Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Lindsay Columbo: Sloppy data can ruin a compliance program

It may not be intuitive for a compliance department to dig into the completeness, consistency and organization of a company’s employee and customer data. But the integrity of the data impacts almost every automated compliance solution a company implements.

Automated systems used for compliance training, anti-corruption procedures, due diligence and reporting all have touchpoints to a company’s employee or customer data. Unfortunately, if a company’s data records contain duplicates, inconsistent information, missing information, and so on, all of the beneficial features of the automated systems essentially become useless.

Discovering “messy” data can create an unexpected, heavy cleanup project. It can also force an entire implementation project to be put on hold or called off, stalling progress and growth of a maturing compliance program.

As a quick fix, however, a company may be able to push forward with the integration of a new compliance system despite the presence of data integrity issues. If a company is seeking to stand up a new compliance due diligence screening tool, for example, it will not necessarily need to submit a minimum or consistent amount of data fields to perform an adequate screening on an individual. In fact, submitting fewer fields of data casts a wider net, achieving a larger number of result that will require review.

And depending on the system being implemented, a customer may be able to directly connect and integrate its existing ERP or CRM system that holds employee or customer data with the due diligence screening solution. This type of connection is often done through an application programming interface or API.

By establishing a connection between the two systems, employee or customer data can be automatically pulled into the screening solution “as is” from the ERP or CRM platform to be screened. Taking this approach eliminates having to perform any pre-screening clean-up of the data, a task that would be necessary if data were uploaded via a manual batch processes.

There are drawbacks to taking the Band-Aid approach described above.

Submitting incomplete, inconsistent data hinders such technology from delivering a lower total cost of ownership to a company. While automation through system connections can provide for a satisfactory solution for the short term, it ultimately avoids the underlying issue of the data’s integrity and need for cleanup. It could even allow the issue to perpetuate until it is uncovered through another relevant implementation initiative or by another department.

Moreover, a quick fix such as the one described above prevents a robust and powerful compliance screening system from operating at its maximum potential and from providing users with a lower total cost of ownership.

For instance, one of the most common ways to reduce false positives resulting from automated due diligence screening of employee or customer data is to submit as much information as possible. The more fields of information the system captures, the fewer the false positive that will be generated, leading to increased precision and efficiency within an organization’s operations and workflow. Essentially, retrieving a greater amount of results by inputting fewer fields is not necessarily a good thing.

Ensuring quality data is critical not only for purposes of optimizing compliance procedures, but also for many other touchpoints within an organization. At the end of the day, investing in resources to get through the tedious task of data cleanup may be worth prioritizing prior to investing in technology.


Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and screening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.

Share this post


1 Comment

  1. Great post Lindsay — the reports typically pulled by a compliance program are only as good as the data that feeds them. I formerly worked for a vendor of a major company in the oil & gas sector, which used an automated program to monitor its vendors' compliance with federal regulations on drug & alcohol tests in accordance to PHMSA & FMCSA. When I temporarily took over the functions that involved reporting that data, I found that not all of our records were uploaded into the compliance program so it was causing us to be flagged as 'out of compliance', which hurt our ability to work for that company. Missing or bad data can cause troubles for both the party doing the monitoring and the party being monitored.

Comments are closed for this article!