Using Data Analytics to Mitigate Compliance Risk

FCPA compliance software is the key to success to ensure risk mitigation, or at least prove due diligence has occurred to prevent compliance violations. The benefit of the software is that it automates the production of FCPA data analytics.

What you don’t know about FCPA Compliance CAN hurt you

Every organization should have well-established internal FCPA compliance policies and procedures in place for their employees to learn and follow. Likewise, internal controls should be established around these policies and procedures to ensure systems are functioning properly and employees are following the rules.

In the payments world, these controls might consist of things such as providing supporting documentation for any master data changes and ensuring payment authority levels are appropriate for an approver’s position according to FCPA compliance policy.  FCPA data analytics must be available and accessible to designated employees. 

Controls may also include demonstrating an ERP system is following workflow protocols for invoice approvals or running queries to ensure invoice details are not changed post-approval.

You may be asking yourself, “What exactly do these types of controls have to do with compliance?” The answer is everything. Using data analytics and technology to ensure compliance isn't just important for FCPA purposes, it's necessary for all spend risk.

According to the ACFE’s 2022 Report to the Nations,

• Corruption was the most common fraud scheme in every global region.
• Corruption cases are most common in large companies.
• The frequency of corruption cases is on the rise – 33% in 2012 compared to 50% in 2022.

In cases involving corruption, the Department of Justice (DOJ) will always refer to a company’s compliance program to test its effectiveness. An effective compliance program is defined as:

• Commitment from Senior Management and a Clearly Articulated Policy Against Corruption

• Code of Conduct and Compliance Policies and Procedures

• Oversight, Autonomy, and Resources

• Risk Assessment

• Training and Continuing Advice

• Incentives and Disciplinary Measures

• Third-Party Due Diligence and Payments

• Confidential Reporting and Internal Investigation

• Continuous Improvement: Periodic Testing and Review

• Mergers and Acquisitions: Pre-Acquisition Due Diligence and Post-Acquisition Integration

• Investigation, Analysis, and Remediation of Misconduct

Utilizing data analytics to ensure FCPA compliance

One of the DOJ’s primary focuses is on continuous improvement through data analytics. And, as it increasingly relies on data analytics for its own investigations, the Department expects companies to follow its lead.

Continuous monitoring is not enough to demonstrate the effectiveness of a compliance program. You must be able to show action has been taken on any issues identified through the FCPA data analysis process, and to do that requires keeping permanent records of how issues have been remediated.

The ACFE found the presence of lack of compliance controls can have a significant impact:

• Lack of internal controls is the #1 control weakness that contributes to occupational fraud.
• The presence of anti-fraud controls is associated with lower fraud losses and quicker fraud detection.
• 81% of victim organizations modified their anti-fraud controls following a fraud event. 75% increased management review procedures; 64% increased proactive data monitoring analysis.

Using data analytics to test FCPA compliance allows you to efficiently sort through incredibly large amounts of data to identify any potential FCPA “red flags” or abnormal transactions that look suspicious or may constitute a bribe. These issues require additional follow-up and due diligence from the company to ensure they are valid records or transactions. And all of this activity must be recorded.

Data analysis can also warn of potential gaps in internal financial controls, compare individuals or vendors in your database against known parties on government watch lists, and identify vendors that are classified as government contractors or foreign officials. 

A lack of due diligence can lead to consequences

What you don’t know CAN most definitely hurt you. A failure to perform adequate due diligence related to bribery and corruption risk could result in serious consequences. 

In what has been referred to as the Monaco Memo, Deputy Attorney General Lisa Monaco warns, "a corporate culture that “fails to invest in compliance …leads to bad results.”

Continuous monitoring with FCPA compliance software and advanced FCPA data analytics can identify other types of payment and expense fraud. It can also help you determine if additional education and training are needed to reinforce your procurement and payment policies.

Fraud is going to happen. There will always be a new scheme around the corner that forces companies to take yet another look at their existing controls and figure out how to prevent the same issue from happening again in the future. Thank goodness there is FCPA compliance software available to help identify and mitigate the risk.

Isn’t it time to make data analytics a part of your compliance program? With corruption on the rise, you can’t afford not to.

The Oversight Solution for FCPA Compliance Monitoring

A continuous transaction monitoring solution is an important part of any effective compliance program. The Oversight solution addresses the DOJ’s guidelines for compliance monitoring, communication with employees, compliance evidence, and audit trails. 

If you would like to learn more about how the Oversight solution works, please visit our Monitoring Solutions Page.

About the The Foreign Corrupt Practices Act (FCPA)

The Foreign Corrupt Practices Act (FCPA), enacted in 1977, generally prohibits the payment of bribes to foreign officials to assist in obtaining or retaining business. The FCPA can apply to prohibited conduct anywhere in the world and extends to publicly traded companies and their officers, directors, employees, stockholders, and agents. Agents can include third-party agents, consultants, distributors, joint-venture partners, and others.

The FCPA also requires issuers to maintain accurate books and records and have a system of internal controls sufficient to, among other things, provide reasonable assurances that transactions are executed, and assets are accessed and accounted for in accordance with management's authorization.

The sanctions for FCPA violations can be significant. The SEC may bring civil enforcement actions against issuers and their officers, directors, employees, stockholders, and agents for violations of the anti-bribery or accounting provisions of the FCPA. Companies and individuals that have committed violations of the FCPA may have to disgorge their ill-gotten gains plus pay prejudgment interest and substantial civil penalties. Companies may also be subject to oversight by an independent consultant.

The SEC and the Department of Justice are jointly responsible for enforcing the FCPA. The SEC's Enforcement Division has created a specialized unit to further enhance its enforcement of the FCPA.

Sources:

¹ https://www.jdsupra.com/legalnews/doj-reintroduces-corporate-compliance-4809185/ 

² https://www.justice.gov/criminal-fraud/file/1292051/download (pages 58-68)

³ https://www.jdsupra.com/legalnews/doj-reintroduces-corporate-compliance-4809185/ 

⁴ https://www.transparency.nl/wp-content/uploads/2016/12/Dont-get-bitten-by-the-FCPA.pdf