Tag: data driven compliance

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Building a Data-Driven Culture

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review how compliance can drive a data-driven culture in the compliance function and throughout the organization.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Building a Data-Driven Culture: A Compliance Imperative in the Age of AI

I recently read an article in the Sloan Management Review entitled “Building a Data-Driven Culture: Four Key Elements” by Ganes Kasari, founder and CEO at Tensor Planet. He posits that a data-driven culture is vital to success with AI projects, but shaping one involves many challenges. He suggests that learning how to build one from organizations that have made the journey engaging for employees is one approach to take. For compliance professionals, this is a critical issue. Compliance, risk management, and governance efforts may be ineffective if a company’s workforce does not instinctively turn to data when making decisions.

The Department of Justice’s (DOJ) 2024 Update on the Evaluation of Corporate Compliance Programs (2024 ECCP) has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But if an organization has not built a culture of data-driven decision-making, compliance will always be playing catch-up.

So, how do companies foster a data-driven compliance culture? Kasari says the answer lies in four key areas:

  1. Leadership Intervention
  2. Data Empowerment
  3. Collaboration
  4. Value Realization

Leadership Intervention: Setting the Tone from the Top

For a compliance program to be truly effective, proactive, and data-driven, leadership must take an active role in championing the importance of data in decision-making. Too often, executives fund compliance initiatives but delegate execution entirely to compliance and IT teams. The result? Employees still see compliance as someone else’s job rather than an integral part of business operations.

The DOJ has emphasized that compliance programs must have engaged leadership. That means:

  • Executives must communicate why data and AI are essential for compliance.
  • Leaders must use data themselves, modeling the behavior they expect from their employees.
  • Regular check-ins and accountability measures should ensure compliance is not just an IT issue but an enterprise-wide priority.

Concept in Action: Rewarding Compliance Innovation at DBS Bank

When DBS Bank launched its digital transformation initiative, CEO Piyush Gupta prioritized creating a culture that rewarded data-driven decision-making and innovation. In one case, an employee made a data-driven compliance decision, ultimately leading to a failed experiment. There was regulatory pressure to penalize the employee, but Gupta stepped in and awarded them instead—for trying, learning, and embracing the new compliance culture.

This kind of visible leadership support sends a powerful message: compliance isn’t just about avoiding penalties but also about building a smarter, more resilient organization.

Data Empowerment: Making Compliance Everyone’s Job

For compliance to be truly embedded in company culture, every employee, not just compliance officers, must be able to access, understand, and act on data.

This means focusing on three levels of readiness:

  1. Data Readiness – Ensuring high-quality data is available at the right time to the right people.
  2. Analytical Readiness – Training employees to interpret compliance data and make informed decisions.
  3. Infrastructure Readiness – Investing in AI-driven compliance tools, automation, and real-time risk monitoring systems.

Concept in Action: JPMorgan Chase and the DeepRacer Challenge

JPMorgan Chase wanted to upskill employees in AI and data analytics. Instead of boring compliance training sessions, the company introduced a global challenge using AWS DeepRacer, a competitive coding event where employees programmed autonomous vehicles to race.

Employees learned data analytics, AI programming, and machine learning principles while having fun. The result? Thousands of employees became data-literate, able to apply AI-driven insights to compliance, risk management, and fraud detection.

Collaboration: Breaking Down Compliance Silos

Too often, compliance sits in its bubble, siloed from business operations. However, in an AI-driven world, compliance must be embedded in every department, from finance and HR to product development and supply chain management.

A major barrier to compliance collaboration is language. Compliance teams often use technical jargon, while business teams use operational language. The result? Miscommunication, resistance, and confusion.

To fix this, compliance functions must invest in:

  • Cross-functional compliance training so business leaders understand compliance risks.
  • Compliance “translators”—employees who bridge the gap between compliance and business operations.
  • AI-powered compliance dashboards that translate risk into actionable business insights.

Concept in Action: Gulf Bank’s Data Ambassador Program

Gulf Bank wanted to embed data-driven compliance across its 1,800 employees. Instead of relying solely on compliance officers, the bank created a network of data ambassadors—employees across departments trained to champion compliance best practices.

The results were impressive: employees felt more ownership over compliance decisions, and the company saw a significant reduction in compliance violations.

Value Realization: Measuring and Celebrating Compliance Success

One of the companies’ biggest mistakes is treating compliance as a cost center rather than a value driver. Compliance isn’t just about avoiding fines—it’s about driving better business decisions.

To ensure compliance is seen as a competitive advantage, companies must:

  • Define clear KPIs to measure compliance impact.
  • Track and communicate compliance success stories internally and externally.
  • Tie compliance initiatives to tangible business outcomes (e.g., revenue growth, cost savings, enhanced brand reputation).

Concept in Action: AI-Powered Warehouse Compliance at a Logistics Firm

A cold chain logistics company struggled with inefficient warehouse scheduling, leading to regulatory fines and supply chain bottlenecks. The compliance team introduced an AI-driven scheduling system, analyzing weather data, shipment history, and supplier reliability to optimize deliveries.

The results?

  • 16% reduction in turnaround time
  • $1.2 million saved annually in avoided fines
  • Increased customer satisfaction

To celebrate this success, the company shared the story through internal newsletters, town halls, and webinars, ensuring that employees saw compliance as a strategic enabler rather than just a legal requirement.

Compliance in the Age of AI

The DOJ’s 2024 guidance has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But simply investing in AI tools isn’t enough. Companies must build a truly data-driven culture where compliance is instinctive, embedded, and embraced across all levels of the organization.

The key takeaways?

  1. Leadership must champion compliance—not just fund it.
  2. Compliance must be accessible, understandable, and actionable for all employees.
  3. Cross-functional collaboration is essential to break down compliance silos.
  4. Compliance success must be measured, celebrated, and tied to business impact.

In 2025 and beyond, companies that embed AI-driven compliance into their culture will not only avoid regulatory fines and penalties or even FCPA violations, but they will also gain a competitive edge in an increasingly complex business world.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 1-Data Driven Compliance

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2025, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.

In the first episode of ‘One Month to a More Effective Compliance Program’, host Tom Fox, the Compliance Evangelist, emphasizes the increasing importance of data analytics and monitoring in the realm of compliance. Highlighting insights from the DOJ, this episode illustrates how data-driven compliance can significantly improve decision-making, business efficiency, and risk management. By leveraging technology and effective data analysis, companies can uncover hidden issues such as improper payments and improve overall corporate transparency. Tom Fox discusses the necessity for compliance programs to have quick and easy access to data to ensure informed decision-making and proactive compliance management.

Key Highlights

  • Importance of Data Analytics in Compliance
  • Implementing Data-Driven Compliance
  • Challenges and Solutions in Data-Driven Compliance

Resources

Listeners to this podcast can receive a 20% discount to The Compliance Handbook, 5th edition by clicking here.

Categories
Blog

Why the 2024 ECCP Update is a Game-Changer for Compliance

In the DOJ’s 2024 update to the Evaluation of Corporate Compliance Programs (2024 ECCP), compliance professionals face new expectations that could reshape how we approach compliance programs. In this latest update, the DOJ strongly emphasizes data-driven insights, focusing on compliance culture, employee engagement, and organizational trust. This means that compliance programs must now focus on policies and procedures and prove that these practices are embedded into the company culture and yield measurable outcomes.

The implications of these new standards extend across every aspect of compliance, from audits to employee training and risk assessments. In this post, we’ll explore the key areas of the 2024 ECCP, discussing why the DOJ’s new focus on data and culture is significant and how compliance professionals can adjust their strategies to align with these expectations.

A New Focus on Data: The Backbone of Modern Compliance

One of the most critical shifts in the 2024 ECCP is the DOJ’s call for data-backed evidence of a company’s compliance culture. The DOJ now expects organizations to establish a culture of compliance and document and track its effectiveness over time. Compliance professionals are no longer tasked with simply implementing policies; they must now demonstrate that these policies have a real impact.

For example, it is no longer enough to state that employees are encouraged to report misconduct. Now, organizations must gather data to prove employees feel safe and supported when they report issues. This could include metrics such as hotline usage rates, anonymous survey responses, and feedback on trust in leadership. By collecting data on these and other elements, compliance teams clearly understand how well the compliance culture is functioning.

The DOJ’s new data-driven approach means compliance professionals must focus on metrics that reflect the health of their programs. This might include engagement levels, response times for reports of misconduct, and employee feedback on how accessible and transparent compliance processes are. Tracking these metrics not only helps compliance teams spot trends and identify areas of improvement but also provides concrete evidence of a commitment to compliance that can be shared with regulators.

The Role of Culture Audits: A Window into Organizational Health

With the DOJ’s increased focus on culture, culture audits have become an indispensable tool for compliance professionals. A culture audit goes beyond policy checks and evaluates the organizational attitudes and behaviors that define the company’s ethical framework. This includes measuring employee engagement, trust in leadership, and perceptions around compliance practices. By regularly conducting culture audits, compliance teams can identify weaknesses, reinforce strengths, and monitor shifts in compliance culture over time.

A robust culture audit can answer the DOJ’s fundamental questions: Are employees engaged in compliance efforts? Do they feel comfortable reporting concerns? Do they trust that their leaders are committed to ethical behavior? For instance, if a culture audit reveals that only 60% of employees feel confident using the company’s whistleblower hotline, it clearly indicates that improvements are needed to make employees feel safe in reporting issues.

The data gathered from culture audits provides compliance officers with actionable insights that can be used to enhance training programs, increase communication around compliance expectations, and address gaps in trust or engagement. Additionally, regular culture audits help to create a benchmark, enabling organizations to track changes over time and prove to the DOJ that their compliance culture is consistently improving.

Practical Steps for Compliance Professionals

The 2024 ECCP serves as a roadmap for compliance professionals, outlining practical ways to elevate their compliance programs to meet new expectations. Here are some key steps that can help compliance teams align with these enhanced standards:

  1. Implement Regular Culture Audits. Regular culture audits provide a structured way to assess compliance culture and identify trends in employee engagement, trust, and ethical behavior. Compliance teams can establish a baseline and track improvements over time by conducting these audits at least annually. Regular audits also help identify areas where further training or communication may be necessary, ensuring that compliance culture remains dynamic and responsive.
  2. Prioritize Data Collection and Analysis. In the era of data-driven compliance, tracking and analyzing metrics is essential. Compliance teams should focus on data points that reveal insights into the effectiveness of their programs. This could include metrics on employee trust in reporting mechanisms, hotline usage rates, participation in compliance training, and overall engagement in compliance initiatives. By collecting and analyzing this data, compliance professionals can comprehensively view their program’s impact.
  3. Enhance Transparency and Communication. One of the DOJ’s central themes in the 2024 ECCP is transparency. Compliance professionals should ensure that employees at all levels understand the company’s commitment to ethical behavior and know how to access compliance resources. Regular communication on compliance issues, successes, and updates from leadership reinforces the importance of compliance culture and can help build trust among employees.
  4. Integrate Compliance with Performance and Incentives. Companies should align performance reviews and incentive structures with compliance goals to truly embed compliance into the organizational culture. For instance, recognizing and rewarding employees who demonstrate a commitment to compliance reinforces the message that ethical behavior is valued. This alignment also signals to employees that compliance is part of the path to career advancement and success within the organization.
  5. Document, Document, Document. If there’s one takeaway from the DOJ’s update, it’s the importance of documentation. In the DOJ’s eyes, if it’s not documented, it didn’t happen. Compliance teams should maintain thorough records of all culture audits, data findings, responses to feedback, and improvements over time. This documentation provides a clear data trail demonstrating ongoing efforts to strengthen compliance culture, which can be invaluable in a regulatory review or investigation.

Data Is a Game-Changer for Compliance Programs

The 2024 ECCP update is a milestone for compliance programs, marking a shift toward a more holistic, data-focused approach. By placing emphasis on data, the DOJ effectively requires companies to provide concrete proof of their compliance efforts, making it clear that ethical behavior is no longer just a set of policies—it’s a measurable, evolving part of the corporate culture. This represents a major change for compliance professionals, as they must now develop skills in data analysis, culture assessment, and strategic planning.

The DOJ’s increased focus on compliance culture and data-backed metrics aligns with the broader trend toward accountability and transparency in corporate governance. Compliance professionals who embrace this shift will be able to strengthen their programs, foster a more ethical workplace, and reduce their organization’s risk of regulatory scrutiny. By taking proactive steps to meet these new standards, compliance teams can also build trust with employees, investors, and regulators, creating a foundation of integrity that benefits the entire organization.

Turning Compliance into a Competitive Advantage

The DOJ’s 2024 ECCP update is not simply a set of new requirements but an opportunity for compliance professionals to elevate their programs, demonstrate value, and create a culture where ethical behavior is embedded into the organizational DNA. By focusing on data, conducting regular culture audits, and aligning compliance with incentives, compliance professionals can turn these new standards into a competitive advantage.

For compliance professionals, the ECCP update provides a clear framework for fostering a dynamic, responsive compliance culture that meets and exceeds regulatory expectations. By staying ahead of these changes, compliance professionals protect their organizations and position themselves as strategic leaders who understand the evolving nature of compliance. In an era where regulators demand proof of ethical culture, data is no longer just a tool; it is the future of compliance, and those who embrace it are setting their organizations up for long-term success.

Categories
FCPA Compliance Report

FCPA Compliance Report – The 2024 ECCP on Data-Driven Culture and Engagement

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this edition, Tom Fox visits with Sam Silverstein on how compliance professionals should view the new DOJ mandate on using data to assess, manage, and improve corporate culture through data-driven compliance. The Culture Audit sponsors this podcast.

In this comprehensive discussion, Tom Fox and Sam Silverstein delve into the 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP) by the DOJ. Released in September, this latest update emphasizes the importance of data analytics, culture, engagement, and trust in compliance programs. With a detailed breakdown of over 250 questions posed by the ECCP, Tom and Sam provide valuable insights on how companies can benchmark their compliance programs and prepare for potential investigations. They highlight the role of a culture audit in addressing the DOJ’s requirements, offering a detailed look into how organizations can measure and improve their compliance culture. This webinar educates compliance professionals on the latest DOJ expectations and provides practical tools and methodologies to enhance corporate compliance efforts.

Highlights in this episode:

  • Importance of Culture and Data Analytics
  • Leveraging Data for Compliance
  • Measuring and Improving Culture
  • Data-Driven Culture of Compliance
  • Understanding and Utilizing Culture Audit Data
  • Forward Steps for a Stronger Culture

Resources:

Culture Audit

Set up a call to discuss the Culture Audit, click here

Sam Silverstein and the Accountability Institute

Sam Silverstein on LinkedIn 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Why Data Access is Key to Compliance Effectiveness

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we explore why the DOJ will now evaluate whether compliance teams have adequate access to the necessary data to assess the effectiveness of their programs.

Categories
FCPA Survival Guide

FCPA Survival Guide: Step 5 – Data Analytics

How can you survive an FCPA enforcement action? In this special podcast series, Tom Fox and Nick Gallo lay out the Top 10 things you can do to reduce your overall fine and penalty, perhaps down to a full declination. All of the actions you can take come from recent DOJ prosecutions under the FCPA and speeches from DOJ representatives. This podcast, sponsored by Ethico, is the companion series to the book The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action. Today, we discuss the importance of data analytics as a key part of any remediation and in today’s compliance regimes.

Tom Fox and Nick Gallo are back to discuss the evolving role of data analytics in compliance, highlighting its transition from a cutting-edge tool to a best practice and soon-to-be table-stakes requirement. They review the SAP and Albemarle FCPA  enforcement actions to illustrate points where data analytics played a pivotal role in remediation efforts. They look at the foundational aspects of data analytics, paralleling personal finance management to underline its fundamental importance in both personal and professional contexts. Some of the key uses of data analytics are risk identification, response, compliance program testing, and reporting, as outlined by Andrew McBride, a recently retired chief ethics and compliance officer. They conclude by stressing the importance of data analytics in demonstrating program effectiveness and underscore the DOJ’s interest in data-driven evidence of compliance program remediation.

Key Highlights and Issues

  • The Evolution and Importance of Data Analytics
  • Understanding Data Analytics Through Everyday Examples
  • Practical Approaches to Implementing Data Analytics
  • The Role of Data Analytics in Compliance Program Testing and Reporting
  • Personalizing Data Analytics for Program Effectiveness

Resources:

Nick Gallo on LinkedIn

Ethico

The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Master Data Plan

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we explore how a Master Data Plan can be used to make your use of data more efficient, more transparent and more encompassing.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

AI-Driven Compliance Solutions: Balancing Automation and Human Judgment

In today’s rapidly evolving business landscape, compliance and risk management are critical components for the success and sustainability of any organization. With the increasing complexity of regulations and the growing need for transparency, companies are turning to innovative solutions to enhance their compliance programs and mitigate risks. The most revolutionary approach at this point in time is the use of data-driven tools powered by artificial intelligence (AI) and machine learning. The utilization of AI-driven tools has become increasingly crucial for compliance functions seeking to enhance decision-making processes, improve efficiency, and proactively address compliance risks. These tools, which leverage advanced analytics, machine learning, and automation, have the potential to revolutionize compliance practices and lead to more informed decisions at all levels.

Leveraging Data

Data has become a cornerstone in improving the effectiveness of compliance programs. By utilizing data analytics, companies can drive greater business efficiency, leading to a higher return on investment for their compliance initiatives. By leveraging AI-driven solutions, organizations can make fact-based decisions that focus on critical risk areas, enabling better risk assessment and reducing investigative costs.

The Department of Justice (DOJ) has made it clear that data analytics are part of a minimum set of best practices for compliance programs. This means the importance of user adoption is critical both in the effectiveness of AI-driven compliance solutions and in demonstrating your company’s commitment to compliance if the regulators come knocking. The truth is that no matter how sophisticated an AI-based tool may be if compliance professionals do not embrace and use it, its potential remains untapped. This underscores the need for a user-centric approach in developing and implementing AI and data-driven solutions for compliance and risk management.

The Role of Data

In the aftermath of global events such as the pandemic, geopolitical tensions, and regulatory changes, compliance has become more crucial than ever. Data-driven compliance solutions play a pivotal role in helping compliance functions navigate these challenges by providing valuable insights and supporting decision-making processes at all levels. By striking the right balance between automation and human judgment, AI-driven tools can effectively identify risks and enhance decision-making in risk management.

When implementing AI-driven compliance tools, every compliance professional should prioritize finding the right balance between automation and human judgment. While AI can analyze vast amounts of data and identify patterns and risks, human compliance expertise is essential in interpreting results and making informed decisions. Finding the right equilibrium between automation and human judgment is critical to ensuring the efficacy of AI-driven compliance solutions in risk management.

Enhancing Prevention

The use of AI and machine learning has revolutionized fraud prevention by enabling compliance professionals to interact more effectively and identify potential risks and high-risk transactions. While AI, coupled with machine learning, can analyze vast amounts of data and pinpoint areas of concern, human investigation and expertise remain essential in making informed decisions and determining the presence of fraud. By empowering compliance teams with AI-driven solutions, organizations can proactively mitigate risks, foster transparency, and build a strong anti-fraud culture.

AI-driven compliance tools offer various benefits, such as real-time risk notifications through alerts for a corporate compliance function and customized reports for senior managers. These tools enable organizations to take immediate action and remediate situations before they escalate into compliance violations. By leveraging AI and data-driven solutions, companies can enhance their decision-making processes, improve efficiency, and address compliance risks proactively.

Striking the Balance

While AI and data-driven solutions offer numerous benefits in compliance, risk management, and fraud prevention, it is essential to prioritize user adoption and consider the impact on the overall user experience. By incorporating a user-centric approach in the development and implementation of AI-driven tools, companies can ensure the effectiveness of their compliance and risk management initiatives.

However, relying solely on AI for fraud detection presents challenges. While AI and machine learning can enhance efficiency and identify potential risks, they are not foolproof. False positives can occur, necessitating human investigators to determine the validity of flagged transactions. Striking the right balance between AI and human expertise is crucial to ensuring accurate and effective fraud detection.

Embracing the Future of Compliance

As we look towards the future, the integration of AI and data-driven solutions will continue to play a pivotal role in transforming compliance. By leveraging advanced analytics, machine learning, and automation, organizations can enhance decision-making processes, improve efficiency, and proactively address compliance risks. With the right approach and a holistic perspective, AI-driven solutions can become a valuable asset in the pursuit of effective compliance and risk management strategies. However, it is crucial to maintain a balance between leveraging technology and harnessing human expertise to ensure the accuracy and effectiveness of these solutions.

The successful implementation of AI-driven compliance solutions requires a holistic approach that considers user adoption and the impact on employees, fosters a culture of transparency, and aligns with the organization’s risk management objectives. By prioritizing user adoption, balancing automation with human judgment, and considering the impact on the user experience, organizations can harness the transformative power of AI and data-driven solutions in compliance and risk management.

As organizations continue to navigate the complexities of compliance and risk management, AI-driven solutions offer a promising avenue for enhancing practices and making more informed decisions. By embracing these tools while recognizing the importance of human expertise, organizations can navigate the evolving landscape of compliance with greater efficiency and effectiveness.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 5, Data Analytics

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring, and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 5, Data Analytics. Data analytics was previously seen as cutting-edge in compliance. Now, they are recognized as part of a best practices compliance program. By this time next year, they will be table stakes for every compliance program. However, the DOJ specifically called out the use of data analytics in these three enforcement actions and the incorporation of data analytics into their compliance regimes in the future.

Albemarle

Albemarle’s NPA specifically called out the Company’s use of data analytics in two ways. The first was to monitor the Company’s compliance program, and the second was to measure the compliance program’s effectiveness. While this language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions’ access to all company data, this is the first time it has been called out in a settlement agreement in this manner. Moreover, although not explicitly tied to the lack of a required corporate monitor, it would appear that by using data analytics, Albemarle was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation.

Andrew McBride, Chief Risk & Compliance Officer at Albemarle. He noted that if you think about each element of a compliance program—policies and procedures, training, due diligence, and pre-approvals—and your investigation process, a recurring theme throughout is the role of data to test that those program elements are working as you intend. McBride believes there are four critical purposes for using data and data analytics to support the ethics and compliance program, which he listed as follows:

  1. Risk Identification Issues. It can be used as a part of transaction testing and auditing to identify problematic behavior, support investigations, and highlight areas of residual risk.
  2. Risk Response. Data analytics can be used as a form of internal control. Albemarle uses data analytics as a form of gatekeeper.
  3. Compliance Program Testing. Data analytics can be used to determine the effectiveness of your ethics and compliance program.
  4. Finally, and perhaps most significantly for the DOJ’s purposes in FCPA enforcement actions, are the reporting requirements to demonstrate that the company meets its requirements as laid out in the resolution documents, whether a DPA, NPA, or other.

SAP

The SAP resolution made several references to data analytics and data-driven compliance. SAP did so around its third-party program and expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high-risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by stating that SAP now uses data analytics to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance function’s access to all company data; this is the second time it has been called out in a settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation, thereby avoiding monitoring.

ABB

While not explicitly called out in its DPA, ABB has instituted a significant and company-wide data analytics program as a part of its overall remediation effort. Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, spoke about some of the challenges ABB faced and overcame to institute its data analytics program. He said, “The way data is hosted for us and probably for a lot of organizations is in lots of different places, and there needs to be a lot of data cleanup before we can utilize and use data.” He related that another challenge “for us has also been getting hold of data in different jurisdictions. There may be data privacy laws around data transfer, and there may be blocking statutes around this same thing. So navigating the local law requirements around data transfer, getting a hold of the data, and all of those things have been key challenges, as well as resourcing internally how to do this and getting the external stakeholders to support. I think These key fundamental steps need to be ironed out and looked at early on in the process.”

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC increasingly focus on data analytics for corporate compliance, signaling higher expectations for larger companies.

Data-driven analytics have become a significant part of any best practices compliance program. The DOJ sees it as a critical remedial step for any company in an FCPA enforcement action. The actions taken by ABB, Albemarle, and SAP demonstrate that the DOJ also wants to impress this upon the greater compliance community.