Big Data techniques can enhance risk management through improved detection of frauds and violations of compliance controls - I spoke about it here earlier. In our deployments across process areas and industry domains, we have seen that advanced machine learning algorithms are vital to boost accuracy of alerts and achieve outcomes that can be actioned upon. Let me walk through why this is relevant.
The traditional approach
Traditionally, a rule based regime in the form of logical statements or summation of weights for various conditions has been used.
Taking the example of the payments function, this exercise can take the form of creating a risk scorecard as follows
a) If vendor is less than 6 months old, add 5 points. If vendor is between 6-12 months, add 2 points
b) If invoice amount is more than 2X the average amount for the previous year, add 4 points. If invoice amount is more than 4x the average amount, add 10 points
c) There would be similar rules dealing with number of invoices in a period, currency of transactions, mode of payment, vendor size etc. with risk weights assigned in each case
The total weights are then aggregated to get the overall risk score and determine if the transaction is suspicious.
Shortcomings of the traditional approach
While this approach to achieving a decision outcome seems intuitive and serves as a starting point, it does not necessarily work for a few reasons
a) The previously identified fraudulent transactions are very few and a priori rule set will not help in uncovering such frauds. To paraphrase the opening line of Anna Karenina ‘All routine transactions look alike. Every deceitful transaction is rotten in its own way’
b) Lacks the ability to learn from feedback so that the results of investigations are fed back to improve results over time
c) Generates high number of false alerts and clogs investigation bandwidth
Investigation is expensive and it is difficult to attain closure at times. Too many misses would impact the credibility of the exercise. In the accounts payable space, use of machine learning to detect duplicate payments helps in meeting the end goal of identifying most of the anomalies while still keeping the false positive rates down. (In statistical speak, achieving good recall while scoring well on precision).
The new data-centric approach to intelligent detection
Machine learning models learn from data without having to rely on pre-determined rules, the machines shape their own rules by figuring out what really matters.
As you might expect, the process is iterative, going through continuous improvement and can accommodate emerging new risks. The algorithms could need upgrade, as we saw in the Apollo implementations, and some additional data sources might need to be gathered for fine tuning.
Man machine collaboration
While there is significant opportunity to enhance machine led intelligence, let me emphasize that I don’t see the human element lose its critical edge. A judgement needs to be made around determining areas of focus, data choices that are legally sound and acceptable, feature engineering and finally around investigation to identify control weaknesses. Amidst this hype around machines taking over, I would recommend some humility and suggest that this capability be used more to force multiply the efforts of risk and compliance team.
By R. Guha, Head Corporate Business, Development, Apollo Platform, Wipro Limited