Data-driven compliance strategies have become a game-changer in the field of risk management and fraud prevention. I recently had the opportunity to participate in a KonaAi sponsored webinar entitled “Data Driven Compliance: Current Trends and Innovations.” The event was hosted by Vince Walden and featuring myself and Rayne Towns, the Global Head Risk and Monitoring at Nokia.
I view data-driven compliance strategies in risk management and fraud prevention as an evolution of the compliance profession. It can be seen in the importance of data analytics in improving the effectiveness of compliance programs. There is and will always be the need for human interpretation and utilization of the data. Towns sees data-driven compliance strategies as a way to strengthen and improve the effectiveness of the compliance program, using data analytics to identify and address gaps in the compliance program. She also emphasizes the importance of prioritizing and starting with solving specific problems when implementing data analytics. Vince Walden joined in with his perspective on data-driven compliance strategies in risk management and fraud prevention.
Data driven compliance is one more in the evolution of the compliance profession, one more step. Fortunately we have evolved from the time which compliance was very much legal driven by lawyers, for lawyers. And over time, most compliance professionals (and equally importantly the DOJ and SEC) began to view compliance is a business process. As a business process, it can be measured, it can be studied, it can be monitored, and it can be approved based upon that information.
We began with the importance of data analytics in compliance programs. The shift towards data-driven compliance has transformed the compliance profession from being solely legal-driven to a measurable and improvable business process. This shift has been recognized by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). It was the SEC which first called out the use of data analytics, as it did in the Order concluding the Key Energy FCPA enforcement action. Most recently, the Albemarle FCPA resolution specifically called out the company’s use of data analytics in its remediation program, which occurred during the pendency of its FCPA resolution process.
In 2016, the Securities and Exchange Commission for the first time called out data analytics in an enforcement action. It was the Key Energy FCPA enforcement action, where they suggested data analytics would have shown or demonstrated a range of values that were outside the norm for certain gift, travel and entertainment for the company. This demonstrated the regulatory thinking evolved as well. Now data analytics has become a critical element to improve the business process of compliance. Data driven compliance allows you to measure it, it allows you to monitor it, it allows you to improve it all in a documented fashion so that if a regulator ever comes knocking, you can demonstrate to them not only the effectiveness of your compliance program, but how you are moving your compliance regime forward based on solid data and analysis.
AB InBev was one of the first companies to successfully implemented data-driven compliance strategies, moving from detection to prevention of issues. This shift has resulted in cost savings and improved risk management for the company. Equally significant was the company’s very public discussion of the program, called BrewRight, and how it evolved to a much broader business process tool.
The DOJ always telegraphs what is important to them. Starting in 2020, with the 2020 Update to the Evaluation of Corporate Compliance Programs, they said the CCO must have access to all data across an organization. You may have data silos, but a CCO must be able to punch through all of those data silos. It is a natural progression from 2020 to this Albemarle FCPA enforcement action, where the DOJ specifically stated not just clearly said, but specifically stated, the company’s data analytics program allowed them to move forward with the remediation.
Moreover, and the critical part was that Albemarle was not required to have a monitor. To avoid having a monitor required under the resolution required two things. One, an effective compliance program, but two, testing of it. And the DOJ has made very clear those requirements. Obviously, Albemarle had an effective compliance program, but more importantly, they have monitored it and tested it through their data analytics program. There compliance function’s actions saved the company millions. And it tells the rest of us what the DOJ is going to be looking for in a compliance program going forward.
Data analytics plays a crucial role in various aspects of compliance, including M&A due diligence and risk assessment. By leveraging external data sources, compliance professionals can gain valuable insights into potential risks associated with vendors, customers, and employees. This information allows them to make informed decisions and mitigate risks effectively.
Compliance professionals clearly need to be aware of the importance of considering the impact of data-driven compliance strategies on decision-making. By using data analytics, compliance professionals can measure, monitor, and improve compliance programs in a documented fashion. This not only demonstrates the effectiveness of the compliance program but also enables organizations to adjust and adapt more quickly to changing regulatory requirements.
However, implementing data-driven compliance strategies does come with its own set of challenges. Balancing the tradeoffs between automation and manual processes is one such challenge. While automation can streamline compliance processes and identify gaps, manual touches are sometimes necessary. Data analytics can help identify these gaps and drive accountability and training efforts.
There is great potential from new technologies like generative AI and machine learning in enhancing compliance programs. These technologies can make compliance processes more efficient and enable better decision-making. For example, generative AI can guide users through dashboards and provide valuable insights, making compliance tasks easier and more effective.
Budget approvals are another crucial consideration for organizations when implementing data-driven compliance strategies. CFOs prioritize keeping the business out of legal risks and fines, fraud prevention and recoveries, and improved internal controls. Data analytics is not just a “nice-to-have” but a “must-have” for organizations. Those that do not embrace data analytics or fail to move towards it are at risk.
In conclusion, data-driven compliance strategies have revolutionized the compliance profession. By leveraging data analytics, organizations can measure, monitor, and improve compliance programs, resulting in cost savings, improved risk management, and better decision-making. While there are challenges associated with implementing data-driven compliance strategies, the benefits far outweigh the tradeoffs. Compliance professionals must embrace data analytics as a critical element of their compliance programs to stay ahead in an ever-evolving regulatory landscape.
[View source.]
