Harry Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Richard L. Cassin Editor at Large

Elizabeth K. Spahn Editor Emeritus 

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Bart M. Schwartz: Why independent compliance reviews are ‘forward thinking’ | Main | Aruba telecomms official jailed three years for laundering bribe money »

Lindsay Columbo: Sloppy data can ruin a compliance program

It may not be intuitive for a compliance department to dig into the completeness, consistency and organization of a company’s employee and customer data. But the integrity of the data impacts almost every automated compliance solution a company implements.

Automated systems used for compliance training, anti-corruption procedures, due diligence and reporting all have touchpoints to a company’s employee or customer data. Unfortunately, if a company’s data records contain duplicates, inconsistent information, missing information, and so on, all of the beneficial features of the automated systems essentially become useless.

Discovering “messy” data can create an unexpected, heavy cleanup project. It can also force an entire implementation project to be put on hold or called off, stalling progress and growth of a maturing compliance program.

As a quick fix, however, a company may be able to push forward with the integration of a new compliance system despite the presence of data integrity issues. If a company is seeking to stand up a new compliance due diligence screening tool, for example, it will not necessarily need to submit a minimum or consistent amount of data fields to perform an adequate screening on an individual. In fact, submitting fewer fields of data casts a wider net, achieving a larger number of result that will require review.

And depending on the system being implemented, a customer may be able to directly connect and integrate its existing ERP or CRM system that holds employee or customer data with the due diligence screening solution. This type of connection is often done through an application programming interface or API.

By establishing a connection between the two systems, employee or customer data can be automatically pulled into the screening solution “as is” from the ERP or CRM platform to be screened. Taking this approach eliminates having to perform any pre-screening clean-up of the data, a task that would be necessary if data were uploaded via a manual batch processes.

There are drawbacks to taking the Band-Aid approach described above.

Submitting incomplete, inconsistent data hinders such technology from delivering a lower total cost of ownership to a company. While automation through system connections can provide for a satisfactory solution for the short term, it ultimately avoids the underlying issue of the data’s integrity and need for cleanup. It could even allow the issue to perpetuate until it is uncovered through another relevant implementation initiative or by another department.

Moreover, a quick fix such as the one described above prevents a robust and powerful compliance screening system from operating at its maximum potential and from providing users with a lower total cost of ownership.

For instance, one of the most common ways to reduce false positives resulting from automated due diligence screening of employee or customer data is to submit as much information as possible. The more fields of information the system captures, the fewer the false positive that will be generated, leading to increased precision and efficiency within an organization’s operations and workflow. Essentially, retrieving a greater amount of results by inputting fewer fields is not necessarily a good thing.

Ensuring quality data is critical not only for purposes of optimizing compliance procedures, but also for many other touchpoints within an organization. At the end of the day, investing in resources to get through the tedious task of data cleanup may be worth prioritizing prior to investing in technology.


Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and screening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.

Reader Comments (1)

Great post Lindsay -- the reports typically pulled by a compliance program are only as good as the data that feeds them. I formerly worked for a vendor of a major company in the oil & gas sector, which used an automated program to monitor its vendors' compliance with federal regulations on drug & alcohol tests in accordance to PHMSA & FMCSA. When I temporarily took over the functions that involved reporting that data, I found that not all of our records were uploaded into the compliance program so it was causing us to be flagged as 'out of compliance', which hurt our ability to work for that company. Missing or bad data can cause troubles for both the party doing the monitoring and the party being monitored.
July 1, 2018 | Unregistered CommenterRandall Moore

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.