Fraud Investigation Technology

FraudInvestigationsIn my continuing efforts to provide in-depth analysis of Information Governance and eDiscovery technology to executive decision makers from the Global 2000, I have recently been analyzing fraud investigation technology.   With the accelerating increase in the amount of electronically stored information (ESI) coupled with the expansion of the Internet and the proliferation of portable information access technology,  financial crimes and fraud are rampant within the Global 2000.

As a technology expert in eDiscovery, Information Governance, machine learning and Cloud Computing, my starting point for this investigation was somewhat skewed towards the technologies that support these disciplines.

Luckily,  early on in my investigation, I ran across a series of articles posted on the Financial Crimes Weekly Blog by Doug Wood, VP, The Americas & Global Corporate Development at Xanalys.  The first article titled, “Investigating the Investigators,”  was posted on November 15, 2013.  These articles provide a great foundation for the investigation and review of Fraud Investigation Technology.

The full text of Doug’s first article is as follows:

I recently read an excellent new book called Fraud Analytics by Delena Spann.  Ms. Spann is with the U.S. Secret Service, Electronic & Financial Crimes Task Force and is often called upon by colleagues and peers to provide presentations and professional speeches on financial fraud analysis, ethics, fraud examinations and fraud data analytic techniques. I think it’s an excellent overview of fraud analytics with specific information about some technology leaders in this area.

The powerful IBM i2 toolset is discussed, along with offerings from Raytheon, Centrifuge, SAS, and others. (Chris Westphal of Raytheon Visual Analytics, by the way, published his book ‘Data Mining for Intelligence, Fraud & Criminal Detection’ a few years ago and is another one I strongly recommend.)

Both books offer advice and use cases on how technology can be applied in the fight against financial crimes. A few months ago, I summarized the types of technology being put to use as tools to prevent, detect, and investigate fraud and other criminal activities. (It’s worth a quick read.) What I’m investigating today, however, is… well, investigations.

“IMA is the most critical connection between technology and investigators.”

In my technology summary, I termed this area Investigation Management & Adjudication (IMA). IMA is the most critical connection between technology and humans within an enterprise fraud management ecosystem. Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.

IBM i2 has long been known as a thought and market leader in this segment, and for good reason. As Ms. Spann outlines in her book, the i2 tools are powerful and have helped investigators solve countless crimes worldwide. Palantir Technologies and Raytheon play in this area well, as does rising star Xanalys Inc. Each clearly separate themselves from the basic incident/case management toolsets by providing powerful, emerging functionalities that allow easy and intuitive consumption of data in any form. For investigators, the more data – and the easier that data is to consume – the better.

“Users want actionable intelligence, not endless queries.”

What makes for good IMA? A few things, actually. First among them is the technology’s ability to adapt to the way human beings think and act. Users want actionable intelligence, not endless queries. IMA tools, therefore, ought to interact with the investigator in a consultative way that a fellow investigator would. “Hey, have you thought about this, Mr. Investigator?” and “Maybe you should look atthat.”

Second, IMA ought to have context. Technologies that simply point to two entities and say, ‘Hey these things look linked‘ are great but leave all of the thinking up to Mr. Investigator. The IMA tools that I like have contextual values associated to those links. ‘Hey, these things look linked AND here’s why that’s important’. Big difference.

Third, IMA should bring the investigations to closure. There are a lot of data mining tools out there that allow querying with case management. How, though, does the investigator get to the point where an investigation is solved and prosecutable? Once again, the most functional IMA products act the way humans do. They package up the results of the investigation in an easy-to-comprehend document that can be shared internally or with police. No loose ends.

“Every investigation ends with an investigator.”

Predictive analytics, big data, and real-time alert scoring are the current industry buzzwords. They should be. They’re important. At the end of the day, however, every investigation ends with an investigator. Putting the right tools in their hands is often the difference between success and failure in an entire enterprise fraud management system.

The second article in this series by Doug Wood, titled, ” Part 2: Inestigating the Investigations – X Marks the Spot,” was published on January 3, 2013.

The full text of Doug’s second article in this series is as follows:

Most of the financial crimes investigators I know live in a world where they dream of moving things from their Inbox to their Outbox. Oh, like everyone else, they also dream about winning the lottery, flying without wings, and being naked in public. But in terms of the important roles they perform within both public and private sectors, there is simply Investigating (Inbox) and Adjudication (Outbox). Getting there requires a unique blend of their own capabilities, the availability of data, and the technology that allows them to operate. In the diagram below, ‘X‘ marks the spot where crimes are moved from the Inbox to the Outbox. Without any of those three components, an investigation becomes exponentially more difficult to conclude.

Presentation1

In part one of this article two weeks ago, I wrote about the Investigation Management & Adjudication (IMA) side of financial crimes investigations. I coined that term to call out what is arguably the most integral component of any enterprise fraud management (EFM) ecosystem. The original EFM overview is here.

“The job is almost unrecognizable to those who once used rotary phones in smoke filled offices…

Twenty years ago, IMA was based primarily upon human eyes. Yes, there were technology tools available such as Wordperfect charts and Lotus 1-2-3 spreadsheets, but ultimately it was the investigator who was tasked with finding interesting connections across an array of data elements including handwritten briefs, telephone bills, lists of suspect information, and discussions with other investigators. The job got done, though. Things moved from the Inbox to the Outbox, arrests were made and prosecutions were successful. Kudos, therefore, to all of the investigators who worked in this environment.

Fast forward to today, and the investigator’s world is dramatically different. The job is the same, of course, but the tools and mass availability of data has made the job almost unrecognizable to those who once used rotary phones in smoke filled offices. Organizations began building enterprise data warehouses designed to provide a single version of the truth. Identity Resolution technology was implemented to help investigators recognize similarities between entities in that data warehouse. And today, powerful new IMA tools are allowing easy ingestion of that data, improved methods for securely sharing across jurisdictions, automated link discovery, non-obvious relationship detection, and interactive visualization tools, and -importantly – packaged e-briefs which can be understood and used by law enforcement, prosecutors, or adjudication experts.

“Without any of these components, everything risks falling to the outhouse…

With all these new technologies, surely the job of the Investigator is becoming easier? Not so fast.

IMA tools – and other EFM tools – do nothing by themselves. The data – big data – does nothing by itself. It just sits there. The best investigators – without tools or data – are rendered impotent.  Only the combination of skilled, trained investigators using the best IMA tools to analyze the most useful data available results in moving things from the Inbox to the Outbox. Without any of these components… everything eventually risks falling to the Outhouse.

Kudos again, Mr. and Mrs. Investigator. You’ll always be at the heart of every investigation. Here’s hoping you solve for X every day.

About Charles Skamser
Charles Skamser is an internationally recognized technology sales, marketing and product management leader with over 25 years of experience in Information Governance, eDiscovery, Machine Learning, Computer Assisted Analytics, Cloud Computing, Big Data Analytics, IT Automation and ITOA. Charles is the founder and Senior Analyst for eDiscovery Solutions Group, a global provider of information management consulting, market intelligence and advisory services specializing in information governance, eDiscovery, Big Data analytics and cloud computing solutions. Previously, Charles served in various executive roles with disruptive technology start ups and well known industry technology providers. Charles is a prolific author and a regular speaker on the technology that the Global 2000 require to manage the accelerating increase in Electronically Stored Information (ESI). Charles holds a BA in Political Science and Economics from Macalester College.