One of the key themes in the Evaluation of Corporate Compliance Programs is the use of data and data analytics in a best practices compliance program. This has specific applications to third parties. In the section entitled, Risk-Tailored Resource Allocation, the question was posed, Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? See more +

One of the key themes in the Evaluation of Corporate Compliance Programs is the use of data and data analytics in a best practices compliance program. This has specific applications to third parties. In the section entitled, Risk-Tailored Resource Allocation, the question was posed, Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? Under the Control Testing section, the following question was posed, Has the company reviewed and audited its compliance program relating to the misconduct? More generally, what testing of controls, collection, and analysis of compliance data, and interviews of employees and third parties does the company undertake? Finally, under the section entitled Payment Systems was the following query, How was the misconduct in question funded (e.g., purchase orders, employee reimbursements, discounts, petty cash)? What processes could have prevented or detected improper access to these funds? Have those processes been improved?

All of these questions make clear that the DOJ expects data analytics to be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third parties. Most FCPA violations and related enforcement actions have come from using third parties. While sham contracting (i.e., using a third party to channel the payment of a bribe) has lessened in recent years, related data analysis can be performed to ascertain whether a third party is likely performing legitimate services for your company and is not a sham. Several more complex analytics can be run in combination to identify suspicious third parties, and some of the simplest can be to look for duplicate or erroneous payments. This final concept of finding patterns that can be discerned by aggregating huge transactions is the next step for compliance functions. Yet data analysis does far more than allow you to follow the money. It can also be a part of your ongoing third-party monitoring by enabling you to partner the information on third parties who might come into your company where there needs to be proper compliance vetting. Such capabilities are clearly where you need to be heading.

Three key takeaways:

1. Remember to follow the money to see where a pot could be created to fund a bribe.

2. Transaction monitoring techniques around fraud monitoring translate to data analysis for compliance.

3. Remember to check names against known PEP and SDN lists. See less -