CCO Insight: Analytics & Automation

How are Chief Ethics and Compliance Officers (CCOs) using analytics and automation to help drive an effective compliance program?

KPMG client CCOs share many key insights, including:

Proving the value of automation/AI

• Demonstrate the effectiveness of automation, analytics, and AI for compliance functions
• Leverage AI for monitoring, testing, and reevaluating risk, driving behavioral change, and managing resources efficiently
• Anticipate parallel processes, automation ‘operating as intended’ and AI ‘fit for use’

Enhancing data analytics and metrics

• Adhere to DOJ issuances on data-driven compliance
• Transition from manual data-driven processes to automated and advanced technologies
• Enhance the view of compliance risk by analyzing related data sets (e.g., communications, transactions, control weaknesses)
• Integrate AI and analytics for real-time and predictive insights and potential policy violations

KPMG Perspective

Managing risk associated with the design, development, deployment and management of automated systems and solutions requires an inventory and assessment of each use case; modifications to risk frameworks to incorporate emerging tools and trends (in-house, externally and via third parties); and adoption of a risk mindset with a focus toward monitoring outcomes, identifying risk threats, and enhancing overall governance of systems. Below are four pillars that can help support your organization manage it all:

Establish Governance

Establish governance processes that span the review, use, and assessment of technology and systems throughout the organization with clearly defined risk roles and responsibilities. Educate stakeholders on potential and emerging risks..

Assess Compliance Risk and Legal Risk

Monitor regulatory, legal, and reputational risk developments and ensure stakeholder groups assess and implement requirements and/or controls appropriately. Align system deployments and governance standards with internal standards and regulatory guidelines. Ensure mechanisms are established to identify, escalate, and manage potential vulnerabilities.

Understand Tech Strategy/Roadmap

Align risk challenge/ oversight to the current vision, strategy, and operating model for technology/system solutions. Inventory current technology landscape, along with planned use cases, models, and tools. Monitor 3rd party risks associated with incorporation of automated systems/ solutions, as well as data protection, storage, and confidentiality.

Monitor Usage and Deployments

Perform system risk assessments around areas such as compliance, governance, security, fairness, bias, accuracy, and explainability. Evaluate testing, training, and deployment standards. Identify KPIs to monitor outcomes, as well as detect anomalies, fraud, and “data poisoning”. Continually assess technology solution resiliency and reliability.