Day: May 23, 2023

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Governance Committee

One issue that needs to be considered by compliance professionals around compliance training is compliance training governance. Yet a multinational organization subject to the FCPA faces many legal and regulatory risks, and often many of those risks are “owned” by organizations outside the compliance function. How can your organization create a comprehensive compliance training program covering its risk profile?

Every multinational organization will have a broad risk portfolio typically owned across the organization. Consider compliance risk, fraud risk, reputational risk, financial accounting risk, and discrimination risk. These are a small sample of risks; many will not be “owned” by the corporate compliance function. This presents a real challenge when creating a comprehensive compliance training program covering a company’s legal, regulatory, compliance, and reputational risks. Well-know compliance training maven Shawn Rogers suggests “establishing a corporate Compliance Training Governance Committee that looks at the company’s overall risk profile and builds a cross-functional and comprehensive multi-year training plan that effectively addresses all of the risks in a company’s risk portfolio.”

A Compliance Training Governance Committee will allow your organization to effectively establish a multi-year training plan, help in vendor selection and engage in course creation. Rogers said, “One of the biggest benefits has been its predictability to the compliance training program. Every stakeholder from a risk-owning organization knows exactly when their function will have their course deployed over the three-year calendar. They can plan resources, they have a long lead-time to develop the courses, and during their off-years, they can do communications campaigns and events to keep their risk top-of-mind.”

Three key takeaways: 

  1. Why your organization should create a Compliance Training Governance Committee.
  2. Who should be on the Compliance Training Governance Committee?
  3. How should the Compliance Training Governance Committee work going forward?
Categories
Innovation in Compliance

Cybersecurity Today and Tomorrow with Patrick Hynds

Cybersecurity isn’t just the business of the future – it’s the war of today. In this episode of Innovation In Compliance, Tom Fox and guest Patrick Hynds, CEO of Pulsar Security, delve into the world of cybersecurity and its implications for organizations of all sizes. From ransomware threats to the role of government in this expanding battlefield, Patrick discusses the evolution of cyber attacks, the importance of ongoing vigilance, and practical steps businesses can take to defend themselves. Patrick unpacks the concept of the ‘Pyramid of Threats’, and discusses why continuous network maintenance is crucial for cybersecurity. He also shares his predictions on the future of global cyber threats.

Patrick Hynds is a veteran-turned-technology entrepreneur with a distinct perspective on cybersecurity. An alumnus of the prestigious military academy at West Point, Patrick served as an infantry officer in the first Gulf War. His early affinity for programming, paired with the perspective gained from his military experience, propelled him into the field of technology. In 1996, he incorporated his company, Pulsar Security, which today is a leading provider of penetration testing services, enabling organizations to identify and address their vulnerabilities.

 

Tune in to hear Tom and Patrick talk about:

  • Cybersecurity is a necessity in today’s interconnected world, impacting entities ranging from billion-dollar corporations to individual users.
  • Pulsar Security offers penetration testing or Red Team services, effectively operating as ‘hackers for hire’ to identify potential vulnerabilities in client organizations.
  • Cyberattacks are a persistent risk that need to be managed strategically, not just identified. It affects even the smallest organizations and individuals.
  • Pulsar Security’s new product, Cyber Shield, is designed to help smaller organizations manage their cybersecurity at an affordable level.
  • There is a significant shortage of cyber engineers in the industry, with an estimated 3 million positions unfilled worldwide.
  • Awareness and education are key in enhancing cybersecurity. Simple actions like enabling two-factor authentication, managing passwords effectively, and regular patching can greatly improve security.
  • The role of government in the cyber realm is evolving, with agencies like SISA and NIST offering resources and guidelines to help organizations enhance their security posture.
  • Patrick and his team developed the “Pyramid of Threats” to help people envision the cybersecurity risks they face:
    • The bottom layer of this pyramid includes script kiddies who use easily obtainable scripts to exploit vulnerabilities in systems, often leading to data theft and sales on the dark web.
    • The next level up includes people with personal grudges who are tech-savvy enough to launch attacks. They tend to focus on specific targets, making them potentially more dangerous than the script kiddies.
    • The third layer of the pyramid consists of syndicates who are primarily financially motivated. They use similar tactics to script kiddies but tend to target systems with known vulnerabilities to launch ransomware attacks, steal identities, or mine Bitcoin.
  • Patrick hosts two podcasts in which they discuss relevant cybersecurity news, breaches, and potential defenses. The objective is to help people understand what they should be worried about and how to protect themselves.
  • The most important cybersecurity defense is a strong, ongoing maintenance routine.
  • Even with changes in the cyber landscape, threats will continue to become more sophisticated. 

 

KEY QUOTES:

“For these large organizations, we provide what’s called penetration testing or Red Team services. We’ll attack them on a regular basis, sometimes on a continuous basis, to see where their vulnerabilities are. Because you can’t see your own vulnerabilities most of the time.” – Patrick Hynds

 

“We’ve developed the thing called the Pyramid of Threats. …the Pyramid of Threats is meant to try to help people envision what the risks are, who’s coming after you” – Patrick Hynds

 

“Unfortunately, I don’t think people can forget about cybersecurity. That’s never going to happen. It’s not thinking about a media campaign. Companies don’t have that luxury because the cat’s out of the bag.” – Patrick Hynds

 

Resources:

Patrick Hynds on LinkedIn | Twitter

Pulsar Security | Podcasts

 

HOOKS

Cybersecurity isn’t just the business of the future – it’s the war of today.

 

The Pyramid of Threats helps people envision the cybersecurity risks they face.

 

The most important cybersecurity defense is a strong, ongoing maintenance routine.

Categories
The ESG Report

The ESG Report – Shawn Kreloff – Anaerobic Digestion

The ESG Report podcast is hosted by Tom Fox. Looking for innovative solutions to tackle climate change? Look no further than The ESG Report! In this episode, host Tom Fox speaks with Shawn Kreloff from Bioenergy Devco, a company that harnesses the power of anaerobic digestion to turn organic waste into biogas. Shawn explains how his company has bought technology to turn methane gas into fertilizer, revolutionizing waste management for municipalities and large businesses. Bioenergy Devco builds, owns, and operates the plants and helps businesses meet or exceed their ESG goals. In addition to being eco-friendly, Bioenergy Devco’s technology has soil, air, and water quality benefits. Shawn also discusses his company’s exploration of the organic waste diversion market in the South and the impact it could have on job creation and the environment. Take advantage of this enlightening conversation on The ESG Report!

Key Highlights:

  • The innovative technology of anaerobic digestion
  • Converting Methane Gas into Soil Fertilizer
  • Anaerobic Digesters in Climate Change Mitigation
  • ESG Impact through Air, Water, and Soil Quality
  • BioEnergy DevCo’s Waste-to-Energy Potential in Southern USA

Notable Quotes:

“So, what we drill now underground in frac is organic material that’s literally been captured, you know, for, you know, millions of years.”

Resources

Shawn Kreloff on LinkedIn

Bioenergy Devco

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Malcolm Hawker and Fit for Purpose Data

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Is your company’s data fit for purpose? In this episode of the Data Driven Compliance podcast, host Tom Fox welcomes Malcolm Hawker of Profisee, a company that creates MDM software, to discuss the importance of data quality, master data management (MDM), and data governance. They also explore how proper data management can drive exceptional results, reduce costs, and ensure compliance.

Key Highlights:

  • Data must be accurate, complete, timely, and unique to be fit for purpose within an organization’s business processes.
  • Master data management (MDM) solves the “single version of the truth” problem, helping organizations maintain consistent and trustworthy data across various systems and departments.
  • Effective data governance involves creating and implementing policies and procedures related to data management to optimize value, reduce costs, and ensure compliance.
  • Regardless of technology trends, the foundation of accurate, consistent, trustworthy, and fit-for-purpose data remains essential for successful decision-making and operations.

Notable Quotes:

“Data quality is all about making sure that you have data that is fit for purpose, that can be used efficiently in operations within the business, can be accurate and consistent, and trustworthy within the analytics, the reports used by that organization.”

“My point here is that from a governance perspective, …the foundation of data quality, master data management – all the things that go into creating accurate, consistent, trustworthy, fit-for-purpose data – those things never go away.”

“Modern younger business leaders are turning to LinkedIn, and they’re turning to YouTube and podcasts for these types of insights. I need to be where the business leaders are.”

Resources:

Malcolm Hawker on LinkedIn

CDO Matters LIVE Podcast

Profisee

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 115, Shout Outs and Rants

Welcome to the only roundtable podcast in compliance. Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the gang of Jonathan Marks, Matt Kelly, Jonathan Armstrong, Tom Fox, and Karen Woody.

  1. Matt Kelly shouts out to Newton Minow, the first government official to say television was a ‘vast wasteland’.
  2. Jonathan Marks shouts out to Blue Bell Ice Cream for creating the new flavor, Dr. Pepper Float.
  3. Tom Fox shouts out to Mike Shannon, who played with the St. Louis Cardinals for over 10 years, went to 3 World Series, and then had a 60-year career as an announcer with the team. He is also the only MLB player whom Tom got an autograph from.
  4. Karen Woody shouts out to the Netflix show ‘Jury Duty.’
  5. Jonathan Armstrong shouts out to all those workers who got London ready for the coronation.

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

Daily Compliance News: May 23, 2023 – The €1.2 Bn Fine Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Succession (in real life). (NYT)
  • Fired SFO investigator wins wrongful termination suit. (MLex)
  • Meta fined €1.2 billion by EU over GDPR violations (Cordery Compliance)
  • Court decision unsealed in whistleblower decision. (Bloomberg Law)