Last week, Nicole Argentieri, acting assistant attorney general for the Criminal Division, speaking at the ACI National FCPA reported that the Department of Justice (DOJ) is stepping up its own use of data analytics to identify instances of corporate misconduct, and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and the Securities and Exchange Commission (SEC) are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field.
The DOJ has been using data analytics to uncover cases of corporate misconduct, including violations of the Foreign Corrupt Practices Act (FCPA). Acting Assistant Attorney General Nicole Argentieri, highlighted the department’s efforts to improve its data analytics game and its use of analytics to find cases of corporate misconduct. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” While the DOJ has successfully prosecuted individuals for FCPA violations using data analytics, there is yet to be a high-profile corporate FCPA violation case that has arisen from the department’s own data analytics.
On the other hand, the SEC has a dedicated data analytics team called the EPS team, which has uncovered cases of accounting fraud and insider trading. The SEC’s data-rich environment and lower burden of proof on the civil side have allowed them to successfully prosecute cases using data analytics. This demonstrates that regulators can effectively utilize data analytics to identify corporate misconduct.
The increasing focus on data analytics by the DOJ and SEC has implications for companies. The better a company is at data analytics, the more pressure it may face for voluntary self-disclosure of misconduct. Good data analytics can bring risks or incidents of misconduct to light, and once they are discovered, companies cannot ignore them. The 2023 Evaluation Of Corporate Compliance Programs (2023 ECCP) instructs prosecutors to inquire about a company’s use of data analytics in identifying misconduct. This puts pressure on companies to proactively address and disclose any misconduct they uncover through data analytics.
This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may mean simply table stakes for compliance. In the 2020 ECCP, the DOJ mandated the compliance function have access to all corporate data and be able to break through data siloes in their organizations. Any company which does not have a data analytics capability may be in for a long road to hoe if the DOJ or SEC comes knocking.
However, not all companies have sophisticated data analytics programs in place. The DOJ recognizes that smaller firms may not have the same level of resources and expects a certain level of sophistication tailored to a company’s size. Larger companies, especially Fortune 500 companies, are expected to have more sophisticated data analytics capabilities, including business intelligence units and advanced technology. The expectations for more sophisticated analytics are higher for these companies.
The Bank of America CFPB enforcement action case serves as a reminder of the importance of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained. (Matt Kelly took a deep dive into the BoA enforcement action in this week’s edition of Compliance into the Weeds.)
While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.
Argentieri’s speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.