Day: September 19, 2023

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 2 – Viktor Culjak on Assessing Culture

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia in this series. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 2, we visit with Viktor Culjak to discuss assessing culture.

Viktor Culjak is a chartered accountant with a strong finance, audit, and risk consulting background. Currently serves as the Director of Customer Success and Services at Diligent. With a decade of experience in the Big Four and a focus on governance, risk, and compliance (GRC) objectives, Viktor firmly believes in assessing and managing organizational culture as a risk factor. He views culture as a dynamic risk that can have significant consequences if not properly managed and advocates for standardized and benchmarked culture assessments to provide valuable insights for risk management. Viktor emphasizes the need for practical guidance on implementation, highlighting the significance of tone at the top and other artifacts such as policies, procedures, and feedback mechanisms in culture assessments. Join Tom Fox and Viktor Culjak as we delve deeper into assessing culture on this episode of the Unlocking Success: The Crucial Role of Culture podcast.

Key Highlights: 

·      Assessing and Auditing Organizational Culture

·      Creating a Culture of Effective Communication

·      Evaluating Culture Alignment for Continuous Improvement

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture.

For more information and to book a demo, visit Diligent.com

 Join us tomorrow, where we consider how to create a culture management strategy.

Categories
Principled Podcast

Season 10 Episode 2 – The Importance of Humanizing Ethics and Compliance Programs

What you’ll learn on this podcast episode

Keeping the focus on the human element of ethics and compliance can help E&C programs move from “cop” to “coach.” But what does that look like in practice? In this episode of the Principled Podcast, host Susan Divers talks about the importance of humanizing ethics and compliance with Adam Balfour, the author of Ethics & Compliance for Humans. Listen in as the two discuss best practices that Adam has used over the course of his E&C career, managing regional and global ethics and compliance programs as well as leading areas of global risk management and privacy. 

Guest: Adam Balfour

Adam Balfour – Grayscale

Adam Balfour is on a mission to help make ethics and compliance more relatable and relevant for his fellow human beings. He likes to design ethics and compliance programs that employees can actually relate to, engage with and find useful. Originally from Scotland, Adam worked for a number of years as an attorney for two international law firms in New York before moving to Nashville, Tennessee to work for Bridgestone. He is an active member in the ethics and compliance community, a co-editor of the “Compliance and Ethics: Ideas & Answers” newsletter together with Joe Murphy, Jeff Kaplan, and Rebecca Walker, and CCEP certified. His first book, Ethics & Compliance for Humans, was published by CCI Press and is available now.    

Host: Susan Divers

Headshot_Susan_Divers_S7E18_Principled_Podcast

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

Categories
Blog

Assessing Organizational Culture

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of any corporate compliance enforcement action. In this Part 2, consider how to assess your culture with Viktor Cuijak.

Cuijak, a chartered accountant with a strong background in finance, audit, and risk consulting, currently serves as the Director of Customer Success and Services at Diligent. With a decade of experience in the Big Four and a focus on governance, risk, and compliance (GRC) objectives, Cuijak firmly believes in the importance of assessing and managing organizational culture as a risk factor. He views culture as a dynamic risk that can have significant consequences if not properly managed, and advocates for standardized and benchmarked culture assessments to provide valuable insights for risk management. Cuijak emphasizes the need for practical guidance on implementation, highlighting the significance of tone at the top and other artifacts such as policies, procedures, and feedback mechanisms in culture assessments. Crucial Role of Culture podcast.

Assessing and managing organizational culture as a risk factor is a crucial aspect of ensuring the success and sustainability of any organization. A compliance professional can begin by the using existing frameworks like COSO (Committee of Sponsoring Organizations of the Treadway Commission) for guidance in assessing and managing organizational culture. This framework provides principles and guidelines that help organizations understand the key factors that impact culture as a risk factor.

The tone at the top, policies, procedures, and feedback mechanisms were identified as key indicators of an organization’s culture. The tone at the top refers to the leadership’s actions and behaviors, which set the tone for the entire organization. Policies and procedures play a crucial role in shaping the desired culture, but it is not enough to simply have them in place. Actions, communications, and responses must align with the stated culture.

One of the key challenges is the nebulous and intangible nature of culture, which can make it difficult to assess and audit. However, Cuijak emphasized that culture can be thought of as just another risk that organizations need to manage. By asking the question, “What can go wrong?” organizations can identify potential risks and gaps in their culture and take steps to address them.

Standardized evaluation was also discussed as a valuable tool for assessing and benchmarking culture. It provides a common language and framework for managing risks associated with culture. By using evaluation tools, organizations can track their progress and identify areas for growth.

Cuijak also emphasized the importance of considering the impact of culture when making decisions. Culture is not just a checklist exercise, but rather a holistic approach that encompasses actions, communications, and responses. It is not enough to have policies and procedures in place; organizations must demonstrate their culture through their actions and communications.

While frameworks like COSO provide principles and guidance, they may not always provide the specific “how” in assessing and managing culture. This is where organizations need to tailor their approach and consider additional tools and techniques that align with their specific needs and goals.

In conclusion, assessing and managing organizational culture as a risk factor is a complex but essential task for organizations. By using existing frameworks, evaluating key indicators, and considering the impact of culture on decision-making, organizations can identify potential risks, address gaps, and create a culture that supports their overall success and sustainability.

Join us tomorrow where we explore creating a strategy to manage culture risk.

Tune into Viktor Cuijak on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Daily Compliance News

Daily Compliance News: September 19, 2023 – The $2111 Per Hour Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Is your lawyer worth $2K+ per hour?  (Reuters)
  • From a smoking break to a weed break? (NYT)
  • Boards looking more critically at CEO behavior. (FT)
  • US Treasury Sec wants to tackle Nigerian corruption. (Bloomberg)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 11 – Charitable Donation Enforcement Actions

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and violates the FCPA. This was a feature of the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the SEC in 2012, involving a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the DOJ as a criminal matter, against another U.S. entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

Three key takeaways:

  1. Every compliance practitioner should study both the Lilly and Schering-Plough enforcement actions.
  2. What is the purpose of the charitable entity you are making a donation to?
  3. “Document, Document, and Document” your due diligence around donors.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Data Driven Compliance

Data Driven Compliance: Rachael Ormiston on Privacy as a Business Differentiator

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

We take things in a data privacy direction today as I visit with Rachael Ormiston, Head of Privacy at Osano, whose No Penalties Pledge sets them apart in the privacy industry, offering customers assurance that they won’t face fines for non-compliance. In conversations with Tom Fox, Rachael Ormiston discusses the importance of privacy as a business differentiator and the impact of GDPR. Trust is highlighted as crucial for building a positive customer experience. Osano has developed a privacy maturity model to help companies assess their progress and prioritize compliance. Their website offers valuable resources, catering to both experts and beginners in the field. Rachael emphasizes the increasing importance of data privacy and the need for companies to prioritize it at the executive level.

Highlights Include

·      Osano’s No Penalties Pledge

·      Privacy as a Business Differentiator

·      The Importance of Privacy Compliance

·      Data Privacy and Free Resources

Resources:

Osano

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Navigating Digital Compliance: Managing Risks and Embracing Innovation

In a rapidly evolving digital landscape, managing compliance risks has become a critical priority for organizations. In a recent Innovation in Compliance podcast episode, I had the opportunity to interview Chris Lehman, CEO of Safeguard Cyber, a compliance and security company, to shed light on the importance of effective digital compliance and the challenges that arise with the shift in communication channels. This blog post explores the key insights from this conversation and offers practical advice on managing risk in the realm of digital compliance.

The manner in which communicate has undergone a dramatic transformation with the rise of smartphones and the increasing use of cloud-based applications and messaging platforms. Today, a staggering 45% of all business communication takes place outside of email, spanning channels like Slack, Microsoft Teams, WhatsApp, Telegram, Line, SMS, iMessage, and even social platforms such as LinkedIn. In addition to this tech side of the communication revolution, there is the generational change, from the way Baby Boomers communicated through GenXers to Millennials to GenZers. Moreover, corporations have not implemented the same level of controls for these new communication channels as they have for email, leaving potential vulnerabilities.

Lehman emphasizes the human factor as the most significant risk in compliance strategies. While technological advancements have enabled agility, innovation, and new ways of engagement, it is crucial to ensure compliance in these digital interactions. Safeguard Cyber highlights the need for organizations to prioritize compliance and good corporate governance, while still allowing employees to be agile and innovative.

To effectively manage risk in digital compliance, it is vital to treat it as a comprehensive risk management process. This involves understanding regulations, establishing robust policies, training employees, and leveraging technology to monitor and mitigate risks. It all starts with a risk assessment, which informs your risk management strategy. From there you must implement effective training and communications, then monitor and upgrade as needed. To do this you also need a tech solution which provides visibility into digital communication channels, enabling organizations to identify potential risks in real-time and take corrective action.

Unfortunately, there is often a tension that can arise between compliance teams and line of business teams. Rather than being seen as a hindrance, compliance teams should strive to be enablers and strategic partners. By providing visibility into the tools and applications employees use, compliance teams can facilitate decision-making on freedom and flexibility while maintaining compliance standards.

The regulators, such as the Securities and Exchange Commission (SEC), Commodities Futures Trading Commission (CFTC) and the Department of Justice (DOJ) have all take notice and have all emphasized the importance of compliance and good corporate governance in these new communication channels. This summer alone, SEC recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the CFTC ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods. All of this means that companies must identify and assess their risks, implement risk management strategies, and ensure that policies and procedures are not only in place but also effectively trained and followed.

Fortunately, technologies now exist that allow organizations to achieve compliance without becoming overly burdensome through their monitoring function. Safeguard Cyber’s tech solution, for instance, monitors digital communication channels, such as email, messaging platforms, and social media, while ensuring employee privacy through an opt-in system. By leveraging natural language understanding technology, sensitive information can be flagged, and compliance can be maintained seamlessly.

As we move forward, the goal for organizations is to break down the walls between line of business and compliance teams. Technology will play a pivotal role in providing visibility into various communication channels and applications, helping employees stay within boundaries without intentionally breaking rules. Increased regulatory oversight is expected in the future, making it even more crucial for organizations to prioritize digital compliance.

In the modern business landscape, effective digital compliance and good corporate governance are paramount. Managing compliance risks in the realm of digital communication requires organizations to treat it as a risk management process, leveraging technology and establishing robust policies. By embracing technology solutions like Safeguard Cyber, organizations can monitor communication channels, flag potential risks, and ensure compliance without stifling innovation and agility. As we navigate this ever-evolving digital world, prioritizing digital compliance will be a key differentiator for organizations seeking long-term success.