Ontology based multi agent model for compliance management in Indian banking sector

Abstract

E-Business Management and associated risk mitigation of organizational resources have become a major challenge for the organizations in the light of increasingly integrated and interconnected global digital economies. These economies are governed by a complex web of regulatory standards across wide geographical boundaries. According to The Association of Certified Fraud Examiners Survey 2014, a typical organization across the globe loses 5% of its revenues each year to fraud. This amount (if applied to the 2013 estimated Gross World Product), translates to a mind boggling projected global fraud loss of roughly $3.7 trillion. In certain industries (including banking, insurance, telecom, healthcare etc.) fraud including cyber crime is even seen as the biggest revenue leakage. Another interesting findings from the aforementioned survey is that, the median duration between commencement and detection for the fraud cases is quite long viz. about 18 months. The findings are corroborated by another survey closer home viz. Indian Banking Fraud Survey 2012, by Deloitte. Here over 93% of the top management surveyed claimed accretion of fraudulent incidents in Indian banking industry in which the average loss exceeds 10 lac, while the average recovery is less than 25%. Over 50% of cases the average time to detect a fraud exceeds 6 months. All these surveys point to the lack of comprehensible framework and robust automated detection mechanism resulting in difficulties in fraud detection and prevention. Inadequacy in Compliance Auditing (CA) process is one of the major reasons behind corporate frauds and accretion of NPA (Non-Performing Asset) within the banking sector. This phenomenon threatens the organization, stakeholders and society at large. Traditional CA process, which identifies and analyses any misalignment between organizational practices and statutory regulations while using standard interview / questionnaires template, is inadequate in highly regulated and networked sectors such as banking, insurance and healthcare. Hence organizations, operating globally in different regulated industrial sectors, (banking, insurance, health care, telecom, power sector etc.) are forced to deploy Information Systems (IS) in planning, controlling, and reporting on the compliance with these requirements. This entire process is collectively known as Governance, Risk management, and Compliance (GRC) IS. A plethora of regulations, standards, and best practice frameworks have cropped up for GRC to satisfy numerous demands of multiple stakeholders (comprising regulatory authorities, legal entities, consumer forum and partners). The challenge lies in mapping control requirements with functionality of GRC IS through Compliance auditing (CA) process. The present thesis proposes a knowledge driven automated CA framework that identifies and analyses any misalignment and non-compliance of the organization's rules and policies vis-a-vis standard regulations. A distinct challenge here is the automation of repetitive, resource intensive process of identifying non-compliant organizational processes, involving multiple stakeholders. This is highly desirable from management point of view. In our research we reviewed existing regulations and derived a framework for key control requirements. We examined loan processing for SME (Small and Medium Enterprise) sector in Indian banking domain and came out with deviation patterns of concerned stakeholders through analyzing numerous real life case studies. Further as a special case of deviation, a logic based model of fraud is proposed. This methodology is based on risk segregation and classification of deviation pattern which is encoded in risk based auditing. We have also proposed a knowledge driven automated compliance auditing framework for better corporate governance. From secondary sources we collected 100 real life fraud cases in the banking sector and designed an automated risk score card model which uses text mining to automatically classify DPCs (Deviation Pattern Components) from unstructured text based cases with high accuracy. DPC patterns in a case give an early indication of the portfolio turning into a NPA. Then a logistic regression model is used to derive risk scores of the case studies. By incorporating experts' opinions as well as employing data mining techniques, the model automatizes the prediction of risk scores of DPCs that contribute to risk level, risk impact and risk detection of fraudulent cases. We conduct a goodness of fit test and tabulate the performance of a number of classifier models in terms of variety of performance metrics. The proposed model outperforms manual auditing in terms of scalability, reusability, , consistency, accuracy, efficiency and provides a useful tool for professional CA firms.