According to the 2012 Report to the Nations on Occupational Fraud and Abuse, published by the Association of Certified Fraud Examiners (ACFE), $3.5 trillion worth of fraud occurs every year. Industries such as insurance, public sector, banking, healthcare and utilities bear more than their share of this risk and often spend millions in their attempt to detect, investigate, analyze and prevent it, with varying degrees of success. Investigators are forced to wade through massive amounts of data, which potential perpetrators count on to shield them from detection and prosecution. To help companies face this challenge, last month SAP announced SAP Fraud Management, leveraging the power of its HANA platform. The goals:
- reduce the cost and effort of investigation, by providing tools to better detect new and changing fraud behavioral patterns
- redirect efforts away from false alarms in order to deter and possibly even prevent a fraudulent transaction from being completed
- and of course… earlier detection by processing high volumes in quasi real-time
What Is It?
SAP Fraud Management is part of SAP’s Governance, Risk and Compliance (GRC) product portfolio, along with Process Control, Access Control, Risk Management and Global Trade Management. It is part tool (for the IT department) and part analytic application (for fraud investigators).
The potential for the solution was demonstrated at the SAP Insider GRC 2013 conference in Las Vegas using an example from the insurance industry. Michael Lortz, Sr. Director, Solution Marketing for the GRC portfolio of products played the role of an investigator tracking down a potentially fraudulent automobile insurance claim. A young policyholder had submitted a claim after an accident that had occurred between 1:00 and 5:00 AM. The detection engine flagged it as suspicious due to the combination of the age of the operator and the time of day the accident had occurred.
The first step Michael, as the investigator, took was to do a “network analysis” to look for the same set of circumstances in any other claims. Come to find out this young claimant, and two others involved in the accident were also participants in four other claims. What are the chances this kid had five different legitimate accidents involving the same people? Slim to none? Obviously the perpetrators of the fraud were counting on the sheer volume of claims processed to mask this. In fact, they were successful the second, third and fourth time. The fifth time around, with the help of some enabling technology, somebody noticed.
As a result, the transaction could be flagged as fraudulent before any payout on the claim was made. But more importantly, the engine that triggered this as a suspicious claim could be recalibrated to change the thresholds that trigger audits that would prevent, if not the second claim, at least the third and fourth. And through recalibration of the rules, the likelihood of any transaction flagged as suspicious turning out to be fraud is increased substantially. Tracking down “false alarms” is costly and unproductive. So the ability to reduce those “false positives” can represent a huge savings.
Part Application, Part Platform
So, is SAP Fraud Management an application or is it a set of tools from which a clever customer or an SAP partner can build an application? The answer is, “Yes.” It is part application and part tool and it relies on the HANA platform for some of its functionality. Of course, this example provides a compelling business case for the insurance industry. While this was automobile insurance, surely it could be tweaked for homeowners and other kinds of liability insurance. The net result is a complete, working application for this industry.
However, the processes of detection, investigation and deterrence are similar in managing any kind of fraud and can be pre-built into a framework:
- Detection based on a set of rules
- Analysis of a network of objects looking for similarities (participants in insurance claims in this instance, but just as easily dinner guests on an expense report, deductions on a tax return, etc.)
- Combined with a timeline (in what period of time were all these claims filed?)
- Documentation of decisions (e.g. not to pay a claim, to reject an expense or to conduct a tax audit)
- Add deterrents and refine the process by recalibrating the rules for identifying possible fraud
But the team building SAP Fraud Management didn’t have to create all this from scratch. It also looks to HANA to speed the investigation with its ability to process and analyze massive volumes of data, seemingly in real time since there are no spinning disks to traverse. All data is stored in memory, speeding the process. Rules are defined natively in HANA, while the “calibrator” is a specific tool created for Fraud Management.
Similar scenarios could be constructed for public sectors and the detection of tax evasion or perhaps abuse of social services such as food stamps or disability claims. Or it could help private companies detect fraudulent expense reporting or questionable purchases. Given the ACFE estimates the average organization is at risk of losing up to 5% of its revenue to fraud, the potential payback is more than significant. It can be huge.
Chances are SAP will not speculatively develop these industry-specific versions themselves. It is more likely for some of its partners to develop them. Most notably, we might expect to see some of the larger management-consulting firms with large risk management practices develop these for industries they serve.
Conclusion and Recommendations
If your company is at risk for significant financial loss as a result of fraud, SAP Fraud Management is certainly worth a look. First quantify the risk and then assess the cost of your current efforts to contain and mitigate that risk. If you employ fraud investigators, you must have some measure of their success and chances are you measure the number of potential cases investigated, along with the number of real occurrences of fraud. The goal should not necessarily be to increase the number of cases of fraud detected, but to detect fraud more quickly and to minimize the number of cases you chase that lead to no fraud (fewer cases of false positives). SAP Fraud Management, powered by SAP HANA can help you stop chasing down rat holes. This will allow you to set thresholds of risk lower and investigate more cases that can be proven fraudulent. Ultimately the goal is to maximize the amount of fraud prevented.