The risk management function within most organizations is seized with a whole host of challenges. The volatility of commodity and financial markets, the rapid evolution changes in business models and increased competition have brought risk front and center on the management radar. However, this risk view is largely framed around external risks and doesn’t factor a significant risk that arises from within – the threat from insiders.

Ironically, insider threats gain potency as firms undertake multiple steps to prepare for competing better externally. Some of these changes include holistic information access, employee empowerment for rapid decision-making and organizational shifts towards temporary and remote workforces. Finally, the evolution of well-structured fraud cartels and sophisticated social engineering operations have magnified the impact from a few black sheep within who could compromise a whole host of risk management controls.

To provide context to this, it would be useful to consider some research conducted in the space. ACFE studies indicate that organizations lose 5% of their turnover from various forms of occupational fraud. A typical fraud is unearthed 18 months after; with the most successful frauds never getting discovered. Collusive frauds and those entailing senior leadership figures have higher impacts and lower chance of detection.

The impact from frauds are a hit to the bottom line, significant reputational damage (especially if external customers are involved) and regulatory burdens that distract management attention from core business operations. Also lack of confidence in internal controls spills over to the stock market, employee morale and adversely taints multiple careers purely through negative association.

Why is fraud control so challenging?

Traditional techniques of monitoring process controls have been based on “smart sampling” – the idea is to map out various processes in the organization and categorize them by criticality. Then, based on identification of control points, the intent would be to intelligently sample these in such a way that it truly represents the maturity of controls in the organization. Some of the challenges include poor data quality with need for extensive cleansing, managing huge volumes (well beyond spreadsheets) and need to process rapidly for efficacy. There is also the hindrance of information getting locked up in silos and hence the big picture doesn’t emerge.

It is important to highlight that compliance and risk management shouldn’t act as a hurdle to regular business operations. This calls for a smart calibration of risk and ensuring that most transactions are allowed unhindered while still keeping an eagle-like vigil for the few anomalous transactions that need to be rapidly stopped and investigated.

What does it take to build a smarter mousetrap?

The big data techniques allow us to address the challenges listed by creating the ability to handle data-at-scale and process them in near real-time. The first step is to move from a reactive tip-based approach to fraud control to a proactive rule-based detection model. Unfortunately, fraudsters have a specialized focus and an incentive to keep ahead of the rules – being insiders gives them ample information to get around alerts. To address this concern, machine learning algorithms could be used to learn from prior data and identify potential cases that require investigation, without explicit rules being defined. This would ensure that detection rules keep up with a changing environment and increasing sophistication from the fraudsters.

Author: Guha Ramasubramanian heads Corporate Business Development at Wipro and the Apollo Anomaly Detection platform for Proactive control of Fraud, Risk and Compliance. The views expressed in this article are the authors and Wipro does not subscribe to the substance, veracity or truthfulness of the author’s views.

Image: Visitors sit on a bench made in the shape of “Big Data” outside the venue of the 2015 Big Data Expo in Guiyang, Guizhou province, China, May 26, 2015. REUTERS/Paul Carsten