Global organisations have, for a long time, struggled to adequately manage fraud and corruption risks, which cost them dearly both monetarily and in reputation. A recently published report by the Association of Certified Fraud Examiners estimates that these risks, when gone undetected, can cost organisations upwards of five percent in annual revenue. With such a hefty price tag, it is somewhat surprising that the shift towards adopting appropriate data-driven compliance programmes has been so slow. As the COVID-19 pandemic continues to disrupt how businesses are run and illegal activity becomes increasingly sophisticated, the need for robust programs has never been greater.
Added pressures for global organisations to adopt data-driven anti-corruption strategies are the expectations of governments and regulators. In June, the US Department of Justice instructed prosecutors to check that compliance teams at companies under investigation have access to data and, if so, how it is being used. They prioritised the need for data across compliance programs from monitoring transactions, monitoring program performance, assessing risks in a dynamic fashion rather than a snapshot in time, to using data to manage third party risk across their lifespan. Recent settlements have shown a cut in fines and penalties for those that have implemented data analytics or monitoring tools in their compliance programs. But will these incentives really push the dial towards much-needed adoption of technology?
While organisations have long used data to drive decision making in many areas, there has been a certain reticence to use data for compliance. Reasons for this include budget constraints, company culture and a perceived lack of one-size-fits-all third-party solutions. But these reasons will only go so far today, as the need for such technologies has only accelerated due to disruption caused by COVID-19 and compliance teams facing pressure to address mounting and varied risks with fewer resources as they work remotely.
Technologies now exist that enable compliance teams at companies of any size to implement next-generation controls to detect and prevent corruption and fraud far more effectively than before. These enable more end-to-end controls using data, so corrupt contracts are never signed, corrupt payments are never approved and potentially problematic transactions are identified and remediated quickly.
Presently, most global organisations rely heavily on audit to conduct reviews of spend on a periodic basis in high-risk countries by choosing a sample of transactions. For example, audit might visit a high-risk country once every three years and choose the top ten payments made to a sample of third parties identified as high-risk from the company’s third-party due diligence process. The periodic nature of such audits as well as the lack of sophistication in the typical sample selection can lead to suspicious transactions not being spotted. Worse still, if they are eventually spotted late, corruption or fraud may have become systemic in the years between the previous and current audits. The promise of using data analytics instead is huge.
Appropriate software can allow entities of all sizes to replace the typical sample selection process with more sophisticated data analytics. Off-the-shelf software that can run spend data, from enterprise spend systems through libraries of fraud analytic tests already exists. Algorithms may identify statistical anomalies in a certain expense category, for example in order to reveal invoices that may be fraudulent. In this instance, each invoice or expense report may be subjected to several dozen analytical tests running concurrently to provide an aggregate risk score. Software tools exist today that enable companies to implement such cutting-edge data analytics without needing any data scientists or computer programmers on staff. Such tools allow any compliance professional to control those tests, turning them on or off or adjusting their strength level such that the resulting risk scores accurately reflect the unique risks of the company.
Data analytics can be used in myriad other ways to benefit and strengthen compliance programs and help various teams working within the organisation, including compliance, investigations, audit and the commercial business. The push for such robust forms of control allows organisations to reimagine how compliance and investigations functions work and in turn makes them more effective in combatting fraud and corruption.
Such data analytics platforms can risk-score countries, employees, vendors or individual government officials, customer employees or healthcare providers. In doing so, compliance teams can move away from relying on subjective analysis that relies predominantly on surveys or high-level metrics like total expenditure and move to more objective risk analyses. This is much less time consuming and much more reliable.
For investigations teams, a data analytics platform can accelerate the accuracy of investigations and the time needed to scope and complete an investigation and implement ongoing remediation. If an investigator identifies a pattern of behaviour indicative of fraud or corruption, such as certain keywords used in a certain country for a certain type of expense, data analytic settings have the ability to be modified in real time, allowing them to look for that specific pattern and identify similar transactions promptly. Real-time analytics can allow an investigator to monitor transactions more closely both during an investigation and any ensuing probationary period, providing investigators with a powerful digital forensic analysis tool.
Internal audit teams can certainly benefit from data-driven risk visualisations, which help them objectively scope audits more effectively. Software can also expose underlying data, such as receipts from entertainment in expense reports, to make the auditor’s job even more efficient. Particularly in a Covid environment in which audit teams may be grounded, such risk-scoring of 100% of transactions entirely remotely can transform a traditional audit function.
While it is true that data analytics cannot determine for certain whether a transaction is fraudulent or corrupt, the combination of technology and human intervention by compliance and audit professionals can ensure that risks and issues are being appropriately identified and then remediated. This type of software can also provide those teams with workflows to document the work they have done in responding to the flagged transactions; in essence making the entire process more effective, efficient, and less expensive in the long run.
As the world changes and the sophistication of criminal activity ramps up, the onus is on organisations to ensure that they are not susceptible to fraud and corruption. Regulators and governments are demanding more robust and efficient programs and incentivising those that adopt them. There is little doubt that to tackle corruption and fraud effectively, today’s compliance programs must include the use of data and technology. Unified spend approval processes, integration with spend systems and continuous spend monitoring can provide end-to-end controls to prevent and detect illicit transfers of money and other benefits. Fortunately, the future of compliance is already here. Software tools exist today for organisations of any size to implement such end-to-end controls. By implementing them, compliance professionals can contribute to a world of ever-diminishing fraud and corruption and while protecting their companies and employees globally.
Parth Chanda is the founder and CEO at Lextegrity, a compliance and regtech software provider