n today’s edition of Daily Compliance News:
- Oliver Wendall Holmes by Stephen Budiansky
- Brothers Down by Walter Borneman
- Sacred Duty by Tom Cotton
- Rise and Fall: The Story of 9/11 by Mitchell Zuckoff
Author: admin
In today’s edition of Daily Compliance News:
- Chief Executives behaving badly. (Financial Times)
- Deloitte offices raided in connection with 1MDB scandal. (Channel News Asia)
- What is leadership? (WSJ)
- What is a conflict of interest? (Wall Street Journal)
Highlights include:
- Have you checked out the new OFAC compliance program? If not see Mike Volkov’s 5-part series on Corruption, Crime and Compliance. (Part 1, Part 2, Part 3, Part 4) For those who prefer the podcast format, you can list to his podcast on the topic here.
- Hui Chen and Pam Davis weigh in on the 2019 DOF FCPA Guidance. In Bloomberg.
- Noose tighten around Credit Suisse and Privinvest in Mozambique tuna boat scandal? Rick Messick explores in Global Anti-Corruption
- What are the compliance lessons from a messy and very public food fight? Matt Kelly explores in two postings on Radical Compliance. (hereand here)
- How does scape-goating come into play in cross-border anti-corruption enforcement? Laurent Cohen-Tanugi discusses on NYU’s Compliance and Enforcement Blog.
- Jay continues his exploration of using a monitor, in his Corporate Compliance Insights
- What do dawn raids have in common with fires (at least in the UK)? Barry Vitou explores on com.
- Is Equifax about to settle for its massive data breach? Jon Rusch explores on Dipping Through Geometries.
- Why should compliance training start with a smile? Ronnie Feldman explains on Corporate Compliance Insights.
- What are the compliance lessons for hospitality around major sporting events? Tom explores in a white paper on Corporate Compliance Insights.
- This week Tom had a special 5-part podcast series sponsored by Assent Compliance on the issue of maintaining market access. Check out the following: Part 1-Introduction to Market Access; Part 2-Trade Compliance; Part 3– Continuous Monitoring; Part 4-FARs and flow downs; Part 5-Chemical and Product Compliance. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Megaphone,YouTube, Spotifyand Corporate Compliance Insights. The Compliance Podcast Network
- Join Tom in Boston for industry leading Compliance Master Class at the offices on AMI on June 11 & 12. Listeners who attend will receive a complimentary copy of The Compliance Handbook. Registration and Information is here. Join Tom, Eric Feldman, Vin DiCianni and Jay at the AMI Roundtable in Boston on June 13 for a deep dive into the DOJ’s new Evaluation of Corporate Compliance Programs-2019 Guidance. Information and registration is here.
Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.
In today’s edition of Daily Compliance News:
- BeIN Media Group CEO charged in corruption scandal. (FoxNews)
- Deutche Bank finds flaw in reporting system. (Wall Street Journal)
- Whose in your supply chain? (NYT)
- Compliance staff for banks tough to find? (Wall Street Journal)
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly (the coolest guy in compliance) and I channel our inner Bluto and Flounder to consider a recent imbroglio around food in a cafeteria led to some powerful compliance lessons.
Some of the highlights include:
- What are the ethical values of your organization?
- Why a company must give employees on the ground the flexibility to over-ride rules when ethics demands it?
- If you fire someone publicly, you need to list the true reasons?
- How does a company empower its employees?
- Why documentation is critical for multiple parts of a compliance program?
- Why an efficient and accurate investigations must be done before termination?
- How an ethical misstep can significantly harm any sized organization.
For more reading check out Matt’s two blog post on this topic “When Ethics and Policy Collide” and “More Lessons from the Lunch Lady”
In today’s edition of Daily Compliance News:
- Guyana Investigating Leases Controlled by Exxon & Tullow (Bloomberg)
- In EU 75% of those who observe illegal corp activity afraid to report it. (FT)
- KPMG to be hit by massive fine in UK. (Reuters)
- What is risk management (as in when its life or death)? (Wall Street Journal)
The conversation about gender equality cannot be held effectively without men being involved. In this episode of Great Women in Compliance, Mary Shirley visits with Mark Stanley, We invited Mark Stanley, General Counsel of Fresenius Medical Care Asia Pacific and former head of Compliance at the company to speak with us as a noted sponsor and supporter of women. We discussed the daughter effect; which is the phenomenon that men who have daughters hire significantly more women, the role of men in Compliance to advance women in the field, overcoming unconscious bias in the workplace, particularly when hiring and advice for men in high powered positions who mentor women in the wake of the #metoo movement.
Great Women in Compliance is a presentation of the Compliance Podcast Network.
In today’s edition of Daily Compliance News:
- What is ethics? Pimco and Rick Singer (WSJ)
- Big changes coming to Corporate Leniency Program? (DOJ Press Release)
- France seeks trial of former IAAF head. (Financial Times)
- Former South Africa President wants corruption charges thrown out. (Bloomberg)
It’s challenging enough to keep your own business secure. But when you also have hundreds of third-party suppliers, how can you make sure you aren’t vulnerable to attack? Joining us today is Dov Goldman, the Director of Risk and Compliance at Panorays, and on this episode, we’re talking about cybersecurity, and the strategies and measures you can put in place to keep you safe.
Panorays
Panorays automates your third-party security management. It enables you to easily view and manage the security posture of your third parties — including vendors, suppliers, business partners, agents, and other forms of intermediaries — who form an ecosystem around your company that represents you. You can continuously monitor your ecosystem, and at the same time, ensure compliance with regulations.
The New York Department of Financial Services
The NYDFS is focused on consumer protection. They regulate many thousands of financial services organizations, and they’re mandating that you do certain things to protect your consumers (for example, their confidential information) and your IT operations (for example, from hacking and other technology-driven threats).
It’s the first regulation that Dov can remember, at least in the United States, that tells you the big picture, and in some areas, specifically how to build and manage an information security and privacy program. It’s relatively new and groundbreaking, illuminating the path for many organizations.
Regulations re: third-party risk management program
You need to manage your own cybersecurity in a certain way so you can manage the cyber risk associated with your third party service providers and outsourcers. The current regulations define a series of principles to follow: from identifying and risk assessing your third party providers, to having a set minimum cybersecurity standard for your suppliers, to having due diligence process that you apply to your subcontractors, including a periodic assessment based on risk.
An added layer of complexity
If you have a set of security standards for your business, and you have third parties doing critical work for you, you would want those same standards applied to them. For all intents and purposes, they are part of your ecosystem and organization, or your “attack surface.”
The complexity comes in because while you are able to do certain things within your organization to meet your security needs, you don’t have that kind of control with a third party. You need to implement third-party assessment and risk management programs, and then negotiate with the other parties to remediate any deficiencies to meet your standards. This also needs to be done at scale, because if you have 400 service providers, this doesn’t just mean you have to look at policies and procedures 400 times, you will have to look at them 400 times every year to keep everything secure.
The Hacker’s View
At Panorays, they have what they call a 360-degree view that maps out a client’s digital assets via a smart questionnaire and through scanning your third parties. They’re finding everything you own in cyberspace, and then testing them for 10,000 (and growing!) ways hackers can penetrate your attack surface. The goal is to look for vulnerabilities across your entire ecosystem so you can remedy them immediately. After this, they scan constantly and show alerts when there’s a problem, so you can respond in real time and make sure you’re covered at all points.
Resources
Dov Goldman
Panorays
The New York Department of Financial Services
In today’s edition of Daily Compliance News:
- US spy chief says Chinese will steal your IP. (Financial Times)
- Why civility in the workplace matters. (Financial Times)
- Should you take advice from a machine? (Financial Times)
- How long has Boeing engaged in half measures? (Financial Times)
