UK: Big Data Offers Compliance Officers The All-Seeing Eye

Last Updated: 8 August 2017
Article by Bronwyn Kunhardt

Polecat's Bronwyn Kunhardt argues big data can spot potential hazards, offering protection in the face of unprecedented scrutiny.

The year 2008 was pivotal. During the subsequent record-breaking downturn, financial regulators faced massive pressure to rein in what was, at the time, perceived as the cowboy practices of some bankers.

Potent, effective regulation was what the public and the government demanded, and major structural change to the sector's oversight was the result.

More recently, it has become increasingly clear that the organisations tasked with policing financial institutions have every intention of facing up to that pressure. This will be done not just by leveraging more heavy-handed fines, but by promising ongoing action and monitoring in the future against those that fail to put their houses in order.

However, at the start of the financial crisis the world was a very different place, and not just measured in terms of disposable income. Just over a year before the collapse of Lehman Brothers, Apple launched the first iPhone. A year before that, Twitter was founded.

The ten years since the crash have been ten of the most technologically progressive and fast-paced in history. It should come as no surprise that during the financial services' greatest modern crisis, the sector looked to the emerging world of technology for some answers to the problems it faced.

One way in which banks have responded to this increased regulatory scrutiny is to invest in big data technologies that allow them to monitor the risk profile of companies in their value chain.

These new governance, risk and compliance (GRC) tools are quickly proving to be an invaluable weapon in the arsenal of compliance officers, enabling companies to identify and address irregularities before they escalate to proportions that erode trust and lead to punitive litigation.

Risk in flux

Compliance officers in modern financial institutions have to think about and plan against a huge variety of risks. Although their resources remain largely the same, they have to contend with increasing difficulties, from issues around bribery and corruption, to breaking sanctions, anti-money laundering and unfair selling.

Where in the past the regulator was judge, jury and executioner in cases of compliance failure, that power dynamic has changed quickly. It is no longer just the ire of regulators that firms have to fear, with a potentially more powerful threat emerging and making its presence felt – the court of public opinion.

"It is no longer just the ire of regulators that firms have to fear, but the court of public opinion"

The public and voluntary sectors are gaining ever-greater influence in the social media age, and compliance officers need to be aware of stakeholder concerns that even a decade ago would have been more exclusively within the remit of the corporate affairs or marketing team.

The financial services sector being what it is, inevitably some of the issues compliance teams must work to avoid are contentious and inflame fury on the high street. Offences which may not even qualify a company for significant regulatory sanctions can nevertheless engender deep concerns about corporate ethics, culture, governance and transparency.

Putting aside for a moment the brand and financial implications of reputational damage, any increase in public attention and anger can have a knock-on effect on the relationship between companies and regulators.

The attention inevitably invites speculation, comment and scrutiny from multilateral institutions, politicians, and NGOs. The default response, echoed at every indiscretion, is the call for regulators to have tougher powers to stamp out misconduct.

Looking at examples of just how much more proactive regulators have become, even a cursory glance at the figures paints an unmistakable picture. Take the banking sector, fines rose by 68% year-on-year in 2016, with $42 billion of fines levied in just that one year.

Despite this stark increase in regulatory power, there is little evidence that the influence of the overseers has plateaued, with each new issue leading to more and more pressure for an even sterner approach.

A spotlight on everything

But just as the catalyst of public opinion firestorms hits the power balance between firms and regulators, another change in the relationship is starting to take effect, giving compliance teams yet another obstacle in staying ahead.

As fast as contentious issues can now escalate via social media around the world, new technology allows any interested parties – including regulators, compliance teams and others – to interrogate that global conversation, and to do so in real time, giving firms a relatively small window in which to respond to the latest events.

Parties on all sides can now take this unstructured data – everything ever published online – and use it to identify early warning signs, emergent trends and indicators of systemic problems around individual firms that warrant further investigation or intervention.

"Even the universe of unstructured data can now be distilled into accessible intelligence"

Technology's ability to use big data and complex algorithms is opening up many new avenues, as it harnesses the science of linguistics to understand not only what is being said, but the context and to an extent the intent behind it.

In the first instance, it means that even the universe of unstructured data can now be distilled into accessible intelligence, revealing the complex relationships of banks with each other, as well as with the wider world.

Simple visualisations allow entire networks and value chains to be distilled down into dynamic and accessible information that can be tracked relatively easily. Doing so can and will quickly reveal compliance concerns, trending issues, and industry benchmarks, in different languages and markets – all at the click of a button and on a single screen.

Charities with leverage

However, the ability to reveal compliance concerns at the click of a button is not limited to regulators. Campaigning groups and NGOs are also making use of technology to highlight the complicity of the financial sector in causes they may be championing.

In the US recently, financial backers of the Dakota Access Pipeline were targeted by NGOs as vociferously as the energy firms they are funding to deliver the highly contentious pipeline.

The threats posed by regulators and NGOs are related, but distinct. While regulators are interested in cracking down on illegal or officially unethical behaviour, NGOs have a wider societal remit, and will determinedly identify actions and misdemeanours that they know will inspire a visceral public response.

Unlike regulators, many NGOs are also highly skilled users of social media when it comes to campaigning, and know how to leverage Facebook, Twitter and other networks for maximum impact and corporate embarrassment.

Reputational risk is entering a new era where the public and third party organisations have an unprecedented role in leveraging technology to monitor the activities of corporations, as well as campaign against them.

The net result is that compliance officers have more than fines to worry about. Like it or not, they have an increasing role to play, alongside others, as guardians of their organisation's brand.

Tarnished by association

Today, it is the risks posed by corporate partners – so-called third-party risk – that poses the greatest compliance problem as companies are increasingly held accountable for standards of behaviour and performance not just within their own organisations but across their entire network of customers, partners and suppliers.

Major international financial institutions can involve tens of thousands of associated companies, so keeping track of what is going on across each and every one of them can be extremely difficult.

The process of due diligence to ensure key relationships meet not just regulatory requirements, but the highest governance and ethical standards, can no longer be a one-off or annual exercise.

It has been repeatedly proved to be untenable for any major corporation – particularly those with well-known consumer brands – to claim it did not know about underhand dealings undertaken on its behalf in some remote corner of the world.

"We have entered an era where ignorance, even on a grand corporate scale, is no excuse"

We have entered an era where ignorance, even on a grand corporate scale, is no excuse – and indeed is a massive liability. The onus is now on firms themselves to double-check the behaviour of partners in their network. It is a huge responsibility, and compliance officers are right on the front line.

Once upon a time – although not so long ago – the immense complexity of such networks and hierarchies meant a full understanding of activity and exposure was impossible. Firms could claim they could not possibly have knowledge of everything that goes on everywhere, but nowadays technology has changed all that.

The availability of data on these relationships and hierarchies is now everywhere, and organisations have no excuse for not delivering oversight of all of their networks, including full purview of the digital landscape and the intelligence it reveals – good, bad or ugly.

Panoptic vigilance

Only constant monitoring can help fulfil regulatory, stakeholder and shareholder expectations of governance and risk management to protect and enhance reputation and licence to operate.

Big data allows companies to cast an eye across the breadth of the globe to the remotest of corners – always open and alert to trouble, so that it can be proactively addressed and mitigated.

Amid all these difficulties, the good news is that today's big data technologies not only provide compliance officers with far more effective risk monitoring and mitigation intelligence, they also help cut costs at a time when many financial institutions are looking to achieve the dual tasks of efficiency and global expansion.

Automating aspects of due diligence, vendor risk management and supply chains will bring greater rigour and confidence alongside cost efficiencies.

In embracing new digital GRC tools, compliance officers can simultaneously deliver the transparent due diligence demanded by regulators and the foresight, efficiency and rigour so valued by boards, customers and shareholders.

Ultimately licence to operate depends on the court of public opinion as much as any court of law, and employing the best technologies to protect and enhance operational performance will deliver the corporate reputation and trust essential to ongoing value creation.

Bronwyn Kunhardt is Co-founder and Managing Director at Polecat

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.