Moving from Defense to Offense with Data Analytics: Plays from the Field to Manage Bribery and Corruption Risk
Baseball’s opening day has come and gone and, with the season underway, it’s obvious that the reign of “big data baseball” is stronger than ever. Managers who depend solely on their gut are being replaced by those who leverage data-driven statistics and quantitative experts to inform nearly every decision on and off the field. The Houston Astros are considered frontrunners in the use of data analytics among Major League Baseball teams and are, unsurprisingly, the most recent World Series Champion. Today, data is arguably a star player on any baseball team. Although this same type of robust and actionable data analytics is notoriously lagging in the anti-bribery and corruption space, recent developments suggest that a Billy Beane-type revolution is imminent in the FCPA world.
While there were a record-breaking 45 new FCPA-related investigations in 2017, the government’s commitment to rooting out corruption is not just about prosecution—it’s also about new expectations for how organizations should detect and prevent bribery and corruption. In that regard, the DoJ recently published guidelines codifying a more measured approach for companies that voluntarily self-disclose FCPA violations as well as permanently adopted the policies of the FCPA Pilot Program, with senior officials also publically stating that the Department is looking for companies and agencies to implement integrated, holistic anti-bribery and corruption programs. Central to these developments is how organizations use data to enhance their compliance departments. Like baseball a decade ago, it’s time to rewrite the playbook of anti-bribery and corruption programs. The big data transformation begins with taking data off the bench and getting it into the game: training it, coaching it, and deploying it as the key player in detecting and rooting out costly wrongdoing.
With that said, companies and public agencies face a quandary when thinking about the best use of their data: they’re sitting on a huge volume of key information, but it’s often difficult to distinguish the signal from the noise. Those well-versed in the FCPA arena will tell you that in the majority of bribery and corruption investigations—from relatively simple matters to complex cross-border affairs—the data necessary to detect and solve these cases was largely available within the organization under investigation and could have been used to prevent the red flag from erupting into a full-blown scandal. Yet in many organizations, public and private alike, the key data points for bribery and corruption indicators are often dispersed throughout its many different data systems. Personnel are similarly fragmented: the experts who understand the main bribery and corruption risks are often removed from those who grasp what key data exists, where it sits across disparate systems, and how it’s collected. Finally, the very teammates who are most exposed to bribery and corruption risks—those in day-to-day business operations—are often the same people who don’t receive adequate bribery and corruption training.
Government investigators increasingly expect organizations to quickly and efficiently overcome these kinds of hurdles, especially when there are already causes for investigation. Although it may not be as easy as flipping a switch, using your data right is absolutely achievable. If you make a real commitment, your organization’s data can become the star player of your compliance team: an effective and cost-efficient way to identify bribery and corruption red flags before they snowball into bona fide scandals. Indeed, “post-game” analysis of key data can allow you to connect the dots, create timelines of events, and unravel any issues that could yield an investigation. Most critically, the same data can then be deployed to build internal controls and prevent the problem from happening again. But businesses and public agencies can—and, according to the DoJ, should—follow these same steps before the scandal appears. Without taking the time to understand key risks and the data available to detect these risks, organizations cannot pull together a game plan to put the best players on the field.
So where do you start?
1. Find your Billy Beane in senior management: First and foremost, organizations need to make a deliberate, dedicated commitment to identify and “coach” their data to fight bribery and corruption. In most cases, this has to come from the very top of an organization so that the right resources and personnel are lined up and empowered. All employees must fully understand that the end goal is not simply about adding data to the lineup, but transforming the game.
2. Know your opponent: Understand what you’re looking for. Think hard about where you’ve seen risk materialize before, what types of bribery and corruption schemes your business is most susceptible to, and what areas of your business should be monitored—contracts, payments, proposal development, time and expenses, and the like. Remember that an essential element of bringing your star player off the bench (your data!) is ensuring that it’s going after the right opponents.
3. Know your data: More often than not, companies and agencies fail to stitch together the data points already at their fingertips. They are often sitting on a gold mine of valuable data, but key personnel don’t have a good sense of all the different types of data within their organizations, and therefore fail to realize what data can be gathered to provide a fuller understanding of an event. Taking a step back to view the field and create lessons learned from past failings at your organization, or at similarly situated organizations, will reap results. In the majority of corporate and public investigations, many, if not all, of the red flags around the incident already existed somewhere in the organization’s own systems, buried within payment processing databases, transaction monitoring tools, or requests for proposals, to name a few. The key to using available data correctly, then, is ensuring that all data systems and their relevant data points are understood, properly mapped, and collected for the purpose of fighting bribery and corruption.
4.Training day: After you know what data is available, the real work begins: harnessing it. Understanding how to marry the risks you’ve identified with your data will take buy-in from a large number of stakeholders including acquisitions, procurement, finance, sales, and marketing departments. Nor is it easy to aggregate this data into one combined system to create a complete and informative picture—data scientists and analysts will need to assist in extracting the desired data points in the format that’s most helpful. Knowing exactly what data exists and can be used, the possibilities for combining that data point with others to develop a clearer picture, and the applicability to bribery and corruption red flags are each fundamental to creating a red flag monitoring system that actually alerts on the right risks.
5.Get your data onto the field: The game begins. Once the data is prepared and ready for game time, it can take the field. Use the data to visualize the risks you’ve already identified. The data can be deployed in any way that allows the information to be seen—whether that’s a monitoring system with alerts, a management dashboard, or visualization capabilities. No matter the front-end system, though, the point is to connect the data to enable a proactive understanding of risk indicators. For example, a round-dollar consulting fee may be less risky when attached to a Master Service Agreement, whereas a payment to a third party in a low-risk country may raise a red flag when you see that your company has no due diligence information on that vendor. These types of red flags or key risk indicators should be directly linked to the risks you identified in step two of the process. Organizations should then implement red flag adjudication and, like any technology-based risk-modeling process, institute a regular and periodic review of the alerting system to reduce false positives and ensure that the right risks are being exposed.
Taking the above steps will deliver a data-driven workflow as part of a sustainable anti-bribery and corruption program. Cutting-edge technology and data, however, are not only aiding the fight against bribery and corruption—they’re also being used to commit graft by increasingly savvy and technology-focused criminals. In this kind of environment, the best defense is a strong offense. To that end, ensuring that all relevant stakeholders—in legal, compliance, technology, and the business—have a working understanding of the key risks not only helps ensure that the analytics playbook is right-sized and risk-based for your organization, but also provides a valuable edge by keeping every player on your team focused and engaged.
The government has sent enough signals about how organizations should be proactively, coherently, and efficiently using their data in the fight against bribery and corruption. And, not unlike the big data revolution in baseball, those that don’t act will find themselves at a costly and crucial disadvantage. The sooner your data gets out onto the field, the better.
George “Ren” McEachern joined Exiger from the Federal Bureau of Investigation in Washington, DC, where he was the Supervisory Special Agent of the FBI’s Washington Field Office, International Corruption Squad. In this role, Ren led a team of Special Agents, Forensic Accountants, and Intelligence Analysts with a focus on investigations related to the Foreign Corrupt Practices Act (FCPA), International Money Laundering, Kleptocracy and Antitrust. Ren brings his FCPA expertise to his new role as a Managing Director at Exiger, a global regulatory and financial crime, risk and compliance company delivering actionable advice and tech-enabled solutions. Ren developed a new FBI proactive global strategy to investigate complex international financial crimes and corruption matters. This strategy leveraged analytical capabilities and dedicated expert personnel with solid investigative principles.
Roy Pollitt is a Managing Director and Americas Head of Investigations based in Exiger’s New York office. With money laundering investigative expertise honed in some of the largest financial institutions and law enforcement agencies in the country, Roy brings a special focus on bribery and corruption. Roy came to Exiger after a decorated 17-year career as a Special Agent with the Federal Bureau of Investigation.
Laura Tulchin has wide-ranging experience in investigations in public and private organizations. She has worked on public bribery cases, where she regularly uses complex data analytics tools and leads sensitive interviews. Laura joined Exiger from the Council on Foreign Relations and was a Fulbright scholar in Rio de Janeiro, Brazil.
For more information about how data analytics can be used proactively to detect corruption, please reference here for a panel featuring our authors at The Integrity Forum, an initiative of Exiger. The breakfast event was hosted at the Center for the Advancement of Public Integrity (CAPI) on Friday, April 20th.