All Investigations are created equal…right?
Intelligence-Led Investigations: Simplifying the Chaos
There’s an open investigation. We’ll investigate. An investigation is underway. Everyone has heard of these terms before. For some, the terms might transport them to a classic Sherlock Holmes novel, or perhaps a gritty detective show that enthralled them. But for others an investigation is something that is much more real – it’s what they do on a day-to-day basis. Investigations are at the heart of the hard work performed by people in financial crime units across the public and private sector. But what exactly is an investigation? What does the process entail? While an investigation, no matter the industry, can be summed up in a few words; it’s a complex process that involves navigating many red flags, data points and multiple steps.
All investigations are the same. Right?
Investigations are not as simple and straightforward as gathering the facts (nothing but the facts) to determine what transpired. For many investigation units, the process of completing a thorough investigation is dependent on a number of factors such as:
- What was the catalyst for initiating the investigation?
- How many other cases are in the queue that also need attention?
- How much time is left to complete this case?
- How much data (i.e., information) was initially provided to start the investigation process?
- Will the investigator need to go out and gather a lot more information to understand the overall context of what took place?
- Has any of the data already been triaged by a system? Is it trusted and/or need to be validated as part of the investigation?
- Are there unknown entities involved or leads to explore?
- Where is that information held – multiple applications, different lines of business/departments or external to the organization?
- Does the investigator have the experience and expertise in which to process the raw facts of the investigation into an actionable outcome and decision?
In the most basic terms, an investigation needs to answer the who, what, where, when and why questions. Depending on the type of investigation, this might involve collecting different artifacts such as individual / business activities, forensics, financials, legal documents, open-source records, communication records, copies of videos and more to support any investigation. These are critical in defending a determination when a case is escalated or closed, as each investigator needs to document the steps and reasoning behind an action or decision.
Context brings all these together and plays a critical role in any investigation to help identify criminal, terrorist and fraudulent activities. A lack thereof will hinder an investigator’s ability to make a sound decision on the outcome of the case. Leading potentially to an incomplete understanding of the entirety of what took place and whether that activity is indicative of criminal actions.
Finally, how an investigation is completed can vary and largely depends on the factors listed above. As such, investigation units should have procedures to assure that operational processes are adhered to. Often these processes are simply called “workflows” and can be manual, automated or in most situations, a combination of both. Regardless of the process, there are a few similarities that need to be applied to most investigations to be as efficient and effective as possible.
A complex example
Imagine, as a practical example, a financial crime investigator is tasked with looking at a few transactions taking place from accounts held by entities in different regions, several hundred miles away from each other. There are cash transactions coming into the accounts of one entity through bank branches in one area but transferred into accounts of the counterparty located in another region within a day of the incoming funds. On the surface, it’s an example of rapid movement of funds. As an investigator you’re trained to follow the movement of money to determine a reason why this activity took place.
At first, there are at least two entities involved to begin the investigation, but as the money is traced from one entity to another, the list of entities that needs to be reviewed as part of the transaction string grows. And not just the entities receiving or sending money, but the owners and signers of the accounts that are reviewed as well. There are several questions that an investigator will need to consider and answer to determine if this activity is suspicious or not.
Are the individual transactions in low amounts, but aggregate to large amounts? Are the transactions being conducted by the same people? At the same locations? Do the businesses appear to be conducting activity that is consistent with their industry? Do any of these businesses appear to be shell companies? Where are these businesses registered and who are the owners? Do the owners receive the benefit of the funds, or use the funds for personal gain? Are the owners on any internal or external watchlists? How do I know that this person associated with one business is the same as other businesses – or named in multiple different documents? The investigation process must comprehensively answer: Who is involved? What are the businesses and the activities for? Where are these entities located and the activity occurring? Why is this taking place? How did the activity occur? Which oftentimes results in the investigation becoming much more labor intensive and complex from gathering data that could take up to 80% of an investigators time.
How can the paradigm be shifted?
Although at times this process may seem daunting, advanced capabilities, such as those that underpin the Quantexa Intelligence-Led Investigation’s platform, exists to help investigators automate the collection of different internal and external data points, build connections via relationships, social and financial interactions, determine common points of interest and compile these into an easy-to-understand, meaningful outcome. For traditional systems, these continue to be labor intensive steps, where investigators usually spend hours, if not days, leveraging multiple systems, looking through data sources, loading data into spreadsheets and uncovering new leads to review, before analyzing the findings. In turn, by automating these steps and creating a frame of reference investigators can spend more time focusing on analyzing the information that coincides with their intuition for a more confident decision.
An important first step is to ensure that there is a holistic view of each relevant party involved through Entity Resolution. This involves building a unified view of profiles and accounts to ensure that James, Jim, Jimmy, Jamie and Jay are all the same person associated by a phone number, or address, or who owns or is connected to a business. This is something that can be done not only for subjects of interest for an organization, but also for external parties as well. Doing so can also define and identify personas such as victims, perpetrators, and accomplices. By taking this important step, investigators gain a clearer picture of the parties involved as well as their relationships without the need to manually pull it all together.
Once this step takes place, financials, forensics, communications records, timelines, corporate hierarchies, geolocation mapping and/or other external data sources can be overlaid into the entity structure. By including these data elements, a network build can be generated to show hidden relationships between seemingly unconnected entities and key events.
The outcome of these steps provides investigators with an enriched view into the true number of parties to be included in the investigation, how they are related and the activities taking place between them. Quantexa’s Intelligence-led Investigations automates these steps and has been proven multiple times to reduce the overall investigation time by up to 60%. We eliminate manual process so that more time is dedicated to analyzing and assessing critical data points, flipping the paradigm to 80% of their time assessing and only 20% gathering data. With many investigation case queues in the double digits, providing automated insights will generate context for holistic decision making and ease time management constraints.
Whether a complex or straightforward investigation, innovative tools exist to help automate and streamline the manual steps many investigators face per case. Quantexa provides comprehensive views of entity profiles, their relationships to other parties and the patterns of activity that take place between those parties. By taking a transformative approach that involves enriching our understanding of activities, such as the breadth and complexities with subjects of interest, movement of money, and uncovering relationships and activities, we create the context needed to drive investigators to automate their efforts while at the same time, make more informed, intelligent decisions.