• wblogo
  • wblogo
  • wblogo

Evidentiary considerations for AI investigations

Craig Heschuk, GreyList Trace, Attorney, USA, 17 February 2021


Despite all the formidable skills and experience that investigative firms, law enforcement agencies, law firms and forensic accountants bring to bear, asset tracing remains a constant game of catch-up. Criminals are too often one step ahead as they use every possible means, including cutting-edge technology, to squirrel away their ill-gotten gains.

The role of Artificial Intelligence (AI) in the fight against fraud

Fraud-stricken banks face a daunting challenge when they hire experts to recover their assets. Given that the battle to recover the proceeds of fraude is moving inexorably towards cyber-space, we in the financial services industry have to get our heads around new modes of investigation. The adoption of technology that will make investigations easier (and thereby shift the struggle in favour of the good guys) is not a “nice to have” – it has become vital. As criminals grow smarter and the networks that they use to transfer funds all over the world keep evolving, the use of AI software is becoming indispensable. AI permits an investigator to interrogate vast repositories of data all over the world, the better to unravel a sophisticated criminal network of special-purpose corporations and bank accounts. AI tools can reduce an insurmountable “needle in a haystack” puzzle to a manageable, focused inquiry.

Life on the side of the angels comes with some challenges, however. Firms have to be disciplined when trying to comply with the right computer-misuse and data-privacy laws, as have their asset-recovery investigators.

A quick review of the existing toolkit

Technological innovation has already generated a range of e-tools. Let us begin with a quick survey of a few of the packages available to fraud investigators.

E-discovery and digital forensics

Among the most indispensable services for law firms, insolvency professionals and companies involved in disputes are e-discovery, digital forensics and AI-driven data analytics. Only the very largest firms can justify the use of in-house methods to analyse big data, so they need specialist software vendors to bring advanced computing power and dedicated expertise to bear to sift through massive amounts of data and billions of data points. This permits an investigator to spot potential claims, isolate crucial evidence in support of a claim and develop a narrative of the events that led to insolvency or to someone committing a fraudulent act.  

Crypto-currency and blockchain analysis

The emergence and rapid adoption of crypto-currencies has led to the growth of such firms as Chainalysis, which specialises in investigating the blockchain to help law enforcers and other clients who have justifiable cause to examine suspect crypto-transactions. There is a high and pervasive amount of fraud and money laundering in electronic currencies, so these services are indispensable for anyone who wants to track criminal conduct.

Each of these types of electronic whizzardry can be used in large and complex fraud investigations. In each case, there are issues that one has to consider when gathering, analysing and storing this information for the purposes of any future litigation that might occur.


Generally speaking, evidence is admissible in legal proceedings if it is relevant to prove the facts of a case, but neither the evidence itself nor the means by which it was obtained may be illegal. Anybody who obtains evidence through technological means has to pay attention to particular considerations. These are as follows.

Provenance, authenticity and defensible collection

The reliance on, and prevalence of, digital evidence that is submitted to a court in support of a claim is growing exponentially in lock-step with the growth of electronically stored information (ESI) that every business creates, shares and stores during the course of its day-to-day life. The methods that it must use to preserve its ESI's integrity in its original, unaltered state are growing more complex.

In most cases, firms have to rely on the assistance of forensically trained professionals who are experienced in handling digital evidence. Digital forensics firms such as LDM Global use experts trained in the maintenance of meticulous logs and unbroken chains of custodial records to ensure that methods for collecting and analysing information (and, most importantly, all evidence submitted to a court) can withstand scrutiny from opposing parties. E-discovery, digital forensics and blockchain investigations generally rely, to varying degrees, on the extraction of data from electronic sources. Particularly with digital data, it is vital for the investigator to preserve such information to prevent alteration. He must use defensible forensic collection methods to extract ESI.

Data-privacy considerations

The techniques that people use must be lawful, of course, which means that they must also conform to the laws of data privacy. In this respect, if information that can be construed as “personal data” is being processed then the means by which it happens must comply with the principles of relevant data privacy laws and there must be a “lawful basis” for processing the data.

Considerations for subpoenas and other court orders that call for disclosure

Court applications that rely on technology-driven investigations have to take into account not only the considerations about the provenance and authenticity of evidence that we have described above; they also have to be carefully crafted to achieve the desired result. For anyone who traces assets, it is frequently necessary to invoke the power of a court to compel a third party or the counter-party to produce evidence. In making an application to a court he obviously needs to know what he wants and why he wants it, but he needs to be able to explain why he thinks that he should be bothering the party being compelled at all. This is precisely the time that he has to have his provenance, authenticity and chain-of-custody records in order.

The integrity of information

It is vital, then, for investigators to maintain the integrity of the information and to ensure that their results are usable as evidence in court proceedings. It is important for banks and other financial firms to use reputable investigatory firms with methods that they can explain and established compliance regimes in order to satisfy the laws of evidence. They must also use experienced law firms that can handle requests for disclosure orders. Every case is different and a well-founded and well-crafted subpoena (or some other application for disclosure) can ensure that a financial firm's investment in pursuing a wrong-doer will yield dividends.

The GreyList Trace platform allows investigators to find out whether an email address (of a person-of-interest) has been used to open and operate a bank account with any of the 220,000 or so banks in the world. By combining algorithms with a sophisticated bank database, and without ever infiltrating a bank’s computer systems, GreyList can spot each of the banks with which an individual has a banking relationship or has had one in the recent past. It tests each relationship with software code that it innocuously “bounces off” the spam filters at all of the banks, obtaining no confidential information and accessing no computer systems in the testing. This determines, by deduction, whether the email address of a "person of interest" has been “whitelisted” by any of the banks.

Latest Comment and Analysis

Latest News