Simon Dennis, Director, Future Government and AI Evangelist , SAS UK, discusses how the UK can face a new and more widespread fraud challenge
COVID-19 and its effect on the global economy has ensured that a recession is all but guaranteed for the UK. More than that, the aftermath of this impending recession is set to be worse than what was experienced in 2008.
I set out, in my previous blog, the pressure on the UK Government to find ways to cut costs. This makes it vitally important that the elimination (or at least reduction) of fraud, error and waste is tackled. Otherwise, it’s equivalent to ‘tightening your belt while money is coming out of your pockets’.
To put that in context from a fraud perspective, BDO suggested that, in the wake of the 2008-2009 Financial Crisis, the amount of money lost to fraud jumped from an average of 4.6% of total spending in major developed economies from 1997-2007 to an average of 5.5% between 2007-2011. That equates to a 20% increase and a total cost of about £85 billion per year for the UK alone.
The good news at least is that, in the UK, fraud cases have reduced by 13% in the last year. This is due in no small measure to the ongoing leadership of the Cabinet Office’s Fraud, Error, Debt and Grants Function. However, there is an expectation that, with an impending global recession, fraud and financial crime will be on the rise again in the coming months. In a sector where cost-cutting is a way of life, this is a particular concern for the Government and the public sector as a whole. As a result, the challenge needs to be tackled head-on with a proactive approach.
More fraud and different fraud
Beyond the increase in intent-driven by the economic factors post-pandemic, there are two other key elements to bear in mind.
The first is that new fraud opportunities will have been created that are thus different in signature to others in the past. New approaches will be needed as the data required for detection may be different in scope, both in scale and subject, because of the significant changes in the economic and benefits landscape. Existing models will still detect certain frauds but investigators need to be even more agile to pick up the new fraud vectors, some of which have already emerged in the ‘new normal’.
For example, direct fraud committed against the initial Job Retention Scheme. Similarly, early warning and intervention strategies need to be developed and deployed in-year rather than retrospectively for one-off schemes, such as the tax holidays being offered to small businesses. These could tempt owners to phoenix in the short-term or it could offer opportunities in which they might be exploited by intermediaries, diverting the flow of tax revenue in ways that normally would trigger an alert that they may soon avoid paying their dues. The Bounce Back Loans scheme announced in May, which enables businesses to borrow between £2,000 and £50,000, is also being targeted by crooks obtaining loans in the names of legitimate businesses and then laundering the proceeds through the unwitting business’s trading account.
The second challenge is existing frauds won’t ‘look the same’. Changes in behaviour and the economy mean that new normal and abnormal activity have blurred which will clearly make detecting anomalies more difficult. False positives will increase if the historic detection method is used, as behaviours once uncharacteristic pre-pandemic are forced by circumstance and trigger alerts.
This is further complicated by the fact that fraud and error will now look more alike than before, partly as there are always errors with new schemes that are rolled out and partly through the very limited ability to use historic information to classify behaviour or develop machine-learned algorithms without significant supervision. It will therefore be easier for fraud to be lost in the background noise amid genuine error, which will distract the investigators in the field where a more broadcast-based education initiative could be deployed – an explanatory notes brochure perhaps.
An additional limitation in practical terms could be the impact of depleted government resources to tackle fraud. It is thus critical that decisions on redeployment of civil servants experienced in tackling fraud are made at the appropriate level to understand the ramifications, and departmental leaders should be doing their utmost to ensure that these personnel are not lost. Brexit will bring further changes via new legislation, including new opportunities for smuggling goods into certain countries.
Furthermore, increased online activity at the expense of face-to-face interaction also presents more opportunities for fraudsters to cash in. This is likely to be the case regarding procurement fraud – this is on the rise and likely to be accelerated by less supervision. It is often committed by insiders within organisations, many of whom may be more disillusioned and susceptible to fraud than in normal times.
It all amounts to a ‘heady mix’ of change, and change is something fraudsters always look to take advantage of.
The new challenge
So how is this new and more widespread fraud challenge to be tackled?
The models that worked successfully in the past to keep UK fraud at lower levels than that of other countries can no longer be relied on, due to the rapid and significant changes already mentioned. New agile systems are required, along with the skills to implement, deploy and use them.
Artificial intelligence (AI) is needed along with scenario-based modelling. This approach looks at all the things that could happen and uses them as inputs in multiple simulations. Over time the machine learns from all these inputs and this can fast-track the creation of a system to spot fraud. The same techniques are used by banks to model risk and ideally, could be used by The Treasury as well to model its risk factors.
Hybrid models should also be used, spanning the widest range of analytical techniques from a simple regression model to complex decision trees and social network analysis. Counter-fraud systems with AI can also communicate with potential fraud perpetrators via many channels to elicit additional information to move a case from a moderate risk score to either high or low risk, reducing the number of cases that need human attention. These approaches can also be used to nudge people back into compliant behaviour.
While the UK has already made some strong progress in tackling fraud through the implementation of AI and machine learning, the public sector needs to build on this progress and utilise it more widely and in a more integrated way to strengthen its defences. To ensure that this is both possible and effective, some processes need to be put in place first.
The key to success
It is imperative that the public sector consolidates its efforts and establishes a culture of data sharing between departments. For example, to detect payroll and benefits fraud both DWP and HMRC should be actively exchanging expertise and information on employees and employers respectively. (There would, of course, need to be checks and balances in place to prevent any inappropriate sharing of personal data.)
Having this level of integration relies on easy access to the data at your disposal. It may be necessary or even prudent to maintain the relevant data siloed across various different platforms. But, importantly, it should instead be accessible from a single analytics platform.
Modern cloud systems allow access to be orchestrated with minimal data movement and computation being conducted where appropriate, or for data to only be held in volatile memory during analysis. Even where this is not possible, it should also be possible to share insights across departments from analysing available and shared data. In addition, of course, having access to shared models would enable those with less capability or data resources to utilise what machines have learned about likely indicators – this is almost unheard of but would be a further step in the right direction.
With all the data corralled, the techniques used to commit fraud can be identified, combined and fed into analytical models. The models, powered by technologies such as AI and machine learning, can then sift through this data and identify patterns which can be used to prevent and deter as well as detect fraud. With these patterns changing rapidly, leveraging the best predictive technology to identify them is the most effective way for the public sector to keep fraudsters at bay and reduce the cost of fraud. These models must also be constantly recalibrated to allow for the more gradual changes in people’s behaviour as we emerge from the pandemic and recover our economy.
The continuously evolving approach should also use robust scalable software that enables models to be easily put into production. It should, however, also provide rigorous processes for ethical and privacy governance around model derivation and deployment and enable slick daily refreshes or upgrades. This also facilitates the use of data scientists skilled in using open source languages such as R and Python also playing a vital role in the overall system. These can be used in discovery and experimental work and then managed on an enterprise platform where audit and oversight can be maintained.
With the pressure on the public sector to cut costs, tackling fraud is a great place to start. Investments in technologies such as AI and machine learning, while integrating insight across a unified platform, are key to reducing the waste of taxpayers’ money lost to fraud.