Effective use of data and analytics increases the impact of a compliance programme

September 2020  |  SPOTLIGHT  |  RISK MANAGEMENT

Financier Worldwide Magazine

September 2020 Issue

Data and connectivity will likely be remembered as the corporate buzzwords of the 21st century, and for good reason. Companies are now able to collect data both internally and externally with an impressively high level of detail. As with all good things, however, there is a catch.

The challenge that often leaves companies scratching their heads is that data without good analytics is simply the digital equivalent of a storage locker that has not been opened in years. There might be a limited edition record that could fetch thousands, but until the unit has been opened, and every piece evaluated, you simply do not know.

Naturally, data analytics in the scope of a global company is much more complicated, but the basic lesson remains true, especially so in the challenging but crucial environment of risk and compliance. Given the increasing importance of this corporate function, we are often under pressure to collect more data and add more reporting; all while appearing decisive and finding ways to simplify complex issues, find meaning and predict outcomes.

When faced with uncertainty, the quality of analysis we do becomes apparent, both good and bad. Therefore, it is critical to have systems in place before a crisis – such as the coronavirus (COVID-19) pandemic – comes around, when our systems and people are under extraordinary pressure. During this pandemic, a large compliance and risk concern has been the increasing promotion of various off-label anti-viral drugs, as authority figures around the world promote their use to treat COVID-19.

While pharmaceutical companies have been quick to provide their support for clinical studies and hospital trials to test the efficacy of drugs in treating COVID-19, there is a big risk that healthcare providers will feel pressured to prescribe a drug for use outside of controlled experimental settings.

Although our focus in this article is on the analysis side, the above example highlights how important it is to collect good data at every point of the product life cycle. Good data is of course a subjective term, and you are likely to receive a multitude of answers. However, we would posit that a key part of good data is data which is easily organised and accessed, or in other words, data that allows your analysts to work more efficiently.

By taking the time to intelligently organise data at the point of collection, we ensure that the data can be swiftly accessed and analysed. Having taken the time to do so, it is critical not to create ‘access siloes’ where a central function attempts to decide who should have access to what data. The major reason for this is that it is often hard to know why certain data is important in every context.

Using the example above, we could argue that it would have been tempting to limit prescription data to sales and marketing. But doing so could hinder a compliance analyst from conducting a quick analysis to see if there is any correlation between politicians advocating off-label drugs, and current prescription rates.

Since it is impossible to predict every single outcome, we need to ensure that data is both accessible and malleable, by putting user-centric tools in place. Here, the term ‘user centric’ essentially refers to the democratisation of data. By creating analytical tools and placing them in the hands of every employee, every manager and every department, they can take responsibility for their area of expertise.

This is a critical step as it frees compliance from being a top-down function, allowing for a much more flexible and customised approach. It also ensures that we do not spend a lot of time and money on creating analytical insights which, while potentially impressive, are not what the actual departments need, or what the next local challenge calls for.

The ‘Global Business Ethics Survey’ highlights differences between various countries. For example, in the US, abusive behaviour and conflicts of interest are the most common types of observed misconduct, whereas in China it is corruption. These are both extremely broad categories, and without local insight it would be almost impossible to determine the correct framework for a solution. This is not to say that there is no room at all when it comes to having a centralised compliance and risk department. However, its role must not be that of a global arbiter; instead, it should support and complement analysis at the local level.

One way to achieve this is by thinking in modular terms. As head office usually has the most resources, it can create training frameworks that centre around some of the biggest global concerns. In this example, it could create a training template for conflicts of interest and corruption. The emphasis here needs to be on framework: since head office does not have the local insight, it cannot create the programme in a vacuum, without local input.

It can, however, create a template with a focus on universal behavioural methods for a successful training outcome. Local leaders should in turn have easy access to this programme, to then tune it to their specific circumstances and needs. This method plays to the strengths of each partner, ensuring that resources are not unnecessarily spent on each country developing its own completely customised programme.

Implementing the process described above is by no means a question of just flicking a switch and seeing immediate results. Rather, the emphasis should be on creating a long-term relationship where head office treats local departments as its customers. By incorporating aspects of an agile methodology, head office can ensure that it stays nimble and is able to adjust quickly to the new requirements of its customers, as well as continue to provide value. Agile works best for complex problems where the solution is not immediately apparent, so it should not be used for routine processes. Instead, it is a skill set that should be trained and launched when a complex situation arises for which there is no set plan.

Perhaps the most efficient way to incorporate the principles discussed throughout this article is to create a company-wide dashboard. This dashboard will in essence be the portal to, and interpreter of, all the data that the company collects. To ensure the effectiveness of the dashboard, local leaders should be involved in its design to ensure that it provides the data and analytical capability needed to address local concerns.

If implemented correctly, which includes creating a novice-friendly user interface, it will effectively empower every employee to be responsive to the risks they see in their workday. Naturally, simply releasing this dashboard is not sufficient, and it will require a significant centralised effort to ensure that local analytics teams understand what insights the dashboard can capture from the available data. For this process to be as effective as possible, limiting internal access to the dashboard should be discouraged, as this would once again force analytics into a functional silo that is not exposed to the needs of the wider company.

That said, all dashboard users should receive at least basic training in data analysis, to ensure that they understand what they can achieve with the data available to them, and to ensure that they understand how individual bias can taint their analysis. Users should also be trained on how to interpret and act on any findings, so as not to expose the organisation to more regulatory risk.

We want to stress the importance of a broad risk and compliance function, and how critical it is to make compliance an integral part of corporate governance. There has been a historical tendency to view compliance as a policing function, where the focus is exclusively on catching mistakes that have already occurred then applying changes.

The modern risk and compliance function can and should take a different approach. Instead of being a purely reactive function, it needs to focus more on risk management. This means actively looking for risk areas within the company and ensuring that compliance becomes an area of joint ownership for the whole company, instead of an exercise in ticking checkboxes.

The way to create joint ownership is to democratise data and analysis in the ways we have highlighted above. This transparency will help highlight the multitude of risk factors that compliance monitors on a regular basis. Implementing a transparent approach will also help employees feel that they personally can make a difference, and that the company they work for is genuinely concerned about conducting business in an ethical manner.

Sita Lemmich is an ethics, risk & compliance data analyst, Olga Shubina is an ethics, risk & compliance design lead and Montserrat Alvarez is an ethics, risk & compliance analytics head at Novartis. Ms Shubina can be contacted by email: olga.shubina@novartis.com. Ms Alvarez can be contacted by email: montserrat.alvarez@novartis.com.

© Financier Worldwide

BY

Sita Lemmich, Olga Shubina and Montserrat Alvarez

Novartis

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.