Anti-corruption compliance efforts are rarely, if ever, as easy as a-b-c. However, these endeavors would be much easier and more effective if more companies understood—and deployed—their ABCs.
“ABC” refers to anti-bribery and corruption analytics, which are statistical techniques that comb through massive amounts of data and sniff out unusual patterns, questionable transactions, and compliance risks buried deeply within organizational information systems. These analytics mine vast amounts of data via clustering, variance-detection, linguistic searches, and other techniques. When potential problems are detected, analytical tools issue automatic alerts calling for further investigation.
If that sounds complicated, it should. After all, companies of all sizes now rely on a complex tangle of information systems, located on internal servers as well as in the cloud. These systems process ever-increasing amounts of data measured in gigabytes, terabytes, and petabytes.
That being said, the process of using analytics does not require an advanced degree in IT. Once the tools are in place, leveraging information they produce is as easy as 1-2-3, to which any finance director, human resources department, sales and marketing team, professional sports manager, or amateur fantasy sports enthusiast can attest.
Best Buy has used analytics to discover that slight boosts in employee engagement scores correlate to significant increases in annual operating income. Financial planning and analysis functions routinely employ analytics to forecast, with eerie accuracy, fluctuations in revenue several quarters into the future. And perhaps most famously, Oakland A's General Manager Billy Beane, who is played by Brad Pitt in the film version of author Michael Lewis' “Moneyball,” rose to prominence by employing analytics to sniff out up-and-coming baseball talent that conventional talent-scouting either neglected or dismissed.
Spotting talent, it turns out, often is just as difficult as identifying evidence of bribery and other forms of corruption within organizations. Success in either endeavor requires the following approaches:
>> Subscribe | Try a risk-free 10-day trial subscription to Compliance Week and enjoy a host of benefits.
Think Differently. As Lewis writes in his book, baseball “managers tend to pick a strategy that is the least likely to fail, rather than to pick a strategy that is most efficient … The pain of looking bad is worse than the gain of making the best move.” A similar dynamic holds sway in business and in compliance. Traditional, rules-based tests of data samples remain widely used—in part because they are so widely used. Despite their popularity, rules-based tests have several limitations: They are slow, require a lot of manual work, and examine a relatively small set of data. Besides, outwitting those who break rules requires a continual dose of fresh thinking: ABC analytics provide fresh insights derived from an untraditional source (organizational data).
The use of ABC analytics does not negate the value of traditional modes of anti-corruption and bribery vigilance; instead, these tools should augment existing capabilities.
Strike a Balance: The use of ABC analytics does not negate the value of traditional modes of anti-corruption and bribery vigilance; instead, these tools should augment existing capabilities. In the movie version of “Moneyball,” Beane angrily fires his scouting director, Grady Fuson because Fuson refused to adapt his from-the-gut approach to finding talent to Beane's new, analytical approach. In reality, however, Fuson left the team, quietly, on his own accord and was later re-hired by Beane. The two have confirmed that the team's current talent-scouting approach balances qualitative and quantitative techniques.
Tailor Your Tools: ABC analytics should be customized to reflect the unique risks an organization faces. These tools and methodologies should also be sufficiently flexible so that they can incorporate insights and observations from previous investigations.
Once these analytical tools are in place and tailored to your organization's risk environment, you too can be more like Brad Pitt. OK, you won't become richer, better looking, or world famous; but you can be a star (at least within your company) by using analytics to get a quicker, deeper, and more efficient view of corruption and bribery risks.
Anti-Corruption Data Analytics: An OCEG Roundtable
Switzer: The very idea of data analytics can be intimidating to many compliance officers. Can you share how a forensic analysis approach can help them to find instances or patterns of bribery, or potential for corruption to occur? Tell us why this approach is so important, and give us some idea of how it actually works.
Walden: Imagine looking through your company's accounts payable activity from your Russia operations and you come across a sizeable cash payment to a vendor that is described in the journal entry comments field as, “Goodwill fee as incentive payment for business relations.” Further, the vendor under review is a state-owned entity. While nobody is going to book it as a “bribe expense,” people come up with creative ways to describe inappropriate payments. By looking at these “free text” payment descriptions, a new light is shed on the data which makes it much easier to identify. This is the core of integrating anti-bribery and corruption analytics into your monitoring program.
Crafton: Here are some of the concrete steps you can take to find corrupt activity by analyzing your data. There are five main areas to analyze when looking for corruption. First is knowing who is involved by analyzing vendors and agents. You might stratify agent payments by time period and currency amount, or by contract or project code. Also, look for payments to vendors that are not on the vendor master list or large round sum payments to agents. This may include commissions, recurring commissions, and cash payments in large round dollars or unusual currencies. Second, consider corrupt intent behind a payment and analyze the free text field general ledger entries for items such as cash disbursements, travel & entertainment, marketing, and charitable expenditures. As Vincent mentioned, this is a key component for looking for improper payments.
Third, look deeper into cash disbursements and evaluate things such as duplicative payments and suspicious vendors; petty cash account use in selected countries; and payments made without a P.O. or not in the vendor master. People will get creative when looking for ways to extract cash from a company to pay bribes so you have to be creative as well. Fourth, look for suspicious recipients, considering customer segmentation by country, Transparency International's CPI index, sale price and margin analysis across customers and vendors, among other factors.
And last but not least, apply a business purpose test analyzing revenue in different ways such as trending analysis of revenue by country and by customer, or calculation of effective commission rates paid to agents. Any of these can point you to suspicious patterns and help you to uncover corrupt activity.
Switzer: What can you get from a forensic analytics system that you can't get by using spreadsheets and collaborative information sharing software?
Ajenstat: The human visual system is a great system for finding patterns and outliers. In the case of fraud, where you may not have specific questions but are looking for something unusual, this is even more true. You need to see your data before you know what you're looking for. Once you see something unusual, you want an interactive visualization so you can drill down, filter, apply sorts and highlights and other contextual information to determine whether what you're seeing may be an indicator of fraudulent activity.
When you're in a spreadsheet, you are looking at rows and columns of data, and it's really hard to see trends or spot an outlier. Or you can go through a chart-wizard process, but again you need to have an idea of what you're looking for first. An interactive and visual environment is excellent for identifying patterns that are amiss.
Walden: I agree. The value in finding patterns and outliers is a key factor. In the current regulatory environment, many companies are modifying their internal audit and or compliance monitoring functions to specifically incorporate risks around bribery and corruption/FCPA. As with any audit program, analytics—not just looking at policies and procedures—should be integrated into the work program. However, analytics around bribery and corruption are fundamentally different than traditional internal audit or “accounting” tests that primarily rely on spreadsheets or “rules-based tests” to evaluate the numbers in accordance with accounting standards, not FCPA.
OCEG ROUNDTABLE PANELISTS
Senior Manager, Assurance
Services, Fraud Investigation
and Dispute Services,
Ernst & Young
and Dispute Services,
Ernst & Young
In my view, the key difference is data visualization and text. What employees are putting in the free-text fields of journal entries, accounts payable, sales data, or travel & entertainment explanations can go a long way in identifying “corrupt intent” into a potentially improper payment or transaction. Traditional auditing tools are simply not designed to pick up kickbacks and corrupt payments; hence, their detection rate is limited and their false positive rates are high.
Switzer: Does the system find and define the corruption for you, or do you still have to investigate to determine what schemes are going on?
Walden: No. These analytics won't confirm that any fraudulent or corrupt payment has taken place, only a court of law can do that; however, they will tell you where to look.
Significant cost and time savings can be achieved by incorporating these analytics on a “pre-field work” basis to identify high-risk countries and business operations. Drilling in deeper, these pre-field work anti-corruption analytics “arm” the investigator with high-risk vendors, employees, transactions, or expenses before they hit the ground so that they can make the best use of their time in country.
In one example, we helped make the business case for using these anti-bribery and corruption analytics for a large, global Fortune 500 company by reducing their number of site visits from 20 locations to around eight and reducing the time in country from four weeks to two weeks, saving over $500,000 and providing a more through audit by testing 100 percent of the payment data for all 20 counties.
Crafton: As Vincent mentioned, no suite of analytical tools will be able to define corruption for you. However, they can point you in the right direction. An effective anti-fraud and corruption analytics methodology is designed to get smarter over time. Each iteration of analysis will bring new tests, procedures, and review techniques to light. Knowledge gained in one country or one business unit can be applied in future analytics.
Beyond the analytics, the people reviewing the results must have experience in these areas. Even with as much decision support as can be built into reports, there is no replacement for investigative experience. We use a library of over 3,000 terms in over a dozen languages developed by our investigators around the globe to help us identify issues.
Switzer: People have trouble justifying budgets these days, so tell me, is the use of a sophisticated data analytic approach really only for large companies?
Ajenstat: Sophisticated data analytics does not need to be a heavy, expensive implementation. In fact, instead of large monolithic systems that need developers to change the output, what you want in forensics is a more agile approach. There are tools that are highly visual—that should be one of your criteria. Another criteria should be a self-service approach. Your forensics analysts need to be able to quickly hypothesize, test, disprove—and start again. And in general, you should be suspicious of any system that requires a massive deployment before it proves itself. Look for something that can grow as your needs grow.
Walden: Recognizing that large, global companies doing business in the emerging market countries are at a very high risk for bribery and corruption, all companies doing business in emerging market countries should be considering anti-bribery and corruption analytics into their monitoring and compliance programs. Taking a risk-based, focused approach will help companies target where to focus these analytics—as these analytics are not intended to be run across the entire enterprise.
Switzer: Let's close with one example of an actual data analytics. Jared, can you share something?
Crafton: Sure. We had a situation where the Department of Justice had required our client to analyze nearly a million transactions for suspected bribery payments. We reviewed a sample of 2,000 transactions in detail with supporting documentation such as vouchers, invoices, and approvals which led us to identify 400 suspicious and 1,600 non-suspicious entries.
Based on what we learned, we created a predictive model to identify potentially improper payments and applied it to the remaining 948,000 additional transactions, which resulted in identification of 14,000 more potentially improper payments totaling more than $8 million. The methodology had over 95 percent confidence level and DoJ accepted this approach, which not only saved potentially thousands of hours, but also allowed for deep, timely analysis of the data.
Not surprisingly, the key variable in the high-risk population of 400 payments was when the word “volume contract facilitation” or “release expense” was in the free text payment description. That is the power of a data analytic approach supported by text mining and statistical software developed for this purpose.