The Department Of Justice (DOJ) and Securities and Exchange Commission (SEC) have both made it clear that they expect companies to be more robust in their use of data analytics in compliance programs. This means using data to not only detect and prevent illegal conduct but also in the remediation prong of any best practices compliance program as well through continuous improvement. This past year, former Deputy Assistant Attorney General Matthew Miner said in a speech that the DOJ will inquire whether compliance departments have access to internal data that could help them identify misconduct and whether compliance officers make adequate use of data analytics in their reviews of companies under investigation. Since at least 2016 in the Foreign Corrupt Practices Act (FCPA) enforcement action involving Key Energy Services, Inc., the SEC has been communicating to compliance professionals of the need for increased use of data and data analytics in any compliance program.
The new DOJ Antitrust Division released its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Guidance), was the clearest regarding this mandate when it stated, “Does the company use any type of screen, communications monitoring tool, or statistical testing designed to identify potential antitrust violations?” For the anti-corruption compliance professional, this means you need to incorporate a statistical analysis into your ongoing monitoring to see if there are any anomalies which could be indications of FCPA violations.
All of this government and regulatory focus on data for a compliance program will require many law school trained compliance practitioners to learn a new skill set to meet this mandate. I was therefore intrigued by a recent Harvard Business Review (HBR) article, entitled “When Data Creates Competitive Advantage”, by Andrei Hagiu and Julian Wright. In the article they laid out several precepts for using corporate data as a competitive advantage. While the authors have focused on customer data you should always remember that the customers of a compliance function are largely corporate employees (and others), I nevertheless, found their piece useful for the compliance professional.
The first thing to consider is the value of obtaining the data. Clearly, the more data a compliance program receives the more information it has in the form of feedback from its customers. This means a higher value add and the higher the value added, the greater the chance that it will create a lasting edge. That edge can be in preventing or detecting conduct which could lead to a FCPA violation, it could be part of continuous monitoring, leading to continuous improvement or it could demonstrate to the DOJ and SEC the robustness of your compliance regime.
Next is how soon do you reach a point where additional data no longer enhances the value of the compliance solution? The more slowly the marginal value decreases, the stronger the solution enhance will be going forward. Fortunately, there is little to no learning drop off for compliance information. The reason is simple, it is a business process and the more data you have and the longer you keep it, the more you can refine your process.
The authors then posed the tangentially related question, “How fast does the relevance of the user data depreciate? If the data becomes obsolete quickly, then all other things being equal, it will be easier for a rival to enter the market, because it does not need to match the incumbent’s years of learning from data.” As the only rival for an effective compliance program in this scenario is an ineffective compliance program, it should not be a construct to overcome.
Next, how well does the data you mine translate into an actionable solution across geographic and business lines? Ideally, it will do both, but the difference between the two is important. When data from one area improves the compliance solution for that section of your business, a company can then customize it across regions or business lines. It can also work to create what the authors term “network effects”. It can also work to make the compliance solution or enhancement both quite “sticky” and also provide a key advantage in competing for new customers.
How fast can you turn the data or its insights into an actionable compliance solution or an upgrade? If you can do so rapidly it can provide faster and greater benefits. But when it takes years or successive product generations to make enhancements based on the data, your compliance solution(s) may well fall by the wayside. This means that competitive advantage from greater data is stronger when the learning translates into more frequent improvements of the compliance solution or enhancement for your current employees rather than simply for future consumers of the compliance solution.
Next, will your data-enabled enhanced compliance solution create true network effects throughout your organization? When learning from one region or business lines translates into a better experience for other employees throughout your organization and when that learning can be incorporated into a compliance solution fast enough to benefit its current users, your employees will care about adopting the product.
The authors caution that “despite these similarities, regular network effects and data-enabled network effects have key differences, and they tend to make advantages based on the regular ones stronger.” First, the cold-start problem is usually less severe with data-enabled network effects, because obtaining data is easier than speculation or worse, no data. This means that alternative sources of data, even if not perfect, can significantly increase your chances of success.
Second, to produce lasting data-enabled network effects, the firm has to work constantly to learn from your corporate data. Finally, with a data-enabled network, nearly all the benefits of learning from corporate data can be achieved with relatively low numbers of employees participating.
The bottom line is that it is not if but when you begin to incorporate corporate information into your compliance program to make your compliance program more efficient and your business process run more effectively. My suggestion is that you begin now to identify the data you have access to and the data to which you currently do not have access. Find a way to bridge that gap.