Rith Kem and Mason Pan, both principals in the Compliance, Forensics, and Intelligence practice at Control Risks recently joined industry analyst, Ari Kaplan, on his podcast, Reinventing Professionals. They discussed how companies can remediate and strengthen their compliance programs in 2019.
Listen now to hear about the trends they expect to see in analytics monitoring systems in 2019, how their clients are applying data to remediate and strengthen their compliance programs and best practices for corporations interested in creating a center of excellence to manage risk indicators.
Following is a preview of the discussion:
What trends do you expect to see in analytics monitoring systems in 2019?
Rith: The abundance of data and the global nature of companies is forcing organizations to take a fresh look at how they develop systems, ways of monitoring those systems, and applying compliance controls in ways that allow them to take actions across various systems and departments. Organizations are hyper-aware of the real-time potential of risk detections and we are seeing an increased mandate to demonstrate effectiveness of a compliance program, often through external measures. The UK Bribery Act guidance on Adequate Procedures states that organizations might wish to consider external verification or assurance of the effectiveness of procedures and more and more we’re finding that organizations are finding this verification highly effective. There is a developing trend, partially driven by regulatory mandate, of organizations taking technology-centric approach to compliance.
How are your clients applying data to remediate and strengthen their compliance programs?
Mason: Organizations are looking for a global, holistic, view of their operations so headquarters can see what’s happening across their entire remit. Technology can help organizations see this risk profile at a summary level and then enable them to drill down to the most detailed, granular, transactions.
It’s important for organizations to start using this transaction-level detail and data analytics to not only spot risks, but to also test the effectiveness of their compliance programs. Data provides insight into behaviors and how well the teams on the ground are adhering to policies. We like to call this “closing the loop” on your compliance program - using data to continuously test and adapt your program.
Quantifying a program’s effectiveness brings a level of standardization across operations which helps normalize measures globally and enables an organization to benchmark its compliance program against itself across centers of operation.
How common are compliance analytics?
It’s an emerging area. As technology advances, we expect to see predictive analytics adopted at a faster pace. For example, we’ve advised on the implementation of programs to combat insider threat concerns which leverage human intelligence to drive automation that constantly monitors communications, transactions and user-behavior across structured and unstructured data platforms. These solutions provide indicators and recommended best course of action for a compliance team to take. What we’re finding is that this technology is being customized to fulfill the needs of specific compliance departments. As new connections are made between risk, its origins and the data indicators that can be used to identify a potential issue, the technology will evolve to make the work of the compliance function easier.
Mason adds, as cyber breaches become more common, there is an opportunity to more tightly merge data sources and monitoring systems to provide a holistic view of risk and break down traditional silos between internal departments.
Can you provide an example of the recent investigation and how it evolved into an analytics-driven compliance program?
Mason: We recently advised on the implementation of a proactive monitoring solution as part of a large corruption investigation in Brazil. The case centered around allegations of improper payments and bribes being paid to tax officials and authorities in exchange for preferential treatment and government contracts. Some of these bribes were being funneled through marketing expenses. All in, we were looking at structured and unstructured data sources in the form of cash transactions, structured databases, accounting databases, and so the analytics were key to spotting suspicious transactions. To make that possible, we looked at the entire universe of financial data and applied reg flag queries to look at high risk transactions and anomalies to help focus the investigation. As part of the investigation settlement the organization was tasked with implementing a remediation program that involved technology, so we took the investigative methodology, expanded it, and automated the queries to run at regular intervals as a proactive monitoring mechanism. This same functionality can applied to any compliance program.
Where do you see compliance heading?
Rith: Organizations will start appreciating "snapshots in time". We’ll be less concerned with the growth of data and will start to focus in on and recognize that the speed in which data is moving provides us with an opportunity to capture that “golden moment” in time where data provides the highest value or most relevant information. For example, industries are collaborating and storing information in real-time, and we feel risk scoring of individuals and entities can be done in real time as well. These scores will be used to identify high performers, potential insider threat actors, in addition to the traditional scoring of customers and third parties. I predict that these scores will soon be applied externally to improve the bottom line and identify external threat actors.
Compliance is also heading towards a more transparent best-practice approach. Technology and systems are making it easier to share policies across organizations and operations. We’re also going to see improved policies and integration across organizations, making it possible for them to roll out programs more efficiently, quickly and with greater flexibility for cultural adaptation. Shared technology at the center of policy will help ensure programs are optimized and consistent. Listen to the full podcast here.