Build it right, and they will come

Today’s world is fraught with geopolitical sanctions, fraud, corruption and cyber warfare, and fueled by rapidly emerging technologies that continue to change how we approach business and risk mitigation. Companies large and small are enduring a costly, but necessary, shift to digital, while transitioning operations to the cloud and scrambling to protect their systems from intrusion. With change comes risks, which is why companies often look to anti-fraud and/or forensic technology professionals to help them build the preventive and detective anti-fraud controls needed to protect their business and align with regulatory expectations.

In many cases, companies turn to professional services firms that can add additional horsepower (like more CFEs) to their risk mitigation objectives or assist with an internal investigation or litigation matter. This often includes specialized forensic technology solutions where professional services firms can really go deep. However, yesterday’s innovation is today’s norm. What was relevant a few years ago may not have the same market need as today’s fraud risk or investigative technologies. That’s why professional services firms, especially leading mid-to-large firms and the Big Four, are constantly seeking to innovate new fraud risk management solutions and technologies to stay relevant with their clients.

In Fraud Magazine’s January/February 2019 edition of “Innovation Update,” I collaborated with my friend Eric Johnson, managing director at EY, to apply a common framework known as the “innovation funnel” to innovate and create new anti-fraud products. The framework walks through six phases summarized as follows:

1. Ideation: Brainstorming market and client needs and services.
2. Evaluation: Frequent yet short meetings to narrow down the list of options.
3. Acceleration: Selected proof of concept is designed and modeled out, and more research is gathered.
4. Incubation: Solutions are tested in a pilot environment in development sprints, and solutions are compared.
5. Iteration: Finalizing activities and plans to roll out the new service or solution.
6. Launch: New service offering or product is launched in the market.

While the above framework can be helpful in spurring innovation, there are still many questions a professional services firm needs to consider, especially when it comes to technology.

Buy vs. build in-house

“There’s no disputing the fact that professional services firms, particularly in forensic accounting, need to invest in technology infrastructure, cutting-edge anti-fraud software, and superior talent to be able to provide high-quality client service and remain ahead of the competition,” Ken Feinstein, managing director at consulting firm J.S. Held LLC, tells Fraud Magazine.

“However, firms are constantly faced with resource allocation challenges, wrestling with decisions to hire more technical experts and/or invest in licensing technology solutions that will gain them a competitive differentiator and ROI [return on investment]. With the flood of technology companies hitting the market in recent years, the timeless debate over whether to build your own technology infrastructure or buy/outsource has become more critical than ever.”

Feinstein says that building software solutions from scratch, or “productizing,” can be a dangerous game for professional services firms, which need to adapt nimbly to their clients’ changing needs. Challenges facing today’s companies may quickly become yesterday’s news, leaving what seemed to be the next big thing collecting dust on the proverbial shelf. Take the Cambridge Analytica scandal from 2018, when reports revealed that the political consulting firm had harvested Facebook data of millions of people without their consent to support the 2016 presidential campaigns of Ted Cruz and Donald Trump. (See “How Cambridge Analytica Sparked the Great Privacy Awakening,” by Issie Lapowsky, Wired, March 17, 2019.) Executives across the globe scrambled to ensure their customer data was secure from third-party misuse, spurring consulting firms to respond expeditiously to assess third-party risk and identify data misuse through automated solutions. But by the time the ink dried on many engagement agreements, much of the buzz surrounding the scandal had subsided, and companies instead were funneling investment dollars towards stricter compliance and data governance. That left many firms with half-baked products and fewer clients concerned about these types of third-party risks.

The concern over conflict minerals is arguably a similar story. In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act sought to stop the national army and rebel groups in the Democratic Republic of the Congo, among others, from funding armed conflict through illegal mining by requiring companies to disclose whether their products contained these types of conflict minerals. Consulting firms spent a tremendous amount of time and money to find solutions for clients faced with the new regulatory landscape only to see the Trump administration try to repeal those rules years later. (See “The Dodd-Frank repeal: What it means for conflict minerals,” by John Filitz, mining.com, Aug. 8, 2017.)

“Procuring technology to meet a client’s needs is unavoidable whether it’s commercial off-the-shelf software (COTS), cloud-based platforms or data visualization tools, etc.,” says Feinstein.

“It becomes a question of investment when faced with an opportunity to help your client handle a unique challenge such as performing natural language processing (NLP) to derive insights from thousands of documents. When evaluating the purchase of a software technology, one should ask if this is a one-and-done proposition for a specific client need or does this solution span multiple clients.”

Outsourcing is another option, but it’s typically more about people and processes rather than technology. Companies often choose to outsource a task or function as part of an overall client service offering to conduct onerous or routine procedures. One such example is third-party due diligence checks, which require access to expensive databases and significant, but often tedious, reviews to ensure the accuracy and relevance of the subject. For firms wishing to specialize in third-party due diligence, bringing this function in-house could be a good solution. But for forensic accounting or investigations firms whose specialty skills are in forensic accounting, forensic technology, litigation support or white-collar crime investigations, it often makes sense to subcontract or outsource due diligence checks.

Staying ‘software agnostic’

Professional services firms might be tempted to develop their own anti-fraud or compliance-monitoring software solutions, replacing the hourly billing model with one that’s more scalable around a solution. But this poses a conflict for professional services firms that view themselves as “software agnostic.” In other words, they’re supposed to be recommending the best technical solution for the client’s need, not what they’ve internally built themselves. (Think of it as a “separation of church and state” on the software level.) Beyond that inherent conflict, there are also other factors like ongoing support and maintenance that make software development challenging to a professional services firm. How will they deploy software updates and security patches on the client’s hardware after the consulting agreement (or project) is over? Is the client tied to the consulting firm, and their billable hours, for the entire life of the software relationship?

To combat these issues, many professional services firms offer a managed service solution where the firm hosts (stores) the client’s data for analysis. This works well for a one-time investigation, eDiscovery matter or short-term projects, but not for long-term monitoring or proactive risk assessments and continuous monitoring where client data constantly needs to be refreshed to be relevant. The thought of companies sending reams of sensitive transactional data (such as third-party payments or sales) each month to an outside firm for processing and analysis sounds like an IT and data privacy nightmare.

Software companies specialize in developing and supporting software to address a specific business issue, most often in the customer’s IT environment. In contrast, professional service firms have expert knowledge of particular fields or sectors (also known as domain expertise) and the understanding of various technologies to align the right people, processes and software technologies to solve a particular client problem.

How to build it right, so they will come

Feinstein and I collaborated on some tips to help professional services firms in the anti-fraud and investigations space best foster innovation and continuously remain relevant to their clients. We aren’t claiming an all-inclusive list here, but these tips are drawn from more than 20 years of experience we each have in this field. Some of these are idioms you may have heard; others might make you laugh. But all of them stem from experience.

• Stay relevant: Come up with a new service offering or market idea at least every six months, and let the market know about it.
• It’s always best to align your anti-fraud and service offerings to industry or regulatory guidance from The Committee of Sponsoring Organizations of the Treadway Commission (COSO), U.S. Department of Justice, U.S. Securities and Exchange Commission, U.K.’s Serious Fraud Office, EU’s General Data Protection Regulation and the U.S.’s Financial Industry Regulatory Authority (FINRA), just to name a few.
• Cost, quality or speed — clients can only pick two.
• Go beyond rules-based queries in your solution designs. Think data visualization, text mining, machine learning, optical character recognition (for matching), risk scoring, and pattern and link analysis, for example.
• Don’t boil the ocean with your client’s data. Start small, demonstrate effectiveness and quick-hit wins, then expand based on success metrics.
• If you don’t know what you’re looking for, you’ll never find it!
• Use the right technology tool for the right job. Don’t force a square peg into a round hole just because it’s your square peg. Do what’s best for the client and be technology agnostic.
• When it comes to applying data analytics as an investigative tool, technology is only as effective as the people using it and the process designed to implement it. The devil’s in the details — you just need the right tools to exercise the demons.
• Make sure your data analytics specialists have a reserved seat at the table early in the process. Don’t underestimate the value of a strong investigation plan centered around carefully curated analyses.

Build it right, keep it relevant and stay innovative. Follow this recipe and they will indeed come for your services.

Vincent M. Walden, CFE, CPA, is the CEO of Kona AI, an AI-driven anti-fraud and compliance technology company providing easy-to-use, cost-effective payment and transaction analytics software around corruption, investigations, fraud prevention and compliance monitoring. He welcomes your feedback and ideas. Contact Walden at vwalden@konaai.com.