A silver bullet? What data analytics can and cannot do to protect your company from third-party risk

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

How can your business achieve high performance while managing compliance risk? Global organizations are increasingly turning to new data analytic techniques like continuous monitoring, data visualization, voice recognition, anomaly detection, machine learning and robotics to find patterns, make predictions, and comply in an environment of growing regulatory scrutiny.

Can digital compliance really prevent corruption?

The benefits of an analytics-driven compliance and monitoring program are many. With their sophisticated algorithms and number-crunching power, these technologies can track high-risk activities and changes in market trends, identify compliance insights and trends, and accentuate your responsiveness to threats of all kinds.

Data analytics can connect disparate systems that historically have never been linkable — for instance, social media, email, text messaging, financial transactions, trades, and travel and entertainment — and reveal compliance hot spots. A background check for a vendor (or an employee) can extract and examine unstructured data such as public opensource information to uncover hidden relationships with high-risk parties, like government officials or organized crime. And, with intuitive dashboards, enhanced interactions and on-demand reporting, today’s tools can make key insights clear and accessible to senior managers.

What are the limitations of data analytics?

Data analytics, in and of themselves, are not the only component of a compliance solution. There are four other integral considerations:

  1. Accessibility and quality of information.
    No matter how sophisticated your analytical tools, the value of your outputs can only be as high as the quality of your inputs. Whether it’s structured or unstructured, publicly available or subscription based, not all data you’d ideally need will be available. And what is available must be rigorously vetted for accuracy.
  2. New data privacy laws.
    The data you collect must also be legally obtained (and stored). The fast changing landscape of digital privacy laws including GDPR impose strict limitations on data practices.
  3. Too much information?
    For many multinationals, the issue is not so much accessing information as it is prioritizing it. The task of monitoring third parties typically requires scouring dozens or even hundreds of often incompatible data systems — many of which are as disparate as the cultural practices of far-flung markets — and leveraging a risk-ranked approach to determine where to aim your analytical firepower.
  4. The need for human beings.
    Underlying these considerations is the fundamental one: the practical value of your technology is directly correlated to the people who manage it. How well you design the algorithms, refine the models, analyze the results and decide what to do about them is the ultimate determinant of your digital compliance program.

Where do I start and what can I do today?

Upping your compliance game doesn’t have to involve buying expensive new tools. Put simply, for easy wins, look within your own four walls. There are plenty of steps you can take right now to use your data and your current technology more efficiently:

  • Does the left hand know (and use) what the right hand is paying for? In our experience, the vast majority of organizations already have licenses or subscriptions to resources or technologies such as data analytics or third party watch lists within certain departments, which other functions are unaware of.
  • Are you actually using the technology you have? Another common occurrence is unused technology — expensive tools which have been purchased but not yet put to use. Before buying new tools off the shelf, inventory what you already have.
  • Track inside, not just outside, the organization. You are monitoring your outside vendors… but are you aware of pockets of risk or blind spots that might be active within your own organization? Is one department using more joint ventures or consultants than necessary?
  • Visualization techniques on your own internal data — for example, number of new vendors onboarded, number of new vendors blocked, the number of transactions-to payments per market — can help you uncover potential red flags within your four walls.

Contact us

Justin Offen

Justin Offen

Principal, Cybersecurity, Privacy and Forensics, PwC US

Dyan Decker

Dyan Decker

US Forensics Leader, PwC US

Follow us
Hide