There is an accounting approach to fraud and there is a mathematical approach to fraud. Over the years forensic audit firms deployed the best minds in the accounting domain to grapple with the challenges posed by fraudsters. There were some instances where the fraud was successfully mitigated. In some cases, the scale of fraud was overpowering and exposed embarrassing loopholes that required legislation and regulatory overhauls.
The probability of fraud occurring depends mainly on the collective devious human behaviour and a complete systemic failure. Financial systems are designed and deployed with in-built check and balances but the difficult question to be asked is, “Are the existing systems intelligent enough to detect the deviations?” The keyword here is ‘intelligence’. This is where we believe that the time has come to synthesise the cognitive power of the forensic auditor with the mathematical power of the data scientist and the computing power of the algorithm. This amalgamation can be turned into an intelligent solution by adopting machine learning as an extremely formidable and scientific way to detect and act, thereby reducing the impact of fraud.
Fraud has multiple dimensions making it mightily hard to identify and predict. Therefore, the methodology must be iterative and goes without saying that it will consume time and efforts.
The first step is leveraging the regulatory frameworks. The Reserve Bank of India (RBI) has laid out a clear guideline to help identify Red Flag Accounts. These guidelines should be used as markers and then injected into the banking technology eco-systems to improve the intelligence quotient. After all, it’s nearly impossible for a bank employee or a forensic auditor to analyse every transaction.
The second step is to look at the Data Capability Index. Having data, whether big or small, doesn’t always translate into an implementable solution. This is even more so in the space of fraud because frauds are exceptions and the patterns are not repeatable. So historical data can’t be used quite in the same way we use it to solve other problems. In machine learning parlance, using historical data to learn is called Supervised Learning. For fraud, we need to use Unsupervised Learning because of the lack of data.
The third step is going beyond the normal paradigm to effectively combine supervised and unsupervised learning with a very high percentage of innovative thinking to develop intelligent models. To achieve this, banks must build a specialised team, forging skills across domain, technology and machine learning. The team can be developed internally, or the expertise can be acquired externally.
If the theoretical approach is as easy and straightforward as we have outlined here, then why are these approaches are not in place across the banks yet? The answer is evident. The convergence of the regulatory framework with machine learning algorithms is yet to be done on the ground. Banks are under tremendous pressure to adhere to their compliance standards while running their day-to-day operations as cleanly and correctly as possible. With pressure mounting on their top line and bottom line, the focus wavers from planning a clear risk mitigation strategy to patching up loopholes. In some instances, the lack of corrective action may happen due to a severe capacity problem and in certain cases, it could be because of a capability problem.
The Road Ahead
The arduous journey begins with a clearly defined business problem after duly considering the budgets and the human resources available. An additional word of caution here is not to get carried away by claims of a real-time fraud detection system being made available without understanding your Data Capability Index. Meaning, detecting or predicting a fraudulent transaction cannot be one model will fit all. In the same breath, having a unified data cluster on Hadoop is not a solution either. The approach lies in developing a strong fraud analytics framework totally relying on all the internal data available and considering some external data sources available with the regulators. The key facets of the fraud framework are outlined here:
Decoding money trail: This is relevant to both retail loans and corporate loans. It’s the prerogative of the bank to choose the battleground. The good news is money trail can be developed as an intelligent real-time monitoring system but before that a study must be done offline
Re-defining red flag accounts: There are RBI guidelines but interpreting them and translating them into operational metrics requires a deep domain understanding and a good sense of the possibilities and limitations of the technologies available
Designing Early Warning System: The multitude of complexities that fraud entails limits the possibility of accurate detection and prevention sometimes. This is where intelligent recommendations with swift (not be mistaken for SWIFT) actions are to be generated by the system. Combined with the decision-making ability of the auditor, the probability of detection and prevention increases
Realtime monitoring of red flag accounts: This would be the ultimate goal but looking at the current systems, this is a distant reality. Every step towards this goal should be as per the defined fraud analytics framework and one false step in the final stage can undo all the good work done
Committing fraud is an integral part of the human evolution process and despite all the data and tools available, fraud will continue to manifest in different forms and shapes. It will never cease to happen. We can continue to live in denial mode or accept it as a reality and then think to reinvent the risk mitigation strategy from time to time. As fraudsters continue to pose challenges by effectively exploiting the limitations of the banking systems, the responsibility of leading the charge lies with the audit firms who have to be open to the idea of adopting new technologies and in this case use the power of machine learning to be able to design a counter-intuitive strategy. In a nutshell, as the world is heading towards fraud predictors rather than post mittens, we believe we will be able to provide robots for the same.