This was first published in The Business Times on 2 Aug 2018.
Technology is increasingly playing a role in detecting fraud cases in organisations and reducing the cost of financial crime compliance and investigations.
With this, digital forensics has come to the fore as regulators, market players and investors focus on preventing or countering commercial fraud in the digital era.
In the old paper world, evidence was usually gathered from interviews and physical documents.
A forensic investigation often involved searching through files of physical financial records for forged signatures or falsified accounting records such as invoices and delivery orders.
Requiring a large team of forensic investigators, the process of gathering evidence was also often long and tedious.
It was like finding a needle in the haystack.
With the rapid strides made by technology, the operating environment of companies has changed significantly in the past last 10 years.
Similarly, the role of data and technology in the detection of financial crime has also intensified.
As the bulk of financial records were gradually migrated into digital formats in recent years, accounting records are increasingly recorded with greater accuracy and granularity within well-established enterprise resource planning (ERP) systems.
Data may also be ‘on the move’, that is, in the form of data or messages stored on personal devices, in instant messenger applications or even in the cloud.
Where technology goes, crime follows.
Digital fraud is on the rise, in the form of cyber-attacks, such as system hacking and phishing attacks.
A KPMG International study published in 2017 highlights that where technology has been used by fraudsters, about 24% involved creating false invoices or misleading information in accounting records.
About 20% involved fraudsters providing false or misleading information through messaging platforms, and 13% involved perpetrators abusing permissible access to computer system.
To be effective in the investigations of today, we need to preserve and analyse digital information quickly using advanced technologies and techniques.
Digital forensics plays a very significant role in fraud investigation today.
This is because the capabilities of forensic technologies, computing power and data storage have improved significantly while associated costs have declined.
With forensic technologies advancement, the ability to collect data from the plethora of new devices - computers, smart phones, tablets, servers or cloud servers - and from storage media, such as external hard drives, thumb drives and compact discs, have become easier.
The move towards digitalisation also drives the greater application of electronic discovery (or e-discovery) tools in reviewing electronically stored information more efficiently.
For instance, adhering to the industry standard Electronic Discovery Reference Model (EDRM), such tools are used to help companies respond to both legal and regulatory requests by collecting, processing, analysing and hosting Electronically Stored Information (ESI).
The associated e-discovery tools can transform images of physical documents into searchable texts through optical character recognition, and search electronic documents faster, smarter and more holistically across multiple devices.
These tools can also remove duplicate information, allow multiple reviewers concurrently, and provide full audit trial of the data analysed and reviewed.
Such tools also facilitate international collaboration among investigators and other parties, such as lawyers and regulators, who can simultaneously review digital evidence on a common electronic platform, which is also a boon to cross-borders investigations.
More electronic data also means bigger roles for forensic data analytics.
With the advancement of artificial intelligence and machine learning capabilities, investigators can leverage data analytics techniques to identify potential anomalies, or the proverbial “smoking gun”, within a huge pool of electronic information.
Forensic data analytics reduces dependency on the manual tracing of individual electronic and physical records, which may not be feasible in a large-scale cross-borders investigation.
What should companies do to protect themselves?
Fraudsters are getting more savvy and creative with access to cutting edge technology.
In KPMG’s CEO Outlook 2018, cyber security was identified by Singapore’s CEOs as the biggest risk they face, and 50 per cent believe that a cyber attack was a case of “when” and not “if”.
While half of CEOs believe their organisations are prepared, just 31 per cent were confident of identifying a threat.
Companies should therefore enhance their financial crime risk management digitally to prevent, detect and respond to financial crime.
The digital arsenal that companies can consider to mitigate financial crime include:
To effectively mitigate the risks of financial crime, companies need to also change the way they manage their financial crime risks or conduct their financial crime investigations by leveraging forensic technologies.
When used appropriately, these technologies can greatly enhance the effectiveness, and at the same time reduce cost, of financial crime compliance and investigations.
The article is contributed by Lem Chin Kok, Head of Risk Consulting, KPMG in Singapore. Views expressed are his own.