Author: admin

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 20 – Court Martial

In this episode of Trekking Through Compliance, we consider the episode Court Martial which aired on February 2, 1967, Star Date 2947.3.

Story Synopsis

After sustaining severe damage in an ion storm, the Enterprise is forced to seek repairs at Starbase 11, where  Commodore Stone investigates the death of records officer Ben Finney, who died in the storm. Stone finds it was Kirk’s negligence that led to Finney’s death.  A trial ensues, and Kirk’s former flame Ariel Shaw is the prosecuting attorney, and Kirk seeks the services of attorney Samuel T. Cogley.

Spock discovers something amiss in the program bank of the Enterprise after he can beat the computer 5 times, even though its program should not be capable of losing. Recognizing the computer has been tampered with, they find Finney and  Kirk’s record is cleared, and Samuel Cogley takes on a new case: defending Finney.

Commentary

In this episode of ‘Trekking Through Compliance,’ host Tom Fox explores the compliance lessons learned from the ‘Star Trek’ original series episode ‘Court Martial.’ Featuring the trial of Captain Kirk for an alleged violation during an ion storm, the episode delves into themes of due process, conflicts of interest, evidence preservation, and the role of expert testimony in compliance investigations. Tom draws parallels between the show’s narrative and key compliance principles such as transparency, accountability, and whistleblower protections, providing insightful takeaways for compliance professionals.

  • The Incident at Starbase 11
  • Kirk’s Court Martial Begins
  • Spock’s Discovery and the Final Verdict
  • Compliance Lessons from Court Martial

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

 

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 3 – Defining the Effectiveness of Compliance Training

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 3, we consider the always challenging topic of defining training effectiveness with Jessica Czeczuga.

Join Tom Fox and Jessica Czeczuga from Diligent in this episode as they discuss how to make compliance training effective. Jessica shares insights from years of creating targeted training materials, emphasizing the shift from traditional classrooms to microlearning. She explains how microlearning enhances comprehension, adaptability, and retention in learners. Tom and Jessica also explore the role of testing and assessments in compliance training and showcase the power of surveys in shaping the culture of compliance within organizations. Take advantage of this informative episode that will transform how you think about compliance, train, and communicate.

Highlights Include:

  • Effective Microlearning for DOJ Training
  • Benefits of Microlearning for Corporate Training
  • The Evolution of Compliance Training Testing
  • Building a Culture of Compliance and Ethics
Notable Quotes:

“Microlearning is probably one of the most effective ways to convey content to your donors.”

“One of the things that I love about microlearning beyond all those other benefits is the ability to put together what we call a multimodal communication campaign.”

“Even with all the benefits of microlearning, there are certain situations where longer and more targeted or focused training may be necessary.”

“But I think if you have a training function and a compliance function, they should always be in communication.”

For more information, go to Diligent.com

Join us tomorrow when we review a strategy for training third parties.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Failures

Next, consider a couple of landmark failures at the Board level around bribery and corruption.

VimpelCom Ltd. In 2015 (now Veon Ltd.), the DOJ alleged that Dutch telecom VimpelCom sought to enter the telecom market through the acquisition of a local player, Unitel, as an entrée into the Uzbekistan market. Unitel made clear to VimpelCom that to have access to, obtain, and retain business in the Uzbeki telecom space, VimpelCom would have to, according to the DPA, “regularly pay Foreign Officials millions of dollars” to Gulnara Karimova, the daughter of the then President of the country. VimpelCom also acquired another entity Butzel, that was at least partially owned by an Uzbeki government official, who hid their interest through a shell company, which was known to VimpelCom. VimpelCom did not articulate a legitimate business reason for the deal and paid $60 million for Buztel.

Ultimately, VimpelCom agreed to pay approximately $800 million in fines for these activities in 2016. 

BizJet. Another FCPA enforcement action involved the Tulsa-based company BizJet International Sales and Support Inc. (BizJet), which had four senior executives convicted for their participation in a bribery scheme. But this case also involved the Board of Directions. In the Criminal Information, it stated that in November 2005:

…at a Board of Directors meeting of the BizJet Board, Executive A, and Executive B discussed with the Board that the decision of where an aircraft is sent for maintenance work is generally made by the potential customer’s director of maintenance or chief pilot, that these individuals are demanding $30,000 to $40,000 in commissions, and that BizJet would pay referral fees in order to gain market share.

In both cases, this is where the rubber hits the road. If a company is willing to commit bribery and engage in corruption to secure business, no amount of doing compliance is going to help. If senior management is ready, willing, and able to lie, cheat and steal, the Board is the final backstop to prevent such conduct. Both the VimpelCom and BizJet Boards sorely failed in their compliance duties.  

Three key takeaways:

  1. Board liability will be severe based upon similar conduct going forward.
  2. Board members must critically challenge management on its conduct.
  3. The Board is the ultimate backstop against bribery and corruption.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
Daily Compliance News

Daily Compliance News: June 21, 2023 – The Paris 2024 Olympics

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Paris 2024 Olympic offices raided in corruption probe. (ESPN)
  • It always starts at the top. (WSJ)
  • Jurisdictional issues around clawbacks. (JDSupra)
  • Palm oil industry corruption allegations. (Mongabay)
Categories
Compliance Into the Weeds

Compliance into the Weeds: A Material Weaknesses Catastrophe

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect a disastrous 10k report filed by Ammo Incorporated, exposing the company’s shocking governance and compliance breakdown. The lack of personnel, internal control processes, and proper segregation of duties are just some of the material weaknesses that led to this corporate disaster. The hosts provide insightful lessons on what companies should avoid to maintain internal governance, share tips on approaching remediation, and emphasize the importance of self-awareness among senior management and the board. Tune in to hear how this niche investigative story was uncovered, and how Twitter played a crucial role in the investigation. Don’t miss Compliance into the Weeds – the podcast that will change the way you think about governance and compliance!

 Key Highlights 

·      Material weaknesses in internal governance practices

·      Material weaknesses in operations at Ammo

·      Challenges with Ammo Inc.’s strategic shift and internal controls

·      Remediating Company Failures: Story’s Disclosure

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 2-The Value of Targted Training

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, a Principal Instructional Designer; Andrew Rincon, Global Accounts Management Advisor at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third-parties, and the role of the Board of Directors. In this Part 2, we consider the the value of targeted training with Kevin McCoy.

Navigating the complex world of international compliance requires a thorough understanding of regional regulations and a commitment to keeping your workforce informed and prepared. As a corporate compliance and ethics professional, it falls upon you to create robust training programs that cater to the specific needs of your organization across various regions. Improved engagement and effectiveness of compliance training have significant implications on both personal and professional levels, ensuring that employees understand their responsibilities and the consequences of non-compliance. This blog post will guide you through essential steps to enrich your training content, provide additional resources, and establish a successful learning culture within your organization.

Targeting training is not just a buzzword; it is a necessary step towards improving engagement and effectiveness in our compliance and ethics training programs. By understanding our audience’s needs, creating interactive content, and measuring our efforts’ impact, we can significantly improve our employees’ compliance knowledge and behavior. Let’s make a commitment to prioritize targeted training in our strategies and achieve the desired results.Here are the steps to get Improved engagement and effectiveness of compliance training.:

1. Analyze regional regulatory requirements.

2. Customize training content for specific regions.

3. Develop engaging micro-learning modules.

1. Analyze regional regulatory requirements. Compliance training can be an essential aspect of the corporate landscape, ensuring that all employees remain up-to-date on the latest regulations and company policies. However, these training programs can sometimes be perceived as bland and disconnected from the day-to-day activities of the workforce. This is why it is vital for organizations to analyze regional regulatory requirements and create targeted training that is engaging and relevant to their participants. By understanding the specific compliance concerns for each region, organizations can develop tailored content that effectively addresses the most pressing issues. This not only produces more meaningful training sessions, but also increases the likelihood of employees retaining and applying the acquired knowledge in their jobs. Kevin McCoy, noted the importance of tailoring compliance training to regional regulatory requirements. He recommended examining the distinct rules and guidelines for each area where the company operates and utilizing this information to create targeted learning initiatives. By continually monitoring and updating training materials to reflect the evolving regulatory landscape, companies can ensure their employees are equipped with the knowledge and tools necessary to navigate today’s complex business environment.

2. Customize training content for specific regions. Customizing compliance and ethics training content for specific regional requirements is a crucial factor in ensuring its effectiveness. This approach ensures that the material is relevant, precise, and engaging, leading to better retention and understanding among employees. Adapting the content to suit regional rules and regulations, customs, and culture ensures that employees are better equipped to navigate the challenges they face in their specific locations. Furthermore, it demonstrates the company’s commitment to being culturally sensitive and respecting the diverse perspectives of its global workforce. Ultimately, this targeted approach fosters a more ethical, culturally aware, and regulatory compliant workforce, lessening the likelihood of legal and ethical breaches.

McCoy focused on the importance of targeted training in the global business landscape, emphasizing you should create compliance and ethics training content that caters to different regional requirements as well as varied risk-based areas within a company. For instance, sales teams would require training around conflict of interest while manufacturing teams would need training on health and safety regulations. He discussed strategies such as animated videos tailored for specific regions and languages, using native speakers to ensure the content is culturally sensitive and accessible to a wider range of employees. By adapting the content to the specific needs of your employees you will foster a more comprehensive understanding of compliance and ethics across diverse global teams.

3. Develop engaging micro-learning modules. Developing engaging micro-learning modules is an essential step to create effective compliance and ethics training programs for employees. Micro-learning consists of short, easily digestible pieces of training content that employees can access and engage with at their own pace. Implementing micro-learning modules allows companies to address specific topics and target unique segments of their workforce, ensuring that employees receive relevant and timely information. This ultimately leads to increased employee engagement, improved retention of knowledge, and a greater overall impact on the company’s compliance program.

McCoy noted that engaging,  micro-learning modules can focus on such diverse topics such as conflict of interest, anti-bribery, and anti-corruption. These modules can also be culturally sensitive and translated into different languages using native speakers to ensure proper understanding and engagement for a global audience. Moreover, they tailor the content to target different risk-based areas in the company— sales teams may receive training on conflict of interest, whereas manufacturing teams might focus on health and safety. By providing offline training options in various formats such as PowerPoint presentations and PDFs, they further enhance accessibility and engagement.

For corporate compliance and ethics professionals, mastering the art of delivering engaging and effective training is crucial in fulfilling their obligations and safeguarding their organizations. The steps outlined by McCoy, ranging from regional adaptation and micro-learning to offline training formats and supplemental resources, provide a comprehensive blueprint for achieving the desired result. By adopting these strategies, you are laying the foundation for a solid compliance training program that not only keeps employees engaged but also actively contributes to upholding the organization’s ethical standards. It’s time to put these tips into action and experience the remarkable transformation in your compliance training initiative.

For more information go to http://diligent.com/compliancetraining.

To hear more from McCoy on the value of targeted training, click here.

Join us tomorrow where we consider the difficult subject of what is effective training.

Categories
Daily Compliance News

Daily Compliance News: June 20, 2023 – The End of CVs Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • How Huawei got caught spying and lost a $200MM contract. (Bloomberg)
  • Why JPMorgan settled. (WSJ)
  • Whistleblowing for personal revenge backfires. (WSJ)
  • AI-death of the CV? (FT)
Categories
Innovation in Compliance

Digital Commerce – Authentication and Access Management with Paul Trulove

 

In this rapidly evolving digital world, identity is at the heart of our personal and professional lives. On this week’s episode of Innovation In Compliance, Tom Fox and guest Paul Trulove, CEO of SecureAuth, explores the world of digital commerce, specifically delving into the realms of authentication and access management. Paul shares his insights on the evolution of the identity and access management space, the role of authentication in our daily lives, and the Zero Trust Initiative.

Paul Trulove is an expert in the identity and access management space, with an illustrious career spanning over 15 years. In his early career, he joined the startup SailPoint Technologies, where he helped the company evolve into a leading figure in identity governance and administration. Paul has seen and contributed to the changes within the industry up to this point where identity risk management has become a core element of our digital lives. Currently, as the CEO of SecureAuth, he oversees the company’s focus on authentication and access management.

You’ll hear Tom and Paul discuss:

  • Paul describes what authentication and access management entails and how it impacts our daily digital interactions.
  • SecureAuth is revolutionizing the authentication landscape, focusing on passwordless authentication and multi factor authentication to enhance security and reduce friction for end-users.
  • Continuous authentication is a new approach that significantly reduces the friction that a user experiences during authentication and offers varied authentication methods based on the level of risk.
  • Tom and Paul discuss the Zero Trust Initiative. This paradigm shift in security is based on the principle of trusting no one and verifying everyone, which has led to identity and access management becoming central to a zero-trust mindset.
  • Next generation authentication will lean heavily towards the principles of zero trust, passwordless authentication, and continuous authentication, Paul says. He predicts that the use of artificial intelligence and machine learning will greatly advance authentication processes, helping process more data in real time and make better decisions regarding access.
  • Paul suggests that authentication and access management has a large role in helping organizations comply with GDPR and other privacy requirements.
  • He views GDPR as a necessary step rather than a barrier to doing business in the EU, emphasizing that protecting consumer data is an essential cost of doing business.
  • Companies need to carefully consider their data collection, protection, and usage practices to maintain consumer trust and comply with regulations.

KEY QUOTES:

“Authentication and access management is a core discipline on how we let people get access to the things that they need access to in applications, data, repositories, platforms, infrastructure. Really you use authentication probably 10, 15, 20 times a day as you log into various systems… Everything that we do in our digital lives today is kind of bound by authentication. It is just a validation of who I am as a person and what I’m supposed to have access to on the back end.” – Paul Trulove

“Next generation authentication is going to continue to bind to that zero trust mindset of no longer implicitly trusting someone who says they are who they say they are. We’re going back to a model that says every single time you interact with a digital asset, I want to have a high level of assurance you are who you say you are.” – Paul Trulove

“But between now and 2030, people are going to have to plan ahead for what kinds of data they are collecting, how they’re collecting it, and ultimately how they’re protecting it and utilizing that. Otherwise they are going to run afoul of not just regulations, but maybe consumer trust. ” – Paul Trulove

Resources:

Paul Trulove on LinkedIn

SecureAuth

Categories
Data Driven Compliance

Data Driven Compliance: Igor Volovich – Compliance Therapy

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Tom welcomes Igor Volovich, the Compliance Therapy doctor from Qmulos, to discuss how to bridge gaps between compliance, security, and risk management. Volovich emphasizes the need for education and evangelism to unlock the value that compliance could offer businesses. He introduces their compliance therapy branding and highlights the importance of evidence-based compliance management through automation to improve trustworthiness. As we move towards real-time risk governance, automation is key for continuous attestation. Compliance processes have been highly manual and outdated, but regulatory bodies recognize the importance of automation in managing risks.

In the podcast, Tom dives into the need for convergence in compliance and discussing risk in real-time and translating technical terms into risk frameworks. If you’re interested in the convergence of compliance, security, and risk, check out Qmulos’ published guide and resources on their website and social media profiles. Don’t miss out on the chance to learn from the experts and continue the conversation with Igor Volovich and Tom Fox. Listen today! 

Key Highlights

·      Introduction of Compliance Therapy Expert

·      Objective Compliance Management: From Opinion to Evidence

·      Importance of trust and governance in data

·      Revolutionizing Compliance Processes with Automation

·      Effective Risk Management for Businesses 

KEY QUOTES

“Most of the folks have these really weird misconceptions about what compliance is We need to reframe the mindset to rejoin the conjoined twins of compliance and security and risk and get them back together.”

“How do we evolve from this opinion-based compliance management, to objective evidence based compliance management. That’s the question that we asked. It’s more robust. It’s more trustworthy. it’s more real. Right? We’re moving from fiction to fact.”

“Within the sphere of influence that we actually do have, how much control can you exert? How much control can you demonstrate reliably, incredibly? To me, that’s the metric. How much can you prove about what you know? Is it belief or is it true? That’s the thing that we try to focus on.”

“The ultimate answer is, of course, automation, you can’t throw more people at the problem.”

Resources:

Igor Volovich on LinkedIn 

Qmulos

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.