Cataphora - Compliance

Compliance

The typical occupational fraud lasts two years from the time it begins until the time it is caught by the victim organization, and even then less than a quarter of them are uncovered by internal controls*. It's time to stop relying on externally defined compliance rules to protect your corporation's assets and manage risks: using holistic behavioral analysis, Cataphora's monitoring solution casts the broadest possible safety net over electronic data in order to prevent incidents rather than detecting them after the fact.

Adapt to a moving target

Statistics show that any organization can fall victim to internal or external fraud and to other costly accidental or intentional damages. The question therefore is not whether incidents will happen or when, but what form they will take. Given the limitless imagination of fraudsters and the powerful arsenal at their disposal, it is impossible to anticipate all future scenarios: in particular, the sheer volume and the variety of electronic data not only constitute an endless source of accidental mishaps, but also a way for fraud perpetrators to conceal their activities. As a former SEC branch chief put it:

"I suspect the SEC will do a good job to detect the next big Ponzi scheme. The problem is, you can't predict what other types of frauds will surface."
Fraudsters will always be ahead of the game because they know the rules. For that reason, any risk management approach limited to compliance with a set of rules is too limited. Consider for example that Sarbanes-Oxley rules did not detect or prevent some of the most severe failures in accounting statements. By contrast with rule-based approaches, Cataphora's data-driven solution is able to adjust to a changing corporate environment and to evolving constraints, whether imposed by regulatory bodies, internal policies, or specific business needs.

Detect warning signs, don't just look for symptoms

Cataphora's holistic monitoring technology consistently analyzes all electronic information, not only business transactions but also unstructured data like emails, instant messages, or documents and, most importantly, models human behavior and interactions with the data.

This is essential to the prevention of more complex or subtle incidents: for instance, no data loss prevention system will, by itself, ever be able to predict the probability that a disgruntled employee will leak trade secrets or other corporate assets when he leaves the company – which he is in fact preparing to do. However, people are creatures of habit, especially in organizational contexts, and these habits are hard to change. Thus, detecting an unusual situation where an employee conceals his activities, turns his attention away from his professional responsibilities, or otherwise modifies his work patterns is often the best way to predict and hence prevent such an incident from occurring in the first place.

Obtain meaningful results

Any compliance monitoring or risk management system that generates a profusion of alerts is useless if the company lacks the staffing capacity to chase down all but a small fraction of those alerts. In some cases, alerts will be completely ignored by compliance officers and risk managers: one of the largest financial frauds in history was addressed only after internal auditors had sent 75 alerts – and many more red flags had been raised from the outside. Such repeated failures also add to the direct cost of the incident an increased liability for negligence and a huge loss of credibility, thus arguably making the cure worse than the poison.

Cataphora's approach greatly condenses alerts by reporting data according to observed anomalies in the behavior of particular individuals or groups of people, and by producing actionable alerts relative to real-world facts rather than to the violation of pre-configured rules. This improved focus offers the further benefit of a less intrusive monitoring system, which protects data confidentiality and employee privacy.

* According to the latest report on occupational fraud by the ACFE (Association of Certified Fraud Examiners)