Data Analytics Credit: Khakimullin Aleksandr/Shutterstock.com

This article is the first part in a two-part series on data analytics in corporate compliance.

Data analytics is a new tool that government agencies and companies across industries increasingly use to identify risky and possibly illegal behavior. Not surprisingly, companies are rightly questioning what level of sophistication law enforcement and regulators now expect them to display when it comes to deploying this new technology. This two-part series addresses these questions. This article—part one of the series—examines how government agencies are using data analytics and the implications for corporate compliance programs. Part two, expected to be published on March 12, examines how corporate compliance programs should adjust to this new reality.

Government Use of Data Analytics

In the United States, government agencies have consistently highlighted how data analytics is used to aid investigations and detect potentially illegal activity. Most prominently, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have used data analytics to successfully spot health-care and securities fraud. For years, the SEC has trumpeted how data analytics helps it identify potential illegal trading patterns and then pursue investigative leads. As emphasized in its public statements, the SEC has dedicated in-house experts who use data analytics to assist in surveillance and specific in-house programs designed to detect patterns suggestive of possible wrong-doing. The SEC also has experts and in-house tools that assist the agency in using data analytics as they conduct examinations of registered broker-dealers and investment advisers and carry out enforcement investigation. One such program, ARTEMIS— apparently named for the Greek goddess of the hunt—is used by the Enforcement Division to generate possible leads. ARTEMIS combines a review of historical trading and account holder data with other data sources to allow for "longitudinal, multi-issuer, and multi-trader data analyses." In June 2019, SEC chair Jay Clayton emphasized that the commission's use of data analytics is "more important than ever" as it increases both effectiveness and efficiency. The SEC has successfully brought cases—often in coordination with criminal authorities—where initial leads came from data analytics, including insider trading cases.

DOJ and other federal agencies have also noted their success in using data analytics to find indicators of health-care fraud. For example, the Medicare Fraud Strike Force Teams—composed of personnel from the FBI, the Health and Human Services (HHS) Office of Inspector General and other law enforcement agencies—analyze billing metrics and Medicare claims submissions to identify patterns of health-care fraud. As highlighted in its public statement, the Strike Force teams "have a proven record of success in analyzing data and investigative intelligence to quickly identify fraud and bring prosecutions." Data analytics allows these strike forces to spot outliers among millions of Medicare and Medicaid claims. To date, the Medicare Fraud Strike Force at HHS has led to over 2,000 indictments and investigative receivables of over $3.3 billion.

In the United Kingdom, the Financial Conduct Authority (FCA) released in January 2020 a refreshed data strategy that seeks to transform how the regulator uses advances in data analytics to carry out its mission.  The FCA's goal is to improve its use of data analytics over the next five years to "[d]eepen [its] understanding of markets and consumers," "[s]wiftly identify, connect and react to firm and market issues," and "[b]uild a flexible and fit-for-the-future organisation." As part of this strategy, the FCA is developing new monitoring and detection tools focused on "delayed disclosure and misleading statements by issuers, and 2) secondary market behaviour including cross-market manipulation, abuse in fixed income markets and equity insider trading."  The FCA seeks to become a "highly data-driven regulator" and to use technology in the AML space to "be more intrusive in assessing the effectiveness of firms' own systems and controls."  The FCA's objectives underscore the importance of companies keeping pace with advances in data analytics and leveraging technology in improving internal compliance functions.

Implications for Corporate Compliance

Companies should anticipate that regulators and law enforcement authorities will expect them to make smart use of data analytics in their compliance efforts. Although companies are likely not required to beat the government in a data analytics arms race, they likely will be expected to use available data to fine tune their compliance program. As the second part in this series will further examine, this means that, in practice, companies should not rely solely on qualitative and episodic indicia of risky behavior—like reports into the company hotline and Internal Audit findings. Quantitative data, such as trading activity, third-party payments, expense reports, and other financial transactions, often contains information vital to early detection of control weaknesses and errant behavior. A company that has such data at its finger tips, but does not systematically mine it to detect noncompliance, is leaving points on the field.

Like all compliance program elements, there is no magic level of sophistication a company should develop around data analytics as a compliance tool. Instead, a company's investment in this new technology should correlate to its risk profile, informed by factors like the industry in which it operates and its regulatory environment. Data analytics also must be used in connection with traditional investigative steps—such as review of emails and expenses—to be a part of a well-designed surveillance program. Data analytics is here to stay, and companies that invest in it with risk-based sensitivities should reap long term compliance benefits.

 

Charles D. Riely, a former assistant regional director for the Division of Enforcement for the SEC, and Erin R. Schrantz are partners, and Matthew J. Phillips is an associate, in Jenner & Block's Investigations, Compliance and Defense Practice.