Tag Archives: link visualization

IBM Crime Analytics: Missing the mark? CTS Hits the bullseye!

quote-one-may-miss-the-mark-by-aiming-too-high-as-too-low-thomas-fuller-10-41-63Posted by Crime Tech Solutions – Your source for analytics in the fight against crime and fraud.
September 7, 2015. IBM announced this week a major update to its IBM i2 Safer Planet intelligence portfolio that includes a major overhaul of the widely used Analyst’s Notebook product. The product, which has become increasingly abandoned by its user base over the past five years, is now being positioned as ‘slicker‘ than previous versions.
IBM suggests that the new version scales from one to 1,000 users and can ingest petabytes of information to visualize. (A single petabyte roughly translates to 20,000,000 four-drawer filing cabinets completely filled with text).
That’s a lot of data. Seems to me that analysts are already inundated with data… now they need more?
This all begs the question: “Where is IBM headed with this product?”
The evidence seems to point to the fact that IBM wants this suite of products to compete head-to-head with money-raising machine and media darling Palantir Technologies. If I’m IBM, that makes sense. Palantir has been eating Big Blue’s lunch for a few years now, particularly at the lucrative US Federal market level. Worse yet, for IBM i2, is the recent news of a new competitor with even more powerful technology.
If I’m a crime or fraud analyst, however, I have to view this as IBM moving further and further away from my reality.
The reality? Nobody has ever yelled “Help! I’ve been robbed. Call the petabytes of ‘slick’ data!”  No, this tiring ‘big data’ discussion is not really part of the day to day work for the vast majority of analysts. Smart people using appropriate data with intuitive and flexible crime technology solutions… that’s the reality for most of us.
So, as IBM moves their market-leading tool higher and higher into the stratosphere, where does the industry turn for more practical desktop solutions with realistic pricing? For more and more customers around the world, the answer is a crime and fraud link analytics tool from Crime Tech Solutions.
No, it won’t ingest 20,000,000 four-drawer filing cabinets of data, and it’s more ‘efficient‘ than ‘slick‘. Still, the product has been around for decades as a strong competitor to Analysts Notebook, and is well-supported by a network of strategic partners around the world. Importantly, it is the only American made and supported alternative. Period. It’s also, seemingly, the last man standing in the market for efficient and cost-effective tools that can be used by real people doing their real jobs.

Is "Minority Report" pure fiction?

Minority-Report-editPosted by Douglas Wood.
Journalist Raj Shekhar had an interesting article in the Times of India this week.
It’s like PreCrime, only four decades early. The “predictive policing” system seen in the Tom Cruise blockbuster Minority Report is now taking shape in Delhi. But instead of the three slime-immersed psychic “Precogs” that system relied on, Delhi Police’s crime prediction will be based on cold, hard data.
Once Enterprise Information Integration Solution or ‘EI2S’—a system that puts petabytes of information from more than a dozen crime databases at police staff’s fingertips—is ready, Delhi Police will be able to implement its ‘Crime Forecast’ plan to predict when and where criminals will strike.
The technology is not as fanciful as it seems at first and is already being tried out in many important cities, including New York, Los Angeles, London and Berlin. Officers associated with the plan say the software will analyze police data for patterns, compare it with other data from jails, courts and other crime-fighting agencies, and alert police to the likely threats. Data will be available not only on the suspects but also their likely victims.
A global tender has been floated for the project and Delhi Police is in talks with various firms for the technology.
According to the article, the system can help pre-empt many situations. For example, a violent clash between two gangs. It can identify individuals who are likely to join gangs or take to crime in an area based on the analyses of their behaviour and network. It can also curb domestic violence by identifying a pattern and predicting the next attack, the article said.
It all boils down to spotting patterns in mountains of data using tremendous computing power. A police document about the plan states that investigators should be able to perform crime series identification, crime trend identification, hot spot analysis and general analysis of criminal profiles. Link analysis will help spot common indicators of a crime by establishing associations and non obvious relationships between entities.
Using neighbourhood analysis, police will be able to understand crime events and the circumstances behind them in a small area as all the crime activity in a neighbourhood will be available for analysis. Criminal cases will be classified into multiple categories to understand what types of crime an area is prone to and the measures needed to curb them. Classification will be done through profiles of victims, suspects, localities and the modus operandi.
Another technique, called proximity analysis, will provide information about criminals, victims, witnesses and other people who are or were within a certain distance of the crime scene. By analyzing demographic and social trends, investigators will be able to understand the changes that have taken place in an area and their impact on criminality.
Network analysis will also be a part of this project to identify the important characteristics and functions of individuals within and outside a network, the network’s strengths and weaknesses and its financial and communication data.
While the system could help fight crime and rid Delhi of its ‘crime capital’ tag, it is bound to raise concerns over privacy and abuse as no predictive system can be foolproof.

The Name Game Fraud

  1. Hello-my-name-is1Posted by Douglas Wood, Editor. Alright everybody, let’s play a game. The name game!

“Shirley, Shirley bo Birley. Bonana fanna fo Firley. Fee fy mo Mirley. Shirley!” No, not THAT name game. (Admit it… you used to love singing the “Chuck” version, though.)
The name game I’m referring to is slightly more sinister, and relates to the criminal intent to deceive others for gain by slightly misrepresenting attributes in order to circumvent fraud detection techniques. Pretty much anywhere money, goods, or services are dispensed, folks play the name game.
Utilities, Insurance, Medicaid, retail, FEMA. You name it.
Several years ago, I helped a large online insurance provider determine the extent to which they were offering insurance policies to corporations and individuals with whom they specifically did not want to do business. Here’s what the insurer knew:

  1. They had standard application questions designed to both determine the insurance quote AND to ensure that they were not doing business with undesirables. These questions included things such as full name, address, telephone number, date of birth, etc… but also questions related to the insured property. “Do you live within a mile of a fire station?”, Does your home have smoke detectors?”, and “Is your house made of matchsticks?”
  2. On top of the questions, the insurer had a list of entities with whom the knew they did not want to do business for one reason or another. Perhaps Charlie Cheat had some previously questionable claims… he would have been on their list.

In order to circumvent the fraud prevention techniques, of course, the unscrupulous types figured out how to mislead the insurer just enough so that the policy was approved. Once approved, the car would immediately be stolen. The house would immediately burn down, etc.
The most common way by which the fraudsters misled the insurers was a combination of The Name Game and modifying answers until the screening system was fooled. Through a combination of investigative case management and link analysis software, I went back and looked at several months of historical data and found some amazing techniques used by the criminals. Specifically, I found one customer who made 19 separate online applications – each time changing just one attribute or answer slightly – until the policy was issued. Within a week of the policy issue, a claim was made. You can use your imagination to determine if it was a legitimate claim. 😀
This customer, Charlie Cheat (obviously not his real name), first used his real name, address, telephone number, and date of birth… and answered all of the screening questions honestly. Because he did not meet the criteria AND appeared on an internal watch list for having suspicious previous claims, his application was automatically denied. Then he had his wife, Cheri Cheat, complete the application in hopes that the system would see a different name and approve the policy. Thirdly, he modified his name to Charlie Cheat, Chuck E. Cheat, and so on. Still no go. His address went from 123 Fifth Street to 123-A 5th Street. You get the picture.
Then he began to modify answers to the screening questions. All of a sudden, he DID live within a mile of a fire station… and his house was NOT made of matchsticks… and was NOT located next door to a fireworks factory. After almost two dozen attempts, he was finally issued the policy under a slightly revised name, a tweak in his address, and some less-than-truthful answers on the screening page. By investing in powerful  investigative case management software with link analysis and fuzzy matching this insurer was able to dramatically decrease the number of policies issued to known fraudsters or otherwise ineligible entities.
Every time a new policy is applied for, the system analyzes the data against previous responses and internal watch lists in real time.  In other words, Charlie and Cheri just found it a lot more difficult to rip this insurer off. These same situations occur in other arenas, costing us millions annually in increased taxes and prices. So, what happened to the Cheats after singing the name game?
Let’s just say that after receiving a letter from the insurer, Charlie and Cheri started singing a different tune altogether.

Using Link Analysis to untangle fraud webs

Posted by Douglas Wood, Editor.
NOTE: This article originally appeared HERE by Jane Antonio. I think it’s a great read…
Link analysis has become an important technique for discovering hidden relationships involved in healthcare fraud. An excellent online source, FierceHealthPayer:AntiFraud, recently spoke to Vincent Boyd Bryant about the value of this tool for payer special investigations units.
A former biometric scientist for the U.S. Department of Defense, Bryant has 30 years of experience in law enforcement and intelligence analysis. He’s an internationally-experienced investigations and forensics expert who’s worked for a leading health insurer on government business fraud and abuse cases.
How does interactive link analysis help insurers prevent healthcare fraud? Can you share an example of how the tool works?

Boyd Bryant: Link analysis is most often used to piece together different kinds of data from multiple sources–to identify key players, connections between those players and patterns of behavior frequently missed. It can simplify an understanding of the level of involvement of individuals and criminal organizational hierarchies and can greatly simplify visualizing and communicating the operations of complex criminal enterprises.

One thing criminals do best is hide pots of money in different places. As a small criminal operation becomes successful, it will often expand its revenue streams through associated businesses. Link analysis is about trying to figure out where all those different baskets of revenue may be. Insurers are drowning in a sea of theft. Here’s where link analysis becomes beneficial. Once insurers discover a small basket of money lost to a criminal enterprise, then serious research needs to go into finding out who owns the company, who they’re associated with, what kinds of business they’re doing and if there are claims associated with it.
You may find a clinic, for example, connected to and working near a pharmacy, a medical equipment supplier, a home healthcare services provider and a construction company. Diving into those companies and what they do, you find that they’re serving older patients for whom multiple claims from many providers exist. The construction company may be building wheelchair ramps on homes. And you may find that the providers are claiming payment for dead people. Overall, using this tool requires significant curiosity and a willingness to look beyond the obvious.
Any investigation consists of aggregating facts, generating impressions and creating a theory about what happened. Then you work to confirm or disconfirm your theory. It’s important to have tools that let you take large masses of facts and visualize them in ways that cue you to look closer.
Let’s say you investigate a large medical practice and interview “Doctor Jones.” The day after the interview, you learn through link analysis that he transferred $11 million from his primary bank account to the Cayman Islands. And in looking at Dr. Jones’ phone records, you see he called six people, each of whom was the head of another individual practice on whose board Dr. Jones sits. Now the investigation expands, since the timing of those phone calls was contemporaneous to the money taking flight.
Why are tight clusters of similar entities possible indicators of fraud, waste or abuse?
Bryant: When you find a business engaged in dishonest practices and see its different relationships with providers working out of the same building, this gives rise to reasonable suspicion. The case merits a closer look. Examining claims and talking to members served by those companies will give you an indication of how legitimate the operation is.
What are the advantages of link analysis to payer special investigation units, and how are SIUs using its results?
Bryant:  Link analysis can define relationships through data insurers haven’t always had, data that traditionally belonged to law enforcement.
Link analysis results in a visual reference that can take many forms: It can look like a family tree, an organizational chart or a time line. This reference helps investigators assess large masses of data for clustering and helps them arrive at a conclusion more rapidly.

Using link analysis, an investigator can dump in large amounts of data–such as patient lists from multiple practices–and see who’s serving the same patient. This can identify those who doctor shop for pain medication, for example. Link analysis can chart where this person was and when, showing the total amount of medication prescribed and giving you an idea of how the person is operating.
What types of data does link analysis integrate?
Bryant: Any type of data that can be sorted and tied together can be loaded into the tool. Examples include telephone records, addresses, vehicle information, corporate records that list individuals serving on boards and banking and financial information. Larger supporting documents can be loaded and linked to the charts, making cases easier to present to a jury.
Linked analysis can pull in data from state government agencies, county tax records or police records from state departments of correction and make those available in one bucket. In most cases, this is more efficient than the hours of labor needed to dig up these types of public records through site visits.
Is there anything else payers should know about link analysis that wasn’t covered in the above questions?
Bryant: The critical thing is remembering that you don’t know what you don’t know. If a provider or member is stealing from the plan in what looks like dribs and drabs, insurers may never discover the true extent of the losses. But if–as a part of any fraud allegation that arises–you look at what and who is associated with the subject of the complaint, what started as a $100,000 questionable claims allegation can expose millions of dollars in inappropriate billings spread across different entities.

Part Two: Major Investigation Analytics – Big Data and Smart Data

Posted by Douglas Wood, Editor.
As regular readers of this blog know, I spend a great deal of time writing about the use of technology in the fight against crime – financial and otherwise. In Part One of this series, I overviewed the concept of Major Investigation Analytics and Investigative Case Management.
I also overviewed the major providers of this software technology – Palantir Technologies, Case Closed Software, and Visallo. The latter two recently became strategic partners, in fact.
The major case for major case management (pun intended) was driven home at a recent crime and investigation conference in New York. Full Disclosure: I attended the conference for educational purposes as part of my role at Crime Tech Weekly. Throughout the three day conference, speaker after speaker talked about making sense of data. I think if I’d have heard the term ‘big data’ one more time I’d have gone insane.  Nevertheless, that was the topic du jour as you can imagine, and the 3 V’s of big data – volume, variety, and velocity – remain a front and center topic for the vendor community serving the investigation market.
According to one report, 96% of everything we do in life – personal or at work – generates data. That statement probably best sums up how big ‘big data’ is.  Unfortunately,  there was very little discussion about how big data can help investigate major crimes. There was a lot of talk about analytics, for sure, but there was a noticeable lack of ‘meat on the bone’ when it came to major investigation analytics.
Nobody has ever yelled out “Help, I’ve been attacked. Someone call the big data!”. That’s because big data doesn’t, in and by itself, do anything.  Once you can move ‘big data’ into ‘smart data’, however, you have an opportunity to investigate and adjudicate crime. To me, smart data (in the context of investigations) is a subset of an investigator’s ability to:

  1. Quickly triage a threat (or case) using only those bits of data that are most immediately relevant
  2. Understand the larger scope of the crime through experience and crime analytics, and
  3. Manage that case through intelligence-led analytics and investigative case management, data sharing, link exploration, text analytics, and so on.

Connecting the dots, as they say. From an investigation perspective, however, connecting dots can be daunting. In the children’s game, there is a defined starting point and a set of rules.  We simply need to follow the instructions and the puzzle is solved. Not so in the world of the investigator. The ‘dots’ are not as easy to find. It can be like looking for a needle in a haystack, but the needle is actually broken into pieces and spread across ten haystacks.
Big data brings those haystacks together, but only smart data finds the needles… and therein lies the true value of major investigation analytics.

Major Investigation Analytics – No longer M.I.A. (Part One)

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood
Long before the terrorist strikes of 9/11 created a massive demand for risk and investigation technologies, there was the case of Paul Bernardo.
Paul Kenneth Bernardo was suspected of more than a dozen brutal sexual assaults in Scarborough, Canada, within the jurisdiction of the Ontario Provincial Police. As his attacks grew in frequency they also grew in brutality, to the point of several murders. Then just as police were closing in the attacks suddenly stopped. That is when the Ontario police knew they had a problem. Because their suspect was not in jail, they knew he had either died or fled to a location outside their jurisdiction to commit his crimes.
The events following Bernardo’s disappearance in Toronto and his eventual capture in St. Catharines, would ultimately lead to an intense 1995 investigation into police practices throughout the Province of Ontario, Canada. The investigation, headed by the late Justice Archie Campbell, showed glaring weaknesses in investigation management and information sharing between police districts.
Campbell studied the court and police documents for four months and then produced a scathing report that documented systemic jurisdictional turf wars among the police forces in Toronto and the surrounding regions investigating a string of nearly 20 brutal rapes in the Scarborough area of Toronto and the murders of two teenaged girls in the St. Catharines area. He concluded that the investigation “was a mess from beginning to end.”
Campbell went on to conclude that there was an “astounding and dangerous lack of co-operation between police forces” and a litany of errors, miscalculations and disputes. Among the Justice’s findings was a key recommendation that an investigative case management system was needed to:

  1. Record, organize, manage, analyze and follow up all investigative data
  2. Ensure all relevant information sources are applied to the investigation
  3. Recognize at an early stage any linked or associated incidents
  4. “Trigger” alerts to users of commonalities between incidents
  5. Embody an investigative methodology incorporating standardized procedures

Hundreds of vendors aligned to provide this newly mandated technology, and eventually a vendor was tasked with making it real with the Ontario Major Case Management (MCM) program. With that, a major leap in the evolution of investigation analytics had begun. Today, the market leaders include IBM i2, Case Closed Software, Palantir Technologies, and Visallo.
Recently, the Ottawa Citizen newspaper published an indepth article on the Ontario MCM system. I recommend reading it.
Investigation analytics and major case management
The components of major investigation analytics include: Threat Triage, Crime & Fraud Analytics, and Intelligence-Lead Investigative Case Management. Ontario’s MCM is an innovative approach to solving crimes and dealing with complex incidents using these components. All of Ontario’s police services use this major investigation analytics tool to investigate serious crimes – homicides, sexual assaults and abductions. It combines specialized police training and investigation techniques with specialized software systems. The software manages the vast amounts of information involved in investigations of serious crimes.
Major investigation analytics helps solve major cases by:

  1. Providing an efficient way to keep track of, sort and analyze huge amounts of information about a crime:  notes, witness statements, door-to-door leads, names, locations, vehicles and phone numbers are examples of the types of information police collect
  2. Streamlining investigations
  3. Making it possible for police to see connections between cases so they can reduce the risk that serial offenders will avoid being caught
  4. Preventing crime and reducing the number of potential victims by catching offenders sooner.

See Part Two of this series here.

Part 2: Investigating the Investigations – X Marks the Spot

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood
Part One of this series is HERE.
Most of the financial crimes investigators I know live in a world where they dream of moving things from their Inbox to their Outbox. Oh, like everyone else, they also dream about winning the lottery, flying without wings, and being naked in public. But in terms of the important roles they perform within both public and private sectors, there is simply Investigating (Inbox) and Adjudication (Outbox). Getting there requires a unique blend of their own capabilities, the availability of data, and the technology that allows them to operate. In the diagram below, ‘X‘ marks the spot where crimes are moved from the Inbox to the Outbox. Without any of those three components, an investigation becomes exponentially more difficult to conclude.
Presentation1
In part one of this article two weeks ago, I wrote about the Investigation Management & Adjudication (IMA) side of financial crimes investigations. I coined that term to call out what is arguably the most integral component of any enterprise fraud management (EFM) ecosystem. The original EFM overview is here.

   “The job is almost unrecognizable to those who once used rotary phones in smoke filled offices…

Twenty years ago, IMA was based primarily upon human eyes. Yes, there were technology tools available such as Wordperfect charts and Lotus 1-2-3 spreadsheets, but ultimately it was the investigator who was tasked with finding interesting connections across an array of data elements including handwritten briefs, telephone bills, lists of suspect information, and discussions with other investigators. The job got done, though. Things moved from the Inbox to the Outbox, arrests were made and prosecutions were successful. Kudos, therefore, to all of the investigators who worked in this environment.
Fast forward to today, and the investigator’s world is dramatically different. The job is the same, of course, but the tools and mass availability of data has made the job almost unrecognizable to those who once used rotary phones in smoke filled offices. Organizations began building enterprise data warehouses designed to provide a single version of the truth. Identity Resolution technology was implemented to help investigators recognize similarities between entities in that data warehouse. And today, powerful new IMA tools are allowing easy ingestion of that data, improved methods for securely sharing across jurisdictions, automated link discovery, non-obvious relationship detection, and interactive visualization tools, and -importantly – packaged e-briefs which can be understood and used by law enforcement, prosecutors, or adjudication experts.

     “Without any of these components, everything risks falling to the outhouse…

With all these new technologies, surely the job of the Investigator is becoming easier? Not so fast.
IMA tools – and other EFM tools – do nothing by themselves. The data – big data – does nothing by itself. It just sits there. The best investigators – without tools or data – are rendered impotent.  Only the combination of skilled, trained investigators using the best IMA tools to analyze the most useful data available results in moving things from the Inbox to the Outbox. Without any of these components… everything eventually risks falling to the Outhouse.
Kudos again, Mr. and Mrs. Investigator. You’ll always be at the heart of every investigation. Here’s hoping you solve for X every day.

Investigating the Investigations.

Posted by Douglas Wood, Editor.
A few years ago, I read a book called Fraud Analytics by Delena Spann.  Ms. Spann is with the U.S. Secret Service, Electronic & Financial Crimes Task Force. The book is an overview of investigation analytics with specific information about some former technology leaders in this area.
The IBM i2 toolset is discussed, along with offerings from Raytheon, Centrifuge, and SAS, and FMS’ Link Analytics, and others. (My friend Chris Westphal, formerly of Raytheon Visual Analytics, by the way, published his book ‘Data Mining for Intelligence, Fraud & Criminal Detection’ a few years ago and is another one I strongly recommend.)
Both books offer advice and use cases on how technology can be applied in the fight against crime. A few months ago, I summarized the types of technology being put to use as tools to prevent, detect, and investigate fraud and other criminal activities. (It’s worth a quick read.) What I’m investigating today, however, is… well, investigations.

“IMA is the most critical connection between technology and investigators.”

In my technology summary, I termed this area Investigation Management & Adjudication (IMA). IMA is the most critical connection between technology and humans within an enterprise fraud management ecosystem. Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.
IBM i2 has long been considered a thought and market leader in this segment – deservedly or not. Palantir Technologies plays in this area as well. Perhaps no company is more in tune with this market, though, than Visallo with their leading investigation analytics platform. Each platform clearly adds value to investigation case management solutions by providing powerful, emerging functionalities that allow easy and intuitive consumption of data in any form. For investigators, the more data – and the easier that data is to consume – the better.

“Users want actionable intelligence, not endless queries.”

What makes for good IMA? A few things, actually. First among them is the technology’s ability to adapt to the way human beings think and act. Users want actionable intelligence, not endless queries. IMA tools, therefore, ought to interact with the investigator in a consultative way that a fellow investigator would. “Hey, have you thought about this, Mr. Investigator?” and “Maybe you should look at that.”
Second, IMA ought to have context. Technologies that simply point to two entities and say, ‘Hey these things look linked‘ are great but leave all of the thinking up to Mr. Investigator. The IMA tools that I like have contextual values associated to those links. ‘Hey, these things look linked AND here’s why that’s important’. Big difference.
Third, IMA should bring the investigations to closure. There are a lot of data mining tools out there that allow querying with case management. How, though, does the investigator get to the point where an investigation is solved and prosecutable? Once again, the most functional IMA products act the way humans do. They package up the results of the investigation in an easy-to-comprehend document that can be shared internally or with police. No loose ends.

“Every investigation ends with an investigator.”

Predictive analytics, big data, and real-time alert scoring are the current industry buzzwords. They should be. They’re important. At the end of the day, however, every investigation ends with an investigator. Putting the right tools in their hands is often the difference between success and failure in an entire enterprise investigation system.
That’s precisely what Crime Tech Solutions, LLC does. Please take a moment to look us over.
Part Two of this series is now available HERE.

To 314(b) or not to 314(b)?

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood
FinCEN today (November 1, 2013) released a fact sheet regarding data sharing between financial institutions under the Section 314(b) of the US Patriot Act.
314(b) provides financial institutions with the ability to share information with one another, under a safe harbor that offers protections from liability, in order to better identify and report potential money laundering or terrorist activities.  314(b) information sharing is a voluntary program, and FinCEN has always encouraged its use.
A few years ago, I spent considerable time looking at the overall 314(b) program. I interviewed dozens of Chief Compliance Officers (CCO) and AML/Fraud experts. I found that, despite the benefits to financial institutions – reduction of fraud loss, more complete SARs filings, shedding light on financial trails, etc – the program was not particularly well-utilized. The system, for all it’s good intentions, is very manual.
Imagine you are a 314(b) officer at a financial institution. Your job is to facilitate the data sharing amongst the community. So, much of your time is spent interacting with your CCO on which specific cases should be shared, and with whom. When you get that information, you open up you financial crimes investigation tools, and begin contacting your counterparts across the U.S. and asking them “Hey, do you know anything about Douglas Wood?” You’re calling the other officers completely blind with no idea whatsoever if they know Doug. In the meantime, your voicemail inbox is being flooded with other calls from other institutions asking if you know a bunch of other people (or entities).
Finding the institutions that know Douglas Wood is a lot like looking for a needle in a haystack… except you don’t know which haystacks to look in. The system too often grinds to a halt, despite some excellent work being done by 314(b) officers across the country. There has to be a better way, and some have proposed a data contribution system where financial institutions upload their bad guy data into one large third-party haystack, making the needle a little easier to find. As an advocate for the use of technology in the fight against financial crimes, I hope that model finds some success. The problem, of course, is that banks are LOATHED to put their data in the hands of a third party. Also, it’s typically up to each individual bank to decide if and when they choose to upload their data to be inter-mingled with other institutions. Far too often, it is not entirely reliable and not particularly current.
There is a better way. Several years ago, working with some tech-savvy employees, I envisioned a member-based 314(b) program where each institution maintained total control of their data. The model does not require individual banks to contribute their data for inter-mingling.  All ‘bad guy’ data sits and remains securely behind the banks’ respective firewalls. When an individual bank sends out a request to find out who, if anyone, may have information about a suspicious entity, the request is systematically sent out to all members using a secure network such as SWIFT, for example. That electronic search returns to the querying bank only a risk score which indicates the likelihood that another member is investigating the same entity.
No personally identifiable information (PII) is ever shared, yet the search is productive. The enquiring bank now knows that the person of interest was found in the bad guy data from other participating institutions. With this information in hand, the respective 314(b) officers can move their voicemail exchanges from “Have you ever heard of Douglas Wood” to “We’re both investigating Douglas Wood… let’s do it together.” The time-consuming, manual efforts are dramatically reduced and more bad guys are put away.
So if the question is to 314(b) or not to 314(b), perhaps the answer lies in data privacy compliant technology.

Financial Crimes and Technology

Posted by Douglas Wood, Editor. 

In the midst of preparing for a presentation last week, I entered the term “financial crimes” into my internet search engine. I’ve probably done this same search a hundred times, but seemingly never took notice of the staggering number of results. Over two million of them!

Among those results are a stunning number of definitions, news reports, and general articles. But with so many links to seemingly unconnected terms such as check fraud, credit card fraud, medical fraud, insider trading, bank fraud, health care fraud, tax evasion, bribery, identity theft, counterfeiting, and money laundering – it must appear to the uninitiated that an understanding of ‘financial crimes’ requires an Einstein-like intelligence pedigree.

To those involved in the daily prevention / detection / and investigation of financial crimes, however, the term can be effectively boiled down to:

1) Intentional deception made for personal gain, and

2) The illegal process of concealing the source of those gains.

Everything else – all that other noise – simply falls underneath that definition, and only a cohesive combination of human intelligence and technology can take a bite out of those crimes.

Of course, most companies that are targets of these crimes invest heavily in different forms of technology for enterprise fraud management and anti-money laundering systems.  There are dozens of vendors in this market with varying levels of functionality and service offerings.

The problem with too many of those offerings, however, is that they do not account for organizational truths such as functional  (and data) silos, data quality issues, changing criminal tactics, human limitations, and big data.

A complete enterprise solution for financial crimes management must include automated processes for:

Customer Onboarding – Knowing the customer is the first step an organization can take to prevent financial crimes. A holistic view of an entity – customers, partners, employees – provides a very clear view of what is already known about the entity including their past interactions and relationships with other entities.

Flexible Rules-Based Alert Detection – A robust rules-based alert detection process must provide out-of-box functionality for the types of crimes outlined at the beginning of this article. At the same time, it should be flexible enough for an organization to modify or create rules as criminal activities evolve.

Predictive Analytics – Expected by analysts to become a 5.25B industry by 2018, predictive analytics ensures that big data is scrutinized and correlated with present and past historical trends. Predictive analytics utilizes a variety of statistics and modeling techniques and also uses machine information, data mining, and Business Intelligence (BI) tools to make predictions about the future behaviors including risk and fraud.

Social Network Analysis – Also known as Fraud Network Analysis, this emerging technology helps organizations detect and prevent fraud by going beyond rules and predictive analytics to analyze all related activities and relationships within a network. Knowing about shared telephone numbers, addresses or employment histories  allows companies to effectively ‘cluster’ groups of suspected financial crime perpetrators. The key here, however, is context. Many technologies can build these networks and clusters for review, but precious few can provide the key “what does this mean” element that business users require.

Investigation Management and Adjudication – Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.

Anti-Money Laundering (AML) and Regulatory Compliance – With record fines being assessed to financial institutions globally, AML compliance is very clearly a major requirement within a financial crimes management solution. The oversight requirements grow almost daily, but at a minimum include out of box functionality for suspicious activity monitoring, regulatory reporting, watch list filtering, customer due diligence, Currency Transaction Report (CTR) processing, and the Foreign Account Tax Compliance Act (FATCA) compliance.

Now, there are clearly many more dynamics than can be summarized here but hopefully the point is made. The only way that organizations can continue to drive fraud and money laundering out is via a happy marriage between skilled financial crimes professionals and the flexible/adaptable technology that empowers them.

Posted by Douglas G. Wood. Click on ABOUT for more information.