A New Focus on Compliance and Data Analytics
October 10th, 2019
Compliance officers hear from innumerable voices that data analytics is crucial to a strong corporate compliance program. Now the Justice Department has added its voice to that chorus, too.
In a speech delivered on Sept. 12, deputy assistant attorney general Matthew Miner warned financial and commodities firms that prosecutors now use data analytics to identify suspicious trading — and said that if prosecutors can use data analytics to find possible misconduct, then firms themselves should be using data analytics to try to prevent it.
“Whereas we are able to identify indicators and anomalies from market-wide data, companies have better and more immediate access to their own data,” Miner told an audience of corporate legal and compliance professionals in Houston. “For that reason, if misconduct does occur, our prosecutors are going to inquire about what the company has done to analyze or track its own data resources (emphasis added).”
As Justice Department statements go, that message is crystal clear: data analytics is a crucial part of compliance risk monitoring, and federal prosecutors expect companies to develop that capability.
What does that mean for compliance officers planning their technology strategies? What else should a compliance program address to put data analytics to full advantage? Several points come to mind.
First is the importance of data collection and governance. A company cannot analyze its data if the data itself is incomplete, inconsistent, or otherwise tainted. So for example, a firm might need to revisit its business processes to be sure they generate useful data (transaction amounts, dates, beneficial owners, and so forth); and also its policies for how long that data is preserved.
This point also brings up the related question of maintaining a single source of data, to avoid incomplete, inaccurate, or duplicative data that might pollute the analysis you want to perform. This is just another way of saying “storing data on spreadsheets is bad,” and that’s not news to compliance officers — but the Justice Department’s words about data analytics do remind us that moving away from spreadsheets really is crucial to success.
Second, can you connect your data analytics to the company’s compliance risks? This simply means that a company must know what it wants to look for within its data. For example, a firm selling goods or services to foreign governments knows that it has high anti-corruption risks. So can that firm identify employees’ gifts and entertainment spending on those government sales prospects?
Or consider a wholesale pharmaceutical firm selling opioids to local distributors. That pharmaceutical firm would need some way to analyze the number of pills shipped to distributors and compare that to the distributors’ retail customer base, to gauge whether the pharma firm is shipping more opioids than is warranted.
Conversely, a company will need to understand when data that looks like an anomaly actually isn’t misconduct. A commodities firm, for example, might experience a spike in certain trading as part of employees executing a legitimate strategy. The compliance function would need to know that. It would need to know whether new business objectives will lead to activity that might be perceived as suspicious, so the firm can document the change and defend itself should regulators come knocking.
That brings us to our final point: compliance functions will need to assure that they have all the other policies and procedures that might be necessary to act on whatever new insights a strong data analytics function provides.
Strong data analytics helps a company to identify anomalies or outliers among its transactions,. Once identified the company can then address risk clearly and effectively with data to support and guide decision making.
Only then can a company can keep pace with the compliance risks it has — now more important than ever with prosecutors who are bringing their own analytics firepower to bear like never before.