If it is not clear already this month, innovation does not simply come from a technical or even service perspective but can improve your compliance program from a wide variety of perspectives. We have considered a variety of issues related to innovation. Now we consider how you think through a compliance related issue as an innovation.
Every compliance practitioner recognizes the prevent, find and fix tripartite approach to compliance. Many compliance practitioners believe that if you can move your program from one focused on detection to one focused on prevention, you have not only a more robust program but also one which is more fully operationalized as it would be closer to the ground and the front lines of employees.
Data and its analysis can be used in both approaches. Further data can be used in both approaches for multiple approaches to doing compliance. It can be used to simply stop behavior. However, data and data analytics can be used to further training, education and communication around compliance. The question becomes, which is better: real-time monitoring or right-time monitoring?
Consider the critique that monitoring of gifts, travel and entertainment (GTE) is always going to be 30-60 days behind the actual real-time event because it will take an employee 30 days to input their expenses into the system, have a supervisor approve it, and it goes to accounts payable for input. Does such a critique defeat a best practices compliance program which is dedicated to moving from simply a detect prong to a prevent prong?
However, an innovation can occur from how you consider the problem. So instead of a real-time review focus, consider a ‘right-time’ review focus. Patrick Taylor, President and CEO of Oversight Systems says the way to think through the issue is “What is the right time for the analysis?” He detailed the situation where your company has a corporate card program, or you use a corporate credit card. Through those mechanisms, you should be able to access those feeds every day from your card vendor, from your bank or card issuer. If you had that quantum and quality of information, there might well be certain things worth looking for. The classic example might be somebody spends some money at an adult entertainment establishment that masquerades as a restaurant because I may want to reprimand that employee or that behavior immediately.
Yet if your company uses an expense reporting system like a Concur or Pro River; the expenses can be previewed while they are in process; that is, before they are paid by your organization. It might be perhaps even before the employee’s manager approves the expenses. There could be a rash of information and data to look for at that time to give the manager a heads up to take a bit of a deeper dive into the expense report.
Finally, there are some GTE expense which are best looked at with the longer-term view. This could include expenses reports used to try to influence employee behavior. As a compliance professional, you are better off demonstrating a pattern of questionable or abusive expense-related items, as opposed to nagging one-off expenses report entries. Further there may be situations where there are literally bursts of activity which I would like to let pass by before trying to download that analysis. The question for the compliance professional is “What do I have, right?” Obviously, you cannot perform the analysis before you have data. The question you must work through is when do you have the data and then what is the right time to do any particular kind of analysis of that data? Because it may not always be the "real-time" when I found, when I've got it. Be much more concerned about what's the "right" time.
By thinking about what you are attempting to accomplish through your monitoring, it can help to inform your compliance program going forward, usually in a variety of ways. In the GTE example discussed in this piece, if you want to move to something closer to real-time monitoring, you will need to move towards the corporate credit card model, with real-time viewing of the purchases on the card. From there you can make a preliminary assessment if you want or need to use that data from the compliance perspective. Moreover, you should never forget that a much longer right-time review and perspective can be equally valuable for many of your other business processes going forward.
It is this final point, which makes clear the power of operationalizing your compliance program. If you put the architecture of compliance closest to those in the field who are literally on the front lines of your organization you should be able to obtain the data nearest to the customer. That data can be sliced and diced in a variety of ways which allow incorporate back into your continuous learning loop (OODA feedback loop) so that you can determine the most efficient business process going forward. When compliance can wed its prevent, find and fix mandate with overall business process performance, it can make a company more efficient and more profitable.
Three Key Takeaways
This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights on Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.