Q&A: Data-driven anticorruption compliance programmes

February 2024  |  SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION

Financier Worldwide Magazine

February 2024 Issue


FW discusses data-driven anticorruption compliance programmes with Mike Walters, Irina Bautina, Bruno Gomes and Sam Haskins and at FTI Consulting LLP and Bapsy Dastur at VFS Global.

FW: In broad terms, how would you describe the adequacy of companies’ anti-corruption compliance frameworks? Are there any common aspects in need of enhancement?

Walters: In broad terms, the adequacy of companies’ anti-corruption compliance frameworks varies widely. Many organisations, especially those operating internationally, have robust systems, driven by regulatory pressures like the Foreign Corrupt Practices Act and the UK Bribery Act. They have invested in sophisticated technologies and comprehensive training programmes, understanding the severe implications of non-compliance. However, there is always room for improvement, even within these organisations. One common aspect in need of enhancement is the integration and adaptation of these frameworks across different cultural and operational contexts. Global companies often struggle to implement a uniform standard that is both effective and respectful of local practices. Additionally, during business as usual it is often the case that businesses will project an extremely low appetite for the notion of bribery and corruption – in line with company policy, law and regulation. However, it is precisely when the business is stressed in the rush to execute a franchise-level deal or transaction that red flags can get missed or more likely discounted or trivialised as being the overly conservative anxieties of the compliance officer. As such, continuous improvement is necessary. This includes regular updates to reflect the latest regulatory changes and technological advancements, improved training and awareness programmes, and more sophisticated data analytics for monitoring and reporting. The most successful frameworks are those that are dynamic, adapting to new risks and regulatory landscapes, and ingrained in the company’s culture, ensuring compliance and ethical conduct at all levels.

Whistleblower protection adds to fostering a culture of transparency and accountability, contributing to early detection of potential corruption issues.
— Irina Bautina

FW: What do you consider to be the essential components of a robust anti-corruption compliance framework?

Dastur: A robust anti-corruption compliance framework is built on several essential components. First and foremost is a strong ethical culture, set from the top and embraced at all levels of the organisation. Leadership must demonstrate a commitment to integrity and transparency, creating an environment where ethical conduct is valued and reinforced through policies and actions. Secondly, a comprehensive risk assessment is crucial. Organisations need to understand their specific exposure to corruption risks, whether from geographic operations, industry practices or business partnerships. This assessment should guide the development and prioritisation of compliance efforts. Effective policies and procedures form the third pillar. These should clearly outline acceptable and unacceptable behaviours, provide guidance for common scenarios, and establish protocols for reporting and addressing potential issues. Training and communication are also key, ensuring that every employee understands their role in preventing corruption and feels empowered to act accordingly. Fourth, technology and data analytics are increasingly vital. By harnessing data, organisations gain critical insights and foresight, enabling them to identify and analyse patterns and behaviours indicative of potential risks or corruption. Continuous monitoring and analytics allow for the early detection of anomalies, shifting the focus from reactive to proactive mitigation.

Bautina: Another vital component of a robust anti-corruption compliance framework is the establishment of effective and practical whistleblower protection mechanisms. These include, but are not limited to, the implementation of secure confidential reporting channels for employees to timely report corruption or unethical behaviour, vigorous anti-retaliation policies, regular training and support programmes, including counselling and legal assistance to address emotional challenges faced by the whistleblowers. Whistleblower protection adds to fostering a culture of transparency and accountability, contributing to early detection of potential corruption issues, preserving the organisation’s reputation, and is also essential for legal compliance, as many jurisdictions these days mandate safeguards for those reporting misconduct. Finally, a robust anticorruption compliance framework should involve continuous active engagement of external stakeholders, including industry peers and regulatory bodies, to share bests practices, stay informed on the evolving risks and collectively combat corruption challenges. External collaboration enhances the organisation’s overall anti-corruption resilience.

Looking ahead, we can anticipate significant innovations and advances in anti-corruption compliance, driven by technology.
— Sam Haskins

FW: How can a data-driven culture best be cultivated throughout an organisation?

Dastur: Cultivating a data-driven culture is critical because it is not just about having data; it is about using it effectively. When the entire organisation understands and values the power of data, it transforms how it operates. Decisions are made based on evidence, risks are managed more proactively, and the entire organisation becomes more agile and responsive. It is about embedding a mindset where data is seen as a crucial asset, and leveraging it becomes a natural part of every process and decision. Leadership plays a pivotal role in fostering this culture. It starts with leading by example – using data in decision making and openly discussing the value and insights gained from it. Then, it is about providing the necessary tools and training, making sure everyone has access to the data they need and understands how to use it. Encouraging open dialogue about data, celebrating successes and learning from failures are all important too. Essentially, leaders need to create an environment where data driven decision making is the norm, not the exception.

FW: Looking ahead, what innovations and advances can we expect to see in this area? Do you anticipate increasing demand among companies for better anti-corruption compliance solutions?

Haskins: Looking ahead, we can anticipate significant innovations and advances in anti-corruption compliance, driven by technology. One major area of development is the use of artificial intelligence (AI) and machine learning (ML). These technologies can analyse vast datasets more efficiently and accurately, predicting risks and identifying patterns indicative of corrupt behaviour. Blockchain technology is also emerging as a tool for enhancing transparency and security, particularly in supply chains and contract management. We can also expect a greater emphasis on integrating ethics into corporate strategy, making anti-corruption efforts part of the broader business agenda rather than a standalone compliance requirement. This shift will likely involve more cross-functional teams, including data scientists and compliance professionals, working together to innovate and improve anti-corruption strategies.

The most successful frameworks are those that are dynamic, adapting to new risks and regulatory landscapes, and ingrained in the company’s culture.
— Mike Walters

FW: How is technology being used to assist companies with meeting and maintaining their compliance requirements? What benefits do artificial intelligence and automation bring to organisations seeking to mitigate corruption-related risk?

Gomes: Institutions have long been employing technological solutions to enhance their anti-bribery and corruption (ABC) functions. Either by applying technology to automate processes, support reporting, enable data analytics or implement effective data governance. What we increasingly see more of, are institutions exploring how to integrate AI to optimise and enhance their current ABC processes. A 2022 Bank of England survey, ‘Machine learning in UK financial services’, found that 72 percent of financial firms were currently already using or in the process of developing ML applications. The survey reports on how these institutions are employing ML in a range of business areas, with ‘risk management’ in the top two areas, second only to ‘customer engagement’, with both areas accounting for 23 and 28 percent respectively, of all reported applications. In the ABC space, we have observed an increase in institutions expressing interest in integrating AI capabilities into their existing monitoring systems to bolster monitoring effectiveness. The attractiveness of AI applications lies in its capacity to assimilate and leverage extensive and diverse datasets, previously largely untapped by traditional ABC monitoring systems. This includes communications data, varied financial data, real-time compliance monitoring, such as whistleblower reports, and industry-specific information. The consolidation of these diverse datasets within an AI framework significantly elevates the system’s ability to identify red flags, making it a compelling choice for institutions seeking to enhance their processes. Another impactful use case for AI in compliance that we have observed is the integration of AI into solutions designed for policy monitoring. This is particularly relevant for institutions operating in multiple jurisdictions, each subject to varied and distinct regulatory requirements. Solutions leveraging natural language processing (NLP) models can play a crucial role in automatically identifying, analysing and reporting on new legislation in near real-time. Solutions of this type can help to map new regulations to a firm’s current policies and procedures, detect gaps and even suggest how to address those gaps. Although careful consideration needs to be given to managing risk, generative AI leveraging large language models can be a powerful enabler, rapidly summarising and highlighting relevant parts of continuously evolving data to ensure responsible persons stay informed.

A compliance framework is only as strong as the data it relies on.
— Bruno Gomes

FW: What role does a sound data analytics compliance programme have to play in mitigating corruption risks?

Gomes: The integration of data analytics methods and solutions in a firm’s compliance framework is crucial to mitigate corruption risks and ensure adherence to compliance requirements. A compliance framework is only as strong as the data it relies on. An effective data analytics compliance programme should cover not only the typical stages of the traditional data lifecycle, including data generation, collection, processing, storage, management, analysis and visualisation and reporting, but should also set the foundation on how such data will be used, analysed and acted upon in the context of ABC compliance. Another important aspect of a sound data analytics compliance programme is the ability to continuously improve. It is important for the plan to implement a process that defines how past results are used to continuously improve the effectiveness of the programme. This entails adapting current processes and procedures based on past results and the evolving risk landscape.

Continuous monitoring and analytics allow for the early detection of anomalies, shifting the focus from reactive to proactive mitigation.
— Bapsy Dastur

FW: What advice would you offer to companies on improving their use of data within compliance systems and processes? How important is data quality and addressing key risks such as data privacy?

Gomes: A recurring challenge we see clients facing, are those pertaining to data quality and availability. Many organisations have mature data management programmes covering all areas such as data governance, data modelling and design, security, quality and availability. However, such programmes often fail to cater to the specific needs of the compliance function, often covering only the immediate and obvious needs but failing to address the long-term needs of data for compliance purposes. When this happens, institutions find themselves struggling to respond to regulatory changes, which can hinder or limit the effectiveness of the institution’s compliance efforts. My advice would be to ensure that the firm’s data management programme goes beyond addressing the current needs of the compliance function, ensuring that it is also capable of responding to the firm’s long-term compliance needs. For this, training, communication and collaboration between different departments is key for success.

 

Mike Walters helps financial services clients navigate complex risk, financial crime and regulatory compliance issues and helps transform their risk and compliance capabilities in the face of regulatory driven change. He has wide experience of forensic, regulatory, financial crime and investigation work, having led many high-profile global matters during his more than 30-year career. He can be contacted on +44 (0)20 7269 7293 or by email: mike.walters2@fticonsulting.com.

Irina Bautina is a forensic accountant expert based in FTI Consulting’s London office.  In the last 11 years, she has led and supported a variety of complex fraud and bribery and corruption investigations and compliance reviews for large international companies across Europe and Asia, including one investigation in the top ten FCPA settlements list. She can be contacted on +44 (0)20 7269 7247 or by email: irina.bautina@fticonsulting.com.

Bruno Gomes is a data and analytics expert based in FTI Consulting’s London office. He has 15 years’ experience in the establishment, management and delivery of large-scale regulatory, look back and remediation projects across a number of industries, including banking, insurance, logistics and education. He specialises at the intersection of leading technologies and real-world data. He can be contacted on +44 (0)78 9409 3757 or by email: bruno.gomes@fticonsulting.com.

Sam Haskins is a risk and compliance expert based in FTI Consulting’s London office. He helps clients navigate complex regulatory compliance and risk issues and supports financial institutions, regulators and enforcement agencies across the full spectrum of financial regulation. He can be contacted on +44 (0)20 3077 0214 or by email: samuel.haskins@fticonsulting.com.

Bapsy Dastur is the general counsel at VFS Global and is responsible for managing the legal, compliance and risk functions. A qualified solicitor, she joined VFS Global on 1 April 2020, and has experience across the legal, compliance and risk fields with diverse industry experience from around the globe. Her key practice areas include M&A, corporate restructuring, project finance, operational issues, compliance and risk management. She can be contacted by email: communications@vfsglobal.com.

© Financier Worldwide


©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.