Categories
Blog

Bank of America Enforcement Action and Using Data Analytics

Data analytics has become an essential tool in the field of compliance and risk management. It allows compliance officers to assess the effectiveness of their programs and identify potential risks before they escalate into major issues. In a recent episode of the podcast “Compliance into the Weeds,” Tom Fox and Matt Kelly, discussed not only the importance of having data analytics in a compliance program but actually using the data in a risk management strategy.

The Consumer Financial Protection Bureau (CFPB) recently fined Bank of America $12 million for mishandling data analytics, specifically around accurate data about home mortgage applications. The bank had all the necessary data to assess its compliance risks, but it failed to maintain continuous monitoring, leading to compliance issues. This case serves as a reminder of the need for ongoing data analysis for proactive risk management.

The CFPB found that Bank of America violated the Home Mortgage Disclosure Act, a law on the around since the time I graduated from High School, that being 1975. The law itself requires mortgage lenders to collect demographic data about home loan applicants and report that data to various federal agencies. Bank of America settled the matter without admitting nor denying the allegation and agreed to the aforementioned $12 million fine.

As Matt noted in his Radical Compliance blog post, “Dig into the details of the settlement order, and you can see how data analytics, auditing, and monitoring all play a crucial role in assuring compliance with a regulation like this. Given that so many other business sectors have similar obligations to collect and report lots of data to regulators, maybe this case isn’t so obscure after all.”

The enforcement action drives home the clear lesson that data analytics is not a one-time tool to determine violations or identify risks. It should be used as a monitoring device that runs continuously to provide early warnings when risks enter the red zone. Bank of America’s mistake was treating data analytics as a one-time solution to a problem, rather than a long-term monitoring tool. They implemented analytics in 2013, found the error, introduced a control to correct it, and then switched it off when the problem seemed to be solved. However, the problem recurred, leading to the CFPB penalty.

As noted, is the high level of importance around surveillance and monitoring in the banking and financial services industry. These sectors have extensive monitoring and surveillance practices, recording every email and phone call to prevent improper messaging and manage risk. While this level of monitoring may seem draconian to other industries, it has proven effective in ensuring compliance and preventing fraud in those arenas.

The Bank of America case demonstrates that compliance officers often already have the necessary data for analysis; they just need to identify which information to study. In this case, the bank had all the data it needed to assess the compliance risk of information not provided in home loan applications. They implemented a monthly report to crack down on the abuse, resulting in a significant drop in the information not provided group. However, when they ceased the report in 2016, the rate started to increase again, ultimately leading to the violation and penalty.

The use of data analytics to monitor the effectiveness of controls was also a key lesson from the enforcement action. When Bank of America instituted monitoring to determine who was filling out the reports, they obtained significant information and saw a drop in the information not provided group. This strategy raises the stakes around the question of whether being watched or monitored can influence individuals to follow controls and do the right thing.

Data analytics should not only be used to analyze the effectiveness of compliance programs but also to analyze overall activity within an organization to identify compliance risks. Compliance officers should strive for analytics that run continuously, providing insights into the state of affairs over the long term. This approach allows for early detection of risks and enables business units to manage their own risks effectively.

The Bank of America case serves as a valuable lesson for compliance officers in any industry. It highlights the importance of ongoing data analysis, continuous monitoring, and the need to consider data analytics as a long-term risk management tool. By leveraging data analytics effectively, organizations can proactively identify and mitigate compliance risks, ultimately avoiding costly penalties and reputational damage.

Data analytics plays a crucial role in compliance and risk management. It enables compliance officers to assess program effectiveness, identify potential risks, and monitor activities for early warnings. The Bank of America case underscores the importance of continuous data analysis and monitoring in proactive risk management. By embracing data analytics as a long-term risk management tool, organizations can enhance their compliance efforts and safeguard against potential violations.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Data Analytics, BoA and DOJ Pronouncements

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into data analytics and highlight the Bank Of America CFPB enforcement action for failures in a data analytics program.

Data analytics is a powerful tool in the realm of compliance and risk management, providing invaluable insights that can help organizations identify potential risks and assess the effectiveness of their compliance programs. Tom emphasizes the importance of continuous monitoring using data analytics, citing a case where Bank of America was fined $12 million due to poor use of data analytics. He advocates for the use of analytics algorithms as ongoing monitoring tools and encourages business units to take an active role in managing their risks. Matt underscores the significance of data analytics in identifying and managing compliance risks. He echoes Fox’s sentiments on the need for continuous monitoring and the involvement of business units in risk management.

They also note that both the DOJ and SEC are ramping up their focus on data analytics for corporate compliance, setting higher expectations, especially for larger corporations. This shift is not only transforming the landscape of corporate compliance but also reshaping the way companies approach self-disclosure of misconduct. Join Fox and Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into the implications of the DOJ and SEC’s increasing focus on data analytics for corporate compliance.

Key Highlights:

  • The Importance of Continuous Data Analytics
  • Bank of America’s Compliance Risk Management
  • Effective Monitoring and Surveillance in Financial Services
  • DOJ’s Expectations for Corporate Data Analytics
  • Uncovering Fraud Through Data Analytics

Resources:

Matt’s blog posts in Radical Compliance

A $12M Lesson on Data Analytics

Some Vague Hints on Analytics, FCPA 

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Argentieri on the Use of Data Analytics

Last week, Nicole Argentieri, acting assistant attorney general for the Criminal Division, speaking at the ACI National FCPA reported that the Department of Justice (DOJ) is stepping up its own use of data analytics to identify instances of corporate misconduct, and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and the Securities and Exchange Commission (SEC) are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field.

The DOJ has been using data analytics to uncover cases of corporate misconduct, including violations of the Foreign Corrupt Practices Act (FCPA). Acting Assistant Attorney General Nicole Argentieri, highlighted the department’s efforts to improve its data analytics game and its use of analytics to find cases of corporate misconduct. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.” While the DOJ has successfully prosecuted individuals for FCPA violations using data analytics, there is yet to be a high-profile corporate FCPA violation case that has arisen from the department’s own data analytics.

On the other hand, the SEC has a dedicated data analytics team called the EPS team, which has uncovered cases of accounting fraud and insider trading. The SEC’s data-rich environment and lower burden of proof on the civil side have allowed them to successfully prosecute cases using data analytics. This demonstrates that regulators can effectively utilize data analytics to identify corporate misconduct.

The increasing focus on data analytics by the DOJ and SEC has implications for companies. The better a company is at data analytics, the more pressure it may face for voluntary self-disclosure of misconduct. Good data analytics can bring risks or incidents of misconduct to light, and once they are discovered, companies cannot ignore them. The 2023 Evaluation Of Corporate Compliance Programs (2023 ECCP) instructs prosecutors to inquire about a company’s use of data analytics in identifying misconduct. This puts pressure on companies to proactively address and disclose any misconduct they uncover through data analytics.

This also means that data analytics in the compliance function has moved from cutting edge to best practice. It soon may mean simply table stakes for compliance. In the 2020 ECCP, the DOJ mandated the compliance function have access to all corporate data and be able to break through data siloes in their organizations. Any company which does not have a data analytics capability may be in for a long road to hoe if the DOJ or SEC comes knocking.

However, not all companies have sophisticated data analytics programs in place. The DOJ recognizes that smaller firms may not have the same level of resources and expects a certain level of sophistication tailored to a company’s size. Larger companies, especially Fortune 500 companies, are expected to have more sophisticated data analytics capabilities, including business intelligence units and advanced technology. The expectations for more sophisticated analytics are higher for these companies.

The Bank of America CFPB enforcement action case serves as a reminder of the importance of data analytics in corporate compliance. Bank of America had the necessary data and tools to build an analytics program, but they failed to effectively utilize it, leading to compliance issues. This case highlights the need for companies to not only have data analytics capabilities but also to ensure they are properly implemented and maintained. (Matt Kelly took a deep dive into the BoA enforcement action in this week’s edition of Compliance into the Weeds.)

While data analytics can be a powerful tool for corporate compliance, there are challenges associated with its use. Companies must navigate the tradeoffs involved in balancing different factors, such as the level of sophistication required, resource allocation, and the potential risks of self-disclosure. Additionally, companies must consider the potential criticism they may face if they fail to effectively utilize their analytics tools in the event of a major compliance violation.

Argentieri’s speech highlighted the DOJ’s (and SEC’s) increasing focus on data analytics for corporate compliance highlights the importance of this tool in identifying and addressing corporate misconduct. Companies, especially larger ones, are expected to enhance their data analytics capabilities and may face increased pressure for voluntary self-disclosure. However, companies must also navigate the challenges and tradeoffs associated with data analytics to ensure effective compliance and mitigate risks.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 3 – Building An Effective Data Analytics Program

Chief Compliance Officers (CCOs) are increasingly turning to data analytics programs to enhance their compliance efforts. These programs leverage the power of data to identify risks, monitor activities, and detect potential compliance violations. There are several key factors that impact the success of building out data analytics programs. One crucial aspect is the need to define the risks that organizations want to monitor. By identifying the specific risks, compliance officers can focus their data analytics efforts on gathering relevant data and analyzing it to gain insights into potential compliance issues. This process involves thinking innovatively and finding creative ways to capture data that may not be immediately obvious.

Building effective data analytics programs for compliance enhancement requires careful consideration of various factors. Compliance officers must define the risks they want to monitor, identify valuable data sources, and think innovatively to capture relevant data. Leveraging internal expertise and fostering collaboration between different departments is essential for successful implementation. By starting small and gradually expanding their capabilities, organizations can demonstrate their commitment to using data analytics and gain compliance expertise. Ultimately, these programs enable companies to enhance their compliance effectiveness and mitigate risks effectively.

 Three key takeaways:

1. There are multiple factors in the design, creation, and implementation of a data-driven compliance program.

2. A data-driven approach will allow a shift of the focus from individual policy violations to identifying systemic issues.

3. Compliance officers should focus on how to begin and gradually build their capabilities.

Check out the month’s sponsor, KonaAI here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data – Driven Compliance: Day 1 – Introduction to Data – Driven Compliance

In the world of compliance, data analytics and monitoring have become increasingly important. The Department of Justice (DOJ) has emphasized the significance of effective compliance programs, highlighting the role of data analytics and technology-driven approaches. Data-driven compliance helps companies gain insights into their data for informed decisions and improved compliance culture. Data-driven compliance should be designed to identify hidden money, prevent improper payments, and improve business efficiency. A key is the ability to facilitate collaboration and data sharing without compromising privacy or security, thereby enhancing the performance of predictive models.

In the Albemarle FCPA enforcement, the DOJ said for the first time that data-driven compliance is now a part of the requirements of an effective compliance program. By leveraging data and data analytics, compliance professionals more effectively manage risks, improve compliance culture, investigate issues, and ultimately keep companies out of trouble. Additionally, a robust data analytics platform will also contribute to making the business better by identifying hidden money, stopping improper payments, and enhancing overall business efficiency.

By leveraging data analytics, companies can identify hidden money, prevent improper payments, and enhance overall business efficiency. In today’s regulatory environment, the risk of not adopting data-driven compliance approaches is high, making solutions essential for companies seeking to stay compliant and improve their business practices.

 Three key takeaways:

1. The DOJ identified data analytics as a part of a best practices compliance program in the Albemarle FCPA enforcement action.

2. Data-driven compliance allows companies to access their data, search vendors, analyze transactions, run corruption and fraud tests, and even evaluate predictive models.

3. Data-driven compliance should be designed to identify hidden money, prevent improper payments, and improve business efficiency.

For more information on KonaAi, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 9 – The Competitive Advantage of Data

The DOJ and SEC have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data not only to detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program through continuous improvement. In 2019, former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016, in the FCPA enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals the need for increased use of data and data analytics in any compliance program.

The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient, and your business process run more effectively. Let’s start now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.

Three key takeaways:

  1. DOJ pronouncements mandate CCO availability to and use of data.
  2. Data can be an actionable solution across geographic and business lines.
  3. Use data as a business strategy.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Data Driven Compliance

Data Driven Compliance: Rachael Ormiston on Privacy as a Business Differentiator

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

We take things in a data privacy direction today as I visit with Rachael Ormiston, Head of Privacy at Osano, whose No Penalties Pledge sets them apart in the privacy industry, offering customers assurance that they won’t face fines for non-compliance. In conversations with Tom Fox, Rachael Ormiston discusses the importance of privacy as a business differentiator and the impact of GDPR. Trust is highlighted as crucial for building a positive customer experience. Osano has developed a privacy maturity model to help companies assess their progress and prioritize compliance. Their website offers valuable resources, catering to both experts and beginners in the field. Rachael emphasizes the increasing importance of data privacy and the need for companies to prioritize it at the executive level.

Highlights Include

·      Osano’s No Penalties Pledge

·      Privacy as a Business Differentiator

·      The Importance of Privacy Compliance

·      Data Privacy and Free Resources

Resources:

Osano

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

The Uses of Data Driven Compliance: Part 5 – Compliance Successes Using Data Driven Compliance

Welcome to Data Driven Compliance. In this podcast, we discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by KonaAI.

I recently had the opportunity to visit with Vince Walden, founder and CEO of KonaAI, for a podcast series on the uses of data driven compliance. Over these five podcasts, we have discussed generative AI and ChatGPT in compliance, the profiles of a corrupt payment, making the business case for data-driven compliance, what to ask for and how to ask for it, and some success stories. In this concluding Part 5, we will look at some compliance successes using a data driven approach.

In the world of business, compliance is a critical aspect that ensures organizations adhere to legal and ethical standards. Compliance not only helps companies avoid legal troubles but also plays a significant role in improving business efficiency and profitability. In this episode, Tom and Vince considered the advanced compliance tools for fraud detection and cost savings. Our discussion entailed a comprehensive analysis of the key factors that impact advanced compliance tools for fraud detection and cost savings, exploring the tradeoffs involved, the challenges faced, and the importance of considering the impact on decision-making.

Key Highlights:

  • Invoice Price Discrepancy Detection and Recovery
  • Compliance-driven Efficiency through Fraud Risk Analysis
  • Shifting Travel Expenses for Manufacturing Observations
  • Integrating Multiple Data Sources for Fraud Detection

Resources:

Connect with Vince Walden on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
Data Driven Compliance

The Uses of Data Driven Compliance: Part 4 – What to Ask For and How to Ask For It

Welcome to Data Driven Compliance. In this podcast, we discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by KonaAI.

I recently had the opportunity to visit with Vince Walden, founder and CEO of KonaAI, for a podcast series on the uses of data driven compliance. Over these five podcasts, we will discuss generative AI and ChatGPT in compliance, the profiles of a corrupt payment, making the business case for data-driven compliance, what to ask for and how to ask for it, and some success stories. In Part 4, we discuss what data a CCO needs to ask for and how to do so.

Vince Walden brings knowledge and experience in continuous compliance monitoring and risk assessment processes. Walden’s perspective on the topic is that it should be approached as a journey, not a one-time program. He emphasizes the importance of proactive risk assessments and continuous monitoring, advocating for an iterative approach demonstrating constant improvement in compliance efforts. This perspective is shaped by his belief that meeting regulatory expectations requires a diligent and ongoing commitment to improvement.

Walden also suggests that data sources should be identified based on the results of the fraud risk assessment and that the ease of obtaining the data should be considered when prioritizing analytics projects. To delve deeper into what data a CCO should ask for and how to ask for it, join Tom Fox and Vince Walden on this Data Driven Compliance podcast episode.

Key Highlights:

  • Continuous improvement through risk assessments and monitoring
  • Effective risk assessment through diverse data sources
  • Uncovering hidden relationships through expense categories

Resources:

Connect with Vince Walden on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
Blog

What Data to Ask For and How to Ask for It

I recently had the opportunity to visit with Vince Walden, founder and CEO of KonaAI, for a podcast series on the uses of data driven compliance. KonaAI is the sponsor of those podcasts. This blog post series will flesh out the podcast show notes over the next five blog posts, and we will discuss generative AI and ChatGPT in compliance, the profiles of a corrupt payment, making the business case for data-driven compliance, what to ask for and how to ask for it and some success stories. In Part 4, we will explore what data to ask for and how to ask for it.

As always, I am joined by Vince Walden, founder and CEO of KonaAI. There is a quiet revolution happening in the realm of compliance. It’s one that, if harnessed correctly, can turn a typically reactive process into a proactive strategy. I am, of course, talking about data-driven compliance. By using the vast amounts of data your organization collects, you can uncover potential compliance risks before they become actual problems. This approach can be a game-changer for your role as a compliance officer and your organization’s overall risk management strategy. No longer will you be caught off guard. Instead, you’ll lead the charge with real-time insights and actionable data.

Imagine a world where compliance isn’t a headache but a strategic advantage. You’re not constantly putting out fires but predicting and preventing them. It might sound like a dream, but it doesn’t have to be. How so? Well, by adopting a data-driven approach to compliance. This innovative method allows you to identify, assess, and manage potential compliance risks based on actual data. It’s about staying one step ahead, making informed decisions, and truly adding value to your organization. It’s not just about avoiding penalties and meeting regulations anymore. It’s about creating an environment of continuous improvement and proactive risk management.

Let’s paint a picture. You’re in a game of chess. But in this game, you’re not just reacting to your opponent’s moves. You’re anticipating them, strategizing, and making proactive decisions. That’s the power a data-driven approach to compliance can bring to your role as a compliance officer. It’s more than just crunching numbers and keeping up with regulations. It’s about leveraging the power of data to identify and mitigate risks before they materialize. It’s about transforming compliance from a cost center into a strategic asset. So, if you’re curious about how to make this data-driven shift, buckle up because we’re about to dive deep into this transformative realm.

Compliance monitoring and risk assessment are crucial components of any effective compliance program. In a recent episode of the podcast “Data Driven Compliance,” hosted by Tom Fox and featuring Vince Walden, the topic of continuous compliance monitoring and risk assessment process was explored in depth. This article aims to comprehensively analyze the critical factors that impact this process, discuss the tradeoffs involved in balancing different factors, and explore the challenges associated with other approaches.

Vince highlighted the importance of starting with a fraud risk assessment. This initial step allows organizations to identify high-frequency and high-impact risks and implement mitigating controls. Compliance professionals can prioritize their efforts and focus on the most critical areas by assessing the likelihood and impact of various risks on a scale of one to ten.

Data sources play a crucial role in risk assessment. Financial accounting systems and third-party data are valuable sources of information for identifying and mitigating risks. Tracking and categorizing expenses in accounting systems is significant for identifying anomalies and assigning risk scores. Vince highlighted the significance of having a centralized system, such as the Kona platform, to streamline this process.

However, relying solely on analytics without integrating them into the fraud risk assessment would be best. He emphasized the need for alignment between data analysis and risk assessment to ensure efforts are focused on addressing the identified risks. Simply conducting data analytics without considering the underlying risks may not yield meaningful results.

One of the challenges in continuous compliance monitoring and risk assessment is the availability and accessibility of data. Some data sources may need help, requiring compliance professionals to prioritize based on the ease of data acquisition and its value. For example, if faced with choosing to conduct a data analytics project in Brazil or China, Walden suggested starting with Brazil due to the relative ease of obtaining data from that region.

Another challenge lies in the scope of compliance monitoring. Walden emphasized that compliance monitoring is not a one-time, all-encompassing effort. It is a journey that involves proactively assessing risks and monitoring them from location to location. Compliance professionals should focus on demonstrating continuous improvement rather than tackling all threats at once. This approach aligns with regulators’ expectations of an effective due diligence program.

In addition to the primary focus on risk assessment, Walden highlighted the importance of considering ancillary areas of inquiry. For instance, looking at places such as charitable donations or marketing spending can provide valuable insights into potential risks of bribery or corruption. The KonaAI tool can help correlate these ancillary data points and provide a more comprehensive view of compliance risks.

In conclusion, continuous compliance monitoring and risk assessment require a thoughtful and balanced approach. Organizations can identify and prioritize risks, starting with a comprehensive fraud risk assessment. Data sources, such as financial accounting systems and third-party data, play a crucial role in this process. However, aligning data analytics with the identified risks is essential to ensure meaningful results. Compliance professionals should also consider the data availability challenges and scope of compliance monitoring. Organizations can meet regulatory expectations and enhance their compliance programs by demonstrating continuous improvement and considering ancillary areas of inquiry.

Resources:

Connect with Vince Walden on LinkedIn

Check out KonaAI

Connect with Tom Fox on LinkedIn