Apply Data Science in Ethics, Risk and Compliance Field

By Shine Yao, Integrity & Compliance Operational Excellence, APMA at Novartis and Ren Teng, Founder of Intelligent Ethics

 

As Ethics, Risk and Compliance (ERC) professionals, we might have heard the buzzwords like big data analytics, machine learning, data visualization etc. However, the application of these digital tools is still in its infancy, and questions remain in how we can utilize them to obtain meaningful insights to drive decision, how we can automate the learning process so that we can stay ahead of the curve, how we can enhance the effectiveness of our ERC program while keeping the cost down. Today we would like to share some of our thoughts on this emerging trend and our learnings from real-life experience.  

 

Let’s start from the pharmaceutical industry, which heavily relies on the interactions with healthcare professionals (HCP) by thousands of sales representatives on a daily basis. Companies operating in high-risk countries such as China have invested huge amount of resources to ensure compliant interactions and ethical behaviors of their sales forces. For example, many companies in China deployed spot check programs to check small medical meetings by sending an independent person to monitor onsite. In addition, companies will check large amount of the sales forces meeting reimbursement document. These might seem to be powerful controls at first glance, but it also suffers from some innate weaknesses. First, it is only practical to cover a small portion of the total universe, second, the sample selection is somewhat random or arbitrary with some adjustment on known risks; thirdly, the quality is questionable due to complex local situations, experience level of the people who perform those checks. In some spot check instances, there are emerging signs that spot checkers could easily collude with the sales forces; finally yet importantly, the cost! Companies could easily spend millions of dollars on those programs.

 

Data science is capable of analyzing large amount of data and come up with targeted meetings and reimbursement payments based on the various learned high risk indicators e.g. same physicians attend different meetings on the same day etc. It can effectively risk score each meeting, payment and allow us to sample high-risk meetings and payments to conduct checks. Data science can also identify unknown high risks indicators and behavior patterns that contributed to the non – compliant issues amongst hundreds of variables that would otherwise be nearly impossible for a human to detect. We can also use data science to construct a machine-learning model that “digest” the results of the high-risk meetings, payments check, learn and adapt its calculations to minimize false positives (“the noise”) and maximize the accuracy of high-risk meeting and payment sampling process.

 

On top of the traditional data sources which companies select samples for spot check and payment check e.g. meeting registry system, payment system, we can consider adding other data sources such as CRM, sales target setting and performance tracking data, HR data etc. Machine learning is able to analyze such a large amount of interlinked data. And, the more data feed into the machine-learning model, the more robust of the output will be, the more solid insights it can produce.

 

Firstly, we can reduce the volume of spot checks and payment checks – check less, but more targeted to high risk issues. It can help increase the effectiveness of spot check and payment check program from 5-30% to over 90%. Secondly, by automate the learning process we can predict where the risks might emerge. When new samples are selected and results are feedback to the model, the model can self-learn and adjust its way of risk calculation. In our experience, the machine learning models was able to pick up new risk indicators shortly after some sales team changed their behaviors because company changed compliance policies on sales activities. Lastly, data analytics supported by data visualization tool can help companies identify potential systematic issues and reveal the root-cause of those issues. We identified a group of sales representatives in a few sales teams that had colluded with each other, conducted fake meetings or inflated meeting expense. When further analyzed the CRM data, sales target setting and performance tracking data, HR data etc, together with interviews through investigation, we found that the team had various business management, leadership and capability issues that contributed to the group fraudulent activities. This helped management to address the root-cause quickly, proactively managed some potential blind spots and prevented future issues from happening, instead of running into a vicious cycle: investigate fire and hire new person. If the root-cause is not properly identified and solved, the new sales team hired will end up with the same results.

 

If we connect with more unstructured data source e.g. document, emails, communications, we can build more comprehensive behavior measures into the machine-learning model. This would provide some early warning signs at behavioral level, so that intervention on individual and organizational behaviors can be done, and this in turn shapes the culture of the organization and prevent the “ethical fading” early on. 

 

A background check for a third party (including individual) can extract and analyze disparate data points from various systems and unstructured public open source data that historically have rarely been linkable. For instance, examining into information from social media, email, text messaging, photos, trades, and travel and entertainment and so on can uncover hidden relationships with high-risk parties, such as government officials or organized crime. Furthermore, companies can take advantage of the data analytics to provide ongoing monitoring and intervention, such as a tailored training program for third party and its employees based on identified risks.

 

We’ve seen that companies start to hire data scientists or engage professional firms. These are good starting points, but far from enough. Companies should establish ERC data analytics strategy as part of the overall ERC strategy and align with the digital strategy of the company. Invest in people, develop digital ERC leaders who can collaborate with various functions, communicate with different stakeholders and transfer technology into meaningful and impactful application.

 

“Science” as it is called; we shall never forget that ethics, risk and compliance is both science and art. As ERC professionals, we shall be agile enough on one hand to embrace technology, but also not to lose the human touch on the other. Data science can help repurpose ERC team’s work on higher value-added tasks, focus our efforts on the “art” part, which are change management, business partnering, valuable advice, enable open and candid discussions and shape ethical culture in the company. which in aggregate and over long-term, defines the culture of the company (and this is the ultimate control).