risk remains one of the greatest concerns to businesses. Kroll’s survey identified that 23% of respondents were dissuaded from doing business in foreign markets due to the perceived risk of bribery and corruption. However, by completely discounting overseas markets, potentially significant opportunities can be missed.

Bribery and corruption risk can be managed, with the right controls and an effective compliance program in place. Corporate functions are getting smarter about how they identify and manage such risks. This is reflected in the proactivity with which they take on risk assessments and embed third-party due diligence programs, to gain further insight into the history of a third party’s relationship with the company.

Are perpetrators of fraud becoming more sophisticated at covering their data trails?

As companies get smarter at managing bribery and corruption risk, so do the wrong-doers. They are aware that due diligence will be conducted on third parties and agents, and find creative ways to accept bribes and other corrupt payments.

Five years ago, suspicious transactions were relatively easy to spot. They included:

  • Offshore registered vendors
  • Bank accounts in red-flag jurisdictions
  • One-off, round sum payments
  • Transactions recorded in consultant expense general ledger accounts

Wrong-doers are aware that these are typical red flags. Now, Kroll sees far more creative ways to disguise payments, including:

  • Empty invoicing to known third parties, in order to build a slush fund
  • Above-average discounting to customers and distributors
  • The provision of rebates resulting from invoicing excessive amounts for goods delivered
  • Well-known and trusted third parties such as travel agents are being encouraged to act as intermediaries

The good news is that these disguises are identifiable when using data analytics techniques.

Take a supplier relationship in a subsidiary with which business suddenly increases 20-fold in the last two years out of ten. Corporate head office internal audit, compliance, and finance functions won’t necessarily notice such trends in their day-to-day business. But such an anomaly is easily flagged when applying data analytic techniques across the group’s accounting data.

Only 15% of respondents to Kroll’s survey said they had suffered bribery and corruption related fraud in the past 12 months. However, unlike other types of fraud, the issue is that most corporate organizations aren’t aware that such payments have occurred, until it’s too late.

In the majority of Kroll’s investigations, the relevant payments often relate to an acquired subsidiary, or have taken place many years previously. Proactive identification of such risks using data analytics means these transactions do not need to be needles in a haystack.