Following the Money: Tools and Techniques to Combat Fraud

Natalie Loebner is the founder and owner of Loebner Consulting LLC, providing subject-matter expertise to the public and private sectors in complex financial investigations, with a focus on software development, automation implementation, and leveraging data analytics to improve investigative processes. She is a former Special Assistant United States Attorney (SAUSA) and Trial Attorney for the Department of Justice (DOJ) Tax Division. 

Fraud and scams remain a growing problem, increasingly intersecting with threats like human trafficking and Chinese organized crime syndicates. The United States Government is itself a victim as it is defrauded of as much as a half a trillion dollars, prompting the Department of Homeland Security to rightly characterize fraud and counterfeiting as a national security threat.

Everyone agrees better law enforcement is needed to combat today’s fraud, which is voluminous and sophisticated. High-tech fraudsters dupe victims across multiple financial institutions (banks, peer-to-peer payment platforms, cryptocurrency exchanges, etc.), leveraging messaging, social media, and data platforms in their schemes. Given this complexity, there hasn’t been great consensus on what “better law enforcement” would actually look like. But it is clear that combating modern fraud will involve a complex framework of mutually supporting tools and initiatives, such as digital identity verification and authentication, transaction monitoring and anomaly detection, victim notification, and information sharing partnerships. 

So, what efforts would yield the greatest impact, given the uncertainty about what will fully solve the problem and reasonable concerns about the costs and disruptions that any interventions will bring? 

The Answer Is… Data 

Financial transaction, telcos, social media, and other platforms generate an immense amount of data. If these data are unusable or impossibly slow to navigate, the ability to leverage these important tools to combat fraud is degraded. Any effort to meaningfully curb future fraud will require a sturdy foundation – one built on a set of universally accepted financial data standards. But that universality means that we need policy makers to set new standards for what data must be made available to combat fraud, who can use it, and how it can be used.

Consider a scenario. FBI investigators are looking into a series of romance scams. These scams targeted dozens of victims throughout the country. The victims were all conned – via four different social media and messaging apps – into providing funds using three different fintech peer-to-peer payment services which are ultimately connected to accounts from 14 different banks. Investigators have preliminary information – written interview statements, screen captures of messaging threads, a few hard copy bank statements, narratives from FinCEN filings – but they all naturally lack easy-to-exploit metadata to identify meaningful connections quickly. The team begins the daunting process of issuing subpoenas to the various entities involved. These companies are (mostly) eager to help investigators, understanding that these scams damage their own bottom lines and reputations. The subpoenas asked for “digital records” but did not otherwise specify any particular format or structure for the response. This left each entity to use its own judgment and processes in responding. As a result, their collective responses represent a cacophony of formats and methodologies.

• Nearly all the banks, when asked to provide records of “all financial transactions,” provided thousands of pages of documents in PDF format. Fortunately, the investigators have a contract with a service that will ingest these PDFs and put them in a structured database using AI. Unfortunately, with this many statements – and with the existing backlog of requests – it will take a month to complete this work. This delay comes on top of the months it took to obtain the records in the first place. And the results won’t be that helpful – the documents are effectively bank statements with limited transaction data and lack any of the essential metadata surrounding the transactions, such as the associated device IDs for specific mobile banking transactions. The team then spends the next month awaiting the completion of a process of taking unstructured PDF statements (generated from the banks’ structured data systems of record) and generating a new structured dataset, crossing their fingers that there are no errors in the AI extraction process.

• Each of the three fintechs, in contrast, provided their own structured data files. The files are complex, each containing numerous tables. The data within each file is extensive, containing a lot of extraneous information not needed by the team. While some data headers are easy to identify based on the name, others are not. As no company provided a data dictionary (after all, the investigators didn’t ask for one), the team must study the information for days to understand its significance, if any. The structure of each company’s data file is unsurprisingly inconsistent. Because the files are structured so differently and are so complex, joining them together to perform effective analytics requires the team to leverage a contractor to write the ad hoc code to join the tables. The team and contractor spend a couple months sifting through the data.

• The responses from the social media and messaging companies sort of a hybrid of those provided by the banks and fintechs, three providing their own bespoke structured data tables ranging in size and complexity, and one providing unstructured PDF documents containing some important metadata elements. “Good thing we have these contractors to extract the PDFs and join up this new data!” 

This is hardly a model of investigative efficiency, but anyone with experience in modern fraud investigations understands this is not a fanciful or unrealistic scenario. And the average taxpaying citizen would be right to feel depressed and outraged by it. 

Are the responsive third-party companies to blame for this sad paradigm represented in this scenario? Not really. Each was trying to be helpful and provided responsive digital records but were left to effectively guess what information investigators needed. Hardly a fair request.

The Fault is Not in Our Stars, But in Ourselves

The truth is that the problems faced by regulators and investigators are largely a product of its repeated practice of requesting financial records without specifying a specific standard for the format and elements needed. Had the team in our scenario issued subpoenas specifying the elements and formats needed, they would have avoided their various woes and drastically simplified their task of performing data analytics. The benefits of fixed, public data schemas are evident in the regulatory technology tools used to investigate cryptocurrency crimes. Instead of waiting six months to get responses back to subpoenas to trace each hop of a fiat transaction, blockchain forensics tools arm investigators with a more real-time assessment. On the flip side, the responding third-party companies would have clarity on what investigators needed, yielding a shorter production timeline and avoiding the time spent on follow-up requests. From the perspective of fraud victims who otherwise face a years-long process before receiving recovery and/or justice, this seems to be a “win-win.”

Given that the federal investigative practice has not changed despite the clear potential benefits, one might assume investigators and prosecutors don’t know how to ask for this degree of granularity when obtaining electronic records. One would be wrong. Public court dockets are replete with examples of highly detailed requests for electronically stored information in other contexts. 

So, what explains the stagnation and recalcitrance? As with many similar ventures, it is seemingly a lack of collective will. That needs to change. True, there have been some recent encouraging efforts toward setting financial data standards. At the federal policymaking and regulatory front, Congress enacted the Foundations for Evidence-based Policymaking Act of 2018 and the Financial Data Transparency Act, and the Department of Treasury published rules implementing the Financial Data Transparency Act. Similarly, the National Credit Union Administration (NCUA) has created standard data calls for many of its financial services. In the private sector, trade organizations like the Financial Data Exchange have focused on operational data needs for emerging financial technology services companies. While these efforts represent an important step, they were all done without any meaningful input or coordination with law enforcement. Thus, they do not adequately support anti-money laundering and fraud investigations. 

A fresh push is necessary toward developing common financial data standards. And while that push could be a complete “top-down” approach imposed by regulators and government policy makers, it shouldn’t be and doesn’t have to be. Based on my experience, I can safely say most banks can produce at least 80 fields of structured data surrounding financial transactions, while many others could probably produce over 200. Congress could write a law today outlining 80 fields as a structured data file for subpoena responses that most institutions can implement very quickly and would enable law enforcement to work more cases more efficiently. This is just one example, but there are countless others. 

Conclusion

The public and private sectors must come together to flesh out common data standards for records requests that satisfy the needs of fraud investigators while requiring minimal efforts toward implementation and compliance by relevant stakeholders within the financial ecosystem. Leadership is clearly needed to set standards, and that leadership could come from existing organizations already committed to data standardization, such as the National Institute of Standards and Technology, FINCEN’s Bank Secrecy Act Advisory Group or the Department of Justice’s NIEM subcommittee. That said, collaboration with the private sector is essential for developing a useful and feasible solution. 

Development and universal adoption of financial data standards would almost certainly reap outsized dividends in combatting fraud. These efforts would maximize the benefits of parallel initiatives, like those highlighted at the outset of this article. It would also support and enhance much-needed efforts by the federal government to create internal efficiencies as well as connect and enrich their own data. Greater effort is needed toward more comprehensive, transparent, and reliable collaboration and data sharing across agencies as such efforts make it far easier to trace a bad actor’s transactions across the panoply of platforms and institutions in the modern financial ecosystem. Nonetheless, these efforts would be far simpler when married with subpoena and discovery responses adhering to universally-accepted data standards.

Time is of the essence. The pace of financial crime is growing. We must act quickly, decisively, and clearly if we are to have any hope of stemming the tide. We should begin with the “low-hanging fruit” efforts – like common data standards for fraud records requests – that would achieve definitive results through minimal effort.

The opinions shared in this article are the author’s own and do not reflect the views of any organization they are affiliated with.

Open Banker curates and shares policy perspectives in the evolving landscape of financial services for free.

If an idea matters, you’ll find it here. If you find an idea here, it matters. 

Interested in contributing to Open Banker? Send us an email at [email protected].