Fraudsters to continue exploiting supply chain woes in 2022
17th March 2022
While supply-chain fraud is nothing new, it continues to be a major challenge globally in 2022 as the ongoing pandemic and now the conflict in Eastern Europe continues to disrupt everything.
Businesses have de-emphasised risk management for supply chains in their haste to find alternative supply sources. Continuous push for migrations of ERPs have also made supply chains more complex and more difficult to make water-tight. Fraudsters and criminal rings won’t miss the opportunity to exploit this situation.
In this piece, supply chain expert Laurent Colombant, Continuous Monitoring Solution Lead EMEA, at SAS, outlines how supply chain analytics will drive transformation as organisations strike the balance between continuity and survival on one hand, and risk management and fighting fraud on the other.
While most of us were coming to terms with the threat of COVID, and the unsettling new normal of life in lockdown, some people were figuring out ways to beat the system and make some money. Lots of money.
In May 2020, in the wake of a galling revelation by The Guardian, the NHS announced it was conducting an investigation into the man at the heart of the story. This involved an NHS employee, no less, who was alleged to have found a way of profiting from the dire, and insoluble problem of PPE procurement.
Though that investigation is not yet concluded, the allegations had all the hallmarks of supply chain fraud. The type that we as experts in emerging forms of logistics and SCM (supply chain management) cybercrime are trained to spot, however well-hidden they are. The type that SAS UK & Ireland’s advanced analytics and machine learning solution has become so adept at finding, and dealing with, for our clients.
As the nexus of global supply chains, procurement networks, accounting systems, and data servers that drive the world economy has expanded in scale and power, businesses have been empowered with more knowledge, faster transaction times, swifter communications and a lot more data.
The challenge is that even though the data exists it’s at times unstructured and it can be complicated to get insights and make connections between the data silos. This can then make it difficult to know if the data is being used for the right purpose.
The interaction between procurement data and master files in other systems is difficult to establish and even more challenging to check against third party data. There is a plethora of data but the lack of quality and different roles involved in obtaining, normalising and deriving insights from the data are challenging to say the least for most companies.
The combination of data issues and process complexity is well summarised by Mickey North Rizza from IDC : “Procurement fraud is notoriously difficult to detect and investigate, because it takes so many forms and can be driven by any number of actors, internal or external, at any point in the procurement life cycle. Manual detection is futile. Only the right combination of advanced analytic techniques can arm large organisations to battle the fraudsters.”
IT migration
With each innovation, each step up in complexity, there are more things that can go wrong. Take IT migration. When a company decides to push the button on the major investment needed to upgrade an accounting or procurement system, it has only the goal in mind: a better, more modern, more robust way of working that will pay dividends and increase efficiencies in the future.
What doesn’t always occur to those involved is the potential administrative nightmare that comes when a legacy system – or systems, as is usually the case – are riddled with incomplete, out–of-date records, inconsistent contact details, and the accountant’s worst nightmare – scrappy, disordered figures.
It’s a hassle for any business to deal with. But it becomes far more serious when a chink in the armour becomes an opening for the ingenious hackers who scour systems looking for weaknesses. Which is precisely what can happen when a system is badly migrated, or is made up of multiple, incompatible programmes and applications that don’t quite know how to talk to each other.
There are frauds carried out by external cyber criminals. And there are simpler ones – where a company’s own employee is fiddling the figures or paying himself, close friends/relatives or assisting external suppliers in financial crime, unable to resist the temptation a weak system offers them.
Supply chain and procurement related financial crime is now the second largest in the world by money lost – and gained. Cybercrime is modern warfare: military, political, corporate, even cultural.
For those tracking down the signs of fraudsters among a huge morass of data it can be like trying to track down a needle in a haystack that is ceaselessly growing in size and mass. But applying AI and analytics to this data, along with built in business detection and processing logic SAS has developed and honed for multiple uses, can hugely reduce your exposure to risk and cut out masses of waste, loss and abuse in a business.
With the right AI solutions a business can sense and track those crucial market demand signals and analyse the patterns and paradigms behind them. Marry up the demands and needs of the market with your own production and logistics output. Use powerful simulation tools to gauge and test the optimal inventory policy.
And, of course, to be more ready for cybercriminals specialising in logistics.
Not always an ominous threat
Most of the anomalies detected by SAS in supply chain and procurement end up being process breaches or data related errors. The distracted employee updating accounts late on a Friday afternoon, with half a mind’s eye on the pizza on the sofa or the pint in the pub. The overworked team member covering three colleagues’ jobs.
But for the deliberate switches on a purchase order or invoice price, or the more serious attack by organised criminals who use social engineering to have invoices paid to their own account number, usually the only way to pick up the most nuanced of clues requires a system capable of scouring a mass of data.
Smart use of data and cloud-based analytics and AI will not only detect the smoke signals, but further help you to quickly separate the serious from the spurious by providing not only prioritised cases but also the required contextual information to make decisions at the tip of a finger.
There is always a trade-off in any security – between being functional and being safe. With smart AI and fraud protection technology, the right balance is achievable.
Even in the hugely complex, serious crimes, there are always smoke signals, however clever the fraudster is.
It might be a company that inexplicably changes its VAT number repeatedly in a short space of time. It might be the call from the supplier seeking payment. The slightest anomaly or change to routine might also be the indicator – something as small as a change of address.
It might even be an online shopper buying potentially dangerous items, the kind of household items that can be used to manufacture arms and explosives.
If your system knows where and, more importantly, how to look; if you have the neural networks, AI and analytics techniques capable of detecting the anomalies, the unlikely coincidences, or the things that just don’t add up, you can be as close to safety as is possible.
With smart data and continuous monitoring and control analytics you can not only catch the crooks at it; you can build a case against them, take steps to retrieve the money, and look to move on, a painful lesson learned.
Then the next step is to take measures to have the perpetrator or perpetrators prosecuted. It’s a matter for the authorities, of course – but you will need to have a properly ordered system of evidence and records, fit to stand the rigours of a trial.
Which is why we build in precisely those capabilities – the evidence-trail building tools – right into our cloud-native AI and analytics solutions.
As long as there are people making money legitimately, there will also be those who seek to do it in a crooked way. As the world gets more complex, and technologically smarter, so do its criminals, and so must those of us determined to stop them.
After all, there is more than money at stake – there is your reputation as a brand, which any business leader knows is something you don’t leave a hostage to fortune, whatever the cost.