Since the United States Department of Justice (DOJ) updated its FCPA guidance on managing corporate compliance programmes in 2020, companies have continued to try and leverage their own compliance programmes as regulatory scrutiny intensifies now more than ever before.
The DOJ stated compliance programmes must use robust technology and data analytics to assess both internal and third-party behaviours with whom they do business, as well as demonstrate that it is working effectively.
Companies today can still be held accountable for wrongdoing for their employees’ or third parties’ actions across its business operations, which can pose an insurmountable risk to an organisation.
What does this mean for compliance teams?
While the DOJ provided a roadmap for the adoption of analytics, not a defined checklist, compliance officers have an opportunity to evaluate functions and think of transformational growth by leveraging one of its most valuable resources: data.
What are the benefits of a data-driven compliance function?
By harnessing available data, compliance becomes a proactive, nimble and cost-efficient function. Compliance and audit can transform the way they interact with the business, turning them into a partnership that works together to find solutions to pervasive compliance problems, including issues that go on for years without being spotted, business disruption due to investigations, and expensive, resource- intensive audits.
What questions could a proactive compliance programme answer?
- Have payments been made to state-owned enterprises (SOEs) or government officials?
- Have any facilitation payments been made?
- Are all employee expenses legitimate?
- Are employees and third parties colluding to circumvent controls?
- Are there any ghost employees/vendors?
- Are there any undisclosed conflicts of interest?
- Are vendors committing fraud?
- Where should I focus my costly audits?
Finding this article useful?
Discover how you can embrace the future of compliance and seize the
opportunities that lie hidden within your data with Control Risks’ Proactive Compliance Monitoring programme.
How can compliance teams leverage data analytics?
The compliance function is typically process-driven, and while moving towards a data-driven future may seem daunting for some, convergence of the compliance realm and the analytics world is less foreign than you may think. Like other programmes, data analytics programmes succeed with good stakeholder engagement, clear vision and regular communication with staff.
Below are our top 5 tips to help transform compliance teams into a data-led compliance function.
Tip 1: Start small
The potential from data analytics can be hard to comprehend if you have not experienced the results firsthand. This can lead to slow adoption rates in businesses, difficulty engaging internal stakeholders and obtaining additional budget. To overcome these issues, we recommend that you start your transformation programme with a small Proof of Concept (POC) project. This will be beneficial, because the cost and the required data volume will be low and because turnaround time should take several weeks. Once this POC is completed, ensure that you have an interactive dashboard format output and clear, actionable intelligence and recommendations.
Tip 2: Pick a known issue
Pick an area that has known issues and that typically is hard to resolve, and start there. Often, companies have business units or areas that have in the past had whistleblower complaints or simmering issues. These are the proverbial black sheep.
The benefit of focusing on a known risk is that it is likely that there are issues within that area, and solving issues that have previously eluded us is a great way to engage with stakeholders and demonstrate the true potential of analytics.
Tip 3: Engage with your stakeholders early
Compliance officers aiming to transform their business with analytics need to engage with key stakeholders early, including with peers and up the management chain. Analytics isn’t just advantageous for the compliance function; it can be leveraged by other departments, such as audit and risk. By engaging with these stakeholders early and bringing them along on the journey, getting buy-in will be significantly easier. Showing stakeholders the results of the POC will provide tangible evidence to the potential of analytics, and high-level ROIs can demonstrate the benefits of analytics.
Tip 4: Start with the data you have…don’t wait for perfection.
The most common question we are asked when working with clients to implement a compliance analytics solution is “Is my data good enough?”. The answer typically is yes: It’s good enough to make a start. Starting with poor or incomplete data is better than not starting at all. Companies are often inclined to wait for lengthy “data programmes” to finish or even commence before they invest in data analytics. However, the reality is that a lot can be done with very little, to build a foundation for a mature programme. Some clients have in-house data functions that can support analytics needs, but most get a jump-start by outsourcing cumbersome and resource-intensive data collection. It might surprise you to learn that cleaning and linking data sets is a relatively easy task for experienced teams of data scientists. For nearly all systems, it only takes a few weeks to have a working data set that you can use to assess and monitor compliance risks.
Tip 5: It takes time!
Moving from a necessary and static service to a dynamic and strategic function doesn’t happen overnight. It requires planning, stakeholder management and targeted resourcing over a period of time. Although you should see benefits quickly, it can take 12 to 24 months to develop such programmes to maturity. Small wins early on that show the benefit to the business and the wider organisation can help smooth the way.
The time has come to pivot towards a more data-centric and analytics-driven world, and while the concept may be daunting, the newly created “stick” of compliance requirements from the DOJ is only going to grow as other regulators follow suit. However, compliance officers should see this as an opportunity. Proactive compliance is cost effective and rapidly becoming global best practice for this reason alone. The shift towards proactive management of risks can also transform compliance teams from being inhibitors to enablers and elevates them to a place of strategic guidance rather than reactive prevention.