The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Kortney Nordrum, Regulatory Counsel and Chief Compliance Officer at Deluxe. Nordrum grew up in Red Wing MN, noted for both the ice cream truck and the shoe. She studied abroad in both college and law school which gave her an appreciation on an international experience. She has held a lifelong passion for animals and that held to a law practice involving animal rights.
Day: August 10, 2021
New Syria Sanctions
The Kitchen reviews the Treasury Department’s sanctions on the Syrian prisons system, armed groups, terrorist fundraisers and financial facilitators. The EU adopts a framework for Lebanon sanctions of asset freezes and travel bans against those undermining the rule of law in that country.
Scenario: After an ongoing investigation closes on a typical day in a CCO’s life, you wonder if there is anything else to do. After reading Tom Fox’s The Compliance Handbook – 2nd Edition, you learn that a root cause analysis is now one of the hallmarks of an effective compliance program.
What steps do you take, and how do you perform a root cause analysis (RCA)?
Key points discussed in the episode:
✔️ Investigations are often the trigger for a root cause analysis, but they’re not the same thing. In an investigation, you’re trying to prove or disprove an allegation. If you uncover wrongdoing, it is crucial to continue to seek the root of the problem.
✔️ Root cause analysis lets us figure out and find the source of the problem instead of only looking at the symptoms. Think of it like going to the doctor if you’re sick. You tell the doctor all of your symptoms, they ask questions and run tests and then, hopefully, find the source of why you’re sick, and then attack that. The same principle applies to compliance.
✔️ When looking at the root cause, look for circumstances that contribute to the compliance issue – and ask these questions!
- What led to this issue?
- What conditions allowed this to happen?
- What needs to happen to keep this from happening again?
✔️ Find the problem and fix the problem. Remediate and document your changes per the DOJ Guidance.
- We’re constantly growing and building our compliance programs, but addressing the root cause includes developing a measure of success – how will we know if the remediations we put into place worked? How will we measure progress?
- Use the results of your RCA to remediate any issues you’ve found.
- Carry the RCA findings forward in any related risk assessments – monitor that your remediations are working/and adjust if they aren’t
- Update programs and processes to reflect the remediations – and don’t forget to TRAIN on anything new (including the context for the changes – tell employees WHY they should care, not that they should “just care.”
- Once fully remediated (if possible), document the remediation and how that connects to improved processes moving forward.
✔️ Root cause analysis is fundamental. Since we know the DOJ wants compliance programs to be proactive instead of reactive, root cause analysis is one of the ways we can do that. If we know people are doing things they shouldn’t do – we need to know why? Is it a problem with our hiring? A lack of controls? Not enough training? Or do we have a culture issue? We need to look under the proverbial rug to find out why things are happening, not just how they happened.
—————————————————————————-
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.
To celebrate the 200th Episode of Innovation in Compliance, Tom Fox is joined by Dan Skolnick, the VP of Product Strategy for Financial Crimes at Lexis Nexis Risk Solutions to talk about fighting financial crime and terrorist financing with cutting-edge technologies. Dan got into the industry after a hot tip at a family party led him to Fircosoft, which was on its way to becoming an industry leader in financial crime prevention technology.
Ahead of the Curve
Financial Crimes experts are much further ahead than other kinds of misconduct investigations professionals, so Tom asks about the evolution of Dan’s professional roles over his career. Dan says that when he started working in the industry, he was Sanction Screening for OFEC – but within a year of starting in the industry, the US Patriot Act was implemented which caused a huge shift in the type of work being done. The job has gone from looking for a very specific type of information to looking for risk across your customer base. Financial Crimes experts are much further ahead than other kinds of misconduct investigations professionals and have the tools, resources, and brainpower to prevent financial misconduct.
Deputizing the Talent
The government has, in effect, deputized financial services firms to help them with the terrorism financing problem that was being addressed with the Patriot Act. Because of the sheer quantity of data being collected and analyzed, financial services businesses had the information and know-how to be helpful to law enforcement and in foreign policy, developing a crime-fighting and enforcement culture. Today, you would be hard-pressed to find a bank without an executive who has that kind of enforcement or policy background.
Decision Memory and Reapplication.
Dan explains that a consequence of the emphasis on detection and prevention of terrorist financing is that you really have to prevent transactions rather than identify what happened in the past. In most cases, you need a human to intervene when you have a potential match – but there are more bad actors, more jurisdictions providing lists of bad actors, and more transactions happening on a daily basis than ever before – a technological solution is required.
The Patriot Act and Public Companies
Tom asks about the anti-money-laundering law that was passed this year which was the largest update to the Patriot Act since it was initially implemented. The new administration has made it clear that they are going to continue to fight financial crimes and terrorist financing. Dan agrees, and goes on to talk about how anti-money-laundering regulation is one of the few truly bi-partisan issues out there! Everyone expects more screening, more insights, and more reports, regardless of who is in charge.
The same is true of public companies – different industries that deal with a high volume of transactions are interested in these tools, and that has been a major push for Dan and his colleagues since being acquired by Accuity and Lexis Nexis.
Resources:
Accuity.com
Risk.lexisnexis.com
This podcast was sponsored by Lexis Nexis Risk Solutions and RegTech Pulse. RegTech Pulse examines the latest industry and technology trends that help organizations fight financial crime and streamline payments, so money and goods can move safely and securely around the world. Industry experts across the world join the conversation to share their insights and discuss best practices. RegTech Pulse is brought to you by Accuity, a LexisNexis Risk Solutions company, which helps power compliant and assured client transactions to build an interconnected and trusted financial ecosystem.
Have you ever wanted to start a podcast? Email Tfox@Tfoxlaw.com to tell your story and join the Compliance Podcast Network