The email arrived earlier this week from my friend the Vendor. He and his team are working on a proposal for a client, he told me: a dashboard application, driven by Big Data analytics, that would sit on the desktop of a chief compliance officer or general counsel. So if that dashboard were going to present 10 to 12 key data points to a CCO—what data points would I recommend?
First, my friend the Vendor works at a top-tier software business. When he says his firm is working on a Big Data project suitable for compliance officers at Fortune 500 companies, his firm can do it. Second, of course the immediate answer to his question is, “It depends on the company.” The dashboard metrics important to a CCO in oil & gas will not be the same as those important to someone in banking or retail.
We can all agree to those points. Still, my friend the Vendor’s question has a delicious openness to it—what metrics would any compliance officer want to see on a dashboard every day? “As I hit my desk in the morning,” he wrote, “what do I need to have access to on an ongoing basis at the 30,000 foot level?”
So let’s work our way through the problem.
The starting point should be to ask, what worries compliance officers and general counsels the most? That is easy enough to answer at a high level: you worry that risks the company has are metastasizing beyond your comfort zone. A dashboard should show you which risks may be doing that at any given time.
The next question, then, is what types of risk cause CCOs and GCs the most worry? If we want to be industry-agnostic here, then again, the question is easy enough to answer at a high level: supply chain misconduct, employee misconduct, and regulatory probes. (Cybersecurity might be a large enough risk to name here too, but not necessarily for all companies—so for the sake of simplicity, I’m going to shunt that one off to the CIO’s dashboard.)
My friend the Vendor wanted a dashboard with 10 to 12 total metrics displayed, so that would be three or four metrics for each of those three risk categories above (supply chain misconduct, employee misconduct, and regulatory probes). In that case, we might configure a dashboard that looks something like…
Supply chain misconduct
- Number of third parties or business partners with unclear beneficial owners, or owners who are Politically Exposed Persons;
- Critical suppliers where no anti-bribery training or audit is included in the current contract;
- New suppliers (on-boarded this quarter) where the due diligence checklist is incomplete.
- “Critical” whistleblower allegations (for example, FCPA or financial fraud allegations, or allegations of retaliation);
- Exception requests for travel & entertainment policies, perhaps segmented by geography or employee seniority;
- Compliance training completion rates (an evergreen metric suitable for any dashboard).
- Open investigations: perhaps by length of time open, but ideally something more informative like “cases approaching final disposition”;
- Potential damages or some similar metric to denote potential penalties;
- Some metric that categories all your regulatory probes—perhaps by geography, or regulator, or nature of the problem (environmental, financial, worker safety, etc.); the goal is to find any patterns in what is attracting regulatory scrutiny.
And remember, my friend the Vendor said he wants to build a dashboard driven by Big Data analytics. I define that as using multiple points of data to gain better insight about one question—so each of those 10-12 metrics should, ideally, be built on several points of data that give the CCO a better sense of what’s going on.
For example, you don’t want a metric about whistleblower allegations that only tells you how many complaints you have; you want a metric that categorizes them by nature of complaint, or division of the company that’s complaining. Likewise, a metric that monitors new vendors with incomplete due diligence should also track which business units are on-boarding these laggard third parties.
As you can see, the guts behind this dashboard are now pretty unwieldy: several dozen “lines of data” all feeding into one interface for the chief compliance officer to read. Many vendors can make the technology of that project work, but the success really hinges on your own company processes to collect that data in the first place. For example, if you want a metric to tell you which new vendors have not completed due diligence, and your source for that data is Fred from Procurement, who enters the records manually in Excel and then uploads them to the dashboard every two weeks—suffice to say, you’ve gone against the spirit of Big Data analytics.
Those are my ideas for a dashboard useful to CCOs, at least—and since every company has specific needs, the total number of possible metrics is endless. Thoughts? What would you want to see on your dashboard?