Big Data 3Earlier this year the Wall Street Journal (WSJ) ran a series called Journal Report entitled CIO Network. They met with and surveyed many Chief Information Officers (CIOs) over multiple business sectors. I found the entire section quite enlightening around the issues of big data and its uses by the compliance function and a Chief Compliance Officer (CCO).

In one panel the WSJ’s Rebecca Blumenstein spoke with Hilary Mason, the Chief Executive Officer (CEO) and Founder of Fast Forward Labs. I found her remarks quite useful for a CCO to consider. When asked what were some of the biggest misunderstandings about data, Mason replied that when people only look at individual data because it is more useful to “know what a population of people are doing.”

She went on to note that the more transparency there was involving data, the less they thought of it as a liability. As a CCO how many times have you heard something along the lines of “If we look we might find something”. This defensive attitude can keep you from making use of some of the most useful information to you, your own data.

She also noted, “the democratization of data access has allowed that organization to become much more data oriented in decision making.” I found this to be a key insight for the compliance function. Do not hoard your data. This means more than simply using it but also making it available to the business folks to help them to make their decisions more in compliance. This transparency will not only improve the quality of your decision making but it should also allow you to bring more robust compliance analysis into the fabric of your organization.

In another area of the Journal Report technological executives were divided into task forces to discuss management and policy issues. I found the issues they articulated resonated with similar issues for the CCO or compliance practitioner. I have adapted some of the results they came up with from the CIO perspective to how a CCO or compliance practitioner might consider them going forward.

You should work to create a culture of data in your compliance program. This comes from an understanding that data is a product, which you can consume internally in the compliance function. Your data is a corporate asset so why not use it. I once heard Scott Lane, founder and Executive Chairman of the Red Flag Group, say that it is your data so why not use it? That is a key point that you should recognize. Yet data is not simply big or even scary. It is information that you can use in helping you make better decisions. The CCO needs to find a way to deliver compliance analytics in a manner that is timely within your company’s everyday decision-making calculus.

You will need to get your digital information right. That means several sources of data to help you choose the best course of action. Earlier this year, Deadspin reported on a joint investigation between BuzzFeed UK and the BBC, in an article entitled “The Tennis Racket”, which looked at what they believed was suspicious betting in professional tennis matches. They used a transactional analysis to come up with the players involved and matches they allegedly fixed at the behest of gamblers. This use of data analysis pointed to this key lesson, data analysis is only the starting point in any investigation. You need to review other data to make an action plan. Other sources of information might include interviewing witnesses, reviewing documents, looking at injury factors that might have influenced the outcome of tennis matches. It is not simply enough to identify suspicious activities, you need to determine the facts behind the numbers and then analyze both the numbers and the facts. If warranted, remedial action would then be appropriate. Any best practices program should prevent, detect, and remediate.

Another important point is the integration of compliance data into your overall business strategy. One area that compliance is often criticized is that it does not support an overall business goal. By determining a way to use compliance analysis from your data in a manner that supports the business unit going forward, compliance can become an input into business strategy. An example might be in your sales models. Does your business use employees, commissioned sales representatives or entities such as distributors to sell? All of these present not only different types of compliance risks but different types of compliance solutions. By building relationships with all levels throughout the company, you will have the opportunity to move into the trusted business partner realm.

Innovation in compliance is really nothing new. Best practices compliance programs have evolved from as far back as the Metcalf and Eddy enforcement action, through Opinion Release 04-02, to the current Ten Hallmarks of an Effective Compliance Program as set out in the FCPA Guidance. Even within these frameworks there has always been evolution of compliance. This is to be embraced because the consequences of not doing so are too catastrophic.

All of this means that compliance should use data to help establish a culture of innovation in the compliance function. Every CCO should be looking beyond today. Arnold & Porter LLP partner Stephen Martin has long advocated a one, three and five year compliance program outlook that you should regularly review and update. From the data perspective you should consider what this might mean from a technological perspective and how you can enable that transformation going forward.

This also means looking outside your own company for inspiration and innovation. Design thinking can be a key way for you avoid getting stuck in a specific paradigm inside your own organization. Think about what your internal or external clients will need to be able to do business in compliance, with the top risk management in place to allow them to move forward. Finally, practice transparency. Remember you are not the legal department, keeping information close to your vest. The compliance mandate is different. If a problem arises, the first job of the CCO is to fix the problem.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016