By Shailendra Malik1
1Vice President – IT Platforms, DBS Bank
We humans, as a society, have evolved significantly with the advances in technology and automation, which have simplified a lot of menial tasks we did in the past. From manual labour to automated machines, from clerical work to structured and reliable data collection and processing, and even from instinct-based decisions to informed, logical and structured decision-making, technology has been the backbone of this human evolution.
Humans, however, also procrastinate, become lazy and sometimes take short cuts to achieve success. These negative qualities push them into doing things that are risky, sometimes illegal or finding ways to beat the rules that we, as a society, have put in place and expected to abide by. This creates challenging problems for us to solve, such as how to identify cheating acts, detect fraud and distinguish them from other forms of misconduct in day-to-day transactions. Hence the need to have a system of internal controls to detect occurrence of any wrongdoing supplemented by regulatory oversight – supervision of a group by an outside body in order to control or direct according to rule, principle or law.
As we progress towards a more urbane way of conducting business transactions, the nature of fraud has become complex too, bringing a new set of challenges for compliance officers, who are increasingly relying on forensic analysis, which employs mathematical, probabilistic and AI-based techniques to catch bad transactions and nefarious actors.
As fraud becomes more sophisticated, so does the process of identifying and catching the perpetrators, but with increasing complexity. Auditors are observing challenges emerging from new technologies. A mature organization constantly assesses the potential risks, and manages, controls and mitigates exposure to these risks.
These exposures may arise from technological gaps, process gaps, lack of understanding of new business models and sometimes even employee misconduct. To improve risk assessment and maturity of its processes, organizations have been relying on technology tools that aid in statistics and data collection; however, their methods are dated.
Most of the current risk assessment techniques employ artificial intelligence (AI) and machine learning (ML) models, which take advantage of the expansive and elastic compute cycles available in the cloud, and which in turn help churn complex mathematical and statistical calculations. With AI becoming a buzzword, everyone is excited to use it in some shape or form, to gain the insights that were illusive before.
Almost all departments in an organization such as Sales, Marketing, HR and Operations are busy building or deploying new models to find the next secret sauce for their top line as well as bottom lines; however, the top three limitations that compliance and audit divisions face are as follows:
With multifold increase in complexity, it can become a nightmare for compliance and audit teams to keep adding more datapoints to mitigate or control the risks and this adds further exposure to sparse and sometimes unreliable data.
As part of the regulatory oversight, the financial services industry is inundated with several new laws and regulations related to anti-money laundering and counterterrorism financing and track money trails. A stronger focus on fraud detection and prevention along with the huge amount of data that organizations have amassed over the last several years is now driving faster adoption of AI-related techniques in the regulatory landscape. These include:
Choosing a sample that is a perfect representative of the population has always been a challenge; however, now, ML models can help identify suspicious transactions with greater precision for manual verification.
With rapid adoption of data lakes and cloud, organizations would have resources to perform holistic screening without impacting performance and costs. Over time, regulators may expect this to become the standard rather than relying on sampling efficiency and effectiveness. After all, why choose a sample when you can scan the population with no meaningful trade-offs.
One big limitation in our existing auditing system is the broken data collection from multiple resources and manual verification of the transactions. With data screening becoming automated and AI doing all that labour-intensive work, continuous auditing will soon become a reality, dramatically reducing the response time to fraud and analysis.
Typologies distinguish differences in their knowledge of the fraud, the degree of cooperation and in the loss. Most difficult fraud types are cyclic in nature. Origination of funds and then ultimate drainage in the shell accounts owned by the same people have been one of the most common ways to launder money and evade tax. Creative solutions of ML models working with graph data sets that focus on entity relationships instead of transactions would eliminate such frauds as they will become very easy to detect.
As fraud detection of known types becomes more efficient, one would expect the fraudsters to get more creative and bring new types of fraud into the market. With ML models being quick in pattern recognition, these new frauds would be detected and propagated in the short term, thus reducing the scope of the damage done by new frauds.
External auditors review and determine the extent to which they can rely on the work performed by internal audit teams before providing an independent view of the final and business health of an organization. Similarly, regulators may rely on the work performed by external auditors. With audit data collection and screening becoming cloud driven and AI screening for anomalies, one can expect greater cooperation and synergies to conduct reviews and minimize costs.
AI and ML hold a lot of promise for the future. Organizations are beginning to harness their value with better data collection and constant fine-tuning of models. I believe that we are bound to witness tangible gains from the new technologies and greatly enhance the efficiency and effectiveness of compliance and audit functions with a sharper vision. We would still need to focus on the right problems to solve and not get carried away with the euphoria and hysteria created by the new technologies.