Day: June 27, 2023

Categories
Innovation in Compliance

Messaging Compliance in a Shifting Regulatory Landscape: Part 2 – Is Business Innovation Being Stifled by Regulatory Actions?

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series, I will visit with Chip Jones, Executive Vice President – Compliance at Global Relay; Alex Viall, Chief Strategy Officer at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennifer Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager, Unified Communications. Over this series, we will consider the US and UK regulatory framework for messaging apps, consider if business innovation is being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app.

In this Part 2, I visit with Alex Viall UK regulatory compliance expert, to explore the intersection of regulation and innovation, and in this thought-provoking podcast as they discuss the dynamics between business innovation and regulatory compliance. Discover how the evolution of technology is causing a generational shift in communication and how this impacts businesses in the industry. Hear about the importance of capturing conversations and messages for law enforcement purposes and the need for policies and procedures to manage risks effectively.

Take advantage of expert insights on practical solutions, training, and monitoring policies to stay compliant. Learn why banning communication isn’t the answer and how a proactive attitude can lead to better risk management and regulatory compliance.

Key Highlights:

  • Balancing Innovation and Compliance in Messaging
  • Challenges of Ephemeral Messaging in Business
  • Communications Compliance and Training for Business Conversations
  • Overcoming the Ineffectiveness of Communication Bans

For more information, go to Global Relay.

Join us in our next episode, where we examine the current UK regulatory landscape for messaging apps.

Categories
Innovation in Compliance

Supply Chain Cyber Risk Management with Steve Horvath

Imagine a world where your organization is constantly at the risk of a cyber-attack, yet no solution seems fully secure. In this episode of Innovation In Compliance, host Tom Fox and guest Steve Horvath explore the complex landscape of supply chain cyber risk management. They explore the high-profile breaches of Home Depot and Target, as well as the critical importance of frameworks like the NIST Cybersecurity Framework. Steve delves into the challenges faced by organizations, the need for effective risk management strategies, and the evolving landscape of cybersecurity in public and private sectors. 

Steve Horvath is a seasoned cybersecurity expert who has spent nearly two decades at Telos, a prominent cybersecurity firm focused on protecting government and industry networks. Since joining Telos in 2006, Steve has been instrumental in developing cybersecurity strategies and services for various elements of the U.S. federal government, including the intelligence community and the Department of Defense. Today, he leads the way in driving compliance and risk management initiatives with a focus on innovative solutions like Xacta.

 

You’ll hear Tom and Steve discuss:

  • Telos’ platform, Xacta, began as a web-based application focused on facilitating the rigorous compliance activities of federal standards, and has since evolved into a sophisticated platform for managing cybersecurity risks.
  • Cybersecurity risk is unique and highly challenging, and unlike other forms of risk, it doesn’t lend itself to transference. Insurance policies won’t save an organization from a devastating cyber attack.
  • Many organizations, particularly public ones, need to shift their mentality from accepting some level of risk to striving for robust cybersecurity operations that minimize risk as much as possible.
  • Education at the board level about the threats and implications of cybersecurity is a crucial yet often overlooked factor. The conversation around this is gaining traction, with initiatives such as the SEC’s rule about having a board member with a cybersecurity background.
  • The Home Depot and Target hacks brought widespread attention to cybersecurity risks, highlighting the need for organizations to be proactive in managing threats and vulnerabilities.
  • The NIST Cybersecurity Framework provides a practical and easily understood framework for organizations to assess and improve their cybersecurity posture. It enables effective communication between security operators and the board, fostering a common language and understanding.
  • Supply chain cybersecurity is a critical concern, particularly for software and IT hardware sourcing. Having a software bill of materials and understanding the ingredients within the software helps organizations assess their exposure and potential vulnerabilities.
  • Network attack services refer to understanding an organization’s attack surface and identifying potential points of ingress or exfiltration of data. Mitigating risks, such as phishing attacks, requires robust security education programs for users.
  • Creating an actionable cyber intelligence strategy involves having the right stakeholders and roles within the organization, selecting a suitable framework (such as NIST or ISO standards), and ensuring continuous validation and improvement of cybersecurity measures.

 

KEY QUOTES:

“You really have to do exceptional cybersecurity operations, and the best way to influence cybersecurity operations… is having some teeth behind a set of conditions and compliance requirements that guide you toward making the best decision…” – Steve Horvath

 

“The Risk Manager framework out of NIST [Cybersecurity Framework]… maps very easily and we find that it really allows for the security operators, the folks at the practical level doing the work. It gives them a language that they can articulate all the way up to the board and so everybody’s kind of speaking the same language.” – Steve Horvath

 

“A good security education program for your users tends to be a more dramatic impact than people realize. If you can teach your users not to click on links and emails or open documents, you’re way ahead of the gate.” – Steve Horvath

 

Resources:

Steve Horvath on LinkedIn | Twitter

Telos  | Telos Corporation on Twitter

Categories
Blog

Messaging Compliance in a Shifting Regulatory Landscape: Is Regulation Stifling Business Innovation?

Are you ready to learn how to implement electronic communications capture and supervision in your firm for better compliance and prevention of regulatory violations? Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part blog post series on messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. In this Part 2, I visited with Alex Viall on the provocative topic of where regulation stifles innovation in messaging apps.

The ever-increasing use of instant messaging in businesses brings about the need for compliant messaging policies. With proper guidelines, compliance officers and entrepreneurs can ensure that their company’s communication practices are up to par with regulatory standards and that potential risks are minimized. This enhances the overall efficiency and transparency of the business and provides peace of mind for those involved in managing and maintaining these communication platforms.

Here are some key steps:

  • Assess current communication platforms and habits
  • Create clear, transparent messaging policies
  • Implement regular employee training sessions
  • Monitor messaging compliance and address breaches
  • Explore tech solutions for messaging management

1. Assess current communication platforms and habits.

Developing compliant messaging policies for your business begins with assessing your company’s current communication platforms and habits. This critical first step involves thoroughly examining how employees communicate internally and externally and the tools and channels they utilize. You can effectively mitigate potential non-compliance issues by deeply understanding your business’s communication landscape. Identifying areas where innovation and improvements can be made while minimizing impacts on operations and employee experience is crucial. Therefore, it’s essential to keep an open mind and be prepared to adapt to the evolving nature of technology and ever-changing communication trends.

Viall underscored embracing business innovation while ensuring regulatory compliance and risk management. Communication habits constantly change, and organizations must adapt effectively while maintaining auditable trials for every conversation. Proper employee training is critical to fostering change and adopting new communication practices. This training should focus on creating comprehensive, practical policies that everyone can easily understand and adhere to, steering clear of generic policies that merely act as a checkbox.

Remember that senior management is pivotal in setting a positive tone and demonstrating a commitment to transparency and policy adherence.  Understanding and addressing the critical first step of assessing your business’s current communication platforms and habits is vital for compliance officers and entrepreneurs because doing so equips them with valuable insights into potential shortcomings, risks, and opportunities for growth. Organizations can proactively tackle potential compliance pitfalls by developing relevant and practical messaging policies while encouraging innovation and seamless communication. Ultimately, this will result in a more robust and resilient business that can effectively navigate the ever-evolving communication technology landscape and maintain a competitive edge in the market.

2. Create clear, transparent messaging policies.

Effective communication is essential for businesses today, and as technology evolves, so do the platforms and devices we use to communicate with one another. This shift in communication methods has increased the importance of creating clear, transparent messaging policies for companies. While internal and external communication may change, one thing remains constant: the need for proper risk management, regulatory compliance, and corporate hygiene. To achieve this, companies should develop comprehensive, practical policies for instant messaging that employees can easily understand and implement. The goal is to avoid creating generic policies that are simply a box-ticking exercise while supporting business innovation and maintaining auditable communication trails.

Viall noted that effective communication requires changing employees’ mindsets and ongoing training to ensure a secure and compliant messaging environment. Furthermore, senior management must set the right tone, reiterating the importance of compliance with these policies. Companies need to have procedures in place for monitoring, remediation, and promptly addressing any non-compliance issues. As technology continues to evolve, new tools and solutions for managing messaging compliance will become increasingly available, making it more important than ever for businesses to stay ahead of the curve.

Creating clear messaging policies cannot be overstated, particularly for compliance officers and entrepreneurs operating in an instant, ephemeral messaging age. With regulatory compliance and risk management at the forefront of business concerns, having practical, transparent policies can help ensure that a company maintains its competitive edge. This is especially true given the rapid advancements in technology and the potential consequences of non-compliance, which could lead to serious repercussions for businesses, both legally and financially. By focusing on transparent messaging policies, companies will be poised to manage risk effectively and thrive in today’s fast-paced, interconnected world of business communication.

3. Implement regular employee training sessions.

The nature of business is that it continues to evolve and adapt to new technologies, and communication methods are also changing. Gone are the days of only relying on traditional face-to-face conversations or even phone calls to get things done. With the rise of instant messaging platforms, companies now have a fast and effective way to communicate internally with team members and externally with clients. This new, dynamic form of conversation has greatly improved workplace efficiency and speed. Still, it also presents a significant challenge – ensuring that all communication is properly documented and compliant with various rules and regulations.

According to Viall, implementing regular employee training sessions is one crucial aspect of achieving this. These sessions should cover all of the proper procedures to be followed when using instant messaging in a professional setting and the potential risks and consequences of not adhering to these guidelines.  Conducting regular employee training sessions on messaging compliance helps create a company culture that prioritizes open communication, transparency, and, ultimately, accountability. When employees are knowledgeable and confident about what is expected of them, they are more likely to abide by the rules and demonstrate better judgment when faced with challenging situations. This reduces the likelihood of regulatory issues or scandals related to non-compliant messaging for businesses.

As compliance officers and entrepreneurs managing instant messaging in business, staying on top of evolving regulations and ensuring your company is adhering to best practices is crucial. You can significantly improve your organization’s regulatory compliance and risk by assessing your current communication platforms and habits, creating clear and transparent messaging policies, implementing regular employee training sessions, monitoring messaging compliance, and exploring tech solutions for messaging management. Do not hesitate to implement these steps and reap the benefits of a compliant and efficient messaging system.

Join me tomorrow as we consider changes in the UK regulatory schemes regarding messaging apps and compliance.

For more information, go to www.globalrelay.com

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 121 – Shout Outs and Rants

Welcome to the only roundtable podcast in compliance. In this episode, we have the quartet of Matt Kelly, Special guest Kristy Grant-Hart, Tom Fox and Jay Rosen.

1. Matt Kelly rants about Sam Alito and his paid trip by a billionaire who later had a case at the Supreme Court.

2. Special guest Kristy Grant-Hart rants about the DOJ taking until 2023 to build out a criminal conviction data base for public use when her firm built one back in 2007.

3. Tom Fox shouts out to John Aceti, a 93-year-old Kerrville resident who just published his 8th book, his autobiography.

4. Jay Rosen rants about NE Patriots player Jack Jones who chastised Ja Morant for his gun waving and then was caught going through airport security with packed guns.  

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks can be reached at jtmarks@gmail.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Incorporating Compliance into a Long-Term Corporate Strategy

How can a Board work incorporate the compliance function into a long-term business strategy of the organization?

The starting point for a Board of Directors is to develop a framework for incorporating compliance into your long-term strategy. To set up the framework for evaluating compliance into your Board’s long-term strategy is a three-step process, which you can use to determine how comprehensive the Board’s role in your compliance program is as a starting point.

1. Has the company identified the compliance issues relevant to the Board?

2. Has the company assessed and incorporated those compliance issues into its long-term strategy?

3. Has the company communicated its approach to compliance and the influence of those factors on its overall strategy?

From this initial inquiry, you can move into some specific questions that the Board can use to determine the overall state of your company’s compliance program. First, a Board can work to identify compliance issues material to your organization. This can be accomplished with compliance-related KPIs, which a Board should prioritize to elevate their impact on compliance. A Board should consider these through the life cycle of a business line or geographic sales area. Next, the Board should work to move compliance into the company’s long-term strategy and have the CCO detail the long-term strategy for the compliance function.

The Board should oversee incorporating KPIs into senior management performance evaluations and compensation. Once again building upon the 2020 Update, which asks how the company monitors its senior leadership’s behavior and how senior leadership models proper behavior to subordinates, the Board should make certain systems are in place to quantify or measure performance related to compliance issues, should establish performance goals against which they measure compliance achievement and disclose to shareholders the material compliance issues that drive compensation, the specific goals or performance targets that management must achieve and report on the actual performance against established goals to justify compensation payouts.

Finally, the Board should work to communicate the influence of compliance factors on overall corporate strategy by demonstrating how compliance was integrated into the business. Not only is this good from a business perspective and shareholder expectation, but it is also, as the 2020 Update makes clear, what the government expects is the operationalization of compliance going forward.

1. Having a long-term strategy is critical.

2. What is the Board’s framework for assessing compliance?

3. Create KPIs to measure senior management’s actions around compliance.

Categories
SBR - Authors' Podcast

SBR Author’s Podcast – Jim Massey: Trust in Action

Welcome to the Sunday Book Review, the Authors Podcast! Don’t miss out on this episode of SBR-Author’s Podcast, where Tom Fox sits down with Jim Massey to discuss his new book, Trust in Action. Massey brings a unique perspective as a behavioralist with a professional background in compliance and sustainability. The discussion touches on the societal loss of trust in government and education while the business remains the most trusted entity. Massey believes that companies can prioritize profits and still do the right thing for their employees, supply chain, and customers, making them a force for good.

The conversation discusses how leadership and involvement are essential in addressing society’s challenges and how every individual has the potential to be a leader. Listen in as Massey shares the Can Care to Do trust model for sparking action, focusing on three building blocks of trust: can, care, and do. He also discusses their experience of being perceived as an “ugly American” when working abroad and how they focus on building relationships. This podcast episode will teach you that good leaders are not tied to the past and are open to new ideas and solutions. Take advantage of this insightful conversation highlighting the power of trust, collaboration, and adaptability in leadership, especially in times of crisis.

Key Highlights Include:

  • The Importance of Trust in Business
  • The Role of Business in Systemic Change
  • Importance of Trust for Effective Leadership
  • Overcoming Obesity Bias in Global Health Leadership
  • Learning Agility and Humility in Leadership
  • Navigating societal and business risks
  • The Art of Writing with a Busy Schedule
  • Benefits of Mindfulness

Notable Quotes:

“Trust is the basis of any human interaction.”

“We cause the problem; therefore, I believe we can be the solution.”

“Leaders must be able to assess the situation be about 10000 feet above the details to see the whole picture and what’s going on.”

“The model of trust for me, Tom, sits at the self, team, & assist.”

Resources

Jim Massey on LinkedIn

Trust in Action

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 27, 2023 – The Wells Notices Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Solar Winds execs receive Wells Notice. (Reuters)
  • Corruption hindering PdVSA. (InSight Crime)
  • Inhouse lawyers grapple with ESG demands. (FT)
  • SEC wants more information from small banks. (WSJ)
Categories
Data Driven Compliance

Data Driven Compliance: Vincent Walden – Analyzing the Philips FCPA Enforcement Action Using AI

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Data Driven Compliance is back with another exciting episode featuring the insightful Vince Walden from KonaAI. In this episode, Walden and host Tom Fox discuss how data analytics can help uncover potential FCPA enforcement actions, using the Philips case as an example. They delve into the benefits of internal controls and the segregation of duties to prevent bribery and corruption. Walden goes on to examine the customer 360 model, which focuses on analyzing customer orders to pinpoint risky transactions and potential improper payments. Additionally, they explore Kona AI’s platform, which utilizes advanced algorithms to pick up problems and highlight high-risk transactions.

The podcast also features a discussion on the use of artificial intelligence and how machine learning can help compliance professionals identify anomalies that require investigation. You won’t want to miss the exciting upcoming episode where Walden showcases real-world examples of how companies can use machine learning in 2023.  Tune in to Data Driven Compliance and stay ahead of the curve in the compliance world!

Key Highlights

·      Data analytics for FCPA compliance detection

·      Kona AI’s Customer Analytics and Risk Assessment

·      Improper Vendor Payments Tracking

·      The importance of second level reviews in internal control

·      Analytics and Investigating Fraud Potential

·      Improving Precision in Machine Learning Models

KEY QUOTES

“Just those basic type of analytics could have been easily spotted these issues.”

“These are the types of things that when you could just sort, you would be able to find those high risk transactions.”

“Nowadays the technology is there to spot these types of activities when compliance has access to the data.”

“Let’s see if this event took place. And he just did a simple Google search on the Internet couldn’t find the event.”

Resources:

Vince Walden on LinkedIn 

KonaAI

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn