Legal firms are required to do enhanced due diligence to satisfy both internal regulatory obligations around anti-money laundering checks and to deliver on client services they sell – for example, third party due diligence checks on suppliers for modern slavery issues, the background of directors and company finances. In addition, to enhanced due diligence legal firms need to carry out investigations when they work with insurers to investigate claims fraud, with financial institutions to help recover funds when they are defrauded or with individuals when their are disputes over assets, among other situations. In both these cases, increasingly rigorous regulatory demands and more sophisticated methods of hiding fraudulent activity across international boundaries have left legal firms needing to do increasingly complex checks and investigations over a more diverse range of data sets in order to win business. This is a time-consuming process when done manually.
Legal firms can of course resolve this by hiring more investigators and analysts, but that means extra costs and the unfortunate choice of having squeezed profit margins or having to pass the extra costs onto customers in terms of fees, potentially pricing themselves out of opportunities for business. Technology that can help make enhanced due diligence and investigation processes more effective, faster and efficient is available; however, with numerous technology solutions in the market, it can be a problem to know and understand which one is best for you. In this article, we examine and evaluate the core elements of a successful enhanced due diligence check or investigation, so you can better evaluate a provider’s offering.
Automating Enhanced Investigations
When a technology provider says that they can help automate enhanced due diligence checks or investigations, it is important to understand what aspect of the process they mean. Enhanced due diligence checks and fraud (or any kind of criminal) investigations invariably necessitate the need to aggregate data from across multiple data sources, filter it, organise and analyse it, identify links between entities and then prepare reports that justify your decisions. If a platform only helps automate basic due diligence PEPs and Sanctions checks, the extraction of information from a form, or reminders to follow steps in a workflow – but leaves you having to do all (or most) of the data gathering, filtering and finding hidden links and connections in the results manually – it means it is only a case management system or capable of basic due diligence, and is just one part of the puzzle. You still need a solution that can automate enhanced due diligence or complex investigations.
Multiple Data Sources
Enhanced due diligence or investigations into fraud, whether for financial institutions or insurance or otherwise, are complex. Different data sources provide different insights into individuals or businesses that can be used to evaluate and discover hidden risk. For example, if risk has been identified in an insurance claim, DVLA data will identify vehicle history, Companies House and third party financial data providers is crucial to understanding the financial circumstances of the claimant, while open source intelligence can help to identify adverse media and any connections between the claimant and perhaps an association with a company that is in fact the supplier of services in the claim. In disputes over assets alternative data sources are key to identify whether the parties have indeed revealed everything about their financial situation.
As multiple data sources are essential for more complex investigations, any solution provider should have the capability to offer automation that utilises them.
Multiple data sources are a key component but you should not only look for a solution provider who can automate over multiple external datasets, you should go a little further and ask if they have a data agnostic approach.
A data agnostic approach means that they do not limit themselves to a fixed number of data suppliers but will work with you to ensure all the data you need for each, and every kind of enhanced due diligence check or investigation is integrated. This way you maximise the amount of automation in your investigation and operational efficiency.
If the solution provider only aggregates their own proprietary data, you may find that you can indeed have seamless automation across their datasets, but then have the time-consuming headache of trying to integrate crucial information from other sources manually.
Open Source Intelligence
Open Source Intelligence is crucial for both regulatory compliance checks and investigations. It is mandated by the FCA as a core component of anti-money laundering enhanced due diligence checks and is instrumental in investigations. In the latter case, if you were doing an investigation into the assets of an individual which were under dispute, open source search could be used to find background information on their employment and connections that would not otherwise be found. However, standard search engines are designed to maximise sales for advertisers; when used for compliance or intelligence purposes they inevitably generate huge amounts of false positives. While adverse media that only looks at mainstream media misses many opportunities to find key information. When an organisation says they have an adverse media or open source intelligence tool, ask if they are using the Google or Bing APIs for more neutral information or just the search engine? In addition, what tools do they have to filter information and provide international results that pull in information from the local country search engine.
Cross Data Source Analysis and Collation
Multiple data sources are key to any investigation because each of them reveals different information about a name, phone number or email address. But searching different datasets is just one part of the process – aggregation and analysis of the findings to detect links between entities across the different results, is equally important.
For example, if you are investigating an insurance fraud and searching for information around the claimant, third party, and the repairer ecosystem, it might well be that a key evidential link is that they live on the same street, that they attended the same school, or that they have directorships at the same companies.
It is imperative, therefore, that, rather than just allowing you to set up workflows on each data source as a silo any automation solution is able to carry out automated aggregation and data collation across all your data sources. Visualising the associations between the entities allows you to join the dots and more easily discover hidden links. In other words, give you a unified, holistic view of your subject and eliminate the need to spend the time to manually read through each set of results to identify the links above.
Risk assessments are key to narrowing down and allowing you to only have to do enhanced due diligence on the right individuals, freeing resources for the more detailed investigation stage.
Any solution provider should therefore offer the ability to set up sophisticated risk assessment rules. But for a rule to successfully assess complex risk, it has to collate across multiple data sources concurrently, as each will have its own impact upon the investigation. If not, your risk assessment workflows will only work on each data source individually, which means operational efficiencies.
An enhanced due diligence check or an investigation will inevitably need to be presented as a report with evidence to support your decisions.
You should therefore ask yourself if a solution provider has the capability to automate report preparation in a standardised fashion with all activity logged to the appropriate standard. If an investigation might result in legal proceedings before the civil or criminal courts, you will need to have increased levels of auditing capability governing the data sources interrogated, the person conducting the search and on many occasions the grounds for processing the data.
Whether for further investigation efficiency, measurement or continual learning and data integrity, it is necessary to understand whether the search and risk assessment algorithms and the methodology behind them are the proprietary IP of the software provider or transparent to you as the customer. In the event you simply have to trust the software provider that the flagged cases might be fraud, it has far-reaching implications in many areas:
Case Management – Without the sources of evidence why a particular case was flagged, it means you will effectively have to start again in your investigation to build out the case, spending much more time.
Operational Efficiency – Being able to see the methodology for why certain entities and results have been chosen, enables someone to quickly evaluate and use their decision making to filter again, moving the process forward faster to identify false positives.
Measuring Success – Without access to the algorithms being used by the solution provider, it is hard to see if they are accurately discovering fraudulent activity.
Process Improvement – Without access to why cases are being flagged, there is no way to get the data that will enable you to learn and improve processes and efficiencies.
Underutilisation of expertise – Your team are experts in identifying risk and fraudulent behaviour, if they are unable to have input across your risk assessments then it is not efficient.
Strict anti-money laundering legislation means legal firms will find themselves having to do not just basic due diligence but, in addition, enhanced due diligence. If your provider cannot offer automation for both steps, then you will have to do the enhanced investigation manually or look for two solutions and then have the added inefficiencies and costs from syncing data between the two solutions.
AI and machine learning have incredible potential, but it comes with several considerations. While AI is used to detect additional patterns inside the data, if the focus is simply on internal data, can it make up for the shortcoming compared to using a more holistic approach with multiple datasets?
Inevitably, when you have flagged certain claims and decided to reject them, if it then goes to a dispute, will the evidence from the AI be available or inadmissible? If not, you will still find you have to build out the case again using a traditional data gathering strategy over multiple data sources. In which case, the AI is limited to the initial risk assessment filtering stage and even then, you will have many of the problems associated with a lack of transparency in methodology.
In more complex investigations, it is likely that you will need to follow up on possible links between entities and build out a trail. Ideally your technology provider’s solution will be responsive and scalable enough to allow you to automate that process, offering the tools to update your results seamlessly – in real-time – and get visualisations of the impact of your new variables on your overall investigation. This may be the ability to conduct follow on searches linked to the earlier findings, or it might be the need to monitor ongoing changes for that business or person.
Investigations are exceptionally time-consuming and a burden for your investigative team. Any solution provider will tell you their solution is best, but how much time can they give your analysts back to focus on decision making? This is the key measurement.
If you’re in doubt as to how much efficiency a provider might bring, challenge them to provide you with a free pilot or ask to speak to their references.
While the real savings and efficiencies lie in a solution’s ability to offer a genuine aggregated automation experience across all your chosen data sources, there are other questions you might want to ask:
Technological – This is a complex process therefore it is essential a solution has the computing power to run searches concurrently and deliver results in seconds and minutes, not hours. Do they have the ability to handle bulk uploads?
Security – Do they have ISO 27 001 and Cyber Essentials Plus accreditations?
How are they resolving false positives?
What tools do they have for carrying out open-source searches?
What out-of-the-box 3rd party data integrations do they have?
What options do they have for integrating your own internal data and scaling the solution across your sub-brands and getting a holistic picture?
Monitoring – Compliance is an ongoing process, so what options do you have for automated continuing monitoring and alerts?
Knowing how to choose the right technology to help create operational efficiencies and gain better insight for your enhanced due diligence checks or investigations can be complex and confusing, especially when there are many providers in the market. However, you should ask yourself the question: Does this help me complete an investigation with as few, or ideally without, any manual processes? If you don’t get a satisfactory answer, you should be looking elsewhere.
Synalogik’s software platform, Scout®, is a one-of-a-kind automation solution for EDD checks and investigations. Scout is data agnostic, integrating internal, open source and out-of-the-box most 3rd party data providers, allowing you to seamlessly automate search and reporting across all the datasets you use, not just the ones included from your existing solution provider. Our 3rd party integrations include CRIF, Equifax, W2 Global, LexisNexis, Creditsafe, TransUnion, GBG and many more. In 2022, we won the Queen’s Award for Innovation.