Building a Compliance Analytics Program – Part 1
February 20, 2019
In the fight against financial crimes, today’s organizations must focus on building compliance programs that are increasingly driven by analytics. While PwC’s Global Economic Crime and Fraud Survey 2018 indicates that 42 percent of companies have increased their spending over the past two years to combat financial crime (an increase of 2 percent from 2016) and that 44 percent intend to boost their spending over the next two years, many businesses are falling behind with their compliance analytics.
According to KPMG’s CCO (Chief Compliance Officer) Survey of 2017, which spoke with CCOs representative of the FORTUNE 100 to gather their thoughts on their organization’s compliance journey, data analytics still remains one of the least mature components of most compliance programs. The survey found that just 47 percent of those surveyed leverage data analytics and other technology processes to conduct root case and trend analysis, with 51 percent of CCOs ranking improving data quality for risk data aggregation and risk reporting as a top compliance challenge.
While most businesses have an appetite to adopt and leverage analytics in their compliance programs, there is clearly a gap in making this a reality, with most seeming uncertain of how to launch such type of program.
What are compliance analytics?
As defined by Deloitte, compliance analytics is “a growing category of information analysis, involves gathering and storing relevant data and mining it for patterns, discrepancies, and anomalies. It enables companies to better detect and head off potentially improper transactions before employees, third-parties, or even criminals steal or achieve other nefarious objectives.
Compliance analytics helps companies to proactively identify issues, take corrective action, and self-report to regulators on a timely basis. As noted by Satish Lalchand, an analytics principal with Deloitte Transactions and Business Analytics LLP, “C-suite leaders find themselves accountable for those issues, with their positions on the line. That has led more companies to proactively detect noncompliance and fraud, rather than waiting to fall victim to it… It’s better if you find an issue, take action, and tell regulators if required, rather than them finding it,” he explains.
Who you need to get you on the right foot
To build a successful compliance analytics program, businesses must first focus on creating a transformational experience within the program, ensuring that everyone who may be affected is onboard with the program and is aware that it is coming down the pipeline.
Key personnel to include in the compliance program beyond the compliance department might include members of Financial Risk Management, Internal Audit Management, IT Risk and Compliance and Operational Risk Management departments. Depending on the organization, chief marketing officers and chief data officers may also be involved.
When looking at AML compliance programs, due to ever-increasing regulatory expectations, changing government guidance (such as that issued by the U.S. Department of Justice in early 2017 regarding fraud and compliance programs), and continued enforcement actions, it’s increasingly important to involve General Counsel to accurately interpret regulations that frequently evolve to meet rising threats. Finally, process owners also need to be involved because they are the individuals who will put the new processes in motion.
Compliance analytics workshops to identify and prioritize analytics
Once you have determined the key stakeholder that need to be involved in your compliance analytics program, the next step is to focus on the highest-areas of compliance risk. In my experience, the best way to identify areas of compliance risk, the processes needed to protect the organization, and the appropriate technology solution for your organization is to conduct compliance risk-assessment workshops. The objective of the workshop is to identify the current state program and processes.
On a side note, throughout the thousands of these workshops we have conducted, we consistently find common failings across the organization include lack of understanding of the data; deficient documentation on policies and procedures; and absent controls monitoring. Without these in place, it becomes more difficult to optimize processes and your compliance analytics program will not succeed.
To help determine the strength of your program, you need to ask the following questions:
- Do we have a scalable technology to analyze different types of data sets?
- What activities are actually happening within the processes, and what are the roles and the responsibilities of the people involved?
- Is your organization using structured (i.e. ERP) and unstructured (i.e. mobile apps) data, and what are the capabilities of those existing systems?
- Can the technology process large volumes of numerical data related to organizational processes and transactions?
- What, if any, tasks are being completed manually?
- What potential pain points are you running into when using the system or throughout the process?
- Are any items or information being lost, or are there inconsistencies in information between multiple disparate systems?
- What are the risks around all of the identified pain points?
- What are the strengths of your internal controls, and are there risks around those that are not monitored in an automated fashion?
Once you achieve have reviewed the strength of an organization’s processes and identified the areas of highest risk, you have the beginnings of your analytics roadmap to continuously monitor the performance of the compliance program and highlight areas of improvement.
In part 2 of this blog, I will review how to simplify processes and start to introduce automation and analytics.
About Khaled Ghadban
Khaled Ghadban (LinkedIn) is Director of Analytics and Data Science at CaseWare RCM and has more than 20 years of experience in the data analytics space in various industries, including financial services. He is a regular contributor to conferences and a frequent speaker on the topics of analytics and cognitive (AI).