Author: admin

Categories
The Wirecard Saga

The Wirecard Saga – Episode 40 – Phoning It In

Welcome to Season 3 of Lies, Spies & Corporate Crimes: The Wirecard Saga. The Wirecard Saga has become the world’s leading source of all things Wirecard. In The Wirecard Saga, Lies, Spies & Corporate Crimes, host Mikhail Reider-Gordon, Managing Director of Institutional Ethics & Integrity at Affiliated Monitors, looks at the biggest financial scandal in post-war Germany from a variety of angles.

In the latest episode of “The Wirecard Saga,” hosted by Mikhail Reider-Gordon, the discussion heats up as they delve into the recent developments surrounding the scandal. They highlight the minimal penalty imposed on EY, which failed to take adequate action, leading to the multi-billion-dollar corporate collapse of Wirecard, affecting stakeholders at various levels. She also discusses ongoing legal proceedings, including the upcoming proceedings and the role of KPMG’s forensic audit team during the scandal. The lack of importance given to compliance at Wirecard is also spotlighted, despite the formation of a formal compliance department. The podcast raises questions about how many missed opportunities there were to identify the fraud and why Wirecard employees didn’t take action to prevent it.

Mikhail will explore more unethical and illegal behavior, new entities highlighted through the lawsuit, and criminal charges filed against in Austria in next week’s episode. Take advantage of this exciting and informative podcast! Listen now and join the discussion.

Key Highlights:

  • Request for Courch Change from Apas
  • KaMuG Test Case
  • IAASA Assesses Penalties for Bad WUKI Audits
  • Professional Scepticism and Balance Confirmations
  • FRC Enforcement
  • KPMG Kept in the Dark
  • Two Out of 5000
  • Compliance Department of One
  • Lack of Interest in Compliance and Law
  • Sending Millions By Phone
Categories
Daily Compliance News

Daily Compliance News: May 10, 2023 – The Big Trouble in Big China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • China goes after more foreign businesses. (NYT)
  • Pakistan arrests former PM. (FT)
  • Goldman Sachs pays to end the gender discrimination suit. (Reuters)
  • The need to crunch at B-school. (Bloomberg)
Categories
Compliance Week Conference Podcast

Compliance Week 2023 Speaker Series – Ana Iacovetta – Data Analytics to Improve Compliance

In this episode of the Compliance Week 2023 Speaker Preview Podcasts series, Ana Iacovetta discusses her panel at Compliance Week 2023, “Data Analytics to Improve Compliance.”

Join Ana and her fellow panelists as they discuss the following:

  • What are the expectations for compliance professionals in using data analytics in their programs?
  • What are the government’s and compliance professionals’ lessons in creating and cultivating data-driven compliance programs?
  • Get a sense of what’s coming down the pike, including technical advancements creating opportunities for compliance, ethics, and risk professionals.

I hope you can join me at Compliance Week 2023. This year’s event will be May 15-17 at the JW Marriott in Washington, DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 18th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways from your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: ComEd 2023 Compliance Report

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking to stay updated on compliance and ethics? Look no further than Compliance into the Weeds, with co-hosts Tom Fox and Matt Kelly!

Looking to stay updated on compliance and ethics? Tune in to the Compliance into the Weeds podcast with hosts. In this episode, they tackle the corruption scandal involving ComEd and its parent Exelon, and highlight the progress made in their compliance program reforms. With the release of their second public progress report, compliance and corporate executives can learn from changing ComEd’s company culture and supply chain overhaul. The podcast also dives into integrating compliance concerns into HR processes and identifying supervisory groups that may need closer monitoring. Don’t miss out on this informative and insightful episode available now!

Key Highlights 

·      Significance of the report

·      Compliance and the Supply Chain

·      Compliance and Exit Interview

·      Using this report going forward

 Notable Quotes:

“I just have to acknowledge that state of Illinois finally convicted someone for corruption.”

“These reports provide not just simply a roadmap of how to change culture, but really a way to think through what may seem like an insurmountable problem.”

“I applaud Exelon for establishing this comprehensive supply chain risk management effort and making supply chain compliance a big part of its supply chain risk program.”

“It is compliance, which is driving overall supply chain risk management and business efficiency, which is inevitably lead will inevitably lead greater profitability if done correctly and that with a variety of other areas and companies having supply chain risk.”

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Check out our prior podcast on ComEd’s 2022 Compliance Report here

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance – Lisa Fine on Change, Culture and Community

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine.

A few years ago, Lisa committed to doing one solo episode a year, and here is the 2023 episode.  As she prepared (which is always a strange experience as it isn’t for a conversation with someone else, but a soliloquy), this became a theme of “threes” – she talks about 3 topics, all of which start with “C” the third letter of the alphabet.   These are change, culture and community.

In the change section, she gives some spoiler updates on the GWIC 2.0 format, among other things.  She also talks about some of the things on her mind about organizational culture and how that has changed – and not changed – as we continue into a post-pandemic life.  Lastly, in terms of community, she reflects on our E&C community, some exciting upcoming events and her appreciation of all of the support in moving forward from Mary and so many #GWICs.

Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program in Training and Communications – Using 360 Degrees of Compliance to Tell a Story

The 360-degree approach to compliance works with all the stakeholders in a compliance program, even the “Document, Document, and Document” stakeholders, i.e., the regulators. By using innovative techniques, one law firm came up with a mechanism to present verifiable evidence to regulators, using the basic techniques of social media in operationalizing compliance as a solution to a difficult compliance issue around, of all things, honey. This example shows how creative thinking by a lawyer in the field of import compliance led to the development of a software application using some of the concepts of social media. Once again, demonstrating the maxim that compliance practitioners (and lawyers) are only limited by their imagination, this software tool demonstrates the power of what a 360-degree view can bring to your compliance program.

Three Key Takeaways:

  1. Use the tools of social media to help tell your story of compliance.
  2. You are only limited by your imagination.
  3. Converging text, pictures, and data can be a powerful tool in compliance.
Categories
Blog

Gordon Lightfoot, Corporate Stakeholders and Compliance

Last week, we lost Canadian singer Gordon Lightfoot to Rock & Roll Heaven.  In the 70s he had a series of hits which were some of the most heartfelt songs I can recall, including Sundown, If Could Read My Mind, Carefree Highway, Canadian Railroad Trilogy and of course, The Wreck of the Edmund Fitzgerald. If you were growing up in the 70s, the minute you heard the opening lines If you could read my mind, love,/What a tale my thoughts could tell./Just like an old-time movie,/’Bout a ghost from a wishing well” and you heard the sonorous bass, you knew it was Gordon Lightfoot. According to his New York Timesobituary, “Mr. Lightfoot was a national hero, a homegrown star who stayed home even after achieving spectacular success in the United States and who catered to his Canadian fans with cross-country tours. His ballads on Canadian themes, like “Canadian Railroad Trilogy,” pulsated with a love for the nation’s rivers and forests, which he explored on ambitious canoe trips far into the hinterlands.”

For me, Lightfoot was a storyteller, creating and performing what Steve Earle called “story songs.” For me, his top story was his 1976 folk ballad about the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay.  Mike Ives, also writing in the New York Times, said “The Wreck of the Edmund Fitzgerald,” “was unusual partly because, at more than six minutes long, it was about twice as long as most pop hits. It also retold a real-life tragedy — the 1975 sinking on Lake Superior of a freighter with 29 crewmen aboard — with meticulous attention to detail.” Eric Greenberg said it was a “documentarian’s song.” It still haunts me to this day as The church bell chimed ’til it rang twenty-nine times; For each man on the Edmund Fitzgerald.

 In 2019, the Business Roundtable announced the release of the Statement on the Purpose of a Corporation (The Statement). The Statement was signed by 181 Chief Executive Officers (CEOs) who committed to lead their companies for the benefit of all stakeholders – customers, employees, suppliers, communities and shareholders. It stated:

Americans deserve an economy that allows each person to succeed through hard work and creativity and to lead a life of meaning and dignity. We believe the free-market system is the best means of generating good jobs, a strong and sustainable economy, innovation, a healthy environment and economic opportunity for all. 

Businesses play a vital role in the economy by creating jobs, fostering innovation and providing essential goods and services. Businesses make and sell consumer products; manufacture equipment and vehicles; support the national defense; grow and produce food; provide health care; generate and deliver energy; and offer financial, communications and other services that underpin economic growth. 

While each of our individual companies serves its own corporate purpose, we share a fundamental commitment to all of our stakeholders. We commit to: 

  • Delivering value to our customers. We will further the tradition of American companies leading the way in meeting or exceeding customer expectations.
  • Investing in our employees. This starts with compensating them fairly and providing important benefits. It also includes supporting them through training and education that help develop new skills for a rapidly changing world. We foster diversity and inclusion, dignity and respect.
  • Dealing fairly and ethically with our suppliers. We are dedicated to serving as good partners to the other companies, large and small, that help us meet our missions.
  • Supporting the communities in which we work. We respect the people in our communities and protect the environment by embracing sustainable practices across our businesses.
  • Generating long-term value for shareholders, who provide the capital that allows companies to invest, grow and innovate. We are committed to transparency and effective engagement with shareholders.

  Each of our stakeholders is essential. We commit to deliver value to all of them, for the future success of our companies, our communities and our country.

This Statement dramatically changed the conversation in the compliance and business communities and the wider US political debate. The Statement will gave every compliance officer, Corporate Social Responsibility (CSR) professional, ethicist and all others interested in moving the ball of corporations treating a variety of stakeholders with dignity and respect greater ammunition in fighting corporate malfeasance. It also presaged the explosive growth in ESG.

Many compliance professionals have struggled with how to implement a ‘stakeholder’ strategy which might focus on all stakeholders listed in the Statement. I was therefore intrigued by a recent article in the Harvard Business Review, entitled “How to Create a Stakeholder Strategy” which proposes a data-driven approach to design, measurement, and implementation by authors Darrell Rigby, Zach First, and Dunigan O’Keeffe.

In their article, the authors the interconnected relationship between all stakeholders, stating “that every stakeholder has an impact on other stakeholders—engaged employees improve customer satisfaction, which in turn spurs growth, and so on—many CEOs are pledging to generate benefits for all their constituents: customers, workers, suppliers, communities, and investors. But few leaders have explicit strategies for doing so; most seem to rely on intuitive approaches.” The authors’ approach is to use a data driven approach, noting that companies should “bolster data from such third parties with inside insights and gain an understanding of the interdependencies among their particular stakeholders.” From there move forward to developing “a clear description of their purpose, establish criteria for evaluating progress toward it, set priorities among stakeholders, and start measuring value creation for each group. The last step is sustaining the new strategy through cultural change and by developing supporting processes and organizational structures.”

Over the next series of blog posts, I will be exploring the authors ideas from the compliance perspective. I will you will find this blog post series timely and useful.

Tom’s Top 5 (all from YouTube)

Sundown

If Could Read My Mind

Carefree Highway

Canadian Railroad Trilogy

The Wreck of the Edmund Fitzgerald

Categories
Innovation in Compliance

The Role of Backup Systems in Cybersecurity Defense with Curtis Preston

According to Curtis Preston, Chief Technical Evangelist at Druva, cyberattacks are not a matter of “if,” but “when.” In this episode, Tom Fox. and Curtis dive into the importance of backup systems and cyber resilience to protect against ransomware and other types of cyberattacks. Curtis shares his insights on how to limit the blast radius of an attack, why you should assume a breach, and the need to have a playbook and a cyber response team in place. They also discuss the role of state-sponsored attacks in non-kinetic warfare and the need for increased cyber resilience as we approach 2030.

W. Curtis Preston has 30 years of experience in the backup and data protection industry. He started his career at MBNA, the second-largest credit card company in 1993, and has been specializing in backup servers ever since. He is currently the Chief Technical Evangelist at Druva, where he talks, writes, and hosts podcasts about data protection systems. Curtis is also known as ‘Mr. Backup’, a moniker that he adopted while writing his first book on backups.

You’ll hear Tom and Curtis discuss:

  • SaaS-based data protection systems are becoming increasingly important as more companies rely on SaaS infrastructures like Microsoft 365 and Google Workspace. Companies should not count on these providers to protect their data; they should consider using SaaS-based backup systems instead.
  • Curtis tells Tom, “There should be security interest, as well as technical and storage and network interest. All of those interests should be reflected in the implementation of such an important system as a data protection system.”
  • Ransomware attackers are now targeting backup systems directly, making it crucial for companies to modernize the security infrastructure of their backup systems. They can do this by using SaaS-based systems that come with modern security features such as multi-factor authentication, triggers and alerts, and the concept of least privilege.
  • The inefficiencies and difficulties of a typical on-premises backup infrastructure, such as overbuilding and overengineering, can be solved by using a SaaS-based system where companies only pay for what they are actually using.
  • Fire drills, or ransomware drills, can help companies develop “muscle memory” and test their incident response playbook before an actual attack occurs.
  • Role-based administration is important to limit the blast radius in case an administrator’s account is compromised. Each person involved in the backup process should have specific roles and responsibilities.
  • State-sponsored attacks on American businesses, especially from Russia, are increasing. It’s important to beef up defenses, assume breaches, and have a playbook ready to respond to ransomware attacks.
  • By 2030, cyber resilience and protection topics will increase as people become more aware of cyberattacks. Passwords will be a thing of the past, and people will have to live in a world of constant cyberattacks.
  • A robust backup plan in place with sufficient security protocols is essential to recover from a cyberattack. It’s important to have the backup system completely air-gapped from the primary network.
  • Druva is a SaaS provider that offers a backup system that is stored behind a different authentication and authorization system. The data and metadata are separated for security reasons and constantly monitored for security purposes.

KEY QUOTES:

“Today, I think the average user is so used to equipment that just works, they don’t really think as much about backup and recovery, I think, as we did back in the day.” – Curtis Preston

“By the way, I do think by 2030, passwords will be a thing of the past.” – Curtis Preston

“It’s also having a robust backup plan in place with sufficient security protocols and that when you are attacked, not if when you are attacked, they can’t take your star player out, and if it all does go down, you have a way to at least build back.” – Curtis Preston

Resources:

Curtis Preston on LinkedIn | Twitter

Backup Central | Druva

Categories
Compliance Week Conference Podcast

Billy Jacobson – A Fireside Chat with Glenn Leon

In this episode of the Compliance Week 2023 Speaker Preview Podcasts series, Billy discusses some of his fireside chats at Compliance Week 2023 with Glenn Leon, head of the Fraud Section at the DOJ, “Confronting Corporate Crime.”

Join Billy as he visits with Glenn Leon for a discussion focused on the priorities for the fraud section and what compliance professionals can expect in the coming year. Hear the DOJ’s perspective on evaluating corporate compliance programs, including implementing the DOJ’s new white-collar policies, such as violations of FCPA, and investigating complex schemes involving health care, securities, and procurement fraud.

I hope you can join me at Compliance Week 2023. This year’s event will be May 15-17 at the JW Marriott in Washington, DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 18th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways from your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link here.

Categories
Daily Compliance News

Daily Compliance News: May 9, 2023 – The Int’l ABC Court Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Will SCt kill SEC rule-making ability? (WSJ)
  • Int’l ABC court gains traction in the UK. (The Guardian)
  • Poor AML killed the bank merger. (WSJ)
  • PNF is investigating Thales over sales into India. (Bloomberg)