Author: admin

Categories
From Last to First

From Last to First: The John Aceti Story – Episode 5: Transforming Education

What is the measure of a man? What is a life well lived? I have often thought about those questions, and with John Aceti’s help, I had the opportunity to explore them through John’s amazing life. Spry and vibrant at 93, I met John after he had published his 7th book in 92. As I got to know him and his life story, I wanted him to share his amazing and inspiring journey beginning in Niagara Falls in the 1930s to his current life in the Hill Country of Texas. Overcoming a humiliating incident at age 8, John was the first in his family to go to college, served in the Air Force, became a teacher and the principal, and retired from his first career. In his second career, he and his wife traveled internationally and ended up in Kerrville, Texas, where John began another career as an author. Join me on this fascinating journey From Last to First with John Aceti.

Join host Tom Fox in this exciting podcast episode as he chats with guest John Aceti, a former principal with a wealth of educational experience. John talks about the challenges he faced as a principal in Oley, New York, and how he managed to improve the education system in the school despite the need for more structure and continuity. He also discusses his experience evaluating teachers and walking the halls of schools, sharing his belief that most teachers do a great job, but some shouldn’t be teaching. John also highlights the importance of good teaching and classroom management and his involvement in an international program to Argentina organized through the Rotary Club.

Don’t miss this episode, where John shares his insights on the joys and struggles of being an educator. Tune in to From Last to First-The John Aceti Story, hosted by Tom Fox!

 Key Highlights:

  • John’s Experience as a Principal at North Hill School
  • Revamping Education in Outdated School Districts
  • Challenges with Open School Concept
  • Unprofessional Conduct and Evaluation of a Handicapped Child
  • Reflections on Teaching and international program

Notable Quotes:

“They were about 20 or 30 years behind. Very lackadaisical about education. There was no continuity, no structure.”

I had to come up with programs that would entice them.  I came up with a few programs that included local and international programs that I brought into that school to excite the teachers.”

“She taught several things, language, compared to Japanese and English. She taught art. She taught music. She taught dressage, dressing, different kinds of clothes, and she would go to different classrooms.”

“Our job is to educate kids, not torture them.”

 Resources

John Aceti’s author’s page on Amazon

Categories
Compliance and AI

Compliance and AI – Vinay Kumar on the Business Uses for AI in Regulated Industries

In this episode, Tom Fox interviews Vinay Kumar, the founder, and CEO of Arya.ai. Vinay discusses the importance of regulations in AI to prevent unethical use in business, including the potential dangers of superintelligence. Vinay emphasizes the need for responsible and ethical use of AI while discussing how Arya.ai simplifies the deployment of responsible and safe AI in the banking, finance, and insurance industries. Vinay also explains how a verticalized AI cloud with observability layers can provide value to the industry by ensuring transparency, auditability, monitoring, and safety of model output to protect customer and company interests.

Don’t miss this informative podcast that will enlighten you on the proper use of AI in business and the importance of regulations.

Key Highlights:

  • ML observability and founding Arya.ai
  • From Stem Research to BFSI: Pivoting AI Development
  • AI solutions for the insurance industry
  • Importance of ML observability layer
  • Challenges of Health Claims Automation
  • Ethical Concerns in AI Usage for Business

 Key Quote:

“We thought we were solving a fundamental problem, which is simplifying the information interaction problem, and that can only happen when I spend my time more effectively on the topic rather than solving these on-ground tasks.”

Resources

Vinay Kumar on LinkedIn

Arya.ai

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
Everything Compliance

Everything Compliance – Episode 115 – The Insider Trading (Or Not) Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top podcast talk show. In this episode, we have the quartet of Karen Woody, Jonathan Marks, Matt Kelly, and from across the pond, Jonathan Armstrong. We consider a veritable potpourri of issues, including the sentence given to Joe Sullivan, insider trading, the COSO Fraud Risk Management Framework, and a new report on whistleblower best practices. We conclude with our fan-fav Shout Outs and Rants section.

1. Matt Kelly looks at the joint IIA/ACFE report on Building a Best-in-Class Whistleblower Hotline. He shouts out to Newton Minow, the first government official to say television was a ‘vast wasteland.’

2. Jonathan Marks discusses his work on the COSO Framework for Fraud Risk Management. He shouts out to BlueBell Ice Cream for creating the new flavor, Dr. Pepper Float.

3. Tom Fox shouts out to Mike Shannon, who played with the St. Louis Cardinals for over 10 years, went to 3 World Series, and then had a 60-year career as an announcer with the team. He is also the only MLB player whom Tom got an autograph from.

4. Karen Woody looks at recent insider trading cases involving the crypto world and asks if crypto is not a security, who can it be insider trading. Karen shouts out to the Netflix show ‘Jury Duty.’

5. Jonathan Armstrong considers the sentence handed down to former Uber executive Joe Sullivan, wonders about the Judge’s admonition of no more leniency, and asks what it means for GDPR enforcement. He shouts out to all those workers who got London ready for the coronation.

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Measuring Compliance Training Effectiveness

Since at least 2017, the DOJ has emphasized the need to determine compliance training effectiveness. In the 2020 Update, it stated under the section entitled “Form/Content/Effectiveness of Training” the following questions, How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated how much the training impacts employee behavior or operations?

The DOJ enshrined the importance of determining the effectiveness of your compliance program in its 2020 Evaluation. The 2020 Evaluation demonstrates that the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many CCOs and compliance professionals still need help to determine. Both the simple guidelines suggested herein, the more robust assessment, and the results provide you with a start to fulfill the precepts set out in the 2020 Evaluation, but you will eventually need to demonstrate the effectiveness of your compliance training in the future.

Three key takeaways:

  1. You must demonstrate that you have measured the effectiveness of your compliance training.
  2. The DOJ is moving into requiring a demonstration of the effectiveness of compliance training.
  3. You should be moving towards a model of demonstrating compliance training ROI to validate the full operationalization of your compliance training.
Categories
Compliance Into the Weeds

Compliance into the Weeds: A Compliance Response on Messaging Apps

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

Join Tom Fox and Matt Kelly on “Compliance into the Weeds” as they delve into the recent SEC crackdown on messaging apps and improper employee use. The hosts explore the challenges of regulating messaging app use and provide solutions emphasizing the importance of corporate culture and risk management strategies. Hear from experts like the DOJ representative who spoke at Compliance Week 2023 and a defense contractor who offers tech solutions to monitor messaging apps on employees’ phones. With GDPR and FINRA regulations to consider, the podcast presents a comprehensive plan for compliance officers that focuses on effective controls, processes, and consequences for policy infractions. Don’t miss out on this informative podcast highlighting the importance of cultivating relationships with internal audit teams, IT teams, and other control departments to ensure proper compliance measures.

 Key Highlights: 

  • Risk management of employee messaging app usage
  • Tech solution for monitoring employees’ messaging
  • Corporate Culture Approach to Compliance in Financial Firms
  • Compliance Challenges in Monitoring Employee Communications
  • Building Relationships for Effective Compliance Management

 Notable Quotes:

“Assess your risks, put a risk management strategy in place, execute that strategy, train your employees, monitor the effectiveness, and remediate as appropriate.”

“And the tech company CEO said it is in his mind, People the policies, procedures, people and processes a more culture compliance strategy could work, but you would need to convince employees.”

“If they are also violating the policy, that’s bad. And that shows you have a corporate culture problem.”

“If it’s corporate culture, how is this any different than any difficult issue we’ve seen in compliance over the past 15 years?”

Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Frequency

What should be your organization’s compliance training frequency? How can the amount of training positively or negatively impact an overall training strategy? Unfortunately, the 2020 Update or the 2020 FCPA Resource Guide did not answer these questions. Still every company should have a “well-designed compliance program is appropriately tailored training and communications.”

Compliance professionals often think compliance training needs to be conducted very frequently, even if it means repeating the same training courses every year. Compliance training expert Shawn Rogers analogizes compliance training to an automobile’s windshield wiper system in discussing how frequently compliance training should be administered. He explained, “It would not make any sense to run your wipers constantly, even when it is not raining. First, it would be extremely annoying to the passengers. And second, eventually, it would wear out both the wiper blades and the wiper motor. It would simply be nonsensical.” Requiring overly repetitive training is like running your windshield wipers in clear weather. The learners will be annoyed; the training will be viewed as a waste of time and energy. Finally, your employees will not take training as seriously when addressing a specific situation, as the compliance training will be viewed literally and figuratively as a “check-the-box” exercise.

 Three key takeaways: 

  1. Have a well-reasoned approach to training frequency.
  2. Lengthier, more full-bodied training can be given once every three years.
  3. Shorter, more frequent compliance refreshers or reminders can be used to keep the risk top-of-mind.
Categories
Daily Compliance News

Daily Compliance News – May 24, 2023 – The Corruption Can Kill Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Supply Chain financing rules. (WSJ)
  • Shareholder activists and the culture wars. (WSJ)
  • When corruption can kill. (Food Safety News)
  • Harlan Crow to US Senate-screw you. (Reuters)
Categories
Great Women in Compliance

Great Women in Compliance – Nicole Di Schino – The Compliance Education Fanatic

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

Most E&C professionals know that you can have the best practices and policies, but if they are not understood by your employees and teams, they cannot be effective. And some of us, like today’s guest, Nicole Di Schino, help us with that next step in our training programs. She calls herself the “Compliance Education Fanatic,” and you will understand why after hearing this episode. Nicole discusses the importance of having creative and interactive training, and also how using training with a choice of a “best” answer is better than letting people pick a clear right answer.

Nicole and Lisa also talk about how different ways to communicate with and provide training for those in different generations, particularly with Gen Z.

You can find the Great Women in Compliance Podcast on the Compliance Podcast Network where you can find several other resources and podcasts to keep you up to date in the Ethics and Compliance world. You can also find the GWIC podcast on Corporate Compliance Insights where you can learn more about the podcast, stream prior episodes, and catch up on Mary’s monthly column “Living Your Best Compliance Life.”

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Governance Committee

One issue that needs to be considered by compliance professionals around compliance training is compliance training governance. Yet a multinational organization subject to the FCPA faces many legal and regulatory risks, and often many of those risks are “owned” by organizations outside the compliance function. How can your organization create a comprehensive compliance training program covering its risk profile?

Every multinational organization will have a broad risk portfolio typically owned across the organization. Consider compliance risk, fraud risk, reputational risk, financial accounting risk, and discrimination risk. These are a small sample of risks; many will not be “owned” by the corporate compliance function. This presents a real challenge when creating a comprehensive compliance training program covering a company’s legal, regulatory, compliance, and reputational risks. Well-know compliance training maven Shawn Rogers suggests “establishing a corporate Compliance Training Governance Committee that looks at the company’s overall risk profile and builds a cross-functional and comprehensive multi-year training plan that effectively addresses all of the risks in a company’s risk portfolio.”

A Compliance Training Governance Committee will allow your organization to effectively establish a multi-year training plan, help in vendor selection and engage in course creation. Rogers said, “One of the biggest benefits has been its predictability to the compliance training program. Every stakeholder from a risk-owning organization knows exactly when their function will have their course deployed over the three-year calendar. They can plan resources, they have a long lead-time to develop the courses, and during their off-years, they can do communications campaigns and events to keep their risk top-of-mind.”

Three key takeaways: 

  1. Why your organization should create a Compliance Training Governance Committee.
  2. Who should be on the Compliance Training Governance Committee?
  3. How should the Compliance Training Governance Committee work going forward?
Categories
Innovation in Compliance

Cybersecurity Today and Tomorrow with Patrick Hynds

Cybersecurity isn’t just the business of the future – it’s the war of today. In this episode of Innovation In Compliance, Tom Fox and guest Patrick Hynds, CEO of Pulsar Security, delve into the world of cybersecurity and its implications for organizations of all sizes. From ransomware threats to the role of government in this expanding battlefield, Patrick discusses the evolution of cyber attacks, the importance of ongoing vigilance, and practical steps businesses can take to defend themselves. Patrick unpacks the concept of the ‘Pyramid of Threats’, and discusses why continuous network maintenance is crucial for cybersecurity. He also shares his predictions on the future of global cyber threats.

Patrick Hynds is a veteran-turned-technology entrepreneur with a distinct perspective on cybersecurity. An alumnus of the prestigious military academy at West Point, Patrick served as an infantry officer in the first Gulf War. His early affinity for programming, paired with the perspective gained from his military experience, propelled him into the field of technology. In 1996, he incorporated his company, Pulsar Security, which today is a leading provider of penetration testing services, enabling organizations to identify and address their vulnerabilities.

 

Tune in to hear Tom and Patrick talk about:

  • Cybersecurity is a necessity in today’s interconnected world, impacting entities ranging from billion-dollar corporations to individual users.
  • Pulsar Security offers penetration testing or Red Team services, effectively operating as ‘hackers for hire’ to identify potential vulnerabilities in client organizations.
  • Cyberattacks are a persistent risk that need to be managed strategically, not just identified. It affects even the smallest organizations and individuals.
  • Pulsar Security’s new product, Cyber Shield, is designed to help smaller organizations manage their cybersecurity at an affordable level.
  • There is a significant shortage of cyber engineers in the industry, with an estimated 3 million positions unfilled worldwide.
  • Awareness and education are key in enhancing cybersecurity. Simple actions like enabling two-factor authentication, managing passwords effectively, and regular patching can greatly improve security.
  • The role of government in the cyber realm is evolving, with agencies like SISA and NIST offering resources and guidelines to help organizations enhance their security posture.
  • Patrick and his team developed the “Pyramid of Threats” to help people envision the cybersecurity risks they face:
    • The bottom layer of this pyramid includes script kiddies who use easily obtainable scripts to exploit vulnerabilities in systems, often leading to data theft and sales on the dark web.
    • The next level up includes people with personal grudges who are tech-savvy enough to launch attacks. They tend to focus on specific targets, making them potentially more dangerous than the script kiddies.
    • The third layer of the pyramid consists of syndicates who are primarily financially motivated. They use similar tactics to script kiddies but tend to target systems with known vulnerabilities to launch ransomware attacks, steal identities, or mine Bitcoin.
  • Patrick hosts two podcasts in which they discuss relevant cybersecurity news, breaches, and potential defenses. The objective is to help people understand what they should be worried about and how to protect themselves.
  • The most important cybersecurity defense is a strong, ongoing maintenance routine.
  • Even with changes in the cyber landscape, threats will continue to become more sophisticated. 

 

KEY QUOTES:

“For these large organizations, we provide what’s called penetration testing or Red Team services. We’ll attack them on a regular basis, sometimes on a continuous basis, to see where their vulnerabilities are. Because you can’t see your own vulnerabilities most of the time.” – Patrick Hynds

 

“We’ve developed the thing called the Pyramid of Threats. …the Pyramid of Threats is meant to try to help people envision what the risks are, who’s coming after you” – Patrick Hynds

 

“Unfortunately, I don’t think people can forget about cybersecurity. That’s never going to happen. It’s not thinking about a media campaign. Companies don’t have that luxury because the cat’s out of the bag.” – Patrick Hynds

 

Resources:

Patrick Hynds on LinkedIn | Twitter

Pulsar Security | Podcasts

 

HOOKS

Cybersecurity isn’t just the business of the future – it’s the war of today.

 

The Pyramid of Threats helps people envision the cybersecurity risks they face.

 

The most important cybersecurity defense is a strong, ongoing maintenance routine.