What is in your digital exhaust? Is this something you have considered for your best practices compliance program? While you may not currently, hopefully by the end of this blog post you will see the wisdom in doing so. But first we pay tribute to Stephen Hillenburg, the creator of that well-known compliance meme character SpongeBob SquarePants!!
According to his New York Timesobituary, Hillenburg created one of this century’s most beloved characters. In a statement, Nickelodeon, the network on which he appeared, said, “Steve imbued ‘SpongeBob SquarePants’ with a unique sense of humor and innocence that has brought joy to generations of kids and families everywhere. His utterly original characters and the world of Bikini Bottom will long stand as a reminder of the value of optimism, friendship and the limitless power of imagination.”
SpongeBob himself was a “a good-natured yellow kitchen sponge, or sea creature, or both, who works as a fry cook, has a pet snail and lives in a pineapple.” If you did not spend long hours watching SpongeBob with a son or daughter, I assure you, you are far poorer for not having done so. Finally, if you cannot hum the SpongeBob SquarePants theme song out of your own memory, click hereto reacquaint yourself with it. Long Live SpongeBob SquarePants!
Weirdly SpongeBob informs today’s theme, which is based upon a Harvard Business Review (HBR) article, entitled “Better People Analytics”, by Paul Leonardi and Noshir Contractor. The authors discuss people analytics, which is using statistical insights from employee data to make talent management decisions. It involves the idea that the data on company employees can and should be actively mined to understand and manage them. Before you recoil in Orwellian horror at this thought consider all the metrics which are currently used to manage a company and its employees and you will quickly see that it is an untapped source of insight for companies.
However, I saw this approach as one which would help a company to both detect and prevent bribery and corruption in violation of the Foreign Corrupt Practices Act (FCPA). The information that the authors pointed to is found in way they call a company’s “digital exhaust”. What is a company’s digital exhaust? The authors define it as “the logs, e-trails, and contents of everyday digital activity. Every time employees send one another e-mails in Outlook, message one another on Slack, like posts on Facebook’s Workplace, form teams in Microsoft Teams, or assign people to project milestones in Trello, the platforms record the interactions. This information can be used to construct views of employee, team, and organizational networks in which you can pick out the structural signatures”. What this information gives you is the relationship structure within a company.
Why is this important? There has never been a FCPA enforcement action where only one employee (i.e. rogue employee) perpetrated bribery and corruption all by themselves. There are always multiple actors in an organization; some are actively involved, some are passive and some simply play the ostrich but in doing so fail in their gatekeeper role in a corporation. The “Myth of the Rogue Employee” is and has always been a myth because there must be multiple actors to pull off the funding of the bribes and delivery of the corrupt payments. A company’s digital exhaust will provide compliance professionals with a method to see the relationships within an organization on a proactive basis.
This type of information is less susceptible to manipulation which a fraudster would need to engage in to pull off bribery and corruption. (Remember, corruption is a subset of fraud.) The authors stated, “For instance, in surveys people may list connections they think they’re supposed to interact with, rather than those they actually do interact with. And because every employee will be on at least several communication platforms, companies can map networks representing the entire workforce, which makes the analysis more accurate.”
Moreover, the authors also note, “not all behaviors are equal. Liking someone’s post is different from working on a team with someone for two years. Copying someone on an e-mail does not indicate a strong relationship. How all those individual behaviors are weighted and combined matters. This is where machine-learning algorithms and simulation models are helpful. With a little technical know-how (and with an understanding of which structural signatures predict what performance outcomes), setting up those systems is not hard to do.”
If there are sales persons in high risk countries, areas or selling high-risk products to high-risk customers, reviewing this information could give you a fuller picture of any attempts to engage in internal control override or work-arounds which the nefarious actors might engage in to fund their bribery schemes. A key presentation element is to create a dashboard that “identifies structural signatures and highlights them visually moves analytic insights closer” to the compliance department which might need the information. It is incumbent that compliance have the data to make good decisions about how to prevent conduct which might be violative of policies and procedures or internal controls from becoming a full blown FCPA violation. Further, you want to be able to make these moves “when those decision points happen, not later.”
The authors conclude by finding that “People analytics is a new way to make evidence-based decisions that improve organizations.” Yet most companies are not tapping into its potential as they “have been focused on the attributes of individuals, rather than on their relationships with other employees. Looking at attributes will take firms only so far.” As with many other data points for the compliance professional, it is about clustering information. Here if you use people analytics to understand relations and relationships, it might well uncover a group of employees, considering or in various stages of a fraud, including bribery and corruption. The digital exhaust a workforce creates can then be used to estimate the likelihood that an employee, a team, or an entire organization might fall outside acceptable norms.
These insights could lead to various forms and levels of intervention. This is the type of ongoing monitoring the regulators want to see in a compliance program, where information obtained is fed back into your compliance program to improve it or even prevent compliance violations.
[View source.]
