Kara Bonitatibus (email@example.com) is Head of Product at Lextegrity and is based in Norwalk, Connecticut, USA.
Whether consciously or unconsciously, you make decisions every day that are likely based on data. From selecting which book to read and car to buy, to what to eat for breakfast and where to go on vacation, chances are you are relying on at least some data points. Those data points can be quantitative or qualitative, such as written user reviews or a recommendation from a friend. Now, how reliable those data points are, or whether they are statistically significant, is another story and certainly can affect the outcome of the decision you ultimately make, including whether the risk that you were trying to mitigate (e.g., going over your vacation budget) is realized.
Given this reality, the U.S. Department of Justice Criminal Division in its June 2020 updated guidance on the Evaluation of Corporate Compliance Programs specifically emphasized the use of data and analytics. Notably, the Justice Department includes a section on Data Resources and Access in the list of factors to be evaluated when assessing a company’s compliance program, emphasizing that “compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions.”
Although the guidance explicitly focuses on the use of data analytics in determining the effectiveness of a company’s compliance program overall, since at least 2017, the Justice Department has also focused on the role of gatekeepers (i.e., individuals most recently defined as “those with approval authority”) as well as operational integrity (i.e., essentially how compliance is “reinforced through the company’s internal control systems”). It is perhaps not an insignificant leap to interpret the guidance as implicitly supporting the use of data analytics as part of a company’s operational integrity and for compliance professionals to assist the gatekeepers in making informed, data-driven approval decisions.