GRC Tuesdays: How Can You Detect Anti-Bribery/Corruption Cases?
More Than One Single Answer
Organizations frequently wonder about the most efficient ways to detect cases related to Anti-Bribery/Corruption (ABC) cases. Unfortunately, there’s no single answer or test for these types of violations. Very likely you won’t find a single big red flag to indicate a potential violation, but you will probably need to look at multiple smaller yellow flags, and the sum of them might be the big red flag.
How can your organization go about identifying all these yellow flags which would prompt your compliance team to take the necessary corrective action? I’ll share some ideas by describing how SAP Business Integrity Screening analyzes business transactions and data across your enterprise to identify situations that might be part of an ABC incident that would require immediate attention.
Detection Rules and Strategies with SAP Business Integrity Screening
Since there’s not a single detection rule that could identify ABC cases, the key is to be able to create multiple rules that can look for different suspicious situations. For example, payments going to third parties in high-risk countries, bank accounts located in different countries from the payees’, suspicious terms found in the invoice descriptions, and so on.
Once these individual rules have been defined, SAP Business Integrity Screening allows you to group them under Detection Strategies which address different scenarios your organization is looking into. One example would be a strategy addressing Foreign Corrupt Practices Act (FCPA) incidents, and any relevant detection rules could be assigned to this strategy. During the detection phase, positive matches will be scored and evaluated against predefined thresholds which are organization-specific. If the total score of these matches exceed the predefined thresholds in the Detection Strategies, Alerts will be generated automatically triggering an investigation process.
Screening with SAP Business Integrity Screening
Besides rules to analyze business transactions, ABC cases can be detected by screening the names and addresses of the individuals and entities with whom your organization conducts business against specialized lists such as sanctions, politically exposed persons (PEP) and others generated by content providers, government agencies, and international organizations.
Although conducting business with an individual/entity appearing on these lists doesn’t necessarily represent an ABC case, this will remind organizations to be more careful before engaging with them. SAP Business Integrity Screening will allow you to combine name and address screening rules with other detection rules in the Detection Strategies for a thorough analysis of suspicious transactions.
Analyzing a single transaction might not provide a clear picture as to how suspicious it could be, but viewed in a historical context with past transactions would provide a better picture. This is what the Network Analyzer in SAP Business Integrity Screening could enable organizations to do. It shows all relationships among the different parties and transactions associated with a suspicious case. Since the objects displayed are completely configurable depending on an organization’s detection scenarios, it offers an abundance of options to display the SAP HANA data analyzed by SAP Business Integrity Screening.
For example, a single payment transaction to a partner in a high-risk country might not seem that suspicious, but if the Network Analyzer shows that this partner has some ties to an entity listed on a sanctions list and that this party was involved in a fraud case many years ago, then the investigator working on the case would now see that the risk exposure is significantly higher.
Integration with SAP Predictive Analytics
Another approach to detecting suspicious transactions employed by SAP Business Integrity Screening involves an out-of-the-box integration with SAP Predictive Analytics. Besides the detection and screening rules mentioned earlier, SAP Business Integrity Screening provides the option to leverage predictive algorithms to analyze historical data and automatically create predictive rules to complement those that have been manually created.
Traditionally, detection rules are created based on expert knowledge within each organization; however, these rules might become less efficient after some time given that fraud or suspicious patterns evolve over time. By leveraging predictive analytics, SAP Business Integrity Screening can help your organization keep up with changing patterns that the traditional detection rules might not catch.
Ultimately the success of a detection solution will be determined by its ability to address the specific requirements of an organization. SAP Business Integrity Screening is a flexible platform that can be expanded with customer-specific rules, and provides multiple detection approaches that complement each other to ensure business transactions across the enterprise get monitored effectively.
Learn more about SAP Business Integrity Screening and how it could help your organization address Anti-Bribery/Corruption scenarios by leveraging the power of SAP HANA.