Data Analytics and the Future of Compliance
A lifetime ago — the end of February, to be exact — I spoke to a group of law students in New York about careers in compliance, and the competencies they’ll need if they want to thrive in that profession.
My message to them was that skill in data analytics would be crucial to running compliance and risk management programs in the future. That message is still true today.
I just didn’t appreciate how COVID-19 would make that message so true, so quickly.
Risks Beyond Regulatory Compliance
Today compliance officers and their teams are scattered around the world, working at home or in remote offices. CCOs need to rely on systems, reports, and analysis more than ever before because lord only knows when you’ll be able to make a trip to resolve difficult issues in person.
Moreover, companies’ risks have changed, sometimes dramatically. Their business processes have changed, sometimes dramatically. Our slow evolution to a data analytics world has become more like a mad scramble, as even our basic assumptions about risk, policy and procedure have been tested like never before.
That is, COVID-19 is driving up the importance of reaching the best decisions possible about risk, even beyond the importance of achieving regulatory compliance. Because what will a slavish devotion to regulatory compliance bring you, if those policies and procedures are predicated on risks now supplanted by COVID-19?
I’m not saying regulatory compliance is unimportant; it’s as important today as it ever was. But COVID-19 is bringing new risks to the modern enterprise. Your ability to analyze those risks in a disciplined, data-driven way could spell the difference between corporate survival or failure.
So achieving strong data analytics capability is suddenly crucial.
How COVID-19 is Challenging Corporate Compliance
A compliance officer at a wealth management firm told me the other day that since COVID-19 swept the world and spun the markets into turmoil, financial advisers have been hounding him for permission to lend more money to clients, so they can invest in the market. (Under the theory that the clients can buy assets at fire-sale prices now, and make a killing on the market rebound later.)
In just about all cases, those financial advisers are obeying the firm’s policies and procedures for documentation: the client’s assets, liabilities, net worth, income, years until retirement and so forth.
So the compliance obligations are being met — but that’s not enough comfort to the CCO, who still needs to understand whether extending a loan to the client is truly wise. Sure, the client might be high net worth; but if that client operates a tourist site, or hotel, or restaurant, would you be eager to loan that person more money today?
That’s how COVID-19 is challenging corporate compliance today. Compliance with policy and procedure only guides your enterprise to follow certain behaviors. But when the assumptions behind those behaviors change, your risk analysis needs to be better, sharper and attuned to whatever new reality is being forced upon you.
Data Analytics and the Future of Compliance & Risk Management
As much as COVID-19 dominates our thinking today, we should also remember two points: data analytics was important before the pandemic, and it will remain important after our global ordeal finally goes away.
Corporate enterprises will still be large, complex, interconnected organizations that span the globe. They’ll still be wrapped in compliance obligations and surrounded by risk. Compliance functions will still be asked (ugh) to do more with less, and to do it more quickly.
On one hand, that’s good news: compliance officers will be able advise senior executives about the company’s risks, and that makes a strong compliance program more important to the strategic position of the enterprise. So as always, I’m still bullish that corporate compliance can be a long, lucrative career.
On the other hand, that also implies a strong commitment to technology as the foundation of your compliance and risk management strategy. To analyze data, you’ll need a single repository of data, with thoughtful and clear taxonomies that tag data correctly. You’ll need versatile reporting, to surface the right answers for whatever questions executives ask. You’ll need to embed automated data collection into policies and procedures across business operations, to reduce the chance of manual error.
In other words, compliance functions will need to do a lot, putting technology at the heart of their operations. That was true when I spoke to those law students in February. It’s true now. It will be true tomorrow.
That’s how we weather difficult times more effectively, such as the one we’re all enduring now.
Share this post!
Matt Kelly
Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). In 2018 he won a Reader’s Choice award from JD Supra as one of the Top 10 authors on corporate compliance.
Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015.
Latest posts by Matt Kelly (see all)
- Fostering a Better Climate for Employee Surveillance - July 6, 2021
- Electronic Communication: Lost in Translation - April 27, 2021
- What ‘the New Normal’ Really Means for Compliance - February 23, 2021
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
FEATURED CONTENT
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US