Staying Ahead of Compliance Expectations with Continuous Compliance Monitoring

Q: What is continuous transaction monitoring?

Continuous transaction monitoring for compliance is the practice of monitoring 100% of corporate transactions in real-time. It provides compliance and audit teams with a comprehensive view of the organization's transactional spend and revenue risk.

Q: Why is continuous transaction monitoring important?

Continuous transaction monitoring is essential to a company's risk management strategy. By identifying high-risk transactions, continuous monitoring ensures that the organization is operating within acceptable risk thresholds. Additionally, continuous monitoring enables rapid identification of areas of program improvement and has been beneficial for organizations to reduce costs and improve their operations.

Continuous compliance monitoring is the practice of monitoring 100% of corporate transactions in real time. It provides compliance and audit teams with a comprehensive view of the organization's transactional spend and revenue risk. With continuous monitoring, companies can quickly and easily assess transactions for risks, including corruption, fraud, asset misappropriation, revenue recognition, export controls, sanctions violations, and conflicts of interest. Transaction types will vary based on the business but typically include data from ERP, T&E, Procurement, HR, and transparency data systems.

Compliance monitoring allows organizations to risk score financial transactions, such as invoices, credit notes, and travel/expense reimbursements, and escalate those with a higher risk profile for human review. With risk scoring, organizations can quickly detect high-risk transactions before bad actors repeat the same practice or increase the amounts of money misappropriated from the company or used to fund bribery or fraud schemes. Compliance programs also benefit from continuous improvement as companies use their findings to adjust further monitoring, internal controls, policies, and training, thus reinforcing a culture of compliance across the business. As a result, risk management becomes a dynamic and ongoing process rather than one informed by auditing "snapshots." By doing so, transaction monitoring can prevent non-compliance from becoming systemic and meet regulator expectations for immediate detection and remediation while avoiding fines and reputational damage.

Traditional auditing and monitoring methods are manual and focused on controls, often resulting in an overwhelming amount of items to review that might not accurately represent the overall risk within the entire data set. The same transaction may be sampled multiple times if it appears in results from different tests or unconnected data sets. This approach is often inefficient and ineffective, failing to connect the dots between numerous risk indicators for a specific transaction. Auditing and monitoring processes usually select samples months or years after the transaction, failing to meet the expectations of enforcement agencies, such as the U.S. Department of Justice, to detect and remediate wrongdoing immediately; before issues become systemic. In May 2022, at NYU Law’s Program on Corporate Compliance and Enforcement (PCCE), Assistant Attorney General Kenneth Polite, a former in-house Chief Compliance Officer himself, stated:

“I want to know whether you are doing everything you can to ensure that when an individual employee is facing that singular ethical challenge, he has been informed, he has been trained, and he has been empowered to choose right over wrong. Or, if he makes the wrong choice, you have a system that immediately detects, remediates, disciplines, and then adapts to ensure that no others follow suit (emphasis added).”

While the concept of continuous monitoring is not brand new, the ability to do so with the help of advanced analytics and algorithms has dramatically improved in recent years. New software advancements such as Lextegrity's risk engine algorithm – incorporating advanced fraud detection techniques and machine learning – enable companies to identify anomalies and high-risk transactions that might impact enterprise risk.

Effective transaction monitoring solutions contain dozens of pre-built risk data analytics, from statistical to behavioral and policy-based, with analytics that are configurable to fit your specific business, risk exposure, and historical issues your organization may have faced.

Continuous transaction monitoring has many benefits over traditional methods because it provides complete visibility into organizational spending and revenue. Compared to periodic audits, it's cheaper and faster to monitor transactional data than to conduct interviews or engage in in-person site visits. Continuous monitoring can even be done remotely without sending staff members to other locations.

Continuous monitoring is essential to a company's risk management strategy. By identifying high-risk transactions, continuous monitoring ensures that the organization is operating within acceptable risk thresholds. Additionally, continuous monitoring enables rapid identification of areas of program improvement and has been beneficial for organizations to reduce costs and improve their operations. Compliance teams can immediately incorporate findings into the analytics models, program controls, and scoring algorithms to prevent future occurrences and improve the program's overall health. Transaction monitoring is becoming progressively more necessary in today's business environment, as it is increasingly important to actively monitor and manage fraud and corruption risks to remain competitive. Transaction monitoring can also reduce the costs associated with compliance by prioritizing your efforts within the monitoring of spend and revenue data. Rapid review and remediation are also facilitated by displaying the full context of the transaction and its risk results together so that you can focus on the risk of a transaction holistically.

The June 2020 update to the U.S. Department of Justice (DOJ) Evaluation of Corporate Compliance Programs guidance (2020 Guidance) emphasized that corporate compliance programs must be updated to be capable of delivering actionable risk insights on an ongoing basis. The 2020 Guidance notes that companies should focus their resources on high-risk transactions specifically.

"Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction." U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (Updated June 2020)

With compliance monitoring, organizations can ensure that real-time data required by regulators is available for Compliance, Investigations, and Audit professionals. For example, if a whistleblower allegation comes through the compliance hotline, Compliance and Investigations professionals can quickly pull up risky transactions for that individual, that vendor, or that country. Instantaneously, companies can start changing their analytics to detect new transactions that fit the new pattern. If a new red flag is identified in the media for an existing vendor, that vendor can quickly be added for additional monitoring. All transactions from that vendor can be monitored in real-time. If certain transactions are of interest, for example, consulting expenses charged by a distributor, those transactions can be targeted for additional scrutiny.

Another important aspect of continuous monitoring is compliance with anti-corruption laws, such as the Foreign Corrupt Practices Act (FCPA) in the United States. The FCPA prohibits companies and their employees from making improper payments to foreign officials for the purpose of obtaining or retaining business. By monitoring transactions in real-time, companies can detect and prevent any potential FCPA violations, protecting the organization from fines and reputational damage. In addition, compliance teams can use the data gathered through continuous transaction monitoring to improve their anti-corruption policies and training programs, reinforcing a culture of compliance within the company. Overall, the combination of continuous transaction monitoring and a strong anti-corruption program is crucial for organizations to mitigate risks and comply with legal requirements.

The benefits of continuous compliance monitoring illustrate why it is an essential organizational investment to reduce risk and improve organizational stability. This is especially true given the recent increase in regulatory focus on data analytics for compliance. By implementing continuous transaction monitoring, organizations have an efficient and cost-effective way to keep track of suspicious and potentially fraudulent activities, helping to ensure they stay compliant with the relevant regulations while protecting their reputation and brand-value long-term.

To learn about Lextegrity and our many compliance solutions, reach out to us for a consultation today.