Data analytics and continuous monitoring are the new hot things in corporate compliance. The data revolution has made it easier for companies to collect, store and analyze data about transactions, business processes, or operational performance. It’s now possible to monitor 100% of transactions in real-time and spot risky activities or anomalies before they become a significant problem.
Historically, companies conduct risk assessments or select sites or countries to audit based on an annual rotation schedule. They conduct compliance audits at those sites for a brief time period, perhaps for a few days or weeks. A limited number of samples are chosen, varying from as low as 15 transactions to samples of 50-100 transactions. These would typically include a selection of transactions from specific General Ledger accounts from a limited time period, generally 12 to 18 months. The transactions selected would usually be focused on expenses.
On the other hand, continuous monitoring now focuses on 100% of transactions, not only expenses but also revenue transactions, from all General Ledger accounts every day of the year. Through continuous monitoring, companies identify the highest-risk transactions across multiple jurisdictions, not just samples in the countries tested. One added benefit is that bribery and fraud schemes can be detected much faster than with historical audit practices. Often audits or investigations uncover schemes that have been ongoing for years. These can sometimes result in disclosure to the government because of the size and scope of the inappropriate activities. But will these tools and continuous monitoring programs replace anti-corruption compliance audits?
How can data analytics supercharge anti-corruption compliance?
Data analytics helps companies to better monitor, spot, and report suspicious transactions. More advanced uses of data analytics allow compliance officers to set risk thresholds for certain high-risk transactions, such as employee expenses, consulting expenses, or sales discounts. Companies can then flag and investigate suspicious transactions automatically without having to wait for an audit and hope that the audit chooses the transaction within its sample. With the help of continuous monitoring analytics, compliance officers are also able to ask more complex questions about the data to find anomalies and risks. For example, a compliance officer could ask: “How many Free of Charge Goods were given to HCPs (Health Care Professionals) in Romania?” or “What region and third party have the highest number of flagged high-risk transactions?”. With the help of machine learning algorithms, compliance teams can also use data analytics to improve the performance of risk analytics and also reduce the review time of transactions.
Continuous monitoring and real-time detection
Continuous monitoring is the practice of monitoring 100% of organizational transactions in real time. It’s like having your finger on the pulse of your organization. While the concept of continuous monitoring is not new, the ability to do so with the help of advanced analytics and algorithms has greatly improved in recent years. Continuous monitoring has many benefits over traditional methods. The main advantage is that it’s cheaper and faster to pull transactional data than to conduct interviews or engage in in-person site visits. In fact, continuous monitoring can be done remotely without needing to send staff members to another location.
Continuous monitoring vs. anti-corruption audits
Although continuous monitoring will detect issues faster and reduce the number of audits conducted every year, compliance audits will still be required, especially for specifically targeted cases where data may not be available. For example, distributor audits will be necessary for distributors that do not want to share financial data with the company. Similar cases might include a country with strict data protection rules or an ERP system that is not easily accessible. Legacy compliance audits will continue to benefit from having "boots on the ground." There is no substitute for auditor expertise and one-on-one conversations with stakeholders who have first-hand knowledge and can quickly identify potential risks in their division's transactions. However, continuous monitoring using data analytics can provide much of the precursor insights to maximize the efficiency and effectiveness of such on-site audits.
What are the benefits of continuous monitoring?
One benefit of continuous monitoring is that real-time data is available for Compliance, Investigations, and Audit professionals. For example, suppose a whistleblower allegation comes through the compliance hotline. In that case, Compliance and Investigations professionals can quickly pull up risky transactions for that individual, that vendor, or that country. Instantaneously, companies can start changing their analytics to detect new transactions that fit the new pattern. If a new red flag is identified in the media for an existing vendor, that vendor can quickly be added for additional monitoring. All of the transactions from that vendor can be monitored in real-time. If certain transactions are of interest, for example, consulting expenses charged by a distributor, those transactions can be targeted for additional scrutiny. Suppose a company is interested in those transactions for a distributor in a specific country to improve compliance. In that case, the company and its auditors can leverage continuous monitoring to identify sample transactions to review during compliance audits. This approach has the added benefit of allowing for on-site interviews, reviewing documents that might not be available, and walking through transactions with people with the best knowledge of the transactions. At the same time, the onsite review would have already looked at 100% of the distributor’s transactions, not just a small sample of the highest-risk transactions.
Limitations of continuous monitoring and data analytics
Continuous monitoring is only a portion of an end-to-end solution for an anti-corruption compliance program. With continuous monitoring and data analytics, companies can detect and prevent suspicious activities and fraud. This is important because the main challenge for companies is whether they will be able to deal with suspicious, high-risk activity before it becomes a systemic, egregious problem. All companies collect transactional data, but only a handful of companies know how to use this data to detect and report compliance issues. The vast majority of companies don’t analyze all of their data using advanced analytics to identify risks. Companies that use data analytics to detect and report suspicious activity will be able to achieve a higher level of compliance. However, limitations to access to data described above may mean that continuous monitoring using data analytics will not be able to reach every transaction within the company or reach within the financial transactions of a third party or its subcontractors.
Will continuous monitoring replace compliance audits?
Although continuous monitoring will detect issues faster, save money for compliance departments and reduce the number of audits conducted every year, compliance audits will still have a role to play, especially for specifically targeted cases, such as Mergers & Acquisitions (M&A), investigations, and third-party audits. For example, distributor audits will be necessary for distributors that do not share financial data with the company. Similar cases might include a country with strict data protection rules or an ERP system that is not easily accessible. Legacy compliance audits will continue to benefit from having "boots on the ground" where auditors can speak to employees or third-party representatives face-to-face to gain valuable information, not within the transaction documentation, and even validate their trustworthiness. There is no substitute for auditor expertise and one-on-one conversations with stakeholders who have first-hand knowledge and can quickly identify potential risks in their transactions.
Monitoring and detection are powerful tools that can help companies to achieve compliance and prevent corruption. Data analytics can help to detect and report suspicious transactions in real time before they become a problem. Though data analytics are not a replacement for anti-corruption compliance audits, they should be leveraged to support, streamline, and reduce the cost of audits.
To learn about Lextegrity and our many compliance solutions, reach out to us for a consultation today.