Misclassification of Credit Defaults: Why Networks Are Key to Detecting Lending Fraud

Government schemes distributed financial support in record volumes in response to the global pandemic. And to achieve this in record time, banks were guided to reduce credit risk assessments. However, as defaults rise, it’s clear this light-touch risk approach has attracted an unprecedented level of fraud into corporate lending portfolios.

During benign times, only 1/3 of fraud which exists is detected. This means defaults are often misclassified as credit events when a portion is really a fraud loss. In the UK’s Bounce Back Loan scheme, the current estimates for all losses are £17bn of the £47bn issued, of which fraud is forecast to be 29%.

In this article, discover hidden connections to uncover loan fraud – and why it takes a network to catch a network.

Why Current Fraud Detection Tools Misclassify Fraud as Credit Losses

All companies are connected in some way, whether through trading with each other, sharing directors or, in some cases, a serviced office address. Fraudsters are even more connected. They follow predetermined patterns resulting from repeated past success or re-use combinations to trim their costs. 

One challenge for banks’ existing fraud detection processes and technology is that risk teams and data are siloed, which is ineffective in finding connected risks and leads to a high number of false positives.

Utilizing Advanced Analytics to Find Unambiguous Links

In order to overcome the challenges to detecting fraud within lending schemes, organizations require an innovative and dynamic approach to credit risk management models. Entity resolution and network analytics have proven to be powerful technologies in spotting this combination of individual risks, by looking at risk in context to demonstrate fraud. Relationship Managers, tasked with nurturing corporate client relationships, require confidence in acting on potential fraud cases – and advanced technology provides them with this.

Four Use Cases of Lending Fraud Typologies 

To see this in action, here are four genuine examples of lending fraud typologies that exist in transaction data, and the network features required to detect them:

Company Service Providers (CSPs) and Shelf Companies

1. Shelf companies, created by CSPs, have been linked in early reports of Covid lending fraud in the UK, specifically the Bounce Back Loan scheme, which required the business to be trading before 1 March 2020. Suddenly dormant shelf companies, incorporated before this date, were in demand as they could be used to apply for a £50,000 loan.
2. Unusual patterns to detect CSPs include finding a highly connected central node (the Director, Business or Address entity) with a high incorporation rate of businesses. These are typically surrounded by a less socially connected director – the new owner of the shelf company.
3. To determine if this new owner is risky, network scores are enhanced by adding back-dating features, links to past disqualified directors and default addresses at Companies House.

Related party transactions

1. Spoofing real corporate trading activity is complex to arrange and expensive to maintain. By building out supply chains and assessing transaction connectivity between your borrower and their counterparties, you can quickly uncover unusual links.
2. Examples include: a high degree of concentrated trading inside a small group of entities compared to more normal diverse trading behavior. Risks are elevated by adding unseen social links between companies (such as shared addresses or email addresses) and shared connections via CSPs.

Phoenix companies

1. Making a clean escape from a previous debt or insolvency by creating a new entity requires planning, but networks almost always uncover the hidden links.
2. Highly performing network features include homogenous pattern detection to find unusual concentrations of similar names, similar industry codes or similar business size. This is combined with detection of re-use by the same key entities: common addresses, common directors and common shared businesses.

Risky auditors

1. Weak corporate governance or lack of independence can be detected with networks to find director dominance, seen via strong family groups. Research shows that weak firms select weak auditors. This can be seen when where there is a mismatch between an unusually large or complex clients which has appointed an unusually small or inexperienced audit firm. 
2. Networks can detect the proportion of socially connected clients vs the auditors’ entire client base to create a Mutual Concentration Risk score.
3. In the UK, this typology uncovered two Directors (father and son) controlling 63 firms, which accounted for over 60% of all the 500 audit clients by Total Asset size. Unsurprisingly, this small audit firm had clients under investigation for fraud, prosecutions for money laundering and tax evasion.

Credit Benefits of Early Fraud Detection

There are myriad benefits for incorrectly identifying fraud and associated losses, including:

• Increasing approval rates – lend to businesses that are not linked to past fraud events
• Better risk models – improved loss provisioning and classification of IFRS9 stages
• More efficient recoveries process – focus on what is collectable vs fraud behavior
• Protecting a bank’s reputation and brand – fraudsters select targets with the weakest controls.