8 Underrated Critical Types of Evidence in Email Reviews

/

GUEST BLOGGER

Sundaraparipurnan Narayanan
Associate Director of Forensic Services, SKP Business Consulting

In the current electronic age, e-discovery is considered one of the key approaches for gathering evidence in litigation and investigations into misconduct. With new tools being created to help uncover and understand electronic data, the industry is evolving to new heights. When there is a large amount of data to review, the process requires a purpose-led approach to ensure the evidence is compiled objectively and accurately.

E-discovery reviews are based on keywords, timelines and communication patterns relevant to a purpose or defined objective. Amidst multiple aspects — like the nature of email threading, parent-child linkages, text analytics and communication patterns considered for review — the following eight elements are essential types of email evidence to not overlook in your examinations:

  • Calendar: A potential subject may schedule meetings that are contextually important to a case.
    Example: In a Foreign Corrupt Practices Act investigation, a calendar appointment with an individual at a posh restaurant a few days prior to the approval for a regulatory license may be relevant if the individual’s name in the appointment and the name of the public official providing the license are the same or similar.
  • Automatic email: Dates mentioned in an automated out of office response may be important for connecting a chain of events associated with a concerned individual.
    Example: If the dates of out of office responses sent during a vacation conflict with contract negotiation dates with a third party it may be a red flag to look into.
  • Travel and hotel information: Travel and hotel booking information can contain vital evidence.
    Example: In a kickback investigation, payment details as part of a travel or hotel booking voucher that contain the name of a payee/credit card holder may be relevant to correlate an employee’s relations with a suspected vendor/third party.
  • E-commerce purchases/email alerts: Alerts from e-commerce sites or courier agencies can play key roles in examinations.
    Example: A dispatch intimation from a shipper from a suspected third party to an employee’s personal address may be relevant for further enquiry in a conflict of interest or kickback investigation. Similarly, banks and financial institutions send alerts (on cash deposits, exceeding limits, swipe of card in unusual locations, etc.) as email alerts. These email alerts may be relevant in a chain of events to correlate and corroborate with the available information in the context of a review.
  • Group/other registrations: Email IDs registered with certain sites (gambling, pornographic or dating) and emails received from such sites may be relevant during investigations into misconduct.
  • Task classification (flagging): Task classification and completion are used for the convenience of tracking key activities/communications. Such tagging may highlight certain patterns.
    Example: A pattern of prioritizing the approval of third party invoices over others along with task classification by a user department representative, who is using the services of the concerned third party, may show possible indications of favoritism by the employee.
  • Self-emails, notes/task listing: Many individuals send emails to themselves as a reminder, notification, to-do list, etc.
    Example: A self-email by an accountant containing the phrase ”change estimations” may be relevant in a financial statement fraud. It is necessary to understand that some of the content mentioned in self-emails may not necessarily have the keywords identified as relevant for the case. Similarly, subjects may update their tasks/notes as part of their email service, which may contain messages of evidentiary value.
  • Folder structures: Every individual has a way of organizing their email communications. This includes the way the individual has classified their folders within their email service or the archival methodology they had adopted. These aspects provide necessary insights in understanding which folders contain relevant information.

Reviewing digital data for evidence requires objective-driven searches in order to understand and interpret a given circumstance. Awareness of possible alternative evidence provides the ability to anticipate and look for some of the above categories of communications in search of evidence. While not all these categories may be relevant in every case, these are vital ways to find the evidence needed to detect fraud.

Pacemaker Data Betrays Host in Fraud Case

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services

As the world of unique ways to investigate fraud expands, investigators in Middletown, Ohio, have given us the latest in ways of using data to solve a case. Not data from an accounting system, building access records or an Amazon Echo (see last month’s post) — this time it was data from a pacemaker. According to the article, a man was “charged for arson and fraud after law enforcement used data gleaned from his pacemaker to uncover an alleged plot to cheat his insurance company.” The man in question was attempting to collect more than $400,000 in damages caused by a fire at his home. However, the story he told of the exertion he underwent to pack suitcases and throw them out a window didn’t quite line up with the story his heart told. Police obtained a search warrant and went after the electronic records of his pacemaker. They quickly discovered that the heart doesn’t, in fact, lie. When I first read this story, I was initially shocked a pacemaker could be used this way. The more I thought about it, however, I quickly realized that it is an obvious application of analytics.

Using analytics to detect fraud often involves the application of pattern recognition technology. That can mean looking for specific patterns indicative of a fraud, looking for patterns contrary to your expectations or finding patterns where you wouldn’t expect. In this particular case, it was the absence of a pattern where one was expected. So, how does one go about applying analytics to a case like this? The same way you apply analytics in any situation — following a predictable framework.

Strategic question: Is Mr. Compton’s story plausible?

Objective: Identify indications of exertion of effort consistent with description of actions.

Data: Pacemaker electronic records.

Procedures: Trend analysis of heart rate, demand on pacemaker and heart rhythms before, during and subsequent to actions in story.

Analyze results: Patterns don’t show signs of increased exertion that would have been present based on story.

Manage results: Investigate other possible reasons for inconsistent pattern.

At its core, this is the same framework and application methodology for analyzing trends in financial or other data. What differentiates this from typical applications of analytics in investigations is the willingness to get data outside of traditional systems. As the Internet of Things grows and expands, the opportunities to go outside these traditional systems will also grow. More devices — wearables, virtual assistant devices, vehicles, etc. — will generate more data than ever before. Each of these will provide an opportunity to evaluate patterns in data compared to expectations. 

The challenge is this — how will you begin to leverage these non-traditional data systems in your investigations?

Episode Notes for Fraud Talk: 'The Problem With Too Many Choices'

/

GUEST BLOGGER

Emily Primeaux, CFE
Associate Editor, Fraud Magazine

In January I had the pleasure of interviewing Bret Hood, CFE, about using data analytics in fraud examinations and the problem of “choice paralysis.” Currently the director of 21st Century Learning & Consulting and a retired FBI supervisory special agent, Hood has spoken at ACFE Annual Global Conferences and is a federal court-recognized expert in fraud and money laundering.

Hood recently wrote an article for the January/February 2017 issue of Fraud Magazine about choice paralysis using a grocery store study. In the article and on the podcast, he explained that this study helped highlight that when people are given too many choices, they freeze and can’t make a decision. The same can happen when a fraud examiner approaches an investigation using data analytics.

Data analytics software can produce an endless amount of data — some usable, others distracting. In the podcast, Hood explained that it’s important for fraud examiners to determine which data sets are relevant. “If we’re doing a billing fraud, I should only be concerned with the billing and not something else,” Hood said. “So if I have billing fraud, I don’t necessarily care about accounts payable. It depends on what kind of billing we have, but what happens is when we start to focus on other things, when we start to take the divergent path, that distracts us from what our original purpose is.”

Other highlights from the interview include:

  • Recommendations for how fraud examiners can overcome choice paralysis, including prioritizing three things that are relevant to your case, focusing on those and fighting the urge to move down other paths as they become present.
  • An analysis of how the brain processes information, including a look at your “working memory.”
  • System 1, the reactionary part of your brain, versus system 2, the reasoning part of your brain.

You can listen to Hood’s entire interview at ACFE.com/podcast and join the discussion about the podcast in the ACFE Community.

Helpful Resources Mentioned in This Episode

New Data Tools for Your 2017 Fraud Examinations

/

GUEST BLOGGER

Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics
BKD, LLP | Forensics & Valuation Services

“New Year, New You” can be found everywhere from email subject lines to magazine covers to marquees at local fitness center. January is the time to begin new things. With that in mind, here are a few of the new items to consider in your next fraud examination.

First, let’s talk about some new methods to consider:

  • Advanced analytics: Rather than relying on sampling and rules-based queries alone, take your analytics to the next level. Incorporate correlation across disparate data sets, outlier detection based on multiple attributes and look for patterns across data sets that indicate anomalous activity. 
  • Text analytics: Easily one of my favorites and one of the most overlooked. There is a lot of value to be extracted from text —names, places, events, topics and even tones of communication may be extracted. These elements can help build the foundation of a case and enhance interviews and interrogations.
  • Machine learning and artificial intelligence: The more cutting-edge of the recommended approaches, machine learning and artificial intelligence are increasingly valuable in complex and large-scale investigations. These are the foundations for predictive coding, which allows you to review a large set of documents, communications or transactions in a manner that is both efficient and effective. Supervised machine learning allows you to “teach” the computer what to look for and return similar results. Whereas, unsupervised machine learning allows the computer to “teach” you what trends, patterns and anomalies exist in the data set. 

Last, here are some data sources you may not have considered in the past:

  • Communications Data: You’re likely thinking that communications data isn’t something new to consider—  you have used email, phone records, text messages and others for years. Applying text analytics and machine learning to email can help you learn about the dynamics, happenings and relationships in an organization before you interview a single individual. What’s more, leveraging tone detection may uncover the conversation about a scheme that isn’t explicitly discussed as such.
  • Internet of Things: The Internet of Things is all the rage. With robots, voice recognition technology and artificial intelligence being incorporated into more and more products, there is data being captured in places we never thought possible. For example, Amazon Echo’s Alexa was recently subpoenaed in a murder case  in Arkansas. This example shows just how much data we have surrounding us each and every day.

These are just a few of the new items for you to consider as you embark on your examinations in 2017. As the year progresses, I will include posts on each of these in the context of examinations, as they make news and describe how you can incorporate them into your approach. I will also discuss other emerging technologies that may reshape how a fraud examination is performed.

Health Care Analytics: The latest weapon in fighting the opioid abuse epidemic

/

FRAUD MAGAZINE ONLINE EXCLUSIVE

Rena Bielinski, Pharm.D., A.H.F.I.

According to the Institute of Medicine of the National Academies, 100 million Americans, or nearly one out of every three people, suffer each day with chronic pain. That's roughly quadruple the number of Americans with diabetes (25.8 million), and nearly 10 times as many as the number of cancer patients (11.9 million).

Fortunately, we live in an era when modern medicine offers effective and readily available treatment for pain in the form of prescription medications. Prescription painkillers help improve daily function, and therefore the quality of life, for millions of Americans and even more people across the globe.

These benefits, however, come at a cost. According to the Centers for Disease Control and Prevention, the U.S. is now in the midst of an opioid abuse epidemic. In 2010, 5.1 million Americans abused painkillers to some degree, which made them the most abused prescription medications by far, according to the National Institute on Drug Abuse. In addition, the 2012 National Survey on Drug Use and Health stated that 2.1 million Americans were addicted to opioid pain relievers. And in 2013, opioid analgesics caused more than 16,000 deaths, far more than any other drug class.

The problem hasn't gone unnoticed: As of May 2015, the U.S. government had 540 pending complaints and cases involving fraud, waste and abuse (FWA) in prescription drug billing related to Medicare and Medicaid. These cases account for 60 percent of the FWA total, and don't take into account instances with commercial insurance.

Why is it such a challenge to control opioid abuse? It's a combination of the sheer number of pharmacy claims and the woefully outdated manual methods used to review them. The slow, labor-intensive process of manually inspecting spreadsheets, even those generated from a database, can lead to false positives. It also uses time and resources that should be spent tracking down those who are actually committing FWA. The sheer size of data can cause processing time and infrastructure issues, and overwhelm the system.

Next-generation analytics overcome these challenges by using multiple data points — more than humans can process at one time — to identify and uncover purchasing and prescribing patterns that indicate a high probability of abuse. Experts can then focus their time evaluating actionable insights rather than sifting through data to determine those members or prescribers to target.

Here's how analytics can help in two key areas.

Member drug-seeking behavior

Analytics make it easier to find behaviors that are unusual. Rather than paging through spreadsheets, color-coded dashboards can assign scores based on risk factors and bring the most likely cases of FWA to the top of the list based on pre-set thresholds, such as health plan members who are seeing more than 10 physicians or filling prescriptions at more than 10 pharmacies. These thresholds can be set based on industry benchmarks or adjusted to the preferences of the payer or pharmacy benefit manager (PBM).

One of the challenges of uncovering FWA among members is that on the surface, the patterns that could indicate it might also reflect legitimate (non-FWA) behavior. For example, a common indicator of potential fraud is when a patient receives an opioid and/or other prescription from multiple providers and fills them at different pharmacies. Yet an oncology patient who receives multiple prescriptions from several different specialists might have a legitimate reason for this behavior.

This is where next-generation analytics brings in additional data, such as displaying the locations of prescribers and pharmacies on a map relative to the member's home. If several prescriptions are being filled at different locations far from the member's home, it's a strong indicator of possible FWA.

The intelligent application of analytics will help automate the process of revealing the most likely FWA perpetrators while minimizing false positives, which ensures that the payer's or PBM's resources are being used most effectively to reduce costs while not alienating members in good standing.

Read the full article and discover the other area where analytics can help on Fraud-Magazine.com.