Day: May 2, 2023

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Training and Communications – The D&B Experience in Training and Communications

How did one company and one CCO actively use social media to make the company’s compliance culture more effective? The company was Dun & Bradstreet, Inc. (D&B), and its then CCO, Louis Sapirman, discussed D&B’s integration of social media into compliance with me.
As we advance, these tools can go a long way toward enhancing your compliance program. Recall the declination to prosecute Morgan Stanley received from the DOJ when one of its managing directors had engaged in FCPA violations. One of the reasons cited by the DOJ was 35 email compliance reminders sent over seven years, bolsters the annual FCPA training the recalcitrant managing director received. You can use your archived social media communications as evidence that you have continually communicated your company’s expectations around compliance. It is equally important that these expectations are documented.

Finally, always remember the social part of social media. Social media is a two-way communication. Not only are you setting out expectations, but also, these tools allow you to receive back communications from your employees. The D&B experience around the name change for its Code of Conduct is but one example. If you have several concerns expressed, it could alert you earlier to begin some detection and move toward prevention in your compliance program.

Three key takeaways:

  1. How do 360 degrees of communication work in compliance?
  2. Focus on the ‘social’ part of social media.
  3. Use internal corporate social media to have a conversation.

For more information, check The Compliance Handbook, 3rd Edition available here.

Categories
Innovation in Compliance

Improving Third – Party Risk Management with Paul Valente

In today’s interconnected world, businesses rely on third-party vendors for various products and services. While these partnerships bring great benefits, they also expose companies to a range of risks such as cyber threats, compliance issues, and reputational damage. In this episode, Tom Fox interviews Paul Valente, the co-founder and CEO of VISO Trust. Paul shares valuable insights into how businesses can mitigate risks posed by third-party vendors, the importance of continuous monitoring, and how VISO Trust’s platform helps companies manage risks effectively.

Paul Valente is the CEO and co-founder of VISO Trust, a company that provides automated third-party cyber risk management solutions. Prior to founding VISO Trust, Paul was the Chief Information Security Officer (CISO) at several companies, including Restoration Hardware, Lending Club, and ASAPP. He is a longtime technologist and security professional with experience in highly regulated industries.

 

You’ll hear Tom and Paul talk about:

  • Companies have more sensitive data on other companies’ infrastructure than they do internally, which increases risk and augments the need for a robust risk management strategy.
  • Boards have a duty of oversight to proactively monitor their third-party risk management programs. They should also keep abreast of emerging threats.
  • Automation is a key component in a third-party risk management solution for cybersecurity. The standard approach of using questionnaires to assess third-party security is slow, labor-intensive, and ineffective.
  • VISO Trust’s patented first-to-market Document Intelligence removes friction for vendors and provides a comprehensive risk assessment that tells customers everything they need to know to make qualified risk decisions about their third-party relationships.
  • Compliance requires auditability.
  • How VISO Trust helps companies manage risk after the contract is signed.
  • Risk management and cybersecurity data is often siloed within an organization. VISO Trust helps centralize the information by providing a dashboard where customers can have complete understanding of their overall third-party risk, and allowing them to make that data available across the organization.

 

KEY QUOTES:

“There’s companies today that have nothing internally – that are 100% cloud native. What that means typically is that there’s many copies of their data essentially with various other companies, perhaps all over the world… That just increases what we call a tax service … which just means more risk.” – Paul Valente

 

“I think [boards] need to be asking essentially what the risks are for their organization from a cybersecurity standpoint. They need to ask for those to be regularly reported on, regularly updated, and regularly tracked. …They also need to be aware themselves, both externally as well as relying on the executives within the company to keep them aware of emerging threats.” – Paul Valente

 

“…our dashboards essentially allow you to list all of your third-party relationships in one single place and easily report on the status of assessments as well as report on inherent risk.” – Paul Valente

 

Resources:

Paul Valente on LinkedIn | Twitter

VISO Trust

Categories
Compliance Week Conference Podcast

Adam Balfour and Brian McAlhaney on Raising Your Communications and Training

In this episode of the Compliance Week 2023 Speaker Preview Podcasts series, Adam Balfour and Brian McAlhaney from Bridgestone/Firestone discuss their Case Study at Compliance Week 2023,  entitled, “From Training to Learning: How We Use Lessons from Star Wars, Jurassic Park and Top Gun to Help Employees Learn About Ethics and Compliance.”

Some of the issues they will discuss in their presentation are:

  • How one company has re-framed their compliance program pillar of “Training and Communication” to “Learning and Engagement” and hear how your program can benefit from their learnings;
  • Tried and tested tips on adult learning, including using experiences, focusing on the impact on the learner, and more; and
  • How creative, effective, and engaging learning can help enhance your ethics and compliance program brand?

I hope you can join me at Compliance Week 2023. This year’s event will be May 15-17 at the JW Marriott in Washington, DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 18th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways from your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link here.

Categories
Daily Compliance News

Daily Compliance News: May 2, 2023 – The Big Brother at the Workplace Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Auchan is under investigation by PNF. (FT)
  • US SCt to review whistleblower retaliation claim. (Reuters)
  • White House looking into Big Brother at the workplace. (Bloomberg)
  • Adidas sued over the Kanye West deal. (BBC)