Corporate compliance officers know that data analytics is crucial to the success of your compliance program. What’s more, compliance officers have already known about the importance of data analytics for more than a few years now.
So why is building that strong data analytics capability still so elusive?
Today, we’re launching a series of blog posts to answer that question.
We want to explore:
- Why, exactly, data analytics is so important to an effective compliance program
- The common obstacles to building a strong data analytics program, and how to overcome them
- What the full potential of a data analytics program can achieve
- How data analytics drives better employee engagement with the compliance program
- How data analytics can also drive better reporting from CCO to management, the board, and even regulators
Every compliance officer can intuitively grasp that those five bullet points are the right issues to raise. But it’s harder to arrive at the right answers. Too often, compliance teams still struggle to define specific steps to execute on their data analytics goals.
Given all the emphasis placed on data analytics, now is the time to solve this dilemma once and for all and start taking practical steps forward.
So let’s begin by addressing the most important question first.
Why is data analytics so important?
That’s easy. Data analytics is important because the U.S. Justice Department’s guidelines for an effective compliance program say it is. Many others say so too, of course, but the Justice Department guidelines loom above all.
Specifically, the department’s guidance for Evaluation of Corporate Compliance Programs lists three fundamental questions that prosecutors must consider when reviewing a company’s compliance program.
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
- Does the corporation’s compliance program work in practice?
Data — complete and accurate, assembled thoughtfully, packaged intelligently — is a crucial element for corporate compliance officers to answer those questions. It proves the points you are trying to make. It gives prosecutors (or anyone else) reviewing your compliance program confidence that you know what you’re doing, and that you can be trusted to continue.
For example, to demonstrate that the compliance program is well designed, you could show how your policies and training flow from specific compliance risk indicators you’ve identified — by, say, studying audits of compliance controls, or calls to your hotline, or interactions with the Code of Conduct.
Or to demonstrate that the program is being applied in good faith, you could analyze data on employee disciplinary measures to demonstrate consistency across geographic regions and managerial levels. To prove that the compliance program works in practice, you could compare training scores against calls to the hotline on similar topics.
Any compliance officer could think of a dozen other examples too, but you get the point. Data analytics provides evidence of what is happening within your organization, and that’s what the Justice Department wants to know. What is happening within your organization? Does your compliance program actually work?
Nor is the Justice Department the only authority out there pressuring compliance officers to do better at data analytics. The Securities and Exchange Commission has a sophisticated “EPS Enforcement Initiative” that uses analytics to spot earnings fraud. Healthcare regulators use data analytics to identify red flags on Medicare fraud and opioid abuse. If your company ever acquires a new subsidiary, your own board will want assurance that there are no compliance surprises in that target; data analytics will help there too.
The need for data analytics is clear and compelling; compliance officers obsess over it for good reason. Which brings us to our next question.
Why is data analytics so hard?
Data analytics isn’t hard, in the sense that your compliance program must obtain advanced IT and coding resources if you want to succeed; that’s not true. You can start generating data-driven insights about your compliance issues with much less IT investment than one might expect.
Better to say that data analytics is intimidating, because most compliance officers aren’t confident in their data analytics skills. For example, it can be difficult to understand just how powerful a role technology might play in your compliance program — even when you already know your company’s operations and compliance risks and have a rough sense of what the data might tell you.
Data analytics is about combining technology and your good compliance judgment, so you’ll know exactly what your data is telling you. Then you can fit together the pieces — in a clear, logical, defensible manner — for risk mitigation, program improvement, better reporting, and the ultimate goal of an effective compliance program.
How to get started? That’s our next post.