Most companies have controls in place to stop fraud, waste and abuse and comply with growing regulatory requirements. General counsel, along with the board and executive management, are responsible for knowing whether those controls actually work, with organizational and individual consequences if they don’t.
Increasingly, GCs recognize the need to proactively uncover problems and improve internal controls. Better controls are critical in meeting the expanding antifraud requirements of mandates arising out of statutes such as the Dodd-Frank Act, the USA Patriot Act and the Foreign Corrupt Practices Act. If the company ends up facing an investigation, stronger controls can help confirm compliance, assure regulators the problem is being addressed properly and contain news media fallout. They also can help GCs be confident that the information received from internal audit and other sources within the organization is accurate.
Continuous monitoring and analytic solutions can provide the ability to examine massive amounts of data, identify anomalous activity and uncover new patterns and schemes of suspicious behavior. Virtually all of a company’s transactions or ledger entries can be tested by applying a set of rules that help flag fraud indicators more quickly and comprehensively. These analytic techniques can be employed across different compliance channels, a convergence that can reduce compliance costs while supporting consistent application of rules and processes to uncover suspicious transaction patterns.
The hybrid approach
Various red flags, such as duplicate payments, can signal suspicious behavior. By combining traditional analysis techniques with emerging data mining, predictive analytics and continuous monitoring capabilities, companies can leverage a hybrid approach to uncovering and evaluating transactions and data indicating fraud or fraud risks.
The hybrid approach incorporates both rule-based and modeling tools in a real-time or near-real-time monitoring environment, with a feedback loop that supports continuous improvement (Figure 1).
Using this approach, data from disparate sources (1), including transactions, financial and demographic data, and unstructured data such as emails, are fed into a data layer.
Using advanced analytics (2), forensic accountants, statisticians and domain specialists create statistical rules and models. Although rules-based models can be very effective, one shortcoming is that they can only be applied to known schemes. Applying models and rules in combination can reduce false positives.
During testing and optimization (3), rules and models are fine-tuned using advanced analytical techniques and statistical tools. They are then applied to a real-time screening process (4) in which transactions and data are evaluated to determine whether they should be flagged as fraud risks. Flagged transactions are put into different queues for further review (5). Most importantly, the disposition of every flagged transaction is fed back to the advanced analytics process. This continuous feedback loop is necessary to refine models and to improve the quality of decisions.
Three key elements to establishing and maintaining the continuous loop:
- Data collection and aggregation: Data fusion combines disparate data types and data streams from myriad sources to build an integrated repository andintegrated data sets to greatly increase the range of possible analyses. Integrating structured and unstructured data, including data uncovered through continuous monitoring, enables the addition of another layer of analytical context to compliance monitoring and controls. New, cross-enterprise patterns of behavior may be identified by applying existing analytical tools to these integrated data sets. Consequently, these findings may profitably inform controls across a broad range of GC responsibilities.
- Data analysis: The application of complex analytics to compliance and control issues depends on a variety of statistical techniques and modeling tools. Used correctly, an analytic exercise can resolve questions about fraud, waste and abuse. These analyses can be directed at the challenge of explaining prior behaviors, linking findings to predictive models of recurring behaviors and identifying previously undetected behaviors. Additionally, the quality of controls can be tested formally and statistics developed that provide accurate measures of their effectiveness.
- Outputs: The insights generated through complex analytics need to be reliable and defensible so that actions and decisions can be well-informed. Analysis outputs need to address a specific problem and support drawing reasonable conclusions from the data. Outputs include reports that can be created in real time and in various scenarios to document events and allow ongoing monitoring in support of a decision or legal case. How information is characterized, prepared and reported will be factors in the GC’s ability to communicate effectively with internal management, investigators and stakeholders.
Powerful tools are there for the using
Monitoring and analytics capabilities are increasingly economical and widely accessible. Companies in every industry can acquire off-the-shelf software solutions or develop systems from commercially available components that provide continuous monitoring and advanced analytics. And, the transaction-level data produced through continuous monitoring and predictive analytics can be applied across the range of compliance mandates and reporting requirements. Using these tools, companies and their GC can cost effectively address growing compliance requirements, while reducing financial losses due to fraud, waste and abuse.