Categories

Towards a Cyber-Secure Future with Jenna Waters

Jenna Water’s time in the US Navy equipped her with sophisticated skills she now finds invaluable in her work as Cybersecurity Consultant at True Digital Security. She joins Tom Fox and Valerie Charles on this episode of ComTech to talk about how the cybersecurity industry is evolving, her vision to end security breaches, and what she thinks about President Biden’s executive order on cybersecurity.

Putting Corporate America on Notice

“I think businesses – particularly those that work in industries regarded as critical infrastructure, obviously because of the Colonial Pipeline hack – …a lot of them know now that they’re on notice,” Jenna tells Tom and Valerie. Recent cybersecurity attacks as well as the rise in ransomware, have driven home the need for good cybersecurity. These attacks not only impact businesses but are now tangibly affecting the lives of everyday citizens. Jenna believes this is sparking change in the industry, as the government, companies, and even the general public are taking cybersecurity more seriously. 

End Security Breaches

Tom comments that his clients are now asking about their information security program, something they weren’t concerned about before. He asks Jenna how she would advise a company to start thinking about this issue. She outlines the steps her company takes to help their clients create a customized cybersecurity program. “…By prioritizing your risk, that’s how you can develop a more tailored cybersecurity program,” she points out. She and Tom discuss her vision of ending security breaches overall. She remarks, “For me, ending security breaches is a vision of the future in which a security breach can be detected, identified, and contained effectively… It’s not allowing a security incident to go to the point of a security breach… and it doesn’t affect or impact the organization or public in any significant way other than maybe the time it takes to contain it.”

Improving Cybersecurity with Data

“When you’re trying to combat this kind of breach, how do you use data?” Valerie asks Jenna. “Cybersecurity is actually one of the best areas in technology where it can be very data-driven,” Jenna responds. Data can help you build a threat profile and come up with an action plan to combat threats. Analyzing recent and past data can help you establish an operational baseline, and in turn recognize deviations from the norm. It can also help you identify gaps and vulnerabilities in your organization. There’s also the global perspective: gathering and analyzing data on threat groups helps you recognize their patterns before they attack. However, don’t focus only on data and ignore basic psychology. Hackers are still just human beings and are “subservient to human behaviors and motivation,” Jenna reminds listeners. 

Cyber Risk Assessment is for Everyone

“I think everybody could benefit from a risk assessment in terms of cybersecurity,” Jenna tells Valerie; businesses in critical industries should prioritize it. Generally, she recommends an annual assessment. However, it should also be done when there is a significant change in operations or in the direction of the business. She argues that leadership buy-in is imperative: “Leadership buy-in for an organization is paramount to the success of the cybersecurity team.” 

Thoughts on Biden’s Executive Order

“Do you have any urgent or immediate thoughts on President Biden’s executive order on cybersecurity?” Valerie asks. Jenna responds that she is excited and on board with the order. “As cybersecurity professionals, we like to take advantage of every emergency,” she quips. It’s a positive step signaling that cybersecurity is seen as important at the highest levels of government. On the other hand, however, the executive order may not last after Biden’s term of office as it can be revoked by the next President. Additionally, only certain federal bodies are bound by the order.

Resources

Jenna Waters on LinkedIn 

True Digital Security 

 

Categories

Structured Collaboration in Compliance with Charles Schwager

Charles Schwager is the Chief Compliance and Ethics Officer of Waste Management. Tom Fox describes his role as “one of the most unique CECO roles in compliance around”. Charles, Tom, and Valerie Charles discuss what Waste Management does differently, how the company managed the two major crises of 2020, and why more data may not necessarily be better.

Looking at Compliance Holistically

Charles explains that all departments at Waste Management work together to build a holistic compliance culture. “We are all partnering together to create a very strong and comprehensive culture of compliance and ethics, so we try not to have one area where it’s strong and others where it might be different. We really do try to make it collaborative, holistic and [there’s] a lot of teamwork involved that goes into that,” he tells Tom. Many of their 50,000 employees work on the field, and Charles explains how they foster a “two-way communication loop” for these team members using technology.

Handling COVID and Social Injustice

Tom asks Charles, “… you asked your compliance team to look at reporting data and perhaps see if there were some new or different insights you might be able to gain from that data. Could you describe the process you and your team went through?” Charles responds that their workforce is reflective of American society, so the two major issues that defined 2020 – COVID and the social justice movement – were reflected in the calls coming through their helpline. “When we saw that, we decided to create a special triage process around that so we could get out in front of that as quickly as possible, knowing that if it happened in one place it could be happening in others,” Charles remarks. He describes the tracking system they put in place to handle both crises. “We were fortunate to be on top of our helpline and utilize it in different ways like that. And the technology worked well for us to have visibility and be able to react to those things.” he points out.

Structured Collaboration

“I’m a believer in structured collaboration,” Charles remarks. Cross-functional and cross-departmental teams at Waste Management work together to keep up-to-date with compliance. Everyone needs to work together, Charles emphasizes: “it’s only as good as everyone working together and getting that buy in…” The leadership has to want it as well. Their company’s strong compliance culture is proof of this. For Charles, operationalizing compliance means getting everyone actively involved.

Using Data

Charles tells Valerie, “We really focus on a strong ‘Speak up, Listen up, Follow up’ culture.” He sees increased reporting as a natural result of their focus on building a vibrant compliance culture. Valerie asks his thoughts on whether data analytics will transform compliance in the future. He responds that it’s a good skill set to have in your organization and that he is always thinking about how to use data. However, he argues, “If you really don’t understand the data, it can create situations where people extrapolate or make conclusions that… are faulty.” 

Resources

Charles Schwager on LinkedIn

Waste Management

Categories

Technology, Learning and Communications with Natalia Shehadeh

Natalia Shehadeh is a well-known compliance expert who worked in the energy sector for over a decade. She is now the Chief Integrity Officer at ABB, a multinational corporation in the robotics and process automation space. Natalia believes that using data and technology in compliance is no longer an option: “It is absolutely mission-critical to the proper functioning and success of our function and our mission,” she tells Tom Fox and Valerie Charles. In this week’s show, Natalia chats with Tom and Valerie about the importance of leading with data, including how to use data to measure cultural buy-in. 

 

Building Culture with Data

“We are trying to look at opportunistically, how to leverage data for purposes of giving us real-time insights on the health of our integrity culture in the company; how to do so effectively and efficiently, and with a real keen eye towards innovation,” Natalia remarks. Her cross-functional team – which includes data professionals and business analytics experts – is a major reason they have been so successful in moving towards that goal, she says. Their focus is not only on monitoring from a risk perspective, but also measuring how effective their communications for learning purposes are. Valerie asks her about the data sets they use. She explains that they monitor internal social media posts as well as their learning assets to measure sentiment. “A lot of data we’re looking at and trying to get a feel for, Are we communicating effectively in the eyes of our employees? And how do we think that’s moving the culture needle?” she tells Valerie.

Getting Cultural Buy-In

“Data analytics or tech solutions on their own aren’t particularly useful without the cultural buy-in of the organization,” Valerie comments. She asks Natalia how she gets buy-in at ABB. Natalia responds that ABB is a data-focused organization, so they understand the importance of using data. However, she advises, it takes “care and feeding culturally” to get to the point where you have quality data sets that can provide rich insights.  

Facilitating Learning Through Data

ABB is focused on “communicating learning in an effective way”, Natalia tells Tom and Valerie. To this end, they revamped their approach to employee training, focusing instead on a data-driven stratified approach. Traditional compliance and integrity training is no longer mandatory; instead, employees interact with learning assets as and when they need, similar to how they use Youtube to find a quick solution to a problem. “We really believe in inculcating an adult self-learning objective,” Natalia says. “…The concept is [to] create a simple learning approach where people will want to come back for more because it’s easy, it answered the question that they had, and hopefully we can make it a little bit fun.” 

Resources

Natalia Shehadeh on LinkedIn 

ABB

Categories

Getting the Data to Work for You with Jonathon Kellerman

Jonathon Kellerman, now a partner at StoneTurn, loves data analytics. He spent 20 years at PWC, his last post there being Chief Compliance Officer. His role as CCO focused on compliance and risk management and corporate governance. He joins Valerie Charles and Tom Fox to share how he “built out the industry’s leading consulting practice focused on helping those global companies with their most complex compliance challenges… where I got to focus on things like data and technology and leveraging technology to have a much more productive and value-added compliance program.” Jonathon describes the role of data analytics in becoming more predictive about risk, and how it is changing the compliance industry for the better.

A New Vision of Compliance

“We have access to this tremendous amount of data; how do we get that data to work for us?” Jonathon asks. His vision for a new kind of compliance program was “using data and data analytics to help us be more predictive about risk and to give us more real-time insights …that would help us …prevent incidents from occurring as opposed to always putting out fires.” With his team of talented experts, he was able to realize his vision. The cutting-edge platform they developed pulled data from across the organization into a centralized hub. They could then analyze the data to discover outliers and trends. “The beauty of it is we could pull the levers that would allow us to look at risk in many different ways,” he tells Valerie and Tom.

Compliance Demonstrating its Value

Valerie asks Jonathon how a company could get started. There’s no one size fits all solution, he responds. First, understand the data that’s available to you, your risk profile, and what you want to achieve. Then, figure out what risk factors you want to apply across the data. Keep your framework simple, he advises compliance leaders. Next, assemble a team to build your platform. Valerie comments that a benefit of this approach “is being able to demonstrate the value of the work that we do… [It] allows you to… become noted because of the ways that you can show that you’ve kept the train on the track… It elevates our profession.” Jonathon agrees and explains how compliance contributes to the overall effectiveness and efficiency of the business.

Assuring Data Quality Worldwide

Tom asks Jonathon how he assures data quality across the globe in multinational companies. Jonathon responds that it starts with cataloging all your data sources and systems and then standardizing the data. “If you can standardize the data that you’re bringing in from different systems or different sources, then you’re able to significantly increase the data quality and your confidence in the completeness and accuracy of that data,” he points out.

The Future of Compliance

He joined StoneTurn because he wants to “leave a mark on the compliance profession going forward and… advance the compliance profession…”, Jonathon tells Valerie. StoneTurn offers just that as they’re focused on innovation and advancing compliance as a profession. He and Valerie agree that the next few years will be game-changing for the compliance industry. “There is a window of opportunity for compliance to redefine itself and its value,” Jonathan argues. Using data analytics to provide real-time business insights and to improve operational efficiency are the keys to the future of compliance, he predicts. “If they can do those two things well,” Jonathon concludes, “they’re going to add a tremendous amount of value into their businesses and really help those businesses achieve their objectives.”

Resources

Jonathon Kellerman at StoneTurn | LinkedIn

StoneTurn.com

Categories

How Health and Safety Informs Compliance – A Conversation with Jamie Spataro

Jamie Spataro says that he loves a challenge and learning new things. In his private life, he is a member of a rock band (which he accidentally named) and a licensed pilot. He left his position at a prominent law firm, where he did litigation and product liability work, to join the FedEx Ground legal department 12 years ago. Today, he is Lead Counsel at FedEx Ground, handling regulatory affairs, including workplace safety and the company’s COVID response.  He joins Tom Fox and Valerie Charles to talk about the intersection of health and safety and compliance, and how focusing on the first leads to a better compliance program overall.

Protecting Customers and Employees During COVID

“We had to be nimble and adapt our practices to keep our workforce and our customers safe [during the pandemic],” Jamie says. The legal department is responsible for protecting the brand, as well as ensuring that the workforce and customers are kept safe, and that the company is complying with the laws and regulations. Their corporation-wide pandemic protection program incorporates common federal, state, and municipal COVID regulations into a comprehensive policy that they apply across the board. This ensures that they’re staying compliant as well as keeping everyone safe. Jamie explains that their safety protocols evolve as the science around COVID is evolving. “We feel that our program could accommodate any similar type of pandemic that might come across in the future,” he proudly comments.

Integrating Technology into Health & Safety

Tom asks how FedEx has been able to integrate technology to promote health and safety in the company. OSHA compliance has become increasingly data-driven, Jamie responds. “Being able to manage, receive, manipulate, query data has been at the forefront of how we’re able to stay compliant, and continue to comply with… increasing data demands on our business.”  He illustrates how they use injury and illness data to look for patterns and root cause. “I think that the biggest change I have seen is how data is used and leveraged to ensure compliance and also to maybe spot areas within a business that may need some help,” he continues. Tom comments that their approach effectively covers the three major areas of a compliance program – prevent, detect and remediate. Jamie explains why FedEx is focusing a lot of effort on the bottom of the hierarchy of controls pyramid since it can address the root cause and hopefully eliminate the hazard as much as possible. “We’re trying to flip that pyramid on its head, trying to really focus on behavioral science and predicting behaviors, so that we can prevent them from happening in the future,” he remarks.

The Future of Compliance

Valerie says, “I think health and safety professionals and OSHA experts are probably going to lead the way for other compliance professionals in the use of behavioral psychology in compliance programs.” Though still a relatively new trend, Jamie feels that it will continue to gain traction in the coming years. It’s a veritable goldmine if you can find a way to manipulate the data you may already have, he tells listeners. Focus on trends, particularly employee behavior before an accident or injury. You may uncover patterns that you can take steps to prevent. The need for data is only going to grow, and more agencies are going to require data from companies. Take the opportunity to choose a technology solution now so that you’re ahead of the curve and prepared for what will inevitably come, Jamie advises. “You’re going to find that solution may be helpful for you in other areas.” He and Tom discuss the importance of making safety the first priority and how easily a brand can be damaged by neglecting safety. “Safety needs to be at the forefront of everyone’s list of priorities,” Jamie comments.

Resources

Jamie Spataro on LinkedIn

 

Categories

Philip Winterburn on Using Data to Drive Ethics to the Heart of Business

In this episode, Valerie Charles and Tom Fox visit with Philip Winterburn, Chief Strategy Officer at Convercent. They take a dive into the use of data and data analytics in a compliance program. Philip has a mathematics academic background and we discuss how that has helped him see the use of data in a different way in his professional career. Highlights include:

  1. Professional and academic background of Winterburn.
  2. How does his academic background help inform how you look at compliance solutions?
  3. Why he has been one of the most consistent advocates of bring data and more importantly data analytics into the compliance process?
  4. How do the 2 concepts of behavioral psy and data tie together?
  5. What led you to co-found Convercent?
  6. What makes the Convercent approach different?
  7. How have you worked with clients to take their inputs to continually improve your products?
  8. How data can be used in a variety of ways by the compliance professional.
  9. How, if any has the Coronavirus health crisis over this year changed your approach?
  10. What do companies need to be thinking about into 2025 and beyond using data in compliance programs?

Resources

Philip Winterburn LinkedIn Profile

Convercent

Converge Community

Categories

Where is Your Data? with Christian Perez Font

Thinkeen Legal is not your typical law firm, and on this week’s episode of ComTech, Valerie Charles and Tom Fox are talking to founder Christian Perez Font about exactly why that is, and what makes the firm so unique in the industry.

Christian started his career in more traditional, transactional law, but found compliance practices to be uniquely interesting and satisfying, so he built a law practice to provide businesses with the type of information they need to confidently make decisions. He says that Thinkeen Legal “[doesn’t] provide legal advice, we provide business advice with legal confidence.”

Understanding the Data Lifecycle

Valerie points out that it’s great when you can buy data off the shelf – it’s cheaper than creating your own, and is reliable – but there are always going to be situations where industry and company-specific situations mean you need to generate your own. Whether you source data externally or internally, you need to understand what data is and what it means to make good business decisions based on it.

Critical to this process is understanding the lifecycle of data – where it resides in an organization and the different systems it goes through. Data analysis is an evolution and Tom believes that companies should be looking at finding and extracting the data as a business process. Christian points out that the first, most foundational thing you need to do is understand what data is, and what data you need to inform your business decisions and compliance programs.

Looking Towards the Future

Valerie asks what companies need to begin thinking about to prepare for 2025 and beyond, and Christian shares what he thinks: that we need to understand data better – the lifecycle, where it resides, extracting and applying it, and investing in the resources that will be required to do all of it. Further, he believes that compliance teams are going to need to be truly cross-functional to be effective. This isn’t restricted to just compliance but applies to the whole business sector. More teamwork is needed.

 

Resources

Christian Perez Font on LinkedIn

ThinkeenLegal.com

Categories

The Skywalker of Compliance Technology with Parth Chanda

This week on ComTech, Tom Fox and Valerie Charles welcome their first guest. Parth Chanda is the founder and CEO of Lextegrity and an innovator and thought leader in the compliance space. Valerie describes him as a “pioneering Skywalker”. She comments that he is different from many compliance technology entrepreneurs as he himself was a practicing compliance professional for many years. “I think he understands operationalizing these things and using the technology in a way that is spot on for the function,” Valerie says. Tom, Valerie, and Parth discuss Lextegrity’s innovative end-to-end solution and how it’s helping their clients upgrade their compliance programs.

Compliance Solution for the 1%

“I’ve really been a compliance lawyer from day one,” Parth tells the hosts. He tells Tom that his in-house experience at Shearman & Sterling, Avon and Pfizer, coupled with the changes in the compliance space over the years influenced his vision for Lextegrity. Importantly, he realized a gap in the market for a compliance solution based on data analytics.

“A lot of these processes that every company has hung their hat on for many years [are] necessary, but they’re not necessarily sufficient to manage risk in this space,” Parth remarks. “The process works for the 99% of your employees who are already trying to do the right thing… But anti-corruption work is about finding those edge cases – that 1% or 0.1% or whatever that number is in your organization – of employees who are not doing the right thing… I began to see that data was really the future. Data analytics was really needed to complement these necessary processes… to really have end-to-end risk management across what the DOJ now describes as the lifespan of your risk.”

A More Effective and Efficient Approach

Valerie asks Parth what led him to found Lextegrity. He responds that he wanted to take a more proactive approach to risk management. The biggest lesson he learned from his years as an in-house compliance professional was that preventing wrongdoing is better and cheaper than correcting it. However, the compliance officer’s role is not to prevent wrongdoing 100% of the time but to make it harder to do wrong and detect it as quickly as possible. Scalable technology, he found, is the only way to achieve this goal efficiently and effectively.

Parth describes how Lextegrity’s solution makes compliance approachable for their clients. Some of the features of their technology solution are:

  • End-to-end: “We are really the only platform today that brings technology across the entire spend life cycle.”
  • Agnostic workflow tool that can handle any type of workflow, and other features including aggregate spend triggering and frequency triggering.
  • Integrations with major downstream systems.
  • Modular and customizable to each client’s needs. 

He describes how machine learning is continuously improving the solution, as well as how their partnerships with other companies in the Integrity Analytics Collective is contributing to the industry as a whole.

Where to Start and the Future of Lextegrity

Valerie asks where a company that wants to improve its compliance program should start. Parth responds that they should start with the data and move backward. “That is the lowest hanging, high-value fruit available for compliance officers,” he says. From there, “think about how your existing systems could be upgraded to help support those analytics and that data approach.” Valerie comments – and Parth agrees – that both frontend training and data analytics should be part of a complete compliance program. She asks about the future of Lextegrity. Parth shares three key areas of focus for his company. The third key, he says, is simply to get the word out about what they have to offer.

Resources

Lextegrity.com

Ethisphere.com/Lextegrity

Parth Chanda on LinkedIn

PChanda@Lextegrity.com

Categories

Welcome to ComTech

In this new show on the Compliance Podcast Network, Tom Fox, the Voice of Compliance, and Valerie Charles of StoneTurn are going to be exploring the intersection of compliance and technology.

In this initial episode, Tom and Valerie share their plans for the show – who they want to talk to, what they want to explore, and the impact they hope to have on the industry. They also give some insight into how they got to where they are in their careers and how their appreciation and understanding of technology in the compliance space has evolved over the years.

Valerie explains that compliance isn’t really top-down, anymore – people are empowered to evaluate risk and make decisions accordingly. The best compliance people are creative in how they implement programs and strategies.

In the future, Tom and Valerie are going to be speaking to lawyers, CPA’s and audit types, and non-compliance people who come in and start working in technology – marketing, sales, entrepreneurs. The silos for compliance are gone, and Comtech is going to be digging deep into what that means.

Tune in every other Monday for another episode!

Resources

StoneTurn