27 September 2002

Despite the fact that the cost of internal fraud has been estimated to be as high as 6% of turnover, Detica, a leading specialist provider of management consulting and systems implementation services, says the majority of companies are reluctant to invest in tackling problems such as rogue trading, creative accounting and money laundering, with fraud detection systems targeted at the main perpetrators - insiders.

The outsourcing of systems and business processes has become increasingly prevalent and old-fashioned staff allegiance to employers is eroding quickly. This, combined with the continued rapid development of enterprise critical financial systems and processes, means the propensity for insiders to commit fraud and the opportunities for them to do so are increasing faster than an organisation's ability to police it. Recent scandals including Allied Irish Bank, Worldcom, Enron and Daewoo Securities plus heightened concerns over global terrorism and organised crime show that internal fraud, already a major issue, is set to remain very much in the public eye.

Detica, the largest provider of security and fraud consultancy services in the UK [source: Industry Research Group annual survey of Top Consultants 2002] warns that systems and processes are needed which monitor employees at all levels (from permanent employees to temporary contractors), right up to the most senior executives. By collecting and analysing data over a wide variety of enterprise systems, organisations can identify anomalous behaviour.

"Technically literate individuals intent on committing fraud are in a perfect position to do so. No-one is policing these individuals because they are often the ones in charge of the IT systems," cautions Martin Sutherland, Head of Security and Fraud, Detica. "The advent of new regulatory pressure in the financial services sector, such as Basel II, means that tightening up on internal operations is becoming critical to business success but while financial service organisations are waking up to the risks, many other sectors have not. "

Sutherland continues: "By collecting and analysing audit data from systems across the enterprise, possible trouble spots can be identified and fraudulent activity nipped in the bud. Due to the high volumes of data typically produced in a large corporation, such as a bank, the major obstacle here is determining what to look for. Log files contain a wealth of untapped information about staff's use and abuse of systems. By using analytics to establish what are normal behavioural patterns and then hunt for abnormalities, the needle-in-the-haystack problem can be avoided. "

With so many different ways to commit fraud, the number of high-profile cases currently in the public eye is not surprising. For example, Daewoo Securities, the South Korean brokerage house, recently reported a £14.2 million loss after an unauthorised user sold five million shares in a company they did not own. "Increased awareness of the link between fraud and serious criminal activity such as organised crime, drug trafficking and terrorism, has amplified our ethical expectations of modern businesses," says David Porter, who leads Detica's risk-related work in financial services. He continues: "A company proactively protecting itself against internal fraud is not only safeguarding against monetary loss, but also reputation loss. Using analytics to improve detection frees up fraud departments from more mundane, repetitive tasks, and allows their resources to be focused on following more complex and potentially serious cases."

'Creative' accountancy has been a major factor in the corporate meltdown in America. Detica believes cultural reorganisation is crucial for companies to identify internal fraudsters. The start of this was evident on 14th August 2002, when the Securities and Exchange Commission ordered 947 chief executives to sign an oath certifying their companies' accounts. Tactics like this mark the beginning of an attitude change, but Detica warns that fraud can never be completely eliminated, only contained.

Another concern faced by banks every day is money laundering. European Union anti-money laundering legislation requires all banks to appoint a money laundering reporting officer (MLRO). The law has also established a 'due diligence' precedent, which involves ID checks when opening accounts, monitoring accounts for unusual activity and training staff to be constantly vigilant. The majority of tier one banks in the UK now own money laundering detection software, but the focus remains towards external threats. "Clearly this is important, but don't forget the insider angle on money laundering", cautions Sutherland.

Detica is in a unique position to work with clients to address this growing problem . "The foundation of our solution is the use of 'intelligent' systems to detect and diagnose patterns of fraud developing over time. However, that in itself is not enough. A company must understand and control both new technologies and the technologists who wield them," explains Porter. "Fraudsters not only steal money, but also compromise or even destroy image, credibility and reputation. By profiling human behaviour with analytics, the data obtained will not only detect fraud, but will be relevant to other areas across the company such as marketing and operations. Any investment made, therefore, will provide wider benefits to the enterprise at large."

Nick Miles Text 100 Public Relations Tel: +44 (0)208 846 0700 email: