Author: admin

Categories
Blog

Argentieri Speech and 2024 ECCP: Argentieri on Navigating AI Risks

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the Department of Justice’s (DOJ) approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts. This week, I am reviewing the speech and 2024 ECCP. Over the next couple of blog posts, I will look at the most significant addition, that around AI. Today, I will review Argentieri’s remarks to see what she has said. Tomorrow, I will dive deeply into the new areas in the 2024 ECCP around new technologies such as Artificial Intelligence (AI).

In her remarks, Argentieri said, “First, … Our updated ECCP includes an evaluation of how companies assess and manage risk related to using new technology such as artificial intelligence in their business and compliance programs. Under the ECCP, prosecutors will consider the technology that a company and its employees use to conduct business, whether the company has conducted a risk assessment of using that technology, and whether the company has taken appropriate steps to mitigate any associated risk. For example, prosecutors will consider whether the company is vulnerable to criminal schemes enabled by new technology, such as false approvals and documentation generated by AI. If so, we will consider whether compliance controls and tools are in place to identify and mitigate those risks, such as tools to confirm the accuracy or reliability of data the business uses. We also want to know whether the company monitors and tests its technology to evaluate its functioning as intended and consistent with its code of conduct.”

Argentieri emphasizes the importance of managing risks associated with disruptive technologies like AI. These updates signal a clear directive for compliance professionals: you must take a proactive stance on AI risk management. You can take the following steps to align your compliance program with the DOJ’s latest expectations.

Conduct a Comprehensive Risk Assessment of AI Technologies

The first step in meeting the DOJ is to thoroughly assess the risks that AI and other disruptive technologies pose to your organization.

  • Identify AI Use Cases. Start by mapping out where AI is being used across your business operations. This could include everything from automated decision-making processes to AI-driven data analytics. Understanding the scope of AI use is essential for identifying potential risk areas.
  • Evaluate Vulnerabilities. Once you have a clear picture of how AI is utilized, conduct a detailed risk assessment. Look for vulnerabilities, such as the potential for AI to generate false approvals or fraudulent documentation. Consider scenarios where AI could be manipulated or fail to perform as expected, leading to compliance breaches or unethical outcomes.
  • Prioritize Risks. Not all risks are created equal. Prioritize them based on their potential impact on your business and the likelihood of occurrence. This prioritization will guide the allocation of resources and the development of mitigation strategies.

Implement Robust Compliance Controls and Tools

Once risks have been identified, the next step is to ensure that your compliance program includes strong controls and tools specifically designed to manage AI-related risks.

  • Develop AI-Specific Controls. Traditional compliance controls may not be sufficient to address AI’s unique challenges. Develop or adapt controls to monitor AI-generated outputs, ensuring accuracy and consistency with company policies. This might include cross-referencing AI decisions with manual checks or implementing algorithms that flag unusual patterns for further review.
  • Invest in AI-Compliance Tools. Specialized tools are available that can help compliance teams monitor AI systems and detect potential issues. Invest in these tools to enhance your ability to identify and mitigate AI-related risks. These tools should be capable of real-time monitoring and provide insights into the functioning of AI systems, including the accuracy and reliability of the data they generate.
  • Regular Testing and Validation. AI systems should not be a set-it-and-forget-it solution. Regularly test and validate your AI tools to ensure they function as intended. This should include stress testing under different scenarios to identify any weaknesses or biases in the system. The DOJ expects your company to implement AI and rigorously monitor its performance and alignment with your compliance objectives.

Monitor, Evaluate, and Adapt

AI technology and its associated risks constantly evolve, so your compliance program must be flexible and responsive.

  • Ongoing Monitoring. Continuously monitor AI systems’ performance to ensure they align with your company’s code of conduct and compliance requirements. This involves technical monitoring and assessing the ethical implications of AI decisions.
  • Adapt to New Risks. As AI technology advances, new risks will emerge. Stay informed about the latest developments in AI and disruptive technologies, and be ready to adapt your compliance program accordingly. This may involve updating risk assessments, enhancing controls, or revising your company’s overall approach to AI.
  • Engage with Technology Experts. Compliance professionals should work closely with IT and AI experts to stay ahead of potential risks. This collaboration is crucial for understanding the technical nuances of AI and ensuring that compliance strategies are technically sound and effectively implemented.

Ensure Alignment with the Company’s Code of Conduct

Finally, all AI initiatives must follow your code of conduct and ethical standards.

  • Training and Awareness. Ensure that all employees, particularly those involved in AI development and deployment, are trained on the ethical implications of AI and the company’s code of conduct. This training should cover the importance of transparency, fairness, and accountability in AI operations.
  • Ethical AI Use. Embed ethical considerations into the AI development process. This means complying with the law and striving to use AI to reflect your company’s values. The DOJ will be looking to see if your company is avoiding harm and proactively promoting ethical AI use.

Argentieri’s remarks underscore the importance of managing the risks associated with AI and other disruptive technologies. Compliance professionals must take a proactive approach by conducting thorough risk assessments, implementing robust controls, and continuously monitoring AI systems to ensure they align with regulatory requirements and the company’s ethical standards. By taking these initial steps, you can meet the DOJ’s expectations and leverage AI to enhance your compliance program and overall business integrity. Join us tomorrow to take a deep dive into the new language of the 2024 ECCP and explore how to implement it.

Categories
Pawtastic Friends - The Paw Talk

Pawtastic Friends: The Paw Talk – Otto, Marchy and Alex

Welcome to Pawtastic Friends-The Paw Talk. In this podcast, host Tom Fox will visit with Michael and Melissa Novelli, co-founders of Pawtastic Friends, as well as those who work with them at Pawtastic Friends. Michael and Melissa are dedicated to helping shelter and rescue dogs in the Las Vegas area become more adaptable through enrichment training and activities such as yoga and aquatics training, as well as obedience and agility. This podcast is sure to tug on your heartstrings; just listen to how sweet this one dog is! Tune in now to hear more from Michael and Melissa Novelli as they discuss their passion for helping pups in need. Get ready for an exciting episode of Pawtastic Friends – The Paw Talk!

In this episode, we feature Otto, Marchy and Alex.

Otto and Marchy have both captured Melissa’s heart with their endearing personality and eagerness to learn during their training at a rescue facility. Tom asks about the dog’s potential. Both Michael and Melissa praise Otto and Marchy’s transformation from reluctance to engagement, emphasizing his need for a caring adult home that can provide him with adventures and companionship. Their experiences at the rescue facility, witnessing Otto and Marchy’s progress firsthand, shape their perspective that love, care, and engaging activities can profoundly impact the lives of rescue dogs, highlighting Otto and Marchy as perfect candidates for a fur-ever family.

Quotes:

“At first, he just wanted to go to the door to leave the arena. And then afterwards, he really connected with Jenny and the engagement of watching him be a dog and play with ball and, you know, tug toys and going up and down the ramp and the a-frame and seeing him really absorb all the information she was sharing with him, it was just so awesome.” – Melissa Novelli

“It’s so fun to watch them actually play and, you know, come out of their shell and to really shine their personalities.” – Melissa Novelli

“We don’t charge anybody. We’re just looking to raise some money to, you know, fund our enrichment training center.” – Michael Novelli

Resources:

Pawtastic Friends

Donate to Pawtastic Friends

Pawtastic Friends on Instagram

Pawtastic Friends on Facebook

Categories
Daily Compliance News

Daily Compliance News: September 26, 2024 – The Legal Limbo Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Menendez sentencing was delayed. (NewsWeek)
  • Ex-CEO of Skael faces criminal fraud charges. (WSJ)
  • S Iswaran convicted for corruption in Singapore. (BBC)
  • Roadmap of major DOJ anti-trust cases. (NYT)

Categories
Business Integrity Innovations

Business Integrity Innovations: Innovating Against the Odds – Dr. Amy Jadesimi on Ethical Business Practices in Nigeria

The Compliance Podcast Network (CPN) and the Center for International Private Enterprise (CIPE) bring you Business Integrity Innovations. This podcast is inspired by Ethics 1st – a multi-stakeholder initiative led by CIPE that creates pathways for accountable and sustainable investment in Africa. Companies can standardize their business practices, develop sound corporate governance systems, and demonstrate their commitment to compliance and business ethics using Ethics 1st.

In this episode of the Ethics 1st podcast, hosts Tom Fox and Lola Adekanye welcome Dr. Amy Jadesimi, a committee member of the Ethics First Advisory and a trailblazer in Nigerian industrial development. Dr. Jadesimi shares her incredible journey from being a medical graduate at Oxford and a banker at Goldman Sachs to earning her MBA at Stanford and leading LADOL in Nigeria. LADOL transformed from a single warehouse into a sprawling industrial hub during her leadership, slashing deep offshore logistics support costs and partnering with major companies like Samsung to create significant job opportunities and foster local industry growth.

Dr. Jadesimi discusses key aspects of her work, highlighting how compliance, sustainability, and ethical business practices drive innovation and competitiveness in challenging environments. She explains the importance of maintaining compliance to build trust, secure investment, and enable sustainable growth, emphasizing the positive impact on local communities and economies. Dr. Jadesimi’s insights provide valuable lessons for businesses striving to navigate regulatory challenges and make ethical decisions that lead to long-term success.

Key Highlights:

  • Building LADOL: Challenges and Successes
  • Navigating Regulatory Challenges
  • The Importance of Compliance
  • Sustainability and Business Efficiency
  • Future of Business in Nigeria

Resources:

CIPE

Dr. Amy Jadesimi on LinkedIn

LADOL

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Lesson from The John Deere FCPA Enforcement Action – Post Acquisition Integration

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we review why post-acquisition integration is mandatory for any deal that closes.

Categories
Everything Compliance

Everything Compliance: Episode 141, Tribute to Nick Gallo Episode

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we take up a potpourri of topics. We have the quartet of Matt Kelly Jonathan Armstrong, Jonathan Marks, and Karen Moore; all hosted by Tom Fox.

  1. Matt Kelly looks at the issue of what and who are in your Supply Chain after the pager attacks in Lebanon. He shouts out to Michaela Deprince for a life well lived.
  2. Karen Moore takes a deep dive into executive Clawback and Holdback provisions. She shouts out to Nick Gallo and asks all to keep him in their thoughts and prayers for a speedy recovery.
  3. Karen Woody reviews the Flyfish SEC enforcement action about NFTs as securities. She shouts out to pop culture and the great show on Apple TV Slow Horses.
  4. Jonathan Marks considers the imbroglio of PwC in China and what it means for audit firms trying to do business in China. He shouts out to eBay for providing authenticator services and briefs us on the Keeper Test.
  5. Tom Fox shouts out to Los Angeles Dodger Shohei Ohtani for having one of the greatest single seasons in MLB by a hitter.

The members of the Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Blog

Argentieri Speech and 2024 ECCP: Data Access and Data Analytics

Deputy Assistant Attorney General Nicole M. Argentieri’s speech highlighted a critical shift in the DOJ’s approach to evaluating corporate compliance programs. As outlined in the updated 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the emphasis on data access signals a new era where compliance professionals are expected to wield data with the same rigor and sophistication as their business counterparts.

In her remarks, Argentieri said, “Third, under the updated ECCP, our prosecutors will assess whether a compliance program has appropriate access to data, including to assess its effectiveness. We have added questions about whether compliance personnel have adequate access to relevant data sources and the assets, resources, and technology available to compliance and risk management personnel. As part of this assessment, we will also consider whether companies are putting the same resources and technology into gathering and leveraging data for compliance purposes they use in their business.”

Her remarks were paired with new language in the 2024 ECCP, which stated:

Data Resources and Access – Do compliance and control personnel have sufficient direct or indirect access to relevant data sources for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit or delay access to relevant data sources, and if so, what is the company doing to address the impediments? Do compliance personnel know of and have the means to access all relevant data sources reasonably timely? Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs? How is the company managing the quality of its data sources? How does the company measure the accuracy, precision, or recall of any data analytics models it uses?

Proportionate Resource Allocation – How do the assets, resources, and technology available to compliance and risk management compare to those available elsewhere in the company? Is there an imbalance between the technology and resources used by the company to identify and capture market opportunities and the technology and resources used to detect and mitigate risks?

The speech and the 2024 ECCP put new and additional requirements around a corporate compliance program in the areas of data and data analytics. But how exactly should compliance teams navigate these heightened expectations? Here’s what you must do to ensure your compliance program meets these new standards.

Evaluate Your Data Access to Ensure Unimpeded Access to Relevant Data

The first step in aligning with the DOJ’s expectations is to conduct a comprehensive audit of your current data access. Compliance professionals must ask:

  • Conduct a Data Access Audit. Identify all the critical data sources for monitoring and testing your compliance policies, controls, and transactions. This includes financial transactions, communications, third-party interactions, and other data relevant to your risk profile.
  • Identify and Eliminate Barriers. Once you have a map of your data landscape, scrutinize it for any impediments that may limit or delay access to critical data. These barriers could be technical, such as legacy systems that do not integrate well, or organizational, like departmental silos that restrict data flow. Develop a plan to remove these impediments, whether through technology upgrades, process improvements, or changes in data governance.
  • Educate and Empower Compliance Teams. It is not enough for data to be accessible; your compliance personnel must also have the knowledge and tools to access it effectively. Invest in training programs that enhance data literacy among your team members, ensuring they can navigate and leverage data to its full potential.

The DOJ will scrutinize whether your compliance team has the same data visibility as other business units. If you find gaps, now is the time to bridge them.

Assess Resource Allocation for Data Analytics

Argentieri’s remarks also underscore the importance of resourcing. It is more than having data; your corporate compliance function must have the tools and talent to analyze it effectively. The 2024 ECCP emphasizes the importance of using data analytics tools to create efficiencies in compliance operations and measure the effectiveness of compliance programs.

  • Technology Investment. Are you using advanced analytics tools? Leverage AI and machine learning to proactively identify patterns, anomalies, and potential compliance risks.
  • Invest specifically in Advanced Analytics Tools. Ensure that your compliance program is equipped with state-of-the-art data analytics tools. These tools should be capable of processing large volumes of data, identifying patterns, and flagging potential risks in real-time. Artificial intelligence (AI) and machine learning (ML) can be particularly useful in predictive analytics, helping you stay ahead of emerging risks.
  • Human Resources. Do you have data-savvy compliance professionals on your team? Consider upskilling current staff or hiring data analysts who understand the technical and regulatory landscapes.
  • Benchmark Resources Across the Organization. Start by comparing the assets, resources, and technology available to your compliance and risk management teams with those available in other departments, particularly those focused on capturing market opportunities. Look for any imbalances that could undermine the effectiveness of your compliance efforts.
  • Make a case for compliance. If compliance is underresourced, build a compelling business case for increased investment. Highlight the risks associated with inadequate compliance resources, including the potential for regulatory breaches, reputational damage, and financial losses. Use data to demonstrate how enhanced resources could improve compliance outcomes and protect the organization.

Implement Real-Time Monitoring

The DOJ’s focus on data access and analytics also means that real-time monitoring should be a cornerstone of your compliance strategy. Static, periodic reviews are no longer sufficient.

  • Continuous Data Feeds. Implement systems that provide compliance officers with ongoing, real-time data. This allows for immediate detection of potential issues.
  • Automated Alerts. Set up automated alerts for key risk indicators, such as unusual transaction patterns or policy violations. This ensures that your team can respond to potential breaches before they escalate.
  • Integrate Compliance into Business Strategy. To ensure ongoing support, integrate compliance more closely with business strategy. Show how robust compliance efforts contribute to long-term success, aligning compliance goals with the company’s objectives.

Leverage Data to Assess Compliance Program Effectiveness

The ultimate goal of data access and analytics is to measure and improve the effectiveness of your compliance program. The DOJ is looking for companies that can demonstrate how they use data to inform their compliance efforts.

  • KPIs and Metrics. Develop key performance indicators (KPIs) that track compliance program success. Metrics might include the number of detected compliance incidents, response times, or the effectiveness of training programs.
  • Data-Driven Adjustments. Use data insights to make real-time adjustments to your compliance strategy. If the data shows a particular area of concern, pivot quickly and address it with targeted interventions.
  • Measure the Effectiveness of Analytics Models. Develop metrics to evaluate the performance of your data analytics models. These could include detection rates, false positive/negative ratios, and the speed at which issues are identified and resolved. Review and refine these models to ensure they deliver accurate and actionable insights.

Ensure Transparency and Documentation

Finally, remember that the DOJ will be looking for transparency. Be prepared to demonstrate how you use data, make decisions, and allocate resources.

  • Document, Document, Document. Keep thorough records of your data access, analysis processes, and any adjustments based on data insights.
  • Audit Trails. Maintain clear audit trails that show how data influenced compliance decisions. This will be critical in demonstrating to the DOJ that your program is reactive and proactively leveraging data to prevent compliance failures.
  • Monitor Data Quality. High-quality data is the backbone of effective compliance. Regularly assess the quality of your data sources, checking for accuracy, precision, and recall. Implement data governance frameworks that ensure data integrity and reliability, ensuring your analytics models are based on the best available data.

Finally, under Part III of the 2024 ECCP, in the section entitled, Does the Corporation’s Compliance Program Work in Practice?, the DOJ said prosecutors would pose the following question, “Prosecutors should also assess how the company has leveraged its  data to gain insights into the effectiveness of its compliance program and otherwise sought to  promote an organizational culture that encourages ethical conduct and a commitment to  compliance with the law.”

Coupling that language from the 2024 ECCP with Nicole Argentieri’s speech, you see a clarion call for compliance professionals to elevate their programs through the availability and utilization of data and data analytics to meet the DOJ’s evolving expectations. The message is clear: data is not just a business asset but a compliance imperative. By ensuring unimpeded and robust data access, investing in analytics, implementing real-time monitoring, leveraging data to assess program effectiveness, and achieving resource parity for compliance, your compliance program will meet the DOJ’s standards and drive greater organizational integrity and resilience. In this new era of data-driven compliance, the key to success lies in strategic investment and proactive management.

The stakes have never been higher, but with the right approach, the rewards—reducing risk and increasing trust—are worth the effort.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Lesson from The John Deere FCPA Enforcement Action – Pre – acquisition Due Diligence

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review why pre-acquisition due diligence is so critical in any best practices compliance program.

Categories
The Hill Country Podcast

The Hill Country Podcast: Exploring Kerrville’s Literary Community with Rachael Carruthers

Welcome to award-winning The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth. In this podcast, Hill Country resident Tom Fox visits with the people and organizations that make this the most unique area of Texas. This week Tom welcomes Rachael Carruthers, head of patron services at the Butt-Holdsworth Memorial Library in Kerrville, Texas.

Rachael discusses her 15-year career at the library, emphasizing the diverse programming she helps organize, including community outreach, reference assistance, and the upcoming ‘Readers, Writers, and Books’ event. The event will feature talks from notable figures such as Kathleen Hudson, Tom Fox, and Larry Morris, covering topics like oral histories, the Hill Country author podcast, and self-publishing. Rachael highlights the vibrant literary scene in Kerrville, the library’s supportive role for local authors, and the various book clubs tailored to different interests within the community.

Key Highlights:

  • Rachael’s Role at the Library
  • Upcoming Event: Readers, Writers, and Books
  • Community Engagement and Outreach
  • Library Resources and Services
  • Book Club Events

Resources:

Butt-Holdsworth Memorial Library

Other Hill Country Focused Podcasts

Hill Country Authors Podcast

Hill Country Artists Podcast

Texas Hill Country Podcast Network

Categories
Daily Compliance News

Daily Compliance News: September 25, 2024 – The $11bn Forfeiture Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Carolyn Ellison is sentenced to 2 years in prison and forfeits $11 billion. (NYT)
  • Wagner Group used HSBC and JPMorgan for payments. (FT)
  • China probes PVH. (Reuters)
  • Wells Fargo must face a Caremark claim. (Reuters)