Category Archives: Major Case Management

Major Investigation Analytics – No longer M.I.A. (Part One)

Posted by Douglas Wood, Editor.  http://www.linkedin.com/in/dougwood

Long before the terrorist strikes of 9/11 created a massive demand for risk and investigation technologies, there was the case of Paul Bernardo.

Paul Kenneth Bernardo was suspected of more than a dozen brutal sexual assaults in Scarborough, Canada, within the jurisdiction of the Ontario Provincial Police. As his attacks grew in frequency they also grew in brutality, to the point of several murders. Then just as police were closing in the attacks suddenly stopped. That is when the Ontario police knew they had a problem. Because their suspect was not in jail, they knew he had either died or fled to a location outside their jurisdiction to commit his crimes.

The events following Bernardo’s disappearance in Toronto and his eventual capture in St. Catharines, would ultimately lead to an intense 1995 investigation into police practices throughout the Province of Ontario, Canada. The investigation, headed by the late Justice Archie Campbell, showed glaring weaknesses in investigation management and information sharing between police districts.

Campbell studied the court and police documents for four months and then produced a scathing report that documented systemic jurisdictional turf wars among the police forces in Toronto and the surrounding regions investigating a string of nearly 20 brutal rapes in the Scarborough area of Toronto and the murders of two teenaged girls in the St. Catharines area. He concluded that the investigation “was a mess from beginning to end.”

Campbell went on to conclude that there was an “astounding and dangerous lack of co-operation between police forces” and a litany of errors, miscalculations and disputes. Among the Justice’s findings was a key recommendation that an investigative case management system was needed to:

  1. Record, organize, manage, analyze and follow up all investigative data
  2. Ensure all relevant information sources are applied to the investigation
  3. Recognize at an early stage any linked or associated incidents
  4. “Trigger” alerts to users of commonalities between incidents
  5. Embody an investigative methodology incorporating standardized procedures

Hundreds of vendors aligned to provide this newly mandated technology, and eventually a vendor was tasked with making it real with the Ontario Major Case Management (MCM) program. With that, a major leap in the evolution of investigation analytics had begun. Today, the market leaders include IBM i2, Case Closed Software, Palantir Technologies, and Visallo.

Recently, the Ottawa Citizen newspaper published an indepth article on the Ontario MCM system. I recommend reading it.

Investigation analytics and major case management

The components of major investigation analytics include: Threat Triage, Crime & Fraud Analytics, and Intelligence-Lead Investigative Case Management. Ontario’s MCM is an innovative approach to solving crimes and dealing with complex incidents using these components. All of Ontario’s police services use this major investigation analytics tool to investigate serious crimes – homicides, sexual assaults and abductions. It combines specialized police training and investigation techniques with specialized software systems. The software manages the vast amounts of information involved in investigations of serious crimes.

Major investigation analytics helps solve major cases by:

  1. Providing an efficient way to keep track of, sort and analyze huge amounts of information about a crime:  notes, witness statements, door-to-door leads, names, locations, vehicles and phone numbers are examples of the types of information police collect
  2. Streamlining investigations
  3. Making it possible for police to see connections between cases so they can reduce the risk that serial offenders will avoid being caught
  4. Preventing crime and reducing the number of potential victims by catching offenders sooner.

See Part Two of this series here.

Investigating the Investigations.

Posted by Douglas Wood, Editor.

A few years ago, I read a book called Fraud Analytics by Delena Spann.  Ms. Spann is with the U.S. Secret Service, Electronic & Financial Crimes Task Force. The book is an overview of investigation analytics with specific information about some former technology leaders in this area.

The IBM i2 toolset is discussed, along with offerings from Raytheon, Centrifuge, and SAS, and FMS’ Link Analytics, and others. (My friend Chris Westphal, formerly of Raytheon Visual Analytics, by the way, published his book ‘Data Mining for Intelligence, Fraud & Criminal Detection’ a few years ago and is another one I strongly recommend.)

Both books offer advice and use cases on how technology can be applied in the fight against crime. A few months ago, I summarized the types of technology being put to use as tools to prevent, detect, and investigate fraud and other criminal activities. (It’s worth a quick read.) What I’m investigating today, however, is… well, investigations.

“IMA is the most critical connection between technology and investigators.”

In my technology summary, I termed this area Investigation Management & Adjudication (IMA). IMA is the most critical connection between technology and humans within an enterprise fraud management ecosystem. Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.

IBM i2 has long been considered a thought and market leader in this segment – deservedly or not. Palantir Technologies plays in this area as well. Perhaps no company is more in tune with this market, though, than Visallo with their leading investigation analytics platform. Each platform clearly adds value to investigation case management solutions by providing powerful, emerging functionalities that allow easy and intuitive consumption of data in any form. For investigators, the more data – and the easier that data is to consume – the better.

“Users want actionable intelligence, not endless queries.”

What makes for good IMA? A few things, actually. First among them is the technology’s ability to adapt to the way human beings think and act. Users want actionable intelligence, not endless queries. IMA tools, therefore, ought to interact with the investigator in a consultative way that a fellow investigator would. “Hey, have you thought about this, Mr. Investigator?” and “Maybe you should look at that.”

Second, IMA ought to have context. Technologies that simply point to two entities and say, ‘Hey these things look linked‘ are great but leave all of the thinking up to Mr. Investigator. The IMA tools that I like have contextual values associated to those links. ‘Hey, these things look linked AND here’s why that’s important’. Big difference.

Third, IMA should bring the investigations to closure. There are a lot of data mining tools out there that allow querying with case management. How, though, does the investigator get to the point where an investigation is solved and prosecutable? Once again, the most functional IMA products act the way humans do. They package up the results of the investigation in an easy-to-comprehend document that can be shared internally or with police. No loose ends.

“Every investigation ends with an investigator.”

Predictive analytics, big data, and real-time alert scoring are the current industry buzzwords. They should be. They’re important. At the end of the day, however, every investigation ends with an investigator. Putting the right tools in their hands is often the difference between success and failure in an entire enterprise investigation system.

That’s precisely what Crime Tech Solutions, LLC does. Please take a moment to look us over.

Part Two of this series is now available HERE.

Financial Crimes and Technology

Posted by Douglas Wood, Editor. 

In the midst of preparing for a presentation last week, I entered the term “financial crimes” into my internet search engine. I’ve probably done this same search a hundred times, but seemingly never took notice of the staggering number of results. Over two million of them!

Among those results are a stunning number of definitions, news reports, and general articles. But with so many links to seemingly unconnected terms such as check fraud, credit card fraud, medical fraud, insider trading, bank fraud, health care fraud, tax evasion, bribery, identity theft, counterfeiting, and money laundering – it must appear to the uninitiated that an understanding of ‘financial crimes’ requires an Einstein-like intelligence pedigree.

To those involved in the daily prevention / detection / and investigation of financial crimes, however, the term can be effectively boiled down to:

1) Intentional deception made for personal gain, and

2) The illegal process of concealing the source of those gains.

Everything else – all that other noise – simply falls underneath that definition, and only a cohesive combination of human intelligence and technology can take a bite out of those crimes.

Of course, most companies that are targets of these crimes invest heavily in different forms of technology for enterprise fraud management and anti-money laundering systems.  There are dozens of vendors in this market with varying levels of functionality and service offerings.

The problem with too many of those offerings, however, is that they do not account for organizational truths such as functional  (and data) silos, data quality issues, changing criminal tactics, human limitations, and big data.

A complete enterprise solution for financial crimes management must include automated processes for:

Customer Onboarding – Knowing the customer is the first step an organization can take to prevent financial crimes. A holistic view of an entity – customers, partners, employees – provides a very clear view of what is already known about the entity including their past interactions and relationships with other entities.

Flexible Rules-Based Alert Detection – A robust rules-based alert detection process must provide out-of-box functionality for the types of crimes outlined at the beginning of this article. At the same time, it should be flexible enough for an organization to modify or create rules as criminal activities evolve.

Predictive Analytics – Expected by analysts to become a 5.25B industry by 2018, predictive analytics ensures that big data is scrutinized and correlated with present and past historical trends. Predictive analytics utilizes a variety of statistics and modeling techniques and also uses machine information, data mining, and Business Intelligence (BI) tools to make predictions about the future behaviors including risk and fraud.

Social Network Analysis – Also known as Fraud Network Analysis, this emerging technology helps organizations detect and prevent fraud by going beyond rules and predictive analytics to analyze all related activities and relationships within a network. Knowing about shared telephone numbers, addresses or employment histories  allows companies to effectively ‘cluster’ groups of suspected financial crime perpetrators. The key here, however, is context. Many technologies can build these networks and clusters for review, but precious few can provide the key “what does this mean” element that business users require.

Investigation Management and Adjudication – Incorporating key elements of enterprise case management, collaboration, link visualization, information dissemination and knowledge discovery, this layer of functionality is designed to uncover insights which aid in investigating complex incidents. The result ought to be actionable visualization of critical entities, and documented results for potential litigation and regulatory compliance.

Anti-Money Laundering (AML) and Regulatory Compliance – With record fines being assessed to financial institutions globally, AML compliance is very clearly a major requirement within a financial crimes management solution. The oversight requirements grow almost daily, but at a minimum include out of box functionality for suspicious activity monitoring, regulatory reporting, watch list filtering, customer due diligence, Currency Transaction Report (CTR) processing, and the Foreign Account Tax Compliance Act (FATCA) compliance.

Now, there are clearly many more dynamics than can be summarized here but hopefully the point is made. The only way that organizations can continue to drive fraud and money laundering out is via a happy marriage between skilled financial crimes professionals and the flexible/adaptable technology that empowers them.

Posted by Douglas G. Wood. Click on ABOUT for more information.