Compliance technology can simplify complex compliance processes and help make smart decisions. As Naveen Bhardwaj explains, by strategically integrating compliance technology and tools, organizations can achieve data-driven, smart and effective compliance programs.
There is an English proverb that says, “a bad workman always blames his tools.” A constructive version of the proverb in Dutch goes like, “goed gereedschap is het halve werk,” which means “good tools are half the work.” This can be interpreted to mean that half of the work is done by humans and the remaining half is completed by tools.
Can one imagine opening a tight bolt without a spanner? No one can, right? Tools simplify our task at hand. In present times, this phenomenon has reached the next level: Tools with embedded technologies such as artificial intelligence, machine learning and deep learning (collectively referred to as “smart technologies”) can mimic human intelligence and in many cases can replace human intervention.
A contemporary example of this would be Google’s driverless cars, which can drive a person around autonomously without human intervention. Now imagine a scenario in which compliance and ethics professionals can sit back and monitor several compliance processes at the click of a button, with all key metrics and data available on the dashboard. This is possible with the application of smart technologies in compliance processes (i.e., compliance technology).
What is Compliance Technology?
Compliance technology includes the tools that enable and simplify various compliance processes. In its literal sense, it even includes simple tools like spreadsheets, data storage, shared drives, etc. Here, however, I discuss the opportunities for automating compliance processes by using smart technologies, which can not only replace human intervention for carrying out mundane and time-consuming compliance tasks, but even make automated decisions on your behalf. To achieve such results, one important requirement to note is that the implemented compliance technologies and tools will need high-level integration and should be able to take data feed from each other. In layman’s terms, all these systems and tools should be able to talk to each other and learn from the data fed from one tool or system to the other.
The next logical question is: How can this be achieved, and from where should I start? As compliance technology is aimed at simplifying compliance processes and enhancing the effectiveness of the overall compliance program, you must think of the design and strategy of the compliance technology from the point of view of the basic elements of a structured compliance program. Let’s go through it step by step, in a systematic manner.
So, where can compliance technology be most beneficial?
Implementing and Communicating Policies and Procedures
For any compliance program to be successful, the most basic requirement is that employees need to follow applicable policies and procedures while making decisions. For this, employees must know the company’s policies and procedures; therefore, the policies and procedures need to be communicated intelligibly. Such intelligible communication can be achieved by making available the policies and rules in easy-to-read digital formats and by embedding links to relevant excerpts of the policies at appropriate places in workflow and process tools, where they will be most of use.
As the U.S. Department of Justice has also emphasized the importance of data on access of policies,[1] smart technologies can be implemented on the back end to collect user data, perform analytics, such as which policy and policy excerpts are visited how frequently and by whom. This will put compliance officers in a better position to understand the training needs of employees and thereby design analytical and targeted compliance training programs for the employees.
Automating Compliance Processes
The most elementary start toward automation can be with web-based workflows, so that employees can apply for compliance approvals remotely and the reviewers on the approval line can review and approve digitally, while data and metrics continue being collected on the back end.
Application of smart technologies such as artificial intelligence can mimic human intelligence and decision-making and therefore automate compliance review and approval. Vendors implementing such automation should be guided by the policies and rules to write the codes and algorithms for making decisions that are traditionally made by the compliance staff. However, the smart automated workflow systems should be flexible enough to allow compliance officers to redefine the review and decision parameters such as thresholds from time to time, as the underlying policies and laws may change, and the system should be agile and adaptable to the frequent changes.
Compliance Training and Learning Via E-Learning
E-learning is widely used and has already proved an efficient tool for training multifarious employee populations – even more so in situations like the current COVID-19 pandemic. But with the application of smart technologies and usage of data analytics about policies visited and referred to by employees, noncompliance and lapses in the past, etc., the e-learning programs can be more targeted, flexible and customized intuitively for one set of employees than others. As explained earlier, such data needs to be collected and fed from other compliance processes and analyzed by smart technologies and presented on a dashboard in intuitive and uncomplicated charts and graphs so that compliance officers can easily finalize the relevant training that needs to be imparted to those employees who need it most. Such targeted training programs will be much more efficient and help to manage employees’ total learning time.
Monitoring and Auditing
This is the area where smart technologies can be of significant use. Business operations as well as compliance processes generate large volumes of data. Moreover, compliance risks and threats occur not only from within the organization, but also from business partners and third parties, like sales channel intermediaries and vendors who represent the organization. Monitoring such an enormous amount of data manually is next to impossible.
Smart technologies such as big data analysis can not only review but also draw inferences based on the review of an enormous amount of organizational data from compliance, business and accounting processes, as well as internet data from media, etc. from outside the organization. Artificial intelligence can draw inferences from such reviews and identify red flags wherever there are irrational patterns and/or policies are breached. Cognitive machine learning can take it to another level, as the system can continue to digest all this data and self-learn to make proactive predictions to raise alerts in advance, even before the occurrence of a risk.
The important point to note here is that the tools applying smart technologies need to be flexible enough to allow compliance officers to define parameters such as keywords, thresholds, irrational patterns of transactions, etc., which will be the basis for regular automated searches and analysis and for flagging the deviations. Monitoring will be a continuous process, not just for a “snapshot” of time, as is pointed out by the U.S. Department of Justice.[2]
Risk Assessments
Risk assessment results are the foundation of any compliance program; thus, an effective risk assessment system needs to consider all the relevant data across the functions. With the application of smart technologies, the data feed from various compliance processes such as data on risk occurrences, compliance lapses, reported matters, audit findings and the frequency of occurrences can be interpreted and presented in the form of patterns, trends, charts and heat maps, etc.
All such analytics can be utilized for the risk assessment exercise to identify and prioritize risks. The inferences made during the risk assessment help not only to update policies and procedures, but also to update tools and systems utilizing smart technologies to identify, flag and address such eventualities well before their occurrence. The U.S. DOJ also emphasizes that continuous access to relevant data across functions[3] is the key for compliance officers; this access can be made possible only through compliance technology.
Creating Smart Whistleblowing Systems
It is now very common to establish web-based reporting channels with a back-end tool to handle all incoming reports through the whistleblowing system or other channels. With the use of smart technologies, the analysis of the data on such reports can help the compliance officers and systems to learn, spot trends and identify the policies that are being violated and that are the sweetest spots for compliance lapses.
The compliance program as a whole should be able to utilize all these inferences to help in other elements of the compliance program, such as risk analysis, designing and updating the e-learning programs, monitoring and auditing, etc. Not only this, the data available from various compliance processes will also be helpful in validating the reported lapses, thereby supporting speedy investigations and timely corrective measures.
Overcoming Challenges in Implementing Compliance Technology
The reality of implementing compliance technology may not be as rosy as the journey you pictured in the beginning. You may face various challenges, from abstract goals and outdated base technology to human factors such as resistance to change and allowing vendors to dictate a product-focused approach rather than your own long-term, outcome-focused compliance technology adoption strategy. The list might seem never-ending, and challenges will vary from one organization to another.
However, you can come overcome these challenges with a long-term, outcome-focused strategy that considers the current technology, software assets and data environment of your organization. You must onboard your IT department from a very early stage for strategy, project blueprint and defining long-term and short-term goals. While evaluating any new tool, it is very important to keep “compatibility” and “integration” at the center, and any new tool joining your compliance technology arsenal must not only be able to integrate with other existing tools, but also be able to learn from and teach other tools (i.e., through data feed) at the same time.
Conclusion
In this digital age, data is the key to success. The U.S. DOJ has emphasized that availability of “Data Resources and Access”[4] to the compliance officers will be one of the key parameters to determine if the “Compliance Program is adequately Resourced and Empowered to Function Effectively.” As such, data analytics has become much more important for a compliance program than ever before. Gone are the days of manual and monolithic compliance procedures. Being agile and integrating automation and smart technologies into compliance programs is the key to be on top and build futuristic and adaptive compliance programs.
[1] Accessibility, Policies and Procedures, “Guidance on Evaluation of Corporate Compliance Programs” released in July 2020 by U.S. Department of Justice, P. 4.
[2] Updates and Revisions, Risk Assessment, “Guidance on Evaluation of Corporate Compliance Programs” released in July 2020 by U.S. Department of Justice, P.3.
[3] Ibid.
[4] Data Resources and Access, Autonomy and Resources, “Guidance on Evaluation of Corporate Compliance Programs” released in July 2020 by U.S. Department of Justice, P. 12.