I recently had the chance to visit with Stephen Walter Hhead of Marketing at 6clicks to discuss curating and maintaining robust GRC content for a sponsored podcast series. You can check out his podcast episode here. One of the more difficult issues facing the GRC professional or someone new to the space is the seemingly complexity of the issues in GRC. They can literally be overwhelmed. In a multinational organization there will be a myriad of different regulations. Of course, there is data literally across the organization, in multiple silos. Even if the compliance or GRC professional can get access to the data, they probably cannot interpret the data or, more importantly, know how to use it going forward.
Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”
One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.
We turned to the pace of change brought about by the pandemic. As I have noted elsewhere, we had three to five years of change in 2020 alone. This was certainly true of the GRC space. Walter noted that 2020 and 2021 were “massive storms for regulators.” He pointed to cyber and information security as key areas that saw massive change both in the number of cybercrimes and the regulatory responses to them. Now overlay that with the increasingly complex system of regulations and rules that companies have to navigate, such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and even the cybersecurity laws of the People’s Republic of China (PRC), and you begin to see how risk in one area has grown almost exponentially. Of course, other regulatory responses from the US to Australia have been forthcoming so multi-national organizations face a wealth of new regulatory challenges. Simply keeping up with the regulatory changes can be daunting and using spreadsheets and word documents are simply not enough in 2021.
We then discussed the pace of change both on the regulatory and technology side. Many companies are still stuck in what Walter called the “Dinosaur Age” of using basic word processing skills and tools. Regulators in each country expect companies to know, understand and follow their respective laws and regulations. What is the response of a small to medium sized organization, who is resistant to the required change management and indeed in some ways is “a weird kind of cognitive dissonance?” However, this is the precise reason “why GRC solution tools are going gangbusters for affordability reasons at the moment.” Yet Walter cautioned “you need to be careful what GRC tool you adopt and make sure it’s not just a legacy tool with a facelift.”
Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.
This allows a GRC professional or a risk and compliance professional to put all of these documents into a system and manage it all in the one place. It creates what Walter called “a single point of truth, where you can keep an eye on everything, both internally and externally with the hub and spoke, which is multi entity.” If you are at a company with multiple entities running multiple autonomous GRC programs, “you can keep an eye on that too.” Finally, the control tool authority gap analysis with an AI engine can then identify where those issues may exist. As Walter concluded, “I think once you bring all of that together, you’ve really got something very, very special.”
For more information on 6clicks, check out their website here.
Author: admin
OFSI Sanction Guidance Update
The UK’s OFSI updates its sanctions guidance for non-profits and NGOs in light of the Taliban takeover. Stop by the Kitchen to get the scoop.
Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning (ML) in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 2, I am joined by Andrew Robinson to discuss utilizing ML and AI into your GRC practice.
We began with the very basic proposition that many compliance professionals and others are scared by AI in the GRC space. Robinson believes it is based on the fear of the unknown, both to many inside and outside of GRC. Yet, increasingly GRC professionals see how AI and ML can be used within reg tech, technology companies, as well as in the compliance space to move forward through taking advantage of natural language processing. Robinson explained this is a component of ML that can help understand text. There is a lot of text in the world of compliance. When you can then overlay an AI component on all the standards, laws, and regulations any multi-national organization must follow, you begin to see the power of such a tool.
We next turned to dealing with compliance across multiple jurisdictions. For GRC professionals working internationally, Robinson said they must “maintain mappings or what you commonly call in the US ‘crosswalks of compliance’ frameworks.” He went on to explain these frameworks are “useful because it can allow a consultant to help a client understand how they might stack up against a particular standard. Robinson provided the example that if an organization is already complying with ISO 27,001, through these mappings, it might be able to give them an idea about what that level of compliance they have through the lens of a different framework or standard that may be relevant like the NIST cybersecurity framework.”
Yet the 6clicks approach is much more than a regulatory approach. It is a business centered approach which provides discreet business advantages. Indeed, this is one of the reasons I find the 6clicks approach so exciting as it creates a business advantage by performing quality GRC. These tools increase efficiency and profitability. Robinson went further noting, that “we come out with a public estimate of 10 times saving in using machine learning to assist with building up GRC mapping.” That is some serious productivity savings and increase.
However, this productivity increase and potential cost saving does not remove the human element. This final concept is critical in moving forward. Robinson said, “I’m of the view that humans have a very important role to play. This role is supervising the machine learning models to make sure that what they are producing and the results that they are coming out with are accurate and reliable.” If they are using spreadsheets and word documents; they should, come to terms with the fact that companies and clients no longer want spreadsheets and word documents as a deliverable. GRC professionals and consultants need to need to start using similar tools and improving the way that they service their clients. Clients, both in-house and external, are starting to demand and look for this approach. Robinson noted, “the reality is that if you are doing anything else it will be seen as subpar, and no one wants to be delivering sort of subpar products. I look for a solution that can meet your customer expectations and help you deliver your services long into the future.”
We concluded by looking at GRC tools with ML and AI at a strategic level, at the senior executive level and even at the Board of Director level. Robinson feels that management at this level “understands the benefits because they understand the problem.” Their goals are to simplify compliance while understanding risk exposure. From this point, management can move to create a risk-based solution. Robinson believes, these are the types of “business problems that executives are dealing with on a daily basis. Having awareness of the machine learning model can help them navigate that complexity.” From where I sit, when you can take a tool that improves business process efficiency and use it to increase profitability through more effectual risk management it is a win for everyone.
Join us tomorrow where we take up the topic of curating and maintaining robust GRC content. With 6clicks Head of Marketing, Stephen Walter.
For more information on 6clicks, check out their website here.
In this special podcast series sponsored by Convercent by One Trust, we celebrate Corporation Compliance and Ethics Week 2021. Over this podcast series, I will visit with Convercent by One Trust employees on why they are so passionate about driving ethics to the heart of business. In this second episode, I visit with Jennifer Jaffe, Chief Product Officer at Convercent by One Trust. Her passion is around developing software solutions to help clients solve thorny issues and ethical product development. Join the Convercent Converge community. It is the single best resource for information on all things ethics and compliance related. There are discussion threads, Q & A on specific topics and resources available to the compliance professional. Best of all, it is all free. Check out the Convercent Converge community by clicking here.
The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Wendy Badger, CCO at Tennant Company.
Wendy further elaborated on her non-traditional career path, where she found sometimes you must change your career ladder to advance your career. From the trade association, she went in-house with an accounts receivable management organization. She was the first and only lawyer on staff. The work provided both challenges and opportunities in the role. From there she decided to move into private practice, found out how it was different from in-house roles and ultimately decided to move back in-house.
Resources
Wendy Badger LinkedIn Profile
Panic in Shubert Alley
Have you ever experienced having to run around to try and find a valuable item lost in a heavily crowded place? In the tale of Panic in Shubert Alley, the narrator tells of the exasperation and outright fear as he runs around New York City’s Times Square theater district looking for his forgetful mother’s purse!
Join the fun and tune in to this new episode of F*CKING ARGENTINA with Gregg Greenberg and Tom Fox. ▶️
#PanicInShubertAlley
ABOUT THE BOOK
F*cking Argentina and 10 More Tales of Exasperation by Gregg Greenberg is a compilation of short stories that dive into the American phenomenon of being in a near-perpetual state of aggravation. Greenberg’s anthology brings together eleven original pieces of work, each with their own slice of independent and distinct plot lines but all converging on the universal theme of exasperation. They run the whole gamut of scenarios, from the titular story “F*cking Argentina” wherein the country is once again in bankruptcy and a polite game of tug o’ war plays out on a porch, to “A Journeyman Tennis Player’s Prayer” with a low ranking U.S. Open contender begging God for a comparable opponent. Both stories end with the superlative f-word, which showcases at some point in other stories, and a guaranteed chuckle from their readers. Buy the book here: http://fckingargentina.com/.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.
Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this episode Ronnie and Tom continue our five-part series on creative ideas you can use during the 2021 Corporate Compliance and Ethics Week.
In this Part 2, we discuss using talk shows to communicate about compliance. In this episode we consider how you can create a compliance and integrity themed Talk Show to help foster greater communications with your employee base. Tom and Ronnie both agree that Corporate Compliance and Ethics Week initiatives must be followed up throughout the year.
Some of the ideas include:
- A talk show hosted interview Ethics Officer and Leadership.
- A Letterman type talk show complete with Top-10 lists and desk bits.
- Using Improv Performance to emphasize your Core Values around integrity, compliance and ethics and corporate culture.
- You can do a show live or recorded but remember to avoid talking head.
- Finally it can be dialogues or monologues.
Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.

Jordan Domash is Tom Fox’s guest on this week’s episode of the Innovation in Compliance Podcast. Jordan is the General Manager at Relativity, a company that makes software to help users organize their data. The platform is used by more than 180,000 people around the world to identify key issues. Jordan has been leading Relativity’s communications surveillance product for the past few years and has been in charge of the sale and development of the platform. He joins Tom in the first part of this two-part episode to talk about his role at Relativity, data cleansing, and how the Relativity Trace platform helps its customers.
The Importance of Data Cleansing
With the move to remote work, individuals have come to rely on different sources such as Slack and Microsoft Teams to communicate with one another. Jordan tells Tom that this has led to an explosion in the amount of data that needs to be actively monitored, and that there is a larger need for data cleansing. He shares how Relativity is tackling this issue. “We’ve spent a lot of energy on the past couple of years answering the problem of how can we sift through all that content, focus specifically on what’s risky, and what’s relevant to a compliance team with as little review as possible, and really focus on being efficient with our time and actually detecting risks that are important,” Jordan remarks.
Prevent Misconduct with Relativity Trace
Compliance regulators are very concerned with how companies are preventing misconduct before it occurs. Tom asks Jordan to explain how Relativity Trace can help businesses with this problem. “By having a really effective program, you are setting the expectation that this behavior is not being tolerated at your organization,” Jordan begins. Relativity gives organizations the tools necessary to take action as soon as an incident occurs instead of waiting months, or until there’s a formal investigation. Trace is implemented in a way that’s aligned to the specific organization using it. It starts with a code of conduct, and understanding the risks that are specific to that business. Trace gives compliance teams the ability to enforce that code of conduct, make sure that the risks to the organization are being monitored, and that any violations are being detected quickly.
Artificial Intelligence to Prevent Misconduct
Artificial Intelligence is used in three ways by Relativity Trace: to remove irrelevant content and junk, to pinpoint risk and misconduct and to add context to alerts that have been generated. Relativity has technology that removes spam, industry search reports and content that isn’t generated by a person. It strips out all non-human generated text from the monitoring process so that compliance individuals can only focus on the content that is potentially risky. “We bring the three or four or five most relevant communications to that alert to the forefront so the compliance officer can really focus on what the system is saying is the most relevant,” Jordan tells Tom.
The Risk of Unstructured Data
Unstructured data is the majority of data that lives in a company that has no hierarchy associated with it. Unstructured data comes in many forms and poses a problem for professionals because it makes it hard to search across an entire system. This type of data requires a different set of technology. A lot of suspicious items may be hiding in unstructured data, and this poses a challenge to compliance officers. It will be hard for them to search for information on specific individuals if the majority of that information is hiding in the unstructured data. Organizations should be conscious of where unstructured data lives, and should have processes that can look for hidden risks and remediate them.
Resources
Jordan Domash | LinkedIn
Relativity
I recently had the chance to visit with Andrew Robinson to discuss utilizing ML and AI into your GRC practice for a sponsored podcast. Robinson is the co-founder and Chief Information Security Officer at 6clicks. You can check out Robinson’s podcast episode here.
We began with the very basic proposition that many compliance professionals and others are scared by AI in the GRC space. Robinson believes it is based on the fear of the unknown, both to many inside and outside of GRC. Yet, increasingly GRC professionals see how AI and ML can be used within reg tech, technology companies, as well as in the compliance space to move forward through taking advantage of natural language processing. Robinson explained this is a component of ML that can help understand text. There is a lot of text in the world of compliance. When you can then overlay an AI component on all the standards, laws, and regulations any multi-national organization must follow, you begin to see the power of such a tool.
We next turned to dealing with compliance across multiple jurisdictions. For GRC professionals working internationally, Robinson said they must “maintain mappings or what you commonly call in the US ‘crosswalks of compliance’ frameworks.” He went on to explain these frameworks are “useful because it can allow a consultant to help a client understand how they might stack up against a particular standard. Robinson provided the example that if an organization is already complying with ISO 27,001, through these mappings, it might be able to give them an idea about what that level of compliance they have through the lens of a different framework or standard that may be relevant like the NIST cybersecurity framework.”
Yet the 6clicks approach is much more than a regulatory approach. It is a business centered approach which provides discreet business advantages. Indeed, this is one of the reasons I find the 6clicks approach so exciting as it creates a business advantage by performing quality GRC. These tools increase efficiency and profitability. Robinson went further noting, that “we come out with a public estimate of 10 times saving in using machine learning to assist with building up GRC mapping.” That is some serious productivity savings and increase.
However, this productivity increase and potential cost saving does not remove the human element. This final concept is critical in moving forward. Robinson said, “I’m of the view that humans have a very important role to play. This role is supervising the machine learning models to make sure that what they are producing and the results that they are coming out with are accurate and reliable.” If they are using spreadsheets and word documents; they should, come to terms with the fact that companies and clients no longer want spreadsheets and word documents as a deliverable. GRC professionals and consultants need to need to start using similar tools and improving the way that they service their clients. Clients, both in-house and external, are starting to demand and look for this approach. Robinson noted, “the reality is that if you are doing anything else it will be seen as subpar, and no one wants to be delivering sort of subpar products. I look for a solution that can meet your customer expectations and help you deliver your services long into the future.”
We concluded by looking at GRC tools with ML and AI at a strategic level, at the senior executive level and even at the Board of Director level. Robinson feels that management at this level “understands the benefits because they understand the problem.” Their goals are to simplify compliance while understanding risk exposure. From this point, management can move to create a risk-based solution. Robinson believes, these are the types of “business problems that executives are dealing with on a daily basis. Having awareness of the machine learning model can help them navigate that complexity.” From where I sit, when you can take a tool that improves business process efficiency and use it to increase profitability through more effectual risk management it is a win for everyone.
For more information on 6clicks, check out their website here.