Powerful Analytics needed in Integrated Compliance Management

Let me start by stating why I am committed to compliance management: it is important because noncompliance may result in fines, security breaches, loss of certification, or other damage to your business. Staying on top of compliance changes and updates prevents disruption of your business processes and saves money.

The most significant risk for compliance officers is that they fail to understand what is happening in the organization. That occurs when compliance officers have an incomplete picture of activities: data from only half the operating divisions, key facts missing from a specific allegation of misconduct, and so on.

Integrated compliance management consolidates information in an accurate, useful way enabling compliance officers to contextualize that information into broader trends of compliance activity, which in turn will allow for a more methodological and analytical approach to managing compliance.

Without effective centralization and normalization of data, none of the powerful analytics is possible in the first place. Let’s take the example of whistleblower hotlines, a vital tool to collect reports of misconduct. Don’t assume that in your organization most reports of misconduct come from employees speaking to managers; they will be scared to do that.

An integrated platform can even connect your case management process to your conflicts of interest process. This connection would flag any conflicts related to specific cases, shedding additional light on the investigation, and allowing you to take appropriate corrective measures. Regulatory guidance has already highlighted the need for better data analytics, the criteria for which is also clearly laid out:

Adequate access of compliance officers to data (recall the earlier point on data centralization). Data consolidation to ensure timely and effective monitoring or testing controls and mitigation plans. Leveraging data to discern patterns, trends, relationships, and anomalies as real-time early warning systems.

So, let’s dive into a few of the compliance objectives that become tangible to compliance officers with integrated compliance management and robust data analytics:

Better Risk Management Smartly designed compliance processes (read: risk controls) are crucial components of an effective compliance program. However, these controls are bound to fail from time to time, which is why any robust compliance program must include reliable reporting and analytical functionalities. These two components are the nervous system of a compliance program bringing potential concerns about misconduct, changes in risk factors, and risky trends and patterns to the compliance officer’s attention.

Powering Preventive Compliance Measures need to be in place for companies to show preventive compliance. Both the National Privacy Commission and the Philippine Competition Commission have been careful with fining so far. But their impact on the reputation of companies is clearly visible.

Reactive compliance will no longer cut it today, a proactive approach to preventing misconduct must be taken if stopping global corruption is the goal.

Striving for Impact Effective compliance management rests on impactful measurement solutions. Measuring how your policies and procedures work in practice allows you to truly assess how well controls protect your business from violations, how well you deal with misconduct when it strikes, and how much damage you will be able to mitigate. If you lack effective monitoring and analytics functions, you will miss the critical part that will transform your program from process-oriented to impact-oriented.

Program Evaluation Compliance departments with advanced data analytics can rely on real-time data feeds to make the association between risk factors across the business to identify changes in risks and instantly bring the need to reassess control to the stakeholder’s attention.

These real-time insights differentiate reactive from proactive compliance. Transforming your program to be proactive can only be achieved with sound data analytics.

Process automation – my partners are offering software automation for larger companies to supervise their departments and subsidiaries for data privacy protection and cyber security. I feel that the time has come to extend that kind of compliance management to fair competition / anti-trust and anti-corruption.

Feedback is appreciated; and if you need assistance, contact me at [email protected]