Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 7 – From Cutting Edge to Table Stakes

Compliance programs play a crucial role in ensuring that companies adhere to legal and ethical standards. In today’s digital age, where data is abundant and easily accessible, the importance of data-driven compliance programs cannot be overstated. This message was driven home very forcefully in a speech in November by Nicole Argentieri, acting assistant attorney general for the Criminal Division.

Anselmo Guevara, manager at VMware, has emphasized the need for companies to have a compliance program that provides visibility into their data at their fingertips. It is no longer sufficient to simply collect data and have someone review and reconcile it. Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks. This proactive approach allows companies to identify and address compliance issues before they escalate.

Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks. By actively monitoring and analyzing data, companies can identify potential compliance issues, mitigate risks, and maintain their reputation and integrity. Collaboration between different departments and a formal risk assessment are key factors in establishing a robust compliance program. As technology continues to advance, the role of data analytics and AI in compliance monitoring is expected to become even more significant. Compliance professionals must stay informed, continuously learn, and adapt to the evolving landscape of data-driven compliance.

 Three key takeaways:

1. Nicole Argentieri, acting assistant attorney general for the Criminal Division, said,  “Let me be the first to tell you that we have proactively used data to generate FCPA cases, and we’ve only just gotten started.”

2. . Compliance professionals must actively analyze the data for trends, anomalies, and potential compliance risks.

3. Data-driven compliance programs have moved from cutting-edge and are now seen as best practices. Soon they will simply be table stakes for companies to effectively manage compliance risks.

Categories
Innovation in Compliance

Compliance Professionals Adapting to Change: Industries, Regulations, and Beyond: Part 1 – Nicholas Latham on Compliant Communications

Welcome to a special series sponsored by Diligent, where we look down the road at key issues in 2024 and beyond. In this series, I will visit with Nicholas Latham, Renee Murphy, Jessica Czeczuga, Yee Chow, and Alexander Cotoia. Over this series, we will consider compliant communications in regulated industries, managing conflicts of interest at the Board level, the Board’s role in compliance training and communications, navigating the current ESG landscape, and professional growth and mentorship in compliance. In this Part 1, we consider compliant communications in regulated industries with Nicholas Latham.

Nicholas Latham is an accounting professional with a strong accounting and risk management background, currently serving as a Client Partner at Diligent Corporation. His perspective on accounting and risk assessment is shaped by his extensive experience in the financial industry, particularly in the collections department of a US bank. Nicholas believes that organizations must implement and adapt frameworks such as COSO and ISO 31,000 to manage and mitigate risks effectively. He also emphasizes the need for a holistic view of risk and control across the entire organization rather than siloed departments, and he believes these frameworks can help provide a comprehensive understanding of the organization’s risk landscape. Join Tom Fox and Nicholas Latham on this episode of the Diligent Podcast as they delve deeper into Latham’s expertise in governmental accounting and risk assessment.

Key Highlights:

  • Risk and Control Expertise in Professional Background
  • Assessing and Mitigating Risk in Organizations
  • Holistic View of Organizational Operations and Risk

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com

Join us tomorrow, where we will consider managing conflicts of interest at the Board of Directors.

Categories
Principled Podcast

Principled Podcast – S10E14: How can businesses approach AI in an ethical way?

What you’ll learn on this podcast episode

Artificial intelligence has become the topic du jour—from national news outlets to trade publications. The very term can elicit feelings of uncertainty and dissonance about how it will be applied in our daily lives. One thing is certain: AI will transform the way we do business. With such innovative technology comes the responsibility to use it wisely and ethically. In this episode of the Principled Podcast, host Susan Divers discusses how organizations can approach AI in a responsible and ethical way with Jim Byrne, the vice president for ethics and business conduct at Lockheed Martin.

Guest: Jim Byrne

Jim Byrne – Grayscale

The Honorable James M. Byrne currently serves as Vice President, Ethics and Business Conduct, for Lockheed Martin Corporation. He is responsible for the strategic direction and operational excellence of Lockheed Martin’s award-winning domestic and international ethics program and execution of the Corporation’s compliance training across the enterprise. Jim is also on the Corporate Artificial Intelligence (AI) Executive Steering Committee and Corporate Vice Presidents Contributions Committee of Lockheed Martin, established and authorized to review and approve large charitable contributions. He previously served as Lockheed Martin’s Chief Privacy Officer and Associate General Counsel leading teams supporting information security, counterintelligence, electronic discovery and records management. Jim also served for several years on the board of directors for Pacific Architects & Engineers (PAE), then a wholly-owned subsidiary of Lockheed Martin.

Jim is a Secretary of the Navy Distinguished Midshipman Graduate of the U.S. Naval Academy, where he received an engineering degree and held the top leadership position of Brigade Commander. He holds a law degree from Stetson University College of Law, where he was awarded a public service fellowship.

In his current role, Jim draws upon his experiences as a deployed Marine Corps combat arms officer, U.S. Department of Justice international narcotics prosecutor, and service at the highest levels of the federal government. He was forward-deployed as an anti-corruption advisor to senior Iraqi officials while leading a team of dedicated and experienced federal law enforcement officers investigating criminal fraud and other misuses of funds supporting the $52B U.S. reconstruction effort in Iraq. Prior to rejoining Lockheed Martin, Jim was nominated by the President and confirmed by the U.S. Senate as General Counsel and then as the 8th Deputy Secretary of Veterans Affairs—the designated chief operating officer of the second largest U.S. cabinet agency.

Jim’s past professional engagements include director and advisory board positions on several startup companies, and service on the U.S. Department of Homeland Security Data Privacy & Integrity Advisory Committee and the International Association of Privacy Professionals Board of Directors (Chairman). He currently serves as a proxy holder–outside board director for Rancher Government Solutions, a subsidiary of FWB: SUSE. Jim is active in his church and community, and prioritizes mentoring veterans. He currently volunteers on the American Association of Suicidology Board of Directors, the Navy–Marine Corps Relief Society Advisory Board, Veterans Moving Forward Board of Directors, Maternal Mental Health Leadership Alliance Board of Directors and the Give an Hour Executive Board of Directors.

 

Host: Susan Divers

Headshot_Susan_Divers_S7E18_Principled_Podcast

Susan Divers is a senior advisor with LRN Corporation. In that capacity, Ms. Divers brings her 30+ years’ accomplishments and experience in the ethics and compliance area to LRN partners and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance and substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Mrs. Divers’ background includes more than thirty years’ experience practicing law in these areas. Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008.

She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics. Mrs. Divers’ most recent publication is “Balancing Best Practices and Reality in Compliance,” published by Compliance Week in February 2015. In her spare time, she mentors veteran and university students and enjoys outdoor activities.

 

Categories
The Ethics Experts

Episode 168 – Morag Barrett

In this episode of The Ethics Experts, Nick welcomes Morag Barrett. Morag Barrett is a sought-out executive coach and leadership expert who helps leaders achieve outstanding results through the power of their professional relationships. At last count, Morag and her company SkyeTeam have supported the development of more than 10,000 leaders from 20 countries and on 6 continents.
Website: SkyeTeam.com
Linkedin: https://www.linkedin.com/in/moragbarrett/

Categories
Corruption, Crime and Compliance

Steve Naughton on Compliance and Compliance Education Program at Loyola School of Law

How can we build a culture that motivates people to do the right thing? In this episode of Corruption, Crime and Compliance, Michael Volkov and guest Steve Naughton, explore crucial questions about fostering ethical cultures within companies and practical steps compliance leaders can take to transform performance. Steve shares insights from his journey, detailing the evolution of compliance leadership roles and offering a glimpse into PepsiCo’s growth in this area during his tenure as Chief Compliance Officer. For those considering careers in compliance, he emphasizes that expertise in this field can be developed without a law degree. 

Steve Naughton currently oversees Compliance and Enterprise Risk Management programs at Loyola University Law School. He previously served as Pepsi’s Chief Compliance Officer, guiding the growth of their compliance program over 8 years. He is passionate about making sure compliance functions can work independently.

You’ll hear Michael and Steve discuss:

  • Steve began his career at major law firms before going in-house to manage litigation and M&A deals during pivotal moments at Quaker Oats and Snapple.
  • PepsiCo’s iconic GC Larry Thompson asked Steve to build a new compliance program starting with just 3 people. Over 8 years, Steve grew Pepsi’s program from 3 to over 40 employees with global reach.
  • Larry saw compliance as preventative and empowered Steve with independent reporting to the Board. Steve remarks, “[Larry] viewed [compliance] as much more preventative than reactionary … his take on compliance has always been, to the extent that we can prevent something or to the extent that as soon as we detect it, we’ll go in and check it out instead of waiting till everything was fully investigated.”
  • Pepsi has been on the World’s Most Ethical Companies list for 15 years in a row, showcasing its success in following ethical practices.
  • Pepsi has never faced serious enforcement actions, and this is attributed to turning ethical practices into a value-add for the business.
  • Not every company has the resources or leadership seen at Pepsi, making it challenging to bring others along in the compliance profession.
  • Steve emphasizes the importance of a risk-based approach in compliance and recommends developing a strategic five-year plan to address top risks progressively.
  • He encourages companies to be disciplined and follow a plan, citing the Department of Justice’s emphasis on showing work prospectively, not retroactively, to defend actions and maintain a strategic plan.
  • Michael and Steve discuss the challenges of implementing change in compliance programs, emphasizing the importance of building a team and garnering support from other functions.They recommend a realistic 3 to 5 year timeframe for implementing changes.
  • Cultures where people feel safe speaking up are foundational to compliance. This can aid in preventing and addressing ethical lapses and compliance challenges.
  • Steve cites examples from Wells Fargo, Volkswagen, General Motors, and Boeing. In these organizations, where you would expect people to be skilled and ethical, employees often didn’t speak up. This was because they thought their concerns wouldn’t be listened to, or the culture didn’t encourage open communication.
  • Compliance is not just about following rules; it’s about changing the culture in companies. We need to think differently and work towards making a culture where doing the right thing is not just accepted but encouraged. 
  • Steve runs a highly respected compliance curriculum at Loyola University which has prepared many future Chief Compliance Officers. However, compliance expertise doesn’t strictly require legal training.

KEY QUOTES

“ I think where he [Larry Thompson] was a visionary on compliance was the entire idea, two of them really. The first of which was that he viewed it as much more of an independent function. …And then the second thing is that I think he really looked at it as, ‘Okay, how do we go out and make sure that we’re taking these steps to prevent the problems that you might see otherwise?’ ” – Steve Naughton

“…the Department of Justice has said in no uncertain terms between the Monaco memo and otherwise, show your work. You can’t be doing it retroactively. Show your work prospectively. Show us what you’re thinking as you’re going along, not only to defend what you’re doing but also to have a plan that you work against.” – Steve Naughton

“You have to have a plan in place, but you also have to have as a parallel track this idea, let’s make sure that we’ve got the right culture and we’re trying to build the right culture.” – Steve Naughton

Resources:

Steve Naughton on LinkedIn | Loyola School of Law | Email

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
All Things Investigations

All Things Investigations: Episode 42 – The EU Corporate Sustainability Due Diligence Directive with Nicolas Tollet

This episode of All Things Investigations explores the recent EU Corporate Sustainability Due Diligence Directive that could transform compliance programs and corporate governance globally. Tom Fox and Nicolas Tollet analyze the Directive’s provisions mandating human rights and environmental risk management across company value chains. Nicolas explains how the law builds on France’s pioneering 2017 Duty of Care legislation and its impact on corporate accountability for both EU and non-EU multinationals.

Nicolas Tollet is a Partner at Hughes Hubbard. He previously served as Vice President for Compliance at Technip, an oil and gas service firm. With over 20 years of experience in compliance and internal investigations, he has worked on significant cases like Alcatel, TSKJ, and Lava Jato. Nicolas has expertise in monitorships, having been involved in the first one imposed on a French company by the DOJ and the SEC. He helps companies worldwide with compliance programs, audits, and M&A due diligence.

You’ll hear Tom and Nicolas discuss:

  • The new EU Directive on Corporate Sustainability Due Diligence will require companies above certain revenue thresholds to implement human rights and environmental compliance programs, not just for their operations but across their entire value chain.
  • France has been at the forefront of such legislation with its 2017 Duty of Care law. The EU directive builds on this, with more expansive requirements and penalties of up to 5% of worldwide turnover for non-compliance.
  • The directive explicitly links human rights risks to corruption risks, recognizing their interconnection. It has the potential to drive even broader risk coverage than typical anti-bribery programs.
  • By mandating due diligence across the value chain, the directive will necessitate contract terms like audit rights as standard procedure. Financial institutions may also need to evaluate the human rights impacts of clients they fund.
  • The directive allows each EU country to determine how to specifically transpose and enforce the law’s obligations. This could lead to a complex web of overlapping inspection regimes applied to multinationals.
  • Even companies not based in the EU will fall under the law if they meet certain revenue thresholds in Europe. Non-EU companies should tap French expertise since France is about 6 years ahead in implementing similar mandates.
  • Required public sustainability reporting adds another layer reinforcing the need for concrete compliance actions. 
  • While the US led historically on anti-corruption compliance, the EU is now at the vanguard of expanding into human rights, environment, and sustainability. France in particular has established itself as a leader in advancing corporate compliance expectations.

KEY QUOTES

“There is a direct link within the directive between human rights compliance and anti-corruption compliance, which the compliance community in the world has been seeing for years now.” – Nicolas Tollet

“So we shouldn’t expect one member state to be reluctant to enforce the legislation. The EU will make sure that every member state issue and then enforce the legislation in each country.” – Nicolas Tollet

“Fortunately, we are still linked in how we work in the business field, and we have to take both into account. So there is a certain pride indeed, because there is real expertise in France now on compliance, but it’s mixed between the French and the American compliance community, I would say. So it’s working together that we’ve managed to improve compliance.” – Nicolas Tollet

Resources:

Hughes Hubbard & Reed website 

Nicolas Tollet on LinkedIn

EU Directive on Corporate Sustainability Due Diligence: Navigating the New Landscape of Corporate Accountability

Categories
Adventures in Compliance

The Memoirs of Sherlock Holmes – The Adventure of The Greek Interpreter

Welcome to a review of all the Sherlock Holmes stories which are collected in the work, “The Memoirs of Sherlock Holmes.” They appeared in the Strand Magazine from December 1892 to December 1893. Over the next 12 episodes, I will be reviewing each story and mine them for leadership, compliance, and ethical lessons.  In this, we look at the story The Adventure of the Greek Interpreter. 

The intriguing world of Sherlock Holmes, particularly in “The Adventure of the Greek Interpreter,” offers a wealth of leadership lessons for compliance professionals. Tom Fox draws parallels between Holmes’ traits of courage, empathy, integrity, persistence, and continuous learning, and the essential qualities needed by leaders in the compliance sector. Fox’s perspective, shaped by his extensive compliance experience, emphasizes the importance of these traits in navigating the complex and often challenging landscape of compliance. He highlights the need for courage in decision-making, empathy towards employees and stakeholders, unwavering integrity, persistence in the face of adversity, and a commitment to continuous learning. Join Tom Fox in this episode of the Adventures in Compliance podcast as he delves deeper into these leadership lessons from the legendary detective, Sherlock Holmes.

 Key Highlights:

  • The Story
  • Leadership Lessons
  • The first appearance of Mycroft Holmes

Resources:

The New Annotated Sherlock Holmes

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Ryan Lougheed on Teamwork and Communication: Lessons from Esports and GRC

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Ryan Lougheed, Director, of Product Management at Onspring.

Ryan Lougheed has over twelve years of experience in the Governance, Risk, and Compliance (GRC) field, currently serving as the director of a platform at Onspring, a SaaS GRC platform and business process automation platform. Drawing from his background in esports, Lougheed believes that teamwork and communication are crucial in both the GRC space and the world of esports. He emphasizes the importance of effective and efficient communication, especially in high-stress situations, and believes that these skills can be carried over to a compliance-focused career.

In the context of esports, Lougheed explains that communication is vital in a team of five players and that professional esports organizations provide resources such as physical trainers and sports psychologists to support their players’ communication skills. He also notes that the esports industry is evolving, with larger companies creating brands around individual streamers and organizations acting as agents to help grow the streaming culture. Join Tom Fox and Ryan Lougheed on this episode of the FCPA Compliance Report podcast to delve deeper into the importance of teamwork and communication in GRC.

 Key Highlights

  • GRC Collaboration and Communication
  • Streamlining compliance with Onspring’s centralized platform
  • Streamlining Communication in High-Stress Compliance Situations
  • Leveraging Esports Skills for GRC Success

Resources

Ryan Lougheed on LinkedIn

Onspring

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
Daily Compliance News

Daily Compliance News: December 11, 2023 – The Coach Class Travel Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • The 10th Conference on State Parties on Corruption. (Transparency International)
  • There is no business-class travel for PwC, as it’s not green enough. (FT)
  • Nasdaq settles Iran sanctions violations. (WSJ)
  • Why the GOP doesn’t want diverse law firms. (WaPo)
Categories
Blog

Nicholas Latham on Implementing Frameworks for Effective Risk Management in Organizations

I recently had the opportunity to visit with folks from Diligent. We look down the road at key issues in 2024 in a podcast series sponsored by Diligent entitled Compliance Professionals Adapting to Change: Industries, Regulations, and Beyond. I could chat with Nicholas Latham, Renee Murphy, Jessica Czeczuga, Yee Chow, and Alexander Cotoia. Over this series, we discussed compliance communications in regulated industries, managing conflicts of interest at the Board level, the Board’s role in compliance training and communications, navigating the current ESG landscape, and professional growth and mentorship in compliance. In this first blog post, we discuss accounting and risk management frameworks.

One of the key topics discussed in the episode was the importance of risk assessment frameworks in identifying and mitigating organizational risks. Latham highlighted two widely used frameworks, the COSO Framework for Internal Controls and ISO 31,000, which both provide a comprehensive approach to risk management. These frameworks help organizations establish effective communication processes and gain a holistic view of risk across different departments.

The COSO Framework for Internal Controls focuses on enterprise risk management. It emphasizes the need to assess an organization’s control environment, determine risk appetite, and identify crucial risks for the business’s success. Information and communication processes, including training and monitoring activities, are built around these assessments to ensure effective risk management.

We next discussed the relevance of the “Single Pane of Glass” concept, often associated with the COSO Framework for Internal Controls. This concept provides a unified view of an organization’s operations and risk management, flattening hierarchical structures and promoting transparency. By implementing this approach, executives and leaders can comprehensively understand what is happening across the organization rather than just within individual departments.

We noted the challenges associated with compliance communication issues, particularly in e-communications. Latham emphasized the importance of setting the tone at the top, with executive leadership emphasizing the criticality of compliance and its impact on the organization and its customers. Training plays a crucial role in ensuring compliance, but Latham noted that the amount and frequency of training in today’s environment may not be sufficient. He stressed the need for organizations to step up their training efforts and be prepared for increasingly stringent regulatory scrutiny.

Monitoring e-communications poses a significant challenge due to the sheer volume of interactions. Latham suggested leveraging artificial intelligence (AI) to analyze a larger communications sample and identify potential risks. This approach could help organizations identify improper processes, training gaps, or script issues that may contribute to compliance breaches.

As a compliance professional, your understanding of risk assessment frameworks, such as the COSO Framework for Internal Controls and ISO 31,000, highlights the importance of comprehensive risk management practices. The “Single Pane of Glass” concept and the challenges associated with compliance communication issues provide valuable guidance for organizations navigating the complex risk and compliance landscape. As regulatory scrutiny continues to increase, compliance professional’s expertise will continue to serve as a valuable resource for organizations seeking to enhance their risk management practices and ensure compliance in an ever-evolving technological landscape.

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com

Join us tomorrow when we consider conflicts of interest at the Board of Directors.