Data is the bedrock of every effective compliance program. On its own, this is a simple idea: Companies utilize metrics such as training completion records and hotline reports to gauge the effectiveness of their compliance programs, while data from expense reports and vendor transactions can be audited to ensure that internal controls are being followed and company employees are performing ethically. 

However, recent technological advances have enabled companies to take a more multifaceted approach to compliance risks, such as fraud and corruption, leaving reliance on one-dimensional data sets insufficient. It’s become more critical than ever for companies to integrate contextual analytics into their compliance program to ensure it performs at peak effectiveness.

But why are legacy approaches to compliance no longer sufficient, how can contextual analytics benefit a corporate compliance program in practice, and what should compliance professionals keep in mind when considering integrating contextual analytics into their organization’s programs? This article will answer all of these questions. Before that, let’s begin by defining contextual analytics as it relates to compliance programs.

What is Contextual Analytics?

Contextual analytics refers to the layering and connecting of different data sets, such as various transactional data sets within an organization, which provides meaningful context that can be used to identify risk. This process is directly integrated into a data-driven compliance program and does not require compliance or audit professionals to contextualize the data manually. For example, a pre-approval system in a corporate compliance program powered with contextual analytics can view a request for funds and compare it to similar requests or requests by the same recipient to determine if the requested payment is a non-compliant outlier. Similarly, a third-party spend monitoring process can consider third-party due diligence results to provide further context around risk with that particular spend item.

As its name suggests, contextual analytics can provide organizations with actionable insights based on their organization’s data, rather than just presenting raw data sets without clarifying what the information in those data sets actually means in a broader context.

Why are Compliance Programs That Lack Contextual Analytics No Longer Sufficient?

The end goal for compliance programs hasn’t changed—their objective is still to aid compliance and audit professionals in risk detection—but regulatory expectations for those programs are continually increasing. The 2020 update to the United States Department of Justice’s compliance guidance, Evaluation of Corporate Compliance Programs, emphasized that companies need to anticipate and proactively identify risk via their compliance programs rather than merely show that those programs exist. Traditional compliance programs, which lack contextual analytics, might present users with a large amount of data. Still, if that data is presented without context, the program may detect fraud after the fact, but it isn’t actually helping to identify potentially fraudulent activity or corrupt behavior. 

While companies have faced increased regulatory pressure to improve the efficiency and accuracy of their compliance programs in recent years, technology is advancing quickly enough to allow companies to meet those regulatory expectations. A compliance program with contextual analytics can simultaneously present data sets while identifying unusual trends, patterns, and outliers in the data, which provides useful information that can be used to determine if specific transactions require further investigation. A corporate compliance program that offers this kind of context can aid in quickly identifying and reviewing high-risk transactions rather than spending large amounts of time manually combing through the data themselves. Such risk-tailored resource allocation is specifically cited by the Department of Justice as an important factor in an effective compliance program. Contextual analytics also ensures that companies’ compliance programs meet regulatory expectations via their superior risk management processes: The Department of Justice expects companies to collect information and use metrics that can detect misconduct, which a modernized compliance program is capable of automatically doing, unlike traditional programs that only supply its users with basic data sets that lack additional insights.

These kinds of contextual analytics are invaluable for companies, as the Department of Justice’s updated compliance guidance notes that “prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction.” Therefore, not only can compliance programs with contextual analytics help companies detect fraud through potentially fraudulent activity more quickly than traditional programs, but contextual analytics can also earn companies credit in the unfortunate situation of facing a regulatory investigation.

How can Contextual Analytics Benefit a Compliance Program in Practice?

Beyond helping to ensure that a company is in-line with regulators’ compliance expectations, a compliance program empowered with contextual analytics will provide organizations with superior insights about their data compared to traditional compliance processes.

First, contextual analytics provides genuine insights into the effectiveness of your company’s compliance programs. Traditional approaches to gauging effectiveness include tracking the number of hotline reports a company receives, the percentage of employees who have completed compliance training, and similar metrics. These processes are important but cannot guarantee that a company’s compliance program is effective on its own. For example, a company might have 99 percent of its employees complete their mandatory compliance training, but that doesn’t necessarily mean that employees are following the training. Similarly, a company might have had a 50 percent decrease in year-over-year hotline reports, but that’s not an assurance that fraudulent activity decreased in that time frame - only that fewer fraudulent activities were reported. Without context, these kinds of key performance indicators can cause companies to have a false sense of security about the effectiveness of their compliance processes.

However, a data-driven compliance program can run deeper analyses that provide insightful context about the effectiveness of an organization's compliance processes. For example, consider traditional pre-approval processes, which are typically manual and paper-based. In a data-driven program, a compliance professional could review a pre-approval request to host a meeting by examining the request in the context of other meeting requests to determine if the amount of desired spend per recipient is an outlier. Another example of how contextual analytics can bolster a compliance program is via due diligence: If a compliance professional with a data-driven program reviews a due diligence request to engage with a third party, they can access monitoring results to determine if any historical transactions with that third-party have been suspicious or contrary to policy. This contextual information can help compliance professionals make informed decisions based on concrete data.

Furthermore, the interconnected nature of a data-driven compliance program ensures that compliance professionals have superior information about data sources across their organization. Traditionally, data sources such as HR information, expense reports, and spend transactions are siloed across an organization and are difficult to bring together to form a holistic risk assessment. In a data-driven program, that information can be pulled together and coupled with compliance metrics and data analyses to uncover trends, spend anomalies, and policy violations that might have otherwise gone undetected.

What are the Key Points to Consider Before Implementing a Data-Driven Compliance Program?

Data analytics are an invaluable part of modern compliance programs, but integrating data analytics into your company’s compliance processes can seem overwhelming if you don’t know where to start. That said, taking that technological leap forward is entirely manageable if you consider three simple points before implementation:

1) Start by Detecting the Key Risk Indicators in Your Data

A common question compliance professionals have when considering the implementation of compliance data analytics is how to avoid “boiling the ocean.” It’s important to identify the most important data (in a compliance context) in your organization and focus on those data sets first rather than feeding an overwhelming mass of data into your system. Five common examples of data sets that typically contain key risks are:

• Conflicts of interest data
• Third-party diligence data
• Travel and expense reimbursement data
• Vendor spend and customer revenue ERP data
• Human resources data

Prioritizing the analysis of data sets that contain key risks will make it easier to implement an effective compliance program that can identify trends and generate insights that might have gone undetected.

2) Determine Your Organization’s Compliance Needs

Compliance programs are not a one-size-fits-all tool. A company’s size, the regions it works in, its compliance budget, and the effectiveness of its current compliance processes should all be taken into consideration when determining whether a given data-driven compliance program will be the right fit for your organization. For example, is using contextual analytics to inform decision-making in the pre-approval process one of your organization’s primary goals? Is it critical for your compliance program to be able to continuously monitor third-party transactions after the onboarding process? Having a concrete idea of your compliance goals will help ensure that your company puts into place the compliance tools it needs without exceeding budget.

3) Consider the User Experience

Effective data-driven compliance programs should be designed to be user-friendly, but it’s still important to consider who will be able to access the program’s tools and how its information will be presented to people in your organization. For example, if your company has data sets that are not in English - or if non-English-speaking users will access the program - will the program be able to display its information in multiple languages and translate that information effectively? Furthermore, if your company is multinational, will your compliance program have tools to ensure that managers in specific countries can only access the data sets that are relevant to them? It’s also important to consider how accessible the program and the data it provides are: Will the compliance professionals using the program need any specialized skill sets to make sense of the data? Can non-technical users control the program’s algorithms? Can the compliance professionals display the program’s findings in accessible formats such as charts or graphs?

Beginning Your Data-Driven Compliance Program

Data analytics has long been a staple in industries such as finance and marketing, but compliance programs have begun to reap the benefits of the technology and the superior context it provides companies with increasing regularity in recent years. Compliance programs driven by compliance data analytics can provide companies with superior insights about risk within their organization with greater speed and accuracy than traditional compliance processes. The use of data-driven compliance programs will likely accelerate in the coming years.

If you have additional questions about how contextual analytics can bolster your company’s compliance processes and build a more effective compliance program, reach out to us to learn more about best practices and the overall digital transformation of organizational risk management efforts.

FAQs

What are contextual analytics?

Contextual analytics refers to the layering and connecting of different data sets, such as various transactional data sets within an organization, which provides meaningful context that can be used to identify risk.

Why is contextual analytics vital for corporate compliance programs?

A corporate compliance program that offers this kind of context can aid in quickly identifying and reviewing high-risk transactions rather than spending large amounts of time manually combing through the data themselves.

Is contextual analytics in compliance programs better than traditional compliance processes?

Beyond helping to ensure that a company is in-line with regulators’ compliance expectations, a compliance program empowered with contextual analytics will provide organizations with superior insights about their data compared to traditional compliance processes.