Regulatory and Ethical Compliance Global Trends · ©2014 Deloitte LLP. Private and Confidential...

Regulatory and Ethical Compliance Global Trends

Ian Bennington

September 2014

©2014 Deloitte LLP. Private and Confidential

Global compliance trends

1. Compliance data analytics

2. Enhancing third party due diligence

3. Compliance metrics and dashboards

4. Enhanced monitoring and assurance

Ian Bennington

Regulatory & Ethical Compliance - UK Lead

[email protected]

+44 (0)207 0078 622

mailto:[email protected]

Deloitte UK screen 4:3 (19.05 cm x 25.40 cm)

© 2014 Deloitte LLP. Private and confidential.

Trend 1: Compliance data analytics

Presentation title 3



Finance

HR

T&E

CRM

Excessive claims behaviour

Repetitive claim behaviour

Abuses of allowance limits

Regulatory breaches

Source data systems Examples of behaviour detected

Duplicate claim behaviour

Excessive policy exception requests

Specific pre-built test

In-proper distribution of samples

Improper HCP engagement

Payments to non-approved vendors

Expense claims containing key words of interest

Duplicate claims across employees

Biggest volume of policy exceptions approved

Product calls on weekends

Potential duplicate claims from an employee

Biggest volume of policy exceptions approved

Products given away in biggest volume

HCP’s receiving biggest number of product calls

Payments to non approved vendors

Compliance Data Analytics Benefits driven by data and analytics

“The results are

good and the

report is useful”

“Report has gone down well,

producing interesting results

across the three systems”

“Reports have helped to

identify how to improve

the mapping to ERM data”

“A great project

which produces very

useful reports “

“Impressed with the reports and the work completed by the team”

Refreshed quarterly

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=Z0PGNtEvrGbdPM&tbnid=xLkDI5z7a8ExoM:&ved=0CAUQjRw&url=http://www.softicons.com/free-icons/web-icons/globe-icon-by-cemagraphics/globe-icon&ei=_5VOUt6vC8HatAboxYGADg&bvm=bv.53537100,d.bGE&psig=AFQjCNFonPrmjhzCpfyMHGcgrwZauxHcdA&ust=1380968311532407



Compliance Data Analytics Analytics Can Be Leveraged to Detect Time and Expense Anomalies



Compliance Data Analytics Example Dashboard for Monitoring Activities and Transactions



Trend 2: Enhancing third party due diligence




Third party due diligence Third party review process

Rank third parties according to initial risk factors found in the data.

Gather and prepare incoming third party data.

Enrich the universe of third party data with public record research and checks against watch lists.

Due Diligence on high-risk third parties using public record research and/or enquiries through human sources.

Prioritise third parties for risk-proportional levels of follow-up research.

Identify the nature of relationships held with third parties and the associated level of risk.

Illustrative Key Third Party Relationships

Supply Side • Contractors • Service providers • Suppliers • Transporters

Demand Side • Agents • Distributors • Franchisees • Operators

Services • Accounting • Benefits • Billing • IT service providers • Outsourced services • Travel

Licensees • Intellectual property

licensees • Joint developers • Regulatory approvals



Third party review process Key areas of focus of the due diligence process

Noteworthy issue

Activities

Professional reputation

Litigation

Government links

Registration details

The key skills required to conduct this work

Jurisdiction-expertise

Language skills

Research experience

Analytical skills

Commercial knowledge

Fraud awareness



Third party due diligence Third Party Surveys to assist in assessing and ranking corruption risk

25



Third party due diligence Case Study – Beijing XXX Life Sciences Products Co Ltd

Background – standard due diligence performed on a prospective sales partner in

North China (name amended)

Key findings:

Corporate registry records show that the company is fully registered with the

Chinese government; is permitted to engage in the sale of the client’s category of

products; and is 60%-owned by the Chinese state;

Chinese media reports commenting that the company has extensive experience in

the sector, but that 90% of the its sales are now estimated to be made to government

entities or state-owned organisations;

Searches of Chinese online forums identifies numerous allegations of the former

company employees’ involvement in bribery; and

Beijing court litigation records identifies former executives at the company as

having paid bribes to government officials to win business.



Trend 3: Compliance metrics and dashboards




Compliance metrics and dashboards Objective and approach

Objective of metrics:

- To provide a dashboard to allow management to understand the

status and trends of compliance across the business

- To create a system of measurement that will allow controls to be

continuously assessed and tested business units and locations

Approach: two different types of metrics:

1. Programme metrics: metrics that are produced from the results of

actual monitoring that takes place on the ground.

2. Key risk metrics: that can be used to identify when a control is under

pressure, in breach or needs more investigation



Compliance metrics and dashboards Illustrative metrics

Key risk metrics: indicators of control performance Programme metrics: based on testing

Business

activity

Minimum

Control

Standard

Pro

gra

mm

e

me

tric

Re

fere

nc

e

Me

tric

Me

tric

Th

resh

old

NA

Ph

arm

a

EM

AP

&J

Ph

arm

a

EU

Ph

arm

a

Co

ns

um

er

Vaccin

es

R&

D

GM

S

HCP Fee

for service

engageme

nts

Management

review and

approve each

proposal to

contract a Health

care professional

(HCPs).

15

%

Key

metric 1

Number of contracted

HCPs 10 19 0 2 3 4 5 2

Key

metric 2

Total value of HCP spend £20K £22K 0 £45K £15K £14K £19K £13K

Key

metric 3

Number of HCPs that are

forecast to breach annual

fees cap

0 0 0 2 0 0 0 0



15

2.6

2.7

2.8

3.6

Operations

Pro

du

ct L

ife

cycle

Ma

na

ge

me

nt

2

.1

Custo

me

r R

ela

tio

nsh

ip M

an

ag

em

en

t 2

.2

Pro

ject

Ma

na

ge

me

nt

2.3

Su

pp

ly C

ha

in M

an

ag

em

en

t 2

.4

Rea

l E

sta

te, P

rop

ert

y, P

lan

t a

nd

Fa

cilitie

s

2.5

Hum

an

Reso

urc

es

En

vir

on

me

nt,

He

alth

an

d S

afe

ty

Info

rma

tio

n T

ech

no

log

y

Financial

Tre

asu

ry a

nd

In

ve

stm

en

t M

an

ag

em

en

t 3

.1

Acco

un

tin

g a

nd

Fin

an

cia

l R

ep

ort

ing

3

.2

Con

tro

llin

g

3.3

Ta

x

3.4

Cap

ita

l S

tru

ctu

re

3.5

Gu

ara

nte

es, P

en

sio

ns, In

su

ran

ce

an

d

Le

tte

rs o

f C

red

it

Compliance

An

ti-B

rib

ery

an

d A

nti-C

orr

up

tio

n

4.1

An

ti-F

rau

d

4.2

Oth

er

Le

ga

l a

nd

Re

gu

lato

ry

4.3

An

ti-T

rust

4.4

Exp

ort

Con

tro

l a

nd

Cu

sto

ms

4.5

Strategic C

orp

ora

te G

ove

rna

nce

1

.1

Ris

k a

nd

In

tern

al C

on

tro

l

1.2

Inte

rna

l A

ud

it

1.3

Corp

ora

te S

usta

ina

bility

1.4

Str

ate

gy, P

lan

nin

g a

nd

Re

so

urc

e

Allo

ca

tio

n

1.5

Ma

rke

t D

yna

mic

s /

Exte

rna

l F

acto

rs

1.6

Ma

jor

Initia

tive

s

1.7

Me

rge

r, A

cq

uis

itio

n a

nd

Div

estitu

re, C

arv

e

Ou

t, P

ost

Clo

sin

g, R

em

ain

ing

Bu

sin

ess

1.8

Com

mu

nic

atio

n a

nd

Sta

ke

ho

lde

r

Rela

tio

ns

1.9

Pre

ve

ntive

Cri

sis

M

an

ag

em

en

t a

nd

Bu

sin

ess C

on

tin

uity

1.1

0

Qu

ality

Ma

na

ge

me

nt

1.1

1

Se

cu

rity

2

.9

Division A

Cross-Division

Functions

Division B

Division C

Regional

Clusters

Corporate Units

Priority 1 Priority 2 Priority 3 Compliance

Deficiencies:

Risk Exposure Level:

Extract from a Board Pack – Demonstrates Level of Reporting Available

Compliance metrics and dashboards Illustrative dashboard



Trend 4: Enhanced monitoring and assurance




Forensic investigation

Compliance audits

Assurance reviews

Compliance framework

Enhanced monitoring and assurance

Identifying the standards of ethics and integrity ‘on the ground'

Investigations of alleged violations

Providing assurance over design and

rollout of compliance frameworks

Designing and implementing

compliance frameworks

• Focussed 2nd line

compliance audits - part

of the Compliance

Framework

• Full coverage of markets

• Evidence & event testing

- going beyond controls

testing

• Extensive planning work

and data analytics

• Public information and

background checks

• Interviews with third

parties

2nd line audits designed to provide

evidence of the standards of ethics

and integrity on the ground



Benefits of enhanced monitoring and assurance

Mitigate risk of

significant regulator

fines and

enforcement

Mitigate risk of

significant regulator

fines and

enforcement

Increasing

regulatory

requirements – e.g.

Sunshine Act, UKBA

Increasing

regulatory

requirements – e.g.

Sunshine Act, UKBA

Early warning of

issues

Early warning of

issues

Enhanced

compliance

environment

Enhanced

compliance

environment

Help management to

get it right

Help management to

get it right The devil is in the

detail

The devil is in the

detail



Illustrative examples of findings from enhanced

monitoring and assurance



This is an internal document which provides confidential advice and guidance to partners and staff of Deloitte LLP and its subsidiaries. It is not to be copied

or made available to any other party.

© 2014 Deloitte LLP. All rights reserved.

Member of Deloitte Touche Tohmatsu Limited

Regulatory and Ethical Compliance Global Trends · ©2014 Deloitte LLP. Private and Confidential...

Documents

Transcript of Regulatory and Ethical Compliance Global Trends · ©2014 Deloitte LLP. Private and Confidential...