Dan Adamson: Sorry, But a Google Search Isn’t Due Diligence
(A version of this article was originally published in the The FCPA Blog)
I cringe when compliance teams rely solely on Google to investigate and make decisions. No offense intended to Google, but it’s simply not designed for sophisticated investigations. Yet, an overwhelming majority of compliance teams employ Google as their primary research tool.
The biggest issue with Google searches is the abundance of false positives flagged in the process. If the only information that can put into a single search field is a name and some bad words, numerous incorrect subjects that will be presented. That forces a researcher to investigate each one, creating a drag on time and budgets dealing with extraneous information.
Even if Google returns the right subject it often has the wrong context. A criminal lawyer is not a criminal — but a Google search may miss the context. Another big problem is that Google can be manipulated. Firms routinely pile in online content to influence search engine marketing and optimization — driving up selected content and driving down content they want to bury. And it works.
All of this SEO activity makes negative information harder to find. Google was never built to uncover financial crime and corruption. The situation is even worse in jurisdictions where the “Right to Be Forgotten” legislation allows people and companies to have Google “wiped clean.” Compliance teams traditionally perform due diligence and make a decision on a subject based on an information snapshot the teams develop. That one-point-in-time approach is no longer enough. Decision makers need to know if something has changed in the supply chain or with third parties on a much more frequent basis. If an agent was up to no good overnight, will a snap-shot approach catch it?
Adding additional headcount isn’t the answer. It’s expensive and ineffective. Compliance teams need to assess how they’re using their employees to drive better results. Individuality is also a challenge for compliance teams. Even with the most comprehensive procedure manuals, people follow the instructions, do tasks, and interpret the found data differently. Some are more thorough than others, while some apply rules less strictly, causing the human error rate to be very high. Just a few years ago, it was sufficient to say the subject wasn’t on a watch list on a certain date.
That’s no longer enough. But based on the sheer volume of data available today, employees face a natural challenge keeping up with that volume. Compliance teams are now rightly focused on doing more than screening against watch lists. But then they soon get mired in documenting the review process for every subject — spending lots of time not only searching but also capturing screen shots and making PDF files for potential future audit reviews. It’s a time consuming and expensive process.
Luckily, technology can help. New machine learning or “cognitive computing” systems can automatically perform these searches and clear obvious false positives. That allows employees to be used in a more productive, strategic way. They can assess the audit reports turned up from monitoring or investigations and make the most informed decisions from them. These technologies can also automatically generate an audit log that shows dates, full research, what was captured, where it was captured, what was raised, what was auto-cleared, what was resolved or what was flagged as a potential issue. And crucially important, with the right technology, this process no longer has to be a one-time event but can happen on a continual basis.
Are you monitoring your high-risk portfolio on a regular basis versus a point in time? Are your compliance employees spending their time searching Google and dealing with false positives instead of assessing complete reports and making more informed decisions?
If you’re still relying on Google, it’s time for change.
Dan Adamson is the Chief Executive Offer of OutsideIQ, a company that develops investigative cognitive computing, including DDIQ, to address today’s growing compliance requirements.