Day: March 21, 2023

Categories
Compliance Kitchen

The Compliance Kitchen Unveils the EU Sanctions on Russia and Explores the Impact

In The Compliance Kitchen podcast, host Silvia Surman dives into a variety of compliance topics. In this episode, Silvia examines sanctions on Russia imposed by the European Union, including asset freezes, travel bans, blocking access to Russia’s central bank reserve holdings, and prohibitions on exports of dual use goods and technology, among other sanctions. Silvia also takes a look at how two thirds of the world population is taking a neutral stance on the situation and the economic impact of the sanctions thus far. She references an article from the European Parliamentary Research Service for viewers to explore further. Join Silvia on The Compliance Kitchen to stay up-to-date on international compliance topics.

Key Highlights

EU Sanctions on Russia [00:07]

Impact of International Sanctions on Russia [05:43]

Impact of G7 Sanctions on Russia’s Economy [11:12]

Accessing European parliamentary research services [16:35]

Notable Quotes

  1. “Whatever you hear on compliance kitchen is not legal advice, and it should not be used as such.”
  2. “Then we had the attempted poisoning of Sergei Skripal and his daughter, they were living in the UK at the time. That was in 2018. So you continued to respond to all these acts with some degree of sanctions or some sanctions regimes that they implemented.”
  3. “Then we had the Alexandre Navalny poisonings that was in 2020, 2021. So with that came the EU global human rights sanctions regime.”
  4. “Banning transactions with certain Russian state owned military industrial companies disconnecting leading Russian financial institutions from the Swift system.”
Categories
31 Days to More Effective Compliance Programs

The Corp Controller and Business Ventures

One area not often considered by the CCO as a key part of any compliance regime is the Corporate Controller. The Controller generally has the responsibility to accurately record and report the financial transactions of the company, to design, implement and execute the financial processes and controls of the company to be both effective and efficient, and to safeguard the financial assets of the company. Some of the compliance responsibilities of the Controller include: 1) Designing and implementing internal controls that impact ethics and compliance risks; 2) Accurately recording the financial transactions of the company; and 3) Preventing and detecting fraudulent activity. All of this means, in practical terms the Controller is both being the keeper of the books and records and the implementer of internal controls. Moreover, while many of these internal controls would most probably be viewed financial internal controls, there are additional internal controls which are not financial in nature.

Russ Berland, has noted, “Those guys live really in the battle zone. They are constantly looking at financial transactions. They’re evaluating them. They’re figuring out where things go within the books and records. They are implementing the processes that should be keeping fraud from happening; keeping bribery and corruption from happening.”

These benefits are not a one-way street for compliance as a Controller benefits from a closer relationship with the corporate compliance function as well. They can leverage compliance resources. The compliance function can bring its observations and insights from investigations and emerging risks to the Controller. A closer collaboration will broaden awareness of compliance risks which relate to the company’s financial processes. By more fully integrating compliance into the Controller function a more robust picture of enterprise risk emerges, one which encompasses legal, compliance, ethics, internal controls, financial, business and governance risks.

Three key takeaways: 

  1. CCOs need to integrate the function of the Controller into their compliance regime.
  2. Offshore payments must be flagged for further investigations.
  3. The Controller is both the keeper of the books and records and the implementer of internal controls.
Categories
Innovation in Compliance

Third-Party Management: A Risk-Based Approach – Part 2: Stephanie Font on Questionnaires and Due Diligence

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Consulting and Advisory Services; Stephanie Font, Director, Operations Optimization Group; Kairi Isse, Group Manager of Managed Services Group, Productions; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Regulatory Compliance Manager from the Volkov Law Group. In this Part 2, I visit with Stephanie Font on the need for evaluation of potential third-party through questionnaires and determination of the necessary due diligence investigations to comply with regulations while navigating using questionnaires to uncover the truth.

What is the importance of understanding regulations and risk factors when creating questionnaires to help with due diligence? Through understanding the risk model and what specific regulations the company needs to comply with, creating effective questionnaires to help with due diligence can become easier. Stephanie also found out that having a due diligence risk management system can automate some of the processes and help flag any potential risk factors. With the help of questionnaires and due diligence, Stephanie was able to learn how to effectively document and investigate potential third parties.

Key Highlights

  • How questionnaires can be used to comply with regulations and inform a risk model.
  • How due diligence investigations can help to uncover risk factors in a potential third party.
  • How a third-party risk management system can automate parts of the process.

 Notable Quotes

 1.     “Knowing what you’re trying to comply with and thinking of those questions that are going to get you there is probably the top thing.”

2.     “Don’t lose your common sense and listen if your gut tells you something’s wrong.”

3.     “Documentation is key to creating an internal audit trail and having something to show to regulators.”

4.     “Know your own risk model and build the risk model into the system to flag any potential risk factors.”

 Resources

Stephanie Font on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
The ESG Report

Gareth Evans on Energy Transition

The ESG Report podcast is hosted by Tom Fox. In this episode, Tom is joined by Gareth Evans, founder of Veckta. Gareth Evans had always planned to be a fast jet pilot, but decided to pursue an environmental science degree instead. After working in the oil and gas industry for many years, he found himself in Iraq, doing liability assessments in areas with massive environmental issues. This experience inspired him to become the CEO of Veckta, an energy transition platform. He works to help businesses become more sustainable, reliable, and profitable by developing their own onsite energy systems. He encourages companies to respect the energy transition process and believes that by 2030 there will be a shift to a more distributed and secure form of energy.

Key Highlights

1. How can businesses use energy transition to become more profitable and sustainable?

2. What strategies can businesses use to reduce emissions and increase reliability, resilience, and security of their energy systems?

3. How can businesses leverage technology and brokering relationships to maximize their energy transition investments?

Notable Quotes

1.     “We can actually be sustainable and profitable these days with these systems. Having people who are thinking strategically about the long-term sustainability of their business and also ensuring that they are maintain and grow their profitability and have a differentiated position in their market is key.”

2.     “You can actually be sustainable and profitable these days with these systems.”

3.     “It’s not something that we can change overnight. We do need to really adapt with purpose and there’s ways of doing that and ensuring that we do drive that sustainable outcome.”

4.     “It’s important that we’re thinking about what is the worst-case scenario? What does it cost us? How do we factor that into our decision making?”

Resources

Gareth Evans on LinkedIn

Veckta

Categories
Innovation in Compliance

Is Data Fit for Purpose? with Malcolm Hawker

Is your company’s data fit for purpose? In this episode of the Innovation in Compliance podcast, host Tom Fox welcomes Malcolm Hawker of Profisee, a company that creates MDM software, to discuss the importance of data quality, master data management (MDM), and data governance. They also explore how proper data management can drive exceptional results, reduce costs, and ensure compliance. 

Malcolm Hawker is a seasoned data management and governance professional with over 30 years of experience. Malcolm spent 15 years in product leadership, including a stint as Chief Product Officer at a software startup in Austin, Texas. He also led an IT organization at a $2 billion publicly traded company. Malcolm has since specialized in data management, master data management, and governance, working as an analyst for Gartner before joining Profisee as the Head of Data Strategy. Malcolm’s passion is helping organizations leverage data to drive results.

 

You’ll hear Tom and Malcolm talk about these ideas:

  • Data must be accurate, complete, timely, and unique to be fit for purpose within an organization’s business processes.
  • Master data management (MDM) solves the “single version of the truth” problem, helping organizations maintain consistent and trustworthy data across various systems and departments.
  • Effective data governance involves creating and implementing policies and procedures related to data management to optimize value, reduce costs, and ensure compliance.
  • High-level, cross-functional, and functional levels all require tailored governance strategies.
  • A CDO should define how data governance drives the three levers of revenue, cost savings, and risk mitigation within an organization.
  • Corporate governance is typically the focus of boards of directors, while data governance is more of a functional or operating level concern.
  • Data privacy plays a significant role within data governance and must be addressed with robust policies and procedures.
  • Data governance can contribute to ESG initiatives, with one example being the reduction of carbon footprint through better data management and retention policies.
  • No matter where technology trends lead, the foundation of accurate, consistent, trustworthy, and fit-for-purpose data remains essential for successful decision making and operations.
  • “Modern younger business leaders are turning to LinkedIn, they’re turning to YouTube, they’re turning to podcasts for these types of insights [about business]. I need to be where the business leaders are.” Malcolm shares best practices from a data management, data quality, and MDM perspective through his CDO Matters LIVE podcast.
  • Malcolm’s experience at AOL during its rapid growth period on his approach to innovation.

 

KEY QUOTES

“Data quality is all about making sure that you have data that is fit for purpose, that can be used efficiently in operations within the business, can be accurate and consistent, and trustworthy within the analytics, the reports that are used by that organization..” – Malcolm Hawker

 

“My point here is that from a governance perspective, …the foundation of data quality, master data management – all the things that go into creating accurate, consistent, trustworthy, fit for purpose data – those things never go away.” – Malcolm Hawker

 

“Modern younger business leaders are turning to LinkedIn, they’re turning to YouTube, they’re turning to podcasts for these types of insights. I need to be where the business leaders are.” – Malcolm Hawker

 

Resources:

Malcolm Hawker on LinkedIn 

CDO Matters LIVE Podcast

Profisee

Categories
Daily Compliance News

March 21, 2023 – The Cancel Spring Break Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Miami Beach wants to cancel Spring Break. (WSJ)
  • The $17bn wipe out. (FT)
  • South African corruption investigator murdered. (BBC)
  • Does Venezuela Oil Minister resign in corruption probe? (Reuters)
Categories
Blog

Reprioritizing Your Third-Party Risk Management Program-Questionnaire and Due Diligence

Are you considering a third-party questionnaire for your organization? With so much debate around what should be asked, and how detailed you should be, it can be hard to know where to start. In this 5-part blog post series, sponsored by Diligent, I will consider the full range of third-party risk management. Today, we consider the third-party questionnaire and I am joined by Stephanie Font, the director of the Operations Optimization Group at Diligent as we discuss third party questionnaires and due diligence investigations.

With so much debate around what should be asked in your questionnaire and how detailed your questionnaire should be, it can be hard to know where to start. It is important that every compliance professional understand your risk profile to all crafting of the right due diligence process to ensure compliance. Here are the steps you need to follow to also get compliance and  risk.:

  1. Questionnaire: Gathering basic information about the third party and what regulations need to be complied with.
  2. Due Diligence Investigation: Investigating the third party based on their answers to the questionnaire and other risk factors.
  3. Documenting: Keeping records of the due diligence investigations to be used in the future.

Questionnaire: Gathering basic information about the third party and what regulations need to be complied with.

The first step to managing third parties is to create a questionnaire to gather basic information about the third party and what regulations need to be complied with. When creating the questionnaire, it is important to understand the organization’s risk model and what it is trying to achieve. The questionnaire should be tailored to the specific risk factors the organization is trying to address, as well as the regulations that need to be complied with. Questions should include items such as the size of the company, where they do business, and the type of relationship they have. Additionally, the questionnaire should ask questions that will alert to any potential risk factors, such as if they do business in a highly sanctioned country. Once the questionnaire is sent and responses are received, the answers can be used to inform the next step of the due diligence process. Your third-party risk management system should automate some of the process by flagging risk factors and indicating what level of investigation is needed. Lastly, it is important to document the process and create an audit trail that can be used for various reasons, such as compliance and internal review.

Due Diligence Investigation: Investigating the third party based on their answers to the questionnaire and other risk factors.

The second step of third-party due diligence is the due diligence investigation. This step involves investigating the third party based on their answers to the questionnaire and other risk factors. The best approach to this investigation is to first understand the company’s risk and what it is trying to accomplish. This allows the company to create a risk model and tailor the questionnaire to fit their needs. The questionnaire should include questions about the size of the company, where it does business, and other risk factors that may arise. After the questionnaire is complete, the next step is to assess the risk factors and determine the appropriate level of investigation needed. This could range from a baseline screening for sanctions list and other global databases to an enhanced due diligence investigation which involves boots on the ground to ask questions about the company’s reputation and verify a manufacturing site. Additionally, it is important to document the process to create an audit trail for internal stakeholders and regulators. This process should be tracked in a third-party risk management system to ensure everything is done correctly.

Documenting: Keeping records of the due diligence investigations to be used in the future.

Documenting is an important step in the due diligence process, as it helps to create an audit trail of the activities and decisions that were taken. When it comes to due diligence, it is important to keep records of all investigations that were conducted, as these records can be used in the future to defend any decisions that were taken. This allows for all the necessary information to be stored in a secure location and can even track any changes or updates to the investigations over time. Additionally, the system can be used to flag any potential risks that come up in the investigations, and it can also automate the process of deciding which type of investigation is necessary based on the risk model. Finally, it is important to keep all documents related to the due diligence process, such as the questionnaire, investigation reports, and any other relevant documents, to create an audit trail and ensure that all compliance regulations are met.

Third party due diligence is a crucial part of any compliance program. A thorough questionnaire and a detailed due diligence investigation can help organizations to mitigate risk and ensure compliance with applicable regulations. Additionally, it is important to document the process, as this creates an audit trail that can be used in the future. With the right tools and processes in place, organizations of any size can successfully manage third party risk and create a robust compliance program. With the right information and guidance, you too can create a successful third-party due diligence process for your organization.

For more information, on Diligent’s Third Party Risk Management solution, click here.

Listen to Stephanie Font on the podcast series here.