The SEC Has Data Fever, and the Only Prescription Is More Data (Analytics)

Companies are increasingly investing in enterprise governance, risk, and compliance (eGRC), largely in response to an uptick in regulatory action and enforcement. Between the enactment of laws such as the Dodd-Frank Wall Street Reform and Consumer Protection Act and the Foreign Corrupt Practices Act, as well as the agency’s “broken windows” philosophy, finding that no case is too small to prosecute, financial organizations face unrelenting scrutiny. A recent press release confirms that organizations’ focus on eGRC initiatives is well-timed. Last week, the Securities and Exchange Commission (SEC) announced a new single-year record for enforcement actions: 868 cases (compared to 805 in 2015 and 755 in 2014). The agency attributed the record in part to its continued “use of data to detect illegal conduct and expedite investigations.”

The SEC’s caseload for the fiscal year ending September 30, 2015 toppled records in a number of areas, including “the most ever cases involving investment advisers or investment companies (160) and the most ever independent or standalone cases involving investment advisers or investment companies (98). The agency also reached new highs for Foreign Corrupt Practices Act-related enforcement actions (21) and money distributed to whistleblowers ($57 million) in a single year.” For its efforts, the agency experienced a boon in recovery, reporting that it “obtained judgments and orders totaling more than $4 billion in disgorgement and penalties.”

During the course of its investigations, the agency learned that many organizations lacked the requisite internal controls to detect or prevent illegal behavior. The agency repeatedly found that the sanctioned companies and individuals ignored red flags denoting suspicious transactions and other indicia of bribery, corruption, and fraud. In some of these cases, the SEC acknowledged that it discovered the misconduct while studying other transactions and discerned patterns from the data it collected.

What’s the best defense against regulatory actions and penalties? Fight data with more data—that is, data analytics. To put themselves on equal footing with government agencies that are exploiting the power of information, organizations are making the most of their access to a panoply of advanced data analytics tools. In a strict eDiscovery context for individual cases, these include analytics such as predictive coding, relationship analysis, anomaly detection, and concept analysis.

However, to gain an even greater advantage in regulatory compliance, organizations are turning to Big Data analytics capable of consolidating an organization’s entire data across prior and current legal and compliance matters, including up to billions of records collected for disparate legal and compliance matters and previously classified by attorneys, across hosted review platforms. With this analytics-as-a-service, organizations can proactively identify risky communications or actions in real-time. Most importantly, they can gain unprecedented insight faster than ever before through the automatic classification and identification of relevant, privilege and other attorney-designated data, creating an efficient early warning system that can pre-empt liability.