Mitigating Trade Fraud: The Case for Detecting Group Level Fraudulent Activity

White Paper

Business Process Services

Narasimha Murty M V

Narasimha Murty holds a Master's degree in Mathematics from the University of Hyderabad and an MTech in Computer Science and Data Processing from IIT, Kharagpur. He has eight years of rich experience in Big Data Analytics, data mining, and statistical modeling using advanced statistical tools. His expertise lies in capital markets, social media, retail markets, and health care.

About the Author

Fraud identification in capital markets is a challenging problem. Developers of fraud identification models usually compute the trade characteristics of each trader to build or tweak the model and predict the nature of fraud. Under this approach, models can identify the fraudulent traders, but they sometimes fail to identify fraudulent groups, since they are designed to only account for user level identification.

This paper proposes an approach to detect group level fraud by applying a set of qualitative rules for identifying associative groups of traders or users, and then applying mathematical rules to ascertain fraudulent activity by the identified groups. The proposed method is, in our opinion, more advantageous as it accounts for both individual as well as group level fraudulent activities

Abstract

Contents

Introduction 5

How group level fraud is perpetrated: An example 5

Suggested approach to identify group level fraud 6

Quantitative rules to detect fraud 6

Rules to detect different associative groups among traders 7

Overcoming limitations of the suggested approach 8

Conclusion 8

IntroductionRecent trends in the trade, banking, and insurance sectors point to an increase in fraudulent activities. Financial fraud severely affects a company's market share and brand value. Hence, proactive fraud identification is important in order to restore investors' faith and confidence in the investment system.

Traditional fraud identification methods are mostly manual. They only allow a view of a few handpicked cases or a sample of total possible cases. In order to identify all possible fraud incidents and prevent further fraud, an automated modeling framework is needed. Most of the fraud identification methods such as non-supervised classification, supervised classification, and outlier detection based methods use characteristics of traders (such as the net traded quantity, total value of the purchased stocks, etc.) for fraud detection. However, in some cases, groups of individuals act together to perpetrate fraudulent activity. Such activities are difficult to detect using typical fraud identification models.

To detect group level fraudulent activities, we need to:

(a) Understand associations or groups between the traders

(b) Compute group level trade behaviors instead of individual level trade behaviors

(c) Check whether the group has committed fraud

Let us understand fraud activity as a group using an example in the trade environment:

How group level fraud is perpetrated: An example

One type of fraud perpetrated in capital markets is 'marking the close on expiry day' by improperly using future contracts¹. Future contract settlement happens on the closing price² of the expiry day³. Some traders who hold huge volumes of futures of a stock try to inflate or deflate the closing price of a stock by trading heavily on that stock during closing period⁴ in the cash market⁵. This enables them to ensure settlement at a more profitable price.

The closing price is computed as:

5

[1] Future contract (or futures) refers to a legally binding agreement to buy (long) or sell (short) the underlying security on a future date.[2] Closing price is the volume weighted average of prices during the closing period (i.e., last 30 minutes of the trade hours).[3] Expiry date in the US is generally the third Friday of the contract month.[4] Closing period is generally the last 30 minutes of trading hours.[5] Cash market: Prices are settled in cash on the spot at current market prices.

Here, 't' represents the trade in the cash market during the closing period

Volume = trade quantity of the trade 't'

Traded Price = Price at which trade 't' occurred

Inflating the closing price on expiry day benefits the trader with huge long future contracts; similarly, deflating the closing price is beneficial for the trader with large short futures.

For instance, trader 'X' holds 1,000 futures of company 'ABC Corporation'. Let us assume that one contract is equal to 50 stocks and that price of the share at the start of the closing period is $100. The value of the future contracts of 'X' at the start of the closing period

= 1,000 * 50 * $100 = $5,000,000

Now, if 'P', 'Q', and 'R', who are colleagues of X, collude with him and trade heavily during closing period, let us assume that it will inflate the closing price of company ABC Corporation from $100 to $105. Thus, the value of the futures held by X at the time of settlement (using the closing price of the expiry day) will be:

= 1,000 * 50 * $105 = $5, 250, 000

Hence, trader 'X' will benefit by $250,000 (= $5,250,000 – $5,000,000).

Traditional individual level models will fail to identify such frauds, since X, P, Q, and R do not display any fraudulent characteristics individually. Group level fraudulent activities include activities like insider trading⁶, circular trades, and so on⁷.

Suggested approach to identify group level fraudThe approach we suggest comprises two parts — a mathematical part to detect fraudulent trade and a qualitative part to detect associative activity among individuals.

Quantitative rules to detect fraud

In order to identify fraudulent activity by a group, we suggest implementing an algorithm for 'associative groups', which considers multiple traders as a group based on the associations among them. Further, the group level trade behaviors are used to check the fraudulent nature of the group. Once the group is tagged for indulging in fraudulent activities, we can go on to compute individual level fraudulent behavior.

[6] Insider trading is the trading of a public company’s stock by individuals with access to non-public information about the company. In many countries, insider trading based on inside information is illegal. This is because it is seen as unfair to other investors who do not have access to the information[7] Circular trades: The process of executing a sell order with the knowledge that a buy order is being placed at the exact same time with a similar quantity; the same process can happen between multiple pairs of traders. The action is considered illegal because it excludes competition.

6

Table 1: Algorithm to detect fraud perpetrated by trading groups

7

Table 1 shows the process of evaluating a trading group for fraud using an algorithm and trade data.

Name of the company

Expiry date

Trader ID No. of futures Price1 Price2 Net no. of shares in cash market

Here:Price1 = Stock price at the start of the closing periodPrice 2 = Closing price of the stock at the end of the day No. of futures = Number of future contracts held at the start of the closing periodNet no. of shares in cash market = Net number of shares purchased in the cash market during closing period on expiry day

Next, we check if any trader or entity satisfies the two rules of our model: (Price 2 – Price 1)/ Price 1 > x% (2) (No. of future contracts * No. of shares per contract) > No. of shares in cash market (3)If any of the entities satisfy these two rules, then we can consider that trader or entity as fraudulent. Considered individually, X, P, Q, and R will not satisfy both. However, if all of them are considered to form one associative group, say 'G1', then we need to compute all the model parameters for G1 instead.

Then,Futures for G1 = Futures for ('X' + 'P' + 'Q' + 'R')Net no. of shares in cash market for G1 = Net cash market shares for ('X' + 'P' + 'Q' + 'R')G1 satisfies the rules of the fraud detection model (i.e., rules 2 and 3).

Rules to detect different associative groups among traders

Several methods can be used to link individuals to associative groups in a trade environment. For instance:

n If a set of traders have the same address or same telephone number in their records, then flag those traders as a relationship based associative group.

n If a group of traders have a high number of off-market⁸ deals, then categorize them as off-market based associative groups.

n To detect insider members of a public or private entity, add all key stakeholders of the entity as initial members of the associative group of the target entity. If any initial members of the group are also members of other entities, say G2 and G3, then consider all key stakeholders of G2 and G3 also as members of the associative group of our target entity. Propagate such additions till no new members can be added to the existing associative group.

n If there is commonality in the investment patterns of traders in different organizations, then they can be considered as an associative group with a common interest.

After detecting the associative groups as explained above, a modeler will need to compute group level trade behaviors for each of them, and then test whether the group is fraudulent based on group level characteristics.

[8] Off-market: An off-market deal involves buying or selling shares, but not on an official stock market.

Overcoming limitations of the suggested approachThe key lies in establishing an associative group for the fraudulent individual. Without this, an automated system cannot detect fraud at a group level. In order to overcome this problem, all possible types and categories of associative groups need to be identified, established, and maintained in the system. In some cases, groups may also need to be identified manually based on their proven fraud history.

ConclusionUnauthorized trading activities can cause investors to incur financial loss, as well as result in legal and regulatory implications and reputational loss for organizations. In order to prevent fraudulent trading, it is essential to establish controls including reviews and checkpoints to prevent individuals and groups from acting outside of legal norms.

One of the key steps towards achieving this goal is to leverage a model to detect associative groups. This helps improve the accuracy of identification of fraud committed at group level. However, the accuracy of the process depends largely on the accuracy of the associative group information. Hence, it is very critical to identify associative groups accurately by using stringent rules of association, and ensure that the group sizes are controllable. Once any group is identified as fraudulent, we can compute individual level fraud behaviors in the same group based on the role of the individual in the fraudulent activity.

Identification of fraudulent behavior at associative group level complements trader level fraud identification supported by most fraud detection models. It strengthens the ability of organizations to cast a wider net and comprehensively detect fraud at multiple levels.

8

All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright © 2014 Tata Consultancy Services Limited

IT ServicesBusiness SolutionsConsulting

Subscribe to TCS White PapersTCS.com RSS: http://www.tcs.com/rss_feeds/Pages/feed.aspx?f=wFeedburner: http://feeds2.feedburner.com/tcswhitepapers

About Tata Consultancy Services (TCS)Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match.TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and

TMassurance services. This is delivered through its unique Global Network Delivery Model , recognized as the benchmark of excellence in software development. A part of the Tata Group, India’s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India.

For more information, visit us at www.tcs.com

TCS

Des

ign

Serv

ices

I M

I 11

I 14

About TCS' Business Process Services Unit

Enterprises seek to drive business growth and agility through innovation in an increasingly regulated, competitive, and global market. TCS helps clients achieve these goals by managing and executing their business operations effectively and efficiently.

TCS' Business Process Services (BPS) include core industry-specific processes, analytics and insights, and enterprise services such as finance and accounting, HR, and supply chain management. TCS

TMcreates value through its FORE simplification and transformation methodology, backed by its deep TMdomain expertise, extensive technology experience, and TRAPEZE governance enablers and

solutions. TCS complements its experience and expertise with innovative delivery models such as using robotic automation and providing Business Processes as a Service (BPaaS).

TCS' BPS unit has been positioned in the leaders' quadrant for various service lines by many leading analyst firms. With over four decades of global experience and a delivery footprint spanning six continents, TCS is one of the largest BPS providers today.

ContactFor more information about TCS' Business Process Services Unit, visit: www.tcs.com/bps(http://www.tcs.com/bps) Email: bps.connect@tcs.com