Why compliance is necessary and how data quality can help

It’s quite obvious that master data is a crucial element for any organization. However, in today's world, it is equally important to have compliant master data. In our joint webinar with NTT Business Solutions Nordics, you will learn how joint forces of it.mds and CDQ solutions can automate and simplify your master data input process that ensures high data quality and consistency.

At NTT Data Solutions, the focus lies on the master data management aspect in SAP system. In order to achieve compliance or maintain compliance, businesses must ensure the accuracy of their master data input processes.

Good master data management starts right at the creation and is an ongoing process. There are various factors that need to be controlled when it comes to compliance, and there are also tools that help accelerate these processes:

Automation

In this particular context, automation is closely related to business rules. Business rules involve dependencies between data in your system, and they save you time - often so critical for the success of our business, especially in the realm of master data.

Delegation of maintenance

By assigning workflows to different departments and responsibilities, you can ensure compliance. E.g., one person should not be able to create and approve bank data simultaneously, as it would be a fraudulent practice.
When it comes to master data, ensuring its quality and enabling users to benefit from the processes, simplification and a user-friendly interface are key. Simplifying the user interface can take various forms, but the main goal is to eliminate visual noise and enhance decision-making abilities.
In the context of compliance, this becomes even more crucial. You need tools in your interface that assist users in identifying fraudulent business partners and making informed decisions.

Data governance

Considering data governance as process control and assigning responsibilities to specific fields in your system, you can delegate workflows to individuals and ensure they only perform their designated tasks while being properly informed and instructed.

Dependencies

It's not just about utilizing dependencies between different fields within one location, but also across the entire organization. This means that data is synchronized, compliance is consistent, and it doesn't matter if you work in Germany or Japan.

Delving deeper into compliance cases

All the challenges and topics related to compliance, such as corruption prevention, anti-money laundering, antitrust law, and data protection, have a common requirement: business partner data.

When dealing with compliance, there are certain actions that need to be taken to mitigate costs and risks. One crucial action is screening business partners against sanction watchlists and politically exposed persons (PEPs). It is also necessary to establish a robust case management system to handle any hits or potential hits on the watchlists. Furthermore, ongoing monitoring is essential to understand how business partners conduct their operations and whether they are subject to any sanctions.

In a nutshell, compliance encompasses legal requirements within enterprises and affects the entire business process, not just a single department. Business partner data is required in various departments and processes, from onboarding to product delivery.

The need for compliance and the recommendations for checking business partner data come from organizations like the Financial Action Task Force (FATF). Their recommendations are then issued to the EU and the US, which, in turn, create directives and national laws.

To comply with these recommendations, certain actions must be taken. Business partners need to be screened and assessed for risks on a regular basis. The frequency of monitoring depends on factors like the country's risk level and the risk associated with specific business partners.

The purpose of these actions is to avoid personal liability and potential business closures resulting from engaging with sanctioned organizations or violating watchlists. Therefore, a full compliance audit extends beyond master data management and includes sanction watchlist screening.

Our recommendations include using use cases to structure the compliance process, specifically in relation to customer due diligence. These use cases can help align expectations across departments and with the compliance officer. Additionally, ensuring high data quality is crucial for an effective compliance process. Inaccurate or incomplete data can lead to wrong information and hinder the "first time right" approach. Integrating the subsequent screening process into the master data creation process is beneficial. Our systems already offer integration with over 70 commercial and governmental data sources to enhance data quality and facilitate the compliance journey.

How poor data quality impacts compliance processes

The lack of data quality is the overarching issue that needs improvement. Incomplete or outdated data significantly impact compliance processes and sanction screening. Without sufficient data, compliance officers lack the necessary information to evaluate business partners accurately, leading to potential compliance risks.

Duplicates are another issue we've observed. Dealing with duplicates across different systems causes confusion. When the same entity is listed under different names, it becomes challenging to identify and screen the correct business partner effectively. This can result in an increased number of false positives and compromise the screening process's effectiveness.

Inconsistencies in data sources, particularly due to fragmentation of system landscapes, create challenges. Different sources may have varying formatting, governance, or terminology, making it difficult to accurately match and identify potential matches. Consequently, screening the right business partner against the correct source becomes problematic, leading to compliance risks.

Lack of standardization is another data quality issue. Data from different sources may have different formats and emphasis. For example, screening a ship-to address may not make sense at all. Standardizing and harmonizing data is essential to avoid possible mismatches and false positives, which can result in significant compliance risks.

There are also common challenges of data quality issues and duplicate entries that may resonate with some organizations, that deal with franchises. Ensuring that the correct business partner name is screened against the right entity is crucial for quality screening.

Processing time is a concern in our fast-paced world. Manual processes can be time-consuming and labor-intensive, leading to delays or backlogs. Sales teams, for instance, may face frustration if proposals are delayed due to processing and evaluation time. Having an audit trail is essential for demonstrating compliance and providing transparency to stakeholders. The lack of an audit trail can make it difficult to identify and remediate compliance issues when they arise.

Limited technology support is another issue. Effective management of business partner compliance relies on technology, but we've identified two challenges. First, the lack of integration within the existing IT landscape can make it challenging to maintain a centralized and consistent record. Second, using inefficient tools and experiencing media breaks, where different business partners are screened in separate tools, hinders the full potential of compliance processes.

External reference sources

We offer a single gateway to external reference sources, including public data sources like national registers in Denmark and Germany, as well as global registries, and collaborate with tax authorities to verify and qualify numbers. Additionally, we incorporate commercially sourced data from providers like Bureau van Dijk and Dun and Bradstreet.

Additional source of data is the CDQ Data Sharing Community, where companies like Bayer, Bosch, Siemens, and BASF proactively share business partner information. This community helps prevent fraud by verifying bank accounts and mitigating the risk of wrong payments.

To ensure trusted data from trusted sources in your system landscape, it.mds comes into play. It helps create business partners, leverage external reference sources, and apply data quality rules for standardization and screening against sanctions lists and watchlists. By avoiding systematic errors, you ensure that the right business partners are screened with the right quality against the right lists at the right time.

Monitoring business partners is also crucial. We continuously monitor against reference sources and premium data sources, incorporating any changes into your business system through it.mds.

Bridging the gap

Time to improve the inefficient compliance processes and the overall framework of your MDM solution, let’s focus on three aspects to fix the input processes.

This is to prevent your system from becoming corrupt and eliminate the possibility of creating incorrect or error-prone data. Rather than addressing existing data issues, you want to shift from a reactive approach to a proactive one when it comes to managing master data. By doing so, you can move your business forward into the compliant future.

Many companies prioritize data cleansing efforts but overlook the importance of improving the input process. The joint solution of NTT and CDQ addresses this gap by establishing an input process that ensures high data quality and consistency. This process is also used for maintaining other master data, following defined business rules.

Once the input processes are optimized, we cleanse all historical data to align them with the defined business rules. This eliminates the need for future cleansing projects. This approach revolves around three winning principles: simplification, automation, and governance.

• Simplification focuses on streamlining the decision-making process for master data managers or stewards. It involves actively assisting users in identifying compliance risks during data maintenance.
• Automation plays a crucial role in defining and executing business rules for creating and maintaining master data. With our solution, automation becomes effortless and doesn't require any coding.
• Governance is the third principle, emphasizing the importance of clearly defining responsibilities down to the field level. It involves controlling the process of initiating creations and changes, ensuring compliance with rules and principles.

We achieve this by implementing simple authorizations, lean workflows, logical approval flows, and making governance easier and more manageable.

In summary, it.mds and CDQ capabilities provide control through simplified authorizations, efficient workflows, and logical approval processes. We automate most of the master data management process, utilizing manual entries only when necessary. Compliance is directly impacted by data quality, and our solution ensures that data remains in sync across multiple locations and complies with governance principles, workflows, and rules.

By leveraging existing data and automating extensions, we minimize dependence on manual processes and align with the defined business rules, thereby enhancing compliance and efficiency.

----
At a glance:

Q: I have licensed it.mds already. How can I activate CDQ and the sanction screening part in my environment?
A: To activate CDQ and the sanction screening part in your it.mds environment, you need to follow these steps:

1. Update your it.mds version to the latest one that includes the CDQ cockpit. This update will ensure that you have the necessary features and functionality for CDQ integration.
2. Obtain a license for CDQ. You will need a valid license to access and retrieve data from CDQ's cloud platform. Contact your it.mds provider or CDQ directly to obtain the necessary license.
3. Once you have completed these steps, you should be able to activate CDQ and the sanction screening functionality in your it.mds environment. It is recommended to consult the documentation or reach out to your it.mds provider for specific instructions and assistance during the activation process.

Q: Which sanctions and watchlists does CDQ use?
A: CDQ uses more than 1700 sanctions and watchlists, including common ones issued by organizations like the US Treasury and the UK Bribery Act.

Q: Does CDQ automatically highlight new items added to the sanctions list in the cockpit?
A: If monitoring is available, CDQ can highlight new items added to the sanctions list in the cockpit. However, monitoring is a prerequisite for this feature to work.

Q: Can you configure a risk-based approach in it.mds? How is the audit trail visible?
A: In it.mds, you can configure a risk-based approach based on criteria such as matching scores and country level settings. The audit trail is visible in the system and is stored on a workflow request level. It tracks the compliance data at different stages and includes information on data sources used, validations performed, and results obtained from watchlist checks.

Watch webinar on demand