Author: admin

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Frequency

What should be your organization’s compliance training frequency? How can the amount of training positively or negatively impact an overall training strategy? Unfortunately, the 2020 Update or the 2020 FCPA Resource Guide did not answer these questions. Still every company should have a “well-designed compliance program is appropriately tailored training and communications.”

Compliance professionals often think compliance training needs to be conducted very frequently, even if it means repeating the same training courses every year. Compliance training expert Shawn Rogers analogizes compliance training to an automobile’s windshield wiper system in discussing how frequently compliance training should be administered. He explained, “It would not make any sense to run your wipers constantly, even when it is not raining. First, it would be extremely annoying to the passengers. And second, eventually, it would wear out both the wiper blades and the wiper motor. It would simply be nonsensical.” Requiring overly repetitive training is like running your windshield wipers in clear weather. The learners will be annoyed; the training will be viewed as a waste of time and energy. Finally, your employees will not take training as seriously when addressing a specific situation, as the compliance training will be viewed literally and figuratively as a “check-the-box” exercise.

 Three key takeaways: 

  1. Have a well-reasoned approach to training frequency.
  2. Lengthier, more full-bodied training can be given once every three years.
  3. Shorter, more frequent compliance refreshers or reminders can be used to keep the risk top-of-mind.
Categories
Daily Compliance News

Daily Compliance News – May 24, 2023 – The Corruption Can Kill Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Supply Chain financing rules. (WSJ)
  • Shareholder activists and the culture wars. (WSJ)
  • When corruption can kill. (Food Safety News)
  • Harlan Crow to US Senate-screw you. (Reuters)
Categories
Great Women in Compliance

Great Women in Compliance – Nicole Di Schino – The Compliance Education Fanatic

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

Most E&C professionals know that you can have the best practices and policies, but if they are not understood by your employees and teams, they cannot be effective. And some of us, like today’s guest, Nicole Di Schino, help us with that next step in our training programs. She calls herself the “Compliance Education Fanatic,” and you will understand why after hearing this episode. Nicole discusses the importance of having creative and interactive training, and also how using training with a choice of a “best” answer is better than letting people pick a clear right answer.

Nicole and Lisa also talk about how different ways to communicate with and provide training for those in different generations, particularly with Gen Z.

You can find the Great Women in Compliance Podcast on the Compliance Podcast Network where you can find several other resources and podcasts to keep you up to date in the Ethics and Compliance world. You can also find the GWIC podcast on Corporate Compliance Insights where you can learn more about the podcast, stream prior episodes, and catch up on Mary’s monthly column “Living Your Best Compliance Life.”

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Compliance Training Governance Committee

One issue that needs to be considered by compliance professionals around compliance training is compliance training governance. Yet a multinational organization subject to the FCPA faces many legal and regulatory risks, and often many of those risks are “owned” by organizations outside the compliance function. How can your organization create a comprehensive compliance training program covering its risk profile?

Every multinational organization will have a broad risk portfolio typically owned across the organization. Consider compliance risk, fraud risk, reputational risk, financial accounting risk, and discrimination risk. These are a small sample of risks; many will not be “owned” by the corporate compliance function. This presents a real challenge when creating a comprehensive compliance training program covering a company’s legal, regulatory, compliance, and reputational risks. Well-know compliance training maven Shawn Rogers suggests “establishing a corporate Compliance Training Governance Committee that looks at the company’s overall risk profile and builds a cross-functional and comprehensive multi-year training plan that effectively addresses all of the risks in a company’s risk portfolio.”

A Compliance Training Governance Committee will allow your organization to effectively establish a multi-year training plan, help in vendor selection and engage in course creation. Rogers said, “One of the biggest benefits has been its predictability to the compliance training program. Every stakeholder from a risk-owning organization knows exactly when their function will have their course deployed over the three-year calendar. They can plan resources, they have a long lead-time to develop the courses, and during their off-years, they can do communications campaigns and events to keep their risk top-of-mind.”

Three key takeaways: 

  1. Why your organization should create a Compliance Training Governance Committee.
  2. Who should be on the Compliance Training Governance Committee?
  3. How should the Compliance Training Governance Committee work going forward?
Categories
Innovation in Compliance

Cybersecurity Today and Tomorrow with Patrick Hynds

Cybersecurity isn’t just the business of the future – it’s the war of today. In this episode of Innovation In Compliance, Tom Fox and guest Patrick Hynds, CEO of Pulsar Security, delve into the world of cybersecurity and its implications for organizations of all sizes. From ransomware threats to the role of government in this expanding battlefield, Patrick discusses the evolution of cyber attacks, the importance of ongoing vigilance, and practical steps businesses can take to defend themselves. Patrick unpacks the concept of the ‘Pyramid of Threats’, and discusses why continuous network maintenance is crucial for cybersecurity. He also shares his predictions on the future of global cyber threats.

Patrick Hynds is a veteran-turned-technology entrepreneur with a distinct perspective on cybersecurity. An alumnus of the prestigious military academy at West Point, Patrick served as an infantry officer in the first Gulf War. His early affinity for programming, paired with the perspective gained from his military experience, propelled him into the field of technology. In 1996, he incorporated his company, Pulsar Security, which today is a leading provider of penetration testing services, enabling organizations to identify and address their vulnerabilities.

 

Tune in to hear Tom and Patrick talk about:

  • Cybersecurity is a necessity in today’s interconnected world, impacting entities ranging from billion-dollar corporations to individual users.
  • Pulsar Security offers penetration testing or Red Team services, effectively operating as ‘hackers for hire’ to identify potential vulnerabilities in client organizations.
  • Cyberattacks are a persistent risk that need to be managed strategically, not just identified. It affects even the smallest organizations and individuals.
  • Pulsar Security’s new product, Cyber Shield, is designed to help smaller organizations manage their cybersecurity at an affordable level.
  • There is a significant shortage of cyber engineers in the industry, with an estimated 3 million positions unfilled worldwide.
  • Awareness and education are key in enhancing cybersecurity. Simple actions like enabling two-factor authentication, managing passwords effectively, and regular patching can greatly improve security.
  • The role of government in the cyber realm is evolving, with agencies like SISA and NIST offering resources and guidelines to help organizations enhance their security posture.
  • Patrick and his team developed the “Pyramid of Threats” to help people envision the cybersecurity risks they face:
    • The bottom layer of this pyramid includes script kiddies who use easily obtainable scripts to exploit vulnerabilities in systems, often leading to data theft and sales on the dark web.
    • The next level up includes people with personal grudges who are tech-savvy enough to launch attacks. They tend to focus on specific targets, making them potentially more dangerous than the script kiddies.
    • The third layer of the pyramid consists of syndicates who are primarily financially motivated. They use similar tactics to script kiddies but tend to target systems with known vulnerabilities to launch ransomware attacks, steal identities, or mine Bitcoin.
  • Patrick hosts two podcasts in which they discuss relevant cybersecurity news, breaches, and potential defenses. The objective is to help people understand what they should be worried about and how to protect themselves.
  • The most important cybersecurity defense is a strong, ongoing maintenance routine.
  • Even with changes in the cyber landscape, threats will continue to become more sophisticated. 

 

KEY QUOTES:

“For these large organizations, we provide what’s called penetration testing or Red Team services. We’ll attack them on a regular basis, sometimes on a continuous basis, to see where their vulnerabilities are. Because you can’t see your own vulnerabilities most of the time.” – Patrick Hynds

 

“We’ve developed the thing called the Pyramid of Threats. …the Pyramid of Threats is meant to try to help people envision what the risks are, who’s coming after you” – Patrick Hynds

 

“Unfortunately, I don’t think people can forget about cybersecurity. That’s never going to happen. It’s not thinking about a media campaign. Companies don’t have that luxury because the cat’s out of the bag.” – Patrick Hynds

 

Resources:

Patrick Hynds on LinkedIn | Twitter

Pulsar Security | Podcasts

 

HOOKS

Cybersecurity isn’t just the business of the future – it’s the war of today.

 

The Pyramid of Threats helps people envision the cybersecurity risks they face.

 

The most important cybersecurity defense is a strong, ongoing maintenance routine.

Categories
The ESG Report

The ESG Report – Shawn Kreloff – Anaerobic Digestion

The ESG Report podcast is hosted by Tom Fox. Looking for innovative solutions to tackle climate change? Look no further than The ESG Report! In this episode, host Tom Fox speaks with Shawn Kreloff from Bioenergy Devco, a company that harnesses the power of anaerobic digestion to turn organic waste into biogas. Shawn explains how his company has bought technology to turn methane gas into fertilizer, revolutionizing waste management for municipalities and large businesses. Bioenergy Devco builds, owns, and operates the plants and helps businesses meet or exceed their ESG goals. In addition to being eco-friendly, Bioenergy Devco’s technology has soil, air, and water quality benefits. Shawn also discusses his company’s exploration of the organic waste diversion market in the South and the impact it could have on job creation and the environment. Take advantage of this enlightening conversation on The ESG Report!

Key Highlights:

  • The innovative technology of anaerobic digestion
  • Converting Methane Gas into Soil Fertilizer
  • Anaerobic Digesters in Climate Change Mitigation
  • ESG Impact through Air, Water, and Soil Quality
  • BioEnergy DevCo’s Waste-to-Energy Potential in Southern USA

Notable Quotes:

“So, what we drill now underground in frac is organic material that’s literally been captured, you know, for, you know, millions of years.”

Resources

Shawn Kreloff on LinkedIn

Bioenergy Devco

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Malcolm Hawker and Fit for Purpose Data

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Is your company’s data fit for purpose? In this episode of the Data Driven Compliance podcast, host Tom Fox welcomes Malcolm Hawker of Profisee, a company that creates MDM software, to discuss the importance of data quality, master data management (MDM), and data governance. They also explore how proper data management can drive exceptional results, reduce costs, and ensure compliance.

Key Highlights:

  • Data must be accurate, complete, timely, and unique to be fit for purpose within an organization’s business processes.
  • Master data management (MDM) solves the “single version of the truth” problem, helping organizations maintain consistent and trustworthy data across various systems and departments.
  • Effective data governance involves creating and implementing policies and procedures related to data management to optimize value, reduce costs, and ensure compliance.
  • Regardless of technology trends, the foundation of accurate, consistent, trustworthy, and fit-for-purpose data remains essential for successful decision-making and operations.

Notable Quotes:

“Data quality is all about making sure that you have data that is fit for purpose, that can be used efficiently in operations within the business, can be accurate and consistent, and trustworthy within the analytics, the reports used by that organization.”

“My point here is that from a governance perspective, …the foundation of data quality, master data management – all the things that go into creating accurate, consistent, trustworthy, fit-for-purpose data – those things never go away.”

“Modern younger business leaders are turning to LinkedIn, and they’re turning to YouTube and podcasts for these types of insights. I need to be where the business leaders are.”

Resources:

Malcolm Hawker on LinkedIn

CDO Matters LIVE Podcast

Profisee

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Episode 115, Shout Outs and Rants

Welcome to the only roundtable podcast in compliance. Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the gang of Jonathan Marks, Matt Kelly, Jonathan Armstrong, Tom Fox, and Karen Woody.

  1. Matt Kelly shouts out to Newton Minow, the first government official to say television was a ‘vast wasteland’.
  2. Jonathan Marks shouts out to Blue Bell Ice Cream for creating the new flavor, Dr. Pepper Float.
  3. Tom Fox shouts out to Mike Shannon, who played with the St. Louis Cardinals for over 10 years, went to 3 World Series, and then had a 60-year career as an announcer with the team. He is also the only MLB player whom Tom got an autograph from.
  4. Karen Woody shouts out to the Netflix show ‘Jury Duty.’
  5. Jonathan Armstrong shouts out to all those workers who got London ready for the coronation.

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

Daily Compliance News: May 23, 2023 – The €1.2 Bn Fine Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Succession (in real life). (NYT)
  • Fired SFO investigator wins wrongful termination suit. (MLex)
  • Meta fined €1.2 billion by EU over GDPR violations (Cordery Compliance)
  • Court decision unsealed in whistleblower decision. (Bloomberg Law)
Categories
Corruption, Crime and Compliance

Five Steps to Enhance Your Sanctions Compliance Program

Is your business prepared to effectively manage and mitigate the risks associated with sanctions compliance in today’s global economic landscape? In today’s increasingly interconnected global economy, sanctions compliance is more critical than ever. Companies around the world face complex regulatory environments and unprecedented risks, requiring a comprehensive and proactive approach to sanctions compliance. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the pressing need to elevate corporate sanctions compliance programs, as well as the renewed focus on enforcement by the Department of Justice, and the practical steps every company must take to meet these evolving challenges head-on.

You’ll hear Michael talk about:

  • Companies must enhance their sanctions compliance programs. Basic programs that simply rely on screening tools are no longer sufficient. Companies need to incorporate comprehensive measures to ensure compliance with evolving sanctions laws.
  • The Department of Justice (DOJ) has escalated the enforcement of national security crimes, demonstrating a renewed focus on sanctions compliance. This shift necessitates a proactive response from companies to mitigate potential risks.
  • The OFAC has outlined five crucial elements for an effective sanctions compliance program: management commitment, risk assessment, internal controls, testing and audit, and training. Companies should familiarize themselves with these elements and incorporate them into their existing compliance programs.
  • Risk assessment is a crucial first step in compliance. Companies must review their operations holistically, assessing all touchpoints with international markets to identify potential vulnerabilities and risks.
  • Geoblocking technology is a valuable tool in sanctions compliance. Working with IT departments to develop comprehensive geoblocking capabilities can help prevent interactions with prohibited individuals or entities.
  • Thorough screening and due diligence processes are imperative, moving beyond just the results of screening tools. This ensures that companies identify and mitigate potential risks associated with sanctioned entities or countries.
  • Companies must implement effective escalation controls to ensure that any red flags identified through screening or due diligence are properly addressed and resolved.
  • End-user verifications and documentation are critical components of a robust sanctions compliance program. These procedures help ensure that the company’s products or services are not being used by sanctioned entities.
  • Annual training for employees and personnel is essential. Tailoring this training to the company’s specific risk profile ensures that all staff understand their responsibilities and the potential risks associated with non-compliance.

 

KEY QUOTES:

“Your company’s survival may depend on your ability to navigate sanctions compliance in an increasingly complex global economy.” – Michael Volkov

 

“It’s not just about checking boxes. We have to understand our touchpoints to the international markets and assess the potential risks. That’s the foundation of an effective compliance program.” – Michael Volkov

 

“Training isn’t a one-and-done task. It’s an ongoing commitment to ensure our personnel understand and can navigate the complex world of sanctions compliance.” – Michael Volkov

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group