{{> _head title='The Future of Compliance Programs is Data-Driven' }}
{{> _header blogs='header__link--active' }} {{> _hero-banner hero_title='Read our Latest Blogs' hero_subtitle='A journal on ethics, compliance, life, and more' hero_image='/assets/img/headers/blog.svg' hero_image_alt='Women in Ethics & Compliance Global' hero__blog='hero__blog'}}
July 19, 2021
Kara Bonitatibus

The Future of Compliance Programs is Data-Driven

The Future of Compliance Programs is Data-Driven

Anytime someone asks me how I think compliance programs are, can be, or should be evolving, my answer is always the same – compliance programs should look to have more integrated processes and to be more data-driven. This answer really shouldn't be that surprising given that data has infiltrated nearly every other business function and even our personal lives.

As wise men and women before me have said for centuries, knowledge and information is power. And organizational functions such as commercial and sales teams have long leveraged the use of data to inform business decisions and strategy. From sales revenue numbers to market research, data has played an integral role in these "core" business functions. However, until very recently, compliance functions have not reaped the benefits of data and analytics to both measure the effectiveness of their programs or to influence behavior and decision making.

For more than a decade, U.S. regulators have expected companies to measure the effectiveness of their compliance programs. Most traditional approaches to measure effectiveness have included key performance indicators (KPIs), such as the number of hotline or incident reports, the percentage of substantiated investigations, training completion records, and other similar metrics. But these methods often fall short without additional context, comparative data, year-over-year trends, or other information. For example, a 50% substantiation rate of investigations could be indicative of a decrease of non-compliant activity if the prior year's substantiation rate was 80%. However, that same metric could signal a completely different situation if that percentage was previously less than 10%. Without these comparative data points and trending, that 50% substantiation rate is rendered nearly meaningless to truly inform the health of your compliance program.

Furthermore, metrics and the groups or systems from which they are derived are often siloed and sometimes only provide a fragmented view of the whole picture. A 99% training completion rate – again, a common compliance metric used to measure effectiveness – could provide a false sense of security. However, when viewed in the context of audit findings that have identified significant process deviations, that training statistic essentially means that while nearly your entire company completed the training, it appears the training was not effective, misunderstood, or perhaps even just forgotten. These examples highlight the deficiencies in simply looking at singular metrics or KPIs to measure the effectiveness of your program.

So, how do compliance programs follow their organizational counterpart's lead in harnessing the power of data and technology to enhance their program's effectiveness and even influence behavior? Interestingly (and often not readily recognized), a compliance function is often uniquely positioned to have access to or to be able to request access to various data sources across its organization as well as having access to its own data sources. These data sources, such as HR information, expense reports, and spend transactions coupled with compliance metrics can provide a wealth of insights to a compliance function particularly when sophisticated data analyses are applied. Such analyses can identify trends over time and, when automated or supported by a technology solution, can be run across 100% of transactions, which is far more comprehensive than a traditional approach of looking at a sample or targeted set of transactions. These analyses can run the gamut from single tests to identify policy violations to more sophisticated algorithms that identify spend anomalies, thus providing a more data-driven view of how your compliance processes and controls are working.

In addition to measuring the effectiveness of a compliance program, data and analytics can play a significant role in influencing human behavior, including approval decisions. Traditional pre-approval processes and solutions tend to be limited in the amount of insights provided about the particular approval request. However, data analytics can enhance the pre-approval process by providing contextual analytics, aggregate spend information, or even monitoring results. For example, an approver may be able to review a pre-approval request to host a meeting in the context of other meeting requests to see if the spend amount per recipient is an outlier or if any of the recipients are receiving support over an aggregated threshold limit. A compliance officer reviewing a due diligence request to engage a third party can make a more informed decision if they have at their fingertips access to monitoring results that reflect that a majority of past transactions with that third party have been flagged with compliance issues. Much like how data is used to influence sales, purchasing, and other business decisions, there are limitless opportunities to use data to ultimately help individuals make better compliance-related decisions.

While today's compliance programs are still largely reactive focusing on the issues of the day or those under regulatory investigation, thanks largely due to the accessibility of data and the availability of technology solutions, I see a huge opportunity for compliance programs to turn the tide to be more proactive and influence compliant behavior.

What is one piece of advice you would give to your younger self?

One piece of advice that I wish I had been given when I was younger and that I often hear colleagues and friends lament is to foster and maintain relationships early in your career. Networking and making connections is not something that comes easily or naturally to me, but I've learned as I've advanced in my career that business relationships don't have to be forced or formal, and the outcome can be so (mutually) invaluable.

If you had to choose an alternative career, what would you be doing now?

I am a voracious reader and would love to someday open or run a bookstore.

If you were to sit and reflect at the end of your career, what one hope do you have?

In the context of my current career, my one hope is that I have contributed in some way, no matter how small, to make it easier for people to do the right thing or make the right decision.

{{> _footer }}