In today’s edition of Daily Compliance News:
Author: admin
Almost all of the world has condemned the Russian invasion of the Ukraine and I will add my small voice to that condemnation. In trying to choose what to write, I did not want to emphasize or better the geopolitical commentary, so I decided to focus on how this invasion and its attendant fallout might impact compliance professionals and programs. At this point Russia has limited its attacks to Ukraine but my fear as more EU, other Western allies and the US respond with arms and technical support to the Ukraine government and army, we might see Russia unleash its cyber warfare specialists on those who are supporting Ukraine with material and other support. This week I am writing about some of the issues a Chief Compliance Officer (CCO) needs to think about now. Today, I consider employees in Ukraine.
Many of the issues related to Ukraine are similar to those we looked at when it came to Russia. Obviously Supply Chains which are centered in or go through Ukraine will be significantly impacted. However, as you move west from Ukraine there may soon be greater disruptions into Poland and other eastern European countries as the war intensifies and continues unabated. While many US, UK and EU companies have employees in Russia, they are not now under attack. What can or should you do for your employees that are domiciled in Ukraine?
Contact and Other Information
Some of the things I learned in weather related emergencies on the Texas Gulf Coast are applicable to the current situation and some are more unique to a war-torn environment. The first thing you need to do is have a full list of all your employees, together with primary and secondary contact information. According to Remote.com this is because “it is common for means of communication to become unreliable. Your team members in Ukraine may lose access to the internet for a few hours or days at a time. If that happens, your people will need to know how to reach you. Provide a direct phone number so you do not lose contact should a member of your team lose internet access.”
Beyond this basic contact information, you should also confirm all employee information. Accurate records can be extremely important in recovery after conflict or for relocation purposes. Ascertain your organization has “the most up-to-date information for all of your team members in Ukraine, including addresses, bank account information, legal status, citizenship, and anything else that may be important.” The next step would be to “scan and store significant documents to protect against potential loss or damage. Your HR or people team should handle this duty to preserve any documents sent while maintaining the privacy and confidentiality of your” employees’ sensitive personal information.
Financial Support
Banking services will become untenable at some point. Your organization may want to provide advance funding to Ukrainian employees ahead of normal payroll cycles to assist in recovery or relocation. Even if banks, ATMs or cash points remain open they still have to be physically replenished with hard currency. Of course, internet access will become unreliable during conflict. Your employees may not be able to access their funds, or they may need to receive funds quickly and “delivered directly to accounts other than their usual bank accounts. Please keep in mind that paying for services in deemed unsecured cryptocurrencies is currently prohibited in Ukraine. As always, delivering funds outside traditional bank accounts can carry additional risks, so be careful to ensure the funds actually reach the person you are trying to help.”
There can be other forms of financial support, including giving paid time off until the situation has stabilized, or by paying for relocation costs such as hotel fees and travel expenses. Companies might also look at providing supplies to their employees including the delivery of groceries, medicine and other much needed products directly to employees. Coordinate with your employees about this option and offer to pay for any supplies they might need at this time. Lano notes, “A precondition for any further assistance is that you remain in constant contact with your employees. Several daily check-ins are advisable in exceptional situations in order to be informed first-hand about what is actually happening on site and to be able to initiate immediate actions if necessary.”
Relocation
Many of your Ukrainian employees will choose to stay in their country, but others will want to leave, either during the height of the conflict or in the event of a Russian occupation. There are already rumors of Russian kill lists. Make sure you talk to your employees about this possibility and support them in finding a new temporary home. Providing relocation assistance for your employees and their families may be one of the most critical pieces of support you can offer. This could include such services as “emergency immigration, special work permits, and emergency visas may all be options for team members wishing to leave the country.” Drawing from my experiences during the evacuation of New Orleans after Hurricane Katrina, companies who have offices in different locations might be able to source support within a local team or mobilize colleagues from different offices to connect and provide a temporary shelter.
Connections, Connections, Connections
Do not assume people want to be left alone. According to DistantJob, “The first thing you can do to help your employees affected by the Ukrainian-Russian conflict is asked them how they are doing. Make it clear that the most important thing right now is for them to be safe, so clear their schedule, and let them know they are in no obligation to attend any meetings or meet any deadlines.”
However, some people may prefer to remain in contact as usual. Allow your employees to decide what makes them most comfortable and accommodate those choices to the best of your ability. Along similar lines, obtaining reliable information inside a war zone can be problematic at best. Already many of Ukraine’s government websites were hit by cyberattacks, making it even more difficult for Ukrainians to receive communications through official channels. From outside the country, you may be able to relay information your employees will be unable to discover on their own. Watch for news that may be helpful to your employees, especially if they lose internet access. Share information you come across that may be related to providing food, water, shelter, or transportation in the areas where your employees reside.
But most importantly connect, connect and then connect more.
Next up, a look at Supply Chain issues.
The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Audrey Harris, who handled FCPA cases before the explosion of FCPA enforcement actions in the early 2000s, sat in the CCO Chair, led compliance program work back in private practice, and now as Managing Director for Global Anti-corruption, Compliance, Ethics & Non-Financial Risk at Affiliated Monitors Inc.
Audrey graduated from Central Florida with a BA, got a MA at the University of Miami, and her law degree from Georgetown. A question about whether she wanted to go to South Beach when she was a summer clerk at Kirkland & Ellis led to FCPA work and eventual partnership at Kirkland. When she began, it was a different time in FCPA enforcement, pre-2004, and the explosion in FCPA growth. In this role, she loved problem-solving and seeing patterns, and asking why (and why and why).
Resources
Audrey Harris on LinkedIn
Audrey Harris on Affiliated Monitors, Inc.
UK Sanctions on Russia
This week the Compliance Kitchen is looking at sanctions levied on Russia because of its invasion of Ukraine. Today, the UK’s first wave of sanctions on Russia in regards to Ukraine.
Consulting expert Laura Tulchin passionately advocates the implementation of ESG, working in the mantra of “minimizing risk today means optimizing opportunity.”
In this episode, she dives deep into the growing significance of ESG in the pandemic, the social and monetary advantages, the cruciality of regulation, and how ESG is looking into the future.
▶️ Optimizing ESG Opportunity in the Pandemic with Laura Tulchin
Key points discussed in the episode:
✔️ Laura Tulchin summarizes her professional and educational background.
✔️ Laura Tulchin explains the increasing relevance of ESG in the past two years. Companies with perceived good ESG performance are financially outperforming their competitors.
✔️ESG gains steam in today’s fractured social and capitalist system. Consumers are seeking purpose, even in the way they spend their money. Transparency in ESG is enough incentive for companies to step up.
✔️ The formation of the International Sustainability Standards Board in the 2021 UN Climate Change Conference was a step forward for ESG standardization. Laura Tulchin believes that we still have a long way to go. A hodge-podge of voluntary standards still remains in the ISSB, along with jurisdictional regulations in the EU.
✔️ Interpretation and analysis – or looking under the hood – are still challenging in ESG reporting. The necessary tools needed to achieve a higher level of transparency aren’t readily available. Some businesses resort to presenting a positive but generalized report to gain mass favor.
✔️ ESG isn’t a one-size-fits-all program. It’s bound to be managed in different ways across industries.
✔️Compliance lays a strong foundation for a good ESG program.
✔️ ESG should be an accurate portrayal of an organization’s social and environmental impact.
✔️ ESG isn’t just about saving the elephants. It’s also about saving your dollars. Running an ESG program brings long-term profit. Nowadays, consumers are more conscious of who they’re buying from and whether products are ethically sourced and manufactured.
✔️ ESG would soon become a natural business practice.
Laura Tulchin is an MBA with expertise in ESG risk, compliance, and governance. She has extensive experience with investment professionals, large multinationals, and financial institutions in managing risk and bringing the right frameworks, processes, and tools for risk management. She is hands-on with big-data and technology implementation experience to help clients determine strategic vulnerabilities and use data effectively to understand, measure and mitigate risk.
Connect: https://www.linkedin.com/in/laura-tulchin-b5577611/

Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world.
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:
- Data being used purely for reporting
- The data-driven approach where the data does the talking
- The process-focused approach
- The hypothesis-focused approach
There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds.
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom.
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well.
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
In today’s edition of Daily Compliance News:
-
- According to TI-CPI, Nigeria second most corrupt country in West Africa. (Business Insider Africa)
- How allowing corruption corrupts those who allow it. (The Guardian)
- Gertler offers deal to end corruption investigations. (Haaretz)
- Leak broke Ericsson corrupt payments to ISIS. (ICIJ)
This week the Compliance Kitchen is looking at sanctions levied on Russia because of its invasion of Ukraine. Today, the US introduces Comprehensive Sanctions on so-called Donetsk and Luhansk People’s Republics.

In this episode of The ESG Report, David Simon, author of the LinkedIn article ‘The “G” in ESG, is Tom Fox’s guest. They discuss the article’s content as well as the role of compliance in governance.
The Link Between a Company’s Meta-Contract and Governance
The term ‘meta-contract’ was coined by one of David’s Oxford professors, Alan Morrison. A meta-contract is what an organization is all about, including how it will and won’t do business. Governance refers to how well or how poorly a company adheres to its meta-contract. Tom mentions that monitoring this is something compliance professionals do day in and day out, and David agrees; ensuring that a company behaves consistently with its values is something compliance professionals are best at.
Incorporating Stakeholders’ Views in a Company
Once you accept stakeholder capitalism, you must ask yourself, ‘Where do I draw the line?’ To David, from an ESG perspective, the key to answering this is authenticity and integrity, “Look at your values and who your stakeholders are, and rank them in terms of priority. It’s a very individualized exercise, and it’s important for company leadership to be honest and look at who they are, and what they aspire to be.” He resists the idea of everybody fitting into the same box, because, “It’s bound to fail; I don’t think it really represents their true meta-contracts.”
The Importance of Compliance in Corporate Governance
David points out that compliance professionals are really well-suited to take the meta-contract and implement it in a way that’s enforceable and consistent throughout the organization. One of the great things about ESG is that it allows compliance to broaden its horizons. Compliance can get very focused on true compliance with the law or regulatory regimes, but there are certain violations and scandals that are worse than others, and that ties to what their meta-contract is. These violations may not be violations of the law, but rather, violations of who they are as an organization. David comments on this, “From a compliance perspective, compliance professionals need to think more broadly than just the laws; more about what their organizational meta-contract is, and take steps to avoid violating it.”
RESOURCES
Tom Fox’s email
David Simon | Twitter | LinkedIn | The “G” in ESG: Governance