Author: admin

Categories
Great Women in Compliance

Tracy Saale-From Law Enforcement to In-House

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. In today’s episode, Lisa speaks with Tracy Saale, who is Conduct Risk Management, Managing Director and Corporate Responsibility Officer at Charles Schwab.

This is her second career, and while we often hear from attorneys who have gone in-house, or were assigned to compliance, Tracy started out as a prosecutor and then at the U.S. Federal Bureau of Investigations (FBI), where she worked all over the globe, and advised in ethics and compliance during her career there. She discusses the importance of advising law enforcement officials on what is – or is not – permissible, particularly when they are dealing with criminal behavior and security issues. When she started at the FBI, they had approximately 14% women agents, and while that has increased into the 20% range, there is a way to go, so she recounts her experiences.

While Tracy was a bit guarded given her experiences with corporate malfeasance, she also was impressed with Charles Schwab, and joined them in part for that. In her in-house career, she is now seeing what so many of us see – that the majority of people are trying to do the right things – a more positive side of corporate life.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Career Can D0

Transforming Corporate Culture with Inclusion and Leadership with Eddie Turner

Mary Ann Faremouth hosts Eddie Turner, a principal consultant and executive coach at Linkage Inc, an international leadership development firm. He is a Certified Speaking Professional and ranked number six on the Top 30 list of motivational speakers by Global Gurus. Eddie is a preeminent authority on emerging leaders and is in the top 25 thought leaders in leadership. In this episode, Eddie and Mary Ann discuss the current demand for strong leadership in organizations and how it has increased over the years. Employees stay or leave based on the type of leader they work for, so effective leadership is necessary for retaining talented employees. Eddie helps organizations develop purposeful leadership by working with senior leaders in the C-suite and emerging leaders. He also identifies clear metrics for how leaders can engage and hold employees accountable.

Leaders need to adapt to a post-pandemic world that demands effective leadership for both in-office and remote employees. Eddie highlights the importance of inclusivity and how more inclusive organizations statistically outperform less inclusive ones. He notes that it is important to create a vision that can rally people across five generations and that each generation has something that is inherently valuable to them. Data and research is crucial in convincing organizations to adopt inclusion as a profitable way of doing business. 

 

Eddie’s book, 140 Simple Messages to Guide Emerging Leaders, emphasizes that everyone should be emerging as a leader, even those in top positions. He stresses the importance of continuously working to improve your leadership skills.

 

Resources

Eddie Turner LinkedIn | Twitter | Instagram | 140 Simple Messages to Guide Emerging Leaders

Eddie at Linkage, Inc (A SHRM Company)

Faremouth.com

Categories
Compliance Into the Weeds

Creating a Data Analytics Program

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into data analytics. Tom and Matt provide information on how to capture the data within the enterprise and create a road map within the framework of DOJ’s guidance. Additionally, they cover how Excel can be used and suggest giving the data “spit and polish” in order to run it through analytics programs. Compliance into the Weed’s podcast is a must-listen for anyone needing information and strategies to excel in their work.

Key Highlights

·      The Implementation of Data Analytics Programs [00:03:21]

·      The Business Relationships and Risk Assessment of Data Collection [00:07:17]

·      The Benefits of Utilizing Internal Resources for Compliance Analytics [00:10:48]

·      Organizing and Utilizing Compliance Data [00:14:42]

·      Creating a Road Map with Excel [00:18:04]

Notable Quotes

1.     “We all talk about data handling. We all say it’s important. We go here a justice department official at some conference. He or she will talk about how important data analytics is how they use data analytics. And of course, if they in the public sector can afford to do it, then certainly, we in the private sector must be able to do it. Because government has no money and if they can do it, we must be able to do it.”

2.     “It’s easy to think it’s important in the abstract, but how are you actually going to do it? That’s the part that compliance officers need to think through.”

3.     “We’re really looking for outlier transactions. We’re looking for anomalous events of some kind. We’re also looking for trend analysis to see if big huge swaths of transactions are moving in a certain direction that might be troublesome.”

4.     “You need to be, I think, maybe more on your game with devising a good business case for data analytics. It’s easy to think it’s important in the abstract, but how are you actually going to do it?”

 Resources

Matt Kelly in Radical Compliance

Categories
Daily Compliance News

March 1, 2023 – The We Are Not Corrupt Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Swiss regulator finds fault with Credit Suisse but no penalty. (WSJ)
  • Stanley Black & Decker discloses possible FCPA violations. (WSJ)
  • Turkish firm demands retraction of ‘inferred’ corruption allegation. (Bloomberg)
  • TD Bank to pay $1.2bn in 14-year-old Ponzi scheme. (NYT)
Categories
Blog

Levels of Due Diligence-Part 1

Due diligence will always be a basis of any best practices compliance program. Over the next couple of days, I will consider the levels of due diligence and detail how each category will help to inform your compliance program.

Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.

The 2020 Update to the Evaluation of Corporate Compliance Programs stated, “A well-designed compliance program should apply risk-based due diligence to its third-party relationships. Although the need for, and degree of, appropriate due diligence may vary based on the size and nature of the company, transaction, and third party, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.”

The question becomes how you use the information you obtained in the business justification and the questionnaire to determine an appropriate level of due diligence for the next step in the five-step process of third-party management. A three-step approach of varying levels of due diligence is the appropriate analysis to take going forward.

A three-step approach was discussed in Opinion Release 10-02, in which the DOJ discussed the due diligence that the requesting entity performed:

First, it [the requestor] conducted an initial screening of six potential grant recipients by obtaining publicly available information and information from third-party sources … Second, the Eurasian Subsidiary undertook further due diligence on the remaining three potential grant recipients. This due diligence was designed to learn about each organization’s ownership, management structure and operations; it involved requesting and reviewing key operating and assessment documents for each organization, as well as conducting interviews with representatives of each MFI [microfinance institution] to ask questions about each organization’s relationships with the government and to elicit information about potential corruption risk. As a third round of due diligence, the Eurasian Subsidiary undertook targeted due diligence on the remaining potential grant recipient, the Local MFI. This diligence was designed to identify any ties to specific government officials, determine whether the organization had faced any criminal prosecutions or investigations, and assess the organization’s reputation for integrity.

This Opinion Release sets out a clear break which every compliance practitioner should use in considering an appropriate level of due diligence to engage with your third-party risk management process or when considering the level of due diligence required on a potential business venture partner. A very good description of the three levels of due diligence was presented by Candice Tal, Founder and CEO of Infortal Worldwide, in an article entitled, Deep Level Due Diligence: What You Need to Know.

Level I. First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of AML, anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. Tal believes that this basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.

Level I should also consider beneficial ownership records where available, and company tax information to assess whether the third party is financially sound and in compliance with tax payments as required within its primary country of business, plus a check of perceived business risks in that country. Additionally, the third party’s website should also be reviewed; it is unusual for a company to not have a website and this can be a preliminary flag that there are issues. Tal recommends verifying that the company address also exists; a non-verifiable address should be considered a potential red flag which would indicate the need for a deeper level due diligence investigation.

Join us tomorrow as we explain Levels 2 & 3 of due diligence and conclude this blog post series.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Culture as a Foundational Internal Control

To conclude this month’s series on Internal Controls, I am joined by Vin DiCianni, Founder and CEO of AMI. We discuss how corporate culture is a foundational internal control. It is a fascinating topic that is not discussed enough by compliance professionals.

3 Key Takeaways.

  1. It must start at the top.
  2. Hiring is critical to creating and sustaining an ethical culture.
  3. Creative internal controls around culture.
Categories
The ESG Report

Towards a Unified Data Model for ESG with Luke Jacobs

Compliance with environmental regulations is not just a cost of doing business, but a business opportunity. This is the view of Luke Jacobs, the CEO and co-founder of Encamp, a software company that helps businesses track and manage ESG reporting needs. In this episode of the ESG Report, Jacobs explains how his company is creating a unified data layer that could revolutionize environmental reporting and ESG compliance in the next decade.

Luke Jacobs is the co-founder and CEO of Encamp, a software platform that helps companies maintain compliance with environmental regulations. With over a decade of experience in environmental compliance, Luke has a deep understanding of the challenges faced by businesses when it comes to regulatory compliance. Luke is committed to building a unified data layer that makes it easy for organizations to collect, aggregate and report on environmental data to regulatory bodies, with a long-term vision to expand Encamp’s reach to international jurisdictions. Under his leadership, Encamp is creating opportunities for businesses to turn regulatory compliance into a business advantage.

 

Key insights and takeaways:

  • Environmental compliance is a complex issue with federal, state, and local regulations adding layers of nuance.
  • Encamp’s software platform helps users track regulated facilities and compliance tasks, streamlining the compliance process.
  • By automating compliance data tracking and reporting, environmental teams can free up time to focus on sustainability goals and emerging regulations.
  • The data collected by EHS professionals can be a valuable asset for broader ESG reporting and analysis.
  • EHS professionals play a key role in any ESG solution and have the opportunity to increase the value they can drive into broader business initiatives.
  • ESG provides a holistic approach to business efficiency by looking at a company in a more comprehensive and data-driven way.
  • Tier 2 reporting is a set of regulations that mandates organizations holding hazardous materials over reporting quantities to collect, aggregate, and report data about their material inventories each year. It is filed by hundreds of thousands of facilities in the US each year and is used by first responders in emergency disaster response scenarios.
  • The end-to-end waste reporting system helps companies understand the waste they are producing across their entire organization at any given moment. It also enables companies to comply with regulations more easily and quickly, increase business efficiency, and align with sustainability goals.
  • Compliance with environmental regulations can be turned into a business opportunity, as it allows companies to increase efficiency and seize more market opportunities without being slowed down by antiquated processes.
  • In the next five to ten years, Encamp aims to build a unified data layer that sits between regulated organizations and regulatory bodies to make it easy to have a unified data model of environmental data. The company will also explore ways to tackle the reporting problem within ESG as ESG regulations continue to emerge and solidify.

 

KEY QUOTES:

“I do think part of this is actually turning what is viewed as a cost of doing business right now, which is maintaining compliance with your environmental regulations and using systems and technology to actually unlock efficiencies in that, so that you’re not only able to comply with all those regulations more easily and more quickly, you can actually serve the business more effectively as well.” – Luke Jacobs

 

“An emerging value driver in businesses that EHS teams are actually tapping into, is the data they’re working with is often actually some of the most useful data.” – Luke Jacobs

 

“Our end-to-end system more or less helps companies understand at each site in real-time what waste they are producing at that location.” – Luke Jacobs

 

Resources

Luke Jacobs at LinkedIn | Twitter | Email

Encamp

Categories
Blog

Dheeraj Thimmaiah on Getting Buy-In for the Use of Data Analytics

Data analytics are becoming an increasingly important part of compliance performance. But how can companies ensure they are utilizing this technology to its fullest potential? I recently visited with Dheeraj Thimmaiah, Global Director of Compliance Analytics at AB InBev, to explore how user experience is the key element to a successful compliance solution and how AB InBev has used BrewRite data analytics tool to turn compliance into a data-driven program. By focusing on middle management, AB InBev has helped drive user adoption and optimize decision-making. He will also explain how he has been able to evolve BrewRite to include features such as alerting users of sanctions-related activity and creating a Quarterly Ethics and Compliance Assurance Report.

Dheeraj suggested three steps you need to follow to garner user adoption of data analytics to facilitate:

  1. Understand your target audience and their mindset;
  2. Involve the users in the process of developing the tool; and
  3. Introduce the concept of data driven compliance with a report.

Understand your target audience and their mindset

The first step in implementing a data analytics tool successfully is understanding the target audience and their mindset. In the case of AB InBev and the development of Brew Right, this involved focusing on the middle management level, as they are the ones directly responsible for interacting with employees and ensuring the tool is used. Dheeraj explained how they worked to slowly introduce the concept of data driven compliance to the middle management and involve them in the journey by allowing them to be part of the end product. They also worked to show the business rationalization behind the tool and how it could help make their day-to-day jobs easier.

The evolution of BrewRite has also been an important part of understanding the target audience and their mindset. In other words, the User Experience or UX. Initially, BrewRite was designed with the focus on transaction monitoring and providing feedback to the machine learning model. However, the way users interact with the tool has changed with the introduction of alert mechanisms, allowing users to be proactive in identifying risks. AB InBev has also introduced the Quarterly Ethics and Compliance Assurance Report, which enables senior level managers to benchmark compliance areas across different regions and empower local fields to take corrective action.

Involve the users in the process of developing the tool

As Carsten Tams continually reminds us, it is always about the UX. Involving the users in the process of developing the tool is essential for successful adoption and use of the tool. When it comes to the development of BrewRite, AB InBev focused on the day-to-day managers who would be using the tool and saw them as a key target audience. They wanted to ensure that the tool was both simple and effective for the users. To do this, they went through a process of changing mindsets to increase adoption and involving the users in the technical processes of the tool’s maturity and evolution.

This ensured that the users were a part of the end product and allowed them to leverage the tool to its maximum value. Additionally, the development team worked to bring an overview to senior level managers by taking different regions, building measures with business leaders, and creating a Quarterly Ethics & Compliance Assurance Report. This allowed the local fields to have insights and take the right actions for corrections needed. By involving the users in the process of developing the tool, BrewRite is able to be successful and make an impact.

Introduce the concept of data driven compliance

Step 3 of the process is introducing the concept of data driven compliance with a Quarterly Ethics & Compliance Assurance Report. This step is an important part of the process, as it will help to ensure that the data analytics tool is being used effectively and efficiently by the users. The first part of this step is to understand who the target audience is. Dheeraj suggests that the target audience should be the day-to-day compliance officers and managers, as they are the ones who are closest to the business transactions that are happening and can leverage the tool to the maximum value.

The second part of this step is to provide a business rationalization for the tool beyond simply having to do it. Dheeraj explained that this was done at AB InBev by pointing to the organization’s transformation to a digitized and monetized way of decision making. The third part of this step is to focus on user adoption. A key mechanism is getting the users involved in the technical process of the maturity of the tool and even the evolution of the tool, so they will contribute to the end product. Finally, the fourth part of this step is to introduce the Quarterly Ethics & Compliance Assurance Report, which will provide senior level managers with a world map that benchmarks which areas are strong in a particular region and which areas require improvement. This will enable the local fields to take the right actions for corrections they need to do.

Data analytics are becoming increasingly important for organizations to remain compliant. Dheeraj and his team at AB InBev continue to show how a successful compliance solution begins with understanding the users and their mindset. By involving the users in the process of developing the tool, focusing on middle management, and creating a Quarterly Ethics and Compliance Assurance Report, AB InBev has been able to maximize the potential of the data analytics tool. By following the same steps and leveraging the right technology, any organization can achieve the same success.

Check out the full podcast with Dheeraj on the use of data analytics at AB InBev here.

Categories
Innovation in Compliance

Creating the Insights Lab with Zachary Coseglia

In this insightful episode of the Innovation In Compliance podcast, Tom Fox welcomes Zachary Coseglia, the founder of the Ropes & Gray Insights Lab, to talk about the creation of the unique consultancy within the law firm. Zach dives into the challenges of building a team with diverse skill sets and backgrounds for a new function like the Insights Lab. He shares the value of data analytics for compliance, and how it can be used to improve investigations and understand patterns of behavior across the organization. Zach also highlights the complexities of working in-house, including managing relationships and understanding organizational intricacies. 

With over a decade of experience in the pharmaceutical industry, healthcare, and life sciences, Zach Coseglia built a strong background in investigations, compliance analytics, and digital compliance. During his time as head of investigations in Asia Pacific for Pfizer, he came up with the idea to create an analytics and behavioral science consultancy within a law firm, which led to the birth of the Insights Lab.

 

Key takeaways from the episode include:

  • Building an analytics consultancy within a law firm or compliance department requires investment in technology and human capital. Zach brought together people with diverse skill sets, backgrounds, and experiences to build a team that reflects the needs of the consultancy being created. He combined subject matter expertise of compliance and data analytics to build the team for the Insights Lab.
  • Zach believes that to build a successful analytics consultancy within compliance, it’s important to bring in people who have done this work in other industries. He stresses that they can bring unique perspectives and experiences that can drive innovation and progress within the organization.
  • The potential of data analytics to promote a better, stronger compliance program through identifying trends, patterns of behavior, and driving efficiencies.
  • Zach reflects on his experience working in-house and highlights the challenges of managing relationships and understanding organizational intricacies. He stresses the importance of effective relationship building and an intentional and strategic approach to building new capabilities or functions within an organization.
  • Compliance is a deeply human discipline that involves shaping human behavior through policies, procedures, training, and programs. Behavioral science, cultural psychology, and behavioral economics play a critical role in compliance and ethics work.
  • Compliance programs that only focus on rules are short-sighted.
  • Human-centered design is a powerful approach to building effective compliance programs that engage with people and amplify their voices.
  • The Insight Lab at Ropes and Gray is a consultancy, analytics, behavioral science, and creative consultancy that aims to combine multidisciplinary expertise under one roof.  The lab includes a team of lawyers, data journalists, ethics experts, journalists, and specialists in cultural psychology and behavioral science. The lab has expanded beyond compliance consulting to focus on areas such as organizational culture, diversity, equity, and inclusion, and environmental social governance (ESG).
  • The team’s multidisciplinary approach can shape the future of legal work, and the lab has the potential to be a large, powerful business for Ropes and Gray.
  • Law firms are embracing multidisciplinary teams and creating their own consulting groups, with some firms recognizing the value of analytics and behavioral science consultancies.
  • The legal profession could benefit from acknowledging that other disciplines can help make it stronger.
  • Zach Coseglia and Hui Chen have started a podcast called “There Has to Be a Better Way?” which is an innovation and curiosity podcast focused on identifying better ways and people who are finding their own better ways to solve organizational challenges, such as compliance, ethics, risk, diversity, equity, inclusion, and organizational culture.

 

KEY QUOTES:

“I think that there’s a huge opportunity for us to embrace behavioral science, to embrace a more scientific point of view, to embrace the world of data in ways that actually advance our profession.” – Zach Coseglia

 

“With all of the data we had available to us, we have this opportunity to understand human behavior in ways that go beyond just the rules.” – Zach Coseglia

 

“I have felt for a long time that compliance is being treated – has been treated – as this exclusively legal, regulatory, enforcement-related exercise oftentimes led by lawyers, when in fact, compliance is a deeply human discipline.” – Zach Coseglia

 

Resources:

Zach Coseglia at R&G Insights Lab | LinkedIn 

Ropes & Gray Insights Lab | Podcast: There Has to Be a Better Way?

Categories
Data Driven Compliance

Dheeraj Thimmaiah on Creating and Using an Internal Data Analytics Tool

Data Driven Compliance is your go-to podcast to learn about the latest in business analytical tools. It is sponsored by Kona AI. In this series, host Tom Fox brings you insightful interviews with experts in digital analytics, cyber security, and more. In this episode, Tom sits down with Dheeraj Thimmaiah from AB InBev. Dheeraj talks about the development of their internal data analytics reporting tool called ‘BrewRite.’ This tool has a wide variety of applications, from its use in helping to create the compliance function’s ‘Quarterly Ethics and Compliance Assurance Report’ to alert users when activities are triggered and providing information in the case manager module. Tune in and join the conversation with Tom and Dheeraj as they talk about the future of technology and the power of data analytics in uncovering risks! 

Key Highlights

·      Using Data Analytics to Navigate the company’s compliance challenges [00:06:04]

·      AB InBev’s Internal Tool BrewRite.  [00:10:09]

·      Monitoring and Assessing Business Ethics and Compliance Risk via Quarterly Reports -[00:21:47]

 Notable Quotes

1.      “The first thing we wanted to see is, how do we kind of slowly introduce them to the concept of data program?”

2.     “For us, the words simple and effective, we want to see how people are taking their day-to-day jobs and making it much easier.”

3.     “At the end of the day, these are the people who are actually looking at a particular area, identifying the risk or mitigating risk. They’re the source of a lot of things that get done within the company. So it’s so important for us to focus on them as an audience because they’re the people who can leverage the tool to the maximum value and also, at the same time, provide us great input because the closest to the business and the transactions that are happening across the ground to evolve types of risk we are looking for so we can continue to progress.”

4.     “We want to build something like that internally, and we’ve really titled this the quarterly ethics of compliance assurance report.”

 Resources:

Connect with Dheeraj Thimmaiah on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn