Author: admin

Categories
Great Women in Compliance

Colleen Dorsey: Using AI and Machine Learning in Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

Colleen Dorsey, our Great Woman in Compliance of the week, is well known for influencing Compliance careers early – she leads the University of St Thomas Compliance programming, preparing our Compliance Officers of tomorrow. Get a behind the scenes look into the evolution of Compliance education at the tertiary level.

 Also in this episode Colleen gives the GWIC listenership a run down on using Artificial Intelligence and Machine Learning in Compliance programs. In Compliance, as with everything else, it’s important to keep up with new developments and tools that can help us achieve our goals more accurately and more efficiently. Those who don’t keep up will most certainly get left behind. Fortunately Great Women in Compliance listeners are invested in their own professional development and keep up with the wealth of information provided by GWIC guests. Colleen gives basic understanding to lay the foundation of what AI and Machine Learning are and explains how these tools can be used to benefit Compliance programs, using a real life example and what the future might hold for these areas.

Finally Colleen shares some of her wisdom surrounding self-awareness – you cannot improve yourself unless you know what you’re working with and where your gaps are so it’s important to be honest with yourself and be able to self-reflect objectively – with the help of others where necessary.  Mary weighs in with some sound practical advice from Organizational Psychologist Adam Grant with a tip to make soliciting feedback easier for yourself and those around you.

Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). Thank you to all those who have taken the time to rate the GWIC podcast and book, it’s much appreciated.

If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?

As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

Compliance Communications: Using an AI Marketing Strategy – Part 2

Compliance Communications Using an AI Marketing Strategy – Part 2Over a couple of blog posts, I am exploring topics raised in a recent Harvard Business Review (HBR) article, entitled “How to Design an AI Marketing Strategy: What the technology can do today—and what’s next”, by Thomas H. Davenport, Abhijit Guha, and Dhruv Grewal where the authors focus on the use of Artificial Intelligence (AI) in marketing. I believe their work could be adapted for the compliance professional. Yesterday, I used the article as a jumping off point about how Chief Compliance Officers (CCOs) and compliance professionals can use AI for internal compliance communications and communications with key stakeholders outside your organization that you need to work with on compliance, such as third-party agents and vendors in the Supply Chain. Today I want to consider the framework that a compliance professional can implement to use these tools effectively for both internal and external marketing of a corporate compliance program.
The authors posit that AI can be categorized according to two dimensions: intelligence level and stand-alone or integrated platforms. Further, the intelligence level can be broken down into two subgroups: task automation and machine learning. Task automation performs “repetitive, structured tasks that require relatively low levels of intelligence.” They bring a level of ease as they are “designed to follow a set of rules or execute a predetermined sequence of operations based on a given input” However, such tools cannot handle complex problems such as nuanced employee requests for information. Chatbots fall into this category.  Such tools can provide basic assistance to employees during basic interactions, moving employees down a defined decision tree, but cannot ascertain intent, offer customized responses, or learn from interactions over time.
With machine learning, “algorithms are trained using large quantities of data to make relatively complex predictions and decisions.” Such algorithms can decipher text, segment issues, and anticipate how employees will respond to various initiatives. Moreover, machine learning can drive programmatic decision-making in a compliance program for employees through a “customer relationship management system”. The next step is what the authors term the “more sophisticated variant, deep learning, are the hottest technologies in AI and are rapidly becoming powerful tools in marketing.” That said, it’s important to clarify that existing machine-learning applications still just perform narrow tasks and need to be trained using voluminous amounts of data.
Stand-alone applications are “best understood as clearly demarcated, or isolated, AI programs.” Conversely, integrated applications are embedded within existing systems and such AI applications are often less visible than stand-alone ones. This allows employees to be delivered a more sophisticated solution for the Quote To Cash (QTC) or Procure To Pay (P2P) processes. With a stand-alone system, employees need to go to a dedicated app and request suggestions. It appears that compliance professionals will “see the greatest value by pursuing integrated machine-learning applications, though simple rule-based and task-automation systems can enhance highly structured processes and offer reasonable potential” for not simply more efficient compliance processes but for commercial returns.
For corporate compliance professionals with limited AI experience, perhaps the “way to begin is by building or buying simple rule-based applications.” You can start with “crawl-walk-run” approach. Once a compliance function acquires basic AI skills and an abundance of data, you can start moving from task automation to machine learning. Moreover, new sources of data, “such as internal transactions, outside suppliers, and even potential acquisitions”, are something compliance functions should have access to, since most AI applications, particularly machine learning, require vast amounts of high-quality data. Once again this is precisely what the Department of Justice (DOJ) specified in the 2020 Update to the Evaluation of Corporate Compliance Programs when it mandated that compliance have access to all corporate data even when siloed.
There are challenges in implementing an AI tool for communications as “implementing even the simplest AI applications can present difficulties. Stand-alone task-automation AI, despite its lower technical sophistication, can still be hard to configure for specific workflows and requires companies to acquire suitable AI skills.” It will also require “careful integration of human and machine tasks so that the AI augments people’s skills and isn’t deployed in ways that create problems.” The bottom line is that while AI holds enormous promise, for compliance professionals for a variety of uses, it still accomplishes only narrow tasks.
But it will be a journey for compliance. The compliance function “and the organizations that support it, IT in particular, will need to pay long-term attention to building AI capabilities and addressing any potential risks.” Yet compliance professionals cans start developing a strategy today to take advantage of AI’s current functionality and its likely future. Compliance communications to both internal and external stakeholders is certainly one use that should be on your horizon. When we receive the next iteration of the Evaluation of Corporate Compliance programs you may well see AI specifically called out as a tool, the DOJ may expect multi-national companies to have AI in place and be using for a variety of compliance activities.

Categories
Compliance Into the Weeds

Listening is a Conversation

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into why an internal reporting system is not enough. Indeed having a speak up culture is not enough. Your company must have a listen up culture.

Some of the issues we consider are:

  • What is a speak up culture?
  • What is a listen up culture?
  • What are some of the benefits of a true listen up culture?
  • How do you training middle managers to be speak up portals?
  • Why is having a conversation so powerful?

 Resources
Matt in Radical Compliance
Corporate Culture: Speak Up v. Listen Up

Categories
Daily Compliance News

September 15, 2021 the Gensler Testifies edition


In today’s edition of Daily Compliance News:

  • Engine No. 1 seeks to tie valuation to climate risk. (Reuters)
  • Boeing, Directors asked court to review its ruling. (WSJ)
  • Erika Cheung testifies on Theranos trial. (NYT)
  • Gensler criticizes cryptos? (WaPo)
Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 3: Skills Development and Meeting Regulatory Needs

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we are breaking down corporate culture, compliance training and communications by discussing topics such as breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 3, I am joined by Koby Bambilia to discuss the intersection of meeting compliance skill development and regulatory requirements.

Bambilia has an interesting perspective on compliance training because of his unique background in the field. In addition to being a former compliance professional, he is also a former prosecutor. You do not often see that combination in a person specializing in compliance training.  We started with the basic concept of training – in any regulatory guidance, both here in the US or abroad, which is always considered by the regulators as one of the pillars of Bank Secrecy Act (BSA) compliance program. Obviously the more your staff is trained, the easier your job as a compliance officer will be.
This is where the first line of defense becomes so critical. Who knows clients better than the front-line bank officers who deal with them on a regular basis? This leads Bambilia to note that the role of a compliance professional is to provide the first line of defense with “the appropriate tools so in turn they will to be able to perform their duties; and the method in which you provide such tools are through robust and comprehensive training program.”
Additionally, Bambilia emphasized the regulators’ expectations for skills training. He has increasingly seen that “regulators are looking at the skills and career paths of bank employees. In other words, do the employees in their specific roles have the right set of knowledge, skills, and expertise to carry out their compliance responsibilities?” This has moved beyond strictly “compliance related roles but business-oriented roles as well.” He provided some examples such as private banking, loan officers, tellers, trade finance functions and correspondent banking departments. He stated, “The examiners will sample and check what experience and skills such employees have and what type of training they have received.” This led Bambilia to conclude, “thinking critically about whether the employees in key roles possess the right set of skills and expertise should guide institutions as they develop their training program, especially the long-term ones.”
I asked Bambilia if he could provide an example of such a situation. He recalled one institution where he worked which had more than 13,000 employees. As you might expect, there were multiple training requirements for employees. One of the challenges faced by the compliance function was how to verify all employees had completed the compliance training. Some 93% of employees completed compliance training so the challenge was to reach the remaining 7%. As Bambilia remarked, “We understood that it must be dealt with, and sometimes you have to take drastic measures to demonstrate that you are serious about compliance and serious when it comes addressing the regulatory expectations around compliance training.”
The compliance department went to the Board and proposed that any employee not completing their required compliance training would receive a 33.3% cut of the annual bonus. This stick approach worked and the completion numbers when up to 98%. What about the remaining 2%? They lost 33.3% of their annual discretionary bonus. The result was the next the completion rate for compliance training went up to 100%. But completion rates on employee compliance training are not enough as Bambilia said the regulators also want to see that the “compliance function has the right set of skills needed to perform their respective roles and duties. So, it’s something to think about and be prepared for before your next examination.”
We concluded our discussion by considering if finding solutions for compliance training “workarounds” or lack of employee participation has improved or dropped. Bambilia began by noting a very important aspect of compliance training, “with the right approach employees can be educated that training is not a form of punishment but actually a valuable tool which can help them do their job right. This is critical in keeping institutions “out of trouble.”” As Bambilia further explained, one of the functions of compliance is to “protect the Bank and the clients but it is also there to protect employees. And employees knowing through training what they have to do will keep them safe.”
Bambilia believes that now there are “better systems for e-learning and training solutions to ensure people are actually taking and completing these trainings. These systems can track, check the number of tries for passing the exam and even send the reminders.” Finally, institutions are moving toward more bite sized training (See: Espresso Training Shots). Bambilia explained that this can lead to not an entire day/week course but something that can fit within the regular workday; and this is even more applicable in today’s environment where most of us are working remotely, either in full or in hybrid mode.
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Blog

Culture, Training and Compliance – Part 1

I recently had the opportunity to visit with, Tina Rampino, Associate Managing Director at K2 Integrity. Tina has one of the top phrases I have heard around compliance training. It is ‘espresso shots’ of training to help facilitate attainable training demands. We also discussed the operationalization of compliance training.
Espresso Shots of Training
Rampino advised on what she called “an espresso shot” of compliance training which can be both shorter and more concise, but drills down to specific risks relevant to an institution. She went on to relate that she has been involved in creating solutions that can deliver shorter and more tailored training which will result in increased relevance to the employee and have a lighter burden of training hours. Rampino said, “The concept of espresso shot training can assist employees to better manage their workload while keeping up with important issues relevant to their roles. For example, institutions should think creatively on delivery and modality of training content. Not only in an e-learning format: something engaging, cartoons, videos, interactive virtual training.”
I think that every compliance professional strives to find the right balance between training on general awareness topics and shorter, more relevant and practical training opportunities.  Unfortunately, compliance training is viewed as a “check the box” activity or worse, something that is dreaded and is usually ineffective. Rampino suggested compliance training incorporates real life scenarios, case studies or simulations to give employees an opportunity to learn in a sand box environment and to practice the skills that they are being taught.
Some of her suggestions include keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb – and schedule. Another example is that short cartoons or animated videos can be excellent quarterly reminders. Done properly, they do not feel like an assessment or certainly not a ‘check-the-box’ exercise. The bottom line is that with all training most employees must undergo now and even more so in the continued time of the Covid-19 Delta Variant, espresso shots give people back a lot of time.
Operational Aspects of Training
Next we turned to key operational aspects of training, including budget, delivery and more. We began with a discussion of one of the most critical issues around compliance training, but one I believe does not get nearly enough discussion in the compliance community, that being the issue of budgeting. During times of economic stress compliance training budgets are often tightened. Rampino believes this approach needs to be avoided. The reason is straight forward, “investing in training and professional development for employees can save money in the long-run, both operationally and when it comes to regulatory requirements. An institution’s greatest asset is their employees and especially when you’re entrusting them to protect your institution from risk.”
This means that if you are providing employees with ongoing training to assist them to continuously refine their knowledge and skills; it will also keep them engaged and incentivized to take compliance more seriously. Moreover, as Rampino noted, “developing and retaining employees is beneficial to financial institutions in the long-run and demonstrates sustainability within the compliance program.” Instead of cutting back on training budgets in general, institutions should assess the training needs as they align with the greatest risk and find ways to deliver the most targeted and relevant training across the enterprise. Rampino advocates several different styles of compliance training. These include, having a “balance of online/in-person training; including independent or self-guided training; as well as hands on training with an instructor.”
We then turned to the concept of compliance training as a cost saving exercise. Rampino reiterated that “skilled and experienced employees are a critical part of a sustainable and effective program. While training may not be the highest priority, when a compliance officer is looking at their list of money spend for year; training is critical in proactively reducing compliance errors and risk.” Additionally, employees who receive timely and engaging training often feel that an institution is investing in them and their professional growth, which can lead to less turnover. Rampino concluded, it demonstrates “an institutions appreciates the importance of career pathing and skills development. It is not just for the regulators, but for health and wellbeing of an institution.”
Think about that for a minute; training should also assess the skills needed for each role and provide a career path for employees. Employees want to understand they are growing professionally. Management desires its employees to “understand that people they have in those roles have the right training and are experienced.” Rampino concluded that this means “training is a resource bigger than what it looks like on paper. That’s why budget and resources for training is so important. Training is a way to mitigate risk within the institution—both in terms of real risks that come in the door every day and demonstrating a sustainable way to do so.”
We concluded with Rampino’s thoughts on regulatory expectations around compliance training.  She believes, “Regulators are more interested than ever in seeing that an institution is investing in a sustainable, scalable, and dynamic training program. They want to know that an institution understands their risks and that it demonstrates that with the training that is provided to their employees. Regulators are expecting more targeted and role-based training offerings and that the content is evolving as the risks evolve.”
In the vein of my mantra Document, Document, and Document, Rampino also noted that regulators are “more focused than ever on how the financial institution is assessing compliance skills needed for critical roles and demonstrating that their employees meet the skill requirements for the roles that they are in.” This means a potential audit on areas as wide-ranging as “how an institution provides career pathing, professional development, and cross-training opportunities for their employees.” But this is much more than a myopic view of compliance training only as it “ensures sustainability of the program but also allows for flexibility as financial institutions adapt to the changes and may face organizational or structural changes, as many do due to a host of issues ranging from regulatory remediation to right-sizing.”
Training and its attendant skills development have become critical in empowering employees to move into new roles as needs arise and offers growth opportunity which is valuable beyond measure in the current environment that institutions are operating in. She concluded by stating that regulators “want to know that compliance employees not only understand their institutions internal risk, policies/procedures, and escalation processes but also that they are staying current with industry best practices and emerging risks.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Categories
Compliance Kitchen

CPB FAQ’s Re: Forced Labor


The CBP recently answered FAQs in regards to its detection and enforcement of regulations against imports of products made with forced labor.  Stop by to hear a summary from The Kitchen on imports compliance and exclusion from CBP’s Withhold Release Orders.

Categories
Innovation in Compliance

Information Governance and The Data Industry with Peter Baumann


 
Peter Baumann is Tom Fox’s guest on this week’s episode of the Innovation in Compliance Podcast. He is the founder of ActiveNav, a company that helps its customers reduce data risk, make better management decisions and comply with privacy regulations. He has been in the information governance field for 30 years both as a publisher and as a content creator. Peter joins Tom to talk about how the disciplines of information governance, and the data industry, relate to a variety of compliance issues.
 

 
How Information Governance Has Changed
The most significant change in information governance, Peter tells Tom, has been its explosion of growth. Companies used to only operate from a singular network, and via a single machine. There was well-managed control, and no one else was able to have access to the information filtered through those single networks and machines. That is no longer the case. With the rise of the internet and connecting corporate networks with each other, the control has collapsed and sensitive data has become more accessible.
 
Being Compliant Through Data Retention Policies
Peter iterates that companies need to have a map of their data and what’s actually in it. “Until you get there, you’re always gonna fall short of meeting any of these privacy regulations because you can’t actually say what you’ve got, where it is, and whether you should have it,” he adds. Companies need a top and bottom approach to their data mapping, which lets companies know how to approach these issues strategically. Peter also stresses that senior management needs to treat their data as if it’s the best asset in their organizations. “Only when those things become a kind of de facto position will organizations start to manage and govern their data appropriately,” he tells Tom.
 
Unstructured Data & Eradicating Dark Data
Peter explains that unstructured data is data that sits outside of a database environment. The very idea of a database is based on the concept of structure, so any data existing outside of it is unstructured. To get rid of dark data, companies need to have an understanding of what data they have, its nature, size, and where it is stored. That is the first step. The second step is minimization, that is, doing a system cleanup of redundant files or records that are beyond their natural retention policies. The final step would then be to find your sensitive data, understand what it is, then either encrypt or delete it, or move it somewhere else. This will get you to your government’s baseline. 
 
The Impact of COVID-19 & Looking To The Future
The pandemic has changed how companies approach data as content has become more fragmented now. “The biggest change I’d say is the shift in both commercial, private, and government towards more collaborative based tools,” Peter remarks. He gives examples of Microsoft Teams and Slack. The downside of these tools, however, is that they don’t have the appropriate mechanisms built into their platforms to ensure that they are complying with governance. With respect to the future, companies should expect to see penalties and fines start to drift down to mid-market and eventually smaller businesses. “Ignorance and the lack of policy systems and preemptive planning won’t be tolerated as an excuse by the courts,” Peter warns. The tools and the experience are out there to ensure that companies are aware of what data they have so they will be expected to comply with regulations and face the consequences if they don’t.
 
Resources
Peter Baumann | LinkedIn | Twitter
ActiveNav
 

Categories
Daily Compliance News

September 14, 2021 the Varsity Blues-the Trial edition


In today’s edition of Daily Compliance News:

  • Varsity Blues goes to trial. (Reuters)
  • Facebook rules apply to all, except when they don’t. (WSJ)
  • Biden names privacy expert to FTC. (NYT)
  • When does harm to business outweigh rights of whistleblowers? (CorderyCompliance)
Categories
Innovation in Compliance

Integrity Matters: Culture, Training and Compliance – Part 2: Espresso Shots of Training

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 2, I am joined by Tina Rampino who discusses ‘espresso shots’ of training to help facilitate attainable training demands.

We began with the status of compliance training after 18 months of Covid-19. Here Rampino noted, “in the early phase of the pandemic, institutions had to quickly change to a fully virtual working environment. They had to find creative solutions to adapt their training programs in response. All planned instructor-led training was cancelled or transitioned to virtual training.”
But what was the impact of Covid-19 on compliance training plans? She said it varied between each organization but “the delays, rescheduling, and redesigning of mandatory trainings to accommodate the virtual working environment caused a big training load and a heavy training burden for institutions. Many institutions delayed mandatory training as they tried to work through issues as mundane as bandwidth as all employees were now remotely logged in to the same Learning Management Systems at the same time every day.” The bottom line is that many organizations pushed training to the end of the year or into 2021 and competing priorities and demands had to be managed. Moreover, we are now into Q3 2021 and even though the virtual work environment has become routine for compliance professionals, the pressure is on to get back up to speed on all those trainings.
If your organization finds itself in that place, Rampino advised on what she called “an espresso shot” of compliance training which can be both shorter and more concise, but drills down to specific risks relevant to an institution. She went on to relate that she has been involved in creating solutions that can deliver shorter and more tailored training which will result in increased relevance to the employee and have a lighter burden of training hours. Rampino said, “The concept of espresso shot training can assist employees to better manage their workload while keeping up with important issues relevant to their roles. For example, institutions should think creatively on delivery and modality of training content. Not only in an e-learning format: something engaging, cartoons, videos, interactive virtual training.”
I think that every compliance professional strives to find the right balance between training on general awareness topics and shorter, more relevant and practical training opportunities.  Unfortunately, compliance training is viewed as a “check the box” activity or worse, something that is dreaded and is usually ineffective. Rampino suggested compliance training incorporates real life scenarios, case studies or simulations to give employees an opportunity to learn in a sand box environment and to practice the skills that they are being taught.
Some of her suggestions include keeping your compliance training segments concise as “shorter, bite-size learning is a trend in training programs.” This means that instead of offering half-day and full-day sessions, break programs into shorter segments of 20 minutes or less, which are easier for participants to absorb – and schedule. Another example is that short cartoons or animated videos can be excellent quarterly reminders. Done properly, they do not feel like an assessment or certainly not a ‘check-the-box’ exercise. The bottom line is that with all training most employees must undergo now and even more so in the continued time of the Covid-19 Delta Variant, espresso shots give people back a lot of time.
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.