Interdependence in Risk, Fraud and Compliance
Once of the challenges for applications that deal with risk, fraud and compliance, is the ability to effectively identify, correlate and visualize the interdependence between entities or events.
Interdependence, in the business context, means that functional areas of a business, either internally or externally, that need each other to carry out their own responsibilities. Interdependence is an inherent trait to GRC, Know Your Customer (KYC) , Anti-Money Laundering (AML) and Tax Compliance systems.
For example, in the airline industry, interdependence is evident with the large number of departments that are involved with just the departure of a single plane. Flight scheduler, customer support, ticket agents, gate agents, ground crew, flight attendants, and of course, pilots, are required to be resourced properly in order for a single plane to depart. With just only one department/resource being under resourced, this creates a domino effect, which ripples across the entire business, creating more stress and additional organizational breaking points. The effects of interdependence are clearly illustrated when according to FlightAware, over 2,000 flights were cancelled in a single day, June 30th 2022. The primary cause was a boom in travel demand, clashing with a reduced workforce of pilots, as airlines are recovering from shortages due to layoffs and early retirement in response to the 2020 pandemic.
A more visible and more complicated example of interdependence can be seen in the supply chain issues that have made the headlines over the last two years. Manufactured end-products are dependent on their vendors to be viable businesses and to supply components reliably in order to assemble a final product with volumes that meet the customer demand. For example, car manufacturers were impacted by severe semiconductor shortage starting in 2020. When the Covid-19 pandemic caused a significant drop in vehicle sales in spring 2020, automakers canceled their orders of all parts and materials — including all their semiconductor orders. In response, semiconductor manufacturers transferred their capacity for automobiles to consumer electronics and data center hardware, market segments that had increased demand during the pandemic. Then in the third quarter of 2020, when demand for passenger vehicles rebounded, chip manufacturers with supply lead times of 1year or longer, were already committed to supplying their limited capacity to other non-automotive big customers.
Will organizations do a better job planning to avoid these risks? While aggressive lean inventory practices are balance sheet friendly, the long-term effects are leaving many manufacturers vulnerable to the current supply chain problem being faced today. Should next quarter’s results take priority over the far-reaching impact to supply chains and correspondingly long-term revenue results? Modeling that risk based on the hundreds or thousands of interdependent nodes (node representing a vendor and/or component),will be a critical requirement for manufacturers in the future. Performing that analysis consistently is both challenging and complex.
An accurate picture of GRC includes dependencies, and relationships between multiple departments, business processes, and third-party business partners. Since the attributes of risk and/or compliance are relationship-based, the underlying technology that makes it easy and natural to perform these type of analytics should also be oriented to easily model these relationships. In addition, there is always a need to continually add more data sources or analytic results to the final evaluation process, particularly as Artificial Intelligence (AI)/ML algorithms become ingrained and more pervasive. Unlike previous generations of software applications that were built on relational databases, the new generation of governance, risk, fraud and compliance application software are being designed using graph databases. This enables the ability to make rapid improvements to the software application, while performing analytics on large data sets that can easily model interdependence of thousands or millions or linkages.
What is a Graph Database?
Graph databases are a new way of representing entities (as nodes) and its interconnectedness to each other (as links). It is ideal for applications built on connected relationships between hundreds, thousands, or even millions of different entity types. One example that views interconnected relationshipsis a genealogychart between all relatives using Ancestry.com. Another more well-known interconnected application is LinkedIn, whereby individuals can and are connected to each other to form their own personal “network” of colleagues and friends.
What is a Relational Database?
Traditionally risk and compliance softwareuse relational databases. Relational databases are formed in rows and columns like Excel spreadsheets. However, describing a relationship between entities can be cumbersome and requires a “JOIN” operation between multiple data tables. As the number of inter-relationships grow, so does the complexity of queries. With both the number of records in a database and number of relationships between entities exploding,system responsiveness is severely impacted by the multiple JOINs that occurs in a relational data table. In addition, schema changes are problematic and take a great deal of time for ensuring changes do not break the system.
Graph Databases: The Future of Interdependence Analytics
Graph databases are powering a new generation of applications that require modeling interconnectedness in a more natural and easier manner, resulting in exponential improvements in performance, adaptability and analytic capability. This new technologyis designed specifically for recording, searching, visualizing and analyzing the genealogy linkage between assets, owners, places, and events. Utilizing this database category has numerous advantages over traditional relational databases in risk and compliance applications due to:
- Essential to create analytics to find potential issues when analysing the entire “network” of actors across and outside the organization to determine risk factors and the level of risk.
- Enable easy interpretation of analytic results by a human since complex interdependencies can naturally be represented using node-link diagramsto visually represent the entire “network” of interdependencies. A family genealogy chart is a version of a node-link diagram, providing a visual representation of multiple layers of parent-child relationships.
- Support millions or hundreds of millions of records without impact to performance, as the data “traverses” across the various entity relationships.
- Ease to continually add and adapt to new data sources without significant changes to the application.
Factors impacting operational effectiveness, the center of GRC, are here to stay. A new wave of Covid, more transmissible than ever, has already spread across the US, adding more stress to many organizations still struggling. Supply chain issues due to semiconductor shortages will continue to be problematic for the foreseeable future, as capacity issues are resolved at a pace of a large tanker. It seems this is the right moment to find a different path and anticipate future crises with new technology designed to solve these types of problems.