Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« SEC awards whistleblower $4 million | Main | Nu Skin violates FCPA with China charitable donation »
Wednesday
Sep212016

Dan Adamson: Sorry, but a Google search isn’t due diligence

I cringe when compliance teams rely solely on Google to investigate and make decisions.

No offense intended to Google, but it’s simply not designed for sophisticated investigations. Yet, an overwhelming majority of compliance teams employ Google as their primary research tool.

The biggest issue with Google searches is the abundance of false positives flagged in the process. If the only information that can put into a single search field is a name and some bad words, numerous incorrect subjects that will be presented. That forces a researcher to investigate each one, creating a drag on time and budgets dealing with extraneous information.

Even if Google returns the right subject it often has the wrong context. A criminal lawyer is not a criminal -- but a Google search may miss the context.

Another big problem is that Google can be manipulated. Firms routinely pile in online content to influence search engine marketing and optimization -- driving up selected content and driving down content they want to bury. And it works.

All of this SEO activity makes negative information harder to find.

Google was never built to uncover financial crime and corruption. The situation is even worse in jurisdictions where the “Right to Be Forgotten” legislation allows people and companies to have Google “wiped clean.”

Compliance teams traditionally perform due diligence and make a decision on a subject based on an information snapshot the teams develop. That one-point-in-time approach is no longer enough. Decision makers need to know if something has changed in the supply chain or with third parties on a much more frequent basis. If an agent was up to no good overnight, will a snap-shot approach catch it? 

Adding additional headcount isn’t the answer. It's expensive and ineffective. Compliance teams need to assess how they’re using their employees to drive better results.

Individuality is also a challenge for compliance teams. Even with the most comprehensive procedure manuals, people follow the instructions, do tasks, and interpret the found data differently. Some are more thorough than others, while some apply rules less strictly, causing the human error rate to be very high.

Just a few years ago, it was sufficient to say the subject wasn’t on a watch list on a certain date. That’s no longer enough. But based on the sheer volume of data available today, employees face a natural challenge keeping up with that volume.

Compliance teams are now rightly focused on doing more than screening against watch lists. But then they soon get mired in documenting the review process for every subject -- spending lots of time not only searching but also capturing screen shots and making PDF files for potential future audit reviews. It’s a time consuming and expensive process.

Luckily, technology can help. New machine learning or “cognitive computing” systems can automatically perform these searches and clear obvious false positives. That allows employees to be used in a more productive, strategic way. They can assess the audit reports turned up from monitoring or investigations and make the most informed decisions from them.

These technolgies can also automatically generate an audit log that shows dates, full research, what was captured, where it was captured, what was raised, what was auto-cleared, what was resolved or what was flagged as a potential issue. And crucially important, with the right technology, this process no longer has to be a one-time event but can happen on a continual basis.

Are you monitoring your high-risk portfolio on a regular basis versus a point in time? Are your compliance employees spending their time searching Google and dealing with false positives instead of assessing complete reports and making more informed decisions?

If you’re still relying on Google, it’s time for change.

____

Dan Adamson is the Chief Executive Officer of OutsideIQ, a company that develops investigative cognitive computing, including DDIQ, to address today’s growing compliance requirements. He can be contacted here.

Reader Comments (6)

Its about time someone brought this up. Excellent read.
September 21, 2016 | Unregistered CommenterErik Nilsson
As a "human researcher," I'm fascinated by this. I knew it was coming, but not this fast. I wonder, will you still need humans to look at the reports generated by your system? To process the alerts generated by your system? How far back will the robot regression lead us? Will the CEO eventually be replaced by a robot? For shareholders, that might not be such a bad thing.
September 21, 2016 | Unregistered CommenterWilliam N. Weaver
Nice Article. Such AI and NLP based technologies are also able to search for adverse media in multiple languages and across jurisdictions which is very important from a due diligence perspective. Another disadvantage of using Google is that if there is some adverse news, it would appear multiple times and across many pages making it a nightmare from a banking compliance angle. But these new NLP based technologies can read these articles and understand that they are all similar and thereby "deduplicate" / "auto discount" similar articles.....

The other day I was talking to a team of fin crime persons at a large bank and they said that they are still using Google because they believe that anything adverse will "anyway appear in the top 10 hits" ....but my friends... thats NOT GUARANTEED and NOT CONSISTENT and NOT AUDITABLE !!
September 22, 2016 | Unregistered CommenterTapan
Dan, this started out as a good read and highlights an area that does need more focus and discussion. I initially didn't understand why you were not calling out some of the tools that investigators should be using to perform adequate CDD and EDD investigations, that is until I read the authors byline. Your technical background over the past sixteen years should have added a more in-depth look at all tools available and do a comparison on what makes one better then the next. Bank investigators are already overworked and under resourced, as your article points out. People read this forum to help educate themselves on regulations, what to do, the tools to do it with, and how to be more efficient. What started out as a promising article, quickly fell short by turning it into a marketing piece.
September 22, 2016 | Unregistered CommenterWalter Donaldson CFE
I have to agree with Walter. I started reading this article with much anticipation, being active in our companies Due Diligence process myself. But again I find that the problems already known to us in the field (the sheer volume of information and finding the proverbial needle in the haystack), are identified but no solution other than 'buy our products' is given.

As we are not all affluent compliance departments and compliance is not the core business of our company, we need practical tips on risk assessment and research instead of an article about the shortcomings of our way of working and a general promotion of expensive software.
September 26, 2016 | Unregistered CommenterWendy Bouman
I echo some of the comments above, especially with the cost issue for smaller banks. Having consulted with a bank in the Caribbean, most of whose customers are local legal entities, we tried some of the better known and larger services - and never found any of the local legal entities listed in their databases. So even though the costs were painful - there was nothing gained during the trial periods for 3 of the large database companies.
Google and other public databases are the only ones available for those smaller banks dealing in regions other than the US and Western Europe, which seem to be those covered by the larger database organizations.
The best advice is to search local news organizations and/or police records to determine if the legal entity and/or UBOs appear.
September 26, 2016 | Unregistered CommenterCarolyn Vick

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.