The power of AI can extend the more traditional functions of prevention, detection and remediation. The first way is in simply the mass amount of data which could inundate a compliance practitioner. Many compliance practitioners are overwhelmed about the amount of data available to them and do not know how or even where to begin.
Patrick Taylor has said that AI allows the compliance practitioner to understand the “subtle clues in that pattern of activity that will clue me in to take a different look.” He likened it to seeing “patterns in raked leaves” which allows you to then step in and take a deeper and broader look at an issue, either through an audit or investigation. This is where compliance practitioner can step back and literally keep an eye on the big picture and longer term as opposed to just the immediate numbers and information in front of them. It may also be the best hope for finding that kind of systemic fraudulent behavior.
This speaks to one of the difficult issues for the compliance practitioner, which is what does all the information mean? Consider the example of GSK in China. The Chinese business unit employees were working en masse to create fraudulent reimbursable invoices, inflating the cost of industry events to create a pool of money to pay bribes. They would stage an event around a drug product or service in a hotel. They would inflate the hotel charge 20% above the actual costs and submit the entire amount to the corporate office for reimbursement. In some cases, GSK employees would submit invoices for events which never took place.
Now layer on top of these deceptions, the rampant sale of fake receipts. For every Marriott hotel the Chinese business unit utilized, personnel could buy an official Marriott receipt, which showed the price that was paid and acted as a backup documentation for the auditor to look at on that expense report. Finally, there was the illegal sale of official Chinese government tax stamps to tier on another level of complexity.
AI could provide compliance the opportunity to detect even this type of massive and systemic fraud because, statistically those charges would not make sense. The reason this type of fraud can be so difficult to detect and prevent is the charges are on credit cards, so recorded and there was paper documentation to back up the charges. Standard modalities of fraud detection will not assist the compliance practitioner when the employees and their management are all in on the fraud. You just know that something does not make sense. You must look for the anomalous patterns. , AI allows a compliance professional to gather and compute statistics across a wide variety of customers and situations; such as geographic, business unit and time dimensions.
Using these mulitple data points, you can analyze what is a reasonable amount to spend at a hotel or other venue, including such variables as the time of year, as some cities have tremendous seasonality in their hotel charges. Other gifts, travel and entertainment spends, such as transportation costs, do not have such variability across seasons. AI allows you to pull geographic, time, type of expense and even specific vendors statistics for a big-picture analysis.
In a broader manner, consider all the data points in the lifecycle of any business transaction which produce data analytics for a compliance practitioner. These data points include: when business development person initially makes a call on a potential customer; when a request for proposal comes into an organization; when the response is formulated with pricing and proposed discounts; during any subsequent contract negotiations; post-contract obligations for travel and training; and continued business development contacts with a customer after the contract is signed.
Each of these steps provide data, which taken singularly might not raise any red flags or even be outside company specifications but taken as a whole it might be a transaction which would lend itself to compliance oversight. Start with the employee and their spend. Even if that information is not available to the compliance department it is available from employee reimbursement requests. From the compliance perspective, is the employee entertaining a foreign government official under the Act? If so, what is the aggregate spending by any one such government official over a 12-month period by one employee? What is the spend on one particular state-owned enterprise official by several company representatives? Has there been any travel involved to tour company facilities? If so, what was the aggregate spend and was it correlated with other spends?
Moving on to any contract negotiations which might take place, were any discounts offered outside the standard discount range? If so, were these discounts properly vetted through the internal company process? Was this process documented and was there senior management sign-off in place? Did the customer suggest the use of any third-parties as suppliers to the prime contract? Were there any charitable donations requested by the customer? Were there any charitable donations made during any part of this process or within 12 months after a successful contract negotiation? Was the contract properly vetted by all required internal processes: i.e., management, legal, finance and compliance?
If the business function was successful in concluding the contract; did it specify any travel for the customer? How about ongoing training and if so where and for how long? Was there a specification of business class or above travel accommodations? Has any required compliance or FCPA training been delivered to third-parties involved in the contract? Was there any corporate social responsibility requirement going forward? Does compliance have visibility into this or does is go through a company charitable donation group or committee?
These are but some of the data points which could be analyzed to determine if any compliance issues arose. But they would also provide the company with a wealth of information on its internal efficiencies around sales and their corresponding processes. Obviously, AI holds both promises and challenges for CCOs. However, when a compliance function embraces the use of AI and embraces this human and technological approach for forecasting and risk assessments and then keeps improving their risk management techniques, it will create a sustainable strategic business, compliance and intelligence advantage over its competition.
[View source.]
