GRC Tuesdays: Who Should be Responsible for Detecting Fraudulent or Suspicious Transactions?
Which Department(s) in an Organization Handles These Cases?
This is a common question that comes up often enough during conversations with finance and compliance professionals, especially since SAP introduced a fraud detection solution a few years ago. The simple answer is that it mainly depends on the type of industry and organization.
In some industries where the risk and impact of fraudulent transactions might be significant, such as financial services, organizations have set up dedicated departments focusing on identifying and resolving suspicious transactions. In other industries, this function might reside within departments that might already be responsible for handling non-compliant cases and exceptions. Legal, internal audit, and the office of the CFO or chief compliance officer are examples of such departments.
And then there are also business process owners who might take some responsibility in these detection activities, not necessarily because of suspicious or fraudulent activities, but because they’re driven by the need to identify erroneous transactions that could impact operational efficiency and KPIs by which they get measured.
How Can SAP Help?
When SAP launched SAP Fraud Management in 2013, the primary cases customers would address with the solution were all fraud-related. Given the flexibility of the solution allowing heterogenous data sets (SAP and non-SAP) to be analyzed by customer-defined criteria and rules, customers have expanded the use cases beyond detecting suspicious transactions, and getting into operational inefficiencies caused by errors or poorly designed processes.
In 2017, the solution incorporated screening capabilities to identify suspicious names and addresses based on lists the customers might have created and/or external lists provided by regulatory agencies or content providers. With the additional functionality and the focus beyond the initial fraud-related cases, the solution was rebranded as SAP Business Integrity Screening) to reflect the broad variety of scenarios that this solution and the underlying SAP HANA platform could address.
More Than Just Detection of Potential Exceptions and Screening Suspicious Parties
Since SAP Business Integrity Screening shares the same technology platform as SAP Audit Management, users of SAP Audit Management can perform automated audits by executing the detection rules predefined in SAP Business Integrity Screening.
In addition, SAP Business Integrity Screening provides an out-of-the-box integration to SAP Predictive Analytics for those organizations that would like to leverage predictive algorithms to identify suspicious and unusual activities that aren’t identified by any existing rules.
Flexible Multi-Use Platform
As we can see, SAP Business Integrity Screening is a flexible platform that can address the needs of multiple departments within an organization. It can be expanded with customer-specific rules, and it provides multiple detection approaches that complement each other to ensure that business transactions across the enterprise together get monitored effectively regardless of whether the scenarios involve fraudulent transactions, errors, or inefficient processes.
Learn more about SAP Business Integrity Screening and how it could help your organization identify different types of exceptions and anomalies early by leveraging the power of SAP HANA.