Shruti Shah (sshah@coalitionforintegrity.org) is President and CEO of the Coalition for Integrity in Washington, DC. Jonathan J. Rusch (jonathan.j.rusch@gmail.com) is Adjunct Professor at Georgetown University and American University Washington College of Law and Principal at DTG Risk & Compliance LLC, based in Washington, DC.
As they work to maintain the effectiveness of their anti-corruption risk and compliance programs, companies must be increasingly attentive to how well they make use of the acquired data relevant to those programs. The most recent edition of the U.S. Department of Justice’s Evaluation of Corporate Compliance Programs states that prosecutors should inquire into whether compliance and control personnel “have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions,” and whether “any impediments exist that limit access to relevant sources of data.”[1]
Companies, however, are increasingly awash in such data from a multiplicity of sources: accounts payable, spend data, and third-party supplier data, to name just a few. Many companies make use of rule-based programming, in which human programmers write rules that enable the company to search and find data indicative of corruption risk. But some companies are increasingly curious about whether they should use a particular field of artificial intelligence, machine learning, in which computer systems “learn” on their own from data and do not depend on human-written rules.
To assist companies in this process, the Coalition for Integrity recently issued a guidance document, Using Machine Learning for Anti-Corruption Risk and Compliance.[2] The guidance states that it is intended “to provide companies in multiple sectors with guidance on whether and how they should consider developing or acquiring anti-corruption machine learning.” In particular, the guidance has four stated objectives:
-
Identify what types of machine learning warrant consideration for anti-corruption risk and compliance;
-
Discuss various current uses of machine learning for anti-corruption purposes, including corporate uses for anti-corruption risk and compliance;
-
State and discuss key considerations in evaluating whether and how to pursue the use of machine learning for anti-corruption risk and compliance; and
-
Present recommendations and conclusions about what companies should do, particularly in the current economic environment, in considering whether to incorporate anti-corruption machine learning into its governance, risk, and compliance functions.[3]
The case for anti-corruption machine learning
The guidance document first discusses the elements of a company’s anti-corruption compliance program that could benefit from machine learning. These include anti-corruption risk assessment, third-party due diligence and payments, and continuous improvement and periodic testing.[4] It also notes that before starting any serious consideration of developing or acquiring an anti-corruption machine learning solution, “a company must first articulate a business case for doing so: i.e., determine that there is sufficient justification for adopting and implementing machine learning for anti-corruption purposes, based on its unique risk profile and a frank evaluation of the benefits, costs, and risks of that machine learning.”[5]
To decide whether it has such a business case, the company should consider (1) the relative advantages of rule-based programming versus machine learning, (2) whether it has “an adequate complement of risk and compliance professionals who would have the necessary training and expertise to make effective use of a machine learning solution’s output,” (3) “whether a machine-learning solution should address a broader range of its risks than anti-corruption” (e.g., insider risk), and (4) “both the potential cost and the potential return on investment that a machine learning solution could entail.”[6]
With regard to price, the guidance states that external vendors’ pricing of such a solution (according to some companies contacted for this guidance) may range from the low six figures to several millions of dollars. Companies can expect, however, that a solution need not be built completely from scratch, though even solutions that might be considered off the shelf will need to be customized to meet individual companies’ needs.
Developing an anti-corruption machine learning solution
Once it has determined that there is a business case for doing so, the guidance explains, a company should then work to develop its machine learning solution in a series of five steps: (1) framing a machine learning problem, which requires the company to define the anti-corruption–related machine learning problem as precisely as it can, and proposing a solution; (2) constructing a data set of sufficient size for that solution; (3) transforming the data; (4) training the model, which includes the use of training, validation, and testing data sets; and (5) making predictions and assessing the solution’s performance. That latter step requires a company, on a continuing basis, to analyze the predictions its model is making to determine sufficient goodness of fit and that there are no significant concerns such as sample bias or learning bias.[7]
The guidance document also provides three examples of companies that have developed and implemented anti-corruption machine learning solutions. In each case, the document discusses the background to each company’s decision-making process and the type of machine learning solution it adopted.[8]
What other issues does machine learning implicate?
Finally, anti-corruption machine learning, like other types of artificial intelligence, raises a number of ethical, legal, and governance issues. The guidance document therefore urges that a company “review its codes of ethics to see whether and how those codes address the ethical dimensions of machine learning,” with particular reference to responsible design and use of machine learning.[9] It also identifies a number of legal issues that the company’s use of its anti-corruption machine learning solution may raise, such as data privacy, cybersecurity, and use of machine learning for lawful purposes.[10] Finally, it observes that the company needs to “examine and revise as necessary its existing governance and compliance structures and processes with reference to that solution,” as it may need to make substantial governance and structural changes to make possible an enterprise-wide anti-corruption solution.[11]
It’s up to the company
In its conclusions, the guidance document makes clear that companies “should take this guidance not as a recommendation that they immediately pursue anti-corruption machine learning, but rather as a template to assist them in internal and external discussions about possible deployment of anti-corruption machine learning.”[12] It further states that:
It would be inappropriate to say that all companies, regardless of size, business model, and financial resources, need to adopt anti-corruption machine learning, or that regulators will expect all companies to incorporate anti-corruption machine learning into their compliance programs. But experience to date indicates that anti-corruption machine learning holds considerable promise, and that companies should take that into account in deciding how to improve their anti-corruption and related compliance programs.[13]
Although there is no single “yes or no” answer to whether a particular company should adopt anti-corruption machine learning, the Coalition for Integrity’s guidance document can significantly assist chief legal and compliance officers and other senior management in making that decision.
About the authors
Shruti Shah is a forensic accountant with more than a decade of Big Four accounting firm experience, including in assisting companies with complex financial statement fraud, anti-corruption/Foreign Corrupt Practices Act matters, and accounting irregularities.
Jonathan Rusch is a former deputy chief in the U.S. Department of Justice’s Fraud Section and former head of Anti-Bribery & Corruption Governance at Wells Fargo.
Takeaways
-
There can be genuine value in using machine learning for anti-corruption risk and compliance functions (e.g., risk assessment and third-party due diligence).
-
Companies first need to determine that they have a business case for a possible anti-corruption machine learning solution before moving to development.
-
Developing an anti-corruption solution involves framing the problem, constructing the data set, converting the data, training the machine learning model, and continually assessing its performance.
-
To implement and operate an anti-corruption machine learning solution, ethical, legal, and governance issues need to be addressed.
-
In short, anti-corruption machine learning may constitute a substantial improvement for companies over their current rule-based programming and data analytics.