In the most recent episode of Data Driven Compliance, Tom Fox spoke with Vince Walden, founder and President of konaAI about one of the most talked-about events in the compliance world; Assistant Attorney General Nicole Argentieri’s keynote speech at the SCCE CEI, where she discussed the much-anticipated 2024 update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (2024 Update). It has sent ripples across the compliance community, and therefore is crucial that we dissect what it means for compliance professionals today.
2024 Update: A New Era for Compliance
The 2024 Update places a significant emphasis on data access and the role of compliance professionals in leveraging that data to monitor and enhance compliance programs effectively. Walden highlighted the importance of ensuring that compliance and control personnel have sufficient direct or indirect access to relevant sources of data. This shift indicates a new era where data analytics is not just an add-on to compliance programs but a fundamental component.
For compliance officers, this means that your role is expanding beyond traditional oversight functions. Walden pointed out the compliance professionals are now expected to be deeply involved in the data-driven aspects of compliance, including accessing and analyzing business data that goes beyond internally generated statistics. This could include transactional data from ERP systems, payment records, invoices, and sales information—essentially, the real-world data where fraud, bribery, and other risks manifest.
Importance of Non-Compliance Data
One of the critical points raised by Vince Walden is that many companies mistakenly focus solely on compliance-generated data, such as training completion rates, hotline statistics, and due diligence checks. While these metrics are important, they do not paint the full picture of potential risks within a business.
Fraud, corruption, and other compliance risks do not occur in compliance reports—they happen in business transactions. Therefore, the DOJ’s emphasis on accessing non-compliance data, such as payments, purchase orders, and sales transactions, underscores the need for compliance professionals to broaden their focus. It is about shifting from monitoring compliance activities to understanding the underlying business operations where risks might be lurking.
The Role of ERP Systems in Compliance
ERP (Enterprise Resource Planning) systems are at the heart of this new DOJ focus. These systems manage all the core business processes, from supply chain management to financials, and hold the key data that compliance professionals need to access and analyze. The 2024 Update explicitly mentions ERP systems in the context of mergers and acquisitions, emphasizing that compliance professionals need to understand and utilize these systems effectively.
Walden emphasized that if you are a compliance officer and ERP systems are a foreign concept to you, now is the time to familiarize yourself with them. Whether your organization uses Oracle, SAP, or another ERP platform, understanding how these systems work and what data they contain is crucial. The 2024 Update makes it clear that compliance professionals can no longer afford to be on the sidelines when it comes to business data. You need to be at the table, working alongside IT, finance, and internal audit teams to ensure you have the data you need to monitor and mitigate risks effectively.
Training Compliance Officers on Data Access and Analytics
Walden related that this shift in DOJ expectations has sparked the need to train compliance officers on data access and analytics. Indeed, this was specifically called out in the 2024 Update. Historically, many compliance professionals, particularly those with legal backgrounds, have shied away from the quantitative aspects of data analytics. However, in today’s environment, having a basic understanding of data analytics is no longer optional.
Training programs that equip compliance officers with the skills to access and analyze business data are essential. This does not mean you need to become a data scientist, but you should have a working knowledge of where to find relevant data, how to interpret it, and how to leverage it to enhance your compliance program. As Walden mentioned, it is about moving beyond text-based due diligence reports and incorporating structured data analysis into your compliance toolkit.
Leveraging AI and Data Analytics Tools
The 2024 DOJ update also touches on the use of data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance programs. This is where the integration of AI and machine learning models can play a transformative role.
AI-driven analytics can help you process vast amounts of data, identify patterns, and flag potential risks in real-time. For instance, AI models can monitor transactions for red flags such as payments without purchase orders, round-dollar transactions, or payments made before invoice dates; all common indicators of fraudulent activity. By automating these processes, compliance programs can move from a reactive to a proactive stance, identifying and addressing risks before they escalate.
But as the 2024 Update made clear, it is not simply about using these tools; it is about how a compliance function is using them. 2024 Update emphasizes the importance of managing data quality, measuring the accuracy of analytics models, and ensuring that your compliance program is not only data-driven but also continuously improving. This means regularly updating and refining your AI models to enhance their precision and recall, ensuring that they are effective in identifying true risks while minimizing false positives.
Real-Time Monitoring: From Detection to Prevention
One of the most significant shifts in the 2024 update is the DOJ’s move towards real-time monitoring. Historically, compliance programs have focused on detecting issues after they occur. However, the new guidance encourages a shift towards prevention through continuous monitoring.
Continuous controls monitoring allows compliance professionals to set up rules and scenarios that flag high-risk transactions as they happen. This proactive approach not only helps prevent improper payments or other risky behaviors but also aligns with the DOJ’s expectation that companies should not just detect but actively prevent misconduct.
Measuring the ROI of Compliance Programs
Another critical aspect of the 2024 Update is the emphasis on demonstrating the effectiveness of your compliance program through measurable outcomes. This includes tracking the return on investment (ROI) of compliance initiatives, such as cost savings from fraud prevention or efficiency gains from improved processes.
By working closely with your CFO and finance teams, you can quantify the impact of your compliance program in financial terms. This not only strengthens your case for securing resources but also helps demonstrate to the DOJ and other stakeholders that your program is delivering tangible value to the organization.
A Call to Action for Compliance Professionals
The 2024 DOJ update represents a significant shift in how compliance programs are expected to operate. For compliance professionals, this is both a challenge and an opportunity. The challenge lies in expanding your role to include data analytics and real-time monitoring. The opportunity, however, is to build a more effective, proactive compliance program that not only meets DOJ expectations but also adds real value to your organization.
In the next six months, Walden encourages compliance professionals to take a few key steps: familiarize yourself with the 2024 Update, meet with your internal audit and finance teams to discuss data access, and start exploring AI-driven analytics tools. By taking these steps, you will be well on your way to building a compliance program that is not only compliant but also innovative and impactful. Remember, the DOJ is not simply looking for compliance programs that check the boxes—they want to see programs that are dynamic, data-driven, and capable of preventing risks before they materialize. Let’s rise to the challenge and lead the way in this new era of compliance.