Categories
Compliance Tip of the Day

Compliance Tip of the Day – Boards and Digital Transformation of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

The Board can help lead the digital transformation of compliance.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the entire 3-book series, The Compliance Kids, on Amazon.com.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The 2024 ECCP Update on Data Access

The award winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the 2024 update to the Department of Justice’s guidelines for corporate compliance programs, focusing on data and data access.

Tom and Matt explore the significance of these updates and whether they stem from companies showing advancements in data analytics or the DOJ recognizing gaps in data access for compliance officers. The discussion highlights the challenges compliance officers face, especially with diverse ERP systems and data silos, and provides insights into how compliance officers can leverage these guidelines to advocate for better data access within their organizations. The episode also breaks down specific questions from the DOJ’s guidelines, offering practical advice on addressing obstacles to data, resources for data access, and data maintenance.

Key Highlights:

  • The Importance of Data Access in Compliance
  • Challenges in Data Access for Compliance Officers
  • DOJ’s Six Key Questions on Data Access
  • Addressing Data Access Impediments
  • Tools and Resources for Data Analytics
  • Communicating with the Board on Data Analytics

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The 2024 ECCP – Using Data Analytics to Determine Employee Engagement, Trust, and Corporate Culture

In her recent speech at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute. Principal Deputy Assistant Attorney General Nicole M. Argentieri spoke about the CWA and reviewed its early developments. (A copy of her remarks can be found here.) There was also updated information on the DOJ approach to whistleblowers and anti-retaliation found in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP). She addressed the growing importance of using data analytics to evaluate key aspects of a company’s corporate culture, particularly employee engagement, trust, and overall corporate ethics.

Assessing corporate culture is essential for compliance professionals. Culture is a powerful determinant of whether employees will adhere to company policies, report misconduct, and act ethically. The DOJ has made it clear through the 2024 ECCP that an organization’s culture of compliance is as critical as the controls themselves. Compliance programs must go beyond preventing misconduct and cultivate a culture where ethics and transparency are prioritized.

Employee engagement and trust are at the heart of this culture. Engaged employees are more likely to comply with rules and report issues. However, if there is a lack of trust—whether in the company’s leadership, policies, or reporting mechanisms—the risk of ethical lapses and misconduct increases. Data analytics can offer compliance professionals actionable insights into these hard-to-measure elements of corporate culture.

Leveraging Data Analytics for Cultural Insights

Traditionally, companies have relied on surveys, focus groups, and audits to assess employee engagement and trust. Despite their value, these methods frequently have limitations due to low response rates, biases, and a point-in-time perspective. On the other hand, data analytics offers ongoing, real-time insights across various indicators. Let’s explore how data analytics can help evaluate employee engagement, trust, and corporate culture:

Employee Engagement Data

Employee engagement can be a key indicator of whether a compliance program is likely to succeed. High levels of engagement suggest that employees are motivated, aligned with corporate values, and likely to act in the company’s best interest.

Metrics to Consider

  • Employee Feedback Platforms. Tracking data from feedback platforms (such as pulse surveys or anonymous feedback tools) can provide insights into employee sentiment about their work environment and leadership.
  • Participation in Training Programs. Data on employee participation in compliance training—especially voluntary programs—can offer insights into employees’ engagement with the company’s compliance initiatives.
  • Use of Corporate Tools. Monitoring internal systems such as compliance hotlines, whistleblower portals, and internal messaging boards can help assess whether employees feel empowered to engage with compliance resources.

By monitoring engagement trends over time, compliance officers can detect shifts in employee engagement and intervene if levels drop. For instance, increasing non-compliance with mandatory training could be a red flag for broader cultural issues.

Trust in Leadership and Compliance Programs

Trust is a critical component of a successful corporate compliance culture. If employees do not trust leadership or the compliance function, they are less likely to report misconduct and more likely to turn a blind eye to ethical violations.

Metrics to Consider

  • Whistleblower Reporting. Data on the number of whistleblower reports can be telling. A lack of reports may not necessarily indicate a lack of issues—it could signal a fear of retaliation or distrust in the reporting process.
  • Retention Rates in High-Risk Areas. Monitoring employee turnover in areas that are considered high-risk (e.g., finance, procurement, or overseas offices) can help determine whether ethical concerns are driving departures.
  • Survey Data on Trust Levels. Regular employee surveys on perceptions of leadership and the compliance program can offer a pulse on trust. The key is to go beyond traditional engagement surveys and ask questions about ethical concerns and trust in compliance leadership.

Combining survey data with data from whistleblower systems and employee retention analytics can offer a more nuanced view of whether employees trust leadership. A low reporting rate and high turnover in high-risk areas may indicate deeper cultural problems requiring intervention.

Monitoring Employee Behavior and Risk Indicators

One of the most significant ways data analytics can support compliance efforts is by detecting behavioral patterns that may indicate a lapse in corporate culture or potential compliance risks.

Metrics to Consider

  • Expense and Travel Data. Analyzing expense reports and travel data patterns can reveal inconsistencies or potential misconduct, such as fraudulent claims or unauthorized spending.
  • Email and Communication Analysis. Some companies use natural language processing (NLP) tools to analyze internal communications for warning signs of ethical issues. This can include detecting language that suggests rule-breaking, covering up misconduct, or expressing discontent with corporate policies.
  • Business Unit Performance vs. Compliance Reporting. Comparing performance data across business units with the frequency of compliance-related issues can provide insights into whether high-performing units are cutting corners to achieve their results.

Behavioral analytics can help compliance professionals detect patterns before they escalate into larger issues. For example, if a particular business unit shows exceptional financial performance but is under-reporting compliance concerns, this could signal a risky culture of non-compliance.

Driving a Data-Driven Culture of Compliance

Implementing data analytics in your compliance program requires the right technology, processes, and, most importantly, corporate buy-in. As the DOJ highlighted in its recent updates to the 2024 ECCP, compliance personnel must have adequate access to relevant data sources and the resources to interpret and act on that data. Companies should invest in the same level of technology for their compliance functions as they do for their business operations.

Some of the keys every compliance program should consider to help implement a data-driven culture of compliance include the following strategies:.

  • Build Cross-Functional Partnerships. Compliance teams should collaborate with human resources, IT, and business operations to gain access to the data they need. A cross-functional approach ensures compliance data is integrated into the company’s broader performance metrics.
  • Foster Transparency in Data Use. Be clear with employees about how their data will be used, particularly in sensitive areas such as monitoring communication. Emphasizing the ethical use of data can help build trust.
  • Regularly Reassess Your Metrics. As with any compliance program, the metrics used to evaluate corporate culture should evolve. New risks, technologies, and business challenges should inform your data strategy.

Strengthening Compliance through Analytics

The DOJ made clear in the Argentieri speech and the 2024 Update to the Evaluation of Corporate Compliance Programs that a data-driven approach to understanding employee engagement, trust, and corporate culture is essential for compliance success. Data analytics offers compliance professionals powerful tools to assess whether employees are following the rules and truly engaged in creating an ethical and compliant corporate environment.

As we look toward the future, companies prioritizing data analytics in their compliance programs will be better equipped to prevent misconduct, identify cultural risks, and foster a workplace that values ethics and transparency. For compliance officers, the time is now to embrace data analytics and use it to reinforce the foundation of a strong corporate compliance program.

Categories
FCPA Compliance Report

FCPA Compliance Report: Vince Walden on Leveraging Data Analytics for Effective Compliance Monitoring

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance.

In this edition of the FCPA Compliance Report, Tom Fox welcomes back Vince Walden, founder of KonaAI. Vince reports on the 2024 Update to the Evaluation of Corporate Compliance Programs. (Today’s episode is a cross-posting from Data Driven Compliance.)

Walden, a distinguished expert in compliance data analytics, actively participates in industry forums such as the Society of Corporate Compliance and Ethics annual summit in Grapevine, Texas. He advocates for compliance professionals to have ample access to relevant data sources, enabling them to monitor and test policies, controls, and transactions effectively. Walden stresses the importance of AI developers being vigilant about potential biases and public harm, aligning with the Department of Justice’s stance on accountability. He advises compliance practitioners to collaborate with internal audit and finance teams to ensure they have the necessary transactional data for comprehensive risk assessments, highlighting successful, cost-effective implementations like those at Albemarle as models for gradual, data-driven compliance program adoption.

Highlights in this Episode

  • Data-Driven Compliance for Cost Savings
  • Enhancing Compliance through Advanced Data Analysis
  • Identifying High-Risk Areas for Data Analytics
  • Proactive Risk Mitigation through Real-Time Monitoring
  • ROI-driven Compliance Programs with Data Analytics

Resources

Vince Walden on LinkedIn

KonaAI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.

Categories
Data Driven Compliance

Data-Driven Compliance: The DOJ Mandate on Transforming Compliance Through Data Analytics and AI with Vince Walden

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, Vince Walden, founder of KonaAI, the sponsor of this podcast, returns to talk about the recent speech by Nicole Argentieri and the release of the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP).

Walden shares insights from the Nicole Argentieri’s keynote and ECCP update, emphasizing the DOJ’s focus on data access in compliance. We explore the importance of utilizing both compliance and business data for effective fraud and risk management. Walden underscores the necessity for compliance professionals to collaborate with internal audit and finance departments, advocating for a risk-based approach to data analytics and continuous controls monitoring. The discussion also delves into leveraging AI and machine learning to improve compliance efficacy and overall business operations, arguing for the proportional allocation of resources to match the company’s sophistication level.

Key Highlights:

  • DOJ’s Focus on Data Access
  • Understanding Compliance Data Analytics
  • Training Compliance Officers on Data
  • Implementing Continuous Controls Monitoring
  • Cost Savings and ROI in Compliance
  • Proportionate Resource Allocation
  • Documentation and Transparency

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri Speech and 2024 ECCP: Data Access and Data Analytics

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the DOJ’s approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts.

In her remarks, Argentieri said, “Third, under the updated ECCP, our prosecutors will assess whether a compliance program has appropriate access to data, including to assess its effectiveness. We have added questions about whether compliance personnel have adequate access to relevant data sources and the assets, resources, and technology available to compliance and risk management personnel. As part of this assessment, we will also consider whether companies are putting the same resources and technology into gathering and leveraging data for compliance purposes they use in their business.”

Her remarks were paired with new language in the 2024 ECCP, which stated:

Data Resources and Access – Do compliance and control personnel have sufficient direct or indirect access to relevant data sources for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit or delay access to relevant data sources, and if so, what is the company doing to address the impediments? Do compliance personnel know of and have the means to access all relevant data sources reasonably timely? Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs? How is the company managing the quality of its data sources? How does the company measure the accuracy, precision, or recall of any data analytics models it uses?

Proportionate Resource Allocation – How do the assets, resources, and technology available to compliance and risk management compare to those available elsewhere in the company? Is there an imbalance between the technology and resources used by the company to identify and capture market opportunities and the technology and resources used to detect and mitigate risks?

The speech and the 2024 ECCP put new and additional requirements around a corporate compliance program in the areas of data and data analytics. But how exactly should compliance teams navigate these heightened expectations? Here’s what you must do to ensure your compliance program meets these new standards.

Evaluate Your Data Access to Ensure Unimpeded Access to Relevant Data

The first step in aligning with the DOJ’s expectations is to conduct a comprehensive audit of your current data access. Compliance professionals must ask:

  • Conduct a Data Access Audit. Identify all the critical data sources for monitoring and testing your compliance policies, controls, and transactions. This includes financial transactions, communications, third-party interactions, and other data relevant to your risk profile.
  • Identify and Eliminate Barriers. Once you have a map of your data landscape, scrutinize it for any impediments that may limit or delay access to critical data. These barriers could be technical, such as legacy systems that do not integrate well, or organizational, like departmental silos that restrict data flow. Develop a plan to remove these impediments, whether through technology upgrades, process improvements, or changes in data governance.
  • Educate and Empower Compliance Teams. It is not enough for data to be accessible; your compliance personnel must also have the knowledge and tools to access it effectively. Invest in training programs that enhance data literacy among your team members, ensuring they can navigate and leverage data to its full potential.

The DOJ will scrutinize whether your compliance team has the same data visibility as other business units. If you find gaps, now is the time to bridge them.

Assess Resource Allocation for Data Analytics

Argentieri’s remarks also underscore the importance of resourcing. It is more than having data; your corporate compliance function must have the tools and talent to analyze it effectively. The 2024 ECCP emphasizes the importance of using data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance programs.

  • Technology Investment. Are you using advanced analytics tools? Leverage AI and machine learning to proactively identify patterns, anomalies, and potential compliance risks.
  • Invest specifically in Advanced Analytics Tools. Ensure that your compliance program is equipped with state-of-the-art data analytics tools. These tools should be capable of processing large volumes of data, identifying patterns, and flagging potential risks in real-time. Artificial intelligence (AI) and machine learning (ML) can be particularly useful in predictive analytics, helping you stay ahead of emerging risks.
  • Human Resources. Do you have data-savvy compliance professionals on your team? Consider upskilling current staff or hiring data analysts who understand the technical and regulatory landscapes.
  • Benchmark Resources Across the Organization. Start by comparing the assets, resources, and technology available to your compliance and risk management teams with those available in other departments, particularly those focused on capturing market opportunities. Look for any imbalances that could undermine the effectiveness of your compliance efforts.
  • Make a case for compliance. If compliance is underresourced, build a compelling business case for increased investment. Highlight the risks associated with inadequate compliance resources, including the potential for regulatory breaches, reputational damage, and financial losses. Use data to demonstrate how enhanced resources could improve compliance outcomes and protect the organization.

Implement Real-Time Monitoring

The DOJ’s focus on data access and analytics also means that real-time monitoring should be a cornerstone of your compliance strategy. Static, periodic reviews are no longer sufficient.

  • Continuous Data Feeds. Implement systems that provide compliance officers with ongoing, real-time data. This allows for immediate detection of potential issues.
  • Automated Alerts. Set up automated alerts for key risk indicators, such as unusual transaction patterns or policy violations. This ensures that your team can respond to potential breaches before they escalate.
  • Integrate Compliance into Business Strategy. To ensure ongoing support, integrate compliance more closely with business strategy. Show how robust compliance efforts contribute to long-term success, aligning compliance goals with the company’s objectives.

Leverage Data to Assess Compliance Program Effectiveness

The ultimate goal of data access and analytics is to measure and improve the effectiveness of your compliance program. The DOJ is looking for companies that can demonstrate how they use data to inform their compliance efforts.

  • KPIs and Metrics. Develop key performance indicators (KPIs) that track compliance program success. Metrics might include the number of detected compliance incidents, response times, or the effectiveness of training programs.
  • Data-Driven Adjustments. Use data insights to make real-time adjustments to your compliance strategy. If the data shows a particular area of concern, pivot quickly and address it with targeted interventions.
  • Measure the Effectiveness of Analytics Models. Develop metrics to evaluate the performance of your data analytics models. These could include detection rates, false positive/negative ratios, and the speed at which issues are identified and resolved. Review and refine these models to ensure they deliver accurate and actionable insights.

Ensure Transparency and Documentation

Finally, remember that the DOJ will be looking for transparency. Be prepared to demonstrate how you use data, make decisions, and allocate resources.

  • Document, Document, Document. Keep thorough records of your data access, analysis processes, and any adjustments based on data insights.
  • Audit Trails. Maintain clear audit trails that show how data influenced compliance decisions. This will be critical in demonstrating to the DOJ that your program is reactive and proactively leveraging data to prevent compliance failures.
  • Monitor Data Quality. High-quality data is the backbone of effective compliance. Regularly assess the quality of your data sources, checking for accuracy, precision, and recall. Implement data governance frameworks that ensure data integrity and reliability, ensuring your analytics models are based on the best available data.

Finally, under Part III of the 2024 ECCP, in the section entitled, Does the Corporation’s Compliance Program Work in Practice?, the DOJ said prosecutors would pose the following question, “Prosecutors should also assess how the company has leveraged its  data to gain insights into the effectiveness of its compliance program and otherwise sought to  promote an organizational culture that encourages ethical conduct and a commitment to  compliance with the law.”

Coupling that language from the 2024 ECCP with Nicole Argentieri’s speech, you see a clarion call for compliance professionals to elevate their programs through the availability and utilization of data and data analytics to meet the DOJ’s evolving expectations. The message is clear: data is not just a business asset but a compliance imperative. By ensuring unimpeded and robust data access, investing in analytics, implementing real-time monitoring, leveraging data to assess program effectiveness, and achieving resource parity for compliance, your compliance program will meet the DOJ’s standards and drive greater organizational integrity and resilience. In this new era of data-driven compliance, the key to success lies in strategic investment and proactive management.

The stakes have never been higher, but with the right approach, the rewards—reducing risk and increasing trust—are worth the effort.

Categories
Innovation in Compliance

Innovation in Compliance: Unpacking Healthcare Compliance with Maria Villanueva

Innovation comes in many forms, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom welcomes compliance aficionado Maria Villanueva to dive deeply into healthcare compliance.

In this episode, Tom and Maria discuss her diverse career trajectory from accounting to healthcare compliance and delve into the complexities of ethical selling, aggregate spending challenges, and the growing role of AI in the compliance industry. Drawing on her extensive experience, she offers valuable insights on balancing roles in compliance and HR, the impact of data analytics, and the future landscape of healthcare compliance.

Key Highlights

  • Passion for Healthcare
  • Challenges in Healthcare Compliance
  • Balancing Compliance and HR Roles
  • The Role of Data Analytics and AI in Compliance
  • Future of Healthcare Compliance

Resources:

Maria Villanueva on LinkedIn 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Survival Guide

FCPA Survival Guide: Step 5 – Data Analytics

How can you survive an FCPA enforcement action? In this special podcast series, Tom Fox and Nick Gallo lay out the Top 10 things you can do to reduce your overall fine and penalty, perhaps down to a full declination. All of the actions you can take come from recent DOJ prosecutions under the FCPA and speeches from DOJ representatives. This podcast, sponsored by Ethico, is the companion series to the book The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action. Today, we discuss the importance of data analytics as a key part of any remediation and in today’s compliance regimes.

Tom Fox and Nick Gallo are back to discuss the evolving role of data analytics in compliance, highlighting its transition from a cutting-edge tool to a best practice and soon-to-be table-stakes requirement. They review the SAP and Albemarle FCPA  enforcement actions to illustrate points where data analytics played a pivotal role in remediation efforts. They look at the foundational aspects of data analytics, paralleling personal finance management to underline its fundamental importance in both personal and professional contexts. Some of the key uses of data analytics are risk identification, response, compliance program testing, and reporting, as outlined by Andrew McBride, a recently retired chief ethics and compliance officer. They conclude by stressing the importance of data analytics in demonstrating program effectiveness and underscore the DOJ’s interest in data-driven evidence of compliance program remediation.

Key Highlights and Issues

  • The Evolution and Importance of Data Analytics
  • Understanding Data Analytics Through Everyday Examples
  • Practical Approaches to Implementing Data Analytics
  • The Role of Data Analytics in Compliance Program Testing and Reporting
  • Personalizing Data Analytics for Program Effectiveness

Resources:

Nick Gallo on LinkedIn

Ethico

The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Data Driven Compliance and Hybrid Work

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we consider the need for new or additional analytics in the post-Covid era of hybrid work.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Converged Continuous Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we explore how converged continuous compliance can reunite compliance, security, and risk management, emphasizing data governance oversight and advocating for automation.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.