Risk

Using Big Data to Measure Compliance Programs' Effectiveness

Using Big Data to Measure Compliance Programs' Effectiveness

This article was updated on Oct. 8, 2018.

Leaders and directors are increasingly turning to big data to measure compliance programs and efforts — and improve them. After all, the work isn't over once an organization has developed a solid compliance program. The program must then be measured to ensure its effectiveness.

Governmental agencies around the globe are issuing ever greater numbers of rules and regulations, and more tightly enforcing those already on the books. More than four in five respondents to the 2015 International Federation of Accountants Global Regulatory Survey say the impact of regulation on their organization's compliance efforts is more significant than it was five years ago.

The risks of ineffective compliance programs are significant: potential fines and penalties, damaged corporate reputations and even legal liability. Utilizing big data to measure compliance programs' effectiveness and point out areas requiring improvement can help to mitigate that risk.

The definition of big data according to Merriam Webster is "an accumulation of data that is too large and complex for processing by traditional database management tools." Not only are the data sets in big data voluminous, but they can come from disparate sources, such as customer lists and email systems, and include unstructured data such as social media posts and videos. Three Vs are often used to characterize big data: volume, velocity (the speed at which it is generated) and variety.

Compliance Metrics

While developing a corporate compliance program is a necessary first step to effectively managing regulatory requirements, it's not sufficient. If the program consists mostly of a document in a three-ring binder stashed on a junior employee's bookshelf, regulators may view it as a halfhearted, even cynical attempt to give the appearance of compliance, rather than a true effort to build a culture of ethics and compliance. Management and the board of directors must be able to measure and show the organization's compliance efforts have been carried out in good faith and are having an impact.

That requires the ability to review and analyze volumes of data in a range of formats, and often from sources both internal and external to an organization. Historically, computer systems have been proficient in handling data that are in structured formats, such as purchase orders or other transactional records, and generated from within an organization. However, measuring a compliance program's effectiveness also requires the ability to review unstructured data. For instance, most financial institutions need to monitor their handling of funds from "politically exposed persons" (PEPs) — current or former senior foreign political figures and their immediate families and close associates.

Based on the Federal Financial Institutions Examination Council, banks and other financial firms must implement controls to ensure they don't, knowingly or inadvertently, assist PEPs in hiding or moving the proceeds of corruption. This is typically accomplished by identifying account holders and their employment and countries of residence, checking references and assessing the level of risk for corruption and money laundering within their countries.

Testing the Program

Firms must verify how well their controls are working. Organizations can use big data to measure compliance efforts by reviewing a variety of data from multiple sources, identifying irregular trends or suspicious transactions and assessing how often they are getting around the organization's control and anti-fraud measures.

With that information, compliance professionals or executive management can determine what, if any, actions are needed to improve the company's compliance efforts. These might include better training of employees or more extensive customer background checks to reduce the occurrence of inappropriate or illegal transactions.

Similarly, text-mining systems can review payment descriptions or even e-mail correspondence associated with payments to identify suspicious transactions that made it through the company's controls. For instance, payments described as "donations" and made by an employee working to gain government business may actually have been prohibited payments.

In addition to its role in assessing the effectiveness of an organization's controls, big data also can help enhance organizations' compliance efforts from the start. For instance, by assembling and analyzing data from both internal and external sources, big data systems can help organizations determine if potential business partners are named within a terrorism sanctions database.

Given the heightening regulatory environment and the risks of failing to comply with appropriate regulations, organizations today must mount thorough, coordinated and effective compliance programs. Leveraging big data can help them ensure they've done that.