Data-Governance and Anti-Bribery/ Data Privacy

Two of the most common catchphrases in corporate compliance these days are “data governance” and “anti-bribery.” So today, let’s talk about how those concepts connect — how organizations need strong data governance if they want to have an effective anti-bribery program.

First, we need to be clear about what data governance does. It manages how information flows through your organization; how data is created, described, stored, retrieved, and ultimately destroyed. 

So yes, data governance is partly a process of moving bits and bytes around your company’s IT systems. But successful data governance is much more about policies that dictate how your other business processes create information about what those processes do. 

Why is that important at all, and why is it important specifically for anti-bribery programs? For a few reasons:

At their simplest, anti-bribery programs exist to help your company avoid an enforcement action. To avoid an enforcement action, you need to present evidence. To present evidence, you need to have evidence. Therefore your processes need to generate evidence you can manage. Actually, the same applies for your data privacy programs; if you have a breach, your will have to present evidence to the National Privacy Commission.

That’s what effective data governance does for anti-bribery and data privacy programs. It generates the evidence you need to prove that yes, you trained the employees dutifully; or that you performed sufficient due diligence on the third party; or that you assessed the effectiveness of your program and made improvements.

Can you do all those tasks without strong data governance? Sure, although the chores of collecting evidence will be time-consuming and costly. And that brings us to another point that’s important but not readily apparent: to achieve strong data governance it is necessary to automate your anti-bribery / data privacy compliance programs. 

Automating compliance processes is a worthy goal, but “automation” really means IT systems acting on data without close human oversight. Those systems cannot process data unless it exists in certain states; labels to describe data have been properly defined; values for data have been properly entered; and so forth. Seamless processes only work with strong data governance.

Can you have strong data governance policies without strong anti-bribery policies, or vice-versa? Theoretically yes, but over the long run you create more work for your compliance program, because one policy will be out of step with the other.

That is, if you have clear policies for how to process data about third parties, but the compliance program never actually collects that data in the first place, who cares about proper data formatting? Or if you collect data about third parties but store it in various formats across numerous spreadsheets, you’ll have more work to do when regulators ask to see it.

The most astute path for a compliance officer is to think about anti-bribery policies and procedures in terms of data governance. “How can I build anti-bribery processes and policies that prevent corruption in an individual transaction; and that give me the right information to study our anti-bribery efforts in aggregate?” “If I have the systems in place for anti-bribery, it’s easy to extent that to data privacy security, to cyber security and cyber crime, to quality control and fraud incidents.

Ethics and compliance is challenging!! If you need assistance, we have teams available to assist.

Comments are welcome – contact me at [email protected]