Categories
Blog

Data Driven Compliance: Current Trends and Innovations

Data-driven compliance strategies have become a game-changer in risk management and fraud prevention. I recently had the opportunity to participate in a KonaAi-sponsored webinar entitled “Data Driven Compliance: Current Trends and Innovations.” The event was hosted by Vince Walden and featured Rayne Towns, the Global Head of Risk and Monitoring at Nokia.

I view data-driven compliance strategies in risk management and fraud prevention as an evolution of the compliance profession. It can be seen in the importance of data analytics in improving the effectiveness of compliance programs. There is and will always be the need for human interpretation and utilization of the data. Towns see data-driven compliance strategies as a way to strengthen and improve the compliance program’s effectiveness, using data analytics to identify and address gaps in the compliance program. She also emphasizes the importance of prioritizing and starting with solving specific problems when implementing data analytics. Vince Walden joined in with his perspective on data-driven compliance strategies in risk management and fraud prevention.

Data driven compliance is one more in the evolution of the compliance profession, one more step. Fortunately, we have evolved from when compliance was very much legal driven by lawyers. And over time, most compliance professionals (and equally importantly, the DOJ and SEC) began to view compliance as a business process. As a business process, it can be measured, it can be studied, it can be monitored, and it can be approved based on that information.

We began with the importance of data analytics in compliance programs. The shift towards data-driven compliance has transformed the profession from solely legal-driven to a measurable and improvable business process. This shift has been recognized by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The SEC first called out the use of data analytics, as it did in the Order concluding the Key Energy FCPA enforcement action. Most recently, the Albemarle FCPA resolution specifically called out the company’s use of data analytics in its remediation program, which occurred during the pendency of its FCPA resolution process.

In 2016, the Securities and Exchange Commission called out data analytics in an enforcement action for the first time. It was the Key Energy FCPA enforcement action, where they suggested data analytics would have shown or demonstrated a range of values outside the norm for certain gifts, travel, and entertainment for the company. This demonstrated that regulatory thinking evolved as well. Now, data analytics has become a critical element to improve the business process of compliance. Data driven compliance allows you to measure it, monitor it, and improve it all in a documented fashion so that if a regulator ever comes knocking, you can demonstrate to them not only the effectiveness of your compliance program but also how you are moving your compliance regime forward based on solid data and analysis.

AB InBev was one of the first companies to successfully implement data-driven compliance strategies, moving from detection to prevention of issues. This shift has resulted in cost savings and improved risk management for the company. Equally significant was the company’s public discussion of the BrewRight program and how it evolved into a broader business process tool.

The DOJ always telegraphs what is important to them. Starting 2020 with the 2020 Update to the Evaluation of Corporate Compliance Programs, they said the CCO must have access to all data across an organization. You may have data silos, but a CCO must be able to punch through all of those data silos. It is a natural progression from 2020 to this Albemarle FCPA enforcement action, where the DOJ clearly stated that the company’s data analytics program allowed them to move forward with the remediation.

Moreover, the critical part was that Albemarle was not required to have a monitor. To avoid having a monitor required under the resolution required two things. One, an effective compliance program, but two, testing of it. And the DOJ has made very clear those requirements. Albemarle had an effective compliance program, but more importantly, they have monitored it and tested it through their data analytics program. Their compliance function’s actions saved the company millions. And it tells the rest of us what the DOJ will look for in a compliance program going forward.

Data analytics plays a crucial role in various aspects of compliance, including M&A due diligence and risk assessment. By leveraging external data sources, compliance professionals can gain valuable insights into potential risks associated with vendors, customers, and employees. This information allows them to make informed decisions and mitigate risks effectively.

Compliance professionals must be aware of the importance of data-driven compliance strategies’ impact on decision-making. Using data analytics, compliance professionals can measure, monitor, and improve compliance programs in a documented fashion. This demonstrates the compliance program’s effectiveness and enables organizations to adjust and adapt more quickly to changing regulatory requirements.

However, implementing data-driven compliance strategies comes with its own challenges. Balancing the tradeoffs between automation and manual processes is one such challenge. While automation can streamline compliance processes and identify gaps, manual touches are sometimes necessary. Data analytics can help identify these gaps and drive accountability and training efforts.

There is great potential for new technologies like generative AI and machine learning to enhance compliance programs. These technologies can make compliance processes more efficient and enable better decision-making. For example, generative AI can guide users through dashboards and provide valuable insights, making compliance tasks easier and more effective.

Budget approvals are another crucial consideration for organizations when implementing data-driven compliance strategies. CFOs prioritize keeping the business out of legal risks and fines, fraud prevention and recoveries, and improved internal controls. Data analytics is not just a “nice-to-have” but a “must-have” for organizations. Those that do not embrace data analytics or fail to move towards it are at risk.

In conclusion, data-driven compliance strategies have revolutionized the compliance profession. Organizations can measure, monitor, and improve compliance programs by leveraging data analytics, resulting in cost savings, improved risk management, and better decision-making. While there are challenges associated with implementing data-driven compliance strategies, the benefits far outweigh the tradeoffs. Compliance professionals must embrace data analytics as a critical element of their compliance programs to stay ahead in an ever-evolving regulatory landscape.

Categories
Blog

Dheeraj Thimmaiah on Getting Buy-In for the Use of Data Analytics

Data analytics are becoming an increasingly important part of compliance performance. But how can companies ensure they are utilizing this technology to its fullest potential? I recently visited with Dheeraj Thimmaiah, Global Director of Compliance Analytics at AB InBev, to explore how user experience is the key element to a successful compliance solution and how AB InBev has used BrewRite data analytics tool to turn compliance into a data-driven program. By focusing on middle management, AB InBev has helped drive user adoption and optimize decision-making. He will also explain how he has been able to evolve BrewRite to include features such as alerting users of sanctions-related activity and creating a Quarterly Ethics and Compliance Assurance Report.

Dheeraj suggested three steps you need to follow to garner user adoption of data analytics to facilitate:

  1. Understand your target audience and their mindset;
  2. Involve the users in the process of developing the tool; and
  3. Introduce the concept of data driven compliance with a report.

Understand your target audience and their mindset

The first step in implementing a data analytics tool successfully is understanding the target audience and their mindset. In the case of AB InBev and the development of Brew Right, this involved focusing on the middle management level, as they are the ones directly responsible for interacting with employees and ensuring the tool is used. Dheeraj explained how they worked to slowly introduce the concept of data driven compliance to the middle management and involve them in the journey by allowing them to be part of the end product. They also worked to show the business rationalization behind the tool and how it could help make their day-to-day jobs easier.

The evolution of BrewRite has also been an important part of understanding the target audience and their mindset. In other words, the User Experience or UX. Initially, BrewRite was designed with the focus on transaction monitoring and providing feedback to the machine learning model. However, the way users interact with the tool has changed with the introduction of alert mechanisms, allowing users to be proactive in identifying risks. AB InBev has also introduced the Quarterly Ethics and Compliance Assurance Report, which enables senior level managers to benchmark compliance areas across different regions and empower local fields to take corrective action.

Involve the users in the process of developing the tool

As Carsten Tams continually reminds us, it is always about the UX. Involving the users in the process of developing the tool is essential for successful adoption and use of the tool. When it comes to the development of BrewRite, AB InBev focused on the day-to-day managers who would be using the tool and saw them as a key target audience. They wanted to ensure that the tool was both simple and effective for the users. To do this, they went through a process of changing mindsets to increase adoption and involving the users in the technical processes of the tool’s maturity and evolution.

This ensured that the users were a part of the end product and allowed them to leverage the tool to its maximum value. Additionally, the development team worked to bring an overview to senior level managers by taking different regions, building measures with business leaders, and creating a Quarterly Ethics & Compliance Assurance Report. This allowed the local fields to have insights and take the right actions for corrections needed. By involving the users in the process of developing the tool, BrewRite is able to be successful and make an impact.

Introduce the concept of data driven compliance

Step 3 of the process is introducing the concept of data driven compliance with a Quarterly Ethics & Compliance Assurance Report. This step is an important part of the process, as it will help to ensure that the data analytics tool is being used effectively and efficiently by the users. The first part of this step is to understand who the target audience is. Dheeraj suggests that the target audience should be the day-to-day compliance officers and managers, as they are the ones who are closest to the business transactions that are happening and can leverage the tool to the maximum value.

The second part of this step is to provide a business rationalization for the tool beyond simply having to do it. Dheeraj explained that this was done at AB InBev by pointing to the organization’s transformation to a digitized and monetized way of decision making. The third part of this step is to focus on user adoption. A key mechanism is getting the users involved in the technical process of the maturity of the tool and even the evolution of the tool, so they will contribute to the end product. Finally, the fourth part of this step is to introduce the Quarterly Ethics & Compliance Assurance Report, which will provide senior level managers with a world map that benchmarks which areas are strong in a particular region and which areas require improvement. This will enable the local fields to take the right actions for corrections they need to do.

Data analytics are becoming increasingly important for organizations to remain compliant. Dheeraj and his team at AB InBev continue to show how a successful compliance solution begins with understanding the users and their mindset. By involving the users in the process of developing the tool, focusing on middle management, and creating a Quarterly Ethics and Compliance Assurance Report, AB InBev has been able to maximize the potential of the data analytics tool. By following the same steps and leveraging the right technology, any organization can achieve the same success.

Check out the full podcast with Dheeraj on the use of data analytics at AB InBev here.

Categories
Data Driven Compliance

Dheeraj Thimmaiah on Creating and Using an Internal Data Analytics Tool

Data Driven Compliance is your go-to podcast to learn about the latest in business analytical tools. It is sponsored by Kona AI. In this series, host Tom Fox brings you insightful interviews with experts in digital analytics, cyber security, and more. In this episode, Tom sits down with Dheeraj Thimmaiah from AB InBev. Dheeraj talks about the development of their internal data analytics reporting tool called ‘BrewRite.’ This tool has a wide variety of applications, from its use in helping to create the compliance function’s ‘Quarterly Ethics and Compliance Assurance Report’ to alert users when activities are triggered and providing information in the case manager module. Tune in and join the conversation with Tom and Dheeraj as they talk about the future of technology and the power of data analytics in uncovering risks! 

Key Highlights

·      Using Data Analytics to Navigate the company’s compliance challenges [00:06:04]

·      AB InBev’s Internal Tool BrewRite.  [00:10:09]

·      Monitoring and Assessing Business Ethics and Compliance Risk via Quarterly Reports -[00:21:47]

 Notable Quotes

1.      “The first thing we wanted to see is, how do we kind of slowly introduce them to the concept of data program?”

2.     “For us, the words simple and effective, we want to see how people are taking their day-to-day jobs and making it much easier.”

3.     “At the end of the day, these are the people who are actually looking at a particular area, identifying the risk or mitigating risk. They’re the source of a lot of things that get done within the company. So it’s so important for us to focus on them as an audience because they’re the people who can leverage the tool to the maximum value and also, at the same time, provide us great input because the closest to the business and the transactions that are happening across the ground to evolve types of risk we are looking for so we can continue to progress.”

4.     “We want to build something like that internally, and we’ve really titled this the quarterly ethics of compliance assurance report.”

 Resources:

Connect with Dheeraj Thimmaiah on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
FCPA Compliance Report

Matt Galvin and Dan Kahn-Part 1, Disclosing to and Working with the DOJ

This episode of the FCPA Compliance Report begins a special two-part series with two well-known compliance professionals. Matt Galvin, most recently the CCO at AB-InBev and Dan Kahn, former acting Deputy Assistant Attorney General of the Criminal Division, Chief of the Fraud Section, and Chief of the FCPA Unit. Dan is now in private practice at DavisPolk. In this Part 1 we take up the key issues around dealing with the DOJ including the factors which go into the decision to self-disclose, incentives and disincentives in compliance programs, internal investigations including who is involved and scoping an investigation, presenting information to the DOJ during the pendency of an investigation and negotiating the final settlement and post-resolution; including both ongoing reporting and continuing innovation in your compliance program.

Resources

Matt Galvin on LinkedIn

Dan Kahn at Davis Polk

Categories
The Walden Pond

Data Driven Compliance with AB InBev’s Dheeraj Thimmaiah, Global Director of Ethics and Compliance


 
Dheeraj Thimmaiah is Global Director of Ethics and Compliance, heading Compliance Analytics at AB InBev. He is data-driven and passionate about innovation. Dheeraj is dedicated to spending close time with AB InBev’s users and customers because even if you have the best tools, your organization will not get far without an audience. He joins Vince Walden to share insights about his role and work at AB InBev.
 

 
BrewRIGHT is AB InBev’s advanced data analytics program, which has 15 different apps and compliance workflows in 60 different countries. BrewRIGHT continuously monitors compliance (which has been especially useful during the pandemic), assists in managing investigations, and allocates resources effectively. 
Dheeraj shares tips on how to get started on the analytics journey for compliance: ask yourself how you can control the uncertainties, identify the problems, and find a way to use technology as an enabler in building impact. 
 
Resources
Dheeraj Thimmaiah on LinkedIn 
AB-InBev.com