Author: admin

Categories
Blog

Amy Hanan – Stepping into the Spotlight

Compliance is a profession dedicated to making the world a better place, and the contributions of many inspiring women enrich it. In a recent episode of the Great Women in Compliance podcast, guest host Sarah Haddon talked with Amy Hanan, LRN’s Chief Marketing Officer, about her career journey and the lessons she has learned.

Amy’s career has been a fascinating journey marked by constant learning and seizing opportunities. As the Chief Marketing Officer for LRN, Amy has transitioned from working behind the scenes to becoming a prominent figure in the compliance community. Her path is a testament to the importance of stepping out of one’s comfort zone and embracing new challenges. Amy’s role often involves extensive travel, balancing numerous business trips with her demanding responsibilities. Despite the hectic schedule, she has found a balance that allows her to thrive professionally and personally. This balance is crucial, as Amy emphasizes integrating personal interests and relaxation into one’s routine to maintain overall well-being.

A significant milestone in Amy’s career was delivering a keynote presentation at an international compliance event. This was a departure from her usual role behind the scenes, presenting a challenge she enthusiastically embraced. Speaking at the Future of Financial Crime and Compliance Summit in London, Amy shared her insights with a large audience, marking her first keynote at an external event.

Despite initial nervousness, Amy’s confidence grew as she engaged with material things she was passionate about. This experience underscored the value of preparation and the ability to connect with an audience on deeply resonating topics. It also highlighted the importance of visual aids in guiding and focusing the audience’s attention, making the presentation more effective.

Amy’s career trajectory has been shaped by her willingness to raise her hand and take on new challenges. She recalls a pivotal moment early in her career when she volunteered to lead the implementation of a new marketing automation platform at a media company. This decision set her on a path of redefining her professional journey, emphasizing the importance of stepping up when opportunities arise.

The parallels between marketing and compliance are striking, particularly in adopting technology and data analytics. Amy draws comparisons between the evolution of marketing departments and the current trajectory of ethics and compliance teams. Both fields are transitioning from being seen as cost centers to being recognized as value creators, driven by the availability of new tools and technologies.

Amy’s approach to her role is characterized by continuous learning and adaptation. She emphasizes the importance of staying informed about industry trends, regulatory changes, and best practices. By consuming a wealth of information from various sources, including podcasts, research reports, and industry events, Amy stays ahead of the curve and brings valuable insights to her organization.

Her background in legal marketing has provided a strong foundation for understanding the intricacies of the compliance field. This knowledge, combined with her curiosity and desire to understand the motivations behind different stakeholders, enables her to make informed decisions that drive business success.

Amy’s leadership style is defined by decisiveness and a bias towards action. She believes in making decisions promptly and avoiding analysis paralysis. This approach keeps projects moving forward and empowers her team to take ownership and learn from their experiences. Amy’s ability to balance decisiveness with empathy and understanding is key to her leadership effectiveness.

Amy applies the same principles of efficiency and decisiveness in her personal life. As a single parent with a demanding career, she values her time and prioritizes activities that help her recharge and maintain a positive outlook. Exercise, in particular, plays a crucial role in her routine, allowing her to clear her mind and relieve stress.

Amy navigates a significant personal transition as she adjusts to life as a single parent. This period of self-discovery is helping her redefine her identity and understand what truly brings her joy and fulfillment. Embracing this phase with curiosity and openness, Amy is exploring new interests and finding ways to enjoy her company.

Her journey underscores the importance of resilience and adaptability in the face of change. By staying curious and open to new experiences, Amy continues to grow personally and professionally, setting an example for others in compliance.

I found Amy Hanan’s story to be a powerful reminder of the importance of embracing opportunities, continuous learning, and decisiveness in the compliance profession. Her journey from behind-the-scenes roles to becoming a keynote speaker and leader in her field highlights the transformative power of stepping out of one’s comfort zone. As compliance professionals, we can draw inspiration from Amy’s example to navigate our careers with confidence, curiosity, and a commitment to making a positive impact.

In celebrating the contributions of women like Amy Haran, the Great Women in Compliance podcast continues to inspire and empower the next generation of compliance leaders. By sharing their stories and insights, we honor the remarkable women shaping the future of compliance and making the world a better place.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Sales Incentives and Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, what is the role of sales incentives in your compliance program?

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 46 – Compliance and Culture Lessons from A Piece of the Action

In this episode of Trekking Through Compliance, we consider the episode A Piece of the Action, which aired on January 12, 1968, and occurred on Star Date 4598.1.

The Enterprise crew attempts to contact the inhabitants of planet Sigma Iotia II, whose inhabitants of Sigma Iotia II have built a culture around the book Chicago Mobs of the Twenties accidentally left behind a hundred years ago by the S.S. Horizon. At the Horizon’s visit, the noninterference directive was not in effect, so Kirk, McCoy, and Spock wondered what sort of “contamination” they would encounter. Upon arriving, they are held at gunpoint but are taken safely to the “Boss” after a machine gun attack by rival boss Krako.

There are a dozen or so Bosses, each controlling his territory. Krako, the Boss of the southside territory, also wants heaters and instructions on how to use them and offers Kirk one-third of the proceeds for their use. The Bosses are impressed by a display of the Enterprise’s firepower and agree to Kirk’s planet unification, with Oxmyx as head Boss and Krako as his Lieutenant. Spock has reservations about leaving a criminal organization in charge and wonders how Kirk plans to collect a 40% cut every year.

As the Enterprise leaves, however, McCoy realizes he has left his communicator behind in Bella’s office. The communicator contains a transtator, an integral part of all machinery in the Enterprise, so the imitative Iotians will likely have made impressive technological progress the next time the Federation visits them.

Commentary

The Enterprise crew encounters a planet’s culture based on 1920s gangsters due to a book left behind by a previous ship. Kirk and his team navigate complex political landscapes, proposing a unified leadership under Federation guidance. The episode parallels compliance in modern settings, emphasizing the importance of stakeholder engagement, cultural impact assessments, gradual policy implementation, preservation of core cultural elements, capacity building, and continuous improvement. These lessons highlight the delicate balance between cultural preservation and progress in compliance.

Key Highlights

  • Story Synopsis: A Piece of the Action
  • Fun Facts and Deeper Questions
  • Compliance Lessons from Star Trek
  • Strategies for Effective Compliance

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Into the Weeds

Compliance into the Weeds: The Convergence of Cybersecurity and Internal Controls

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into a recent SEC enforcement action involving RR Donnelley, where a cyber breach was characterized as an internal control

In this episode, we discuss how criminal activities in cyberspace are outpacing regulatory measures and the law’s ability to keep up. The conversation touches on the idea that access controls for valuable corporate assets, whether financial data or sensitive information, are becoming indistinguishable in the eyes of cybercriminals. The discussion includes a thought-provoking perspective on merging cybersecurity and anti-money laundering functions, as both deal with improper electronic transactions. The core concern is not just the breach itself, but also the prevention of data exfiltration.

Key Highlights:

  • Corporate Jewels: Money vs. Data
  • Cybersecurity and Anti-Money Laundering
  • Improper Electronic Transactions
  • Focus on Data Exfiltration
  • Conclusion: Preventing Data Theft

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
The Hill Country Podcast

The Hill Country Podcast: Dr. Brent Ringo on One Year at KISD

Welcome to award-winning The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth.

In this podcast, Hill Country resident Tom Fox visits with the people and organizations that make this the most unique area of Texas. This week, Tom welcomes back Dr. Brent Ringo of Kerrville ISD.

They discuss a significant $1.7 million donation aimed at hiring additional grade-level leaders to improve math and reading outcomes for third graders. Dr. Ringo also discusses KISD’s new early college high school designation, the community and teacher feedback processes, improvements in academic performance, and strong partnerships with local businesses and Schreiner University. Athletic and fine arts successes within the district are also highlighted.

Key Highlights:

  • Exciting Donation to KISD
  • Early College High School Designation
  • Reflections on the Past Year
  • Transparency and Accountability in Texas Public Schools
  • Partnerships with Local Businesses and Shriner University
  • Looking Forward to the Next School Year

Resources:

KISD

Other Hill Country Focused Podcasts

Hill Country Authors Podcast

Hill Country Artists Podcast

Texas Hill Country Podcast Network

Categories
Daily Compliance News

Daily Compliance News: July 17, 2024 – The Menendez Guilty Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Senator Robert Menendez is guilty.  (WSJ)
  • Carlos Watson was found guilty. (Bloomberg)
  • Deutsche Bank flouted accounting rules. (FT)
  • Does Amazon Prime Day cause injuries?  (WaPo)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Executive Compensation and Compliance Incentives

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, what is the role of executive compensation in compliance incentives?

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Great Women in Compliance

Great Women in Compliance: Amy Hanan – ‘Relentless Curiosity’ in Life and Work

While marketing professionals typically operate “behind the curtain,” Amy Hanan is taking center stage these days. As a chief marketing officer for LRN, she’s recently been a keynote speaker at a headline session for a major compliance event and is traveling the globe leading roundtables that connect top compliance & ethics professionals with the latest research trends.

Hanan’s career path has included the Associated Press (when the internet was in its infancy), along with B2B and legal marketing positions when marketing automation technology was brand new. Honing her professional skills—and her people skills—along the way, Hanan has blazed a trail in a niche where her passion for compliance and ethics serves her well.

Listen in as she talks about the things she’s learned along the way.

Highlights:

  • How raising your hand can change the trajectory of your career
  • The value of “relentless curiosity” in both life and work
  • Curating a leadership style
  • Learning from mistakes—and the power of exercise, tea & fuzzy socks

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

Navigating the New Frontier: SEC’s Enforcement Action on RR Donnelley and its Implications for Compliance

In the ever-evolving compliance landscape, the recent enforcement action by the Securities and Exchange Commission (SEC) against RR Donnelley is a significant case study. This incident underscores the importance of robust cybersecurity measures and highlights the SEC’s expanding reach into areas traditionally viewed outside its purview. As compliance professionals, understanding the intricacies of this case is crucial for adapting to the dynamic regulatory environment. Matt Kelly and I took a deep dive into the enforcement action in a recent Compliance into the Weeds episode.

RR Donnelley, a company historically known for its printing services and later for marketing services, faced an SEC enforcement action in November 2021 due to a cybersecurity breach. Hackers accessed and copied confidential corporate customer data, which was later posted on the dark web. The SEC’s main contention was that Donnelley failed to disclose this breach to investors promptly and had inadequate internal controls over its IT systems. Ultimately, the company was fined $2.1 million.

The SEC’s enforcement action was based on the premise that Donnelley’s cybersecurity measures were insufficient, leading to unauthorized access to its IT assets. Specifically, the SEC utilized provisions related to internal control over financial reporting to impose sanctions even though no direct accounting fraud or economic loss occurred. This approach represents a novel application of the SEC’s powers, using internal accounting control clauses to address cybersecurity issues.

Matt believes that the SEC’s enforcement hinged on the idea that poor cybersecurity equates to poor internal controls over assets. The SEC interpreted the Exchange Act to mean that access to a company’s assets, whether data or financial, should be controlled and authorized by management. Matt noted in his blog post that the statutory authority for that statement flows from the Exchange Act of 1934, which established the Securities and Exchange Commission and the anti-fraud securities laws we use today. The text of the Exchange Act states that companies must devise and maintain a system of internal accounting controls “sufficient to provide reasonable assurances” on four points:

  • Transactions executed according to management authorization;
  • Transactions are appropriately recorded;
  • Access to assets is permitted only according to management authorization;
  • Recorded accountability for assets is reconciled with existing assets.

The hackers’ ability to access Donnelley’s IT systems without authorization was viewed as a failure of these internal controls.

This interpretation broadens the scope of what compliance professionals must consider under the umbrella of internal controls. Traditionally, internal controls were seen in the context of financial reporting and safeguarding physical assets, most usually cash or cash equivalent. However, it is not simply cash as the only assets these requirements cover but all other corporate assets. Moreover, this case suggests that digital assets and the controls around them are equally critical.

Another critical aspect of the case was the failure to disclose the breach promptly. According to the SEC, Donnelley’s IT security team was aware of the breach but did not quickly escalate it to senior management. It took an external party’s notification for the CISO and senior executives to become fully aware and take action.

This scenario underscores the importance of having robust internal communication channels and protocols to ensure that significant cybersecurity incidents are promptly reported to senior management. Moreover, it highlights the need for transparency with investors regarding such breaches, aligning with the SEC’s mandate to protect investor interests.

Compliance professionals must now consider cybersecurity an integral part of internal control systems. Ensuring that IT systems are secure and that access to digital assets is tightly controlled should be a priority. This involves regular audits of cybersecurity measures, continuous monitoring of IT systems, and implementing robust access control mechanisms.

The case also highlights the necessity of clear and effective disclosure practices. Compliance teams should ensure that there are well-defined procedures for reporting cybersecurity incidents internally and disclosing them to investors when necessary. This might include setting up rapid response teams and informing senior management immediately of significant breaches.

Given the technical nature of cybersecurity, collaboration between compliance and IT departments is essential. Compliance officers should work closely with CISOs and IT security teams to understand potential risks and ensure appropriate controls are in place. This partnership is vital for creating a comprehensive compliance strategy that addresses traditional financial risks and emerging digital threats.

The SEC’s approach, in this case, signals that regulators are willing to use existing frameworks to address new types of risks. Compliance professionals should prepare for increased scrutiny and be proactive in ensuring their organizations meet regulatory expectations. This may involve regular training, staying updated with regulatory changes, and conducting thorough risk assessments.

The RR Donnelley case serves as a wake-up call for compliance professionals, emphasizing the need to adapt to an evolving regulatory landscape. By broadening the scope of internal controls to include cybersecurity and enhancing disclosure practices, compliance teams can better protect their organizations and meet regulatory expectations. Collaboration with IT and staying vigilant about regulatory trends will be vital to navigating this new frontier in compliance. Perhaps more ominously, Matt, in another blog post on the United Healthcare cyber-attack in Q1 2024, asked, ” If the SEC applied that theory of enforcement against Donnelley, shouldn’t that same theory now be applied against UnitedHealth? At this point, we should discuss exactly how UnitedHealth’s breach happened. Change Healthcare had not implemented multi-factor authentication on a critical computer server, which allowed attackers to use stolen employee credentials to gain access. In other words, UnitedHealth had allowed poor access control on a critical system.”

In other words, Watch This Space.

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 45 – Leadership Lessons from The Gamesters of Triskelion

In this episode of Trekking Through Compliance, we consider the episode The Gamesters of Triskelion, which aired on January 5, 1968, and occurred on Star Date 3211.7.

Kirk, Uhura, and Chekov prepare to beam down to Gamma 2 and are whisked away from the transporter platform. They are captured and fitted with “collars of obedience” by Galt, master Thrall of the planet Triskelion. Spock finds them 11.630 light-years away but is prevented from beaming down.

The providers who started all this threaten to destroy Kirk and the Enterprise, but Kirk makes a bet with the gamekeepers about his ability to survive in combat. If he wins, the Providers must free Kirk and the Thralls. If he loses, he offers the entire Enterprise crew up as Thralls. Amazingly enough, Kirk wins, even after one of the opponents is replaced by Shahna. Kirk, Chekov, and Uhura are returned to the Enterprise, leaving behind a saddened Shahna.

Commentary

The episode features Captain Kirk, Uhura, and Chekov being abducted to a planet where they are forced to participate in gladiatorial games run by the Providers. Fox delves into the storyline, discussing key plot points and the leadership and ethical lessons that can be drawn, such as ethical decision-making, effective communication, empowerment, resilience, and collaborative problem-solving. Additionally, a fun fact reveals that Sulu was initially intended to be a significant character in the episode, but George Takei’s filming commitments for ‘The Green Berets’ precluded his participation. The episode is examined for its mix of serious and lighthearted elements and Biblical allusions. Fox ties these elements back to modern compliance and leadership practices, offering valuable insights for compliance leaders.

Key Highlights

  • Episode Overview: The Gamesters of Triskelion
  • Fun Facts and Behind the Scenes
  • Leadership Lessons from The Gamesters of Triskelion

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha