Joshua Dennis has been with StoneTurn for 15 years and leads the firm’s Data Analytics practice. He assists companies and their counsel across a wide range of investigative and dispute-related matters, particularly on issues requiring complex data analysis, including investigations, economic damages, intellectual property, enforcement, forensic accounting, compliance monitoring, and valuation engagements.
Q. As 2020 begins and you reflect on the past decade, what are some of the most notable advancements in data analytics related to regulatory investigations and corporate compliance matters?
A. Over the last decade, not only has the quantity of information generated by businesses continued to grow at an increasing rate, but more of this information is being aggregated and retained by both regulators and companies alike. At the same time, emerging from the 2008 financial crisis, we’ve seen significantly greater regulatory scrutiny, which helped establish RegTech as an essential industry aimed at helping companies navigate the changing regulatory landscape and manage compliance.
Especially in recent years, this has resulted in increased adoption by businesses, as well as acceptance by regulators, of various forms of artificial intelligence, such as machine learning, neural networks, and natural language processing. These technologies have provided regulators with greater opportunity to help detect fraud, market manipulation and other forms of misconduct. Similarly, these technologies have allowed businesses to take a focused, risk-based approach to the compliance function and become better able to allocate limited resources where they are needed the most.
Q. In recent years, the Department of Justice (DOJ), as well as several other U.S. and foreign regulators have made it clear that a company’s use of data is considered during investigations into potential misconduct, and often determines the severity of resulting penalties. What does this mean for compliance departments?
A. Regulators are increasingly interested in what can been revealed from a company’s data, and expect compliance officers to use this information in conjunction with the appropriate tools and technology as part of an effective corporate compliance program. However, one of the first and more important steps is for the compliance department to understand all sources of data at its disposal (both internally generated and from external third parties), as well as any potential limitations to those sources. Particularly in larger or multinational organizations that may rely on a range of disparate systems, this step is critically important to ensure the company has access to all of its information.
Further, to the extent that a regulatory inquiry does arise, it is essential that the company be able to produce information that is complete, accurate and responsive in a timely manner. A failure or inability to do so can greatly increase the risk of a severe penalty. Conversely, being able to affirmatively demonstrate a carefully designed and implemented compliance program that makes use of data-driven “surveillance systems” can help to mitigate the likelihood of a negative outcome.
In the short term, this may mean increased costs or resource allocations to compliance departments to build out data infrastructures, hire analysts and/or IT professionals, and incorporate data into daily operations. Compliance departments that do this thoughtfully will eventually enjoy greater operational efficiencies and better controls that will ultimately save the company money in the long term.
Q. How can StoneTurn help clients leverage data?
A. StoneTurn can help its clients leverage data in a range of ways across every phase of the compliance lifecycle: pre-incident, incident and post-incident. From a pre-incident perspective, StoneTurn works with client companies to conduct periodic audits to ensure data integrity, as well as create customized frameworks, dashboards and visualization to automate processes and identify key risk areas. StoneTurn can also assist compliance department in the context of its risk or gap assessments to strengthen both preventative and detective controls, such as through the use of data analytics models to pressure test policy thresholds or identify trends and anomalies in spend.
Additionally, when potential misconduct does occur, StoneTurn data analytics professionals work collaboratively with clients and their counsel to develop compelling and fact-based assessments, uncover the full extent of issues, and quantify potential harm. This often includes ensuring that any data provided to regulators is not only complete, accurate and responsive, but also proactively identifying any areas of concern buried in the information produced. Depending on the nature of the issue, employing an automated data-driven approach can also replace manual review processes that may be otherwise limited by time and resource constraints.
Lastly, following an investigation, StoneTurn can assist with a root-cause analysis, as well as an internal controls assessment to defend against similar breaches. StoneTurn leverages data to drill down into the original control issue that allowed the misconduct to take place, and then ensure sufficient remediation through controls enhancements and testing.
Q. Are there particular industries in which you have seen the use of data analytics become increasingly important?
A. Two of the most innovative industries are financial services and healthcare – both of which are data-rich and highly regulated. Given that financial penalties in recent years handed down by regulators have reached into the billions, companies are incentivized to invest heavily in technology-driven compliance solutions and develop new and creative ways to prevent and detect fraud.
In terms of financial services, regulators such as FINRA have a wealth of data at their disposal and are using it to develop increasingly sophisticated algorithms to identify market manipulation and other forms of misconduct. For their part, financial institutions are experimenting with technologies such as blockchain to enhance end-to-end security, chatbots to improve customer experience, and AI to help make better investment decisions, determine credit worthiness and detect fraud in close to real-time.
For the healthcare industry, blockchain will also likely allow for significant advances with respect to the secure access and tracking of medical records, as well as payment processing. Further, machine learning is already starting to play an important role in combatting the opioid epidemic by using a breadth of disparate data sources from drug manufacturers, distributors, insurers, and prescribers to help identify anomalies and stratify risk.