Author: admin

Categories
Great Women in Compliance

Great Women in Compliance: Mary Inman and Jane Norberg on Current Developments in Whistleblower Laws and Practice

Welcome to the Great Women in Compliance podcast with Hemma Lomax and Lisa Fine, sponsored by Corporate Compliance Insights.  Over the past few months, the Department of Justice put forth the Whistleblower Pilot Program, and the update to the Evaluation of Corporate Compliance Programs.  It was the perfect time to focus on how these impact whistleblower laws. Jane Norberg, who is a partner at Arnold & Porter and the former Chief of the Office of the Whistleblower and Mary Inman, who is a founding partner of Whistleblower Partners. Mary is also an advocate for the power of whistleblowers and is known for representing Facebook Files whistleblower Frances Haugen and Theranos whistleblower Tyler Shultz.

They provide insight into what makes a credible and legitimate whistleblower, how the SEC reviews tips from whistleblowers and what we as compliance professionals can do to build effective programs. All focused on the review of all concerns that are raised, regardless of the source. They provide some thoughts about how to handle different situations before, during, and after an investigation, providing practical advice.

The group discusses the new DOJ Whistleblower Pilot program and where it follows the past programs like the SEC program and where it is filling new gaps. One part of the program includes the 120-day requirement for reporting an issue, and they focused on what that would mean for organizations. Mary and Jane share their views on the requirements and the best practices and reference how most compliance professionals are using the DOJ Evaluation of Corporate Compliance to develop their programs, which means that an issue is investigated. In practical terms, following the ECCP requirement to investigate, and the pilot program has a “race to report,” is a challenge, and this is discussed in depth.

Mary and Jane both provided “one thing you should know” to conclude the discussion. Both points are significant ones for anyone who is dealing with any point of the whistleblower or building a strong speak up/anti-retaliation culture.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Leadership Lessons from The Washington Post’s Non-Endorsement

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the recent events at the Washington Post, where the newspaper decided not to endorse a presidential candidate for the first time in years.

This decision, directed by owner Jeff Bezos, has led to significant backlash, including 200,000 lost subscribers and concerns about the paper’s principles. Matt and Tom discuss the implications of this move on leadership, company values, and stakeholder trust, providing insights into the governance structure of newspapers and the potential fallout of abandoning established principles. We also turn to company values and if you are going to violate them, there should be sufficient justification. Finally, what a second Trump Administration might mean for corporate compliance.

Key Highlights:

  • Washington Post’s Controversial Decision
  • Newspaper Governance Explained
  • Washington Post’s Mission and Principles
  • Leadership Failures and Consequences
  • Potential Future Implications

Resources:

Matt in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Navigating Compliance in Interesting Times

I once had a boss whose catchphrase was, ‘May you live in interesting times.’ That applied back in the first decade of this century and is even more appropriate now. In a world that often feels like it is constantly shifting beneath our feet, the role of the corporate compliance professional has never been more crucial or challenging. In recent New York City Bar Association Compliance Institute remarks, Principal Associate Deputy Attorney General Marshall Miller offered timely insights on the Department of Justice’s (DOJ) evolving approach to corporate criminal enforcement. His message was that compliance professionals are essential to organizational success, national security, and the broader rule of law.

  • Individual Accountability as the Cornerstone of Corporate Compliance

Miller emphasized that individual accountability remains a primary focus of the DOJ’s corporate criminal enforcement. According to Miller, they are prosecuting individuals at the top or throughout the corporate hierarchy, as it sends a strong message that misconduct is not tolerated and reinforces deterrence across the board.

For compliance officers, this focus on individual accountability reinforces the importance of training and awareness programs that help employees understand the personal stakes of unethical behavior. Compliance programs must communicate that misconduct has consequences for the organization and those directly involved.

This means compliance professionals should regularly update training modules to reinforce the personal consequences of non-compliance. Consider scenarios that show employees how individual misconduct can lead to legal repercussions, strengthening the deterrence message.

  • Transparency and Consistency in Enforcement Policies

One of the most significant updates shared by Miller is the DOJ’s emphasis on clarity, consistency, and predictability across its corporate enforcement policies. In past years, self-reporting or cooperating with investigations was often perceived as a gamble. Today, under new DOJ guidelines, a clear framework outlines expectations, rewards cooperation, and even encourages voluntary self-disclosure of misconduct.

This transparency is a game-changer for compliance professionals, who often need concrete examples and assurances to secure buy-in from executives and board members. Compliance leaders can now present a more straightforward business case for ethical behavior, outlining the risks of non-compliance and the potential benefits of self-disclosure.

Every corporate compliance function should leverage the DOJ’s published guidelines to develop a compliance strategy that aligns with the DOJ’s expectations. Create resources for your leadership team that show the tangible benefits of voluntary self-disclosure, including reduced penalties and favorable resolutions.

  • Empowering Whistleblowers and Enhancing Self-Disclosure Programs

Miller announced the launch of a new two-part DOJ whistleblower program that provides different rules and incentives based on whether the whistleblower was involved in criminal conduct. For those not involved, a DOJ awards program now provides a percentage of forfeited funds to the whistleblower. For those involved, whistleblower non-prosecution agreements are available.

This change holds significant implications for compliance programs. Whistleblower protection and incentive structures must be communicated and properly managed, ensuring employees know their rights and the benefits of reporting unethical behavior. With DOJ’s strong support, compliance leaders can strengthen whistleblower protections and encourage a culture of transparency.

Expanding whistleblower training and reporting channels to reflect the DOJ’s updated stance would be best. Emphasize protection and incentivization and ensure employees understand how these policies can benefit them if they report wrongdoing.

  • The Role of Incentives and Compensation Clawbacks in Compliance

The DOJ’s updated compliance approach emphasizes the role of compensation structures in promoting compliance or enabling unethical behavior. DOJ now evaluates incentive structures as part of every criminal resolution, rewarding companies that utilize clawbacks when executives are involved in misconduct.

For compliance professionals, this focus on compensation is an opportunity to align reward structures with ethical performance. Compliance officers can work with human resources to design and implement compensation plans that deter risky behavior by incorporating elements such as escrow accounts for bonuses and clawback provisions for executives involved in wrongdoing.

This means every corporate compliance function and personnel should collaborate with HR to develop compensation structures that support compliance goals, such as incorporating ethical behavior as a performance metric or establishing escrow accounts that hold bonuses contingent on compliance-related performance.

  • Strengthening Governance Structures for Accountability

Miller’s remarks also underscore the need for solid governance frameworks that prevent misconduct from slipping through the cracks. Accountability measures, from board oversight to compliance committee functions, ensure corporate misconduct is detected early and handled appropriately. He noted that companies with rigorous internal governance structures and compliance frameworks are more likely to avoid criminal charges.

For compliance leaders, this means assessing and strengthening their organization’s governance structures to support effective oversight. It also means advocating for periodic audits, third-party evaluations, and regular reviews of compliance policies to keep governance on track. Conduct a governance review to identify potential gaps in oversight and ensure that compliance officers have the authority to raise concerns without interference. Advocate for regular compliance audits and policy updates to keep pace with regulatory developments.

  • Preparing for Emerging Risks Related to National Security and Technology

Miller highlighted increasing corporate criminal investigations involving national security, particularly in the construction, agriculture, telecommunications, and technology sectors. Fueled by sanctions evasion and emerging technologies like artificial intelligence, national security risks are now a major focal point for the DOJ.

Compliance programs need to reflect this shift. Compliance professionals must prioritize emerging risks, especially cybersecurity, AI, and national security. Integrating these areas into the broader compliance program ensures that companies are prepared for the expanding scope of corporate crime.

You should update risk assessments to include national security risks and develop response plans for data security, sanctions compliance, and AI ethics. Equip your compliance team to monitor these evolving threats through specialized training and cross-functional collaboration.

  • A Call to Compliance Professionals: The Business Case for Compliance

Miller concluded with a direct call to compliance professionals, emphasizing the DOJ’s commitment to empowering compliance leaders to advance corporate ethics and compliance. He stressed the importance of making a compelling business case for compliance, using DOJ’s guidelines to advocate for investment in robust compliance programs.

In today’s regulatory environment, compliance is a strategic advantage, not a cost center. Compliance officers must seize this moment to champion the business case for ethics, highlighting the DOJ’s transparent policies and the tangible benefits of voluntary self-disclosure, cooperation, and strong compliance frameworks.

Position your compliance program as an essential part of your business strategy. Use DOJ’s new approach as a lever to secure greater resources and authority, demonstrating that investing in compliance can directly impact organizational resilience and profitability.

  • Final Thoughts

Principal Associate Deputy Attorney General Marshall Miller’s remarks signal a turning point for compliance professionals, who are no longer seen as gatekeepers but as strategic partners in risk management and national security. With the DOJ’s commitment to transparent enforcement policies, expanded whistleblower incentives, and a stronger emphasis on accountability, compliance officers have a clear mandate to champion ethical business practices.

These changes offer a roadmap for compliance leaders to build stronger programs that protect their organizations and reinforce their role as trusted advisors in corporate governance. By adopting the DOJ’s updated principles, compliance professionals can safeguard their organizations, enhance their credibility, and make a compelling case for a proactive approach to corporate ethics.

In our “interesting times,” compliance is no longer just about rules and regulations. It is about building an integrity culture that benefits the organization and the broader community.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Managing New Risks – Lessons from The Creature from The Black Lagoon

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How does the discovery of the Creature from the Black Lagoon guide a compliance professional in managing new and emerging risks?

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Branding Lessons for Compliance from Count Dracula

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How can Count Dracula inform your Compliance Branding? In more ways than you think.

Categories
Innovation in Compliance

Innovation in Compliance: Revolutionizing Compliance: AI’s Role in Shaping The Future of Compliance Financial Institutions

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast.

In this episode, Tom Fox has an enlightening discussion with John Sun, CEO of Spring Labs, sponsor of this podcast, as they delve into the transformative impact of AI on compliance in the financial sector.

John shares his journey from a Chief Risk Officer at Avant to leading Spring Labs, an AI company focused on creating innovative compliance tools for financial institutions. The episode explores the significant gap in existing compliance tools and the company’s contributions to making compliance processes more efficient and adoptable. They cover the challenges faced by compliance professionals in communicating the value of these tools to quantitative-oriented stakeholders and highlight how AI-powered solutions like Zanko ComplianceAssist, Agent Assist, and Customer Assist are enhancing efficiency and accuracy.

Additionally, the conversation touches on how AI is being used to convert unstructured conversational data into actionable insights, leading to better business decisions and process improvements. This episode offers valuable insights for financial institutions aiming to use customer feedback as a strategic resource and emphasizes the growing importance of AI in compliance and data management.

Key Highlights:

  • The Genesis of Spring Labs
  • Strategic Value of Compliance Management
  • Leveraging AI in Compliance
  • Streamlining Customer Service with AI
  • Leveraging Data for Business Efficiency
  • AI’s Role in Structuring Data
  • Future of AI in Compliance

Resources:

John Sun on LinkedIn

Spring Labs

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: October 29, 2024 – The Olympus Chief Fired Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Olympus chief fired for purchasing illegal drugs. (FT)
  • Alibaba settles with shareholders for $433MM. (WSJ)
  • Will the Houston Chronicle business columnist be jailed under a Trump Administration? (Houston Chronicle)
  • Carlos Watson says guilty verdict should be tossed. (Reuters)

Categories
Blog

Creating, Strengthening, and Maintaining Corporate Culture: Lessons from The Mummy

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Our final offer is Boris Karloff’s original film version of The Mummy. 

===========================================================

In the 1932 classic The Mummy, Boris Karloff’s portrayal of Imhotep reveals a lesson far beyond the supernatural realm: the dangers of neglecting the past and allowing an ancient curse to resurface. The movie’s central theme of resurrection and control reflects what happens in corporate culture when old habits, unaddressed problems, or toxic elements re-emerge due to inattention. Building a strong, resilient corporate culture is crucial for compliance professionals, not unlike guarding against an ancient curse that could unravel the organization.

In her recent speech at the SCCE conference, Nicole Argentieri provided valuable insights into the importance of creating, strengthening, and maintaining corporate culture. Her message was clear: corporate culture is not a static entity. Like Imhotep’s curse, it can decay if not properly maintained, leading to disastrous consequences. The 2024 Evaluation of Corporate Compliance Programs (2024 ECCP) emphasizes the importance of culture in mitigating compliance risks, making it clear that companies must prioritize their corporate ethos as a proactive strategy for risk management.

The Origins of Corporate Culture: Digging into the Foundations

In The Mummy, the archaeological team unknowingly unleashes a destructive force by uncovering and neglecting the historical warning signs of the curse. This is analogous to companies that need more of their corporate culture. Just as the archaeologists ignored the history behind Imhotep’s tomb, companies often overlook the foundational values and behaviors that drive their internal culture.

Argentieri’s speech underscores the importance of understanding where your corporate culture comes from. The 2024 ECCP stresses the need for companies to actively cultivate a culture of compliance, ethics, and integrity. It’s not enough to have values written in a code of conduct—those values must be woven into the company’s fabric, from leadership to the newest employee.

The origins of a corporate culture come directly from leadership. Just as the resurrection of Imhotep was enabled by human error, a toxic or lax corporate culture can take root if leaders do not actively promote ethical behavior. Compliance professionals must work with leadership to ensure the company’s mission, values, and expectations are clearly communicated and consistently upheld. Without this strong foundation, the “mummy” of unethical behavior can quickly rise.

Resurrecting Old Problems: The Danger of Neglect

In The Mummy, Imhotep’s curse returns because it was never truly addressed; it was sealed away but not eradicated. This is a powerful metaphor for what happens in corporate culture when old issues, such as poor leadership behavior, unethical practices, or lack of accountability, are allowed to fester. If left unchecked, these issues can resurface and cause significant harm to the organization.

Argentieri’s speech touched on this very point. Moreover, the 2024 ECCP requires companies to identify and address the risks that could undermine their culture. Compliance professionals must proactively monitor the workplace for signs of cultural erosion. These issues must be confronted head-on, whether lax attitudes toward compliance, a lack of whistleblower protections, or unethical leadership practices.

Regular audits, surveys, and employee feedback mechanisms are critical tools for uncovering hidden problems before they escalate. By monitoring corporate culture at regular intervals, compliance professionals can prevent “mummies” from reawakening and wreaking havoc on the organization.

Leadership: The Keepers of the Tomb

In The Mummy, the characters who succeed are the ones who recognize the danger and take action to stop it. For a company to maintain a strong culture, leadership must play an active role. The tone from the top is crucial in shaping the behavior of the entire organization. Leaders who demonstrate a commitment to compliance and ethical behavior set the standard for others to follow.

Argentieri highlighted the importance of leadership in her speech, noting that the DOJ expects company leadership to be fully engaged in promoting and maintaining a culture of compliance. The 2024 ECCP calls for leadership to demonstrate commitment to compliance in words and actions. This includes regular involvement in compliance activities, support for compliance personnel, and a clear message that ethical behavior is non-negotiable.

Just as the characters in The Mummy had to confront the curse with courage and resolve, corporate leaders must take ownership of the company’s ethical standards. They are the keepers of the tomb, ensuring that the organization’s values and principles are protected from decay.

Strengthening the Culture: Continuous Vigilance

One of the key themes of The Mummy is the importance of vigilance. Imhotep’s return resulted from human negligence—those responsible did not take the necessary precautions to prevent his resurrection. Similarly, a company’s corporate culture can weaken without continuous effort to maintain and strengthen it.

Argentieri’s speech clarified that the DOJ wants companies to maintain their corporate culture proactively. The 2024 ECCP expects companies to actively monitor their culture, assess risks, and adjust their compliance programs as needed. This requires a commitment to continuous improvement, strengthening internal controls, updating policies, and providing regular training to employees at all levels.

A strong compliance program evolves with the organization. Just as archaeologists learn from the past to protect the future, compliance officers must learn from past mistakes and adjust their strategies to prevent future failures. This might mean revisiting training programs, adjusting disciplinary measures, or enhancing whistleblower protections.

Maintaining a Culture of Compliance: The Final Seal

The ending of The Mummy reminds us that threats can be contained, but only with the right tools and vigilance. In the corporate world, maintaining a culture of compliance is an ongoing process. It requires a commitment to ethical behavior, continuous monitoring, and strong leadership. A company’s corporate culture must be seen as a living entity—one that requires nurturing, attention, and protection.

The 2024 ECCP provides clear guidelines for how companies can maintain a strong culture of compliance. It emphasizes clear communication, regular training, and leadership engagement. Compliance professionals ensure these elements are in place, and the culture remains strong even as new risks emerge.

Learning from The Mummy

The Mummy teaches us that neglecting the past can have dangerous consequences; the same is true for corporate culture. If a company fails to build, strengthen, and maintain its culture of compliance, it risks allowing unethical behavior to resurface, potentially leading to disastrous outcomes.

Argentieri’s recent SCCE speech and the 2024 ECCP offer a roadmap for compliance professionals. By focusing on strong leadership, continuous monitoring, and proactive risk management, companies can create a culture that not only withstands the test of time but also thrives in an ever-changing business environment.

The curse of Imhotep may have been fiction, but the risks facing corporate culture are all too real. Compliance professionals must act as guardians, ensuring that their organizations are protected from ethical missteps that can lead to the unearthing of far more dangerous threats.

Categories
Riskology

Riskology by Infortal: Episode 35 – Riskology in London with BABL AI

Riskology by Infortal™ is coming to you this week from the GRC Risk Conference in London. 

Join host Ian Oxnevad as he discusses the intersection of AI and Risk with the CEO of BABL AI, Shea Brown. Their discussion covers several dynamics of AI development and implementation in the context of the growing global risk landscape and the challenges posed by autonomous decision making. 

Overview of BABL AI:

BABL AI conducts comprehensive evaluations of your company’s algorithms, assessing ethical, safety, compliance, liability, and reputational risks. BABL AI employs Certified Independent Auditors to ensure your AI systems comply with the ever-changing AI regulation landscape. They are at the forefront of performing risk and impact assessments in the AI space.

BABL AI employs a detailed methodology for identifying and mitigating AI risks that draw from humanistic fields of law and philosophy.  By thoroughly mapping how AI systems interact with human stakeholders, companies can more effectively identify specific risks. 

Overview of Infortal Worldwide:

Infortal™ Worldwide provides the full suite of due diligence investigation services to support your company’s risk management program and investment due diligence process. This includes investigation capabilities in over 160+ countries worldwide. 

For over 35 years, Infortal™ has enabled clients across all industries to mitigate their business risks and protect employees and assets globally.

Infortal™ Worldwide is also at the forefront of examining how geopolitical risk can impact strategic decision-making, the long-term sustainability of your business, and the potential downstream impact on key partners and suppliers. 

Infortal™ Worldwide focuses on solving risk before it starts. 

Risk Management & AI

AI introduces new dimensions of risk to the ever-changing risk management landscape by extending the reach of malicious actors. 

Fortunately, as Shea Brown points out, defenders against attacks can also benefit from AI. In fact, companies are increasingly integrating AI into their risk management strategies, which reflects a broader trend towards digital transformation across industries.

AI-based risks, however, are complicated by the fact that there are an increasing number of use cases for new AI technology. For example, there are new vulnerabilities in the fields of autonomous vehicles, facial recognition, and resource distribution. Companies can no longer ignore the building AI revolution. 

To prevent disaster, companies must carefully review their risk exposure to outside actors using AI and from challenges created by using the technology in house. During and soon after implementing AI solutions, it is important to gain a deep understanding of how the new technology will impact existing systems and processes. 

AI-audits provide a great mechanism to ensure that any new tech is up the requisite standards and increases transparency to relevant stakeholders.

Buyer Beware

The market is becoming saturated with seemingly revolutionary solutions in the risk management space. However, increased investment in this space does attract bad actors offering subpar or worse, even fraudulent solutions. 

This makes it important to know who is behind the companies you are considering buying from or partnering with. Conducting deep level due diligence on the companies and partners you plan to do business with in the AI space is important to make sure you are onboarding enhancements and not detractors from your bottom line. 

AI and the Human Element

In the world of AI development, an often-overlooked element for successful AI implementation is the need for human-centric oversight. Human supervisors can catch mistakes that automated systems overlook, providing a needed layer of security and reliability. 

This is especially important in high-risk areas where AI decisions have social and individual impact. By integrating a human-in-the-loop approach, organizations can better align their AI systems with ethical standards and a human focus. 

Mitigating Risks

While integrating AI-based technology into existing programs can pose certain risks for firms, the benefits can be significant. The key is making sure you know what you are getting and that any new technology will live up to your firm’s values. 

Importantly, AI does not eliminate the importance of accounting for human behavior. Currently individuals are still driving decision making and controlling the use of AI technology. 

Conducting due diligence on potential suppliers and performing audits on the AI impact to your company will place you ahead of the curve in terms of benefiting from the AI advancements now available in the risk management space. 

Resources:

Infortal Worldwide

Email

Dr. Ian Oxnevad on LinkedIn

Shea Brown on LinkedIn

Categories
Corruption, Crime and Compliance

How to Conduct an Internal Compliance Site Visit and Review

How can companies ensure that their compliance programs are robust enough to handle today’s complex ethical challenges?

In this episode, Michael Volkov dives into the critical components of conducting an internal compliance site visit and review. He highlights the significance of these visits in understanding operational risks and compliance culture. With real-world examples, Michael emphasizes the need for a proactive approach to compliance, ensuring that organizations are not only following regulations but also fostering an ethical environment.

Listen in as Michael talks about:

  • Conducting personal interviews with key staff to assess the compliance culture and operational challenges.
  • Reviewing and testing transactions across various vendor categories to ensure compliance with protocols.
  • Evaluating the effectiveness of training programs and employee understanding of ethical standards and compliance awareness.
  • Verifying compliance with internal policies and conduct due diligence on charitable contributions.
  • Assessing the compliance processes surrounding sponsorships and their alignment with company policies.
  • Implementing thorough due diligence practices for third-party vendors to mitigate risks.
  • Reviewing employee expense reports to ensure proper documentation and compliance with gift, meals, entertainment, and hospitality policies.

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group