Technology View of Fraud, Waste and Abuse in Financial ... · Technology View of Fraud, Waste and...

Technology View of Fraud, Waste and Abuse in Financial Analytics

M a r c h 2 0 1 3

Technology View of Fraud, Waste and Abuse in Financial Analytics | March 2013

© 2013, HCL Technologies. Reproduction Prohibited. This document is protected under Copyright by the Author, all rights reserved.

Abstract ............................................................................................. 3

Abbreviations .................................................................................... 4

Current State ..................................................................................... 5

Challenges ........................................................................................ 7

Best Practices ................................................................................... 8

Conclusion....................................................................................... 12

References ...................................................................................... 13

TABLE OF CONTENTS


© 2013, HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.

3

Abstract

The discovery of fraud, waste and abuse (FWA) is a high priority for

financial insitutions in the US and around the world. FWA financial

analytics require software solutions which can address large volume

and discover hidden FWA occurences. Higher characteristics of

real-time and previously unknown fraud trends discovery capabilities

are becoming prevalent.



4

Abbreviations

Sl. No. Acronyms (Page No.) Full form

1 FWA (4, 7, 9, 10, 11,

12, 14)

Fraud, waste and abuse

2 CEP (8) Complex event processing

3 BRMS (8, 11) Business Rule Management

Systems

4 AML (7) Anti-Money Laundering

5 KYC (7) Know Your Customer

6 PMML (10,11) Predictive Model Markup

Language

7 JSR-94 (11) Specification Request for a

Java Rules Engine API

8 SAML (11,12) Security Assertion Markup

Language

9 XACML (11,12) eXtensible Access Control

Markup Language

10 FPGA (12) Field Programmable Gate

Array [semiconductor device]

11 HPC (12) High-Performance

Computing

12 MPI (12) Message Passing Interface

13 SAS HPA (12) SAS High Performance

Analytics

14 OpEx (12) Operational Expenditures

15 CapEx (12) Capital Expenditures



5

Current State

The current state of fraud, waste and abuse (FWA) financial analytics is described by an increased number of features provided by software solutions. Higher characteristics of real-time and previously unknown fraud trends discovery capabilities are becoming prevalent. An extension to this white paper is planned. Such extension is expected to align closer to specific financial processes of interest in order to refine the findings of this white paper and to explore greater level of detail within narrower areas of interest. More beyond fraud-detection systems coverage is expected. The fraud and financial crime prevention domain includes the following use cases:

Enterprise Financial Crimes

ACH and Wire Fraud

Anti-Money Laundering

Card Fraud

Organized Fraud Rings Loss reduction, compliance and business factors tend to drive the adoption of FWA analytics. Some elements of compliance legislation require absolute compliance in particular areas of financial organization operations:

United States o Gramm-Leach-Bliley Act (GLBA) o USA Patriot Act (Anti-Money Laundering/AML;

Know Your Customer/KYC) o FFIEC guidelines o Sarbanes-Oxley Act of 2002 (SOX) o Payment Card Industry (PCI) Standard o Right to Financial Privacy Act (RFPA), amended by

the Patriot Act o Bank Secrecy Act o Office of Foreign Assets Control (OFAC) sanctions o California SB1386 o Health Insurance Portability and Accountability Act

(HIPAA) for some types of transactions

Europe o EU MiFID o EU Market Abuse Directive o Terrorism Act 2000 (UK)

Basel II and Basel III Capital Requirements

Compliance and business objectives execution are supported by the majority of financial organizations‟ IT systems. This white paper‟s main concentration is within the fraud detection domain, but demonstrates how other financial operations and processes often have inherent co-dependencies on fraud detection systems.



6

Financial fraud detection systems traditionally rely on complex event processing (CEP) systems. Some financial organizations rely on custom scripts, while the general trend is toward fully-featured Business Rule Management Systems (BRMS). Many modern fraud detection systems have anomaly detection capabilities. Unusual and threatening patterns are continuously mined and presented as alerts. Fraud detection systems often include predictive models capability. Such capability predicts fraud risk scores and may re-route transaction execution and/or generate alerts. Fraud detection systems often include automated and interactive social network analysis. Such analysis aims to identify potentially threatening associations with known fraudsters, fraud rings and their patterns. Modern fraud detection systems allow global scoring of transactions in real-time and near real-time, as well as sub-second response of on-demand scoring. They offer scalable and sustainable scoring of high volumes of transactions. Sophisticated models and approaches may be used:

Neural Networks (including "Self-Organizing Neural Network Arboretum" [SONNA] – SAS patent), Decision Trees, Customer State Vectors

Hybrid multiple model operation

Champion/Challenger functionality

Multi-models ability to capture data types from across channels

Historical versioning and audit support

Unstructured text analytics

Note that anti-money-laundering legislation in the US and abroad

place particularly high demands and requirements on fraud

detection systems.



7

Challenges

The majority of fraud detection systems share common limitations and problems, such as:

Lack of flexibility to deploy new monitoring strategies

Inability to scale with transaction volume growth

Limitations pertaining to rules-based logic

Complexity of integration, isolated data silos, manual queries to many disparate systems may be required, findings of one system not shared with another

Limited procedures to detect risky patterns and manage the whole process from alerting to reporting

High false positives generate too many alerts, time consuming for analysts to identify and resolve

Detection and management processes may exponentially increase analysts‟ workloads

Increasing system sensitivity to identify more fraud transactions may increase false positives considerably

System ergonomics are not sufficient to aide analysts (visualization, drill-down capabilities)

Some sophisticated algorithms are difficult to perform in real-time

Variety of models (especially executed in disparate engines/systems) are difficult to orchestrate and complete results consolidation in real time

Custom financial processes might call for specialized systems and

approaches. For example, the high incidence of potentially risky

transactions calls for extra vigilance and flexibility to deploy a variety

of sophisticated models and approaches.

Fraud rings and individual criminals continuously invent new fraud

schemas – hence flexibility and efficient anomaly detection is

important for FWA management systems.



8

Best Practices

In this short white paper, we will address only the core approaches

(primarily business rules and statistical models) to detect and

manage fraud waste and abuse. FWA systems will benefit from

integration with other subsystems within the financial enterprise IT

environment. Proposed recommendations are reflecting general

trends in the FWA IT landscape, of increased flexibility and

customization requirements. We are looking forward to studying the

requirements in-depth, and adjusting the proposed solutions while

taking into consideration the existing infrastructure and solution

stack.

FICO Blaze Advisor is a business rule suite which is employed in

particularly in the financial domain. FICO Blaze Advisor key features

include:

Rule Maintenance Application (RMA) for previewing, editing, verifying and testing rules

Plug-in for Eclipse Integrated Development Environment (IDE)

Decision Graph, a decision tree management solution

Ability to edit decision tables through Excel

brUnit test framework, built on xUnit framework for unit testing

Decision Simulator module to estimate the impact of new and updated business rules before putting them into production

Comparison Query with Visual Comparison Editor to obtain and see all differences highlighted in the row and rows of a decision table or the branches of decision trees

Import of PMML (Predictive Model Markup Language) models, including neural networks and scorecards

Integration with FICO Model Builder, FICO's analytic platform, which provides:

Linear Regression, Logistic Regression and Neural Networks

Divergence-maximizing, Bernoulli likelihood, and multi-goal outcome scorecards

Continuous outcome scorecard, optimizing a least squares objective function

FICO Blaze Advisor for Java is a 100% Java solution that supports Web Services, Enterprise Java Beans (EJB) and Java Enterprise Edition (JEE) platforms, IBM mainframes, and other legacy platforms



9

The import/export of PMML is a growing trend which allows interoperability with the majority of statistical platforms such as SAS, R(Rattle) and RapidMiner. Custom requirements might call for trying out a variety of recently implemented or published algorithms, where flexibility to interoperate with a particular platform would be critical. The majority of business rules systems are JSR-94 compliant, which could allow interoperability across various rule engines to some degree. Both PMML model language and JSR-94 standards have their inherent limitations:

PMML supports a considerable number of models applicable to the FWA domain, but some models might not be supported. The newest algorithms appearing in publications are typically not supported in PMML

The JSR-94 is an engine API standard, but doesn't address rules interoperability. The ability to mix-and-match various business rules engines might be critical for some scenarios, but the majority of particular business rules engines recommend avoiding limiting to JSR-94 API only. Let's consider Drools recommendation listed in Chapter 7.1 (1)

There could be various use cases where PMML and/or JSR-94 interoperability would be desirable, even with some of their corresponding limitations:

o Profiling of various business engines performance/cost ratio (some engines have different versions of Rete algorithm implementation, licensing pricing varies from $0 [Drools] to tens of thousands $ per CPU)

o Profiling of various statistical platforms performance/cost ratio

o Real-time capabilities of all above

o Hardware testing and performance/cost optimization for a particular mix of loads for all above

Additional use cases for PMML interoperability could be adding scoring capability to general purpose databases (such as DB2) and to Hadoop. In-database analytics and in-Hadoop analytics are very efficient and economical for many large to very large scale applications.

Business rules interoperability per se is generally quite new and not widely supported area in BRMS, which is very well demonstrated in Chapter 5 of (2). Some use cases might call for exploration of particular standards and supporting systems.SAML (Security Assertion Markup Language) and XACML (eXtensible Access Control Markup Language) could be examples of standards which are very practical



10

in some privacy compliance use cases. SAML and XACML support is fairly common across many products.

There is some level of execution speed-up which exists across various infrastructure and hardware mixes. In particular, hard real-time requirements are often addressed in stock trading applications via FPGA architectures. IBM Netezza is classic FPGA analytics architecture. FPGA is becoming more common in products and appliances which were not originally designed as FPGA (such as Teradata). Stock trading applications frequently use HPC (High-Performance Computing) architectures such as low-latency and high-bandwidth networking. 10 GigE and 40 GigE could be considered for mainstream FWA applications, while very large-scale deployment might benefit from 40 Gig and 56 Gig Infiniband networking. Infiniband is generally rare for small to medium high-performance environments due to the fact that it is very different from Ethernet architecture and requires a steep learning curve. Direct Infiniband support without emulation is fairly uncommon across the majority of software. Still, Oracle selected Infiniband as their only connectivity system for their Hadoop as well as in-memory analytics appliances.

Management complexity of some infrastructure and software systems might be addressed by some level of data masking. PCI and other mandatory compliance regulations define data which need to be encrypted and protected. Some software systems have sophisticated data masking and/or data encryption capabilities where original plain text data is not accessible, even for super-users, roots or system admins, enhancing the level of protection for sensitive data.

Particular use cases might call for high performance statistical computing against a full (not a sample) dataset, where the majority of data needs to be placed into RAM. Economical and well performing scaling could call for highly interconnected clusters working mainly on MPI principles (like Revolution RevoScaleR). SAS HPA (High Performance Analytics) is another example of a distributed in-memory statistical platform which could be applied for some scale-out use cases. Algorithms availability in R vs. SAS, as well as licensing costs, are important factors to consider. R is generally free open-source software (FOSS), but its scaling within the FOSS realm is achievable on a case-by-case and algorithm-to-algorithm basis. Revolution R is a commercial offshoot of R which has some enterprise capability. Revolution also has the RevoScaleR platform which has a very efficient clustering and in-memory computation solution, but it supports a rather limited subset of R functions/algorithms. Similarly, SAS HPA is a clustering and in-memory solution which supports only a limited subset of SAS functions.

Special use cases might benefit from the highest performing

number-crunching chips available, which are IBM Power and Intel

Phi. The HPC world relies on performance per watt (important for

OpEx) even more than on performance per $ (important for CapEx),

since electricity and cooling OpEx usually exceed CapEx within a



11

rather short time of operation. IBM Power claimed 2.1 GFlops/Watt

efficiency, while Intel Phi offers 2.44 GFlops/Watt. IBM Power

requires a full IBM stack of hardware, while Intel Phi runs on various

servers and is less brand dependent, reducing vendor lock-in

concerns. Intel Phi is a very new platform, and might require C/C++

direct chip coding. Nvidia CUDA has dramatic performance

characteristics, though it provides acceleration for a smaller subset

of tasks when compared to the rather general purpose Intel Phi

architecture. All challenges with the highest performing chips could

be addressed such that these chips will become economically viable

for some high-scale and/or real-time use cases.



12

Conclusion

The most common approaches to address financial FWA were

presented in this paper. We presented open and interoperable

architecture which will allow the inclusion of traditional financial

FWA solutions as well as more generic packages (such as SAS and

R) to address custom needs.



13

References

1. JBOSS. Drools. [Online] [Cited: 2 27, 2013.] http://docs.jboss.org/drools/release/5.2.0.Final/drools-expert-docs/html/ch07.html. 2. The Johns Hopkins University Applied Physics Laboratory (JHU/APL). National Human Services Interoperability Architecture, Business Rules White Paper. [Online] 6 2012. [Cited: 2 27, 2013.] https://www.acf.hhs.gov/sites/default/files/assets/o_rules_d02_0.pdf

Author Info:

Andriy is a Sr. Solution Architect with HCL‟s ERS-SEG-TFG. He has over 20 years of experience in the areas of data management and software development.

Some of his work includes:

Led the Big Data infrastructure work with a large medical insurance provider.

Served as a product owner of the US national “Transitions of Care” Reference Implementation project. This project consolidated HIT community efforts to establish the next generation of HL7 data exchange standards. http://wiki.siframework.org/Transitions+of+Care+%28ToC%29+Initiative

In 1998-2000, Andriy designed NoSQL GIS architecture with some MapReduce paradigms of image processing which demonstrated very high scalability/cost characteristics.

Hello, I’m from HCL’s Engineering and R&D Services. We enable technology led organizations to go to market with innovative products and solutions. We partner with our customers in building world class products and creating associated solution delivery ecosystems to help bring market leadership. We develop engineering products, solutions and platforms across Aerospace and Defense, Automotive, Consumer Electronics, Software, Online, Industrial Manufacturing, Medical Devices, Networking & Telecom, Office Automation, Semiconductor and Servers & Storage for our customers.

For more details contact [email protected]

Follow us on twitter: http://twitter.com/hclers

Visit our blog: http://www.hcltech.com/blogs/engineering-and-rd-services

Visit our website: http://www.hcltech.com/engineering-services/

About HCL

About HCL Technologies HCL Technologies is a leading global IT services company, working with clients in the areas that impact and redefine the core of their businesses. Since its inception into the global landscape after its IPO in 1999, HCL focuses on „transformational outsourcing‟, underlined by innovation and value creation, and offers integrated portfolio of services including software-led IT solutions, remote infrastructure management, engineering and R&D services and BPO. HCL leverages its extensive global offshore infrastructure and network of offices in 26 countries to provide holistic, multi-service delivery in key industry verticals including Financial Services, Manufacturing, Consumer Services, Public Services and Healthcare. HCL takes pride in its philosophy of 'Employees First, Customers Second' which empowers our 85,194 transformers to create a real value for the customers. HCL Technologies, along with its subsidiaries, has reported consolidated revenues of US$ 4.4 billion (Rs. 23499 crores), as on TTM ended Dec 31 '12. For more information, please visit www.hcltech.com

About HCL Enterprise HCL is a $6.2 billion leading global technology and IT enterprise comprising two companies listed in India - HCL Technologies and HCL Infosystems. Founded in 1976, HCL is one of India's original IT garage start-ups. A pioneer of modern computing, HCL is a global transformational enterprise today. Its range of offerings includes product engineering, custom & package applications, BPO, IT infrastructure services, IT hardware, systems integration, and distribution of information and communications technology (ICT) products across a wide range of focused industry verticals. The HCL team consists of over 90,000 professionals of diverse nationalities, who operate from 31 countries including over 500 points of presence in India. For more information, please visit www.hcl.com

Technology View of Fraud, Waste and Abuse in Financial ... · Technology View of Fraud, Waste and...

Documents

Transcript of Technology View of Fraud, Waste and Abuse in Financial ... · Technology View of Fraud, Waste and...