Counter Fraud Investigation: Connecting the Dots Across Data Sources

John Harms, Head of Government Solutions at Quantexa, and Julie Barnes, Chief Investigator at the Insolvency Service, spoke at Counter Fraud 2026 about the growing challenge of data-rich investigations, how network-based analytics can cut through complexity, and where the Insolvency Service is on its digital journey. Here is a summary of what they said:

The scale of the problem

John Harms opened with a brief look at the fraud landscape. The numbers are large and growing across every domain - government, financial services, personal fraud - and fraudsters are exploiting the same technologies available to investigators: AI, SIM farms, cryptocurrency mixers, and automation at scale. In the crypto space alone, reported losses grew from $10 billion to $82 billion in a single year. The tools that can help detect fraud are the same ones being used to commit it.

Julie Barnes: Using the difficulties

Julie framed her contribution around a Michael Caine interview she had seen recently, in which he described being told by a director to 'use the difficulties' - if there is a chair in the way, fall over it for comedy, or smash it up for drama. That, she said, is how she approaches the digital challenges in her investigations.

Before the pandemic, Insolvency Service investigators would get all the insolvency practitioners together in person, work through physical documents, and transport relevant material back. Complex cases meant days in storage facilities, working through boxes. The pandemic ended that. Digital transfers came first - Dropbox and similar methods - but those quickly revealed gaps in the chain of evidence. The challenge since then has been building a digital strategy that is both practically workable and legally defensible.

The data challenge

Julie described a current securitisation fraud investigation involving 100 terabytes of data. Not all of it is relevant - in fact most of it is not - but the process of identifying what is relevant is itself labour-intensive and requires judgement. The Attorney General's guidance provides a framework: apply proportionality, define the offence, the timeframe, the individuals involved, and the enablers. That narrows the scope considerably.

But proportionality sits in tension with the right to a fair trial. Investigators must be able to prove or disprove that an offence took place, which means extending parameters beyond the most obvious material and being mindful of internal witnesses. Every decision about what data to include or exclude must be documented and defensible. If an AI tool is used to interrogate data today, that search must be replicable in court two years from now - same parameters, same logic. Without a robust data strategy, that is not possible.

What the Insolvency Service has been building

Julie set out a series of practical steps the Insolvency Service has taken or is working towards:

• A dedicated Digital Officer role - mirroring the Disclosure Officer model under the Criminal Procedures and Investigation Act (CPIA), this person owns the data from the start of an investigation through to conclusion, and beyond. Data may need to be retained for up to 20 years, including seven years after a custodial sentence ends.
• Relativity for e-discovery - used for structured interrogation of large data sets within investigations.
• DocDefender for redaction - enabling efficient compliance with CPIA requirements to respect privacy, particularly in multi-handed cases.
• AI-assisted case management - working with Cyclops and GreatWave to explore how AI can populate MG documents by drawing from across the case management system, speeding up submission to legal services.
• A unified investigations platform - working with Clue to develop a single system with role-based access covering live investigations, proceeds of crime, insolvency and criminal work, all feeding into a central intelligence function.
• A future data room - the ambition is an in-house e-discovery tool that receives investigation data, applies the Attorney General's guidance automatically, and produces the relevant material as an output, alongside a live intelligence tool showing the current activities and whereabouts of subjects under investigation.

John Harms: Connecting the dots across data sources

John picked up on the data challenge and explained how network-based analytics addresses it. The core problem, he argued, is that data sits in siloes - case management systems, CRMs, digital extracts, third-party sources - none of which are designed to connect to each other. The task is to resolve those sources into a single, unified view of real-world people, places and things.

He described a three-step approach. First, entity resolution - identifying that the same individual appears across different data sources under different names, email addresses or identifiers, and unifying those records. Second, context - building a network view that shows who those individuals are connected to, what accounts, phones, and addresses they share, and what patterns emerge. Third, action - turning that grounded picture into investigative workflows, automated triage, or case referrals.

He illustrated this with a case study involving seized dark web servers, cryptocurrency data and social media. Starting with a five-week pilot, the team achieved in five weeks what investigators had been trying to do manually for five years. The key insight was not to try to process everything at once - start with the highest-value, most tractable data sets, such as invoices or bank statements, and build from there.

Identifying the person behind the digital persona

John walked through a public case - the takedown of Breach Forums - to show how entity resolution works in practice. The founder of the forum was operating under a pseudonym across multiple dark web platforms. By cross-referencing wallet IDs, passwords, IP addresses, email addresses and messaging data simultaneously - rather than one attribute at a time - investigators were able to build a single unified profile linking the pseudonym to a real individual. The same process that took investigators months of manual work can, with the right tooling, be done in a fraction of the time.

The principle, he said, applies equally to fraud investigations involving corporate structures, benefit claims, or procurement. Fraudsters use the same phones, the same bank accounts, the same addresses. Network analytics surfaces those connections at a scale and speed that manual review cannot match.

Closing message: The fraudsters are ready

Julie Barnes closed the session with a direct challenge to the room. Three years ago, she was in the audience at this conference and heard speakers talking about AI and network analytics. She realised the Insolvency Service was behind the curve. AI, she noted, is not a future technology - it has been in use for two decades. The question is whether fraud investigation functions are ready to use it effectively.

Her advice was practical: talk to the technology providers in the exhibition hall. Not to procure - but to build your own knowledge and articulate your requirements. You do not know what you do not know until you start those conversations. The fraudsters, she said, are already scaling up. The question for every counter fraud professional in the room is whether they are too.