Harnessing the power of AI for internal fraud detection
Up until very recently, before digital identity theft and online payment fraud became the chart-toppers in the overall financial fraud stakes, internal fraud accounted for close to 70% of all cases annually.
AI has the power to disrupt internal bank fraud monitoring, but are FIs ready to take the plunge?
Yet, employee fraud in financial institutions (FIs) remains a taboo subject and is not discussed or reported very often, possibly to avoid tarnishing an FI’s image and reputation.
While FIs have been spending huge budgets on advanced tools and technology to prevent and intercept frauds committed by customers or external criminals, an aggressive effort must be made to deter and detect internal frauds conducted by FIs’ employees either on their own or by colluding with other parties.
Internal fraud detection in FIs – the current landscape
Over the years, the scale of internal frauds in FIs has reached staggering levels. FI employees are in a unique position of having access to customer accounts, FI internal accounts and records, organisation policies, systems that process lucrative loans, transactions, remittances, credit limits, invoice payments and so on. Yet the internal fraud monitoring and detection landscape is far from mature in most FIs across the globe. Here are some of the current challenges in this space:
Lack of documented policies and procedures around internal fraud monitoring and reporting – Most FIs have a dedicated fraud management function and the standard three lines of defense around it. However, very often the focus is on policies and procedures to prevent, detect and mitigate risks of external frauds involving customers or third parties. Internal fraud prevention and monitoring requires clearly drawn up policies, well documented procedures and educating employees about ethical conduct. A formal internal fraud management mechanism is pivotal in preventing and monitoring employee frauds.
Absence of frameworks to assess internal fraud risks and controls on a dynamic basis – Like any risk management function, internal fraud risk management requires assessment of employee fraud risks and designing corresponding controls. It is imperative to review the effectiveness of such controls while also keeping track of new risks on a regular basis. Such frameworks are not very common in FIs currently.
Lack of tools and technology solutions to monitor employee fraud – Reports suggest that almost all internal frauds in FIs are unearthed either during internal audits or through whistleblowing, at least 12 to 15 months after such fraud is committed. One of the reasons for this is that most FIs do not have technology platforms to monitor employee activities against fraud.
Rule-based technology platforms susceptible to circumvention by errant employees – In FIs where technology solutions have been implemented to monitor internal frauds, they are found to be of the traditional rule-based models. Employees who commit fraud are found to be well versed with such rules and meticulously plan their criminal activities by circumventing such rules. As such, there is a need for a behaviour-based fraud detection tool that tracks employee activities.
Fragmented systems and data leading to lack of holistic view of employee footprint – Most often, FI employees must access multiple systems for their routine work, covering customer accounts, internal accounts and reports and multiple rooms and floors of the office building. Employee footprint data across these systems and locations are most often not aggregated and so it is not possible to get a unified view of an employee’s activities across the organisation. This is a critical requirement to identify red flags in case of improper employee conduct.
Reimagining internal fraud detection solutions in FIs using AI
As we step into a new decade, with renewed promises to fight frauds and other financial crimes, it is imperative to look at intelligent solutions that can prevent and detect internal frauds. With regulators encouraging the use of advanced technologies like analytics, machine learning (ML) and other forms of artificial intelligence (AI) in managing fincrime risks, here are some solutions on how AI can be leveraged to combat internal frauds at FIs:
Automated enterprise-wide risk and controls assessment – AI-powered solutions can be used to assess inherent internal fraud risks, existing controls and their effectiveness and resulting residual risks on a regular dynamic basis, as opposed to a yearly manual exercise. This can be set up by geography, product, line of business (LoB), employee type and tenure (permanent vs contract, newly joined vs long timers), employee role (front end vs back end, business user vs IT user/admin) and so on.
Unified analytics of employee data across all systems, physical and digital accesses – A 360-degree view of an FI’s employee footprint across the physical premises and electronic systems can help in analytics and intelligence on employee conduct. This can cover unusual accesses to accounts, machines or buildings/rooms, uncommon privileges provided and revoked in a short time, indications of abnormal hours spent in the office premises (e.g. late working hours, holiday working) and activities conducted during such time.
Machine learning-based behaviour profiling and anomalous activity detection – A hybrid model where a traditional rule-based platform works in conjunction with an ML-based employee behaviour profiling and anomaly detection platform can improve the effectiveness of internal fraud detection in FIs. The rule-based platform checks employee conduct based on static scenarios, flagging an activity when any scenario or threshold is breached, e.g. a login to a bank system by an employee who is on leave. ML models detect outliers by comparing peer behaviour when an employee is found to be particularly deviating from their expected activity pattern. This can include working hours, kind of accounts touched, volume and frequency of customer detail updates, holidays taken (or not taken) and so on.
Network and linkage analysis using internal and external data of employees and customers – FI employees can commit frauds in collusion with other employees, customers or third parties. Identifying such frauds requires discovering hidden linkages and relationships among such parties, both internal and external to the FI. Integrating an FI’s internal data with external data, including social network analysis where relevant, can help in generating early warning signals of fraudulent activity.
Automated investigation workflow of suspicious employee alerts – An AI-based intelligent workbench providing visualisation of anomalous activities of employees, linkages and risk scores can expedite contextual analysis and investigation of the internal fraud incident. The rich data and insights can enhance the quality, effectiveness and turnaround time for reporting and prosecuting such offences.
Towards AI-led disruption in internal fraud management: the journey ahead
Internal fraud management in banks must be strongly driven by data and powered by AI, given the massive physical and digital footprints employees have across the enterprise. Strong warning systems can enable early detection, while effective control procedures can prevent such frauds altogether.
Integration of internal and external data, linking employee data to customers and third parties and combining structured and unstructured data like chats and emails can generate red flags and high-risk employee behaviour patterns.
All three pillars – people, process, technology – must be aligned for a robust internal fraud prevention and detection framework. AI has the power to disrupt internal bank fraud monitoring, but are FIs ready to take the plunge yet?
Sujata Dasgupta is a multiple international award-winning industry leader, and Global Head of Financial Crimes Compliance Advisory at Tata Consultancy Services Ltd., based in Stockholm, Sweden.
She has over 20 years of experience, having worked extensively in the areas of KYC, Sanctions, AML and Fraud across banking operations, IT services and consulting.
She is an accomplished thought leader, author, columnist and speaker, and is regularly interviewed by reputed international journals for her analysis and opinions on contemporary topics in this area.
She can be contacted on LinkedIn.
