Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

We’ll show you how to demystify data analytics for compliance

Charles Bame-Aldred and William Goldman | February 11, 2019

Register: Compliance Week West

With a myriad of risks and ever-evolving regulatory changes impacting how companies foster and maintain an ethical culture, top compliance programs have become data-driven. Join your colleagues -- as well as data gurus Charles Bame-Aldred and William Goldman -- at Compliance Week West in San Francisco from March 11-12. Demystify data analytics with an agenda focused on data privacy, data analytics, big data, and how companies manage regulatory risk with technology innovation. Register now

Type "Using Data Analytics for FCPA Compliance" into a Google search, and the results include software companies, CPA firms, legal firms, consulting firms, and a variety of FCPA blogs, each identifying the optimal ways a company can discover a handful of risky transactions/interactions out of the millions or billions that occur during any 12-month period.

Their suggestions are sound. These techniques can increase the efficiency and effectiveness of the compliance function to find payments to risky vendors or from foreign bank accounts, suspicious transaction descriptions, checks made to cash, or finding favorable differences in execution costs/revenues between similar vendors/customers located in different jurisdictions.

However, many of the recommended solutions are expensive or require human resources well trained in the complexities of compliance and data analytics. Chief Compliance Officers (CCOs) of firms willing to make the investment around data analytics face a significant implementation issue: How do you acquire compliance officers and staff with the necessary training in both organizational compliance and data analytics? The acquisition and retention of human capital is even more difficult for firms with underfunded compliance departments.

The human resource market is very tight for professionals with the ability to assess risk and understand the regulatory requirements (compliance) along with quantitative skills to detect violations (data analytics). Based on recent estimates, the labor market for both groups will be tight for the foreseeable future, especially for the data analytics group. If a CCO is unable to find candidates with the requisite data analytics skills, how does the CCO get the rest of the compliance team trained to execute data analytics routines to uncover risky transactions?

The data analytics element of the compliance function is traditionally complex and requires a great deal of experience and training. Due to the varying skillsets required to perform data analytics and investigative processes, we are seeing some companies creating separate data analytics functions within the organizations. Unfortunately, this siloed approach often leaves organizations with two sets of employees: the data analytics group (DAG) and the investigative group (IG). Employees in the DAG often lack investigative training and are difficult to retain. Employees in the IG often lack data skills required to quickly and efficiently detect potential violations.

Given this dichotomy of skills and training, each organization’s challenge is to cross-pollinate the expertise of each group. The DAG works with the IG to identify the relevant compliance questions that can be answered by analyzing the data. The IG relies on the DAG’s process and data manipulations to create a user-friendly output that will be used to conduct further investigation. Any misconstrued question or error in the method of extracting the output could lead the IG to waste organizational resources following false trails and/or missing the real problem. How the groups interact, how they help each other, and how they work collaboratively are important for the compliance function.

We believe that modern business intelligence tools (BI tools) enable the IG to detect suspicious transactions with basic training. Improving the IG skills to be a "lite" version of the DAG improves the odds of long-term data analytics functionality within the compliance function. Companies can transform their passive “checklist” compliance approach to a more active approach, focusing on both the policies to prevent violations and the data monitoring to detect violations.

Tools, such as Tableau, Qlik, Microsoft PowerBI, Watson Analytics, etc., have simple interfaces with drag and drop functionality. Once the IG has a rudimentary understanding of the BI tool, the group can begin to follow this four-step process:

  1. Formulate the compliance question;
  2. Determine which variables within the IT system are necessary to answer the question;
  3. Develop the logic to answer the question using the variables and the BI tool; and
  4. Communicate the outcome of the data analytics visualization/output.

Compliance officers are already trained in process and logic. With some additional training, compliance groups can improve their technological detection skills and the effectiveness of the compliance program.

The HUB of Analytics Education (HUB) is working with Compliance Week to develop training materials. At CW West in San Francisco (March 11-12) and the CW Annual Conference in Washington D.C. (May 19-22), the HUB team will demonstrate simple ways to execute this four-step process to identify potential FCPA violations.

HUB has more than 700 faculty members from over 425 colleges and universities in all 50 states and 35 countries signed up to use its open educational resources.

Join us this spring in either San Francisco or D.C. to learn more.

Charles Bame-Aldred is the president and chairman at the HUB of Analytics Education. William Goldman is HUB's chief education officer.