Improving compliance and controllership with behavioral science

It’s clear to many companies that traditional compliance approaches are no longer enough to drive compliant behavior. Now, with interest in a more proactive, real-time approach picking up, we explore why scaling a compliance program with embedded behavioral science and analytics can arm organizations with valuable intelligence.

An interesting insight emerged from a panel Genpact hosted at a recent Compliance Week conference in Amsterdam: though organizations recognize the need and importance of going beyond policies and procedures and embracing a data- and analytics-driven approach, they’ve not yet effectively integrated digital tools in their compliance programs. And from our audience at the event, we gathered that only 40% of organizations are using data analytics for compliance monitoring, and only 18% are using behavioral science to support compliance.

With more companies expanding into emerging markets in an environment of increasing regulatory enforcement and changing technology, they need to adopt a data-driven approach to compliance monitoring. Relying solely on the legal and compliance teams to deal with misconduct and noncompliance is not enough.

It’s time to evolve.

Although compliance-monitoring approaches have evolved over time (from manual audits and Excel-based analysis to rules-based analytics and the adoption of digital technologies, such as artificial intelligence and data mining), different companies are at different levels of maturity. Indeed, fewer than 50% of companies have embraced digital technology in their compliance monitoring programs.

In addition, regulators have recognized the intensity and diligence of compliance and controllership programs to determine management’s role to drive compliance. These regulators determine how much credit an organization would get for its efforts to drive compliance with a robust design and monitoring mechanism should an incident occur.

For your compliance program to work effectively, risk and compliance leaders must first understand what’s working and what’s not. For this, enterprises need to develop a measure of effectiveness and understand the difference between required (by regulation or the company’s policy) and actual behavior within the organization. With a data-driven compliance-monitoring approach and capabilities such as behavioral science, organizations can not only assess the effectiveness of their programs and identify noncompliant behavior, but also demonstrate the management team’s intensity and diligence toward greater compliance to the regulators.

From identifying potential fraud scenarios and regulatory violations to preventing spend leakage, behavioral analytics can be applied across business processes, such as financial reporting (for example, checking for suspicious journal-entry-posting patterns), travel and expense (for example, identifying employees claiming repeated noncompliant expenses), and accounts payable (for example, looking for unusual orders with pricing aberrations).

Identifying the difference between required and actual behavior will not reveal why people do not comply. Is it because they are not aware of the compliance requirement? Was the compliant choice too complex or were they deliberately noncompliant? This is where the real value of behavioral science kicks in as it uncovers behavioral insights into why noncompliance has occurred, allowing the organizations to learn more about users’ engagement and habits to adopt a more focused approach toward the behavior that is causing such disruptions.

The fundamental shift with this method is that it helps organizations take a more human-centered approach to compliance by analyzing trends and patterns in a specific country, business unit, or region and identifying high-risk teams, individuals, and business units. With the behavioral insights they’ve gathered, risk and compliance leaders can carefully craft interventions at different levels, i.e., policy, process, program, or population, to help the organization reduce liability and high fines.

For example, one of our clients identified suspicious behavior when analyzing patterns on six months of data. It noticed an employee was making facilitation payments to a government official on account of gifts given to third parties. This employee had claimed an allowable gift expense on a travel and expense card. Traditional data analytics did not flag this transaction as noncompliant, as it met the defined threshold and receipt requirements. By discerning trends and the sources of risk, our client could then focus on the right areas to prevent such behavior in the future.

The insights you get from behavioral science and analytics can be applied across the life cycle, right from policy design to enforcement and implementation, depending on what’s encouraging the noncompliant behavior (figure 1). These insights can help risk and compliance leaders design new practices, suggest improvements, and explain why people react in particular ways.

Figure 1: Behavioral insights should be integrated at all stages of the policymaking cycle

Leaders in risk and compliance have started their journey toward embracing digital technologies and advanced analytics, and driving increased compliance within their organizations while keeping it cost effective. Here are a few things to consider when building a behavioral-science capability and enhancing the value it delivers:

• Resources: Implementing behavioral science in a compliance program requires collaboration between different skill sets – mainly data scientists and regulatory experts, such as a data scientist to work and extract value from large, diverse data sets and a regulatory domain expert to understand and analyze the information and decide on meaningful action.
• Data: Sourcing the right data is one of the key elements that organizations need to focus on. Given the large volume and disparity of the available data sets, it becomes very important to understand how data can uncover relevant insights. You also need IT support to deal with legacy and disparate systems and integrate siloed information.
• Third parties: Every organization has varying competency levels across functions. Based on its current level and upcoming needs, an organization needs to establish whether it must hire people or look for external partners.

While there is still some way to go before organizations can completely embrace behavioral science in compliance, with better pattern analysis and insights, companies can build predictive models and prevent noncompliant behavior more effectively. By combining behavioral science with advanced analytics and digital capabilities, organizations can stay ahead of existing risks and boost their efforts to monitor, manage, and respond to potential infringements across areas such as financial reporting, accounts payable, and more. A robust, holistic compliance and controllership environment can be built once the whole approach matures in terms of quality of data, skill set, and technology.