Apply Data Science in Ethics, Risk and Compliance Field

25 September 2019 - 09:21 am UTC

By Shine Yao, Integrity & Compliance Operational Excellence, APMA at Novartis and Ren Teng, Founder of Intelligent Ethics
Data science is transforming not only our business operations but also corporate governance.
As Ethics, Risk and Compliance (ERC) professionals, we might have heard the buzzwords like big data analytics, machine learning, data visualization etc. However, the application of these digital tools is still in its infancy, and questions remain in how we can utilize them to obtain meaningful insights to drive decision, how we can automate the learning process so that we can stay ahead of the curve, how we can enhance the effectiveness of our ERC program while keeping the cost down. Today we would like to share some of our thoughts on this emerging trend and our learnings from real-life experience.  
Let’s start from the pharmaceutical industry, which heavily relies on the interactions with healthcare professionals (HCP) by thousands of sales representatives on a daily basis. Companies operating in high-risk countries such as China have invested huge amount of resources to ensure compliant interactions and ethical behaviors of their sales forces. For example, many companies in China deployed spot check programs to check small medical meetings by sending an independent person to monitor onsite. In addition, companies will check large amount of the sales forces meeting reimbursement document. These might seem to be powerful controls at first glance, but it also suffers from some innate weaknesses. First, it is only practical to cover a small portion of the total universe, second, the sample selection is somewhat random or arbitrary with some adjustment on known risks; thirdly, the quality is questionable due to complex local situations, experience level of the people who perform those checks. In some spot check instances, there are emerging signs that spot checkers could easily collude with the sales forces; finally yet importantly, the cost! Companies could easily spend millions of dollars on those programs.
Applying data science, we can dramatically improve compliance monitoring programs, and here is how:
Data science is capable of analyzing large amount of data and come up with targeted meetings and reimbursement payments based on the various learned high risk indicators e.g. same physicians attend different meetings on the same day etc. It can effectively risk score each meeting, payment and allow us to sample high-risk meetings and payments to conduct checks. Data science can also identify unknown high risks indicators and behavior patterns that contributed to the non – compliant issues amongst hundreds of variables that would otherwise be nearly impossible for a human to detect. We can also use data science to construct a machine-learning model that “digest” the results of the high-risk meetings, payments check, learn and adapt its calculations to minimize false positives (“the noise”) and maximize the accuracy of high-risk meeting and payment sampling process.
On top of the traditional data sources which companies select samples for spot check and payment check e.g. meeting registry system, payment system, we can consider adding other data sources such as CRM, sales target setting and performance tracking data, HR data etc. Machine learning is able to analyze such a large amount of interlinked data. And, the more data feed into the machine-learning model, the more robust of the output will be, the more solid insights it can produce.
Applying data science in the monitoring programs, e.g. spot check and payment check has three benefits to pharmaceutical companies.
Firstly, we can reduce the volume of spot checks and payment checks - check less, but more targeted to high risk issues. It can help increase the effectiveness of spot check and payment check program from 5-30% to over 90%. Secondly, by automate the learning process we can predict where the risks might emerge. When new samples are selected and results are feedback to the model, the model can self-learn and adjust its way of risk calculation. In our experience, the machine learning models was able to pick up new risk indicators shortly after some sales team changed their behaviors because company changed compliance policies on sales activities. Lastly, data analytics supported by data visualization tool can help companies identify potential systematic issues and reveal the root-cause of those issues. We identified a group of sales representatives in a few sales teams that had colluded with each other, conducted fake meetings or inflated meeting expense. When further analyzed the CRM data, sales target setting and performance tracking data, HR data etc, together with interviews through investigation, we found that the team had various business management, leadership and capability issues that contributed to the group fraudulent activities. This helped management to address the root-cause quickly, proactively managed some potential blind spots and prevented future issues from happening, instead of running into a vicious cycle: investigate fire and hire new person. If the root-cause is not properly identified and solved, the new sales team hired will end up with the same results.
If we connect with more unstructured data source e.g. document, emails, communications, we can build more comprehensive behavior measures into the machine-learning model. This would provide some early warning signs at behavioral level, so that intervention on individual and organizational behaviors can be done, and this in turn shapes the culture of the organization and prevent the “ethical fading” early on. 
Another important application of data science is in the area of managing third party risks.
A background check for a third party (including individual) can extract and analyze disparate data points from various systems and unstructured public open source data that historically have rarely been linkable. For instance, examining into information from social media, email, text messaging, photos, trades, and travel and entertainment and so on can uncover hidden relationships with high-risk parties, such as government officials or organized crime. Furthermore, companies can take advantage of the data analytics to provide ongoing monitoring and intervention, such as a tailored training program for third party and its employees based on identified risks.
How do companies start the data science journey in ERC programs?
We’ve seen that companies start to hire data scientists or engage professional firms. These are good starting points, but far from enough. Companies should establish ERC data analytics strategy as part of the overall ERC strategy and align with the digital strategy of the company. Invest in people, develop digital ERC leaders who can collaborate with various functions, communicate with different stakeholders and transfer technology into meaningful and impactful application.
“Science” as it is called; we shall never forget that ethics, risk and compliance is both science and art. As ERC professionals, we shall be agile enough on one hand to embrace technology, but also not to lose the human touch on the other. Data science can help repurpose ERC team’s work on higher value-added tasks, focus our efforts on the “art” part, which are change management, business partnering, valuable advice, enable open and candid discussions and shape ethical culture in the company. which in aggregate and over long-term, defines the culture of the company (and this is the ultimate control).  
Shine Yao has more than 20 years of experience in compliance, finance, audit and six sigma etc. across multiple industries with last 10 years focus on ethics, risk and compliance in pharmaceutical industry. She started her career with General Electric where she progressed from management trainee to compliance leader for GE Capital in China. After joining Merck Sharp & Dohme (MSD) China as compliance leader, she successfully drove the transformation of compliance program from rule based to an ethics and risk based compliance program. Subsequently, she move to MSD head quarter in US taken global data analytics and risk monitoring role prior to joining Novartis APMA (Asia Pacific, Middle East and Africa) Integrity & Compliance team based in Singapore. Shine is passionate about use technologies e.g. digital tools, data science etc. to prevent or early detect compliance risks, utilize the insights to conduct effective trainings, communications that can drive behavior change, foster an ethical culture in the organization. She is a true believer that ethical culture is competitive advantage for any organizations; it create financial benefit and ensure long-term sustainability of the organization.
Ren Teng is a veteran in the ethics and compliance profession. He has been working in the healthcare industry for nearly 20 years, and with a focus in the ethics and compliance area for the last 10 years. He was one of the earliest compliance practitioners in building up the ethics and compliance function in major multinational pharmaceutical and medical device companies in China. Having had diverse exposure in various commercial functions, he's an expert in China and diverse cultures in Asia Pacific, Middle East, and Africa region. Ren Teng started his career in Eli Lilly and Company, where he developed career through various functions including clinical research, Six Sigma, marketing before transitioning into ethics and compliance. He furthered his career in other multinational health care companies including Johnson & Johnson, Novartis, and GlaxoSmithKline.He is the founder of Intelligent Ethics, an Ethics and Compliance solutions provider focusing on developing capabilities for ethics and compliance professionals and data analytics.