Perspectives
A dynamic data driven approach to compliance monitoring
With global data volumes continuing to grow exponentially, organisations need to focus and invest in a compliance programme that embeds data in its DNA to stay ahead and navigate this ever-changing data-driven landscape.
Global data volumes continue to grow exponentially with International Data Corporation predicting that the Global. DataSphere is forecasted to increase and data volumes expected to reach 175 zettabytes by 20251. The world isnot getting any simpler as we navigate past COVID-19. It was reported2 in a recent interview with the Singapore. Communications and Information Minister S. Iswaran that the current situation presents an opportunity for the country to double down on its push towards a digital future.
A digital and data driven operating model is a desirable state for organisations. Tapping the full potential of their data to extract insights allows them to be dynamic in managing and monitoring their operations, risks and compliance. The need to be dynamic in monitoring the effectiveness of an organisation’s compliance programme is covered by the U.S. Department of Justice (“DOJ”) and U.S. Securities and Exchange Commission (“SEC”) in their recently published Second Edition of "A Resource Guide to the U.S. Foreign Corrupt Practices Act3 where they highlighted “DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and do not allow them to become stale”.
To stay ahead and navigate this ever-changing data-driven landscape and avoid being “stale”, organisations need to focus and invest in a compliance programme that embeds data in its DNA. DOJ sets out the importance of using data in monitoring compliance programme effectiveness, and evaluating the adequacy of resources of a compliance department in the latest update to its “Evaluation of Corporate Compliance Programs” memorandum 4 stating that when evaluating companies, DOJ prosecutors will now ask “Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions?”
Against this backdrop and with developments closer to home, such as Section 17A of the Malaysian Anti- Corruption Commission Act recently coming into law, organisations need to tailor and enhance the monitoring of their compliance programmes by employing data analysis tools to identify trends and hidden insights with risks. Embarking on this journey will undoubtingly come with its challenges – large volumes of unstructured data, diversity of sources, the scarce combination of domain and analytical skills, as well as technology cost and training.
Navigating through the challenges
When preparing for an effective data analytics driven compliance monitoring capability, organisations should consider the following four factors:
Focus the effort
Rather than casting the net wide or investing heavily in one technology solution, consider conducting a focused proof of concept to understand the mechanics of an analytics-driven approach and to demonstrate the value it can provide.
Getting the right data
A data-led monitoring capability is as good as the data on which it is based. Focus needs to be on the right data source and relevant data within these sources.
Engage with stakeholders
Involve all stakeholders from the relevant areas of the enterprise who will be interacting with the solution
Use advanced analytics approaches
Different risks may require different analytical approaches. For example, clustering and anomaly detection use statistical profiles to identify normal activity and then differentiate outliers from these profiles. Supervised modelling in contrast uses prior economic crime, waste, abuse, and misconduct to enable the computer to “learn” the characteristics of these events, to provide early warning signs, and to identify other instances of similar behaviour.
Deloitte Guard
By bringing together experience from our many years of dealing with issues of corruption, fraud, sanctions, tax evasion and other corporate misconduct, we have developed a proactive monitoring capability using a suite of forensic analytical techniques. Deloitte Guard is a cross-industry solution platform for combining diverse data, embedding advanced analytics methods, as well as facilitating a prioritised review of analytics findings based on our business acumen, industry expertise and leading analytics competency.
Distilling data into insights
Deloitte Guard begins with data analytics and expands to issue prioritisation, investigation management, resolution tracking and continuous improvement:
1. Data Analytics: Understanding of source data, identifying risk scenarios and executing initial tests.
2. Issue Prioritisation: Creating a visual interactive dashboard highlighting potential anomalies and selecting initial cases for further review.
3. Investigation Management: Identifying skilled resources/ subject matter experts to undertake investigations of the detected anomalies.
4. Resolution Tracking: Tracking progress and outcome of investigations in a case management system and capturing mitigation techniques to assist with prevention.
5. Continuous Improvement: Providing feedback for continuous improvement of analytical capabilities and recommendations for internal controls and process enhancement.
As we move into this new way of operation, where the majority of the workforce continues to work remotely and compliance audits are interrupted by global travel restrictions, organisations are presented with challenges in the way they monitor risk. Though there are hurdles, there is a silver lining in the labyrinth of data “ripe” for data analytics which can help organisations remain dynamic in managing their compliance risks.
Learn how Deloitte can help by downloading the report.
Recommendations
Forensic Focus on COVID-19 (Part 4)
Unlocking the power of data