Category Archives: Bank Fraud

A Ship of Fools

Our Chapter’s January-February 2018 lecture for CPE credit is concerned with the broader ethical implications of the types of fraud, many interlocking and coordinated, that made up the 2007-2008 Great Recession.  At the center of the scandal were ethically challenged actions by bank managements and their boards, but also by the investment companies and ratings agencies, who not only initiated much of the fraud and deception but, in many cases, actively expanded and perpetuated it.

Little more than a glance at the historical record confirms that deception by bank executives of regulators and of their own investors about illegal activity or about the institution’s true financial condition to conceal poor performance, poor management, or questionable transactions is not new to the world of U.S. finance. In fact, it was a key practice during the meltdown of the financial markets in 2007. In addition, the period saw heated debate about alleged deception by the rating agencies, Standard & Poor’s, Moody’s, and Fitch, of major institutional investors, who depended on the agencies’ valuations of subprime-backed securities in the making of investment decisions. Thus, not only deceptive borrowers and unscrupulous mortgage brokers and appraisers contributed to the meltdown. The maelstrom of lies and deception that drove the entire U.S. financial system in mid to late 2005 accelerated to the point of no return, and the crisis that ensued proved unavoidable.

There were ample instances of bank deception in the years leading up to the Great Depression of the 1930’s. The facts came out with considerable drama and fanfare through the work of the era’s Pecora Commission. However, the breadth and scope of executive deception that came under the legal and regulatory microscope following the financial market collapse of 2007 to 2009 represent some of history’s most brazen cases of concealment of irresponsible lending practices, fraudulent underwriting, shady financial transactions, and intentionally false statements to investors, federal regulators, and investigators.

According to the ACFE and other analysts, the lion’s share of direct blame for the meltdown lies with top executives of the major banks, investment firms, and rating agencies. They charge the commercial bank bosses with perpetuating a boom in reckless mortgage lending and the investment bankers with essentially tricking institutional investors into buying the exotic derivative securities backed by the millions and millions of toxic mortgages sold off by the mortgage lenders. The commercial bank bosses and investment bankers were, according to these observers, aided and abetted by the rating agencies, which lowered their rating standards on high-risk mortgage-backed securities that should never have received investment-grade ratings but did so because the rating agencies were paid by the very investment banks which issued the bonds. The agencies reportedly feared losing business if they gave poor ratings to the securities.

As many CFEs know, fraud is always the principal credit risk of any nonprime mortgage lending operation. It’s impossible in practice to detect fraud without reviewing a sample of the loan files. Paper loan files are bulky, so they are photographed, and the images are stored on computer tapes. Unfortunately, most investors (the large commercial and investment banks that purchased non-prime loans and pooled them to create financial derivatives) didn’t review the loan files before purchasing them and did not even require the original lenders to provide them with the loan tapes requisite for subsequent review and audit.

The rating agencies also never reviewed samples of loan files before giving AAA ratings to nonprime mortgage financial derivatives. The “AAA’ rating is supposed to indicate that there is virtually no credit risk, the risk being thought equivalent to U.S. government bonds, which the finance industry refers to as “risk-free.”  The rating agencies attained their lucrative profits because they gave AAA ratings to nonprime financial derivatives exposed to staggering default risk. A graph of their profits in this era rises like a stairway to the stars. Turning a blind eye to the mortgage fraud epidemic was the only way the rating agencies could hope to attain, and sustain, those profit levels. If they had engaged forensic accountants to review even small samples of nonprime loans, they would have been confronted with only two real choices: (1) rating them as toxic waste, which would have made it impossible to sell the associated nonprime financial derivatives or (2) documenting that they themselves were committing, aiding and abetting, a blatant accounting fraud.

A statement made during the 2008 House of Representatives hearings on the topic of the rating agencies’ role in the crisis represents an apt summary of how the financial and government communities viewed the actions and attitudes of the three rating agencies in the years leading up to the subprime crisis. An S&P employee, testified that “the rating agencies continue to create an even bigger monster, the CDO [collateralized debt obligation] market. Let’s hope we all are wealthy and retired by the time this house of cards falters.”

With respect to bank executives, the examples of proved and alleged deception during the period are so numerous as to almost defy belief. Among the most noteworthy are:

–The SEC investigated Citigroup as to whether it misled investors by failing to disclose critical details about the troubled mortgage assets it was holding as the financial markets began to collapse in 2007. The investigation came only after some of the mortgage-related securities being held by Citigroup were downgraded by an independent rating agency. Shortly thereafter, Citigroup announced quarterly losses of around $10 billion on its subprime-mortgage holdings, an astounding amount that directly contributed to the resignation of then CEO, Charles Prince;

–The SEC conducted similar investigations into Bank of America, now-defunct Lehman Brothers, and Merrill Lynch (now a part of Bank of America);

–The SEC filed civil fraud charges against Angelo Mozilo, cofounder and former CEO of Countrywide Financial Corp. In the highest-profile government legal action against a chief executive related to the financial crisis, the SEC charged Mozilo with insider trading and alleged failure to disclose material information to shareholders, according to people familiar with the matter. Mozilo sold $130 million of Countrywide stock in the first half of 2007 under an executive sales plan, according to government filings.

As the ACFE points out, every financial services company has its own unique internal structure and management policies. Some are more effective than others in reducing the risk of management-level fraud. The best anti-fraud controls are those designed to reduce the risk of a specific type of fraud threatening the organization.  Designing effective anti-fraud controls depends directly on accurate assessment of those risks. How, after all, can management or the board be expected to design and implement effective controls if it is unclear about which frauds are most threatening? That’s why a fraud risk assessment (FRA) is essential to any anti-fraud Program; an essential exercise designed to determine the specific types of fraud to which your client organization is most vulnerable within the context of its existing anti-fraud controls. This enables management to design, customize, and implement the best controls to minimize fraud risk throughout the organization.  Again, according to the ACFE (joined by the Institute of Internal Auditors, and the American Institute of Certified Public Accountants), an organization’s contracted CFEs backed by its own internal audit team can play a direct role in this all-important effort.

Your client’s internal auditors should consider the organization’s assessment of fraud risk when developing their annual audit plan and review management’s fraud management capabilities periodically. They should interview and communicate regularly with those conducting the organization’s risk assessments, as well as with others in key positions throughout the organization, to help them ensure that all fraud risks have been considered appropriately. When performing proactive fraud risk assessment engagements, CFEs should direct adequate time and attention to evaluating the design and operation of internal controls specifically related to fraud risk management. We should exercise professional skepticism when reviewing activities and be on guard for the tell-tale signs of fraud. Suspected frauds uncovered during an engagement should be treated in accordance with a well-designed response plan consistent with professional and legal standards.

As this month’s lecture recommends, CFEs and forensic accountants can also contribute value by proactively taking a proactive role in support of the organization’s underlying ethical culture.

Rigging the Casino

I attended an evening lecture some weeks ago at the Marshall-Wythe law school of the College of William & Mary, my old alma mater, in Williamsburg, Virginia. One of the topics raised during the lecture was a detailed analysis of the LIBOR scandal of 2012, a fascinating tale of systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, and in an environment where little or no regulation prevailed.

After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally initiated, and the subsequent fines and penalties were huge. The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used. For example, in the United States in 2008 when the subprime lending crisis began, around 60 percent of prime adjustable-rate mortgages (ARMs) and nearly all subprime mortgages were indexed to the US dollar LIBOR. In 2012, around 45 percent of prime adjustable rate mortgages and over 80 percent of subprime mortgages were indexed to the LIBOR. American municipalities also borrowed around 75 percent of their money through financial products that were linked to the LIBOR.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average and its publication and dissemination. Reuters set aside the four highest and four lowest estimates, and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation. For example, in 2012 the total of derivatives priced relative to the LIBOR rate has been estimated at from $300-$600 trillion, so a manipulation of 0.1% in the LIBOR rate would generate an error of $300-600 million per annum. Consequently, it is not surprising that, once the manipulations came to light, the settlements and fines assessed were huge. By December 31, 2013, 7 of the 18 submitting banks charged with manipulation, had paid fines and settlements of upwards of $ 2 billion. In addition, the European Commission gave immunity for revealing wrongdoing to several the banks thereby allowing them to avoid fines including: Barclays €690 million, UBS €2.5 billion, and Citigroup €55 million.

Some examples of the types of losses caused by LIBOR manipulations are:

Manipulation of home mortgage rates: Many home owners borrow their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers receive a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. One observer estimated that each LIBOR submitting bank during this period might have been liable for as much as $2.3 billion in overcharges.

Municipalities lost on interest rate swaps: Municipalities raise funds through the issuance of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were launched to recover these losses which cost municipalities, hospitals, and other non-profits as much as $600 million a year; the remaining liability assisted the municipalities in further settlement negotiations.

Freddie Mac Losses: On March 27, 2013, Freddie Mac sued 15 banks for their losses of up to $3 billion due to LIBOR rate manipulations. Freddie Mac accused the banks of fraud, violations of antitrust law and breach of contract, and sought unspecified damages for financial harm, as well as punitive damages and treble damages for violations of the Sherman Act. To the extent that defendants used false and dishonest USD LIBOR submissions to bolster their respective reputations, they artificially increased their ability to charge higher underwriting fees and obtain higher offering prices for financial products to the detriment of Freddie Mac and other consumers.

Liability Claims/Antitrust cases (Commodities-manipulations claims): Other organizations also sued the LIBOR rate submitting banks for anti-competitive behavior, partly because of the possibility of treble damages, but they had to demonstrate related damages to be successful. Nonetheless, credible plaintiffs included the Regents of the University of California who filed a suit claiming fraud, deceit, and unjust enrichment.

All of this can be of little surprise to fraud examiners. The ACFE lists the following features of moral collapse in an organization or business sector:

  1. Pressure to meet goals, especially financial ones, at any cost;
  2. A culture that does not foster open and candid conversation and discussion;
  3. A CEO who is surrounded with people who will agree and flatter the CEO, as well as a CEO whose reputation is beyond criticism;
  4. Weak boards that do not exercise their fiduciary responsibilities with diligence;
  5. An organization that promotes people based on nepotism and favoritism;
  6. Hubris. The arrogant belief that rules are for other people, but not for us;
  7. A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

Each of the financial institutions involved in the LIBOR scandal struggled, to a greater or lesser degree with one or more of these crippling characteristics and, a distressing few, manifested all of them.

The Equity Strip Tease and Flip

home-equityThe recent troubles at Deutsche Bank and Wells Fargo and the many
come-ons on television targeting senior citizens attest to the fact that the traditional scams and schemes among conventional and shadow lenders are as alive and well as ever.   If you thought sub-prime loans and equity stripping were financial ghosts of the past, think again.

It generally takes years for any borrower to build equity in a home. Fraud examiners should help consumers be aware that fraudsters employ several common ways to take that equity away. The most common technique used by fraudsters to steal consumers’ equity is known as equity stripping.  In equity stripping schemes, lenders promote ways consumers, especially the elderly and recent immigrants, can obtain cash by borrowing against the equity established in their home. The fraudulent lender is not concerned about whether the payments can be made once the loan is granted, and may even encourage consumers to fudge on their loan application to obtain the loan. If monthly payments cannot be met on the loan, consumers are subject to foreclosure on, and the subsequent loss of, their home, including all their equity.

Subprime loans have recently become a significant and growing part of the auto financing market and have never completely dried up in the home equity market. Subprime lending refers to the extension of credit to higher risk borrowers or to those with non-existent credit histories at interest rates and fees higher than conventional loans. Some companies make auto and home equity loans to minorities, the elderly, and low-income borrowers at interest rates as high as 20 to 24 percent in states without usury statutes.  As the ACFE tells us, as a rule, loans made to individuals who do not have the income to repay them are intentionally designed to fail; they typically result in the lender acquiring the borrower’s financed property. In the case of a home, the borrower is likely to default on the loan and ultimately lose his home through foreclosure or by the signing over of the house deed to the lender in lieu of such foreclosure.

Another frequent lender scam to separate home owners from their equity is credit churning. Churning, or loan flipping, is directed toward consumers who own a home and have been making mortgage payments for years. A lender calls to talk about refinancing a loan, and using the availability of extra cash as bait, claims it’s time the equity in the consumer’s home started working for him or her. When the consumer agrees to refinance his loan, the borrower’s troubles begin.  After the consumer has made a few payments on the loan, the lender calls to offer a bigger loan for, say, a family vacation to Disney World. If the consumer accepts the offer, the lender refinances the original loan and then lends the consumer additional money. In this practice, often called flipping, the lender charges the homeowner high points and fees each time s/he refinances, and may increase the interest rate as well. If the loan has a prepayment penalty, which is often the case, the consumer must pay that penalty as well each time a new loan is taken out.  The bottom line is that now the consumer has some extra money and a lot more debt, stretched out over a longer payment period. With each refinancing, the consumer has increased her debt and should she get in over her head and not be able to make the mortgage payments, she risks losing her home and all the equity in it.

Who hasn’t seen the kindly-looking, aging celebrity shilling on TV for his employer- lender’s reverse mortgage product?  Reverse mortgages are aggressively pitched to older individuals who are seeking money to finance a home improvement, pay off a current mortgage, supplement their retirement income, or pay for health care expenses. A typical reverse mortgage allows older homeowners to convert part of the equity in their homes into cash without having to sell their homes or take on additional monthly bills. In a regular mortgage, the homeowner makes payments to the lender. But in a reverse mortgage, the homeowner receives money from the lender and generally does not have to pay it back for as long as he lives in his home. Instead, the loan must be repaid when the homeowner dies, sells the home, or no longer lives there as his principal residence.

The amount of such a loan depends upon the consumer’s age (s/he must be at least 62), the equity in the home, and the interest rate the lender is charging. Among the facts for your clients to consider before applying for a reverse mortgage are:

  • Reverse mortgages are rising-debt loans. This means that interest is added to the loan’s principal balance each month because interest is not paid on a current basis. Therefore, as the interest compounds over time, the amount owed increases.
  • Reverse mortgages and their associated expenses use up some or all the equity in the home, leaving fewer assets for the homeowner and his heirs.
  • Lenders are providing the loan as an investment, which they aim to collect on at a profit, not out of goodwill or charity.

Another lender initiated scam against borrowers is credit insurance packing which occurs during the process of obtaining a mortgage or other loan, whereby the lender includes charges for credit insurance or other “benefits” that the borrower did not request or does not desire, and requests that the borrower sign the documents to close the deal. The fraudulent lender hopes that the borrower will not notice the additional charges that are listed or that s/he will believe that they are part of the loan terms that were originally agreed upon. Thus, the lender can imply that this “benefit” is provided at no extra charge. The lender does not explain in detail the additional cost or obligations. If the borrower agrees to the charge, s/he will be paying for additional fees that may not be required or desired. If the borrower questions the charge and does not want the credit insurance, the lender may attempt to intimidate the borrower; the lender may indicate that to obtain the loan, the loan documents must be rewritten, which may take several days, and that the possibility even exists that the loan may not be approved without the insurance.

Consumers who have financial difficulties and are unable to maintain their monthly mortgage or other loan payments may be faced with lenders who begin threatening foreclosure or repossession. Fraudulent lenders may then approach the consumer with offers to assist in refinancing. The new financing, however, never comes to fruition. To “help,” the fraudulent lender may offer the consumer a temporary solution to prevent foreclosure. In an act of desperation, consumers are lured into deeding their property over to the fraudulent lender with claims that it is only temporary. However, the consumer should be aware that, in the case of a mortgage or automobile, once the lender has the deed or title, the lender owns the property, may borrow against it, and may even sell it. The consumer’s monthly payments become rent payments that come with the possibility of eviction by the lender, as the consumer becomes the fraudulent lender’s tenant.

Finally, a word about balloon payments and title loans.  Lenders offer consumers balloon payment loans, which require low, interest-only payments during the life of the loan, and payment of the entire principal in one lump sum at the end of the loan term.  Consumers are enticed by fraudulent lenders to refinance their loans with a balloon payment loan so that their monthly payments will be low, allowing extra funds for other debts. A fraudulent lender may not explain the loan in its entirety or the hidden terms in the agreement. Without a thorough understanding of this type of agreement, consumers face the possibility of foreclosure at the end of the loan term if the lump-sum repayment of the principle proves to be more than they can afford.

A title loan enables a consumer to borrow against the equity in her motor vehicle. A lender determines the amount eligible to be borrowed based on the market value of the motor vehicle. The lender retains tide to the motor vehicle, as well as a set of keys. If monthly loan payments are not made, the motor vehicle can be repossessed. Consumers must understand the contract terms of the loan to avoid any misunderstanding regarding delinquency and repossession.

As practicing CFE’s we have a responsibility to educate our clients and the general public about fraud schemes in general and about emerging threats in particular.  As the ACFE tells us, an educated public is the best defense we have against all lender frauds both old and new.

Fraud, ERM & Wells Fargo

wells-fargo_2Could a fully functional Enterprise Risk Management (ERM) program have prevented or otherwise somehow mitigated the Wells Fargo fraud?

As a concept Enterprise Risk Management (ERM) is almost four decades old now and has been repeatedly battle-tested in both private and public organizations around the world as a proven approach to addressing risk in organizations of all sizes by effectively and efficiently concentrating management’s attention on the areas of highest risk to the critical business processes of the enterprise. I don’t have to tell readers of this blog that today’s fiscal realities call for continual and increased efforts to both reduce costs and still deliver optimal customer service; both objectives have a direct impact on fraud prevention because they increase the pressure on management, especially financial and marketing management to meet ever higher sales and earnings performance standards.  The ongoing debacle at Wells Fargo is a case in point of such pressures out of control at seemingly every level of the organization.

ERM was introduced as a management concept in 1974 when a Swedish state risk manager, Gustav Hamilton, identified four elements that are inextricably connected in a risk management process: assessment, control, financing and communications. He called this comprehensive view “the circle of risk” and the concept has continued to evolve in the years since. In September 2004, COSO issued, Enterprise Risk Management—Integrated Framework, a method to systematically consider and manage risk across an enterprise. COSO’s premise is that value is maximized when management sets strategy and objectives to strike a balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. COSO’s bottom line is that ERM helps an entity get to where it wants to go and avoid pitfalls and surprises like what has overtaken Wells Fargo along the way.  The ultimate goal of ERM for fraud prevention is two-fold: remediate risks (especially the risk of fraud, waste and abuse) to acceptable levels, and eliminate unnecessary controls, processes and ideally, costs. Potential benefits, such as improved service delivery, increased control and cost savings are just some of those documented in the literature. At the heart of ERM is a holistic, integrated, future-focused and process- oriented approach that facilitates the management of risk across an enterprise as opposed to looking at it only within siloed organizational entities. The ERM process focuses on “the right things” and can identify processes and procedures that do not measure up to performance, cultural standards and cost-benefit ratios defined by the entity.

Fraud risk programs align well with ERM concepts. Fraud risk programs start with establishing the risk appetite of the enterprise and are governed by policies that articulate the goals and objectives, ethical conduct standards, roles and responsibilities, strategies and tactics of implementation specific to addressing fraud risk. As with other types of ERM programs, fraud programs include deterrence strategies, preventive internal controls, routine measurement of performance and results, as well as program accountability and transparency to stakeholders. Additionally, there is special emphasis on cyber fraud, given the reliance on information technology to carry out the mission of today’s typical organization. Partnerships between organizational and program management are strong, given the linkage between the programs and their associated fraud risks. ERM also strongly supports whistleblower programs, another area of increasing attention and stakeholder priority.

News reports tell us that those Wells Fargo employees who attempted to fill the whistleblower role at many points in the employee initiated fraud were first disciplined for their efforts and then terminated.

COSO’s ERM framework is premised on four underlying principles. How might each (and all collectively) have benefited Wells Fargo beforehand to avoid the present mess?

–Every entity exists to provide stakeholder value.
Sales goals that are all but impossible to meet and which force employees to sign up customers for services they neither ordered or needed provide no value to the customer, to the employees, to Wells Fargo stockholders or to the public at large.

–All entities face uncertainty, and the challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value. This translates to making trade-offs in establishing the level of acceptable risk to assume.
By fostering a culture of corruption among its employees by firing them for not making unrealistic sales goals, it can be argued that Wells Fargo failed to accurately assess both its level of fraud risk and its appetite for such risk.

–Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Enterprise risk management enables management to more effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.
Under the COSO model Wells Fargo failed to prioritize risks that might jeopardize its corporate mission, effectiveness and efficiency. It also appears that it lacked a mechanism to take prompt action to stop the basic employee fraud scenario from persisting and spreading to more and more employees.  Only after the fact did it halt its program of unrealistic employee sales goals.

–Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.
The application of this principle features ongoing monitoring of the performance of the risk model.  Clearly, at the first signs of the fraud, Wells Fargo would have reassessed risk, set risk to the maximum and taken immediate steps to shut down the identified fraud scenario(s).

As a fraud examiner and auditor there are a number of questions I ask my corporate clients to ask themselves that are, in my opinion, critical to both identifying the risk involved with ERM generally and the business processes vulnerable to fraud specifically.

–What keeps you up at night?
–What do we not want to see on the news or in blogs?
–What are the expectations of stakeholders?
–What do we want to make sure happens and happens well?
–What problems have developed or emerged in other organizations that could be a problem in our company as well?
–What controls are now in place? What do we know about how they are working? What do we know about their cost and benefit?
–What level of control can we reasonably afford and how do we get the most bang for the buck?
–What changes have taken place in the company or external to the it that may have introduced new risks?

Would ERM have helped Wells Fargo?  I don’t know whether the bank presently has an ERM program or not but clearly the process as defined by COSO would have helped in providing a risk monitoring and immediate remediation mechanism to reassess risk in responding to the first whistleblower call alerting to the existence of the employee assisted fraud.  And there is no doubt that the forensic accounting and CFE community can play an important role in providing needed leadership and technical assistance to any organization implementing a dynamic, ERM supported, fraud response plan.  As the Wells Fargo experience and so many other instances suggest, the time has come to use the full potential of enterprise risk management as a tool to assist in the identification and rapid remediation of frauds before the costs to all stakeholders become unacceptably high.

Where the Money Is

bank-robberyOne of the followers of our Central Virginia Chapter’s group on LinkedIn is a bank auditor heavily engaged in his organization’s analytics based fraud control program.  He was kind enough to share some of his thoughts regarding his organization’s sophisticated anti-fraud data modelling program as material for this blog post.

Our LinkedIn connection reports that, in his opinion, getting fraud data accurately captured, categorized, and stored is the first, vitally important challenge to using data-driven technology to combat fraud losses. This might seem relatively easy to those not directly involved in the process but, experience quickly reveals that having fraud related data stored reliably over a long period of time and in a readily accessible format represents a significant challenge requiring a systematic approach at all levels of any organization serious about the effective application of analytically supported fraud management. The idea of any single piece of data being of potential importance to addressing a problem is a relatively new concept in the history of banking and of most other types of financial enterprises.

Accumulating accurate data starts with an overall vision of how the multiple steps in the process connect to affect the outcome. It’s important for every member of the fraud control team to understand how important each process pre-defined step is in capturing the information correctly — from the person who is responsible for risk management in the organization to the people who run the fraud analytics program to the person who designs the data layout to the person who enters the data. Even a customer service analyst or a fraud analyst not marking a certain type of transaction correctly as fraud can have an on-going impact on developing an accurate fraud control system. It really helps to establish rigorous processes of data entry on the front end and to explain to all players exactly why those specific processes are in place. Process without communication and communication without process both are unlikely to produce desirable results. In order to understand the importance of recording fraud information correctly, it’s important for management to communicate to all some general understanding about how a data-driven detection system (whether it’s based on simple rules or on sophisticated models) is developed.

Our connection goes on to say that even after an organization has implemented a fraud detection system that is based on sophisticated techniques and that can execute effectively in real time, it’s important for the operational staff to use the output recommendations of the system effectively. There are three ways that fraud management can improve results within even a highly sophisticated system like that of our LinkedIn connection.

The first strategy is never to allow operational staff to second-guess a sophisticated model at will. Very often, a model score of 900 (let’s say this is an indicator of very high fraud risk), when combined with some decision keys and sometimes on its own, can perform extremely well as a fraud predictor. It’s good practice to use the scores at this high risk range generated by a tested model as is and not allow individual analysts to adjust it further. This policy will have to be completely understood and controlled at the operational level. Using a well-developed fraud score as is without watering it down is one of the most important operational strategies for the long term success of any model. Application of this rule also makes it simpler to identify instances of model scoring failure by rendering them free of any subsequent analyst adjustments.

Second, fraud analysts will have to be trained to use the scores and the reason codes (reason codes explain why the score is indicative of risk) effectively in operations. Typically, this is done by writing some rules in operations that incorporate the scores and reason codes as decision keys. In the fraud management world, these rules are generally referred to as strategies. It’s extremely important to ensure strategies are applied uniformly by all fraud analysts. It’s also essential to closely monitor how the fraud analysts are operating using the scores and strategies.

Third, it’s very important to train the analysts to mark transactions that are confirmed or reported to be fraudulent by the organization’s customers accurately in their data store.

All three of these strategies may seem very straight forward to accomplish, but in practical terms, they are not that easy without a lot of planning, time, and energy. A superior fraud detection system can be rendered almost useless if it is not used correctly. It is extremely important to allow the right level of employee to exercise the right level of judgment.  Again, individual fraud analysts should not be allowed to second-guess the efficacy of a fraud score that is the result of a sophisticated model. Similarly, planners of operations should take into account all practical limitations while coming up with fraud strategies (fraud scenarios). Ensuring that all of this gets done the right way with the right emphasis ultimately leads the organization to good, effective fraud management.

At the heart of any fraud detection system is a rule or a model that attempts to detect a behavior that has been observed repeatedly in various frequencies in the past and classifies it as fraud or non-fraud with a certain rank ordering. We would like to figure out this behavior scenario in advance and stop it in its tracks. What we observe from historical data and our experience needs be converted to some sort of a rule that can be systematically applied to the data real-time in the future. We expect that these rules or models will improve our chance of detecting aberrations in behavior and help us distinguish between genuine customers and fraudsters in a timely manner. The goal is to stop the bleeding of cash from the account and to accomplish that as close to the start of the fraud episode as we can. If banks can accurately identify early indicators of on-going fraud, significant losses can be avoided.

In statistical terms, what we define as a fraud scenario would be the dependent variable or the variable we are trying to predict (or detect) using a model. We would try to use a few independent variables (as many of the variables used in the model tend to have some dependency on each other in real life) to detect fraud. Fundamentally, at this stage we are trying to model the fraud scenario using these independent variables. Typically, a model attempts to detect fraud as opposed to predict fraud. We are not trying to say that fraud is likely to happen on this entity in the future; rather, we are trying to determine whether fraud is likely happening at the present moment, and the goal of the fraud model is to identify this as close to the time that the fraud starts as possible.

In credit risk management, we try to predict if there will likely be serious delinquency or default risk in the future, based on the behavior exhibited in the entity today. With respect to detecting fraud, during the model-building process, not having accurate fraud data is akin to not knowing what the target is in a shooting range. If a model or rule is built on data that is only 75 percent accurate, it is going to cause the model’s accuracy and effectiveness to be suspect as well. There are two sides to this problem.  Suppose we mark 25 percent of the fraudulent transactions inaccurately as non-fraud or good transactions. Not only are we missing out on learning from a significant portion of fraudulent behavior, by misclassifying it as non-fraud, the misclassification leads to the model assuming the behavior is actually good behavior. Hence, misclassification of data affects both sides of the equation. Accurate fraud data is fundamental to addressing the fraud problem effectively.

So, in summary, collecting accurate fraud data is not the responsibility of just one set of people in any organization. The entire mind-set of the organization should be geared around collecting, preserving, and using this valuable resource effectively. Interestingly, our LinkedIn connection concludes, the fraud data challenges faced by a number of other industries are very similar to those faced by financial institutions such as his own. Banks are probably further along in fraud management and can provide a number of pointers to other industries, but fundamentally, the problem is the same everywhere. Hence, a number of techniques he details in this post are applicable to a number of industries, even though most of his experience is bank based. As fraud examiners and forensic accountants, we will no doubt witness the impact of the application of analytically based fraud risk management by an ever multiplying number of client industrial types.