YOU are at the center of The Ethics Movement—the journey to move ethics to the center of business, and build a better world in the process. Join hosts Tom Fox and Philip Winterburn as they unpack the big ideas of ethics and compliance, in the context of today’s big news stories—on The Ethics Movement. As we return to the office setting, ethics and compliance teams have a unique opportunity to reinvent the way we communicate with employees. Ronnie Feldman, founder of Learnings & Entertainments, pitches humor, storytelling, and improv as a new source of inspiration for compliance training.
Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.
Tales from the Hotline – check out some samples.
Author: admin
Tom Fox’s guest this week is Heather Buker. Heather is the Product Manager at Allgress and oversees the full life cycle of development and QA processes. She has spent her professional life in the world of computer engineering until making her way into the cybersecurity space. Tom welcomes her to this week’s show to talk about a new innovation from Allgress around authorizations to operate in the federal sector.
All About Allgress
Heather explains that Allgress is for highly regulated industries such as technology, government, and healthcare. “Allgress in general is a global provider of next generation audit, compliance, security and risk management solutions for organizations and their business partners to meet business risk objectives,” she says. Allgress enables organizations to streamline these processes and manage assessment monitoring in a more simplified way, and without the need for a contingent of consultants.
Fed Ramps & ATOs
Tom asks Heather to explain what fed ramps and ATOs are and why they’re important. Fed ramps are federal risk and management programs that are government wide. The programs provide a standardized approach to security assessments and continuous monitoring for cloud-based services. An ATO is the government giving you the authorization to operate a compliant cloud-based service. ATOs and fed ramps are necessary if you sell your service to the federal government. After acquiring your fed ramp or ATO, then you can focus on maintaining the continuous monitoring that the ATO provides.
How Allgress Maintains Your Federal ATO Effectively
“We’re going to give you the dynamic preparedness assessment; we’re going to automatically determine your impact level based on a survey; we’re going to guide you through [attaining an ATO] step by step,” Heather tells Tom. Allgress completely streamlines this process via automation and creates the audit trail that its clients need. “When the auditors come and they have questions, you’re gonna have all of the answers, and it’s going to be in the single pane of glass view that Allgress provides,” she adds. Allgress provides all the evidence and policies necessary for when you’re testing to the federal controls.
The Impact of COVID-19 & What’s Next
The pandemic put a spotlight on the need for GRC solutions and exposed those companies that didn’t have those processes in place. It was a reminder to organizations that we never know when unexpected risk may strike, how we may be impacted, and how it may affect our organizational systems. Businesses have to start preparing for unexpected risks within our organizations. Heather explains to Tom that Allgress helps with this by automating organizational and partner risk assessment and leading them in the direction of a recovery plan. Businesses also need to be putting more importance on the usability of their products.
“User adoption is something that’s so difficult to achieve when you introduce a new product to your workforce… It’s imperative that GRC solutions continue to become more user-friendly and reduce that learning curve so that users are going to adopt the technology more quickly and with ease,” Heather remarks.
Resources
Heather Buker | LinkedIn | Twitter
In today’s edition of Daily Compliance News:
- Q&A with Erin Kelly. (WSJ)
- Is this SFO still relevant? (Financial News)
- US blocks Aon-Willis Towers merger. (FT)
- SEC fighting discrimination. (Houston Chronicle)
In this episode, the Kitchen looks at EU issues Forced Labor Due Diligence Guidance for supply chains and the Kitchen takes a closer look at this latest advisory in the area of modern slavery detection and prevention.
Gwen Hassan has been championing the fight against human trafficking for quite some time. The heartwrenching story of a young girl in SouthEast Asia brought the issue to her attention, but realizing that human trafficking is also a local issue spurred her to take action. “And since that time,” Tom Fox commends her, “you have been one of the leaders to talk about this issue in the context of either supply chain and overall corporate approach or compliance programs.” In this week’s show, Tom and Gwen discuss why fighting human trafficking is a compliance issue, and where it fits in ESG.
Part of Compliance
Human trafficking takes place everywhere, including in the US. Gwen tells Tom that there’s already an existing infrastructure with regard to third-party diligence, which could be used to fight human trafficking as well. She remarks, “…Why not start using that same set of controls and processes and power to make sure they’re doing their part to root out trafficking from their supply chain as well?” Her belief is that stamping out human trafficking should be part of every corporate compliance program. “The synergy with corporate compliance really came to the forefront with the UK Modern Slavery Act,” she points out.
Why US Companies Should Care
Why should fighting human trafficking be an issue for companies who don’t trade internationally, Tom asks Gwen. “One of the biggest, kind of, eye-openers for me was learning about the extent of trafficking that’s right here in the US,” she responds. Even if your company does not do business overseas, you could still be contracting with businesses that engage in or support human trafficking. It’s imperative that you do your due diligence about third parties and even their subcontractors.
S or G?
Tom sees fighting human trafficking falling under the S in ESG. Gwen agrees that it does relate to social justice issues in a broad sense. In her opinion, it also is a G: companies should practice good governance, which includes robust third-party diligence. “The process side and the diligence aspects of a sustainable ethics and compliance program, fit very nicely with human trafficking… [and] the reasoning behind why you want to have a good program for human trafficking prevention relates back to social justice and the fair treatment of everyone who’s in your organization,” she remarks. Most business leaders immediately understand the reputational risk human trafficking poses to their companies. “Once you educate people as to the extent of the problem – the fact that it impacts everyone – it really makes a difference in their openness and their willingness to then invest,” she tells Tom. Government actions are helping the fight: once leaders know that there could be enforcement actions against them, they’re more willing to listen.
Resources
Gwen Hassan on LinkedIn | Email
In this Episode of the FCPA Compliance Report, I visit with three lawyers from Miller & Chevalier to discuss the Summer 2021 Edition. I am joined by Lauren Briggerman, Katherine Pappas and Ian Herbert. We take a deep dive into key areas of white collar enforcement and issues that every compliance, legal and business executive should be aware of going forward into the second half of 2021. Some of the highlights include:
Lauren Briggerman
- What are some of the significant developments in cartel investigations and prosecutions involving senior execs?
- What have you seen around wage-fixing and price fixing?
- Yet more prosecutions in the poultry industry. Why have we seen so many over the past few years?
- Anything new on the extradition front?
- We saw additional charges and a settlement regarding auto emissions testing fraud. Where do you see this issue internationally?
Katherine Pappas
- What has been the impact of the pandemic on white collar prosecutions?
- Where are we on government efforts to combat PPP and PPE fraud?
- Anything happening on the FCPA front with individuals?
- Do you expect to see a pickup on the corp FCPA front in the remainder of 2021?
- What does the Biden administration’s memorandum on corruption as a national security issue mean for corporations and executives?
Ian Herbert
- What did we see regarding individual prosecutions on the AML front?
- What about prosecutions for failures to set up AML compliance programs?
- What’s happening in crypto?
- Significant sentencings.
Resources
Miller & Chevalier
Lauren Briggerman
Katherine Pappas
Ian Herbert
Executive at Risk Newsletter, Summer 2021
In today’s edition of Daily Compliance News:
- Credit Suisse reaches settlement with former CEO. (WSJ)
- FTC asks for extension. (NYT)
- Hosting Olympics a very bad deal. (NYT)
- FinCEN whistleblower headed to jail. (Richmond Times)
In today’s edition of Sunday Book Review:
- Leviathan Wakes by James Corey
- Dark Matter by Blake Crouch
- The Moon is a Harsh Mistress by Robert Heinlein
- Do Androids Dream of Electric Sleep by Phillip Dick
Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity.
Exiger’s TRADES framework & maturity model is a cutting-edge, but actionable, blueprint to build a modern third-party & supply chain risk management program; over the next six episodes, I will be speaking with Exiger’s experts as we go through each layer of the TRADES framework at the tactical, program and strategic levels. We put a spotlight on transparency into your current state with Skyler Chi and Tim Stone; discuss the risk methodology with Theresa Campobasso and Matt Hayden; assess current risks with Laura Tulchin and Peter Jackson; determine mitigations with Carrie Wibben and Aaron Narva, evaluate the TRADES Framework uplift with Brandon Daniels and Josh Thiel; and end with Brandon Daniels and Erika Peters, who will give a review of supplier monitoring and close us out with an update on how government and critical industry are leading the charge using TRADES to out-pace threats and vulnerabilities while minimizing third party and supply chain risk management gaps. In this concluding episode, I am joined by Brandon Daniels, President, Global Markets and Erika Peters, Managing Director, Global Markets Group Head of Tech Transformation to look at supplier monitoring and provide some concluding remarks.
We began with the oversight and monitoring of suppliers within the vendor ecosystem, which is the final pillar the TRADES framework. Peters noted that it is the pillar which “upholds the long-term adherence to the other elements of the framework and ensures the evolution of the program overtime as the threat landscape similarly evolves and changes.” This means that an organization benefits from the clear concise data gathered on their supplier ecosystem, through stakeholder ownership with a clear risk framework.
As the Department of Justice (DOJ) has consistently made clear in other compliance areas, Peters related that companies “should ensure their view of the risk and opportunity landscape is monitored and dynamically addressed through continuous improvement.” It is more than simply a “risk assessment of a third party, which then is put on a shelf” because risks change and evolve. Both third party and external risk factors must be monitored. It allows you to react faster and “in turn minimizing the potential business impact and ultimately the bottom line.” Ongoing monitoring provides you quick insights, allowing you to be more proactive in risk management than reactive, when you find out that partnership is with a company who has reputational risks associated to it such as its owned by a sanctioned entity, fraud or corruption.
Daniels expanded on this by explaining that if you establish a high volume of transparency into your supplier network or into your distributor network, this would also lead to critical third and fourth and fifth and sixth parties that you need to monitor at this last phase. You will be able to evaluate the efficacy of the risk methodology and the risk assessment that you’re conducting on those vendors. Through the implementation of the TRADES Framework, you will have a “constant refresh of those data inputs that you created, that you curated, that you sourced in order to initially instigate your supplier monitoring, or excuse me, your supplier risk assessment. Just refreshing those data points, essentially will just constantly recalibrate, constantly monitor, constantly find those spikes that peak out to you.”
Increasingly, Daniels believes these types of risk are “not linear. They are octagonal.” He explained that an organization “could have a risk in your operational issues. You could have a risk in cyber, you could have a risk in legal, you could have a risk in reputational business dealings.” The key is that “as long as you consistently refresh those inputs that you have used in order to initially assess the priorities of risk that you have across your third party, fourth party, fifth party, six party ecosystem, then you are inherently doing supplier monitoring.”
This type of continuous review and monitoring allows you insights into the future because “you are essentially testing the things that get left behind. Those low-risk vendors, those medium risk vendors that sit below a threshold of risk tolerance and making sure that you’ve got the right risk prioritization in place to instigate an alert when you need it.” It is also more cost effective as you are able to move away from the costly retrospective two-year down the road audit. Daniels said, “These routine audits, these big projects, these million-dollar projects that we do every year in order to refresh 10,000 out of the 20,000 total vendors that we know we’ve got or to do deep due diligence on 5,000 of them randomly on an audit basis, that used to cost us so much money, we’re now doing that incrementally, turning this into a much lower operational cost for us because now we’re instigating when something changes.”
Finally, implementing this appropriately means continuously making sure that “you 1) update your data inputs, 2) making sure that you are assessing your risk framework, and 3) ensuring that as long as you don’t have major changes to your risk landscape,” you are “lowering the friction of compliance and actually make compliance of business accelerant when you have found third parties and supply chains that are able to deliver for you on time and cost effectively.”
Resources
Exiger TRADES Framework
Exiger Website
Brandon Daniels
Erika Peters