Talking Compliance Analytics at AB-InBev
We have another Radical Compliance podcast today, this time looking at data analytics and integration challenges at the largest beer brewer in the world: Anheuser-Busch InBev. For anyone considering more analytics in your compliance program (which should be all of you) this chat with Matt Galvin, vice president of ethics and compliance at AB-InBev, is worth a listen.
As always, you can hear the full conversation by listening to the MP3 file posted above. It’s 30 minutes long, but worth it. Galvin describes the situation confronting him when he launched “BrewRight,” the name of InBev’s analytics project; along with lessons learned, best practices he recommends to others, and broader thoughts about machine learning and its implications for policy management generally.
I have a few quick observations below, too.
A Complex Backstory
AB-InBev today is the result of a merger that happened in October 2016, where InBev spent $100 billion (gulp) to acquire SABMiller. While that deal was preparing to close, AB-InBev was also trying to wrap up an FCPA investigation into bribery offenses in India. In late 2016, then, Galvin had two moving targets: resolution of the FCPA probe, and prep work for the integration that would happen once the merger closed.
Two weeks before the merger closed, AB-InBev settled its FCPA investigation ($6 million penalty from the SEC, no Justice Department charges). So AB-InBev picked up ongoing reporting obligations as part of its FCPA settlement, just as the company was acquiring SABMiller, a sprawling enterprise working as dozens of decentralized operating units, many doing business in high-risk jurisdictions. Lovely.
Galvin says the guidance he found “was not particularly well-suited to integrating a compliance function, as opposed to doing a whole lot of diligence.”
Sure, Galvin could dispatch squads around the world for random snapshots of due diligence, but that’s all he would get: random snapshots of compliance activity, across an enormously diverse operation. That wouldn’t give him assurance over time, unless he kept repeating the exercise over and over.
Well, as he said, “This idea of random audit, rinse, repeat, wasn’t particularly attractive.” Hence he began building BrewRight.
Analytics vs. People
Overall, Galvin talked about the tug-of-war between computer-driven analytics and human employees who want to do their jobs as simply as possible. That’s a tricky balance to strike, because analytics still largely requires structured data — information recorded and formatted in precise ways, so the computers can do their thing.
People, however, use unstructured data all the time. We casually interchange “EY, “E&Y,” “Ernst,” and “Ernst & Young” all for the same Big 4 firm, because we all understand that those words refer to the same thing. Computer programs don’t. Hence you end up with four different records for the same firm in your third-party database, and then swear at your computer screen.
So where is the right balance? Impose too many policies on your employees to generate data in the structure you want (“EY from now on or you’re fired”), and they’ll develop workarounds to the rules you put upon them. Give employees too much leeway, and you spend boatloads of time harmonizing different piles of data so the analytics program can churn through it all.
Impose too many policies on your employees to generate data in the structure you want, and they’ll develop workarounds to the rules you put upon them. That’s the challenge with compliance analytics at large firms.
That’s the true challenge with compliance analytics at large firms. Galvin solved it through lots of painstaking data harmonization, but he raised an intriguing point in the podcast: that artificial intelligence and machine learning are accelerating so quickly, an investment there might save you lots of toil on harmonization, while the carbon-based intelligence keeps doing its own thing.
“I wonder, if I were starting again, having spent years creating more and more structured data — whether that will continue to be the approach,” Galvin said. “Or will the robots learn how to deal with people better, rather than train people to deal with the robots better?”
Today that’s an open question. I don’t think will be by, say, 2025.
More AI in Action
BrewRight now has specific, tangible benefits. For example, imagine a Latin American construction firm caught fixing contracts, and luxury suites at World Cup games were part of the bribe. InBev executives might want to know: Did we sponsor any suites at those games?
Historically, InBev (or any other firm) would launch an investigation with squads of specialists sifting through expense records, all billing their time back to InBev by the hour. Then comes a meeting to review the findings, then more time to narrow the focus, and then the investigators start the cycle all over again. “It’s an inelegant way to conduct investigations,” Galvin said, “but it’s how investigations have always been done.”
Now Galvin can hire an intelligence firm to identify all parties involved in a scandal, and then use BrewRight to cross-reference those names against InBev’s vendor list and payment patterns. Galvin and his team end up working on “enhanced investigations from a very small pool.”
I hear similar concepts a lot from financial firms trying to implement AI for anti-money laundering compliance. Most suspicious activity reports are false positives, wasting compliance staffers’ time. AI seeks to reduce the false positives, so compliance teams are left with fewer reports that need more human attention, because they’re more suspicious.
That’s exactly what Galvin has done with BrewRight, in an anti-corruption context. “By having all the data together you can make better management decisions,” he said.