Data in Compliance Programs

I recently assisted a company with their conflicts of interest (COI) procedures, which has me thinking more broadly about data, data, data.  The company uses a third-party service provider, which facilitates employee disclosures regarding conflicts and tracking of those controls that are required to mitigate the risks of COIs.  The software is similar to incident response software used for tracking investigations. The advantage of using this type of system is that it allows the company to track the number of conflicts disclosed by business unit, employee level, geography, type of conflict, controls utilized, and other factors and to fairly easily report that information to senior leaders and the board.

The system also creates a huge pool of data, similar to data collected on reports of suspected misconduct and compliance investigations.  While I was advising the company on one particular aspect of their COI process, I couldn’t help but think about the enormous amount of data that the system generates each year, and what the company does – and might do – with that data.  Perhaps an uptick in COI disclosures in a particular business or region should prompt an audit or additional training for that group.  Perhaps a relatively higher number of disclosed conflicts at high levels in the organization should prompt additional oversight by the audit committee of this risk area.  Pinpointing what types of personal conflicts are more likely to arise in particular regions or business units, or in the company more generally, could lead to more effective training and communications and more effective auditing for undisclosed COIs.  Explaining the ways in which the data is being monitored could increase leadership and the board’s comfort level about controls more generally.

The DOJ has been urging companies to adopt a more data-driven approach to compliance for a number of years, and DOJ has also increased its own expertise on use of data in compliance programs.  In the fall of 2022, the DOJ hired Matt Galvin into the Fraud Section’s Corporate Enforcement, Compliance and Policy Unit in the newly created role of Counsel for Compliance and Data Analytics.  Matt is well-known in the compliance community for his pioneering work while serving as the chief compliance officer at AB InBev in leveraging data analytics in that company’s compliance program. 

As an important aside, Matt will be speaking at PLI’s C&E Essentials program in New York on June 27 on the topic of using data analytics in your program.  I’m super excited to hear from Matt about this critical topic. More information on the PLI program is here:  PLI – Compliance and Ethics Essentials 2023 – Schedule & Registration

We in the compliance community have made good progress in our use of helpline and investigations data; due diligence data; and data gleaned from audits and employee surveys to pinpoint program needs and make improvements.  But there is undoubtedly more to be done both in analyzing data to understand our organization’s compliance risks and in automating parts of our program that can benefit from greater automation.  We would love to hear from you about ways that you use data in your program.