Categories
Digging Deeper

Digging Deeper Episode 6: One-on-One with Jules Kroll


Jules Kroll is widely credited as the founder of the modern corporate investigations industry, and this episode goes behind the scenes of Jules’ career. What are some of the cases that stick out in his mind over the course of his career? What are the biggest changes for the industry, where is it heading, and what makes a good investigator? Guest host Bob Brenner interviews Jules on this and more in Episode 6 of Digging Deeper.
 

Listen to more episodes of Digging Deeper:

Digging Deeper, an investigative podcast series by K2 Integrity, helps shine a light on the investigations industry as few can: via the real-world, exceptional practitioners who, day in and day out, conduct this work across sectors and around the globe. Listen in to each episode where guests explore unique cases and share what they uncovered along the way to crack the code for clients. Learn more by clicking here, or subscribe on Apple PodcastsSoundCloudSpotify or Stitcher
 

Categories
The Compliance Life

Jonathan Kellerman – Early Professional Career


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Jonathan Kellerman, Partner at StoneTurn and former CCO at Allergan. When Coopers merged with PriceWaterhouse to form PwC, Kellerman continued his health care consulting work. He worked under John Dugan, a health care industry, compliance veteran. While at PwC, he launched two industry leading global advisory practices for compliance management in health care, pharmaceuticals and life sciences. He also worked with Brent Saunders, another health care industry, compliance veteran.
Resources
Jonathan Kellerman LinkedIn Profile
Jonathan Kellerman StoneTurn Profile
StoneTurn

Categories
Innovation in Compliance

Smart Automation for Risk Management: Part 2, Risk Monitoring With Data Analytics


Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We will look at the Lextegrity Product Suite, take a deep dive into continuous risk monitoring, consider pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 2, I begin a two-part exploration Miller about risk monitoring with data analytics.
We began with a discussion about what a continuous monitoring solution is. Miller said that it “provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk in their enterprise.” The Lextegrity application “features a library of dozens of prebuilt risk data analytics across a spectrum of focuses. We have risk-based statistical behavioral and policy-based, but really the key to our analytics is they are so configurable and contextual to your specific risks or your lines of business or the historical issues that your organization may have had so that the risk algorithm is actually tailored to your business and your exposure and not, um, some static configuration.” It can connect to a wide variety of EPR systems such as SAP, Oracle, Concur, Workday and others.
The Lextegrity approach is different as it is focused on prioritizing your efforts within this monitoring of spend and revenue data, seeing the full context of the transaction and its risk results altogether, so that you can focus on the risk of that as a whole. It also is more risk focused and less control focus. Miller related that the Lextegrity “scoring algorithm is calculated at an aggregated level across multiple analytics to help you cut on the false positives and the noise as well as to then better prioritize your transactions in line with risk parameters that you set.” The solution connects with our approval workflows, our pre-approval tool, as well as workloads within this specific tool, enabling specific analytics, such as validating your approved amounts, against your actual amounts and those people that you actually said you were going to pay is who you paid.
The Lextegrity solution can also take your third-party due diligence results and increase the risk scores of transactions with “high risk-third parties, as well any low risk third parties which are showing up in high-risk expense categories, beyond transactional risk scoring and highlighting the higher risk transactions for further review.” All of this allows the compliance professional to go “in and actually explore your data with that augmented risk detail and drill into different dimensions of your data, maybe geographic, maybe a subject, or a specific subject type or that spend nature.” All down into the actual transactional level of data.
We next turned to the differences between key performance indicators (KPIs) metrics. Metrics are more generally seen as specific data points, whereas KPIs are really metrics that are closely tied to and tracked against specific goals. Miller explained, “we might have a metric that is number of trainings completed last month. The KPI might be that we have at least 90% of trainings completed at any point in time. With that we can take our measurement manipulated into more of a KPI based on what our goal might be.” The Lextegrity software has a way to look at these KPIs and metrics, all within the compliance scorecard, as well as within the risk insights platform, where you can see a variety of metrics and KPIs.
This allows the compliance professional to literally go beyond the metrics/KPIs and into data analytics. Miller explained, “when we talk about analytics, these are focused on positioning data, to be more valuable to the end user analytics, making it easier to identify something specific or generating actionable ideas and insights from the data.”
Join us tomorrow where I continue my exploration of continuous risk monitoring with Miller.
For more on Lextegrity, check out their website here.

Categories
The Compliance Handbook

Culture is the Foundation with Eric Feldman and Vin DiCianni


As we witness the evolution of work environments in the new normal, what will not change is the importance of building culture. Every successful compliance program takes roots in an organization’s values and principles that determine how employees behave and approach situations. In today’s episode of The Compliance Handbook Podcast, host Thomas Fox is joined by industry experts Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI), and Eric Feldman, Senior Vice President of AMI.
✅ Major takeaways discussed in the episode:
✔️  Feldman reminds us that culture is a foundational internal control without which all other controls will fail.  The question is not “why do people commit fraud?” but “why do people comply?”
✔️ Aspire for a culture that motivates rather than just people working for compliance. Incentivize people who make decisions based on ethics and create the kind of environment that makes people want to follow the rules.
✔️ To change an entire company’s culture, you can’t just do it at the top of the organization.Leadership needs to be brought in at different levels of the organization to make it a team approach and effectively apply ethical changes.
✔️ Independent integrity monitors need to be brought in as a third-party assessment to help companies maintain a great culture proactively.
✔️  Be constantly reminded that messaging should be consistently made from the top to the bottom of the organization to establish the culture.
✅ The “Nuts and Bolts” for Creating a Comprehensive Compliance Plan 
This chapter of this unique work lays out a succinct yet thorough one month approach to operationalizing a company’s compliance regimen. Beginning with a section on what 2020 brought to the compliance landscape, each chapter methodically outlines best practices for everything from establishing policies, procedures, and internal controls, to assessing risk, training, handling investigations, and more. Each day ends with three key takeaways you can implement at little or no cost.
✅ Understanding Compliance Responsibility Across the Organization
The Compliance Handbook also takes a close look at all professionals’ roles with compliance responsibility, from Compliance Officers and Boards of Directors to Human Resources, to Internal Audit and Internal Controls and Communications and Training professionals.
✅ In-Depth Treatment of Hot Topics and Trends
The Handbook provides an in-depth look at the latest thinking and trends for the full range of critical compliance topics, including:

  • Compliance and business ventures
  • Third-party risk management
  • The Board’s Role in Compliance
  • Continuous improvement
  • Compliance innovation
  • And much more

✅ Incorporating Current Government Pronouncements
The Second Edition incorporates the most current government pronouncements governing best practices compliance programs, including the 2019 Evaluation of Corporate Compliance Programs released by the Fraud Section of the Department of Justice, and its 2020 Update; the updated FCPA Resource Guide 2nd edition; the Framework for OFAC Compliance Commitments; and the 2019 DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust.
eBooks, CDs, downloadable content, and software purchases are non-cancellable, non-refundable, and non-returnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis + for further legal research options. A valid subscription to Lexis + is required to access this content.
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25

Categories
Innovation in Compliance

Fixing the Cadence Mismatch with Anil Karmel & Travis Howerton


 
Tom Fox’s guests this week are Anil Karmel and Travis Howerton, co-founders of C2 Labs. They both had leading positions in the government’s nuclear weapons program and left to found their company. They and Tom talk about “fixing the cadence mismatch” between digitally transforming heavily regulated industries and the need for compliance.
 

 
Technology vs Compliance
“Business processes in heavily regulated industries are built to standardize the way systems are built, designed, deployed, and to protect the organization,” Anil remarks. “So you know really to transform technology business processes need to also be transformed… There’s really been this need to fix this cadence mismatch between the need to be compliant and the need to modernize technology.” Travis adds that two-thirds of organizations find digital transformation challenging. Their goal at C2 Labs is to help clients modernize their business processes using technology tools while maintaining compliance and even reducing cost and risk.
RegOps in Compliance
“One of the things we’ve heavily focused on,” Anil tells Tom, “is bringing DevOps to compliance in something we’re calling regulatory operations or RegOps – where now you have the ability to transform the culture coupled with the tools to allow compliance professionals to quickly develop and deploy applications and ensure that they are continuously compliant, to simplify and automate regulatory compliance in real-time.” Travis comments on the value of automating repetitive processes: it allows humans to focus on analyzing data and making better decisions based on that data. Tom asks if they advocate data visualization. Travis responds, “Our focus is making sure that you’re capturing the right stuff in the right way and the most cost-effective way, and that it’s driving real-world risk reduction and improving compliance posture.”
Digital Transformation in Action
Tom commends C2 Labs’ philosophy of ‘digital transformation in action’. He asks the men to describe what the term means to them and why they believe in it. Anil posits that “digital transformation is going to disrupt nearly every company and organization on the planet over the next decade.” The problem, especially in highly regulated industries, is making that transformation a reality. He describes C2 Labs’ approach, which is heavily based on the automation of useful and necessary processes. “Automating stupid is not an accomplishment,” he quips. The best technology is useless if you don’t stay compliant, however. As such, the company ensures that every improvement has an audit trail and is compliant with regulatory guidelines. Anil and Travis tell Tom how their company handles audit trails, including their Time Travel feature.
The Future of Compliance
“Where do you see this journey going around digital transformation five years or maybe even 10 years down the road?” Tom asks. Anil and Travis respond that digital transformation is an inevitable part of the next few years, and how ready you are for it will determine the fate of your company. You need continuous compliance to manage digital transformation, so there must be both a cultural as well as technological transformation in the compliance space. The question to answer is, “How do we help optimize the implementation of these regulations in a way that’s repeatable, that gets the outcome that was intended without it being the drain on business?” Their compliance manifesto outlines a set of principles that can guide the discussion, they tell Tom.
 
Resources
C2Labs.com
Anil Karmel on LinkedIn
Travis Howerton on LinkedIn
 
 

Categories
Daily Compliance News

April 13, 2021 the Returning to the Office edition


In today’s edition of Daily Compliance News:

  • Boeing shareholders want more BOD changes. (WSJ)
  • New CIO challenges in returning to work. (WSJ)
  • Archegos-What is Compliance? (NYT)
  • GA on the mind of Hollywood. (WaPo)
Categories
Cordery

Cordery Head to Head @ Home: Jenny Radcliffe on People Hacking & Current Cyber Threats


 
In this edition of Cordery Head to Head @ Home Cordery’s Jonathan Armstrong talks to Jenny Radcliffe.
Jenny is known as “the People Hacker” and is a world-renowned expert on human behaviour. She is a go-to guest expert on the human element of security, scams and social engineering and has appeared on numerous television and radio shows, as well as online media and traditional press outlets. She was a hunter in Channel 4’s successful “HUNTED” where she performed various OSINT and undercover roles and was seconded to the special operations unit of the show.
Jenny is also the host of the award winning podcast “The Human Factor” interviewing industry leaders, bloggers, experts and fellow social engineers and con-artists about all elements of security.
They talk about how Jenny first became involved in looking at risk and the defences of an organisation. They talk about current threats including phishing and cybersecurity and the rise of criminal activity during the pandemic. They also talk about the importance of human behaviour in dealing with those threats and the need for education on current threats. In addition they chat about immediacy in business and how criminals exploit that.

You can find out more about Jenny and her work here https://humanfactorsecurity.co.uk/speaking/.
You can listen to her podcast here https://humanfactorsecurity.co.uk/podcast-2/.
The Hunted podcast Jenny and Jonathan talk about is here https://humanfactorsecurity.co.uk/episode-154-peter-bleksley/.
You can find out more about Cordery and its work here https://www.corderycompliance.com/.
You can also read about current issues in dealing with the pandemic here https://www.corderycompliance.com/category/covid19/ including our thoughts on data security issues during the pandemic here https://www.corderycompliance.com/coronavirus-covid19-and-dp/.
You can also find out more about Cordery’s experience of cybersecurity issues here https://www.corderycompliance.com/cyber-security/.
You can view more Cordery Head to Head interviews here http://bit.ly/corderytv and you can listen to audio feeds from our favourite films as a podcast here https://bit.ly/ch2hpodcast.