Are you ready for a new chapter in anti-corruption enforcement?

Investigations Insider | Analytics and rigorous assessement can help companies improve their compliance posture

Chris Schneider

Chris Schneider

Managing Director, Forensic Dispute Advisory Services, KPMG LLP


Jonathan Zdimal

Jonathan Zdimal

Partner, Advisory, Forensic, KPMG US

+1 202-533-3209

On June 3, 2021, the White House issued a memorandum announcing anti-corruption as a core national security interest. The Biden Administration is expected to increase Foreign Corrupt Practices Act (FCPA) enforcement settlement values, while also increasing the pace of initiating new FCPA investigations1.

No one can say exactly what the emerging FCPA trends will be, but we expect continued robust enforcement and increased coordination with foreign and domestic authorities. If indeed we are entering a new chapter in FCPA enforcement, companies need to ask themselves what they need to address these changes and better demonstrate compliance.

Analytics — the new table stakes for compliance

An increasing number of companies are using data analytics, artificial intelligence, and machine learning to monitor the effectiveness of their compliance programs and identify potential misconduct.

The use of data analytics by regulators also continues to grow and is expected to be leveraged as a critical tool in developing cases. The US Department of Justice’s Criminal Division recently released its annual Year in Review report, and, for the first time since the creation of the Data Analytics Team (“the team”), the 2021 edition of the Year in Review provided statistics on the team’s work. The team of seven analysts completed 5,327 data requests and gave 385 proactive investigative referrals2.

Analytics can be used to analyze massive amounts of data to isolate transactions of possible interest and identify emerging risk trends across geographies, business segments, and functions. Analytics can also measure the effectiveness of policies, processes, controls, and training while supporting a feedback loop to strengthen monitoring mechanisms.

With a properly designed analytics platform, companies can leverage root-cause analysis and identify commonalities across transactions of interest from prior investigations or internal audits. This helps evaluate whether similar risks might be present in other geographies, business segments, and functions. Analytics can also provide insights to refine scoping concepts for internal audit, third-party audits, and compliance assessments for specific regions and countries.

Analytics focused on addressing FCPA concerns typically focus on time and expenses, but there are a number of analytics routines over the “Procure-to-Pay” process and indirect sales channels that can also help identify FCPA risks. Some examples of these routines include:

  • Identifying instances where the total number of a recent invoices received from a third party are significantly higher than the average number of transactions over the past 6-12 months;
  • Identifying payments to third parties where there are no associated invoices and/or purchase orders;
  • Identifying anomalous quantities purchased from a vendor at a date nearing the end of a fiscal quarter;
  • Identifying instances in which the company returns a volume of product that is in excess of the amount of the product it had previously purchased; and
  • Identifying instances in which a customer received a quantity of free goods in excess of the amount it had purchased or a higher average quantity of free goods than other customers in the same channel.

To enhance their analytics capabilities, companies can ask questions such as the following:

  • Have we thoroughly reviewed personnel (i.e., breadth and depth of resources, competencies, etc.), IT infrastructure, data quality, and other potential challenges and/or limitations to make sure we have the proper infrastructure to support the analytics?
  • Can we determine where and how data analytics can align with our compliance efforts?
  • Do our compliance and control personnel have sufficient access to relevant sources of data to allow for effective monitoring and testing of policies, controls, and transactions?
  • What are the impediments to obtaining relevant sources of data? How should we address the impediments?
  • Is there new information (or data characteristics) that we should capture on a go-forward basis that will help enrich datasets and increase the value and usefulness of analytics?

Personal devices, potential problems

Companies should also increase their attention on alternative messaging platforms and determine how they affect FCPA compliance. Platforms like Whatsapp are here to stay, and they have been adopted as a primary channel of communication as more people work from home. In certain jurisdictions, we have observed an increase in the usage of third-party messaging platforms on personal devices to discuss company business matters.

Alternative messaging platforms and personal devices present certain risks, including potentially impairing a company’s ability to retain important business records. For example, by using an alternative messaging platform instead of company e-mail, an employee could privately negotiate sales compensation levels or contractual terms with a customer that could impact revenue recognition or enter into kickback and/or bribe arrangements — while impeding the company’s ability to detect these illegal activities under traditional email searches or audit and compliance approaches.

In the face of these issues, companies need to consider a number of potential risks:

  • What is the most current guidance from the regulators (both from a U.S. and foreign country perspective)?
  • Is the company retaining business records and appropriately prohibiting the destruction and deletion of documents?
  • Does the company have policies and controls regarding the use of alternative messaging platforms to conduct company business?
  • Should the company implement policies and controls to restrict the use of personal devices for company business?
  • Should the company seek consent to access information when personal devices are used?

The increased risk of third parties

Stanford Law School estimates nearly 90 percent of FCPA matters alleging bribery involve third-party intermediaries3. These can include distributors, customs brokers, suppliers, and other agents. Third parties often present higher levels of risk related to data security and privacy.

Companies are often challenged to keep constant vigilance over every supplier, distributor, partner, and business associate across their global portfolio of third-party providers. Analytics, however, can help manage these third parties using a risk-based approach. For instance, testing of transaction within a company’s accounting system can highlight high-risk accounts, unusual trends in level of spend, potential conflicts of interest, and trends across geographies, subsidiaries, and divisions that deserve additional scrutiny. Analytics can also support risk-based due diligence when acquiring a third party as well as monitoring third-party performance and compliance.

Companies can also take a hard look at their own standards and governance:

  • What are the company’s policies and procedures related to customs brokers, permitting, and licensing?
  • What are the company’s standard practices regarding third-party donations and sponsorship?
  • Are travel and entertainment costs properly tracked and monitored using risk-based approach?
  • Is the company properly monitoring for sanctions?

Better compliance for better business

Increased compliance helps everyone. As the DOJ has outlined in its FCPA resource guide: “When business is won or lost based on how much a company is willing to pay in bribes rather than on the quality of its products and services, law-abiding companies are placed at a competitive disadvantage—and consumers lose.”

Now is the time for companies to undertake a thorough assessment of their FCPA compliance program. An effective program and a strong control environment can help stop an FCPA violation before it happens. Backed by effective analytics and rigorous assessments, successful companies can turn compliance into a competitive advantage in an increasingly complex business world.

Key takeaways:

  • The number of FCPA enforcement cases and their settlement values are expected to increase under the Biden administration.
  • Companies are increasingly leveraging data analytics, artificial intelligence, and machine learning to monitor the effectiveness of their anti-bribery and corruption programs and to identify potential misconduct.
  • Companies need to carefully monitor how their employees use alternative messaging platforms and personal devices and how that can impact the risk of non-compliance.
  • Companies can use analytics to manage the increased levels of risk presented by third-party suppliers, brokers, distributors and other agents.

KPMG LLP does not provide legal services

On-Call Investigation Services

Fraud allegations require a swift response and skilled resources. When fraud occurs in a global setting, it is essential to perform a thorough investigation.

Fraud allegations require a swift response and skilled resources. When fraud occurs in a global setting, it is essential to perform a thorough investigation.