Tag: Data Analytics

Categories
Blog

The DOJ on the Need for Compliance Program Data Analytics

The Department of Justice (DOJ) is increasingly utilizing data analytics for proactive enforcement, signaling a significant shift in their approach to combating white-collar crime. This move reflects the recognition of data analytics as a crucial component of compliance programs, extending beyond historical reporting to transactional details and third-party interactions.

Recently, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA). She stated, “the Criminal Division has long been an innovator in using data to enhance its investigations and prosecutions. I am proud to announce that we are taking that experience and expertise with data analysis and applying these tools to our FCPA investigations. Through investments in personnel, we have improved our ability to harness and analyze available data — both public and non-public — to identify potential wrongdoing involving foreign corruption. This approach has already generated successful FCPA investigations and prosecutions.” 

In this week’s episode of “Data Driven Compliance,” host Tom Fox and Vince Walden, discussed the importance of data analytics in the DOJ’s enforcement efforts was discussed. Matt Galvin, an expert leading the DOJ’s data analytics initiative, highlighted the proactive use of data to generate cases related to the FCPA and emphasized that this is just the beginning.

The DOJ expects companies to adopt a similar data-driven approach to compliance. Vince Walden, cited to the Argentieri speech where she stated, “just as we are upping our game when it comes to data analytics, we expect companies to do the same.” This expectation extends beyond simply tracking trainings, policies, and investigations. The DOJ’s focus is on monitoring third parties throughout the lifespan of the relationship, not just during the onboarding process.

Walden emphasized that while due diligence and background checks are essential, the real risk of fraud occurs during the actual business transactions with third parties. Therefore, companies need to go beyond initial checks and continuously monitor high-risk vendors, contract terms, and other relevant data sources. By mapping risks to data sources and implementing effective tests, companies can identify and prioritize risky transactions.

The increasing accessibility and cost-effectiveness of data analytics have made it a viable option for companies of all sizes. It can help companies demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency. The importance of continuous data analysis in compliance programs was highlighted by the Bank of America enforcement action by the Consumer Financial Protection Bureau (CFPB).

The DOJ’s use of data analytics is not limited to public data available from public companies. They are also leveraging private information, which could potentially include information obtained during investigations within specific industries. The DOJ has made significant investments in technology and resources to enhance their enforcement capabilities, taking inspiration from techniques used in the healthcare division to combat fraud.

However, implementing a data-driven compliance program comes with its own set of challenges. There is still confusion among the compliance community regarding what data analytics entails and how it should be applied. Walden stressed the need for a process-oriented approach rather than treating it as a one-time project. Data analytics should be integrated into the compliance program as a continuous business process, similar to third-party due diligence.

The DOJ’s increasing use of data analytics for proactive enforcement has far-reaching implications. Companies must recognize the importance of adopting a data-driven approach to compliance and invest in the necessary resources and technology. By doing so, they can not only meet the DOJ’s expectations but also improve the effectiveness of their compliance programs and mitigate the risk of fraud.

The DOJ’s increasing use of data analytics for proactive enforcement signifies a significant shift in their approach to combating white-collar crime. Companies must embrace this data-driven approach to compliance, continuously monitor high-risk transactions, and invest in the necessary resources and technology. By doing so, they can demonstrate effective compliance programs, uncover hidden financial irregularities, and improve overall efficiency.

For the full podcast episode, click here.

Categories
Data Driven Compliance

Data Driven Compliance: Vince Walden on DOJ Remarks on Data-Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I visited with Vince Walden, CEO of KonaAI, on the recent remarks by the DOJ on data-driven analytics and compliance.

Vince Walden, an expert in data-driven compliance and fraud examination, has made significant strides in the industry as the CEO of Kona AI. His perspective on the Department of Justice’s (DOJ) increasing use of data analytics for proactive enforcement is that it marks a significant shift in the DOJ’s approach to enforcement. Walden notes that the DOJ is now actively using data analytics to proactively identify risks and cases, rather than relying solely on self-reporting or anomalies. He believes that data analytics is no longer considered cutting-edge but rather an expected part of a best practices compliance program. His extensive experience in white-collar crime and FCPA cases, as well as his participation in events such as the annual FCPA conference, have shaped this perspective. Join Tom Fox and Vince Walden as they delve deeper into this topic on the next episode of the Data Driven Compliance podcast. 

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Data-Driven Compliance – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white-collar crime. We are not just waiting for companies to self-report, for witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

But as with all new initiatives in compliance, one must emphasize the importance of starting a compliance journey with a formal risk assessment. Guevara suggested collaborating with various departments within the organization, such as accounts payable, receivables, internal audit, and business operations, to understand the risks associated with different processes. This collaborative effort helps identify compliance controls that need to be in place and ensures that the data required for analysis is available.

While low-hanging fruit may seem like an attractive starting point, Guevara cautioned against solely focusing on easy wins. He advised against presenting a weak business case to secure budget approval for compliance projects. Instead, he recommended conducting a comprehensive compliance risk assessment to prioritize areas that require immediate attention. This approach ensures that compliance efforts are aligned with your organization’s overall risk management strategy.

Data analytics play a crucial role in enhancing compliance efforts. By leveraging data analytics tools and techniques, compliance professionals can identify patterns, detect anomalies, and uncover potential compliance risks. However, Guevara highlighted the importance of validating suspicious transactions before raising concerns. It is essential to conduct due diligence and thoroughly investigate any potential issues to maintain financial integrity and credibility.

Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 10 – The Impact of Privacy Regulations on Compliance

What is the impact of privacy regulations on data-driven compliance? Every CCO must be aware of the importance of privacy in data-driven compliance and the challenges and tradeoffs involved in implementing effective compliance strategies. A key mandate is for CCOs and compliance professionals to have a compliance program that provides visibility into their data. This emphasizes the importance of having efficient and effective compliance solutions in place or as I have previously noted CCOs must have access to their compliance data literally at their fingertips.

This is one of the drivers for key trends shaping compliance technology in 2025 and beyond. The RegTech market is growing rapidly, and there is increased regulatory focus on cryptocurrency activities, ESG, and information security and cybersecurity. These trends indicate the evolving landscape of compliance and the need for organizations to stay updated and adapt their compliance strategies accordingly. By embracing connected compliance and leveraging technology, organizations can navigate the complex regulatory landscape and ensure compliance with privacy regulations while driving business efficiency.

 Three key takeaways:

  1. CCOs and compliance professionals must have a compliance program that provides visibility into their data.
  2. ESG regulations affect not only regulated industries but also any company holding private customer data or involved in large supply chains.
  3. By embracing connected compliance and leveraging technology, organizations can navigate the complex regulatory landscape and ensure compliance with privacy regulations while driving business efficiency.

For more on KonaAI, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics – Day 8 – Data Democratization

In the world of compliance, data analysis plays a crucial role in identifying risks, making informed decisions, and ensuring legal and regulatory compliance. It enables companies to make fact-based decisions and mitigate risks effectively. By leveraging AI, organizations can identify high-risk payments and reduce investigation costs. This not only saves time and resources but also ensures that compliance teams can present risk in a timely and data-driven manner. We previously noted that it is not simply about having the data but also accessing it and then using it.

A key in this process is the implementation of data warehouses and cloud data warehousing solutions. The goal is to eliminate data silos and enable easy data access and analysis. By implementing a modern data stack, companies centralize their data, making it compliance-friendly as mandated by the DOJ (in the 2020 Evaluation of Corporate Compliance Programs) and more generally accessible to employees across the organization.

AI-driven data analysis and compliance solutions are revolutionizing the way organizations approach compliance and data utilization. By leveraging AI technology, these companies enable businesses to make fact-based decisions, identify risks, and ensure regulatory compliance. Investing in data governance and business intelligence tools is crucial for extracting value from data and driving business success. With the democratization of data access, organizations can empower employees to be data-informed and achieve greater efficiency.

 Three key takeaways:

  1. Data analysis is not simply about having the data but also accessing it and then using it.
  2. Data democratization recognizes that effective data utilization is linked to compliance and good business practices.
  3. With the democratization of data access, organizations can empower employees to be data-informed and achieve greater business efficiencies.

For more on KonaAI, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 7 – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division.

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. Compliance professionals must stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 Three key takeaways:

1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said,  “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks.

3. Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 6 – Data Analytics and Business Decisions

In today’s rapidly evolving business landscape, compliance, enterprise performance management (EPM) systems, and data analytics play crucial roles in driving informed decision-making. Compliance program visibility and proper documentation are essential for managing data and ensuring regulatory compliance across companies of all sizes. EPM systems, also known as Enterprise Resource Planning (ERP) systems, are vital tools for financial planning and analysis. These systems go beyond basic accounting functions and offer features such as budgeting, forecasting, and strategic long-range planning. By using EPM systems, organizations can operate at a higher level, enabling medium to long-range planning and supporting informed decision-making.

The importance of compliance, EPM systems, and data analytics in business decision-making cannot be overstated. Compliance program visibility and documentation are crucial for managing data and ensuring regulatory compliance. EPM systems provide the tools for financial planning and analysis, supporting strategic long-range planning and informed decision-making. Data analytics allows businesses to uncover patterns and gain insights, but overcoming data silos is necessary to maximize its potential. By adopting cloud-based solutions and integrating systems, organizations can make the most of their data and drive informed decision-making. Balancing different factors and considering the impact on decision-making processes is key to successfully leveraging compliance, EPM systems, and data analytics in business.

 Three key takeaways:

1. Compliance program visibility and proper documentation are essential for managing data and ensuring regulatory compliance across companies of all sizes.

2. Having data is important, it is equally crucial to focus on how that data is being used.

3. Overcoming data silos is key to maximizing the potential of data analytics.

For more information on KonaAI, click here.

Categories
Blog

Bank of America Enforcement Action and Using Data Analytics

Data analytics has become an essential tool in the field of compliance and risk management. It allows compliance officers to assess the effectiveness of their programs and identify potential risks before they escalate into major issues. In a recent episode of the podcast “Compliance into the Weeds,” Tom Fox and Matt Kelly, discussed not only the importance of having data analytics in a compliance program but actually using the data in a risk management strategy.

The Consumer Financial Protection Bureau (CFPB) recently fined Bank of America $12 million for mishandling data analytics, specifically around accurate data about home mortgage applications. The bank had all the necessary data to assess its compliance risks, but it failed to maintain continuous monitoring, leading to compliance issues. This case serves as a reminder of the need for ongoing data analysis for proactive risk management.

The CFPB found that Bank of America violated the Home Mortgage Disclosure Act, a law on the around since the time I graduated from High School, that being 1975. The law itself requires mortgage lenders to collect demographic data about home loan applicants and report that data to various federal agencies. Bank of America settled the matter without admitting nor denying the allegation and agreed to the aforementioned $12 million fine.

As Matt noted in his Radical Compliance blog post, “Dig into the details of the settlement order, and you can see how data analytics, auditing, and monitoring all play a crucial role in assuring compliance with a regulation like this. Given that so many other business sectors have similar obligations to collect and report lots of data to regulators, maybe this case isn’t so obscure after all.”

The enforcement action drives home the clear lesson that data analytics is not a one-time tool to determine violations or identify risks. It should be used as a monitoring device that runs continuously to provide early warnings when risks enter the red zone. Bank of America’s mistake was treating data analytics as a one-time solution to a problem, rather than a long-term monitoring tool. They implemented analytics in 2013, found the error, introduced a control to correct it, and then switched it off when the problem seemed to be solved. However, the problem recurred, leading to the CFPB penalty.

As noted, is the high level of importance around surveillance and monitoring in the banking and financial services industry. These sectors have extensive monitoring and surveillance practices, recording every email and phone call to prevent improper messaging and manage risk. While this level of monitoring may seem draconian to other industries, it has proven effective in ensuring compliance and preventing fraud in those arenas.

The Bank of America case demonstrates that compliance officers often already have the necessary data for analysis; they just need to identify which information to study. In this case, the bank had all the data it needed to assess the compliance risk of information not provided in home loan applications. They implemented a monthly report to crack down on the abuse, resulting in a significant drop in the information not provided group. However, when they ceased the report in 2016, the rate started to increase again, ultimately leading to the violation and penalty.

The use of data analytics to monitor the effectiveness of controls was also a key lesson from the enforcement action. When Bank of America instituted monitoring to determine who was filling out the reports, they obtained significant information and saw a drop in the information not provided group. This strategy raises the stakes around the question of whether being watched or monitored can influence individuals to follow controls and do the right thing.

Data analytics should not only be used to analyze the effectiveness of compliance programs but also to analyze overall activity within an organization to identify compliance risks. Compliance officers should strive for analytics that run continuously, providing insights into the state of affairs over the long term. This approach allows for early detection of risks and enables business units to manage their own risks effectively.

The Bank of America case serves as a valuable lesson for compliance officers in any industry. It highlights the importance of ongoing data analysis, continuous monitoring, and the need to consider data analytics as a long-term risk management tool. By leveraging data analytics effectively, organizations can proactively identify and mitigate compliance risks, ultimately avoiding costly penalties and reputational damage.

Data analytics plays a crucial role in compliance and risk management. It enables compliance officers to assess program effectiveness, identify potential risks, and monitor activities for early warnings. The Bank of America case underscores the importance of continuous data analysis and monitoring in proactive risk management. By embracing data analytics as a long-term risk management tool, organizations can enhance their compliance efforts and safeguard against potential violations.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Data Analytics, BoA and DOJ Pronouncements

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into data analytics and highlight the Bank Of America CFPB enforcement action for failures in a data analytics program.

Data analytics is a powerful tool in the realm of compliance and risk management, providing invaluable insights that can help organizations identify potential risks and assess the effectiveness of their compliance programs. Tom emphasizes the importance of continuous monitoring using data analytics, citing a case where Bank of America was fined $12 million due to poor use of data analytics. He advocates for the use of analytics algorithms as ongoing monitoring tools and encourages business units to take an active role in managing their risks. Matt underscores the significance of data analytics in identifying and managing compliance risks. He echoes Fox’s sentiments on the need for continuous monitoring and the involvement of business units in risk management.

They also note that both the DOJ and SEC are ramping up their focus on data analytics for corporate compliance, setting higher expectations, especially for larger corporations. This shift is not only transforming the landscape of corporate compliance but also reshaping the way companies approach self-disclosure of misconduct. Join Fox and Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into the implications of the DOJ and SEC’s increasing focus on data analytics for corporate compliance.

Key Highlights:

  • The Importance of Continuous Data Analytics
  • Bank of America’s Compliance Risk Management
  • Effective Monitoring and Surveillance in Financial Services
  • DOJ’s Expectations for Corporate Data Analytics
  • Uncovering Fraud Through Data Analytics

Resources:

Matt’s blog posts in Radical Compliance

A $12M Lesson on Data Analytics

Some Vague Hints on Analytics, FCPA 

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri on the Use of Data Analytics

Last week, Nicole Argentieri, acting assistant attorney general for the Criminal Division, speaking at the ACI National FCPA reported that the Department of Justice (DOJ) is stepping up its own use of data analytics to identify instances of corporate misconduct, and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and the Securities and Exchange Commission (SEC) are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field.

The DOJ has been using data analytics to uncover cases of corporate misconduct, including violations of the Foreign Corrupt Practices Act (FCPA). Acting Assistant Attorney General Nicole Argentieri, highlighted the department’s efforts to improve its data analytics game and its use of analytics to find cases of corporate misconduct. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” While the DOJ has successfully prosecuted individuals for FCPA violations using data analytics, there is yet to be a high-profile corporate FCPA violation case that has arisen from the department’s own data analytics.

On the other hand, the SEC has a dedicated data analytics team called the EPS team, which has uncovered cases of accounting fraud and insider trading. The SEC’s data-rich environment and lower burden of proof on the civil side have allowed them to successfully prosecute cases using data analytics. This demonstrates that regulators can effectively utilize data analytics to identify corporate misconduct.

The increasing focus on data analytics by the DOJ and SEC has implications for companies. The better a company is at data analytics, the more pressure it may face for voluntary self-disclosure of misconduct. Good data analytics can bring risks or incidents of misconduct to light, and once they are discovered, companies cannot ignore them. The 2023 Evaluation Of Corporate Compliance Programs (2023 ECCP) instructs prosecutors to inquire about a company’s use of data analytics in identifying misconduct. This puts pressure on companies to proactively address and disclose any misconduct they uncover through data analytics.

This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may mean simply table stakes for compliance. In the 2020 ECCP, the DOJ mandated the compliance function have access to all corporate data and be able to break through data siloes in their organizations. Any company which does not have a data analytics capability may be in for a long road to hoe if the DOJ or SEC comes knocking.

However, not all companies have sophisticated data analytics programs in place. The DOJ recognizes that smaller firms may not have the same level of resources and expects a certain level of sophistication tailored to a company’s size. Larger companies, especially Fortune 500 companies, are expected to have more sophisticated data analytics capabilities, including business intelligence units and advanced technology. The expectations for more sophisticated analytics are higher for these companies.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained. (Matt Kelly took a deep dive into the BoA enforcement action in this week’s edition of Compliance into the Weeds.)

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

Argentieri’s speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.