Home Fraud, Error and Debt Cat-and-mouse game: company registers up the ante against fraudsters

Cat-and-mouse game: company registers up the ante against fraudsters

Global Government Fintech Lab 2024 panel session six: Siobhan Benita (moderator), Sofie Østerkjærhuus Jensen and Charlie Boundy | Credit: Deirdre Brennan and Ian Hall


Representatives from government agencies in Denmark and the UK discussed their growing use of technology to tackle fraud during the Global Government Fintech Lab’s sixth panel session, Ian Hall writes

Public authorities are making increased use of innovative technology to tackle financial fraud. But technology is also creating new opportunities for fraudsters themselves.

The Global Government Fintech Lab 2024’s sixth session – titled ‘Fighting financial fraud with technology’ – explored these trends, focusing on attempts to stymie fraud via company registers.

Moderated by former UK civil servant Siobhan Benita, the discussion featured representatives from two nations – Denmark and the UK – where the relevant authorities are evolving from being passive recipients of information to taking proactive anti-fraud checks, increasingly enabled by technology such as artificial intelligence (AI),  

Sofie Østerkjærhuus Jensen, head of company supervision at the Danish Business Authority (DBA), was the opening speaker. Her team seeks to ensure the accuracy of data in the Central Business Register (CVR) and that limited liability companies comply with the Danish Companies Act, while preventing money laundering, financial crime and fraud. Over the past six years she has spearheaded the transformation of company supervision from a small team undertaking relatively minimal checks into one of the largest supervision areas at the DBA.

Charlie Boundy, who joined the UK’s Companies House last year in the newly created position of chief data officer, was the second speaker. Companies House has recently been handed significantly greater powers to improve the quality of its data and tackle misuse of its companies register through the Economic Crime and Corporate Transparency Act – a trigger to what it has described as the ‘biggest shake-up to the service in its 180-year history’.

Danish Business Authority
* Executive agency of Denmark’s Ministry of Industry, Business and Financial Affairs (the DBA’s overall remit is significantly broader than company registration)
* About 1,100 employees located in Copenhagen, Silkeborg and Nykøbing Falster
* About 350,000 companies are registered

Companies House (UK)
* Executive agency of the UK’s Department for Business and Trade
* About 1,250 employees, mostly located in Cardiff
* About 5.3 million companies are registered

Denmark’s digital journey

Sofie Østerkjærhuus Jensen at Global Government Fintech Lab 2024

Østerkjærhuus Jensen kicked off by saying that first step on the DBA’s ‘journey’ towards using technology to tackle financial fraud began with “digitalisation” and “having access to data”.

She traced this journey back to 2015 when, she said, the authority “digitalised any process… meaning that every [company] registration was put in digitally – no more manual processing of any kind”. This meant that the registration process accelerated from three months to “hours or minutes”.

“That was very good for businesses in Denmark but it was also good for people who wanted to use companies for fraud purposes,” she acknowledged. “Within a very short time we had multiple false identities – we had companies at addresses that didn’t exist.”

“The government didn’t want to go back on digitisation but they wanted to find some way to prevent this from happening,” she continued.

“We started off just trying to get better data by trying to do better verifications of the data coming into our systems. But at the same time, we were facing a huge problem with tax fraud. The biggest problem about that is when a company was doing tax fraud, and when you detected it and tried to stop it, the money would already be gone, with huge costs to the government,” she said.

RELATED ARTICLE Protecting the public purse: tackling fraud, error and debt – a write-up of the anti-fraud session at Global Government Fintech Lab 2023

‘Fraud model’ has been ‘game-changer’

If you can stop a company from being registered, tax fraud can itself be prevented, Østerkjærhuus Jensen pointed out. Around seven or eight years ago, data scientists proposed to the DBA how machine-learning could help. Government, too, was keen to explore such a route. “But they said we needed the right data to be able to move forward, so we put down legislation to allow the Danish Business Authority to get data from other authorities for the purpose of trying to prevent financial crime,” she explained.

The DBA began machine-learning experiments with “simple models” checking signatures and other details on documents and passports. “At the same time, we built a large ‘graph database’ that connects data-points, addresses, people, etc, so we could learn something about the company’s lifecycle and participants in companies,” she said.

This led to what she described as the “biggest game-changer” when, in 2020, the DBA introduced a ‘fraud model’, which produces a “predictive analysis to determine whether a company is going to be used for fraud within the next three years.”

“The idea is, for the people I supervise to stop the [company] registration from happening,” she said, explaining that new company data is inputted to ‘real-time’ models. These can trigger alerts for caseworkers to investigate. “You can only stop it if they are actually doing something non-compliant,” she added, going on to reference a 2002 US film in which police use technology to apprehend criminals before they commit a crime. “We can’t not register [them] because we think they’re going to do something in the future – it’s not Minority Report all over again,” she said.

RELATED ARTICLE Acceleration under pressure: governments tackle fraud with fintech – a write-up of the anti-fraud session at Global Government Fintech Lab 2022

Transformation challenges

The fraud model has “saved a huge amount of money” for Denmark’s government, Østerkjærhuus Jensen said.

But she acknowledged that the “hard part” (and indeed one of the DBA’s biggest challenges) was proving that fraud had been stopped before it could take place. “Also, the cost has been more than we imagined from the beginning,” she acknowledged. “It [investing in technology] was always about how this would be more efficient. We found out that it is more efficient, and we [are] find[ing] the right cases, but we are finding a lot more cases than we actually thought we would.”

“Also, it takes a lot of manpower just to be able to develop and run models – you have to do variations all the time, because otherwise they stop performing as you want them to,” she continued. “You have to build knowledge, and knowledge is building people, and people sometimes leave, and it takes a lot of time to make sure that you have the knowledge in the authority to actually keep going forward on this.”

She highlighted a further challenge of ‘transformation’ when it comes to ‘people’, observing that caseworkers logically focus on “incremental” improvements but keeping focused on – and delivering – big changes was “really, really hard”.

She concluded her opening remarks by making a broader point about transformation, emphasising how it was important to be clear on what problem you are trying to solve when committing to using technology. “If you don’t know what the problem is, what [you] want to do with the machine-learning, or any AI [artificial intelligence] or language model, you can’t use it for anything,” she said. “Sometimes you may find out you have a problem and it’s actually better to [go forward] with something other than AI.”


‘Gateway’ for fraud and money laundering

Charlie Boundy at Global Government Fintech Lab 2024

Boundy began by reflecting on the creation of his own role at Companies House, which has seen “huge growth” in company registrations over the past decade.

“The thing that’s really exciting for me as a chief data officer is joining an organisation that’s already got real-time ‘open’ data,” he said, saying that Companies House’s data had been “valued at somewhere between £1bn to £3bn to the economy” (which it “gives it away for free”).

The simplicity of the process to register or incorporate a company in many countries has made it relatively easy for fraudsters to exploit, he said. “You can create a company within minutes and quite cheaply. You can see there’s some competitiveness between different countries wanting to make their places good places to do business,” he said.

But company registration is, he said, a “gateway for a lot of fraud or money laundering, where people are [trying] to get legitimacy to then do various transactions within the country or another jurisdiction.”

Companies House is increasing its investment in data analytics and AI as it strives to make the most of its new powers, which include: greater powers to query information and request supporting evidence; stronger checks on company names; new rules for registered office addresses (for example, companies will not be able to use a PO Box as their registered office address); a requirement for all companies to supply a registered email address; and greater powers to challenge and remove factually inaccurate information.

RELATED ARTICLE UK’s Companies House ups data analytics and AI investment as new powers kick in – an article (4 March 2024) on Companies House’s plans as the first measures under the Economic Crime and Corporate Transparency Act came into force

‘Real-time APIs’

“The fintech angle is our real-time APIs,” said Boundy – a reference to application programming interfaces (software interfaces that allow two or more computer programmes to communicate with each other).

The Companies House API lets people retrieve information related to limited companies, with data transmitted ‘live’.

“We’ve got hundreds of people signed up to it,” said Boundy. “We don’t know all the applications it’s been put to but there’s a lot of KYC [know-your-customer] checks, a lot of fast access to granting mortgage[s], car finance and online accounting.”

“Speed has got its consequences, there’s lots of risks that come with that,” he acknowledged, describing overarching fraud challenges such as ‘ID hijacks’ and money laundering.

But Companies House’s new powers mean it has entered a new era with the ability to query, challenge, strike off and ‘annotate’ the register (its new powers are being introduced in phases).

“In the first couple of months, we’ve already had several thousand companies move towards strike-off, correction or improvements based on those new powers. We’re learning a lot as we go, and technologies play into that,” he said.

RELATED ARTICLE UK anti-fraud legislation aims to tackle fake identities – a news story (30 October 2023) on the Economic Crime and Corporate Transparency Bill gaining Royal Assent

Geolocation tracking

Boundy was asked about data-sharing between organisations (Companies House is now legally able to proactively share data with other government departments and law enforcement agencies: previously it could only share data under limited and specific circumstances, for example because of a court order or in response to a police request).

“A lot of organisations have already had copies of our data for a long time, and they can tell us things back,” he said. “So, I’m almost in the crowdsourcing way of doing things, saying: ‘if you’re seeing things happening, tell us’, because people – whether, that’s credit reference agencies or others – are matching things to known watch-lists: your classic fraud ‘flags’ and indicators used in financial services a lot.”

Geographical addresses are an area of focus. “You want to know if the geolocation of something match[es] up with where something was reported online, where the device was at the time; also, is it residential, is it commercial, is it service address? All of these sorts of things. So, there are watchlists, like ‘known outcomes’, and then there’s more contextual things, like addresses, and the more you can blend those sorts of things together, the richer picture you have about the relative risks.”

Østerkjærhuus Jensen said that the DBA was able to access “some” data from other authorities but “would like more, always”. But data needs to be of sufficient quality to be usable.

“Even in Denmark, where every [government] agency has been digitalised for many years now, there is still a lot of old legacy data that is hard to come by,” she reflected. “Also, a lot of the data is in the private sector. As a government we have a hard time sharing data with private companies, like banks.”

RELATED ARTICLE Fraud fighters: public authorities look to fuse technology with data to battle criminals – a write-up of a Global Government Fintech webinar on 7 November 2023 titled Following the money: how can data and technology combine to help governments beat fraudsters?’

‘CRM-style thinking’

Østerkjærhuus Jensen was asked about the accuracy of the DBA’s fraud model (predictive tool).

She said it was “hard to give an exact percentage” but that “several evaluations” had found it was “good”. That said, given that its predictive range stretches for three years and it launched only in 2020, she pointed out that it had only recently become possible to begin to properly assess it. “But it is very efficient,” she said.

She also pointed out that the tool’s scope is relatively broad (with “about 30 features that indicate different things”); “running a bad business isn’t the same as being a fraudster”; and “it’s not illegal to go bankrupt… but if you do go bankrupt on purpose again and again, then you heading into something that’s illegal.”

When it comes to actually prosecuting fraudsters other government agencies need to get involved. “Only when they’re actually violating the Companies Act, can we do something,” she explained. “We will tell the tax authorities if we have detected something that we can’t do something about, and then it’s up to them to take it further.”

Boundy picked up on the thread related to the DBA’s fraud model. “One of the things that’s useful about [such] models is that government departments aren’t used to building up relationships with ongoing things like dealing with companies,” he said. “If you’ve got an idea of the relative risks of different companies, you’ve got a chance to put in more classic customer relationship management [CRM]-style thinking. It gives you a chance of having more cost-effective relationships or behaviours, which is something that a lot of commercial sector does every day but government departments are still learning how to.”

Ongoing agility required

Focus turned to the challenge of keeping pace with technological change and the speed with which criminals themselves use new technologies.

“Fraud is never going to go away,” Boundy said. “It is always going to be a cat-and-mouse game.”

“The challenge for organisations is to be agile and not spend two years building a system and then hoping that system is going to live forever, because it’s not,” he said, pointing out that fintech solutions could be tried and tested – and relatively quickly dispensed with if they don’t prove effective.

“It’s being more, I guess, configurable as organisations because that cat-and-mouse thing will constantly happen,” he said.

Østerkjærhuus Jensen agreed with the need to be agile and acknowledged that the DBA’s fraud model had taken “years” to build and involved multiple “changes of direction” because “things are moving very fast”.

“What we thought we could do when we started looking at it in 2017 or 2018 wasn’t the same as the technology that was available in 2020, and we’re still building on it – you have to develop all the time,” she said. “Also, when you’re looking for fraud, you tend to be looking at where the fraud is right now, and if you keep focusing on that, you will miss where they [fraudsters] are moving to, because it’s moving all the time.”

Cross-border considerations

Fraudsters’ ability to operate across borders deepens the challenges.

“People could register UK companies but the fraud is happening in a different country and we don’t know why or what the rationale is and without being able to unpick some of those things it’s quite hard to stop,” said Boundy.  

International co-ordination does take place and, as Boundy acknowledged, “lots of transparency groups are pushing” for improvements. But, he acknowledged, momentum “could be quicker”.

“There’s a lot of different ways that business registers [are] being run across Europe even, and it’s not always the same people [operating] the register as the authority actually having to prevent fraud,” Østerkjærhuus Jensen said. “That being said, we do talk to a lot of other countries, both with similar and different set-ups. But the thing about sharing data across borders, it would be a game-changer and it’s not what is happening right now.”

“Not all registers are open,” Boundy also observed. “A ‘company register’ may sound simple, but actually there’s quite a lot of complexity behind it. There’s a company up front, but [when it comes to] ownership of companies – shareholders, company secretaries, directors, etc – some of that does have a lot of privacy attached, because it’s home addresses, residential addresses, that sort of thing. In a lot of areas… […] there are some data-quality issues. But when you make it completely ‘open’, people point out that sort of stuff pretty quickly.”

RELATED ARTICLE UK’s Public Sector Fraud Authority turns to ‘cutting-edge’ tech – a news story (30 January 2023) on London-headquartered company Quantexa being awarded a contract by the PSFA to use ‘new data and cutting-edge technology, including AI, to find and prevent more fraud across the public sector’

Tech options ‘brilliant’

In answer to a question about the extent to which their authorities were keen to engage with the private sector, Boundy responded from two perspectives.

First, was the perspective of “sharing what we know about fraud against us”, saying that it “shouldn’t feel like there’s a barrier of having to have a commercial relationship to make that intelligence be shared.”

Second, he spoke of “plenty of organisations that have created fantastic technology for us to actually integrate with”. In his regard he mentioned the UK’s Public Sector Fraud Authority (PSFA), which has engaged a fintech company (Quantexa) to develop an AI service dubbed ‘SNAP’ (which stands for ‘Single Network Analytics Platform’) – a tool now being used by Companies House.

“There are some brilliant things out there,” Boundy said. “I think the point is [about] having that defence in depth, because it’s not just one thing is going to cure all fraud… it’s layers, because people are going to start working through your defences.”

In answer to a question specifically about AI he referenced ‘entity resolution’, explaining that the challenge was to identify “connections that people are deliberately trying to obscure now they know that type of technology is being used”.

“The [area] that is just going to be increasingly more and more brilliant is around identity verification and verification of documents and moving images and those sorts of things,” he added. “I’m overwhelmed with interest in that space.”

More data, please

The session closed with the duo asked about their ‘next big thing’ in respect of technology deployment.

Østerkjærhuus Jensen revisited her opening remarks by saying that data challenges were a greater priority than specific technology considerations. “More data on money movements will make a huge improvement,” she said.

Boundy referenced broader government interest in enabling people or organisations to ‘file once’ – in his words, “smoothing those journeys between dealing with lots of departments” and enabling greater “interoperability” across government.

“There’s a lot of great work in terms of trying to standardise and come up with common identifiers and things like that, and standards around accounting tagging and things as well is a big deal,” he said. “So, filing once with government is an ambition to make sure that it is easy, [that] you can ‘multi-channel’ choices and there’s less remembering to tell one department and another and keeping your circumstances in line. So I think it’s pushing those things.”

We expect to upload a session video recording here shortly.