Regulatory and Ethical Compliance Global Trends · ©2014 Deloitte LLP. Private and Confidential...
Transcript of Regulatory and Ethical Compliance Global Trends · ©2014 Deloitte LLP. Private and Confidential...
Regulatory and Ethical Compliance Global Trends
Ian Bennington
September 2014
©2014 Deloitte LLP. Private and Confidential
Global compliance trends
1. Compliance data analytics
2. Enhancing third party due diligence
3. Compliance metrics and dashboards
4. Enhanced monitoring and assurance
Ian Bennington
Regulatory & Ethical Compliance - UK Lead
+44 (0)207 0078 622
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Trend 1: Compliance data analytics
Presentation title 3
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Finance
HR
T&E
CRM
Excessive claims behaviour
Repetitive claim behaviour
Abuses of allowance limits
Regulatory breaches
Source data systems Examples of behaviour detected
Duplicate claim behaviour
Excessive policy exception requests
Specific pre-built test
In-proper distribution of samples
Improper HCP engagement
Payments to non-approved vendors
Expense claims containing key words of interest
Duplicate claims across employees
Biggest volume of policy exceptions approved
Product calls on weekends
Potential duplicate claims from an employee
Biggest volume of policy exceptions approved
Products given away in biggest volume
HCP’s receiving biggest number of product calls
Payments to non approved vendors
Compliance Data Analytics Benefits driven by data and analytics
“The results are
good and the
report is useful”
“Report has gone down well,
producing interesting results
across the three systems”
“Reports have helped to
identify how to improve
the mapping to ERM data”
“A great project
which produces very
useful reports “
“Impressed with the reports and the work completed by the team”
Refreshed quarterly
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Compliance Data Analytics Analytics Can Be Leveraged to Detect Time and Expense Anomalies
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Compliance Data Analytics Example Dashboard for Monitoring Activities and Transactions
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Trend 2: Enhancing third party due diligence
Presentation title 7
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Third party due diligence Third party review process
Rank third parties according to initial risk factors found in the data.
Gather and prepare incoming third party data.
Enrich the universe of third party data with public record research and checks against watch lists.
Due Diligence on high-risk third parties using public record research and/or enquiries through human sources.
Prioritise third parties for risk-proportional levels of follow-up research.
Identify the nature of relationships held with third parties and the associated level of risk.
Illustrative Key Third Party Relationships
Supply Side • Contractors • Service providers • Suppliers • Transporters
Demand Side • Agents • Distributors • Franchisees • Operators
Services • Accounting • Benefits • Billing • IT service providers • Outsourced services • Travel
Licensees • Intellectual property
licensees • Joint developers • Regulatory approvals
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Third party review process Key areas of focus of the due diligence process
Noteworthy issue
Activities
Professional reputation
Litigation
Government links
Registration details
The key skills required to conduct this work
Jurisdiction-expertise
Language skills
Research experience
Analytical skills
Commercial knowledge
Fraud awareness
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Third party due diligence Third Party Surveys to assist in assessing and ranking corruption risk
25
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Third party due diligence Case Study – Beijing XXX Life Sciences Products Co Ltd
Background – standard due diligence performed on a prospective sales partner in
North China (name amended)
Key findings:
Corporate registry records show that the company is fully registered with the
Chinese government; is permitted to engage in the sale of the client’s category of
products; and is 60%-owned by the Chinese state;
Chinese media reports commenting that the company has extensive experience in
the sector, but that 90% of the its sales are now estimated to be made to government
entities or state-owned organisations;
Searches of Chinese online forums identifies numerous allegations of the former
company employees’ involvement in bribery; and
Beijing court litigation records identifies former executives at the company as
having paid bribes to government officials to win business.
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Trend 3: Compliance metrics and dashboards
Presentation title 12
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Compliance metrics and dashboards Objective and approach
Objective of metrics:
- To provide a dashboard to allow management to understand the
status and trends of compliance across the business
- To create a system of measurement that will allow controls to be
continuously assessed and tested business units and locations
Approach: two different types of metrics:
1. Programme metrics: metrics that are produced from the results of
actual monitoring that takes place on the ground.
2. Key risk metrics: that can be used to identify when a control is under
pressure, in breach or needs more investigation
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Compliance metrics and dashboards Illustrative metrics
Key risk metrics: indicators of control performance Programme metrics: based on testing
Business
activity
Minimum
Control
Standard
Pro
gra
mm
e
me
tric
Re
fere
nc
e
Me
tric
Me
tric
Th
resh
old
NA
Ph
arm
a
EM
AP
&J
Ph
arm
a
EU
Ph
arm
a
Co
ns
um
er
Vaccin
es
R&
D
GM
S
HCP Fee
for service
engageme
nts
Management
review and
approve each
proposal to
contract a Health
care professional
(HCPs).
15
%
Key
metric 1
Number of contracted
HCPs 10 19 0 2 3 4 5 2
Key
metric 2
Total value of HCP spend £20K £22K 0 £45K £15K £14K £19K £13K
Key
metric 3
Number of HCPs that are
forecast to breach annual
fees cap
0 0 0 2 0 0 0 0
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
15
2.6
2.7
2.8
3.6
Operations
Pro
du
ct L
ife
cycle
Ma
na
ge
me
nt
2
.1
Custo
me
r R
ela
tio
nsh
ip M
an
ag
em
en
t 2
.2
Pro
ject
Ma
na
ge
me
nt
2.3
Su
pp
ly C
ha
in M
an
ag
em
en
t 2
.4
Rea
l E
sta
te, P
rop
ert
y, P
lan
t a
nd
Fa
cilitie
s
2.5
Hum
an
Reso
urc
es
En
vir
on
me
nt,
He
alth
an
d S
afe
ty
Info
rma
tio
n T
ech
no
log
y
Financial
Tre
asu
ry a
nd
In
ve
stm
en
t M
an
ag
em
en
t 3
.1
Acco
un
tin
g a
nd
Fin
an
cia
l R
ep
ort
ing
3
.2
Con
tro
llin
g
3.3
Ta
x
3.4
Cap
ita
l S
tru
ctu
re
3.5
Gu
ara
nte
es, P
en
sio
ns, In
su
ran
ce
an
d
Le
tte
rs o
f C
red
it
Compliance
An
ti-B
rib
ery
an
d A
nti-C
orr
up
tio
n
4.1
An
ti-F
rau
d
4.2
Oth
er
Le
ga
l a
nd
Re
gu
lato
ry
4.3
An
ti-T
rust
4.4
Exp
ort
Con
tro
l a
nd
Cu
sto
ms
4.5
Strategic C
orp
ora
te G
ove
rna
nce
1
.1
Ris
k a
nd
In
tern
al C
on
tro
l
1.2
Inte
rna
l A
ud
it
1.3
Corp
ora
te S
usta
ina
bility
1.4
Str
ate
gy, P
lan
nin
g a
nd
Re
so
urc
e
Allo
ca
tio
n
1.5
Ma
rke
t D
yna
mic
s /
Exte
rna
l F
acto
rs
1.6
Ma
jor
Initia
tive
s
1.7
Me
rge
r, A
cq
uis
itio
n a
nd
Div
estitu
re, C
arv
e
Ou
t, P
ost
Clo
sin
g, R
em
ain
ing
Bu
sin
ess
1.8
Com
mu
nic
atio
n a
nd
Sta
ke
ho
lde
r
Rela
tio
ns
1.9
Pre
ve
ntive
Cri
sis
M
an
ag
em
en
t a
nd
Bu
sin
ess C
on
tin
uity
1.1
0
Qu
ality
Ma
na
ge
me
nt
1.1
1
Se
cu
rity
2
.9
Division A
Cross-Division
Functions
Division B
Division C
Regional
Clusters
Corporate Units
Priority 1 Priority 2 Priority 3 Compliance
Deficiencies:
Risk Exposure Level:
Extract from a Board Pack – Demonstrates Level of Reporting Available
Compliance metrics and dashboards Illustrative dashboard
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Trend 4: Enhanced monitoring and assurance
Presentation title 16
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Forensic investigation
Compliance audits
Assurance reviews
Compliance framework
Enhanced monitoring and assurance
Identifying the standards of ethics and integrity ‘on the ground'
Investigations of alleged violations
Providing assurance over design and
rollout of compliance frameworks
Designing and implementing
compliance frameworks
• Focussed 2nd line
compliance audits - part
of the Compliance
Framework
• Full coverage of markets
• Evidence & event testing
- going beyond controls
testing
• Extensive planning work
and data analytics
• Public information and
background checks
• Interviews with third
parties
2nd line audits designed to provide
evidence of the standards of ethics
and integrity on the ground
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Benefits of enhanced monitoring and assurance
Mitigate risk of
significant regulator
fines and
enforcement
Mitigate risk of
significant regulator
fines and
enforcement
Increasing
regulatory
requirements – e.g.
Sunshine Act, UKBA
Increasing
regulatory
requirements – e.g.
Sunshine Act, UKBA
Early warning of
issues
Early warning of
issues
Enhanced
compliance
environment
Enhanced
compliance
environment
Help management to
get it right
Help management to
get it right The devil is in the
detail
The devil is in the
detail
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
Illustrative examples of findings from enhanced
monitoring and assurance
Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)
© 2014 Deloitte LLP. Private and confidential.
This is an internal document which provides confidential advice and guidance to partners and staff of Deloitte LLP and its subsidiaries. It is not to be copied
or made available to any other party.
© 2014 Deloitte LLP. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited