Data analytics is a crucial element in monitoring a company-wide compliance program. Here are some things we learned while developing our Compliance Management System (CMS).
The starting point of an effective CMS is the collection of valid and relevant data. The importance of reliable raw data can’t be overstated. Every data input contributes to the essential pillars of data analytics and potential compliance risk assessment.
Compliance experts must first define which business processes data should be collected from, to facilitate decision-making at the board level or local level. If we remember the famous Bismarck Sea Battle in 1943, we understand how a lack of relevant information increases uncertainty, and information asymmetry makes every decision-making process more challenging.
From the board to local managers, as much reliable data as possible is needed to win the most profitable tender or find the most trustworthy business partner. Data on third-party management, integrity screenings, tender processes, cross-border customers, antitrust measures, high-risk transactions with public officials or public institutions, sponsorships and donations, remediation items resulting from internal investigations — all of these can form the essence of a good compliance risk assessment and generally CMS.
Other places to look for data include potential personnel matters, such as conflict of interest issues, completion rates of compliance training statistics, number of site visits by compliance experts, and compliance conferences or workshops. All this input requires continuous communication, coordination, and deep cooperation between different departments across countries.
The second phase is to analyze and interpret the raw data for those business managers responsible for operations — such as tender applications, which incidentally often come with short deadlines. Let’s take a company with 100 subsidiaries as an example ,where we might regularly collect data at least quarterly for 25 different compliance focus points relevant for our CMS. We could easily populate a dashboard with 10,000 data inputs in a year.
To draw the attention of CFOs and business managers to potential financial or compliance risk factors, the primary data has to be analyzed with a scoring model that reflects a pre-defined risk matrix. Quantitative data analytics might be supplemented with qualitative methods, including in-depth interviews with CEOs, CFOs, or other senior management.
Personal impressions and insights about behavioral patterns of employees can potentially help compliance experts better foresee whether a single manager would have the intention to approve a non-compliant transaction or violate competition law in search of a more lucrative deal. We can develop both methods further into predictive analysis where the data collected on present business processes is used to predict the likelihood of future non-compliant acts or any other wrongdoing. In this case, a likelihood factor is also incorporated in the analysis.
Despite the initial work needed to define data points and the ongoing task of collection, the advantages of data analytics as well as its wide applicability in business processes means that data analytics can make a major and unique contribution to risk analysis and management, and should be an integral part of all corporate compliance and legal departments.