EXTENSION OF TIME, VARIATION ORDER (Sub-Topic : CORRUPT PRACTICES)

Having to experience working as a contractor, consultant and the client, request for an extension of time (EOT) by the contractor can have both advantages and disadvantages. EOT is also linked to variation orders (VOs).

VARIATION ORDERS

VO might involve changes to the scope of work, often lead to the need for an EOT. For example, if a VO requires additional work, the contractor might need more time to complete the project, necessitating an EOT.

Coordination Challenges

If not well-coordinated, EOT requests related to VOs can lead to complexities in project management, potentially causing further delays and disputes over the time impact of variations.

Potential for Additional Claims

A VO might lead to additional claims for time and cost. Contractors need to ensure that any impact of a VO on the project timeline is captured in an EOT request to avoid financial losses.

VO might lead to potential corruption

Inflated Costs

A contractor might inflate the costs associated with a VO in collusion with a client’s representative, with the inflated amount being used for kickbacks or bribes.

Unnecessary Variations

Unnecessary or excessive VOs might be introduced to create opportunities for illicit payments. For example, a client’s representative might request a VO that isn’t actually needed, justifying the expense to benefit financially.

Approval Process Manipulation

Bribes may be offered to expedite the approval of VOs or to ensure that they are approved without proper scrutiny, even if they are not in the best interest of the project.

Vigilance Strategies for Clients and Contractors

Transparent Processes

Both parties should ensure that the process for approving VOs is transparent, with clear documentation and justification for each variation. This includes detailed cost breakdowns and independent verification where possible.

Regular Audits

Conducting regular audits of VOs and related financial transactions can help detect irregularities. Independent third-party audits are particularly effective in ensuring objectivity.

Ethical Guidelines and Training

Establishing and enforcing strict ethical guidelines for all employees involved in the project, and providing regular training on anti-corruption practices, can help prevent bribery.

Whistleblower Protection

Implementing a robust whistleblower policy encourages employees to report any suspicious activities related to VOs without fear of retaliation.

Segregation of Duties

Ensuring that no single individual has too much control over the VO process can reduce the risk of corruption. This includes separating responsibilities for requesting, approving, and overseeing VOs.

Independent Review

Involving independent consultants or third-party reviewers to evaluate the necessity and cost of VOs can help ensure that they are legitimate and fairly priced.

A BRIEF ON HOW TO DETECT FRAUD IN BANKING AND FINANCIAL SECTORS - Nik Zafri

Please also read my other articles about money laundering and anti-corruption.

Detecting fraud is usually linked money laundering, and corruption in the banking and financial sectors is crucial for maintaining the integrity of the financial system. there are strategies and technologies need to be taken into account.

1. Fraud Detection

a. Transaction Monitoring Systems (TMS)

These systems analyze transaction patterns in real-time or near real-time to detect suspicious activities. They use predefined rules, statistical models, and machine learning algorithms to flag anomalies. This will enable banks to proactively detect and investigate suspicious activities, helping to prevent them from escalating into more significant financial crimes. By identifying and halting illegal transactions early, banks can avoid potential losses and reduce the risk of regulatory scrutiny.

b. Anomaly Detection (AI)

Machine learning techniques (AI), such as supervised and unsupervised learning, are employed to detect deviations from typical behavior. These methods can identify unusual patterns that may indicate fraud. Machine learning models has proven effective in detecting anomalies by identifying unusual patterns in vast datasets. These AI models continuously learn from transaction data, adapting to emerging fraudulent schemes in real-time.

c. Behavioural Analytics

Sometimes, a user behaviour can also indicate fraudulent activity. These include frequent login times, transaction types, and sometimes at different locations and mixture of transactions (frequent use of cash deposit machine with significantly large amounts at different locations and online transfers/interbank transfer) 

d. Multi-factor Authentication (MFA)

Implementing MFA helps in preventing unauthorized access to banking systems, which is a common precursor to fraud. It can pose problems to the customers with too many authentications and verifications but it will protect both customers and bank from fraud and scamming. MFA adds an extra layer of security beyond just a password. Customers must provide two or more verification factors—such as something they know (a password), something they have (a smartphone or security token), or something they are (a fingerprint or facial recognition). This makes it much more difficult for unauthorized users to gain access, as even if they manage to obtain one factor, they would still need the additional factor(s) to successfully log in.

2. Money Laundering Detection (Anti-Money Laundering or AML)

a. Know Your Customer (KYC) and Customer Due Diligence (CDD)

KYC involves verifying the identity of customers, while CDD involves ongoing monitoring of their transactions to help identify potentially suspicious behavior linked to money laundering.

b. Suspicious Activity Reporting (SAR)

Banks are required to file SARs for any transactions that they suspect may involve money laundering. These reports are then reviewed by financial regulatory authorities such as Bank Negara.

c. Risk-Based Approach

Financial institutions categorize customers and transactions based on their risk level. Higher-risk transactions are monitored more closely to detect potential money laundering.

d. Transaction Structuring Detection

Money launderers often structure transactions in small amounts to avoid detection. Advanced algorithms can detect patterns of structuring across multiple accounts or over time.

e. Beneficial Ownership Identification

It's essential to determine the true owners behind complex corporate structures, as money launderers often hide behind layers of corporate entities.

3. Corruption Detection

a. Conflict of Interest Checks

Regular audits and checks can help identify situations where employees or executives of the bank might have conflicts of interest, potentially leading to corrupt activities via specific client favoritisms.

b. Vendor and Third-Party Risk Management

Financial institutions should monitor and evaluate the integrity of vendors and third-party relationships to detect corrupt practices, such as bribery or kickbacks.

c. Whistleblower Programs

Encouraging employees to report corrupt activities internally through protected channels can lead to the early detection of corruption.

d. Internal Audits and Controls

Regular internal audits can identify weaknesses in financial controls that could be exploited for corrupt purposes.

4. Technology and Data Analytics

a. Artificial Intelligence and Machine Learning:

AI and ML are increasingly used to detect complex fraud, money laundering, and corruption schemes. These technologies can analyze large datasets and identify patterns that humans might miss.

b. Blockchain Technology

Blockchain’s transparency and immutability make it a powerful tool in preventing fraud and money laundering, especially in tracking the provenance of funds.

c. Big Data Analytics

Analyzing vast amounts of structured and unstructured data helps in identifying suspicious activities across different systems and jurisdictions.

d. Network Analysis

Analyzing relationships between different entities (e.g., customers, accounts, transactions) can reveal hidden connections that may indicate fraudulent or corrupt activity.

5. Regulatory Compliance and Reporting

a. Regulatory Technology 

Regulatory Technology help financial institutions comply with regulatory requirements by automating the monitoring, reporting, and auditing processes.

b. Continuous Training and Awareness

Financial institutions must regularly train their employees on the latest fraud, AML, and anti-corruption techniques and regulations to ensure vigilance and compliance.

c. Collaboration with Law Enforcement

Financial institutions often work closely with law enforcement agencies such as Bank Negara Malaysia, Security Commission, the Police (PDRM), Company Commission etc. to share information and intelligence, helping to detect and prevent illicit activities.

6. Challenges and Emerging Threats

a. Cyber Fraud

As banking becomes increasingly digital, cyber fraud (e.g., phishing, hacking) poses a significant threat. Institutions must continuously update their cybersecurity measures.

b. Cross-Border Transactions

Detecting fraud and money laundering in cross-border transactions is challenging due to differing regulations and the complexity of tracking funds across multiple jurisdictions.

c. Cryptocurrency Risks

The rise of cryptocurrencies presents new challenges for detecting money laundering, as these digital assets offer a degree of anonymity and are harder to trace.

Conclusion

Detecting fraud, money laundering, and corruption requires a multi-faceted approach that combines advanced technology, strict regulatory compliance, and robust internal controls. As threats evolve, financial institutions must stay ahead by adopting innovative detection methods and continuously improving their risk management strategies.

DEFEND YOURSELF AGAINST DEEPFAKES - Nik Zafri

Deepfake technology represents a remarkable achievement in artificial intelligence, offering significant benefits across various industries such as architecture through VR/simulation, gaming, entertainment, healthcare, and more.

However, deepfakes also have the potential to be misused, for instance, to frame or ridicule individuals or to trigger public unrest or part of elaborate scamming. Some deepfakes are so convincingly realistic that they can easily confuse viewers, especially those encountering them for the first time.

As deepfake technology advances, detecting these falsified videos becomes increasingly difficult. Similar to superimposed photos, deepfakes can be identified by examining the source codes or metadata—such as timestamps, locations, and device types—as well as by analyzing the following elements : 

1. Unnatural Facial Movements and Expressions 

e.g. 

blinking - even in the newly improved models, sometimes deepfakes do have issues with realistic blinking patterns. (14 to 17 times a minute)

Pay attention to mouth movement as well especially during a speech. The lips can sometimes be out of sync with the audio or move unnaturally

Facial Expressions can seem to be exaggerated, stiff, or inconsistent with the tone of the speech.

2. Inconsistent Lighting and Shadows

Lighting - deepfakes might struggle with consistent lighting across the face and body. If you watch carefully, you may spot shadows/highlights that don't match scene's overall lighting

Reflections - Glasses, jewelry, or shiny objects should reflect light naturally. If the reflections look off or are missing, it could indicate a deepfake.

3. Unnatural Eye Movements

One of the most obvious element in spotting a deepfake is the gaze direction where yes direction may not align naturally with the head or body movement, or the gaze might appear fixed/static or robotic.

4. Hair and Teeth

Hair - another problem is in the rendering of hair - look at the edges where it meets the background. Hair might appear blurry, or individual strands may not be visible.

Teeth can too perfect, overly white, or lack texture, making them seem unnatural.

5. Audio-Visual Mismatch

Sync Issue where the audio does not match the visual, either due to timing issues or because the deepfake doesn’t accurately replicate the mouth’s movements.

Voice Quality sounding too robotic or doesn’t match the person’s usual tone.

6. Background Anomalies

Inconsistencies - strange distortions or warping in the background, especially near the edges of the face or body.

Blurring - area around the face might be blurred or have different quality levels compared to the rest of the scene.

7. Resolution Discrepancies - Pixelation -  Check for inconsistencies in the video’s resolution. For instance, if the face appears sharper or more pixelated than the rest of the frame, it could be a deepfake.

8. Edge Quality - Pay attention to the edges of the face and body. If they appear too smooth or too sharp compared to the rest of the video, it might be a sign of manipulation.

9. Unusual Artifact - Distortion - Look for any visible distortions, especially when the person moves their head quickly. Deepfakes might struggle to keep up with fast movements.

10. Color Shifts - If the skin tone or color of the face changes abruptly, it might indicate that the video has been tampered with.

11. Content Inconsistencies - Context - Consider the context of the video. If the behavior, speech, or actions of the person seem out of character.

12. Mismatched Statements - Compare the content with known facts or previous statements by the individual - check for any discrepancies.

13. Use of Detection Tools - There are tools and software available that can help detect deepfakes by analyzing inconsistencies that might not be visible to the human eye.

Cyber Digital Services, Defence & Security Asia 2024

Cyber DSA 2024 held at KL Convention Centre officiated by Ybhg Tuan Gobind Singh Deo - Minister of Digital, Malaysia - is a regional event focused on the cyber defense and security industry, including the military sector. It brings together cybersecurity professionals and executives from government, military/MINDEF , and private sectors, aiming to advance the cyber defense and security agenda.

The event showcases the latest technologies and shares valuable knowledge and insights on cyber intelligence, presented by regulators, policymakers, military personnel, CISOs, government officials, practitioners, and researchers from around the world.

The speakers were great. Had interesting discussions with Maxis representative on Dual Network 5G Model, Terrabyte X Picus on security of blockchain, firewalls, predictive analysis and risk management etc.

We covered most of the booths displaying sophisticated security and defense technology, applications and software but the ones that caught our attention are :

The Malaysia National Cyber Security Agency (NACSA) - a name that require no introduction - they have been THE frontline in the Malaysian cyber security landscape. There is also a joint project with Universiti Putra Malaysia introducing the primary information management system benchmarked to ISO 27701.

Defence Cyber and Electromagnetic Division, Angkatan Tentera Malaysia (Malaysian Armed Forces) - displaying a sophisticated defense and security surveillance system. We also met their strategic partner, none other than Telekom Malaysia and had resourceful conversation with one of the vendors Arvia as well. Innov8tif Solutions - ID verification to help digital businesses establish a full-fledged Customer Identity Assurance (CIDA) ecosystem.

Terrabyte X Picus - Providing Security Validation to counter Continuous Threat Exposure, cyber risk management, assessment and mitigation with data driven insights. What is most impressive that the system can also be a predictive model (which I think, if properly customized in the near future may prove useful to investors and general public as well)

Universiti Teknologi MARA Shah Alam - College of Computing, Informatics and Mathematics

BlackBerry - again a name that requires no introduction

Quad Miners - a leading company in Network Detection and Response

and so many more.

Noma SWO Consult has had its' share of experience in Information Security Management Consultancy/Training/Asessment in the areas of Defense and Cyber Security/Intelligence – Arpa/NSFUsenet, Cobit, Till, Biometrics etc)

DAY 1 - MALAYSIA-KOREA TRADE MISSION, DAY 2 - WORKSHOP ON STRATEGIC TRADE MANAGEMENT

DAY 1 A new day dawns. Had a productive morning attending the 2024 Malaysia-Korea Trade Mission at the Renaissance Kuala Lumpur. It was a privilege to represent Malaysia as a platform for promoting Korean products to local businesses. Connecting with such a high-level delegation of South Korean companies across various sectors was extremely valuable. There's immense potential for Noma SWO Consult to explore partnerships, joint ventures, or distribution agreements with these companies eager to tap into the Malaysian market. This event offered a fantastic opportunity to expand our business network. We extend our sincere thanks to PDS Consulting and all government agencies involved for organizing this impactful trade mission.

DAY 2

Attended MYSSTCC (Malaysian Strategic Trade Control Community) Workshop on Strategic Trade Management (Industry engagement) I was representing Noma SWO Consult and Madam Hajah Tetty Henney Zulkifli in the capacity of President/Founder for Women in Governance & Technology Association Malaysia (WIGTA)

The event held at DoubleTree by Hilton brought together key stakeholders, including officials from the Ministry of Investment, Trade and Industry (MITI), MYSSTCC, and the US Embassy.

The workshop focused on the Strategic Trade Act (STA) 2010, a crucial piece of legislation often overlooked by exporters.

Compliance with the STA is essential to avoid legal repercussions. I strongly advocate for Malaysian exporters to become full members of MYSSTCC to benefit from their support and guidance.

The workshop provided valuable insights into strategic item classification, intangible technology transfer, licensing, and penalties under the STA. The informative presentations by MITI and MYSSTCC experts were complemented by engaging discussions on national security concerns, export controls, trade sanctions, screening processes, due diligence, and risk assessment.

Networking with fellow professionals and exchanging perspectives on real-world case studies enriched the overall experience.

Key takeaways from the event include:

- The importance of STA compliance for Malaysian exporters

- The benefits of MYSSTCC membership

- The need for enhanced understanding of national security implications in trade

- The critical role of due diligence and risk assessment in export control

This workshop underscores the significance of strategic trade management in safeguarding national interests while fostering responsible business practices.

Malaysia Must Be Proactive in Preparing for Future Disease Outbreaks.

The COVID-19 pandemic underscored the critical need for robust preparedness against emerging infectious diseases.

Malaysia should by now implement a comprehensive and multi-agency approach to public health.

Among key strategies that I can think of right now are :

Enhanced Border Control and Surveillance - Stricter screening of incoming travelers and foreign workers, coupled with swift quarantine and isolation measures for those from affected regions.

Comprehensive checks on animals and plants, both local and imported, should also be enforced.

Strengthened Public Health Infrastructure - Improved surveillance systems, well-trained response teams, and universal healthcare access are essential. Continuous public education on hygiene and prevention measures is crucial.

International Collaboration - Fostering partnerships with neighboring countries and global health organizations is vital for information sharing, resource allocation, and joint research on vaccines, treatments, and diagnostics.

Clear Leadership and Coordination - To ensure effective implementation, clear lines of responsibility and authority must be established. The Ministry of Health, in collaboration with other relevant agencies such as Immigration, Customs, Agriculture, and Environment, should spearhead public health and disease control efforts. Addressing challenges in healthcare resource management and personnel allocation, as experienced during the COVID-19 pandemic, is imperative.

By adopting a proactive and coordinated stance, Malaysia can significantly bolster its resilience against future health crises.

MALAKAT MALL - CYBERJAYA

 Malakat Mall Cyberjaya.

The mall was impressive, with a strong appeal that drew shoppers from as far as Gombak. This testament to its initial effective marketing - reminded me of the vibrancy of Melawati Mall and the former Ampang Park.

It's disheartening to hear the mall will be closing. I believe the pandemic's onset in March 2020, just 3 months after its opening, significantly impacted its trajectory. Businesses like mine have faced similar challenges, and recovery has been arduous.

While there have been criticisms of the management (which I can understand the frustrations), I believe the broader economic climate post-MCO played a more substantial role. Factors such as reduced consumer spending, challenges in the banking sector, and perhaps even the mall's location contributed to its difficulties. Attributing its failure solely to management is overly simplistic.

I hope the mall will revive, either under its current ownership or via a new buyer. Preserving its brand would be ideal.

Perhaps the motto or slogan need some changes or re-explanation - despite I see a fraction of non-Muslims and foreigners are shopping there as well, perhaps the slogan which was meant well originally - have blown out to proportions with race and religion insults.

(There are Kosher based business outside Malaysia and it was never a problem to other races/religions - so why bash them because they are trying to promote Muslims brand? Kelantan did it and there was never a problem of races/religion. The global trillion dollar cake for Islamic based products (Islamic Banking, Islamic Finance, Islamic Investment and so many more have been subscribed by everyone not only Muslims - so why Malakat Mall is the only one becoming a victim?)