The FCPA Blog: Using your Existing Data to Power Compliance
In the majority of bribery and corruption investigations -- from relatively simple matters to complex cross-border affairs -- the data necessary to detect and solve these cases was largely available within the organization under investigation and could have been used to prevent the red flag from erupting into a full-blown scandal.
Yet in many organizations, public and private alike, the key data points for bribery and corruption indicators are often dispersed throughout its many different data systems. Personnel are similarly fragmented: the experts who understand the main bribery and corruption risks are often removed from those who grasp what key data exists, where it sits across disparate systems, and how it’s collected.
Understanding data is an effective and cost-efficient way to identify bribery and corruption red flags before they snowball into bona fide scandals.
“Root cause analysis” of key data can allow you to connect the dots, create timelines of events, and unravel issues that could lead to a costly and potentially damaging investigation and prosecution.
Most critically, the same data can then be deployed to build internal controls and prevent the problem from happening again.
Not taking the time to understand key risks and the data available to detect these risks can be a serious miscalculation.
Here are five steps to begin a data strategy:
1. C-Suite buy-in: First and foremost, organizations need to make a deliberate, dedicated commitment to identify and leverage their data to fight bribery and corruption. This commitment has to come from the very top of an organization so that the right resources and personnel are lined up and empowered.
2, Know the risk: Identify where you’ve seen risk materialize before, what types of bribery and corruption schemes your business, or others like it, is most susceptible to, and what areas of your business should be monitored—contracts, payments, third-party vendors, proposal development, time and expenses, and the like.
3. Know your data: Many organizations fail to stitch together data points they have already collected. The red flags around the incident were somewhere in the organization’s own systems, buried within payment processing databases, transaction monitoring tools, or requests for proposals, to name a few of the usual suspects. The key to using available data correctly, then, is ensuring that all data systems and their relevant data points are understood, properly mapped, and collected for the purpose of fighting bribery and corruption.
4. Training: Understanding how to marry the risks you’ve identified with your data will take buy-in from a large number of stakeholders including acquisitions, procurement, finance, sales, and marketing departments. It is not easy to aggregate this data into one combined system to create a complete and informative picture -- data scientists and analysts will need to assist in extracting the desired data points in the format that’s most helpful. Knowing exactly what data exists and can be used, the possibilities for combining that data point with others to develop a clearer picture, and the applicability to bribery and corruption red flags is fundamental to creating a red flag monitoring system that actually alerts on the right risks.
5. Put your data to work: Use data to visualize the risks you’ve already identified. Data can be deployed in any way that allows the information to be seen—whether that’s a monitoring system with alerts, a management dashboard, or visualization capabilities. No matter the front-end system, though, the point is to connect the data to enable a proactive understanding of risk factors. These types of red flags or “key risk indicators” should be directly linked to the risks you identified in step two of the process. Organizations should then implement red flag adjudication and, like any technology-based risk-modeling process, institute a regular and periodic review of the alerting system to reduce false positives and ensure that the right risks are being exposed.
Taking the above steps will deliver a data-driven workflow as part of a sustainable anti-bribery and corruption program. And ensuring that all relevant stakeholders -- in legal, compliance, technology, and the business -- have a working understanding of the key risks not only helps ensure that the analytics playbook is right-sized and risk-based for your organization, but also provides a valuable compliance edge.
For more on proactively leveraging data to strengthen your compliance program, click here.