Skip to main content

Creating a Sustainable Compliance Function

Today’s compliance problems are tomorrow’s litigation, and the problems in today’s environment are serious: heavy data growth and the increase in electronic communications, heightened regulatory scrutiny, the growing complexity
of risk and compliance programs, global and remote workforces, and stronger reliance on third-party vendors
and suppliers.

Add to this expanded awareness of corporate officers caught up in criminal investigations, investigating and protecting whistleblowers, stricter enforcement around corruption, cybercrime, fraud, money laundering, and recent U.S. Department issuance of new guidance on corporate compliance programs which add to compliance complexity. To tie this all up with a bow, investigators frequently want corporate responses in a fraction of the time than is reasonably possible.

With legal risk to the corporation on the rise, business is transforming traditional compliance systems with technology-enabled automation, innovative analytics, and human expertise. The goal is a compliance detection program that uncovers potential infractions and allows for remediation before the regulators come knocking.

What’s the Problem with Traditional Compliance Systems?

Traditional corporate compliance is often based on Enterprise Risk Management (ERM), a strategy framework for risk and opportunity management. Its compliance arm operates through internal controls such as compliance audits and readiness reports. Internal control dictates actions that support specific objectives, such as making sure that a bank’s mortgage loans to service members comply with the Servicemembers Civil Relief Act, or that a pharmaceutical company observes the Sunshine Law.

This may work fine as a corporate-wide framework, but here’s the really big problem: not all sources of data are created equal. While many sources, such as transactional systems, can be screened for possible violations, other forms of communication conducted between employees and with third parties (such email, social media and IM, for example) may go unmonitored. Traditional ERM lacks the ability to adequately audit these electronic communications and this is where risk lurks undetected.

However, many corporations struggle with a limited ability to analyze unstructured data, filtering that delivers false positive results, large data volumes that overwhelm systems, excessive manual processing of data (at unnecessary time and cost), and potential security issues related to the rapid proliferation of communication platforms that store unstructured data.

The challenges in today’s compliance world call for more sophisticated methods to detect and resolve potential compliance infractions before they turn into legal liabilities.

Turning the Impossible into the Possible

Taking an intelligent technology-enabled automation and big data analytics approach can turn the impossible into the possible. Let’s take a look at the options:



  1. Buy off-the-shelf software. Even in more simple compliance environments or as a solution that is applied to solve a specific, localized issue, this option isn’t always ideal. There is no such thing as set-and-forget compliance automation; commercial software requires internal expertise to maximize ROI including IT, data experts and scientists, subject matter experts, and business process specialists. Unless you are willing and able to staff up for the long-term, you may not see the time, cost, and risk savings you need. (Even though a systems integrator can offload some deployment and management headaches, corporations still add heavy CapEx and OpEx costs to already expensive compliance projects.)
  2. Build it yourself. Building your own compliance software can entail a multi-year, complex enterprise effort involving significant workforce. While building your own system will mean that it will (or at least is expected to) match your needs, it requires software development expertise, knowledge to bridge that experience to compliance, and, once developed, the infrastructure, hardware and people to operate and tailor the system.
  3. Partner with an experienced business process services company. A good outsourcing partner has the capacity and skills to design and implement a robust and sustainable compliance system that offers the right combination of business process outsourcing expertise, big data analytics, prevention tools, and professional expertise.


A business process services company can address these issues and more. For example, it can design compliance detection system that mines and monitors unstructured data on a look-back basis at a fraction of the time and cost it might normally take (i.e., for an internal audit or regulatory review), and provide actionable insight to enable proactive compliance and action. The system also should be capable of providing ongoing monitoring to target and deliver clear indicators of risky behavior, non-compliance or malfeasance based on specific issues of concern. All while eliminating the need to build or buy technology or invest in additional resources, and being highly scalable.

The Path Forward

Managing risk is already imperative for companies in sectors such as banking, financial services, and insurance, energy and utilities, biotech and pharma, and IT and telecom. And unless the heavens open and regulators ease up on their requirements, regulatory data risk will still be a challenge for many organizations.

By improving the quality of analysis and information management to proactively detect risk—and understanding the available options–compliance teams can cut costs and focus on the critical work of risk reduction while minimizing unexpected compliance infractions. With an innovative approach, today’s compliance problems need not be tomorrow’s litigation.