Author: admin

Categories
Everything Compliance

Episode 113 – The Replika AI Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody, and Matt Kelly who discuss a potpourri of issues. We conclude with our fan fav Shout Outs and Rants section.

1. Matt Kelly looks at ChatGPT and raises several questions for the compliance professional. He rants about Facebook and its layoffs and performance reviews.

2. Jonathan Armstrong comes in smoking on the Replika AI imbroglio in Italy and discusses his collection of comments by users of the service. He shouts out to the British Navy for the Altmark Incident in 1940, the last recorded English naval battle fought with cutlasses.

3. Tom Fox shouts out  Valentine’s Day and all those hopeless romantics out there.

4. Karen Woody looks at the new rules promulgated by the SEC on insider trading. She shouts out to the Netflix show Cunk on Earth.

5. Jay Rosen looks at the First Energy corruption scandal and the current trial of former Ohio House speaker Larry Householder. He shouts out to Stevie Van Zandt donating a do rag to California Representative Jamie Raskin to wear during his cancer treatment.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

February 23, 2023 – The Self-Disclosure Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • US states seek to block ESG investing rules. (Reuters)
  • Judge allows Wexner subpoena by mail in Epstein lawsuit. (FT)
  • Ohio speaker alleged to have used bribes money to pay for physical assaults. (Ohio Capital Journal)
  • US attorneys want more self-disclosure. (Bloomberg)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 3

In this conclusion of a three-part blog post series, we are considering how to create an effective compliance program through the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

The 7th step involves having an on-premise application for data analytics. This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools. You should consider a platform designed to be hosted and managed as a service, meaning that companies can utilize the platform without having to move large amounts of data around each month.

Under steps 8 & 9, you should run your data through a variety of libraries and test but a key is doing so without compromising their data privacy. Using data analytics to identify anomalous payments that may be indicative of corruption or fraudulent activities. This will help your organization to meet the DOJ’s expectations for an effective compliance program. It helps improve business processes, increase transparency, and reduce the risk of improper payments. Additionally, such a data analytics platform can be used to benchmark an individual company’s compliance program by identifying attributes of an improper payment.

Finally under Step 10, your organization should use a tool which also supports data visualization and dashboards that help companies analyze their compliance data in real time by quickly identifying any irregularities or anomalies that could be indicative of corruption or fraudulent activity. Your system should also provides support for automated reporting, allowing companies to easily generate reports on their compliance program. This can help companies identify areas of improvement, as well as any potential issues that should be addressed. Such visibility can extend up to the Board of Directors level which will enhance your reporting up the organization and facilitate the Board’s requirement for oversight under the Caremark Doctrine.

This approach can be used to facilitate risk assessments, helping companies to ensure that their compliance programs are up to the standards set by the DOJ. Through ongoing monitoring, it can be  used to track activities and progress in compliance over time, providing companies with a better understanding of their compliance processes, ensuring an effective way to demonstrate your compliance program is up to the standards set by the DOJ.

Data driven compliance decisions are essential for companies to meet the expectations of the DOJ This includes having access to relevant sources of data, conducting monitoring at the start and throughout the lifespan of a relationship, having an on-premise application, and self-disclosing any potential violations to the DOJ. A data analytics platform that can help companies meet these expectations, as it will provide advanced analytics and compliance monitoring that allow companies to quickly identify areas of risk and anomalies in their data. Additionally, the platform can be used to collaborate with other companies to gain insights into attributes of an improper payments to prevent fraud or even simple over-payment of vendor invoices.

Perhaps there is no better example of a data driven approach to compliance in meeting the DOJ expectations than in the 2022 ABB, Foreign Corruption Practices Act enforcement action. In it, ABB had notified the DOJ it wanted to meet and had scheduled a meeting but before ABB could come in and self-disclose, the story of ABB corruption in South Africa broke in the local news. However the DOJ credited ABB for detecting the violations and notifying the DOJ it was coming in. This went a long way towards the excellent result ABB was able to achieve in its resolution with the DOJ.

Listen to Vince Walden on Data Driven Compliance

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls: COSO Objective III: Control Activities

In its Framework Volume, COSO Control Activities “are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.” They should be performed at all levels in an organization’s process cycle.

Principle 10: Select and develops control activities.
Principle 11: Selects and develops general controls over technology.
Principle 12: Control activities established through policies and procedures.

While the objective of Control Activities should be the most familiar to the CCO or compliance practitioner, this objective demonstrates the interrelatedness of all the five COSO Objectives and the corporate functions in your organization. It is your control environment and then risk assessment that should lead you to this point. The Control Activities objective lays the groundwork for a living, breathing compliance program going forward.

This objective requires new ways of capturing, gathering, and confirming the accuracy and completeness of the information and the controls reporting it. The Control Activities regarding the necessary policies and procedures are an important consideration going forward.

Three key takeaways:

  1. Think of a “second set of eyes” as a primary control activity.
  2. SODs must always be employed.
  3. Control Activities should be performed at all levels in the business process cycle, which speaks directly to operationalizing your compliance program.
Categories
Hill Country Authors

Marilyne Cizmich – Lessons from Sonia the Cat

Welcome to the award-winning The Hill Country Authors Podcast. In this podcast, Hill Country resident Tom Fox visits with authors who live in and write up the Texas Hill Country. In this episode, I visit with the children’s author and Hill Country resident Marilyne Cizmich.

Highlights include:

●      Growing up in the Bay Area

●       Traveling around North America

●       The Kerrville Folk Festival

●      Getting a Nursing Degree

●      School Nursing in Alaska

●       A trip to Ukraine and Sonia the Cat

●       Relocating to the Hill Country

Why your business needs a podcast?

Find out at this Lunch Workshop why your business needs a podcast. The Texas Hill Country Podcast Network hosts the podcast, which will be held on Friday, March 3, from 11:30 AM CT to 1:00 PM CT at the Kroc Center. For information and registration, click here.

Categories
Great Women in Compliance

Julie Bregnard – Moving on Up

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. The Great Women in Compliance podcast’s guest for this week is Julie Bregnard, a Compliance professional who is relatively early into her career and going places fast.  Mary interviews Julie with a special focus on the job search, as Julie has just moved into a new role after five years at her first “real” job.  As discussed in the GWIC New Year episode several weeks ago to kick off 2023, the market for certain levels of Compliance staff is extremely favorable now.  Julie and Mary share some tips for further increasing job hunter success in the search.

 Julie also reflects on her time as a new graduate looking for her first job after university.  Mary asked Julie to give some tips on subject as she received a request to do an episode that is helpful to students.  Though further back in time, Mary still remembers how painful and demoralizing the search for your first professional full-time role can be and with this in mind, asked Julie to share some advice and encouragement for students on how to best stay motivated and on task throughout this time.

 As a Compliance practitioner who has been instrumental in strategizing on and delivering multiple Compliance Week events to her internal stakeholders, Julie provides some insights on what she thinks makes for a good Compliance Week and takes a broader view on how you can leverage them for ongoing dialogue in an organization.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
Daily Compliance News

February 22, 2023 – The Going Dark Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Binance secretly moved money out of the US affiliate. (Reuters)
  • Is supporting DEI now illegal in Texas? (PracticalESG)
  • SEC is becoming increasingly opaque about the whistleblower program. (KU)
  • Does PCAOB have jurisdiction over crypto audits? (WSJ)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – COSO Objective II: Risk Assessments

Objective II is designed to provide a company with a “dynamic and iterative process for identifying and assessing risks.” For the compliance practitioner, none of this will sound new or even insightful, however the Framework requires a component of management input and oversight that was perhaps not as well understood.

The objective of Risk Assessment consists of four principles.

Principle 6: Suitable objectives.

Principle 7: Identifies and analyzes risk.

Principle 8: Fraud risk.

Principle 9: Identifies and analyzes significant change.

The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 Internal Controls Framework. Obviously, risk assessments are a cornerstone of a best practices compliance program as laid out in the 2012 FCPA Guidance and in the DOJ’s Evaluation. The regulators are telling companies specifically that they should be seeing new risks that they need address because of the changes brought about by the new standard.

Three key takeaways:

  1. Risk assessments are required under the COSO 2013 Internal Controls Framework, the 2012 FCPA Guidance and almost all other best practices compliance programs.
  2. Look at your risks across your organization and not in a siloed manner.
  3. Risks, both determination and management of, changes over time so be cognizant of changes in business practices on the ground.

For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.