Crooks, when committing crime, leave trails—some verbal, some numerical. Now a new generation of super-snooper software adapted from the military gives employers the power to detect documents, transactions or emails that smell fishy.
David Remnitz, head of Ernst & Young's forensic technology business and fraud investigation services in North and South America, says the technology is so new to the private sector that it has has come into use only in the past 18 months. Until now, fraud-hunters have had to rely on their own perspicacity—or on the kindness of whistleblowers. Now, however, wrongdoers can be fingered electronically and automatically, with computer programs scanning vast quantities of data in seconds.
Predicts industry information source Compliance Week, "Catching fraudsters may soon become more a matter of learning how to properly interrogate a computer program rather than putting gumshoes on the case." It goes on to say that while fraud-detection software is not new, it previously has lacked the ability to sift through non-numerical, unstructured data—such as text documents, social media and email.
Patterns of words now alert software to the possibility that fraud may be in the works.
Any of some 3,000 different words and phrases, says Remnitz, can raise a red flag. Suspicious phrases include such expressions as "nobody will find out" or "let's continue this by cell phone." Remnitz's colleague Vincent Walden, the E&Y partner in charge of fraud analytics, says that "special" is suspicious word, especially when it appears in conjunction with a payment.
Any payment described as "special" deserves a second look, he says. So, too, do the following euphemisms, typically used by fraudsters when making or receiving bribes: "government fee," "special commission," "incentive payment," "friend fee," "team building expense."
The goal is to establish the existence of what academics call the "Fraud Triangle"—the simultaneous existence of three pre-conditions deemed necessary before fraud can occur: pressure, opportunity and rationalization.
A group of related emails, instant messages, purchase orders, receipts or other documents might, for example, variously refer to someone's being "under the gun" or having to "make the number" (suggesting pressure). Others might contain phrases such as "no inspection" or "off the books" (suggesting opportunity). Still others might say "I deserve it," "nobody will find out," or might describe something as being a "gray area"--all of which suggest rationalization. A spike in the incidence of all three at once should trigger an investigation, experts say.
Analysis of this kind is not yet widespread. It's so far been adopted, says Remnitz, only by Fortune 50 companies, companies doing business overseas (and thus subject to the penalties of the Foreign Corrupt Practices Act), big financial institutions, banks, private equity firms, and, more generally, by "companies that have realized that, because of the onerous demands placed on them by regulators, they have to become more proactive in detecting fraud."
Other Big Eight accounting firms besides E&Y have their own proprietary, internally-built versions of the software, as does IBM. E&Y's product is based on a platform called Palantir, which Remnitz describes as a sophisticated data analysis and integration engine used by governments. The whole approach he describes as an application to the business world of "customized military grade technology."