Categories
Adventures in Compliance

Adventures in Compliance: The Lion’s Mane and Risk-Based Monitoring

Welcome back to another episode of Adventures in Compliance. This week, we are considering stories from The Casebook of Sherlock Holmes, mining each story for themes and lessons related to the compliance professional, leadership and business ethics. Today, we  The Lion’s Mane. This is one of two stories narrated by Holmes himself and not reported by Dr. Watson. The final problem solved informs today’s discussion that it is risk-based monitoring which allows a person (or company) to operate safely so that no injury occurs.
Yesterday, I considered The Creeping Man as an introduction to risk management and compliance at the very top of an organization. Today I want to discuss risk-based monitoring.
Compliance Takeaways
  1. What is Risk-based monitoring?It is really about continuous, ongoing monitoring for those things which provide the most potential future risk to you. By using risk-based monitoring to review issues on an ongoing basis, and the models that are behind the risk-based modeling, risk-based monitoring models, they’re continuously refined based on incoming data.
  2. Siloed Data.The problem for many companies is they are siloed in not only their data but also in the systems. Because of the disparity of data systems, many companies are not tracking rigorous, quantified information all the time. As data comes in you begin to note certain patterns, which might actually point towards a variety of red flags for more thorough investigation.
  3. See issues in real-time?Having access to information around sales, the sales process and corporate largess in areas from corporate social responsibility work, to gifts, travel and entertainment, to conferences for customers and end users. With such risked-based monitoring a compliance professional has the opportunity see trends developing which could allow an intervention for a prescriptive solution which could prevent an issue from becoming a Foreign Corrupt Practices Act (FCPA) violation.
  4. Greater Profitability.Finally, the beauty of all these techniques is that they are tools that can make companies more efficient and, at the end of the day, more profitable. They also move compliance into the fabric and DNA of an organization or to use another well-worn phrase, operationalize compliance. The Department of Justice has made clear what it expects around the risk management process. You need to develop your response now.
Join us tomorrow as we mine the story of The Veiled Lodger for its compliance lessons.
Categories
Daily Compliance News

Daily Compliance News: August 22, 2019-the more whistleblowers fired edition

In today’s edition of Daily Compliance News:

  • Did Phillips fire whistleblower to get rid of him? (com)
  • Senator Warren wants Wells Fargo to explain fees charged on closed accounts. (NYT)
  • Trial court rejects Alstom employee attempt to have case dismissed. (WSJ)
  • Mickey is not happy about now. (MarketWatch)
Categories
Accountability: The Heart of Compliance

Episode 4-Delta Airlines Demonstrates Accountability

We have been getting accountability all wrong in the compliance profession. It’s not a set of tasks – it’s a way of thinking and it has to come from the heart as well as the head. On Accountability: The Heart of Compliance Tom Fox and Sam Silverstein dig into what accountability means to the corporate compliance function and business organizations and most significantly, how to make it an integral part of your culture. In this episode we consider a recent example of accountability in the corporate world, courtesy of Delta Airlines. Some of the highlights include:

  • Accountability means ‘your problem is my problem’.
  • Accountability means keeping your commitment to others.
  • When your organization is accountability to your community it inspires your employees.
  • How accountability informs your core values.

For more information on Sam Silverstein and his work on accountability, click here.

Categories
Life with GDPR

Episode 31-Lessons Learned in Year 1 of GDPR, Part 1

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we begin a three-part series of some of the key lessons learned from the first year of GDPR. Some of the highlights in this episode include:
Do you have a plan? You need to have a plan for a data breach because it is not if but when you will be hacked. Armstrong advises you can be two plans; one for all employees which is straight-forward so that all employees will be able to understand it. You should have a second plan, which you rehearse which is for all compliance/IT/data security. It should be process driven so it allows flexibility for those responding.
Know your data and know your third parties. Many companies have disaggregated data because they have so many vendors and platforms where data is stored. You must know who has your data. Do you have visibility into 3rd, 4thand 5thparties from the data perspective? You should also capture where data is going in an organization, particularly customer and employee data. Finally, and sadly overlooked by many US companies is the question of data protection of a US parent when a UK/EU sub is audited?
Assemble your data response team now and practice, practice, practice.You need to look at your data security response. What does the A Team teach you about data response? You should strive for strength in diverse skills and practice your response. Look at PR rapid response, your compliance, your legal response all in addition to your IT/data security response. Regulators looking at share price drop off, this shows the need for a rapid, practiced response.
For more information on Cordery Compliance, go their website here.

For more information on data breaches, see here.
Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.