The use of data in compliance programs continues to be held up as either a siren’s song or a goal which simply cannot be achieved. Most of the time when compliance practitioners consider how to use big data in a compliance program, it is to obtain more visibility into siloed corporate data to allow more robust compliance oversight and monitoring. However, the basic requirement of the Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs, that a compliance program should be operationalized provides a compliance professional to consider another way to view big data and, more importantly, obtain resources to break down those siloes.

One manner to operationalize compliance is to use big data to improve the internal corporate processes. Compliance is a business process and doing compliance or, in the DOJ’s phrasing, operationalizing compliance means you are moving compliance into your existing or to-be created business processes. As I noted in a prior post, perhaps it is time to ‘reframe the issue’. So why not think about the compliance function’s use of big data as a business process improvement opportunity?

In a recent MIT Sloan Management Review article, entitled “How to Monetize Your Data, Barbara H. Wixom and Jeanne W. Ross considered approaches businesses can take to monetize their internal data. They stated, “Using data to improve operational processes and boost decision-making quality may not be the most glamorous path to monetizing data, but it is the most immediate.” I would also add that it is another way of articulating how to operationalize your data.

The authors note, “Executives often underestimate the financial returns that can be generated by using data to create operational efficiencies. Companies see positive results when they put data and analytics in the hands of employees who are positioned to make decisions, such as those who interact with customers, oversee product development, or run production processes. With data-based insights and clear decision rules, people can deliver more meaningful services, better assess and address customer demands, and optimize production.”

The first step for the Chief Compliance Officer (CCO) is to locate data sources which are needed to or even could operationalize your compliance program. From this point, you should locate data sources which could provide a more robust compliance solution for the company. From there consider how the data could be used in a more robust 360-degree view. Now consider this basic model in the context of gifts, travel and entertainment (GTE) data. Obviously from the compliance perspective, such information is critical to determine corporate compliance with the Foreign Corrupt Practices Act (FCPA) in connection with spending on foreign government officials or employees of state-owned enterprises. A CCO might inquire into who is being entertained and the amount of the spend by company employee or by the recipient. Additionally, if there was a pattern of high spending by one employee or high spending on one foreign official, this might raise a red flag which needs follow up investigation.

Yet the same GTE data could be analyzed for the overall spend to see if there were any suspicious patterns which might indicate expense card abuse. Such indicia might be duplicate payments, spends at just below the threshold for pre-approval or out-of-policy expense reports and out-of-compliance expenses. You could check to determine if an expense is recorded once on a T&E report and then a second time on another expense report or a P-card charge or other type of expense, i.e. double-dipping. From there you can move to determine if they might be an intentional, as opposed to an unintentional, mistake. This could present a significant cost savings or even cost recovery to the company so the data analytics tool could essentially pay for itself. Accounts payable (AP) is always seeking ways for greater efficiency and running such a data analysis is a clear example.

Now consider analysis of your GTE spend in the sales cycle as that same data might also provide insight into your sales cycle forecasting. If your company has a product or service which is complex and requires your customer’s involvement, with activities such as deploying enterprise software, the data could create a better view of “relationships with corporate customers, including what those customers bought, what issues they encountered, and how the company engaged with them.” By looking at your GTE spend on customers over a long period of time, you can help determine if these efforts have resulted in sale (is the spend worth it?), where are the critical junctures in the sales cycle and, finally, how likely a sale closing would be based upon historical data.

The authors suggest such a system of data analysis can help “sales executives more accurately manage their pipelines” because when coupled with “predictive analytics and machine learning to compute the likelihood of a successful sales engagement based on data that the salesperson provided about an opportunity.” Your own data can provide you with “Information about an opportunity’s likelihood of success, along with suggestions on how to advance engagements along the sales pipeline.” This in turn can aid salespeople to prioritize leads and act in ways most likely to achieve their goals. For instance, at “Microsoft salespeople learned how to forecast more accurately (for example, the accuracy of forecasts regarding global accounts has risen from 55% to 70%), which has led to better sales-pipeline data and, in turn, improved pipeline management.”

This example allows you to consider three different uses for your own company data which can improve process in three separate ways. Yet it is all the same data. This means that a CCO can work with other functional disciplines to fund such a project but, equally importantly, you will have more stakeholders that can create a sense of urgency and accountability for the project to acquire the data. It would also provide to the compliance practitioner other process champions within the organization who could provide strong leadership for the lifecycle of the project.

Adding a data analytics feature to your own data can help you to monetize the data in a variety of ways. For the compliance practitioner, it also allows you to operationalize your compliance program by pushing out the data analytics that you would be using into the functional business units. The authors end their piece with the following, “Impressive results from data monetization do not transpire from single “aha” moments. Instead, they stem from a clear data-monetization strategy, combined with investment and commitment.”

Compliance is a process. The DOJ has done the profession a very large favor by requiring us to focus on the operationalization of compliance. Thinking about ways to use and analyze the same data in other corporate functions, such as AP and Sales, is one way to operationalize compliance.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017