Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

McEachern and Pollitt: Use your existing data to power compliance

In the majority of bribery and corruption investigations — from relatively simple matters to complex cross-border affairs — the data necessary to detect and solve these cases was largely available within the organization under investigation and could have been used to prevent the red flag from erupting into a full-blown scandal.

Yet in many organizations, public and private alike, the key data points for bribery and corruption indicators are often dispersed throughout its many different data systems. Personnel are similarly fragmented: the experts who understand the main bribery and corruption risks are often removed from those who grasp what key data exists, where it sits across disparate systems, and how it’s collected.

Understanding data is an effective and cost-efficient way to identify bribery and corruption red flags before they snowball into bona fide scandals.

“Root cause analysis” of key data can allow you to connect the dots, create timelines of events, and unravel issues that could lead to a costly and potentially damaging investigation and prosecution.

Most critically, the same data can then be deployed to build internal controls and prevent the problem from happening again.

Not taking the time to understand key risks and the data available to detect these risks can be a serious miscalculation.

Here are five steps to begin a data strategy:

C-Suite buy-in: First and foremost, organizations need to make a deliberate, dedicated commitment to identify and leverage their data to fight bribery and corruption. This commitment has to come from the very top of an organization so that the right resources and personnel are lined up and empowered.

Know the risk: Identify where you’ve seen risk materialize before, what types of bribery and corruption schemes your business, or others like it, is most susceptible to, and what areas of your business should be monitored—contracts, payments, third-party vendors, proposal development, time and expenses, and the like.

Know your data: Many organizations fail to stitch together data points they have already collected. The red flags around the incident were somewhere in the organization’s own systems, buried within payment processing databases, transaction monitoring tools, or requests for proposals, to name a few of the usual suspects. The key to using available data correctly, then, is ensuring that all data systems and their relevant data points are understood, properly mapped, and collected for the purpose of fighting bribery and corruption.

Training: Understanding how to marry the risks you’ve identified with your data will take buy-in from a large number of stakeholders including acquisitions, procurement, finance, sales, and marketing departments. It is not easy to aggregate this data into one combined system to create a complete and informative picture — data scientists and analysts will need to assist in extracting the desired data points in the format that’s most helpful. Knowing exactly what data exists and can be used, the possibilities for combining that data point with others to develop a clearer picture, and the applicability to bribery and corruption red flags is fundamental to creating a red flag monitoring system that actually alerts on the right risks.

Put your data to work: Use data to visualize the risks you’ve already identified. Data can be deployed in any way that allows the information to be seen—whether that’s a monitoring system with alerts, a management dashboard, or visualization capabilities. No matter the front-end system, though, the point is to connect the data to enable a proactive understanding of risk factors. These types of red flags or “key risk indicators” should be directly linked to the risks you identified in step two of the process. Organizations should then implement red flag adjudication and, like any technology-based risk-modeling process, institute a regular and periodic review of the alerting system to reduce false positives and ensure that the right risks are being exposed.


Taking the above steps will deliver a data-driven workflow as part of a sustainable anti-bribery and corruption program. And ensuring that all relevant stakeholders — in legal, compliance, technology, and the business — have a working understanding of the key risks not only helps ensure that the analytics playbook is right-sized and risk-based for your organization, but also provides a valuable compliance edge.


George “Ren” McEachern, pictured above left, is a Managing Director at Exiger. He joined Exiger from the Federal Bureau of Investigation in Washington, DC, where he was the Supervisory Special Agent of the FBI’s Washington Field Office, International Corruption Squad. He led a team of Special Agents, Forensic Accountants, and Intelligence Analysts with a focus on investigations related to the FCPA, international money laundering, kleptocracy and antitrust.

Roy Pollitt, above right, is a Managing Director and Americas Head of Investigations based in Exiger’s New York office. He joined Exiger after a decorated 17-year career as a Special Agent with the FBI.

The authors are grateful to Laura Tulchin, an Associate Director of Exiger, for her contributions to this post.

Share this post


Comments are closed for this article!