Building a Compliance Analytics Program – Part 2
In part 1 of this blog, I discussed who should be involved in your compliance analytics journey as well as how to get started. Once you have conducted your compliance analytics workshop to identify and prioritize analytics, the next step is to look at opportunities for simplification as well as automation.
Reviewing your process flows
Once the current state of a particular process has been determined and “AS-IS” process maps provided or created, a future state and “TO-BE” process maps can be created. At this stage, many companies become overwhelmed with current state flow diagrams that are at times difficult to interpret and align to the technology enabling the automation/optimization of a particular process.
Figure 1: Many business process flows are lengthy and overly complicated, making it difficult to determine the people and tasks involved in it.
Our approach helps streamline current processes by determining the objective for each process and breaking them down into a clear and concise process flow for each area. This more simplistic form reduces unwanted noise, helping to identify and understand the critical elements that must be completed within each process.
Figure 2: Simplified process flows make it easier to understand the key pieces of each business process.
Process automation and analytics
Once processes are created, reevaluated and simplified, organizations can begin automating tasks, using analytics to detect unusual activities and continuously monitor performance.
With the help of technology, as much as 80 to 85 percent of compliance processes across all business areas can be completed without human interaction. Key elements of a successful automation project include:
- Ability to import data from multiple sources, whether it be worldwide, centralized, or from disparate systems, so organizations can have a true picture of what is really happening within an organization.
- Capacity to detect suspicious activities that may be happening within the system through the use of rules-based analytics, anomaly detection, network linking and predictive analytics.
- Dashboards to provide a visual and holistic view of each particular entity, whether it be a customer, a vendor, supplier or distributor. Items in a dashboard may include a risk profile and risk score which are based on screening results, transactions and relationships.
- Clear, concise and consistent remediation guidelines to help employees know what their actions should be for any given situation.
- Key performance indicators (KPIs) that provide an early indication of increased risk exposure in specific areas and provide the information that is needed to enable compliance leaders to make smarter decisions for effectively managing risks.
Compliance analytics and continuous improvement
A compliance analytics program is most effective when it is continuously used and monitored. The method of choice at our company for continuous improvement and deployment of analytics is the industry-standard CRISP-DM (cross-industry standard process for data mining), as depicted in the following image:
This is a seven-phase approach that helps businesses begin to break down their primary business understanding, then gain a clear understanding of the data and how it ties to its controls, elements, systems and processes. Once this is understood, you can begin to prepare the data accordingly based on your business objectives or questions to ensure you are working toward the appropriate results.
After data preparation, models and rules for the analytics can be created. As you start to have a particular output and evaluate these results, you can test, refine and continue to evaluate and refine the model with your organization’s SMEs, after which the technology is now ready for deployment.
This is not the end, however: deployment requires continuous sustainability. Your business must continue to refresh the information, and conduct recalibration sessions every three to four months. This requires organizations to go back to validate whether the analytics are still functioning to meet the needs or if they need to evolve. This piece is critical and is a job that is never truly complete.
Continuing into the future
Anyone working in compliance today can tell you how vital it is to have an analytics program to provide deep and relevant insights, improve efficiencies and reduce manual and repetitive tasks; however, launching and sustaining such program can be easier said than done.
To build a robust, sustainable compliance analytics program, you must take the first steps to get the right people involved, review their processes for effectiveness and simplify overly complicated procedures. Once you have done this, you can then launch an analytics program and eventually grow it – evolving from standard, rules-based analytics to identify control exceptions to advanced analytics such as anomaly detection, network linking and predictive analytics for more sophisticated suspicious behavior monitoring and prevention.
Ultimately, no matter the type of compliance program, you must always be sure to avoid the temptation to simply repair issues with a quick fix. The most effective analytics help identify the root cause of the issue. With this information in hand, policies, procedures and controls can be evolved so that issues don’t reoccur and opportunities for cost savings can be found.
About Khaled Ghadban
Khaled Ghadban (LinkedIn) is Director of Analytics and Data Science at CaseWare RCM and has more than 20 years of experience in the data analytics space in various industries, including financial services. He is a regular contributor to conferences and a frequent speaker on the topics of analytics and cognitive (AI).