There are many compelling ways to make a solid case for deploying powerful analytics within your compliance program. As a Bloomberg article put it, compliance programs “like everything else in the 21st century must be data-driven”.
The most significant risk for compliance officers is that they fail to understand what is happening in the organization. That occurs when compliance officers have an incomplete picture of activities: data from only half the operating divisions, key facts missing from a specific allegation of misconduct, and so on.
Integrated compliance management consolidates information in an accurate, useful way enabling compliance officers to contextualize that information into broader trends of compliance activity, which in turn will allow for a more methodological and analytical approach to managing compliance.
Without effective centralization and normalization of data, none of the powerful analytics is possible in the first place. Let’s take the example of whistleblower hotlines, a vital tool to collect reports of misconduct. Don’t assume that in your organization most reports of misconduct come from employees speaking to managers; they will be scared to do that.
An integrated platform can even connect your case management process to your conflicts of interest process. This connection would flag any conflicts related to specific cases, shedding additional light on the investigation and allowing you to take appropriate corrective measures. Regulatory guidance has already highlighted the need for better data analytics, the criteria for which is also clearly laid out:
Adequate access of compliance officers to data (recall the earlier point on data centralization). Data consolidation to ensure timely and effective monitoring or testing controls and mitigation plans. Leveraging data to discern patterns, trends, relationships, and anomalies as real-time early warning systems.
So let’s dive into a few of the compliance objectives that become tangible to compliance officers with integrated compliance management and robust data analytics.
Better Risk Management Smartly designed compliance processes (read: risk controls) are crucial components of an effective compliance program. However, these controls are bound to fail from time to time, which is why any robust compliance program must include reliable reporting and analytical functionalities. These two components are the nervous system of a compliance program bringing potential concerns about misconduct, changes in risk factors, and risky trends and patterns to the compliance officer’s attention.
Similarly to the human nervous system, reporting and analytics must be ready to encounter stimuli, translate input into actionable intelligence; and relay that information to a central “brain” (the compliance officer). The brain of the compliance operation can decide how best to respond, improve the compliance program, and advise senior leadership on strategic decisions.
Powering Preventive Compliance Measures need to be in place for companies to qualify for a reduced prosecution or fine or declination to prosecute altogether. The prize is a tempting one, particularly considering the gigantic size of some of the penalties that have been imposed on multinationals so far. To cite just a few, Airbus was fined a total of USD 2.09 billion in 2020, Petrobras USD 1.78 billion in 2018, and Swedish Telia USD a total fine of USD 1.01 billion in 2017. These fines, despite their size, still don’t reflect the enormous sums spent on investigations, lawyers, and other resources, nor the invaluable damage to reputation. In the Philippines, both the National Privacy Commission and the Philippine Competition Commission have been careful with fining so far. But their impact on the reputation of companies is clearly visible.
Yet, what this approach has failed to highlight is the broader goal of compliance, namely, to put an end, or at least limit, the destructive economic and social effect corrupt business and unfair competition has.
Reactive compliance will no longer cut it today, a proactive approach to preventing misconduct must be taken if stopping global corruption is the goal.
Striving for Impact Effective compliance management rests on impactful measurement solutions. Based on that assumption, no compliance department can claim to manage an effective program if it’s unable to measure its impact. Well-designed and well-built compliance processes are only the first step towards operating a robust compliance program; if policies and procedures remain elaborate documents bypassed in practice, your compliance program is only strong on paper. Measuring how your policies and procedures work in practice allows you to truly assess how well controls protect your business from violations, how well you deal with misconduct when it strikes, and how much damage you will be able to mitigate. If you lack effective monitoring and analytics functions, you will miss the critical part that will transform your program from process-oriented to impact-oriented.
Program Evaluation The two foundational approaches that differentiate between a perfectly designed paper program and a well-functioning compliance program is one that’s founded on a sound risk assessment and crowned with effective monitoring and evaluation. Compliance departments with advanced data analytics can rely on real-time data feeds to make the association between risk factors across the business to identify changes in risks and instantly bring the need to reassess control to the stakeholder’s attention.
These real-time insights differentiate reactive from proactive compliance. Transforming your program to be proactive can only be achieved with sound data analytics.
Process automation – we are offering software automation for larger companies to supervise their departments and subsidiaries for data privacy protection and cyber security. I feel that the time has come to extend that kind of automated compliance management to fair competition and anti-corruption.
Feedback is appreciated; contact me at firstname.lastname@example.org.