Tag: data driven compliance

Categories
Blog

AI-Driven Compliance Solutions: Balancing Automation and Human Judgment

In today’s rapidly evolving business landscape, compliance and risk management are critical components for the success and sustainability of any organization. With the increasing complexity of regulations and the growing need for transparency, companies are turning to innovative solutions to enhance their compliance programs and mitigate risks. The most revolutionary approach at this point in time is the use of data-driven tools powered by artificial intelligence (AI) and machine learning. The utilization of AI-driven tools has become increasingly crucial for compliance functions seeking to enhance decision-making processes, improve efficiency, and proactively address compliance risks. These tools, which leverage advanced analytics, machine learning, and automation, have the potential to revolutionize compliance practices and lead to more informed decisions at all levels.

Leveraging Data

Data has become a cornerstone in improving the effectiveness of compliance programs. By utilizing data analytics, companies can drive greater business efficiency, leading to a higher return on investment for their compliance initiatives. By leveraging AI-driven solutions, organizations can make fact-based decisions that focus on critical risk areas, enabling better risk assessment and reducing investigative costs.

The Department of Justice (DOJ) has made it clear that data analytics are part of a minimum set of best practices for compliance programs. This means the importance of user adoption is critical both in the effectiveness of AI-driven compliance solutions and in demonstrating your company’s commitment to compliance if the regulators come knocking. The truth is that no matter how sophisticated an AI-based tool may be if compliance professionals do not embrace and use it, its potential remains untapped. This underscores the need for a user-centric approach in developing and implementing AI and data-driven solutions for compliance and risk management.

The Role of Data

In the aftermath of global events such as the pandemic, geopolitical tensions, and regulatory changes, compliance has become more crucial than ever. Data-driven compliance solutions play a pivotal role in helping compliance functions navigate these challenges by providing valuable insights and supporting decision-making processes at all levels. By striking the right balance between automation and human judgment, AI-driven tools can effectively identify risks and enhance decision-making in risk management.

When implementing AI-driven compliance tools, every compliance professional should prioritize finding the right balance between automation and human judgment. While AI can analyze vast amounts of data and identify patterns and risks, human compliance expertise is essential in interpreting results and making informed decisions. Finding the right equilibrium between automation and human judgment is critical to ensuring the efficacy of AI-driven compliance solutions in risk management.

Enhancing Prevention

The use of AI and machine learning has revolutionized fraud prevention by enabling compliance professionals to interact more effectively and identify potential risks and high-risk transactions. While AI, coupled with machine learning, can analyze vast amounts of data and pinpoint areas of concern, human investigation and expertise remain essential in making informed decisions and determining the presence of fraud. By empowering compliance teams with AI-driven solutions, organizations can proactively mitigate risks, foster transparency, and build a strong anti-fraud culture.

AI-driven compliance tools offer various benefits, such as real-time risk notifications through alerts for a corporate compliance function and customized reports for senior managers. These tools enable organizations to take immediate action and remediate situations before they escalate into compliance violations. By leveraging AI and data-driven solutions, companies can enhance their decision-making processes, improve efficiency, and address compliance risks proactively.

Striking the Balance

While AI and data-driven solutions offer numerous benefits in compliance, risk management, and fraud prevention, it is essential to prioritize user adoption and consider the impact on the overall user experience. By incorporating a user-centric approach in the development and implementation of AI-driven tools, companies can ensure the effectiveness of their compliance and risk management initiatives.

However, relying solely on AI for fraud detection presents challenges. While AI and machine learning can enhance efficiency and identify potential risks, they are not foolproof. False positives can occur, necessitating human investigators to determine the validity of flagged transactions. Striking the right balance between AI and human expertise is crucial to ensuring accurate and effective fraud detection.

Embracing the Future of Compliance

As we look towards the future, the integration of AI and data-driven solutions will continue to play a pivotal role in transforming compliance. By leveraging advanced analytics, machine learning, and automation, organizations can enhance decision-making processes, improve efficiency, and proactively address compliance risks. With the right approach and a holistic perspective, AI-driven solutions can become a valuable asset in the pursuit of effective compliance and risk management strategies. However, it is crucial to maintain a balance between leveraging technology and harnessing human expertise to ensure the accuracy and effectiveness of these solutions.

The successful implementation of AI-driven compliance solutions requires a holistic approach that considers user adoption and the impact on employees, fosters a culture of transparency, and aligns with the organization’s risk management objectives. By prioritizing user adoption, balancing automation with human judgment, and considering the impact on the user experience, organizations can harness the transformative power of AI and data-driven solutions in compliance and risk management.

As organizations continue to navigate the complexities of compliance and risk management, AI-driven solutions offer a promising avenue for enhancing practices and making more informed decisions. By embracing these tools while recognizing the importance of human expertise, organizations can navigate the evolving landscape of compliance with greater efficiency and effectiveness.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 5, Data Analytics

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring, and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 5, Data Analytics. Data analytics was previously seen as cutting-edge in compliance. Now, they are recognized as part of a best practices compliance program. By this time next year, they will be table stakes for every compliance program. However, the DOJ specifically called out the use of data analytics in these three enforcement actions and the incorporation of data analytics into their compliance regimes in the future.

Albemarle

Albemarle’s NPA specifically called out the Company’s use of data analytics in two ways. The first was to monitor the Company’s compliance program, and the second was to measure the compliance program’s effectiveness. While this language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance functions’ access to all company data, this is the first time it has been called out in a settlement agreement in this manner. Moreover, although not explicitly tied to the lack of a required corporate monitor, it would appear that by using data analytics, Albemarle was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation.

Andrew McBride, Chief Risk & Compliance Officer at Albemarle. He noted that if you think about each element of a compliance program—policies and procedures, training, due diligence, and pre-approvals—and your investigation process, a recurring theme throughout is the role of data to test that those program elements are working as you intend. McBride believes there are four critical purposes for using data and data analytics to support the ethics and compliance program, which he listed as follows:

  1. Risk Identification Issues. It can be used as a part of transaction testing and auditing to identify problematic behavior, support investigations, and highlight areas of residual risk.
  2. Risk Response. Data analytics can be used as a form of internal control. Albemarle uses data analytics as a form of gatekeeper.
  3. Compliance Program Testing. Data analytics can be used to determine the effectiveness of your ethics and compliance program.
  4. Finally, and perhaps most significantly for the DOJ’s purposes in FCPA enforcement actions, are the reporting requirements to demonstrate that the company meets its requirements as laid out in the resolution documents, whether a DPA, NPA, or other.

SAP

The SAP resolution made several references to data analytics and data-driven compliance. SAP did so around its third-party program and expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally. The SEC Order also noted that SAP had implemented data analytics to identify and review high-risk transactions and third-party controls. The SAP DPA follows the Albemarle FCPA settlement by stating that SAP now uses data analytics to measure the compliance program’s effectiveness. This language follows a long line of DOJ pronouncements, starting with the 2020 Update to the Evaluation of Corporate Compliance Programs, about the corporate compliance function’s access to all company data; this is the second time it has been called out in a settlement agreement in this manner. Additionally, it appears that by using data analytics, SAP was able to satisfy the DOJ requirement for implementing controls and then effectively testing them throughout the pendency of the DOJ investigation, thereby avoiding monitoring.

ABB

While not explicitly called out in its DPA, ABB has instituted a significant and company-wide data analytics program as a part of its overall remediation effort. Tapan Debnath, Head of Integrity, Regulatory Affairs, & Data Privacy—Process Automation at ABB, spoke about some of the challenges ABB faced and overcame to institute its data analytics program. He said, “The way data is hosted for us and probably for a lot of organizations is in lots of different places, and there needs to be a lot of data cleanup before we can utilize and use data.” He related that another challenge “for us has also been getting hold of data in different jurisdictions. There may be data privacy laws around data transfer, and there may be blocking statutes around this same thing. So navigating the local law requirements around data transfer, getting a hold of the data, and all of those things have been key challenges, as well as resourcing internally how to do this and getting the external stakeholders to support. I think These key fundamental steps need to be ironed out and looked at early on in the process.”

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC increasingly focus on data analytics for corporate compliance, signaling higher expectations for larger companies.

Data-driven analytics have become a significant part of any best practices compliance program. The DOJ sees it as a critical remedial step for any company in an FCPA enforcement action. The actions taken by ABB, Albemarle, and SAP demonstrate that the DOJ also wants to impress this upon the greater compliance community.

Categories
Data Driven Compliance

Data Driven Compliance: From Cutting Edge to Best Practices to Table Stakes

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than Tom Fox’s award-winning podcast, Data-Driven Compliance. This podcast features an in-depth conversation about the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I take a solo turn to explore how data-driven compliance has moved from cutting-edge compliance to part of a best practices compliance program to becoming table stakes to do business in a multi-national world.

Data-Driven Compliance Programs are revolutionizing companies’ identification of potential compliance issues, mitigating risks, and maintaining integrity. The Department of Justice has given these programs, which use data analytics and AI, the go-ahead because of their capacity to improve business efficiency and stop improper payments. The bottom line is that these programs have transitioned from being cutting-edge to being considered best practices.

Active data monitoring and analysis, inter-departmental collaboration, and formal risk assessments are cornerstones of a robust compliance program. This is because of the power of data analytics and AI in compliance monitoring and the need for compliance professionals to adapt continuously to the evolving landscape of data-driven compliance. Implementing a data-driven compliance program avoids trouble and enhances business efficiency in today’s regulatory environment.

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Competitive Advantage of Data-Driven Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider data-driven compliance as a business process and the more data you have and the longer you keep it, the more you can refine your process.

3 key issues to consider:

  1. The value of obtaining the data.
  2. The higher the value added, the greater the chance that it will create a lasting edge.
  3. At what point does additional data no longer enhance value?

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Data Driven Compliance

Data Driven Compliance: Sherlock Holmes on Pattern Recognition in Data-Driven Compliance

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. Today, I take a solo turn to talk about data analytics and pattern recognition for the compliance professional in the context of the Sherlock Holmes short story, The Adventures of the Dancing Men. For a deep dive into the story, check out the episode on my Sherlock Holmes pod, Adventures in Compliance.

In this story, Holmes decodes stick figures to solve the mystery. One of the tools he uses is pattern recognition, which plays a pivotal role in data-driven compliance programs, serving as a tool to identify anomalies and potential compliance issues. It involves the systematic observation of data to identify recurring elements or trends, even in seemingly random data, and interpreting these patterns within the appropriate context to provide meaningful insights. The importance of this process for the compliance professional cannot be overstated.

Pattern recognition requires both creativity and flexibility, and it can help predict future outcomes, optimize processes, and inform decision-making in compliance programs. I also discuss the significance of an iterative approach, which involves continuous improvement based on new information and collaboration with others to enhance analytic capabilities and gain deeper insights. Check out this most unique and interesting episode of the Data-Driven Compliance podcast, where Sherlock Holmes instructs the modern compliance professional on Data-Driven Compliance.

 Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Adventures in Compliance

The Return of Sherlock Holmes – Data – Driven Compliance from The Adventure of The Dancing Men

Welcome to a review of all the Sherlock Holmes stories that are collected in the work “The Return of Sherlock Holmes.“. It is a collection of thirteen detective stories written by Sir Arthur Conan Doyle, marking the reappearance of the brilliant detective Sherlock Holmes after his apparent death in “The Final Problem.” The collection spans various intriguing cases and mysteries that Holmes and his loyal friend Dr. John Watson tackle. Today we take up the Adventure of the Dancing Men and mine its insights into data-driven compliance through pattern recognition.

The intriguing world of Sherlock Holmes’ investigative methods offers a wealth of lessons for compliance professionals. Pattern recognition, the ability to discern order in a chaotic environment, is a fascinating topic that holds significant importance in various fields, including investigations and compliance work. Pattern recognition as a critical skill in unraveling mysteries and establishing connections within a compliance program. His perspective is shaped by his emphasis on the importance of meticulous attention to detail, the study of symbols to identify patterns, and the understanding that having data is just the beginning—pattern recognition is the crucial next step in data analysis. Fox also highlights the value of specialized knowledge and skills, such as cryptology, in deciphering codes and solving complex puzzles. He underscores the need for creative thinking, collaboration, and critical analysis in the work of a compliance professional, demonstrating how these elements can enhance pattern recognition.

Data-Driven Compliance Lessons:

  • What is data-driven compliance?
  • Once you have the data, how do you use it?
  • The Importance of Meticulous Pattern Recognition
  • Decoding Symbols and Making Connections
  • Pattern Recognition and Creative Corporate Code Breaking

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program – Day 28 – Data-Driven Compliance – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated, “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

Three key takeaways:

1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said,  “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks.

3. Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon, they will simply be table stakes for companies to effectively manage compliance risks.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Blog

Data-Driven Compliance – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division. She stated “I’d like to now turn to our use of data. In the Criminal Division, we too are going above and beyond in our effort to combat white collar crime. We are not just waiting for companies to self-report, or witnesses to come forward, or for anomalies to reveal themselves on a one-off basis. Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

Anselmo Guevara, Director, Compliance Monitoring and Analytics at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

But as with all new initiatives in compliance, one must emphasize the importance of starting a compliance journey with a formal risk assessment. Guevara suggested collaborating with various departments within the organization, such as accounts payable, receivables, internal audit, and business operations, to understand the risks associated with different processes. This collaborative effort helps identify compliance controls that need to be in place and ensures that the data required for analysis is available.

While low hanging fruit may seem like an attractive starting point, Guevara cautioned against solely focusing on easy wins. He advised against presenting a weak business case to secure budget approval for compliance projects. Instead, he recommended conducting a comprehensive compliance risk assessment to prioritize areas that require immediate attention. This approach ensures that compliance efforts are aligned with your organization’s overall risk management strategy.

Data analytics plays a crucial role in enhancing compliance efforts. By leveraging data analytics tools and techniques, compliance professionals can identify patterns, detect anomalies, and uncover potential compliance risks. However, Guevara highlighted the importance of validating suspicious transactions before raising concerns. It is essential to conduct due diligence and thoroughly investigate any potential issues to maintain financial integrity and credibility.

Data-driven compliance programs have moved from cutting edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. It is crucial for compliance professionals to stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

Categories
Data Driven Compliance

Data Driven Compliance: The Journeys of Albemarle and ABB to Data-Driven Compliance, Part 2

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data-Driven Compliance podcast, hosted by Tom Fox. This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data-Driven Compliance is back with another exciting episode. In this special second part of a two-part podcast, I co-host with Vince Walden, CEO of KonaAI, to visit with our guests Andrew McBride, Chief Risk Officer at Albemarle, and Tapan Debnath, Head of Integrity, Regulatory Affairs, and Data Privacy—Process Automation at ABB, on their respective companies’ journeys to data-driven compliance.

Debnath’s perspective on the challenges and strategies in compliance data analytics is centered on the need for clear goals, defined processes, and the importance of early planning and resource allocation. He sees compliance data analytics as a journey rather than a project, encouraging organizations to start with imperfect data and refine their processes over time. On the other hand, McBride’s perspective is focused on prioritization, resource allocation, and audience-driven decision-making. He emphasizes the iterative nature of data analytics projects and believes that a successful ethics and compliance program does not necessarily require a large data analytics team, but rather the right roles and support from the IT function. Join Tom Fox and Vince Walden as they delve deeper into these insights with Tapan Debnath and Andrew McBride on this episode of Data-Driven Compliance.

Key Highlights:

  • Navigating Data Privacy Laws Across Jurisdictions
  • Strategic Steps in Ethics and Compliance Analytics
  • Unlocking AI’s Potential in Compliance Analytics
  • Actionable Insights from Data Analytics
  • Leveraging Documentation for Enhanced Compliance and Risk Mitigation

Resources:

Vince Walden on LinkedIn

KonaAI

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

Categories
Everything Compliance

Everything Compliance – Episode 127, The Awesome Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have the quartet of Jonathan Armstrong, Matt Kelly, and Jay Rosen, all hosted by Tom Fox, joining us on this episode to discuss some of the topics they are watching in 2024.

  1. Matt Kelly looks at the recently enacted Foreign Extortion Prevention Act (FEPA). He rants about the SEC getting hacked around the Bitcoin ETF announcement and reminds everyone to use two-factor authentication.
  2. Tom Fox shouts out to the University of Michigan for winning the College Football National Championship.
  1. Jonathan Armstrong looks at the intersection of AI and Operational Resilience and ties it to the need for greater Board skills in these areas. He shouts out to Jay Rosen, who is in transition and would be a great addition to any compliance product or service BD team.
  1. Jay Rosen opines on the DOJ’s Expectations for Data Driven Analytics in 2024. He shouts out to Robert Kraft and the New England Patriots for paying departing coach Bill Belichick his full 2024 salary.
  1. Jonathan Marks asks, What does it mean to be on a Board in 2024? He rants about the Philadelphia Eagles.

The members of the Everything Compliance are:

  • Jay Rosen – Jay is Vice President, Business Development, Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.