High-risk countries are highly corrupt, infamous for intense fraudulent activity, dangerous because of warfare, or subject to strict trade regulations. You may be allowed to do business with them, but it might make your internal auditor or government inspector raise an eyebrow, or two.
It's therefore a good idea to enrich your detection with detection methods that check your business documents for partners located in high-risk countries.
Enter and upload high-risk country lists in the tile High-Risk Countries and the associated screen High-Risk Country Lists. Each list has an ID, and consists of a ranked list of countries. A country's rank represents its risk: the higher the rank, the higher the risk. For example, a country with rank 174 is riskier than one with rank 4. Multiple countries can have the same rank, but each country can occur only once.
To implement an execution procedure for a high-risk country rule, use the helper procedure
PR_GET_BOTTOM_RANKED_HIGH_RISK_COUNTRIES in package
sap.hana-app.fra.generic.dt.hiriskcntry. The procedure receives the list's ID and the number of ranks that shall be returned from the bottom of the list.
- 1 will return the country AF, because it occupies the single highest rank.
- 2 will return the countries AF, IQ, and KP because they populate the two highest ranks. Note how the parameter does not equal the number of returned countries.
- 3 will return the countries AF, IQ, KP, and DE because they populate the three highest ranks. Note how the procedure ignores gaps in the numbering and includes DE although it is "way ahead" of IQ.
The output provides SAP country codes, i.e. primary keys from database table
T005. If you need other code formats, like ISO alpha-2 or -3, join the output to table
T005 and retrieve the codes from its
INTCA fields. For descriptions, join to table
Do not rely on any order in the procedure's output. Currently it is sorted by rank descending, country code ascending, due to its internal workings, but this may change without notice. If you need order, apply a
SELECT ... ORDER BY ... to the output as needed. Note however, that sorting in an execution procedure is usually counterproductive because it slows down processing without adding value.
Your execution procedure will look similar to this. The first two statements get the parameters
BOTTOM_N_RANKS from the procedure's input. Then the helper procedure is called with these parameters. Finally, the received countries are matched against the business documents, that is, the business partners therein.
For a real example, refer to the execution procedure
PR_POITEM_HI_RISK_CNTRY_EXEC in package
SELECT TOP 1 "HIGH_RISK_COUNTRY_LIST_ID"
SELECT TOP 1 "BOTTOM_N_RANKS"
FROM bseg AS data
INNER JOIN :lt_countries AS risk
ON data.country = risk.sap_country_code;
Rules of this kind usually are only weak indicators for fraud, hence they should contribute only low scores and ought to be supported by other rules to raise an alert. Such rules are commonly known as yellow flags, in contrast to the strong red flags that suffice to raise alerts on their own. Consider this when scoring your detection strategies; otherwise your high-risk country rule can lead to lots of undesired false positives.
After all, dealing with your vegetable trader in Afghanistan may raise an eyebrow or two, but may be perfectly legal.