With data analytics in compliance, you don’t need to boil the ocean. A concentrated program can deliver most of the outcomes of a large automated system but is significantly more affordable.
As organizations maintain more data than ever before, it is no secret that the business can benefit from using data analytics to inform decision-making and support strategy initiatives in all areas. Utilizing data analytics in compliance has historically been considered a method for gaining a leg up on competition by deriving meaning from different sources of information, but it has now become a necessity, rather than a competitive advantage.
In addition, companies able to demonstrate the use of data analytics in effectively managing their compliance programs may receive reduced penalties and avoid or defer prosecution. In June 2020, the Criminal Division of the United States Department of Justice released updated guidance (PDF download) to its prosecutors on how to evaluate the design, implementation and effective operation of corporate compliance programs in determining whether, and to what extent, the DOJ considers a corporation’s compliance program to have been effective at the time of the offense. In this guidance, the agency increased emphasis on the importance of data analytics in compliance, recommending that programs maintain access to relevant sources of data, continuously collect and analyze data to test controls and identify weaknesses and effectively monitor data on an ongoing basis.
For this reason and others, as we emerge from the COVID-19 crisis, compliance leaders are very focused on data analytics, but the charge to create a “data-driven” compliance program can seem daunting and impossibly expensive. This does not have to be the case.
Data Analytics in Compliance: Large, Automated Programs Are Effective – But Also Costly
An important first step in data analysis is data aggregation. Unfortunately, manually combining multiple different flat-file exports from different sources and systems into a single folder can require time-consuming maintenance and will likely become quickly out-of-date unless automated. Alternatively, the infrastructure required to efficiently build and maintain quality, up-to-date aggregated databases requires significant expenditures, buy-in from management and reliance on IT.
The compliance programs that receive accolades for having data-forward programs are, for the most part, the result of large and bespoke efforts, significant internal and external time and resources and a hefty budget. While these programs are impressive and show us what’s possible, the most important thing is getting started – and we can get started with a limited universe of data most insightful for your business. You need not boil the ocean.
Start With What You Know and Own
It is best to take a risk-based approach. Start by mapping your key risks to accessible datasets. Next, consider whether reviewing two or more categories of data simultaneously will give you new information about a risk area or identify a new risk area altogether. Pick two or more datasets available to the compliance team that can potentially provide insights and aggregate them. By combining the data, you may be able to identify new trends and generate helpful metrics that would not have been discovered by reviewing a single dataset.
Some examples of accessible datasets common to almost all industries are:
- Data relating to policy and training consumption,
- Conflicts of interest data,
- Third-party data,
- ESG data,
- Health and safety data,
- Gifts and hospitality data,
- Cyber data,
- Hotline/case management data,
- Trade group activity data and
- Sales and marketing data.
Enhance Controls and Reporting Along the Way
As you uncover insights about existing risks and discover new ones as a result of your analysis, it’s important to consider whether there are effective controls in place at your organization to prevent and detect those risks. You may find from your analysis that new control implementation or enhancements to existing controls are necessary. One of the most incredible benefits from implementing data analytics in your compliance program is the benefit of real-time alignment between key business units: compliance, legal, finance and audit, most obviously. The same data is relevant to all functions, but they each require a unique lens. With real-time capability and dashboarding, the business can operate with greater fluidity.
Use low-cost reporting and visualization tools to translate the data into meaningful information for executives. The best tools can deliver key insights to high-level executives in summarized fashion while also allowing for detailed, technical review and analysis with your compliance team.
Compliance leaders carry responsibility, and even personal liability, for the effectiveness of their organization’s compliance program and related controls. As organizations grow in size and scope, maintaining real-time visibility into how controls are performing has become increasingly difficult. Data analytics and continuous monitoring can alleviate that problem and facilitate alignment between the compliance team and key business partners, such as legal, audit, finance and treasury. Compliance leaders will in turn become less dependent on retrospective reviews and late discoveries of control deficiencies, and be in better command of initiatives to mitigate risks before they become full-fledged issues.
Be Sure to Consider Your Organization’s Position and Needs
While this approach may require some legwork and a little creativity, it’s a great start toward building proactive, data-driven compliance infrastructure without breaking the bank. Data analytics in compliance efforts intended to be all-encompassing are often over-encompassing; a big hammer can be a useful tool, but it isn’t necessary for driving a small nail. The level of expenditure required to implement such advanced programs may be worth the cost for large, multinational organizations that can afford to allocate resources toward those efforts. But smaller companies or businesses without such resources are well-advised to begin with the data and tools already available to them.
In any case, an organization looking to bolster its compliance program using data analytics should first consider its size, geographic scope, resource level, relevant departments, business model, overall risk profile and other factors before implementing new tools or processes. Effective organizational compliance does not follow a one-size-fits-all approach, and the data analytics used to supplement the compliance program should be no exception.
Yes, data analytics in compliance is a hot topic, and the enforcement agencies are expressly requiring it. (It will also make life easier if and when there’s a hiccup and you need to produce information to a regulator quickly.) But the most exciting part of data analytics is in demonstrating all we do in compliance to add value to the business. We are uniquely positioned to understand how the cogs in the machine intersect. We’ve been doing it the entire time. Compliance professionals have always had to understand the motivations of other players in the business to effectively operationalize our programs. We are multidisciplinary thinkers who solve multidisciplinary problems, and data analytics is a powerful tool to help us perform more effectively and efficiently. Don’t be scared to get your data-forward feet wet.
Marshall Jeffries, a senior consultant at global advisory firm StoneTurn, contributed to this article.