Categories
Great Women in Compliance

Julie Bregnard – Moving on Up

Welcome to the Great Women in Compliance Podcast, hosted by Mary Shirley and Lisa Fine. The Great Women in Compliance podcast’s guest for this week is Julie Bregnard, a Compliance professional who is relatively early into her career and going places fast.  Mary interviews Julie with a special focus on the job search, as Julie has just moved into a new role after five years at her first “real” job.  As discussed in the GWIC New Year episode several weeks ago to kick off 2023, the market for certain levels of Compliance staff is extremely favorable now.  Julie and Mary share some tips for further increasing job hunter success in the search.

 Julie also reflects on her time as a new graduate looking for her first job after university.  Mary asked Julie to give some tips on subject as she received a request to do an episode that is helpful to students.  Though further back in time, Mary still remembers how painful and demoralizing the search for your first professional full-time role can be and with this in mind, asked Julie to share some advice and encouragement for students on how to best stay motivated and on task throughout this time.

 As a Compliance practitioner who has been instrumental in strategizing on and delivering multiple Compliance Week events to her internal stakeholders, Julie provides some insights on what she thinks makes for a good Compliance Week and takes a broader view on how you can leverage them for ongoing dialogue in an organization.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
Daily Compliance News

February 22, 2023 – The Going Dark Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Binance secretly moved money out of the US affiliate. (Reuters)
  • Is supporting DEI now illegal in Texas? (PracticalESG)
  • SEC is becoming increasingly opaque about the whistleblower program. (KU)
  • Does PCAOB have jurisdiction over crypto audits? (WSJ)
Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 2

In this three-part blog post series, we are ruminating on how to create an effective compliance program through  the use of data analytics. I am joined in this exploration by Vince Walden, CEO of Kona AI and we are considering the requirements laid out by the Department of Justice (DOJ) in their recent pronouncements on best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics. Walden articulated 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at their fingertips.

Under Step 4, companies must quickly analyze their data quickly and efficiently to determine if they need to self-disclose any potential issues. By sharing the attributes across corporate siloes, companies can make their individual models perform better and improve their compliance programs. This allows companies to access the data quickly and easily, allowing them to identify potential risks and areas of improvement. It also provides insights into the effectiveness of compliance programs, allowing companies to make better informed decisions concerning their compliance.

Overall, having access to relevant sources of data is essential for an effective compliance program. Companies can gain access to data through on-premise platforms. By leveraging these sources of data, companies can ensure their compliance programs are up to date and compliant with applicable laws and regulations.

Step 5 is to conduct monitoring at the beginning and throughout the lifespan of any business  relationship or transaction cycle. This is an important step as it allows a company to identify potential issues with their compliance program and take corrective action. Monitoring should be conducted at the beginning of a relationship or transaction to ensure that all parties understand the expectations and that there is no potential for criminal activity. Monitoring should continue throughout the relationship as well, as this will allow a company to identify any changes in behavior or activity that could indicate a potential problem. This can be used to gain insights into a vendor’s financial and transactional data, which is often a key indicator of future or even potential compliance violations.

Having access to relevant sources of data and conducting monitoring throughout the lifespan of a third-party relationship will help an organization meet the expectations set by the DOJ for an effective compliance program. With the DOJ’s recent announcement of amendments to the Corporate Enforcement Policy, companies have even greater incentive to self-disclose if they uncover potential violations, all of which demonstrates an effective compliance program. A data analytics platform can help companies quickly identify understanding of the risks and monitoring these relationships regularly, companies can ensure that they are compliant with all applicable regulations and review potential issues.

With a comprehensive view of their activities, organizations can quickly identify any changes in activities, such as unusual patterns of payments or activities, which could indicate a potential problem. Through visibility into third party activities and transactions, companies are able to gain a better understanding of the compliance risk associated with their third-party relationships. Moreover, businesses have a mechanism to identify any financial or transactional red flags.

Interestingly Walden advocates having an “on-premise application” for data analytics, which is he step 6.  He believes “This is an important step, as it allows companies to keep their data secure, while still being able to use predictive analytics and other compliance monitoring tools.” It can be hosted and managed as a service, “meaning that companies can utilize the platform without having to move large amounts of data around each month.” This helps companies to gain insights from the model without compromising their data privacy. Furthermore, this platform can be used to identify anomalous payments that may be indicative of corruption or fraudulent activities.

Join us tomorrow where continue conclude our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – COSO Objective II: Risk Assessments

Objective II is designed to provide a company with a “dynamic and iterative process for identifying and assessing risks.” For the compliance practitioner, none of this will sound new or even insightful, however the Framework requires a component of management input and oversight that was perhaps not as well understood.

The objective of Risk Assessment consists of four principles.

Principle 6: Suitable objectives.

Principle 7: Identifies and analyzes risk.

Principle 8: Fraud risk.

Principle 9: Identifies and analyzes significant change.

The SEC has made it clear that companies should be expanding their view of risk in implementing the COSO 2013 Internal Controls Framework. Obviously, risk assessments are a cornerstone of a best practices compliance program as laid out in the 2012 FCPA Guidance and in the DOJ’s Evaluation. The regulators are telling companies specifically that they should be seeing new risks that they need address because of the changes brought about by the new standard.

Three key takeaways:

  1. Risk assessments are required under the COSO 2013 Internal Controls Framework, the 2012 FCPA Guidance and almost all other best practices compliance programs.
  2. Look at your risks across your organization and not in a siloed manner.
  3. Risks, both determination and management of, changes over time so be cognizant of changes in business practices on the ground.

For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

Categories
Blog

Using Data Analytics to Create an Effective Compliance Program-Part 1

I recently had the opportunity to visit with Vince Walden for the inaugural episode of the newest podcast on the Compliance Podcast Network, Data Driven Compliance. Walden is a compliance professional with 15 years of experience, who left his day job and founded Kona AI, a cutting-edge innovation for compliance professionals. Kona AI is an on-premise platform to build advanced analytics and compliance monitoring that aligns with the DOJ’s expectations.

Over this multi-part blog post series, I will be discussing how to create an effective compliance program through  the use of data analytics by considering the requirement laid out by the Department of Justice (DOJ) in their recent pronouncements on a best practices, as well as the key trends and lessons learned from enforcement actions. Finally, we will consider the speech by Kenneth Polite on the changes to the Corporate Enforcement Policy and how to meet those requirements using data analytics.

It is important for compliance professionals to make informed decisions that are driven by data to ensure that the compliance program is effective and efficient. Data-driven decisions enable compliance professionals to make decisions that are backed by evidence, allowing them to make informed decisions that are based on facts and figures rather than assumptions or guesswork. Without data, compliance professionals would be unable to accurately measure the effectiveness of their compliance program or identify potential risks or areas of non-compliance.

Data-driven decisions also allow compliance professionals to identify areas of strength and opportunities for improvement. By utilizing data, they can identify trends, patterns, and correlations that can help them understand the underlying causes of compliance issues and formulate strategies to address them. Furthermore, data-driven decisions are more likely to be accepted and supported by stakeholders, as they are based on facts and have been thoroughly researched and analyzed. Ultimately, data-driven decisions ensure that compliance professionals are making informed decisions that are in the best interests of their organization. Walden articulate 10 steps you need to follow:

  1. Assess a company’s conduct;
  2. Self-disclose;
  3. Know quickly if there is a problem or not;
  4. Have access to relevant sources of data;
  5. Conduct monitoring at the beginning and throughout the lifespan of the relationship
  6. Have an on-premise application;
  7. Look up vendors and transactions quickly;
  8. Run data through a library of corruption and fraud tests;
  9. Look at a predictive model and see if it meets the profile of an improper payment; and
  10. Have visibility into data almost at your fingertips.

Under Step 1, the assessing of your company’s conduct begins with understanding the DOJ’s  expectations for an effective compliance program. Companies should have policies and procedures in place that enable them to access relevant sources of data, conduct ongoing monitoring of third-party relationships, and hold compliance officers accountable for the effectiveness of the compliance program. Additionally, companies should ensure they have the necessary technology in place to be able to quickly conduct an analysis of their data to determine if a self-disclosure is necessary. By taking these steps, companies can ensure they are meeting the DOJ’s expectations and are in a better position to successfully self-disclose if necessary.

Finally, assessing a company’s conduct should also involve an analysis of the company’s external communications. Companies should have a process in place for responding to inquiries from the public, media, and other stakeholders, and they should ensure that all communications are accurate and timely. Additionally, companies should ensure they are regularly engaging with their stakeholders to keep them informed of any changes in their compliance policies or procedures. By taking these steps, companies can ensure they are engaging in effective external communications that foster trust and confidence in their compliance program.

Self-disclosure is a key step in achieving an effective compliance program. Walden lists this as Step 2. It is important for companies to to demonstrate their commitment to compliance and avoid possible enforcement actions. Recently Kenneth Polite reiterated the importance of self-disclosure and discussed the changes to the corporate enforcement policy. Self-disclosure is viewed as a sign of good faith and can have a major impact on the DOJ’s decision to pursue or not to pursue a case.

However, to meet this requirement under the DOJ Corporate Enforcement Policy, companies need to have access to their data quickly in order to determine if self-disclosure is necessary. This means having an on-premises platform that can quickly search through transactions, identify potential corrupt payments, and compare them to a predictive model. This will demonstrate that they have an effective compliance program for the DOJ to consider them for leniency. But it requires having access to relevant sources of data and conducting monitoring throughout the relationship with third parties. Having an analytics platform can help companies detect anomalies in their data and identify patterns in the data that can help create an effective compliance program.

In addition to self-disclosure, companies must also take steps to ensure that their compliance program is effective and meets the standards of the DOJ. Companies should have access to a streamlined technology platform that helps them manage their compliance efforts. This platform should have tools to monitor third-party relationships, identify suspicious activity, and monitor compliance efforts. An effective compliance program also requires ensuring that employees receive proper training and understanding of the company’s policies and procedures. Companies should also have an audit system in place to regularly check that their compliance program is meeting the standards of the DOJ. This audit system should include periodic assessments of the compliance program and regular reviews of third-party relationships.

Of course, if you do not know you have a problem, you organization cannot self-disclose and cannot meet the mandates to demonstrate an effective compliance program. Hence under Step 3, an organization must understand if there is a problem or not which warrants self-disclosure.  With the right technology in place, companies can monitor their compliance efforts and ensure that they are meeting the expectations of the DOJ. Additionally, companies should ensure that employees are properly trained on the company’s policies and procedures. Taking these steps can help create an effective compliance program that meets the expectations of the DOJ.

Join us tomorrow where continue our exploration of using data analytics to create an effective compliance program.

Listen to Vince Walden on Data Driven Compliance.

Categories
SBR - Authors' Podcast

Jeffrey Hayzlett on The Mirror Test

Welcome to the Sunday Book Review, the Authors Podcast! On this inaugural episode, Tom welcomes special guest Jeffrey Hazlett, the founder and CEO of C-Suite, former Chief Marketing Officer at Eastman Kodak, and a prime-time host on Bloomberg. They talked about Hayzlett’s updated version of his seminal work, The Mirror Test. They discuss Hayzlett’s 3 key elements of leadership: improvisation, talent, and bottom-line results. He also discussed his new book about Murphy the spy, which is a metaphor for the subject matter. Hazlett emphasized the importance of company culture, noting that it can be detrimental if it’s not up to par. This Sunday Book Review-Authors Podcast episode is sure to leave you inspired and well-informed about leadership! Be sure to tune in!

 Key Highlights Include:

·      Leadership lessons from The Mirror Test [00:03:55]

·      Talent and Leadership for Business Success [00:06:54]

·      Positioning Your Unique Selling Proposition [00:10:01]

·      The Necessity of Representing Different Communities in Messaging [00:13:33]

·      The Impact of Company Culture on Employee Performance [00:16:46]

 Notable Quotes

1.     “What problem are we solving? And that’s really what it is.”

2.     “You have to become a personal brand because you are. A brand is nothing but a promise delivered.”

3.     “You must be out there because you take on the brand’s attributes. The brand takes on the attributes of you.”

4.     “You have to develop the culture and understand what the culture will be like and then recruit people that are similar to your culture or at least will fit in because I’ve seen people who’ve gotten fired within weeks or days because they just didn’t fit in the culture.”

 Resources

Purchase The Mirror Test Purchase

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance-Episode 113, Shout Outs and Rants

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody, and Matt Kelly who discuss a potpourri of issues. We conclude with our fan fav Shout Outs and Rants section.

1. Matt Kelly rants about Facebook hiring 11K employees and then laying them off and then giving a large number of employees poor performance reviews.

2. Jonathan Armstrong shouts out to the British Navy for the Altmark Incident in 1940, the last recorded English naval battle fought with cutlasses.

3. Tom Fox shouts out about Valentine’s Day and all those hopeless romantics out there.

4. Karen Woody shouts out to the Netflix show Cunk on Earth.

5. Jay Rosen shouts out to Stevie Van Zandt donating a do rag to California Representative Jamie Raskin to wear during his cancer treatment.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Data Driven Compliance

Vince Walden on Taking Your Compliance Program to the Next Level Through Data Analytics

Welcome to Data Driven Compliance, the newest edition to the Compliance Podcast Network. In this podcast we will discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on the investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by Kona AI.

In our inaugural episode, I visit with Vince Walden, a forensic data analytics expert and the CEO of Kona AI, a cutting-edge compliance monitoring platform. He has a long history of consulting for white collar crime investigations and forensic data analytics. He has worked on high profile data analytical projects such as Anheuser Busch’s BrewRite platform.

Key Highlights

  1. Discover how data analytics can be used to fight global corruption and identify improper payments.
  2. Learn how data transparency and cost-effectiveness are paramount to an effective compliance program.
  3. Investigate how data analytics platforms can be used to keep organizations out of trouble and make the business better.

Notable Quotes

“Compliance professionals are now being looked at to help spearhead this initiative around business transparency, especially into their third parties or their employee activities, and sometimes even customers or distributors.”

“Getting companies to commit resources to it, it needs to be cost effective.”

“Data analytics is always a topic at the conferences, at the conferences on social media, et cetera. Gaining insights into transparency in your data is paramount to an effective compliance program.”

“Being able to make the business better by adding cash back onto the balance sheet and stopping improper payments or finding errors or stopping a corrupt payment before it’s paid, that’s all making the business better.”

 Resources:

Connect with Vince Walden on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
Innovation in Compliance

Leveraging Technology in Third-Party Risk Management with Jag Lamba and Jared Ezzell

Jag Lamba and Jared Ezzell from Certa, join Tom Fox on the Innovation In Compliance podcast to explore the essential elements of a thriving third-party risk management program. They emphasize the significance of minimizing reliance on third-party self-disclosures by utilizing technology and data. They also highlight the importance of integrating due diligence, training, and ongoing monitoring to create a comprehensive approach to risk management. The conversation extends to payment controls, charitable donations, and the integration of the program into the overall third-party risk management lifecycle. 

Jag is the founder and CEO of Certa. Jared Ezzell is the Chief Customer Officer. Certa is a third-party lifecycle management platform for procurement, compliance, and ESG. Their no-code platform provides an easy and efficient way to digitize and manage the lifecycle of all suppliers, partners, and customers. Certa’s automated onboarding, contract lifecycle management, and ESG management eliminate the procurement bottleneck, allowing companies to onboard third parties three times faster. With their cutting-edge technology, Certa is transforming the way businesses manage their third-party relationships, ensuring compliance and sustainability at every step.

 

Here are some key points Tom, Jag, and Jared talk about:

  • Jared talks about his professional background and his role at the company Certa, their products, and their customers. 
  • The hallmark of an effective anti-bribery and anti-corruption compliance program is the concept of risk assessment.
  • Jared discusses the nine elements developed by Certa for an effective compliance program.
  • The three dimensions of a complete solution for compliance risk management are full spectrum risk management, the full life cycle of the third party, and the full spectrum of third parties.
  • A successful technology transformation project should be a modular rollout, with a focus on solving the highest pain point within three months and continuously phasing the rollout to avoid becoming overwhelmed.
  • Jag and Jared clarify that while the company doesn’t play the role of creating the documentation, they provide input and help evidence the client’s defensible positioning in support of the client’s policies.
  • Jag tells Tom that the ongoing monitoring of third-party relationships requires companies to have data sources and processes in place, have a controls framework to act on information, and automate controls to handle egregious alerts.

 

KEY QUOTE:

“The ability to systematically enforce payment controls is a key common practice in successful third-party risk management.” – Jared Ezzell

 

Resources:

Jag Lamba on LinkedIn | Twitter 

Jared Ezzell on LinkedIn 

Certa