Categories
Life with GDPR

Life With GDPR: AI Regulation in The EU

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR.

In this episode, we delve into the complex provisions of the new EU AI Act, exploring its global effects and extraterritorial implications similar to the GDPR.

Tom, Jonathan and a few friends discuss the multifaceted regulatory framework, which combines elements from EU antitrust law, GDPR, and EU medical device rules, and highlight the need for transparency and compliance for AI developers and corporations using AI. We also address enforcement timelines, the importance of an AI inventory, and practical steps for compliance officers to ensure adherence to the new regulations.

Key Takeaways:

  • Overview of the EU AI Act
  • Enforcement and Compliance
  • Corporate Responsibilities and Compliance Strategies
  • Enforcement Mechanisms and Penalties
  • Practical Steps for Organizations
  • Challenges and Governance

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Blog

Training and Communications Lessons from Star Trek: The Trouble with Tribbles

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. Today, I will continue my two-week series by looking at the following Hallmarks of an Effective Compliance Program laid out by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in the FCPA Resources Guide, 2nd edition.

The Trouble with Tribbles is the most beloved episode from the original Star Trek series, renowned for its humor and an underlying message about the unintended consequences of seemingly innocuous actions. While the episode aired in 1967, its themes offer valuable insights into effective compliance programs, particularly in training and communication for compliance professionals in 2024. This blog post will explore how this entertaining episode of Star Trek aligns with the “Hallmarks of an Effective Compliance Program” and offers lessons that can be applied in today’s corporate environments.

Lesson 1: The Importance of Clear Communication

In the episode, the crew is unaware of the potential threat the tribbles pose. Lieutenant Uhura receives a tribble as a gift from Cyrano Jones, a trader, but only one communicates the risks associated with these creatures once it is too late. This oversight underscores the importance of clear and effective communication in compliance programs. Effective compliance programs ensure that all employees understand the policies and procedures that affect their roles. This requires not only the dissemination of information but also ensuring it is understood.

Communication should be clear and accessible, easy to understand, and accessible to all employees. This can be achieved through regular updates, easy-to-read materials, and translations for non-native speakers. Messaging and communications should be consistent across all levels of the organization to prevent confusion and ensure everyone is on the same page. The communications should be two-way, encouraging employees to offer feedback and ask questions to identify areas of confusion and improve understanding. This fosters an environment where employees feel comfortable discussing compliance issues.

Lesson 2: Training to Anticipate and Manage Risks

The rapid multiplication of tribbles represents a failure to anticipate and manage risk, a critical aspect of compliance. Had the crew been trained to recognize potential hazards and understand the consequences of introducing foreign species into their environment, they could have mitigated the tribbles’ impact. Training programs should help employees anticipate and manage risks before they escalate.

Some key ways include using real-world scenarios and simulations to help employees understand potential risks and how to respond to them. This approach enhances problem-solving skills and prepares employees for unforeseen challenges. Training should be regularly updated; as risks evolve, training programs must be updated to reflect new challenges and ensure employees have the tools they need to respond effectively. Finally, prioritize training in areas with the highest risk, such as data privacy, anti-corruption, and workplace safety, to ensure employees are equipped to handle these challenges.

Lesson 3: Empowering Employees Through Knowledge

The crew’s lack of knowledge about tribbles highlights the importance of empowering employees with the information they need to make informed decisions. Knowledge is a powerful tool in preventing compliance breaches and fostering a culture of accountability. As a compliance professional, you can empower employees in various ways.

You should provide comprehensive training covering all compliance aspects, from legal requirements to ethical considerations, to ensure employees understand their responsibilities and the impact of their actions. Promote a culture of continuous learning by providing resources and opportunities for employees to expand their knowledge and stay updated on compliance trends. Finally, leverage technology to deliver training efficiently and effectively. Online platforms, interactive modules, and mobile applications can make learning more engaging and accessible.

Lesson 4: The Role of Leadership in Communications

Captain Kirk’s leadership is crucial in addressing the Tribble crisis. His decisive actions and ability to coordinate his team effectively demonstrate the importance of leadership in driving compliance efforts. Leadership plays a pivotal role in fostering a culture of compliance, and corporate leaders can do so in various ways.

Lead by example, walk the walk, and do more than just talk the talk. Leaders should demonstrate a commitment to compliance by adhering to policies and procedures and setting a positive example for others. They should regularly communicate the significance of compliance and the organization’s commitment to ethical behavior through various mechanisms and media. Finally, resources should be allocated to support initiatives that promote compliance, such as training programs and awareness campaigns.

Lesson 5: Building a Culture of Accountability

The Tribble incident emphasizes the need for accountability in managing risks. A culture of accountability ensures that employees take responsibility for their actions and understand the consequences of non-compliance. Compliance professionals should employ various mechanisms to build a culture of accountability.

You should have clear expectations through policies and procedures that define roles and responsibilities clearly so employees understand what is expected of them. Implement monitoring for your policies and procedures, as well as your communication and training. This can be accomplished through monitoring tools and reporting systems to track compliance and identify areas for improvement. Finally, there must be consequences for non-compliance. Ensure that violations of compliance policies are met with appropriate consequences to reinforce the importance of accountability.

The Trouble with Tribbles may be a humorous episode of Star Trek, but it offers valuable lessons for compliance professionals. By focusing on training and communication, organizations can anticipate and manage risks effectively, empower employees through knowledge, and foster a culture of accountability and ethical behavior.

Incorporating these lessons into your compliance program can enhance its effectiveness and help your organization navigate the complexities of today’s regulatory environment. Remember that a proactive approach to compliance protects your organization from potential pitfalls, strengthens its reputation, and builds stakeholder trust.

Join us tomorrow as we consider the internal reporting and investigative lessons from the Star Trek episode The Conscience of the King.

Categories
Daily Compliance News

Daily Compliance News: August 14, 2024 – The CCO Salary Survey Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • A new CCO salary survey is out. (WSJ)
  • Will the UK finally try and clean up BVI? (Politico)
  • Bank of America tells junior bankers to ‘follow the rules’. (WSJ)
  • Texas sues GM over stealing drivers’ personal data from its cars. (Reuters)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 74 – Compliance Lessons for Emerging Technologies from Requiem for Methuselah

In this episode of Trekking Through Compliance, we consider the episode Requiem for Methuselah, which aired on February 14, 1969, and occurred on Star Date 5843.7.

The episode begins with the starship USS Enterprise seeking a rare mineral, ryetalyn, necessary to cure a Rigelian fever outbreak among the crew. They arrive on the planet Holberg 917G, which appears to be uninhabited.

Captain James T. Kirk, Mr. Spock, and Dr. Leonard McCoy beam down to the surface to search for the mineral. They soon encounter a man named Flint, who initially demands they leave. However, Flint relents when Captain Kirk explains their dire mineral needs. Flint lives in a luxurious mansion with his beautiful companion, Rayna Kapec. Flint’s advanced technology and unique artwork perplex the crew, some of which appear genuine works by long-dead Earth artists.

Captain Kirk falls in love with Rayna as McCoy and Spock work to refine the ryetalyn. He discovers that she is a sophisticated android that Flint created, who reveals himself to be immortal. Flint has lived for millennia under various identities, including those of Leonardo da Vinci and Johannes Brahms. His goal has been to create the perfect companion to alleviate his loneliness.

Captain Kirk’s growing affection for Rayna causes conflict, leading to a confrontation between Captain Kirk and Flint. The tension escalates as Rayna becomes aware of her feelings, resulting in a struggle with her emotions. This conflict ultimately causes Rayna to experience emotional overload, leading to her death.

Flint decides to relinquish his immortality and live an everyday human life. Seeing Captain Kirk’s distress over Rayna’s death, Spock gently eases his pain by telepathically inducing sleep, allowing Captain Kirk to forget his grief.

Commentary

The episode involves Kirk, Spock, and McCoy’s mission to a small planet to obtain a cure for Rigelian fever, where they encounter the mysterious Mr. Flint and his android companion Reyna. The episode highlights Flint’s immortality and ethical challenges, culminating in a tragic love story. Tom Fox further discusses compliance strategies for emerging technologies, including ethical impact assessments, responsible innovation frameworks, data privacy, algorithmic fairness, and human-centric design. These insights are aimed at helping compliance professionals ensure ethical and accountable technology development. Tune in for a comprehensive analysis and valuable compliance lessons from this classic Star Trek episode.

Key Highlights

  • Key Plot Points and Analysis
  • Fun Facts and Continuity
  • Compliance Lessons from Requiem for Methuselah

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Compliance Into the Weeds

Compliance into the Weeds: Securing Compliance: How CCO’s Can Combat Internal Sabotage

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into some of the nettlesome internal challenges faced by many Chief Compliance Officers (CCOs) in today’s corporate environment.

On Compliance into the Weeds, Tom and Matt discuss the various challenges that CCOs face within organizations. They delve into stories of how senior management, particularly General Counsels (GCs) and Chief Financial Officers (CFOs), can sometimes undermine compliance efforts. The conversation explores issues such as budget cuts, restrictive vendor usage, structural impediments, passive-aggressive behaviors, and direct interference in investigations. They also consider potential solutions and strategies for CCOs to better navigate these struggles and ensure the effectiveness of compliance programs.

Key Highlights:

  • Budgetary Constraints and Sabotage
  • Interference in Investigations
  • Structural Impediments to Compliance
  • Undermining by Engagement and Assignment
  • Advice Going Forward

Resources:

Matt in Radical Compliance

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance: Andrea Goulet on Empathy as a Technical Skill

In this Great Women in Compliance episode, Hemma visits Andrea Goulet, host of the Empathy in Tech podcast and one of the industry’s foremost experts on software team communication and collaboration. Andrea has developed a practical framework for teaching empathy as a technical skill for machines and humans through that work.

Highlights include a research-backed exploration into empathy as a technical skill, not just a psychic ability. Andrea reminds us that the most important first step for empathy is a pause and reappraisal, and she invites us to mirror the process by which we communicate through software: Collect, Connect, Communicate. In this way, she explains that every domain has a technical and human element. Given that empathy drives decision-making, Andrea shows how empathy, as a technical skill, is inextricably linked to ethical decision-making.

About Andrea:

Andrea Goulet is one of the software industry’s foremost experts on software team communication and collaboration. She has delivered keynotes and training worldwide and empowered over 75,000 people to create better software by approaching empathy as a technical skill.

Andrea served as the Co-Founder and CEO of Corgibytes, a software consultancy specializing in modernizing mission-critical software systems for over a decade. Her approach of using empathy to maintain healthy software systems and corporate culture has had an industry-wide impact. In 2017, LinkedIn named her one of the Top 10 People in Software Under 35, and her work has been featured in prominent industry publications.

Andrea is currently working on her first book, Empathy-Driven Software Development, through Pearson Publishing. She is the founder of the online community and podcast Empathy in Tech.

#GWIC is proud to announce that it has been nominated for the Women in Podcast Awards.  This is a people’s choice award and whether you vote for #GWIC or other nominees, we ask that you send the elevator back down by voting. Voting opens August 1, 2024, and details can be found on the #GWIC LinkedIn page at http://www.linkedin.com/groups/12156164

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Using Social Media to Innovate in Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we explore how your organization can use social media to innovate and comply.

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Blog

Risk Assessment Lessons from Star Trek: Balance of Terror

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. Today, I continue my two-week series, looking at the following 10 hallmarks of an effective compliance program as laid out by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in the FCPA Resources Guide, 2nd edition.

The episode Balance of Terror serves as an excellent example of risk assessment. This episode showcases the complexities and importance of evaluating risks in high-stakes situations. In this episode, the USS Enterprise is patrolling the Romulan Neutral Zone when they discover that a series of outposts have been mysteriously destroyed. The Enterprise encounters a Romulan Bird-of-Prey equipped with a powerful cloaking device and an advanced weapon capable of destroying planets. Captain Kirk must assess the risks of engaging the Romulan ship while preventing a potential war. What are some of the key risk assessment lessons?

The Risk is the Romulan threat to the Federation. The episode opens with the Enterprise facing an unknown enemy, the Romulans. This unknown factor presents a significant risk because of the Romulan’s uncertain capabilities. Their technology and tactics are shrouded in mystery, and there is a clear potential for escalation, as any misstep could lead to a full-blown war. Equally important is the impact on Federation security, as the Romulans’ aggressive actions threaten the Federation’s and its citizens’ safety.

Lesson 1 – Identifying Risks

The Enterprise crew must identify the nature and source of the threat the Romulan ship poses. This involves gathering intelligence on the Romulans’ capabilities, tactics, and intentions despite limited information. The risk assessment lesson is that effective risk assessment begins with identifying potential threats and vulnerabilities. Organizations must gather relevant data to understand the nature and scope of risks they face. This includes external threats, such as competitors or geopolitical issues, and internal vulnerabilities, such as process inefficiencies or compliance gaps.

Lesson 2 – Assessing the Risk

Captain Kirk must evaluate the Romulan threat, considering the immediate danger to the Enterprise and the broader implications of a conflict with the Empire. Captain Kirk and his crew engage in a meticulous risk assessment process to gather intelligence by analyzing the Romulan vessel’s capabilities and tactics and then devising a plan to counter the Romulan threat, including deploying a decoy and using deception tactics.

The possibility of igniting a war demands careful consideration of the consequences of each action. The risk assessment lesson is that assessing the potential impact of identified risks is crucial for prioritizing response strategies. Organizations should evaluate the possible consequences of risks in terms of financial loss, reputational damage, operational disruption, and legal implications. Understanding the severity and likelihood of risks helps in developing appropriate mitigation plans.

Lesson 3 – Developing a Risk Mitigation Strategy

Kirk and his crew analyze various response options, weighing the pros and cons of engaging the Romulan ship versus maintaining a defensive stance. They consider strategic maneuvers, potential diplomatic outcomes, and the risks of escalation. The risk assessment lesson is that a comprehensive risk assessment involves analyzing available response options and their associated risks. Organizations should explore different scenarios and develop contingency plans to address potential threats. This includes evaluating the effectiveness and feasibility of risk mitigation strategies and determining the best course of action.

Lesson 4 – Decision-Making Under Uncertainty

Kirk must make critical decisions under conditions of uncertainty, with incomplete information about the Romulans’ intentions and capabilities. Logically and intuition guide his choices, balancing immediate tactical needs with long-term strategic goals. The risk assessment lesson often involves making decisions with limited information. Organizations should develop frameworks for decision-making under uncertainty, incorporating quantitative data and qualitative insights. Open communication and collaboration among stakeholders can enhance the decision-making process.

Lesson 5 – Monitoring and Continuous Improvement

As the situation evolves, Kirk continuously monitors the actions of the Romulan ship and adjusts his strategy accordingly. His ability to adapt to changing circumstances is crucial to the Enterprise’s survival. The lesson in risk assessment is that it is an ongoing process that requires continuous monitoring and adjustment. Organizations should establish mechanisms for tracking the effectiveness of risk mitigation efforts and be prepared to adapt strategies as new information emerges. Regular reviews and updates to risk assessments help ensure that organizations remain responsive to dynamic environments.

Balance of Terror provides a compelling narrative that illustrates the essential elements of risk assessment, from identifying threats to making informed decisions under uncertainty. For compliance professionals and business leaders, the episode underscores the importance of a systematic approach to risk assessment, emphasizing the need for thorough analysis, strategic planning, and adaptability in the face of evolving challenges. By drawing lessons from Captain Kirk’s command decisions, organizations can enhance risk management practices and better navigate complex and uncertain environments.

Join us tomorrow as we consider the lessons on training and ongoing communications from the Star Trek episode The Trouble with Tribbles.

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 73 – Collaboration and Pattern Recognition: Compliance Lessons from The Lights of Zetar

In this episode of Trekking Through Compliance, we consider the episode The Lights of Zetar, which aired on January 31, 1969, and occurred on Star Date 5725.3.

On its way to the Memory Alpha planetoid, the storehouse of all the Federation’s cultural history and scientific knowledge, sensors detect a strange storm. The storm travels at a speed of Warp 2.6, indicating that it cannot be a natural phenomenon. The storm heads right for the Enterprise, penetrating the shield and attacking different brain centers of different crew members. Lt. Mira Romaine, aboard to oversee the transmission of data newly gathered by the Enterprise to Memory Alpha, seems the hardest hit.

The storm then heads for shieldless Memory Alpha, killing all aboard and burning out the central memory core. Mira beamed and warned everyone to return to the Enterprise because the storm was returning. Scans from the Enterprise confirm this, and the landing party returns to the ship.

To rid Mira of the alien influence before the aliens attack again, Kirk rushes her to a gravity/pressure chamber. The aliens attack too soon, however, and Mira becomes completely possessed. Speaking through Mira, the aliens identify themselves as the last survivors of the planet Zetar. They have had to discard their bodies and have been searching for a millennium for one such as Mira’s in which they can live out their lives. Before Mira’s consciousness can be wholly subjugated, Scotty puts her in the pressure chamber. Here, the aliens are killed, and Mira is freed.

Commentary

The episode follows the Enterprise crew as they encounter a mysterious storm that endangers them and the Memory Alpha Planetoid. The episode receives criticism for its perceived sexism but also includes a defense that views it as a poignant love story. Tom Fox uses this episode as a framework to discuss the importance of enhancing pattern recognition in compliance through collaboration, sharing insights on how cross-functional teamwork can improve the identification and mitigation of compliance risks.

Key Highlights

  • Episode Summary: The Lights of Zatar
  • Critical Reception and Controversy
  • Compliance Insights: Enhancing Pattern Recognition
  • 11:17 Conclusion and Next Episode Preview

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: August 13, 2024 – The ABC in Paris Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • French ABC efforts led to the most successful Olympics since 1998.   (The Conversation)
  • Boeing puts work output before employee health and safety.  (WSJ)
  • Mozambique official found guilty in tuna boat corruption case. (Bloomberg)
  • Ukraine detains Deputy MoE in corruption scandal. (Reuters)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.