How Third-Party Automation Helps Compliance Officers
August 27th, 2018
Compliance officers talk constantly about the importance of automation and data analytics, and for good reason: they are crucial to successful management of a modern compliance program.
So what’s the relationship between those two forces and third-party automation technology? How should compliance officers plan their strategies for more automation and better analytics, to ensure that you can harness third-party automation investments to their full potential?
First, let’s remember that the foundation for all of this is good data. As companies go through digital transformation of one business process after another (marketing, sales, procurement, accounting, document storage, and so forth), compliance officers should always be asking: “What do I want to know about how that business process is working? What points of data would tell me that?”
That’s the information you want to capture and store in the so-called “single source of truth” — a secure repository of data relevant to the compliance function, all of it in proper format, free from error or tampering.
That data, however, is still just the raw material. Third-party automation tools then refine that raw material into a finished product of insight you can read, study, share, and use to make better business decisions. Third-party automation software allows compliance officers to perform better risk analysis, or see more clearly which policies and procedures work well.
That’s the theory. Let’s walk through some more specific examples.
Third-Party Automation at the Transaction Level
First, the proper blend of digital business processes and third-party automation technology allows you to define a “standard” business transaction: one that follows a certain routine, and generates certain types of data as it winds through whatever digital process you have. Therefore, you can also identify non-standard transactions more quickly — because they’ll generate different patterns of data, that stick out like a sore thumb.
For example, you might have a manual due diligence process where junior executives enter data about high-risk third parties in a spreadsheet, which senior executives then review and approve before that third party is hired. But compliance officers would have no easy way to determine that a junior officer performed his or her due diligence before the senior executive approved the high-risk third party.
In a world of automation and due diligence, those processes can be designed so that any senior-level approval without corresponding junior-level due diligence is automatically flagged. You could even design a system where senior-level approval is never possible without due diligence already complete. In a digital and automated world, the very act of granting approval without due diligence is a data point unto itself, that a third-party automation system can capture and send to the compliance officer.
Third-Party Automation at the Process Level
The full potential of third-party automation technology, however, comes from aggregating all that transactional data so the compliance officer can better understand how the whole process is working.
For example, compliance officers could review due diligence data to see how long client onboarding takes in various countries or operating divisions, and then ask the obvious question: why?
Perhaps in some countries, finding background data on third parties takes too long to be worth an employee’s time, and the business might be better served automating background checks with a third-party provider, while the employees handle more delicate person-to-person reviews with third parties that are financially lucrative but also high risk. Or perhaps the whole population of third parties under consideration is high risk, and the company might consider a wholesale change in the third parties it uses.
The other important point in using third-party automation technology is that it creates an audit trail. That audit trail is the supporting evidence for all the transactions you review or process-level decisions you make. Regardless of whether the board wants to see that evidence, or regulators investigating a matter, or other stakeholders the organization wants to win over — the evidence will be there, always and indisputable.
Above all, third-party automation tools empower compliance officers to retrieve and study data at multiple levels. At a high level, that insight lets compliance officers drive real change that can reduce risk and make the company more competitive. At a detail level, it lets compliance officers answer specific questions about transactions that might bring enforcement risk — and, ideally, convince the enforcers to pursue individual wrongdoers rather than the company.
Neither of those compliance objectives is going to go away. Astute use of third-party automation technology, however, will make them much easier to manage.