As featured in GRC Outlook
Organisations are facing increasing expectations to proactively identify and mitigate financial crime, sanctions, and fraud risks due to emerging market trends, stricter regulations and requirements for greater transparency and society’s need for higher standards of corporate ethics.
Compliance programs play a crucial role in an organisation’s risk management strategy, creating a framework to mitigate identified business risks such as money laundering and bribery and corruption, as well as driving an ethical culture.
In navigating these challenges, many organisations are investing in Data Analytics to underpin their compliance program infrastructure, harnessing the ability to identify, investigate and prevent wrongdoing and addressing the rising demands.
Incorporating Data Analytics across a compliance program
Effective anti-money laundering (AML) and anti-bribery and corruption (ABC) compliance programs have many common elements to identify potentially suspicious activities, including the use of Data Analytics to monitor all manner of transactions.
Recent events have seen regulators take a stricter stance on non-compliance with AML and ABC laws and regulations, leading to increased enforcement and fines as well as new regulations and higher expectations of compliance programs.
In 2011, the Ministry of Justice issued guidance encouraging organisations to monitor and improve their procedures. The Serious Fraud Office followed, with guidance which noted “… such as the use of data analytics to test compliance controls and behaviour’’ and in 2017 the Department of Justice (‘DOJ’) published guidance, explaining their requirements for the evaluation of compliance programs during an investigation. In its recent update, the DOJ set out the common elements of a compliance program, focusing on the design of the program, the resourcing and authority of the compliance team, and whether the program works in practice.
During 2018, the AML/CTF Industry Partnership released a working paper,‘ focusing on greater adoption and collaboration between analytics tools and human judgement to strengthen AML/CTF frameworks. And in 2021, the Financial Action Task Force also highlighted the importance of technology, noting that combining digital solutions with human experts’ analytical skills produces more effective and robust systems.
Data Analytics can contribute at each stage of a compliance program. Rules-based analytics are highly effective at monitoring compliance with internal controls, while statistical analysis identifies patterns and highlights irregularities. Risk scoring augments risk assessments, while benchmarking compares compliance risks against industry sectors or regulatory standards to identify high-risk areas.
Data visualisation can be used to present complex data in a concise and informative manner. Good visualisations help derive insights, highlighting patterns and anomalies that may indicate areas of concern. Network analytics takes this further, providing a single view of interconnecting structured and unstructured datasets, uncovering relationships between individuals and organisations that otherwise appear unconnected, making it particularly applicable to AML.
Machine learning algorithms can be trained to identify patterns and anomalies which may not otherwise be observed by traditional methods. As new fraud schemes emerge, they can also be retrained to detect these, making it more effective over time.
Whilst vast amounts of data can present challenges, almost all activities and behaviour are now electronically captured, leaving some trace or electronic footprint which can be detected and analysed. There can be challenges such as data quality and privacy, the required expertise, cost, and time all of which require a proactive approach and investment in data governance policies and tools.
Supporting the Design of an Organisation’s Compliance Program
A risk assessment has always been a foundation of any compliance response. Data Analytics can now be used to increase the assessment’s reach and sophistication, assisting in the identification of potential compliance risks through the analysis of entire data sets, uncovering patterns and anomalies that may indicate potential undesired activity.
By using Data Analytics, organisations can streamline, standardise, and automate significant amounts of repetitive work, releasing subject matter experts to focus on analysis and any remediation required.
Does the Corporation’s Compliance Program Work in Practice?
Data Analytics can help demonstrate a compliance program’s effectiveness by providing continuous monitoring and testing, identifying potential compliance violations at each Line of Defence.
This can include automated transaction monitoring to detect control deviations, process mining techniques to identify inefficiencies and gaps or text analytics to analyse large volumes of unstructured data. Interactive dashboards visualise data trends and can monitor overall compliance, providing relevant stakeholders, including Senior Management, functions and employees with targeted information and actionable insights.
The Impact of Data Analytics on an organisation’s culture
No matter how comprehensive an organisation’s risk management policies and procedures are, if they are not aligned with and embedded into the daily culture, their effectiveness will be severely diminished.
A strong compliance culture starts with the ‘Tone at the Top’ and is set by an organisation’s values, supported by regular communication, training, and awareness campaigns. When embedded, it is owned by its employees, the consequence of unethical conduct is clear and there is a sense of responsibility and accountability evident throughout.
Measuring a compliance culture can be a challenge. Dashboards and scorecards can provide tailored insights through user friendly visualisations of metrics such as training, incident tracking and employee engagement.
The Benefits of using Data Analytics in compliance are clear
The challenge for any organisation is to maintain the relevance of a compliance program following its launch and to measure its effectiveness.
Leveraging Data Analytics benefits a compliance program by standardising, simplifying, and reducing the administrative burden, whilst providing greater insight and timely identification of non-compliance or potential fraud to effect change. It enables concise messaging of anomalies and findings through interactive visualisations, achieving greater robustness and opportunity to proactively identify and mitigate risks, monitors the fulfilment of regulatory requirements, and helps to achieve a strong risk compliance culture across the organisation with truly engaged employees.
 UK Serious Fraud Office, ‘Deferred Prosecution Agreements’, October 2020, https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/
 US Department of Justice, Criminal Division, Fraud Section, ‘Evaluation of Corporate Compliance Programs’, February 2017, https://publicprocurementinternational.com/wp-content/uploads/2019/05/Feb-2017-DOJ-Guidance-Evaluation-of-Corporate-Compliance-Programs.pdf
 US Department of Justice Criminal Division, ‘Evaluation of Corporate Compliance Programs (Updated March 2023)’, March 2023
 ‘Adopting Data Analytics Methods for AML/CTF, 12 November 2018