You are here
Combating financial crime with forensic technologies
TECHNOLOGY is increasingly playing a role in detecting fraud cases in organisations and reducing the cost of financial crime compliance and investigations.
With this, digital forensics has come to the fore as regulators, market players and investors focus on preventing or countering commercial fraud in the digital era.
In the old paper world, evidence was usually gathered from interviews and physical documents.
A forensic investigation often involved searching through files of physical financial records for forged signatures or falsified accounting records such as invoices and delivery orders.
Requiring a large team of forensic investigators, the process of gathering evidence was also often long and tedious. It was like finding a needle in the haystack.
With the rapid strides made by technology, the operating environment of companies has changed significantly in the past last 10 years.
Similarly, the role of data and technology in the detection of financial crime has also intensified.
As the bulk of financial records were gradually migrated into digital formats in recent years, accounting records are increasingly recorded with greater accuracy and granularity within well-established enterprise resource planning (ERP) systems.
Data may also be "on the move", that is, in the form of data or messages stored on personal devices, in instant messenger applications or even in the cloud.
But where technology goes, crime follows. Digital fraud is on the rise, in the form of cyberattacks such as system hacking and phishing attacks.
A KPMG International study published in 2017 highlights that where technology has been used by fraudsters, about 24 per cent involved creating false invoices or misleading information in accounting records.
About 20 per cent involved fraudsters providing false or misleading information through messaging platforms, and 13 per cent involved perpetrators abusing permissible access to computer systems.
To be effective in the investigations of today, we need to preserve and analyse digital information quickly using advanced technologies and techniques.
Digital forensics plays a very significant role in fraud investigation today.
This is because the capabilities of forensic technologies, computing power and data storage have improved significantly while associated costs have declined.
With the advancement of forensic technologies, the ability to collect data from the plethora of new devices - computers, smartphones, tablets, servers or cloud servers - and from storage media, such as external hard drives, thumb drives and compact discs, have become easier.
The move towards digitalisation also drives the greater application of electronic discovery (or e-discovery) tools in reviewing electronically stored information more efficiently.
For instance, adhering to the industry standard Electronic Discovery Reference Model (EDRM), such tools are used to help companies respond to both legal and regulatory requests by collecting, processing, analysing and hosting Electronically Stored Information (ESI).
The associated e-discovery tools can transform images of physical documents into searchable texts through optical character recognition, and search electronic documents faster, smarter and more holistically across multiple devices.
These tools can also remove duplicate information, allow multiple reviewers concurrently, and provide full audit trial of the data analysed and reviewed.
Such tools also facilitate international collaboration among investigators and other parties, such as lawyers and regulators, who can simultaneously review digital evidence on a common electronic platform, which is also a boon to cross-border investigations.
More electronic data also means bigger roles for forensic data analy-tics.
With the advancement of artificial intelligence and machine learning capabilities, investigators can leverage data analytics techniques to identify potential anomalies, or the proverbial "smoking gun", within a huge pool of electronic information.
Forensic data analytics reduces dependency on the manual tracing of individual electronic and physical records, which may not be feasible in a large-scale cross-border investigation.
What should companies do to protect themselves?
Fraudsters are getting more savvy and creative with access to cutting edge technology.
In KPMG's CEO Outlook 2018, cybersecurity was identified by Singapore's CEOs as the biggest risk they face, and 50 per cent believe that a cyberattack was a case of "when" and not "if".
While half of CEOs believe their organisations were prepared, just 31 per cent were confident of identifying a threat.
Companies should therefore enhance their financial crime risk management digitally to prevent, detect and respond to financial crime.
The digital arsenal that companies can consider to mitigate financial crime includes:
- Deploying technology to detect risks associated with your business partners such as agents, distributors, employees and vendors.
- Performing periodic forensic data analytics on past financial accounting and operational data for indicators of control weaknesses or signs of potential fraud.
- Deploying continuous monitoring technology to promptly detect indicators of control weaknesses or signs of potential fraud.
- Performing proactive cyber threat hunting on internal systems for signs of a system compromise on top of the cyber penetration testing many companies do.
To effectively mitigate the risks of financial crime, companies need to also change the way they manage their financial crime risks or conduct their financial crime investigations by leveraging forensic technologies.
When used appropriately, these technologies can greatly enhance the effectiveness, and at the same time reduce the cost, of financial crime compliance and investigations.
- The writer is head of risk consulting at KPMG in Singapore. The views expressed are his own.