Posted by Douglas Wood, Editor. http://www.linkedin.com/in/dougwood
FinCEN today (November 1, 2013) released a fact sheet regarding data sharing between financial institutions under the Section 314(b) of the US Patriot Act.
314(b) provides financial institutions with the ability to share information with one another, under a safe harbor that offers protections from liability, in order to better identify and report potential money laundering or terrorist activities. 314(b) information sharing is a voluntary program, and FinCEN has always encouraged its use.
A few years ago, I spent considerable time looking at the overall 314(b) program. I interviewed dozens of Chief Compliance Officers (CCO) and AML/Fraud experts. I found that, despite the benefits to financial institutions – reduction of fraud loss, more complete SARs filings, shedding light on financial trails, etc – the program was not particularly well-utilized. The system, for all it’s good intentions, is very manual.
Imagine you are a 314(b) officer at a financial institution. Your job is to facilitate the data sharing amongst the community. So, much of your time is spent interacting with your CCO on which specific cases should be shared, and with whom. When you get that information, you open up you financial crimes investigation tools, and begin contacting your counterparts across the U.S. and asking them “Hey, do you know anything about Douglas Wood?” You’re calling the other officers completely blind with no idea whatsoever if they know Doug. In the meantime, your voicemail inbox is being flooded with other calls from other institutions asking if you know a bunch of other people (or entities).
Finding the institutions that know Douglas Wood is a lot like looking for a needle in a haystack… except you don’t know which haystacks to look in. The system too often grinds to a halt, despite some excellent work being done by 314(b) officers across the country. There has to be a better way, and some have proposed a data contribution system where financial institutions upload their bad guy data into one large third-party haystack, making the needle a little easier to find. As an advocate for the use of technology in the fight against financial crimes, I hope that model finds some success. The problem, of course, is that banks are LOATHED to put their data in the hands of a third party. Also, it’s typically up to each individual bank to decide if and when they choose to upload their data to be inter-mingled with other institutions. Far too often, it is not entirely reliable and not particularly current.
There is a better way. Several years ago, working with some tech-savvy employees, I envisioned a member-based 314(b) program where each institution maintained total control of their data. The model does not require individual banks to contribute their data for inter-mingling. All ‘bad guy’ data sits and remains securely behind the banks’ respective firewalls. When an individual bank sends out a request to find out who, if anyone, may have information about a suspicious entity, the request is systematically sent out to all members using a secure network such as SWIFT, for example. That electronic search returns to the querying bank only a risk score which indicates the likelihood that another member is investigating the same entity.
No personally identifiable information (PII) is ever shared, yet the search is productive. The enquiring bank now knows that the person of interest was found in the bad guy data from other participating institutions. With this information in hand, the respective 314(b) officers can move their voicemail exchanges from “Have you ever heard of Douglas Wood” to “We’re both investigating Douglas Wood… let’s do it together.” The time-consuming, manual efforts are dramatically reduced and more bad guys are put away.
So if the question is to 314(b) or not to 314(b), perhaps the answer lies in data privacy compliant technology.
Tag Archives: link analysis
Drag Queens, Silk Road Shutdowns, and Video Killed the Real Estate Fraud – Selected Financial Crimes Snapshot 10/29/2013
Posted by Douglas Wood, Editor. http://www.linkedin.com/in/dougwood
Perhaps there is no Spanish term for “lay low, fraudster”?
http://www.latimes.com/local/lanow/la-me-ln-youtube-video-leads-to-arrest-of-man-wanted-in-fraud-case-20131010,0,1636077.story#axzz2j9ClBao3
Feds take down “eBay for drugs” site. I wonder if “Buy it Now” was popular?
http://krebsonsecurity.com/2013/10/feds-take-down-online-fraud-bazaar-silk-road-arrest-alleged-mastermind/
Drag Queen Shakedowns… Only on Bourbon Street.
http://theadvocate.com/news/7402011-123/celebrity-scam-artist-arrested-in
Lottery Fraud – How lucky can you get?
Posted by Douglas Wood, Editor.
Two weeks ago, I wrote in this space about some interesting experiences I’d had working through Workers Compensation Premium Fraud at a government run program. This week, I received a fraud alert about a retailer being banned from ever selling lottery tickets, and it reminded me of a great exercise I underwent with a government run Lottery corporation several years ago.
Lottery retailer fraud is simple and widespread. NBC Dateline ran a two hour episode several years ago, outlining the problem and going undercover to catch some bad guys in action.
In a nutshell, there are many unscrupulous retailers who outright lie to patrons when asked to check their numbers. Joe the customer hands the ticket over to the clerk and asks her to see if it’s a winner. She scans the barcode and says “Sorry, Joe… you didn’t win“. Then, as Joe heads out the door, she picks the ticket up from the trash bin knowing full well that it’s a big winner. Here’s a real life example.
How bad is the problem? According to Dateline NBC, a Philadelphia retailer cashed eighteen lottery tickets in three months for a total of $45,000. In New Jersey, a retailer cashed 105 lottery tickets for more than $236,000. In Illinois, it found one store where four employees and five of their relatives cashed a total of 556 winning tickets, for more than $1,600,000. In California, lottery investigators were seeing the same thing. In fact, in 2007, the five most frequent winners in California were retailers. One store owner in Los Angeles allegedly cashed 121 tickets for more than $160,000.
As a result of shrinking public trust and outrage, many lottery corporations have taken to more tightly scrutinize ‘winning’ ticket claims from lottery retailers. What, though, if the lottery clerk has her husband cash the ticket? Or her next door neighbor? How can you scrutinize large winning ticket claims without grinding the process to a halt?
That’s precisely where my customer was when they called me.
As with any fraud prevention program, the availability of data was of utmost importance as we scoped out the technology solution. The lottery corporation obviously knew who their retailers were (XYZ Groceries, ABC Petroleum, etc) but how did that help point to a specific Suzie Employee within that retailer? After all, companies weren’t cashing in winning tickets. People were.
Well, we helped them realize that they had employee names as a result of the mandatory training they offered retailers for handling sales of lottery tickets. Each employee of a retailer was required to take a brief online course for certification purposes, and entered some of their personal data (name, date of birth) in order to begin the training.
That got us through step one – the employees. In order to get to the next level of culprit (the family or neighbors of employees), we incorporated publicly available data into the mix.
Through a defined process of business discovery and problem resolution, we designed a process where individuals redeeming winning tickets above a certain value would be compared to the data of retail employees. If it was determined that a winner closely resembled a retail employee, an alert was automatically generated for investigators.
If a winner was determined to be closely acquainted to a retail employee via relationship-detection technology and public data, an alert was again generated. The specifics of how relationships were determined and analyzed won’t be disclosed for obvious reasons, but one example would be a shared address or telephone number.
This particularly lottery corporation was fortunate that they had a mechanism by which to collect employee data. In meeting with dozens of other Lotteries in the years since, I’ve learned that not enough of them have a similar process in place. Unfortunately, without that initial data set, it’s more difficult to detect this type of fraud.
In the case of my client, however, they began immediately seeing benefits in the new process and several fraudulent retailers were exposed. It was some very interesting work, and a cool exercise in problem solving for complex fraud.
Posted by Douglas G. Wood. Check out my site at www.crimetechsolutions.com
Shockers, Lawyers, and Worst Boss Ever – Selected Financial Crimes Snapshot 10/11/2013
Posted by Douglas Wood, Editor. http://www.linkedin.com/in/dougwood
Shipping a car to Nigeria? Seems like an awful lot of work for a fairly stupid scam…
http://finance.yahoo.com/news/fraud-conviction-man-reported-car-133000007.html
SHOCKER! Online advertising is often fraudulent!
http://www.sfgate.com/technology/businessinsider/article/4-Ad-Execs-Just-Admitted-That-Online-Adtech-Is-4888221.php
Why is it so darned hard to feel sorry for lawyers?
http://www.sun-sentinel.com/news/local/crime/fl-rothstein-attorney-arraign-20131011,0,4341539.story
“Here’s your paycheck. Gonna need half of it back, though.” Worst. Boss. Ever.
http://www.latimes.com/local/lanow/la-me-ln-contractor-indicted-fraud-wages-20131010,0,296609.story
Posted by Douglas G. Wood. Click on ABOUT for more information and follow Financial Crimes Weekly on Twitter @FightFinCrime
Gypsies, Tramps, and Thieves – Selected Financial Crimes Snapshot 10/4/2013
Posted by Douglas Wood, Editor. http://www.linkedin.com/in/dougwood
I’m sure the Gypsies just wanted to help… No?
http://www.greeleygazette.com/press/?p=23299
You just can’t make this stuff up. Thai prostitutes hired to kill rhinos in trophy hunting scam.
http://planetsave.com/2011/07/24/thai-prostitutes-hired-to-kill-rhinos-in-south-african-trophy-hunting-scam/
Ummm… she may have had a ‘brain injury’ when she thought this one up….
http://www.cnn.com/2013/09/30/justice/boston-one-fund/index.html
Good cop? No… bad cop
http://www.upi.com/Top_News/US/2013/10/04/Miami-police-officer-found-guilty-of-identity-theft-tax-fraud/UPI-26251380893747/
Posted by Douglas G. Wood. Click on ABOUT for more information and follow Financial Crimes Weekly on Twitter @FightFinCrime
Premium Fraud – Piano Tuners and Window Washers?
Posted by Douglas Wood, Editor.
I came across a news article earlier this week regarding a business owner convicted of fraudulently avoiding worker’s compensation premiums. The link to that news article is below.
It brought to mind some fascinating work I was involved with a few years ago to help a state run Worker’s Compensation Bureau more effectively detect this kind of fraud. Their biggest concern was recovering monies owed by companies who illegally misrepresent themselves for the purpose of reducing or avoiding the payment of premiums. Here’s how these scams work…
Intentional Misclassification: A crooked business claims that employees work safer jobs than they really do. Perhaps a high-rise window washer is falsely classified as a piano tuner. Much lower premiums, obviously.
Employee Misrepresentation: A business says it has fewer employees or a lower payroll than it actually does.
Coverage Avoidance/Experience Modification: A business simply doesn’t buy the required insurance, hoping state officials won’t notice. If the state learns of the avoidance, the company will simply close, then re-emerge as a ‘new’ company’ in order to avoid the payments.
So the state bureau I worked with needed to understand when, for example, a ‘piano tuner’ was requesting a permit for high rise window washing. Red flag, right? Or when an five separate claims were filed by employees of a company who stated they had only 3 employees. Another red flag.
Oh, and what about a new company registrant whose owners, address, telephone number, and line of business are all suspiciously similar to those of a recently closed business who owed thousands of dollars in back premiums. BIG red flag.
The state itself had all of the data it needed to detect this fraud. The problem, as is often the case, is that the data sat in different jurisdictions. Working with our client, we helped those other jurisdictions – Business Registrations, Building Permits, Tax Departments, etc. – understand the value of sharing that data. That’s the key to this success story – data sharing. Without it, problems are much more difficult to solve.
Ultimately, we delivered a system that included business rules, anomaly detection, and social network analysis. It provided the bureau with the ability to flag those anomalies using their existing data infrastructure and fraud alert output from those other state agencies.
With the tools in place to trigger those red flags, the agency immediately began recovering lost premiums, prosecuting offenders, and ultimately adding much needed revenue to the state coffers.
Fraudsters who choose to commit financial crimes are always coming up with new scams. Those of us committed to delivering true technology innovations through data sharing are starting to put a real dent in their chosen profession, though.
Maybe they can tune pianos instead. Do they need a building permit for that?
http://www.workerscompensation.com/compnewsnetwork/mobile/news/17511-investigation-leads-to-conviction-of-ca-business-owner-for-insurance-fraud.htmlgus
Posted by Douglas G. Wood. Click on ABOUT for more information and follow Financial Crimes Weekly on Twitter @FightFinCrime
Psychics, Housewives, and Weekends with Bernie – Selected Financial Crimes Snapshot 9/26/2013
Posted by Douglas Wood, Editor. http://www.linkedin.com/in/dougwood
Florida psychic found guilty of fraud. You think she’d have seen this coming, no?…
http://www.sun-sentinel.com/news/local/crime/fl-rose-marks-verdict-20130926,0,4382976.story?page=2
Madoff accountant could be spending more than just weekends with Bernie…
http://www.stamfordadvocate.com/news/article/Greenwich-man-faces-federal-charges-in-Madoff-4847586.php
Real Housewife in Real Trouble. Teresa Giudice talks about fraud charges…
http://radaronline.com/exclusives/2013/09/teresa-giudice-fraud-charges-crying-andy-cohen/
Medicare fraud trouble in Fargo? Aw geez. Where’s Marge Gunderson when ya need ‘er?
http://www.minotdailynews.com/page/content.detail/id/578432/Wash–doctor-in-ND-court-on-Medicare-fraud-charges.html
Posted by Douglas G. Wood. Click on ABOUT for more information and follow Financial Crimes Weekly on Twitter @FightFinCrime
SEC taking stock of analytics (and a cool use case for stock exchanges)
Posted by Douglas Wood, Editor.
I read with interest today an article about the SEC’s use of analytics in the ongoing fight against financial crimes. The link to that article is below. It reminded me of some work I once did with a major stock exchange around insider trading.
As a passionate anti-fraud technologist, I was thrilled with the challenge of helping the stock exchange better recognize cases of illegal insider trading. The results of the work we did was pretty cool.
The stock exchange – as do all exchanges – had a great deal of data at their disposal. They knew, for example, the names of each and every ‘insider’ within every company listed on their exchange. Insiders include senior executives, board members, legal counsel, auditors, and so on. Basically, everyone who knew – or ought to have known – about an upcoming event that would likely cause a significant change in stock price.
They also knew, of course, the identity of investors who traded profitably prior to the public release of that information. The problem was exposing the hidden relationships that might exist between Insiders and investors.
Here is an actual example… Joe Blow was an associate partner at the independent accounting firm responsible for auditing the quarterly financial results of publicly traded Company A. By definition, Joe is an insider. He knows Company A’s financials. Jane Doe dumped her entire position in Company A mere days ahead of what turned out to be very poor results. The stock plummeted, and Jane was saved from significant losses. She was seemingly a complete outsider. So, did she somehow know Joe Blow (or any other insider)? Or was she just one lucky gal.
Using link analysis, crime mapping, and behavioral analytics, we set about the challenge of finding out. Here’s what the analytics exposed:
Joe Blow, the insider by way of being employed at Company A’s auditing firm, shared an address with… oh, let’s call him “Rich Quick”. Rich held no positions with Company A whatsoever. He did, however, own a pet food store with a lovely young lady. Can you guess her name? Yep.. Jane Doe. So, the analytics exposed that Company A had an insider relationship with Joe Blow. Joe lived with Rich Quick. Rich owned a business with Jane Doe. Coincidence? Not likely.
Without the ability to draw out hidden links between individuals and organizations, this case may never have been discovered. It’s like Six Degrees of Kevin Bacon, only with much higher stakes. All of the suspects were investigated and prosecuted.
(Note: All the names in this example are fictitious, but the case is not. If your name happens to be Jane Doe, Joe Blow, Rich Quick… or if you work for an organization called Company A, rest assured that I’m not talking about you.)
Here is the link to the SEC article. http://fcw.com/articles/2013/09/18/sec-taps-analytics-to-predict-risk.aspx?s=fcwdaily_190913 .
Financial Crimes and Technology
Posted by Douglas Wood, Editor.
In the midst of preparing for a presentation last week, I entered the term “financial crimes” into my internet search engine. I’ve probably done this same search a hundred times, but seemingly never took notice of the staggering number of results. Over two million of them!
Among those results are a stunning number of definitions, news reports, and general articles. But with so many links to seemingly unconnected terms such as check fraud, credit card fraud, medical fraud, insider trading, bank fraud, health care fraud, tax evasion, bribery, identity theft, counterfeiting, and money laundering – it must appear to the uninitiated that an understanding of ‘financial crimes’ requires an Einstein-like intelligence pedigree.
To those involved in the daily prevention / detection / and investigation of financial crimes, however, the term can be effectively boiled down to:
1) Intentional deception made for personal gain, and
2) The illegal process of concealing the source of those gains.
Everything else – all that other noise – simply falls underneath that definition, and only a cohesive combination of human intelligence and technology can take a bite out of those crimes.
Of course, most companies that are targets of these crimes invest heavily in different forms of technology for enterprise fraud management and anti-money laundering systems. There are dozens of vendors in this market with varying levels of functionality and service offerings.
The problem with too many of those offerings, however, is that they do not account for organizational truths such as functional (and data) silos, data quality issues, changing criminal tactics, human limitations, and big data.
A complete enterprise solution for financial crimes management must include automated processes for:
Customer Onboarding – Knowing the customer is the first step an organization can take to prevent financial crimes. A holistic view of an entity – customers, partners, employees – provides a very clear view of what is already known about the entity including their past interactions and relationships with other entities.
Flexible Rules-Based Alert Detection – A robust rules-based alert detection process must provide out-of-box functionality for the types of crimes outlined at the beginning of this article. At the same time, it should be flexible enough for an organization to modify or create rules as criminal activities evolve.
Predictive Analytics – Expected by analysts to become a 5.25B industry by 2018, predictive analytics ensures that big data is scrutinized and correlated with present and past historical trends. Predictive analytics utilizes a variety of statistics and modeling techniques and also uses machine information, data mining, and Business Intelligence (BI) tools to make predictions about the future behaviors including risk and fraud.
Social Network Analysis – Also known as Fraud Network Analysis, this emerging technology helps organizations detect and prevent fraud by going beyond rules and predictive analytics to analyze all related activities and relationships within a network. Knowing about shared telephone numbers, addresses or employment histories allows companies to effectively ‘cluster’ groups of suspected financial crime perpetrators. The key here, however, is context. Many technologies can build these networks and clusters for review, but precious few can provide the key “what does this mean” element that business users require.
Investigation Management and Adjudication – Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.
Anti-Money Laundering (AML) and Regulatory Compliance – With record fines being assessed to financial institutions globally, AML compliance is very clearly a major requirement within a financial crimes management solution. The oversight requirements grow almost daily, but at a minimum include out of box functionality for suspicious activity monitoring, regulatory reporting, watch list filtering, customer due diligence, Currency Transaction Report (CTR) processing, and the Foreign Account Tax Compliance Act (FATCA) compliance.
Now, there are clearly many more dynamics than can be summarized here but hopefully the point is made. The only way that organizations can continue to drive fraud and money laundering out is via a happy marriage between skilled financial crimes professionals and the flexible/adaptable technology that empowers them.
Posted by Douglas G. Wood. Click on ABOUT for more information.