The slow shift toward data-driven corporate compliance programs has a new accelerant: the government. Now, companies are scrambling to figure out how to meet the latest expectations.
The U.S. Justice Department in June instructed its prosecutors to ask companies that come under investigation whether their compliance teams have access to data, if it is being used to monitor for risks, and test policies and procedures. Authorities also have shown in recent settlements a willingness to cut penalties for companies that have implemented data analytics or monitoring tools into their compliance programs.
The push is incentivizing compliance officers to find ways to access financial and operational data, and adopt technology to better screen for risks such as bribery, which can lead to enormous fines if undetected. Businesses have long used data to drive decision-making in other areas of the enterprise, but adoption of analytics tools in compliance has been slow in part due to budget constraints, cultural hurdles and a lack of one-size-fits-all third-party solutions, compliance officers say.
The market for off-the-shelf solutions also has been slow to develop as companies look for specific tools to suit their risk profiles and compliance needs. Bespoke analytics and monitoring services, meanwhile, can be pricey, a difficult pitch for a corporate function largely viewed as a cost center—especially in the middle of a recession.
“There is no magic formula to this,” said Piyush Sharma, a deputy chief compliance officer at
Alexion Pharmaceuticals Inc.
“Everyone’s coming from different companies with different risk profiles.”
subsidiary in Hungary last year agreed to pay $25 million after probes by the Justice Department and U.S. Securities and Exchange Commission found it had used discounts on software licenses to fund bribes intended for foreign officials.
During the course of the investigations, the software company began building a cutting-edge compliance analytics system that allows Microsoft to flag risky partners and deals. Authorities acknowledged the company’s expanded use of data analytics and transaction monitoring helped the subsidiary secure a lower fine and a more lenient settlement agreement.
Not every company has the financial wherewithal, internal technological know-how—or even the desire—to build an in-house system with the same scope and ambition as Microsoft’s, which is considered to be among the best.
Matthew Penarczyk, Microsoft’s deputy general counsel, said the company was proud of its compliance-analytics program. “CAP is and will continue to be a powerful center of gravity for our compliance efforts,” he said.
Some companies have adopted modest approaches by hiring data scientists or by tapping into a nascent market of third-party vendors.
Drugmaker Alexion, while dealing with a government probe into its compliance with the U.S. Foreign Corrupt Practices Act, an antibribery law, began a revamp of how it manages relationships with doctors, many of whom get its products directly.
In countries with public health-care systems, where doctors are viewed to be government officials, such relationships can pose corruption risks under the FCPA. The company faced claims that it bribed government health-care officials to increase prescription drug sales in Turkey and Russia.
Its search for the right third-party technology, though, turned up few options designed with compliance in mind. Due-diligence service providers often focus on the initial vetting of a business partner or client, and usually don’t provide an easy way for companies to track payments to those parties over time, according to Mr. Sharma at Alexion.
Alexion eventually chose a product from Lextegrity Inc., a startup founded by a former Pfizer Inc. compliance officer, that allows it to marry its compliance policies and procedures around health-care professionals with streamlined approval and work flow, Mr. Sharma said. The software creates a cloud-based repository for some of Alexion’s most high-value compliance data.
“We’re able to look at data proactively, in real time.” he said. “If we didn’t have a tool like this it would be a very manual, laborious process to chase down data in different systems, different databases, from different places.”
In a July settlement with Alexion, the SEC listed revamped health-care professional engagement and oversight processes as a mitigating factor. The company agreed to pay $21.5 million to resolve the SEC’s investigation. The Justice Department, meanwhile, dropped its investigation without taking an enforcement action.
tapped its own information-technology resources and a data scientist to create a bespoke data-analytics program.
The Charlotte, N.C.-based chemicals manufacturer in 2018 said it discovered possible improper payments to third-party sales representatives. Albemarle said it had self reported the potential issues relating to the use of third-party sales representatives to the Justice Department and SEC.
Albemarle, which had been relying on a forensic accountant to provide data analytics on its compliance program, has since brought its monitoring in-house, said Andrew McBride, the company’s compliance chief. The company uses third-party software to monitor for policy violations in employees’ travel and entertainment expense reports and has patched together a series of dashboards using data-visualization software to incorporate data from systems monitoring things such as third-party risks and whistleblower tips.
“The real value was in grabbing that external data, taking data from our own internal systems, and throwing it together in different ways to present a more rich and complete picture,” Mr. McBride said.
Doing it in-house allowed Albemarle to build an analytics program that proved to be useful for the entire business. “It’s really so powerful to show that it’s not just a compliance tool,” he said. “It’s a management tool.”
Write to Dylan Tokar at email@example.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8