Dan Zitting serves as Chief Product & Strategy Officer at Galvanize, the global leader for GRC software.
Current economic challenges and the ongoing public health crisis have transformed the circumstances in which fraud happens. The good news is that the tools to address it are at the ready. Machine learning gives organizations the ability to fight both internal and external fraud threats to reduce risk.
Regardless of global conditions, there are a few basic elements that fuel fraud. The Fraud Triangle, developed by Donald R. Cressey, outlines three elements that must be present for fraud to occur. They are:
• Opportunity: the ability to do it.
• Pressure: a motivation or problem that fraud would help solve.
• Rationalization: the conclusion that the gains from committing fraud outweigh the possibility of detection.
These three components create a perfect storm to motivate someone to commit fraud. Add Covid-19 to the mix, and new opportunities and pressures surface — both inside and outside organizations.
MORE FOR YOU
For example, many people are in a worse financial situation than they were at the end of 2019. Whether they’re impacted by furloughs, lockdowns, childcare closures or any number of Covid-related changes, they face increased pressures that didn’t exist previously.
There are also new opportunities for fraud, including less oversight of employees working from home, less stringent policing from auditors/regulators who are unable to conduct on-site inspections, phishing and other social engineering security attacks that prey on Covid-related stress and the injection of under-controlled government stimulus funds into the market.
With this increase in fraud opportunities and pressures, data automation and machine learning have become invaluable tools to detect fraud at every level of an organization. Governance, risk and compliance (GRC) professionals can normally detect instances of fraud — if they’re actively looking and if they know what to look for. Data automation enables them to monitor in real time, and machine learning adds further value by finding fraud patterns in data they didn’t know they were looking for.
Case in point: Right now, many organizations are preparing plants, sites, stores or office spaces for employees to come back to work, which may mean an uptick in the number of vendors or transactions taking place. An employee might see an opportunity to commit fraud by hiring a vendor who’s a friend and taking a kickback in return, thinking it would go undiscovered in the commotion surrounding reopening. While that type of fraud has always existed, the pandemic has created more opportunities to execute it.
Previously, organizations may have protected themselves against this type of fraud by monitoring vendor spending around historical “bright line” rules (e.g., flagging any spending that exceeded twice the monthly average for that vendor). However, with a new influx of vendors and needs, old familiar patterns may not apply. Analysis techniques using machine learning can look at data that is being updated in real time and easily identify new or unusual patterns.
In the example of an employee who is taking a kickback, a machine-learning model for spotting potential fraud red flags continuously becomes more accurate as the nature of the business and payments change. The model detects anomalous fraud while simultaneously reducing “false positive” red flags.
Beyond these preventive measures, by analyzing data around a specific instance, software based on machine learning and artificial intelligence has the ability to learn from fraud once it has been committed and identified — automatically updating itself to flag new occurrences in the future.
Fraud controls, or the various functions put in place to reduce the chance of fraud, must be adjusted and reprioritized to our new work environment on an ongoing basis. As an example, to avoid new risk, a company could implement automated blocks on any payments to vendors that have not yet been fully approved and authorized.
The best way to prioritize these controls is by quantifying the risks they mitigate. GRC professionals can do this by identifying risk scoring factors, such as:
• Likelihood: How likely is it that this will happen?
• Impact: How big an impact will it have on the organization?
• Velocity: How fast can the exposure impact the organization?
As new socio-economic factors are introduced, fraud risks inherently adapt and change. Machine learning uses predictive techniques to increase the effectiveness of controls, based on connected, real-time data from across an organization. Machine learning makes the powerful tool of up-to-the-minute dashboards possible so risk teams can continuously monitor control effectiveness and identified issues.
If an organization is implementing machine learning and automation to prevent fraud, it should keep in mind the following best practices:
• Data Accuracy: Obviously, the accuracy of the data is essential in any machine learning project; outliers, noise and missing values could render results meaningless. Regularly testing and validating the model is a best practice that organizations need to adopt.
• Data Bias: Is the data suitable? Machine learning models are only as good as the data fed to them. So, if the data is skewed, organizations won’t get the most from their efforts.
• Clearly Defining Goals And Objectives: What problems are you trying to solve? Before implementing machine learning, evaluate which processes require it — not all automated processes need machine learning. The company should have specific use cases in mind for machine learning to ensure it provides value.
If we know anything about Covid-19, it’s that we can’t predict where it will take us next. Fraud is no different. No matter the type of fraud, machine learning is a powerful tool to keep it from becoming a serious problem — regardless of how our circumstances may change.