In recent years, data analytics has become an integral tool for organizations and regulators alike. Companies have leveraged the proliferation of data, harnessing it to improve work efficiencies, make strategic decisions and gain greater insights into operations. As the volume of data continues to increase, data and analytics have become a greater focus of attention for regulators.
Data analytics – an increasing focus of regulators
In 2020, the DOJ provided significant updates through their guidance for compliance programs and data analytics. The 2020 Guidance noted: (i) changes emphasizing the need for a dynamic compliance program that reflected the heightened expectations around the use of data analytics and its subsequent testing; and (ii) clarification of the DOJ's expectations for a risk-based approach to compliance.
Additional updates to the DOJ’s 2020 Guidance emphasized that a company’s compliance program should be dynamic and apply lessons learned from its prior experience, as well as that of other companies. A company should also use data and testing as it reviews and updates its risk assessment, policies and procedures and as it invests in further training and the development of compliance and other control personnel.
DOJ guidance suggests it will evaluate whether a company conducts periodic reviews of its risk assessment “based upon continuous access to operational data and information across functions," and not just based on a "snapshot” in time. It also suggests the DOJ will continue to increase expectations for companies to collect and review data in monitoring, assessing and testing their compliance programs.
The DOJ’s higher expectations regarding the use of data analytics in compliance programs echo remarks made on September 12, 2019 by then-Deputy Assistant Attorney General Matthew S. Miner at the 6th Annual Government Enforcement Institute, in which he noted that “if misconduct does occur, our prosecutors are going to inquire about what the company has done to analyze or track its own data resources.” This DOJ guidance was further emphasized on September 15, 2022 when Deputy Attorney General Lisa Monaco announced revisions to the DOJ’s corporate criminal enforcement policies that place strong emphasis on corporate data as a key factor in maintaining, demonstrating and investigating compliance.
To stay compliant under this guidance, there is an increasing responsibility of, and incentive for, organizations to harness and leverage data analytics. Organizations must take proactive steps to build their analytical capabilities to be manageable and to meet the requirements laid out by the guidance. Compliance teams must work closely with internal stakeholders to outline a strategy to implement analytics capabilities, before working with IT, operations, finance and other in-house functions to implement these capabilities.
Data visualization is an important part of data analytics
Data visualization, an important element of data analytics, is one of the most efficient and effective ways to use data analytics within compliance. It acts as a visual medium for complex datasets, shaping narratives by illustrating data in an easily digestible format. Mediums such as graphs, charts, dashboards and maps can be leveraged in a variety of ways to help visualize and understand data. These visualizations allow users to focus on the results of the analysis, thus putting a powerful tool in the hands of compliance professionals.
Getting started with data analytics and visualization as a monitoring tool
Starting the process of incorporating data analytics visualization tools into an organization’s compliance function may appear overwhelming, but it doesn’t have to be.
For example, Control Risks assists organizations in developing an understanding of how they ultimately want to incorporate analytics and visualization tools into their compliance processes. The process often begins with an assessment of an organization’s own position and needs, as well as projecting future requirements. However, one size doesn’t always fit all. An integration plan is customized and tailored to the needs of each organization.
Once an organization understands how data analytics and visualization will ultimately be incorporated into its compliance function, Control Risks can assist it with plotting out the path through a five-step process:
- Brainstorm by picking the compliance questions you want to answer with the data.
- Acquire and map the data.
- Design the tests, analysis and parameters of detection.
- Use analytics and visualization to analyze and report the results.
- Continue to review and refine the testing model.
Control Risks helps organizations focus on their most pressing, clearly defined risks and manageable data sets. Prioritize data sets that shed light on the risks you are trying to mitigate. Avoid time-consuming attempts to restructure disparate and unrelated data early in the process. For example, organizations in most industries have easy access to data on:
- Third parties such as vendor data
- Gifts and hospitality
- Hotline/case management
- Conflicts of interest
- Sales and marketing
- Policy and training consumption
- Accounts payable, etc.
Your goal is to use these first tests as a proof of concept to quickly deliver value. Early-stage successes will lead to further growth and progress toward realizing your organization’s vision of a robust compliance analytics program.