Yesterday I began a five-part series on the intersection of Sherlock Holmes, innovation and compliance by considering lessons from A Study in Scarlet converged with the digital transformation of compliance. Today, I want to take this concept a step further by considering innovation in The Blue Carbuncle converging into real-time innovations in compliance using digital technology.

Alice Bonasio, in an article entitled “Sherlock Holmes was the original technology disrupter”, used the story The Blue Carbuncle as an example. In this story a priceless stone was stolen from a hotel guest’s suite. The police immediately suspect a hotel super who was a convicted felon. Holmes see the man is innocent and takes on the task of proving so. It all begins with a top hat belonging to one Henry Baker. Holmes begins by asking Watson what information he can glean from an examination of the hat. Watson replies “I can see nothing”. Holmes replies, “On the contrary, Watson, you can see everything. You fail, however, to reason from what you see. It is perhaps less suggestive than it might have been, and yet there are a few inferences which are very distinct, and a few others which represent at least a strong balance of probability. That the man was highly intellectual is of course obvious upon the face of it, and also that he was fairly well-to-do within the last three years, although he has now fallen upon evil days. He had foresight, but has less now than formerly, pointing to a moral retrogression, which, when taken with the decline in his fortunes, seems to indicate some evil influence, probably drink, at work upon him. This may account for the obvious fact that his wife has ceased to love him.”

Bonasio relates that “While Holmes clearly relies on the power of deduction to make Henry Baker’s hat “come to life” for Watson, technologies such as smart textiles have the potential to eventually record, retain, and decode data in such a way as to uncover all manner of interesting facts about their owners—and literally tell those tales to anybody with the equipment to listen.”

This story seems an appropriate manner to open a study of the recently published article by Vincent M. Walden, a partner at Ernst & Young (EY), entitled “Profit & Loss-of-One (P&L-of-One). In this piece Walden detailed how he and his EY Fraud Investigation & Dispute Services (FIDS) colleagues worked in conjunction with the General Electric (GE) compliance function to “improve compliance by using forensic data analytics to provide behavioral insights to their compliance program.” They did this through the innovative use of “digital twins” which Walden described as “e digital replicas of physical assets that organizations can use for multiple purposes such as the maintenance of power generation equipment, jet engines and heavy machinery.” In a more expansive definition, the consulting firm Gartner, Inc. described “digital twins” as dynamic software models of physical things or systems. Gartner has gone on to suggest “that virtually every connected device eventually could have a digital twin running in simulation so that breakdowns or malfunctions could be predicted in advance — before they occur in the physical world.” The EY/GE team’s innovation was to move that same digital twin concept into the services world of the compliance professional.

The EY/GE team began a pilot program which took historical data on a wide range of identified corruption risks such as gifts, travel, entertainment (GTE), business ventures, foreign officials and sales to state-owned enterprises then combined this risk assessment with information on targeted GE employees. Each employee has a “unique entity with distinctive traits, discernible from their job profile and the data about them contained in GE’s systems. The analytics results will ultimately be used to send relevant, just-in-time communications to that GE employee before they encounter a specific compliance risk.” The next step was to develop risk models for each employee in the pilot. These risk models form a risk profile in an employee’s digital twin. The next step was to overlay “Information from customer relationship management (CRM) and sales tools — combined with data showing future activities for the employee, such as travel reservations — enable the P&L-of-One to predict a potential risk.”

All of this information formed the basis of the ‘P&L-of-One’ system to draw “from historic transaction data and applies a series of decision trees to interpret an employee’s risk level and their specific information or training needs in any given situation. GE compliance professionals can make better, more timely or automated decisions that push tailor-made communications to employees.” The GE employees receive specific, almost real-time messaging and communications to help them navigate any bribery and corruption issues that could arise under the Foreign Corrupt Practices Act (FCPA) or other anti-corruption regimes.

The ‘P&L-of-One” provided three key compliance innovations for GE compliance. The first was in the area of ongoing communications and training. GE compliance was able to deliver to its customers “customized, timely and easily consumable information” which “increases possibilities for reduced risk and greater compliance awareness as compared with overly broad compliance training programs traditionally delivered via web or in-person.” But the ongoing communications and training did not simply stop with a specific message or even messaging, as the company “gained insight into employee preferences when it surveyed hundreds of its salespersons operating in a high-risk region to understand how they want messages delivered to them.” Employees also are able to rate the effectiveness of the communications so giving GE compliance the feedback it needs to help determine effectiveness. This sounds very similar to what the Department of Justice (DOJ) described in its Evaluation of Corporate Compliance Programs (Evaluation) when it discussed ‘tailored’ and ‘effective’ training.

Walden illustrated these concepts through the following diagram:

A second key discernment was in the area of behavioral insights. Chris Costa, the EY Global FIDS chief operating officer who coordinated his firm’s involvement in the pilot project, said “The most striking argument for the P&L-of-One approach is the integration of data analytics and digital twin concepts combined with the human element of compliance monitoring and communications. By building feedback loops into the system, companies will be able to track what type of communication and delivery seems to be the most effective over time and what content needs to be revised to improve its relevancy. In the long run, this enables companies to continuously improve their compliance program based on machine learning principles.”

They were able to do so by employing messaging around three key EY concepts; Automated, Intriguing and Relevant. Automated seeks to drive efficiency, provide transparency and facilitate compliance for repeatable processes so that when the system “identifies a situation that has higher-than-normal risk to the organization, the system sends timely communications to the employee to raise immediate awareness to support ethical decision-making. To inspire employee action, the organization develops messaging in a way that’s the most appropriate for the employee, including format, delivery method and mechanisms.” Under Intriguing the pilot project included gamification techniques such as point scoring, competition with others and rules of play with a plethora of media. Walden noted, “Brief and highly visual communications — through emails, text messages, video clips and other mediums — containing links to helpful information and policy reminders, help promote employee action.” The final EY key was Relevant which meant the employee messages were “customized with a person’s risk profile, job function and activities.”

The innovation demonstrated through the P&L-of-One shows how the digital transformation of compliance through true operationalization will not only burn compliance into the fabric of an organization but illustrates how more robust compliance can make a company run more efficiently and, at the end of the day, more profitably. Walden concludes by stating, “The compliance vision of the future seeks to further move compliance towards a more proactive, advocacy role, which helps organizations by providing needed communications, trainings and responses in an automated, intriguing and relevant fashion. This is the compliance vision of the future and what the authors call the P&L-of-One.”


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018