Most of the data and technology that can be used for revenue assurance can also be used for fraud management. Many controls can be designed to serve both purposes too. And when evaluating the financial benefits delivered by these disciplines, it would be strange to use inconsistent measures of the potential risk or the value delivered. On the contrary, most surveys suggest that investments in revenue assurance deliver a similar return to investments in fraud management. These factors mean the majority of vendors serve both kinds of customer, and has encouraged most mature telcos to organize their revenue assurance and fraud management functions under common management. But when we talk about training or professional communities, much more is spent on developing and educating fraud managers compared to RA managers. Why is this?
To answer this question, we must first appreciate some key facts about the organizations that seek to attract telecoms fraud and revenue assurance practitioners.
- The GSMA organizes large and productive meetings and conference calls at a global and at a regional level, with the goal of sharing information amongst their telecoms fraud and security clientele. They also facilitate the exchange of data about fraud. The GSMA briefly contemplated addressing revenue assurance as part of its fraud forum, but rejected the proposal. They later unified the groups for fraud management and security, further guaranteeing that they would never devote resources to revenue assurance or related operational risks that are not driven by malice or crime. The scope of the GSMA’s Fraud and Security Group (FASG) excludes other common causes of leakage.
- The focus of the Communications Fraud Control Association (CFCA) is obvious from their name, and they principally run events in North America that are smaller than those held by the GSMA but which continues to attract a viable audience. The CFCA sometimes encourages confusion by pretending to engage with revenue assurance too, but a quick glance at agendas, speakers and board members is sufficient to confirm RA will only ever be covered as an afterthought. For example, the agenda for their most recent educational event only mentioned revenue assurance once, and that was for a panel discussing whether RA work should be linked to fraud management. The CFCA also portrays themselves as a global association, but their bias towards the USA is reflected by their holding two-thirds of their events in that country, and only venturing to overseas locations if their American clients want to visit them.
- The Telecommunications Risk Management Association (TRMA) has sometimes been described as a sister organization to the CFCA because of overlaps in their personnel. They narrowly focus on managing credit risk. In the past it has also been suggested that the TRMA is the revenue assurance counterpart to the CFCA, but only because of confusion between the need for credit controllers to maximize the collection of payments from retail customers and the much broader range of tasks performed by a comprehensive revenue assurance function. They are little known outside of North America.
- The revenue assurance working group of the TM Forum first met in 2004. During most of its early years it was dominated by one RA vendor, cVidya (now a division of Amdocs), though cVidya’s influence was diluted when some other major vendors also took an active interest. RA-specific team meetings may be scheduled alongside the much broader events arranged by the TM Forum. Though the TM Forum holds its largest conferences in North America and Europe, the RA team is generally only capable of attracting telco RA managers to the TM Forum’s European events, and then only in much smaller numbers than the number of telco fraud managers that attend the GSMA FASG or CFCA. In practice, the program of work for the TM Forum RA team is driven by the TM Forum’s catalyst program, which seeks to demonstrate how technologies can be integrated. The focus on catalysts and the low participation rates from telcos means the TM Forum’s RA output is overly influenced by trends in the products that suppliers wish to market.
- The TM Forum also started a separate fraud management team in 2010, as a consequence of cVidya broadening its range to include fraud management following the acquisition of another business, ECtel. At that time cVidya wanted to change the remit of the TM Forum RA team to include fraud management, but this was rejected by the management of the TM Forum when larger RAFM suppliers resisted cVidya’s attempt to dominate the TM Forum’s fraud output. The standalone fraud management team has since struggled to compete with the GSMA and CFCA, and has failed to attract meaningful input from telcos.
- The Global Revenue Assurance Professionals Association (GRAPA) is a sales front for the training courses provided by its owner, American business consultant Rob Mattison. Though GRAPA claims to have held ‘townhall meetings’ for telco members there is no evidence that it has ever done so, or that it would be capable of organizing a conference on the scale of any of the associations mentioned above. It also claims that its standards have been ‘ratified’ by telcos, but this claim was made over 10 years ago, there is no evidence that its members have ever voted on anything, and all of its output is authored by Mattison. There is considerable anecdotal evidence that telco managers have been incentivized to promote GRAPA’s output without exercising any influence over it. Though GRAPA initially focused on RA training it soon diversified into fraud training in order to increase revenues. Practitioners who work for African telcos feature heavily in the list of students who have taken GRAPA courses; GRAPA has no clientele in developed economies.
- Some associations focused on specific types of telcos have teams dedicated to assisting the exchange of information between fraud managers. One long-established example is the ‘Fight Against Fraud’ group within the i3Forum, which brings together fraud managers from large international wholesale carriers, and which regularly holds two meetings per year, one in Europe and one in North America.
- From time to time a few telcos will come together to create a country-specific association. These bodies typically cater to fraud professionals with an interest in sharing information about subscriber fraud or other frauds prevalent in their domestic markets. Unlike the CFCA and TRMA they are usually clear about the geographical area they serve. Most of these associations fail to maintain critical mass and may die after a few years. Perhaps the longest-running example of an association of this type is the Telecommunications UK Fraud Forum (TUFF).
- Confusion can occur when hospitality businesses market telecoms risk conferences with similar agendas to the events run by associations of telecoms risk professionals. Each event should be considered a one-off, even if they are presented as part of an ongoing series, because there is no meaningful activity between events and they inevitably come to an end as soon as the hospitality business decides they are not profitable. In contrast to the professional associations, it is rare for such events to focus solely on fraud, because they seek to maximize attendance to increase profitability. Events like these previously sapped the energy of revenue assurance practitioners in Europe and North America but disappeared without leaving any meaningful mark on the profession. The best current example of a series of events of this type are those run by a business called Conecta in Latin America.
- My association, the Risk & Assurance Group (RAG), began life in the UK in 2003, and was originally called the Revenue Assurance Group. It started as a collaboration of UK telco RA managers with support from one professional services business. Though its UK meetings were comparable in size to those run by hospitality businesses or other national bodies, RAG lacked the ambition or marketing budget to grow. During the last decade some modest reforms led to an increase in the scope and range of participants, most notably by engaging with fraud managers and other telecoms risk managers, whilst diversifying support from vendors. These reforms snowballed, leading to a rapid acceleration in growth since 2016, with the consequence that RAG now runs a program of events that covers Europe, North America, Africa and Asia, and has sufficient staff to support various online information sharing and educational services between events. The largest RAG events are now comparable in size to meetings of the GSMA FASG.
This is the reality of the intellectual terrain we inhabit. What does it tell us about the investment in professionals employed by telcos?
Telcos in Western Countries Spend Money on Fraud Associations, not on RA Associations
One key takeaway from this analysis is the gaping difference in the education budgets that wealthy telcos allocate to their fraud managers compared to their RA managers. It is not unusual for a big telco in a rich country like the USA or UK to allocate thousands of dollars just on the membership fees for associations that only cater to fraud managers, whilst they choose to spend nothing on providing equivalent opportunities for RA managers to network and learn from each other. Bodies like the CFCA and TUFF expect to earn the bulk of their revenues from telcos, even if none of the telco’s employees are able to attend a single one of their meetings. They pay in advance for the right to attend; the coronavirus pandemic clarifies how this differs from paying to actually attend. Membership fees are also charged for the right to participate in conference calls, begging the question of why a service that is as simple as arranging a phone call is charged at such a high premium when the real value lies in the information donated by the participants.
A body like the TM Forum may appear free to RA managers, but that is only because the budget for membership of the TM Forum, like the budget for membership of the GSMA, is covered at a much higher level. Demanding fees at that level means telcos have an all-or-nothing decision, making it impossible for an RA manager in a small telco to pay a fair price for accessing the TM Forum’s RA content without committing the telco to purchasing everything else covered by membership.
Even when an RA manager is able to attend a worthwhile RA event they probably will not have the travel budget to participate. So whilst an American fraud manager will have budget for membership fees for their preferred associations and the travel budget to attend that association’s conferences, some of which occur outside of the country, the American RA manager cannot afford to travel to an equivalent conference, even if admission was free for them. Only a few European RA managers have some budget to travel to RA conferences. On every other continent RA managers are expected to learn from their own experience, not from other RA managers.
Less Mature Telcos Spend Poorly, If Anything
In developing economies the RA manager is no better off than the fraud manager because neither receives the funding nor time needed to engage with peers. This leads to a vicious cycle of poor education. The best source of information is a fellow professional with real hands-on experience of using the latest tools and techniques to address the most current risks, but if those professionals cannot share their advice, then you cannot learn from them. The most cost-effective event is one which many attend; the least cost-effective is one which hardly anyone attends. So professionals working for telcos in poorer countries suffer not only from the lack of budget in their own company, but they also suffer from the lack of budget for professionals in neighboring telcos.
Lower overall levels of spending on information sharing makes it easier to take advantage of telcos and their employees. Because they have fewer opportunities to learn, they are more likely to over-spend when a low-quality opportunity arises. This is why an American who has never worked in telecoms fraud management can successfully sell training in fraud management to genuinely experienced fraud managers in Africa, although he has no customers and no relationship with serious fraud practitioners in his own country.
The Universality of Fraud
Every sector suffers from fraud, and this also offers a crucial advantage to fraud managers. Their careers benefit from the connections and similarities with the frauds suffered by a much wider range of organizations. They can draw upon common resources for which there is no analogy in the field of revenue assurance. And they have opportunities to sustain and develop their careers by moving between sectors when it is much harder to do that in revenue assurance.
We are seeing some tentative application of the principles of revenue assurance in other sectors, such as utilities and banking, but progress has been slow. Telco RA professionals must carry the burden if their discipline is to make progress, though they might also hope to foster new allies amongst businesses that offer internet-based services such as content streaming and online retail.
Hang Together, or Hang Separately
Some associations present themselves as global without having any viable route to becoming global. Others are content to focus on a few rich countries. It is possible to run a sustainable association following either of these paths. But ultimately the best resources for education and intelligence sharing are created by pooling the contributions from a very large number of telcos, as demonstrated by the RAG Leakage Catalog, a crowdsourced inventory of revenue and cost leakages. The ability to pool resources is why the GSMA FASG works so well, and it was a terrible shame that the GSMA decided to snub the field of revenue assurance.
Just saying you would like everybody to fly to your country to participate in your meetings, and you would like everyone to buy your training course is not the same as having a strategy to deliver services on a global scale. Sometimes we need Africans to teach Europeans, and Asians to teach Americans. The assumption that all learning flows from rich countries to poor countries is flawed, not least because the risk environments differ greatly and the innovation in developing economies can ‘leapfrog’ that in the West, such as has occurred with the adoption of mobile money. However, no association has an unlimited marketing budget, and far too much needs to be spent on cutting through the misinformation spread by bodies that have no serious intention of reinvesting any surplus they generate into increasing the scale of the services they provide to telecoms risk professionals.
Discussing Threats versus Discussing Flaws
It is not hard for a fraud manager to understand the benefits of being taught about a real-life fraud that some other telco has already identified and dealt with. The same principle should apply to revenue assurance, but it does not. One reason is vanity; it may be embarrassing to talk about being exploited by a fraudster, but it is easier to discuss the harm done by a criminal than the harm done by the mistakes of a colleague. Natural human inhibitions about confessing to mistakes leads us to pretend they do not occur. But why bother doing revenue assurance if we cannot learn about mistakes? Losing face is painful, but so is losing money. Learning from each other’s mistakes is far cheaper than each of us making the same mistakes and remaining silent about them.
Escaping the Two-Tier Trap
The disparity between fraud and revenue assurance should be evident to anyone who types those words into Amazon. Whilst there are thousands of books about fraud, the only books you will find about revenue assurance are mine (published in 2011), the book by Mark Yelland and David Sherick (published in 2009), the books of Rob Mattison (which are older still), and some more recent books by scam artists who are even worse than Mattison. That is all the collective knowledge that the RA profession has made publicly available.
There are some fraud managers who have exchanged information with peers in other telcos for as long as I have worked in telecoms, but you can count on one hand the number of RA professionals who have actively pursued collaboration throughout that time. RA professionals need to find the courage and means to cut through and make themselves part of something bigger. And those managers who belong to both the anti-fraud and revenue assurance communities need to step up and admit the divide is unhelpful for them too. It is impractical to expect an RAFM manager to attend separate events and build separate networks to learn about fraud and revenue assurance, and RAFM managers should resist the temptation to accept the status quo.
The price of an RA system is similar to the price of a fraud management system. The value delivered by RA managers is similar to the value delivered by fraud managers. But there is an enormous gulf in the perceived value of the knowledge possessed by RA professionals compared to that accumulated by anti-fraud professionals. RA managers will never be seen as first-rate professionals unless they insist on being treated as first-rate professionals. They also need to insist on behaving like first-rate professionals. The divergence between the RA and fraud communities must be stated plainly and countered directly, because it is harmful to any revenue assurance professional who wants to achieve their full potential.