• EQS Cockpit
  • Whistleblowing
  • Insider Management
  • Policy manager
  • Investor Targeting
  • Disclosure
  • Webcast
  • Career
Back to overview

Anti-bribery: using technology to enhance your compliance programme (part 3)

Learn about how compliance teams can use technology to enhance their anti-bribery and corruption programme.

Viviane Joynes Viviane Joynes

    On 6th October 2020 Viviane Joynes, Managing Director of the EQS Group’s UK business, hosted the third webinar in the “Bribery Act 10th Anniversary – What we’ve learned so far” series (read part 1 and part 2) which focused on using technology to enhance your compliance programme. She was joined by an expert panel including Rasoul Golparvar, Director at Forensic Risk Alliance (FRA), Trevor Wiles, Partner at the Forensic Risk Alliance (FRA) and Moritz Homann, Managing Director Corporate Compliance at EQS Group. This webinar formed part of the European Compliance and Ethics Conference 2020.

    This article summarises the useful information which came out of the discussion.

    Webinar Series: Bribery Act 10th Anniversary – What we’ve learned so far

    Free access to the replays

    Most organisations are still at the beginning of their digital compliance journey

    • Most companies are still using general purpose software such as spreadsheets, emails and sharepoint. If they do have specialist software it is usually only for specific parts of their compliance programme such as an e-learning tool or policy management software. Very few companies have digitised their programme throughout and use a unified dashboard.
    • Financial institutions are increasingly using AI / robotic process automation in their transaction monitoring and trader surveillance.

    Use technology to improve employee engagement

    • Make compliance accessible and user-friendly – If we take policy management as an example, the standard practice is for companies to save all of their policies on an Intranet page but this makes it difficult for employees to find the information they need. Moritz made the point that policy management technology can help companies to categorise policies and make them searchable, which makes finding policy information far easier from the user’s perspective.
    • Improve communication and training – Trevor highlighted short punchy 5-10 minute online training sessions which employees carry out in their own time and at their own speed. Mobile apps can also help with “compliance on the go” enabling employees to read the latest policy on their smartphone and do their online training when they are on the move. Notifications and banners provided by apps can also help to ‘nudge’ certain behaviours and actions.
    • Acts as a deterrent – As highlighted another benefit of technology which is that when actions are being tracked it makes it more likely that employees violating ethics and compliance codes and rules are identified and prosecuted. So technology also helps to reduce employee temptation to engage in misconduct.
    Building an Effective Anti-Bribery and Corruption Programme

    Key principles of establishing an effective ABC programme

    Free download

    Making the best use of data and KPIs

    • Data and KPIs allow you to track the effectiveness of your compliance programme – As soon as a process is automated, it starts to generate data. These insights allow you to identify trends as well as any gaps or potential blind spots in your programme. To take one example, a whistleblowing system offers a full overview of all reports, but if no reports are coming in from a particular geographic area it could be a red flag for the compliance team. It might be that the system has not been well communicated in that area, it might be a cultural issue or there might be fear of retaliation. The data gives you the anomaly, then you have to dig deeper to interpret the data and rectify the problem.
    • Help other areas of the business – getting buy-in from the business and stakeholders is key to a successful compliance programme. The process of gathering and cleaning data, and embedding data and analytical processes into a particular compliance area, can also benefit other departments. For example, implementing policy management software requires comprehensive employee data and, if this does not already exist in one place in the right format, the process of building this clean and unified data set is a useful service to HR.

     

    The panel also offered some useful recommendations on working with data and KPIs:

    • Start by working out what risks you want to measure, and then find the relevant data – Doing things in this order is keyto ensuring that what you are doing is effective.Think about the risks and what data is required to track and measure the risks. Where is the data, what format is this data in, what stakeholders do I need to engage and how accessible is the data? Don’t be afraid to look outside your organisation for external data sets to enrich your internal data.
    • Gain a comprehensive data overview – Many compliance teams use different vendors and processes for different compliance areas which makes it difficult to get the complete data overview and often leads to time-consuming manual data collection and analysis work. Gain the overview by either switching to one provider with a holistic dashboard or using APIs and an overarching business intelligence tool to create dashboards and analyse the data.
    • Start small – Don’t try and solve everything at once. Pick one risk area such as third party supplier risk and work out what data you will need. This will prove to your organisation the benefits of technology and analytics and this makes it much easier to move onto another risk area. It also gives you useful insights on your team and organisational capability.
    • Choose the right data analysis technique for the task – There are many different data analysis techniques for ABC which range in complexity. While there is a lot of hype around AI,the compliance journey begins with less complex techniques such as rules based, descriptive tests and risk scoring. Starting with these will give you time to help you to identify and prepare your data, learn your tests and determine what testing is suitable.

    Use dashboards as a starting point for further analysis

    • We all love dashboards! They provide a great global overview, look pretty and help compliance teams to spot trends.
    • Don’t get caught up in your dashboard charts and KPIs which may give you a false impression that everything is running smoothly. It’s still important to engage with people and connect with the workforce. There might be risks out there which your dashboard doesn’t measure.

    Artificial Intelligence…

    • It won’t be taking over the compliance function any time soon! There are too many grey areas and ethics-relateddecisions involved in compliancefor AI to be able to take over. We are however seeing more process automation where humans set the rules, and robots help us to streamline and analyse data. This increases efficiency andtakes away a lot of the mundane tasks but there are risks (see following point).
    • Know what is under the bonnet! If you have to face up to a prosecutor to explain your compliance programme, you need to understand the AI you are using, any limitations and why these limitations are acceptable.
    • Use AI to demonstrate continuous compliance improvement to regulators – Regulators are encouraging greater use of technology and in their DPA language the US Department of Justice has started asking whether AI and data analytics are being used to monitor risks and test policies and procedures.

    As with anything, go for continuous improvement

    • Don’t forget the feedback loop –Tests, rules and alerts need to be reviewed so that the process is continuously improved. Take the example of financial transaction processing: while machine learning tests generate alerts for suspicious transactions, these tests can generate false positives and there is a real cost to compliance teams in reviewing these. Human intervention is essential in reviewing and optimising this alert generation.
    • Ensure early and continued buy-in from stakeholders because you will need them on your technological compliance journey. These typically include the business, internal audit, analytics, IT and legal.

     

    Read more: 

    All compliance solutions in one place

    The EQS Compliance COCKPIT combines the most important compliance workflows in one integrated platform.

    Viviane Joynes
    Viviane Joynes

    Managing Director – EQS Group | Viviane is Managing Director of EQS Group’s UK Business. She has extensive experience of advising UK and European companies on their corporate governance, compliance and IR practices. Prior to joining EQS her roles included heading up the IR Services at Capita Asset Services (now Link Asset Services) and being Managing Partner of a corporate governance and communications consultancy.

    Contact