Software tools that analyse not only numbers, but the way people speak and write, are the latest in anti-fraud weapons.
In May this year, US and British regulators fined six major global banks a total of US$5.8 billion for rigging the foreign exchange market and interest rates. The series of fraudulent actions related to Libor, the pivotal London Interbank Offered Rate on which many other rates rely.
These huge frauds were not perpetrated by just one fraudster on the inside, or even an outside gang of thieves. They arose from a network spread across the banks and tied together by online communication and phone calls.
Not surprisingly, fraud on this scale has encouraged investigators to strengthen their arsenal of anti-fraud measures. Their favourite new weapons are powerful data analysis techniques that make judgements about market players’ statements in emails, online chat and instant messaging, social media and on the phone.
“The new talk in fraud detection globally is about monitoring ‘unstructured data’ – the text messages and emails between colleagues.”
Fraud may be one of the world’s oldest activities, but it is constantly changing in nature and anti-fraud measures are changing with it.
Apart from their sheer size and scope, perhaps the most remarkable aspect of the Libor fraud was the co-ordination required. The manipulations emanated not from a single bank but from a number of them, and they required a long series of detailed messages to pass around a network of traders. Yet despite their breadth and depth, not a single forensic accountant or other control detected any malfeasance in the six years that they were going on.
To deal with this kind of epic fraud, audit and data-mining techniques are moving into hitherto unchartered areas.Consider the social media tactics of Tom Hayes, a former yen derivatives trader with UBS, who last month was sentenced to 14 years in jail for rigging the Libor.
In early July, he revealed in court that he had put up a “rates wishlist” on Facebook. “Tom needs a low one-month Libor” or “Tom needs a high three-month”, he wrote on his Facebook page. He told investigators he even dreamt about rates because they “underlined everything that I traded”. No wonder that the new talk in fraud detection globally is about monitoring “unstructured data” – the text messages and emails between colleagues, the discourse in online chat rooms and the postings on social media.
Compared to the data that fraud-detection systems have historically monitored, this new wave of unstructured data is far bigger and harder to sort through. To deal with that, fraud experts in companies and official regulators are changing their habits and their software systems.
For years, forensic accountants have been called in by companies to “mine” and diagnose the everyday information found in accounts payable, payroll and expenses account ledgers. To analyse this “structured” information they tend to use a hybrid system. They may have internally developed their own proprietary rules-based-programs (KPMG, for instance, has its own data analysis system known as K-Trace) which involve writing their own computer script. PricewaterhouseCoopers (PwC) says it has combined its own internally developed coding with the best-of-breed fraud-detection software available to the market, produced by companies such as SAP, BAE Systems and NICE Actimize.
Where structured data is concerned, what are the analysts looking for? “It’s a range of things,” says Mark Woodley, a risk partner at Deloitte. “It could be simple false invoicing or more sophisticated frauds where an employee is using one’s privileges to alter the system relating to payrolls or to suppliers,” he says.
Data mining can locate any suspicious payments made on a Sunday afternoon, match supplier addresses to employee addresses, and seek out false bank accounts, ghost vendors and duplicated bank details. It can check if payee details have been changed after the approval process or before a payment file has been uploaded.
The systems can diagnose data related to value, volume, date and time or to system user identification issues, says Woodley. He explains that investigators and auditors focus on how much was spent and how often, the days and times when it was spent, and the extent to which a specific user made a change.
The forensics teams may be seeking out employee-supplier collusion, where invoices are inflated for the benefit of both parties. Did rogue employee X spend money on 4 January when he was on leave? Did payments occur on a public holiday or a weekend? Has someone misused privileges by processing a payment they’re not entitled to? Did they circumvent a system? Was a payment made in isolation – or was a whole chain of payments structured under that person’s payment-authority threshold?
Deloitte, for instance, was asked by a media company to perform targeted analysis around a small number of employees. It looked at their corporate credit card spend, matched it with HR leave data and then matched this information with geospatial analysis to identify expenditure incurred close to the employees’ home addresses.
All kinds of rules can be written into the detection software. PwC’s head of fraud and forensics, Malcolm Shackell, says a classic rule would be to diagnose 100,000 transactions made to suppliers, ranking in order those that have the highest proportion of total invoices within 5-10 per cent of an organisation’s authority levels. “We could write the code for that rule in about five minutes,” Shackell says.
However, accounting anomalies are not the only ways to spot fraudulent behaviour. Forensic accountants say words and phrases can be equally indicative, and to arrange complex fraud, the participants need to talk. In the Libor case, a number of bank forex traders met in an online chat room known as “the Cartel” to set rates that cheated customers while adding to their own profits in the global currencies market.
Into the unstructured data
Only a couple of years ago, the idea that software could detect insider trading and corruption by analysing employee linguistic patterns and vernacular across all forms of media might have been scoffed at or even considered overkill. Not anymore. The future of fraud detection is all about marrying this “unstructured data” with the long-established structured data existing as concise and neatly labelled entries in databases and accounting systems. Shackell predicts it gives organisations “a richer analytical environment”.
However, analysing this unstructured data requires what many people call a “Big Brother” tool set.
Unstructured data analysis seeks out language patterns to find the sources of different messages and detect the underlying behaviour. There are tools which can analyse emails between vendors and employees, the language of traders in chat rooms, the conversations emanating from call centres or the advice given by planners to clients.
Ernst & Young (EY) has built a library of terms that may indicate changes of behaviour intimated in speech and writing. “There is more to language than you think,” says EY’s fraud investigation partner Warren Dunn. “There are words we use when we’re angry; others we use when we’re secretive.”
Dunn explains that EY can legally look into any device controlled and owned by a business. It currently monitors emails across 250 employees for a government client to help it not only identify the downloading of inappropriate material but also to analyse email language that may be indicative of misconduct.
What kinds of words and phrases? EY says there are many – a few include descriptions for suspicious payments such as “respect payment” or “friend fee”.
“We can see what photos you’re taking, your locations, the texts ... we can paint a picture of a lot of behaviour.” Frank O’Toole, Deloitte
“Of course, there is the smarter fraudster using Snapchat who might have triple encryption on his phone,” says Dunn, but there is a far greater number of fraudsters who are less careful.
As Dunn explains, there is a digital fingerprint on everything we do. It’s possible to know when you last used a certain computer; information can be scraped out of LinkedIn and Facebook. Texts and even voice messages on company devices can be analysed.
Deloitte’s forensic partner, Frank O’Toole, agrees that a lot can be worked out even with very little to go on. “We can triangulate data. We can see what photos you’re taking, your locations, the texts and the emails, as well as the web access of your devices – we can paint a picture of a lot of behaviour.”
The challenge for business
PwC’s Shackell admits analysis of structured data is still a work in progress. EY’s Global Forensic Data Analytics Survey 2014 confirms this: big business does not necessarily understand the issues of big data. The vast majority of businesses are analysing data volumes far smaller than their business size, or are looking at too much and failing to target the relevant data sets.
“How do you bring it all together so you don’t end up with too many false positives?” Shackell asks. “The marriage of structured and unstructured data has to be done in an intelligent and very targeted way.” Analysing the cancer within, it seems, still has a long way to go.
The Libor impact
Libor is possibly the world’s most important interest rate, a primary benchmark rate from which short-term interest rates are calculated around the world. The value of contracts, each day, whose interest rate is based on the Libor has been estimated at a staggering US$450 trillion. Manipulating the Libor to boost bank profits imposed fraudulent costs on countless millions of people. Adding to the damage, the fraud went on for years – at least from 2005 to 2010 – and involved some of the world’s biggest banks.
Barclays Bank, JPMorgan Chase, Citicorp and the Royal Bank of Scotland all pleaded guilty to US Justice Department charges of conspiring to manipulate the currency market. UBS pleaded guilty to violating a prior settlement of charges for rates. Bank of America was included with the other five in fines levied by the US Federal Reserve in the forex rigging case.
This article is from the September issue of INTHEBLACK