DOJ official: Compliance team access, visibility into data a sign of effectiveness
One of the ways the Department of Justice (DOJ) will assess a firm’s compliance program is by judging how accessible and visible a company’s data is to its compliance function, an agency official told attendees at Day 3 of Compliance Week’s National Conference in Washington, D.C. on Wednesday.
Lauren Kootman, assistant chief in the DOJ’s Fraud Section, said during a panel that data analytics is “one portion of an effective compliance program,” and how it is being used is a good indicator of a program’s strength or weakness.
For example, effective compliance programs use data analytics in risk assessments, onboarding, monitoring, and oversight of third parties, she said. Another sign is whether a company’s compliance team has access to all its data. Siloing of information within an organization—by accident or by design—will weaken a compliance program’s overall effectiveness, she said.
In March, the DOJ announced changes to its evaluation procedures for corporate compliance programs in criminal investigations, including monitoring off-channel and cursory messaging by employees, executive compensation programs, and how the agency selects compliance monitors. Kootman discussed how data analytics fits into the agency’s assessment of compliance programs in those evaluation procedures.
Another sign of the relative strength or weakness of a firm’s compliance program is whether it has the same access to data analytics technology as other divisions—e.g., sales, third-party risk management, payments, and operations—in the same orga