Categories
FCPA Survival Guide

FCPA Survival Guide: Step 3 – Extensive Remediation

How can you survive an FCPA enforcement action? In this special podcast series, Tom Fox and Nick Gallo lay out the Top 10 things you can do to reduce your overall fine and penalty, perhaps down to a full declination. All of the actions you can take come from recent DOJ prosecutions under the FCPA and speeches from DOJ representatives. This podcast, sponsored by Ethico, is the companion series to the book The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action. Today, we discuss the DOJ requirement for extensive remediation.

Tom Fox and Nick Gallo are back to look at the importance of extensive remediation in compliance, particularly in the context of the FCPA enforcement actions. They highlight three enforcement actions – ABB, Albemarle, and SAP – to demonstrate how companies have implemented effective remediation strategies. ABB’s approach included a comprehensive data analytics program and cultural changes led by Chief Integrity Officer Natalia Shehadeh. The DOJ’s recognition of data analytics in the Albemarle and SAP cases signals a shift from cutting-edge practices to standard expectations in compliance. The episode also delves into the transformation of business models as a form of remediation, with Albemarle and SAP making significant changes to their sales strategies to manage risks better and ensure direct customer relationships. Through these discussions, Tom and Nick emphasize that extraordinary remediation is about authentic efforts to improve compliance and reduce risk, not just fulfilling minimal requirements.

Key Highlights and Issues

  • Exploring ABB’s Compliance Remediation Strategy
  • Beyond Checking the Box: A Deep Dive into Compliance Remediation Mindset
  • The Power of Data Analytics in Compliance Remediation
  • Transforming Business Models for Better Compliance Remediation

Resources:

Nick Gallo on LinkedIn

Ethico

The FCPA Survival Guide: Surviving and Thriving a Foreign Corrupt Practices Act Enforcement Action

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Keeping Your AI – Powered Decisions Fair and Unbiased

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we begin a weeklong look at some of the ways Generative AI is changing compliance and risk management. Today we look at how to keep your AI running in a fair and unbiased manner.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: June 13, 2024 – The Alito Whines Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Alito whines about being caught for corruption. (TheNewRepublic)
  • Elizabeth Holmes’s fraud appeal was heard by judges. (BBC)
  • More Chinese companies have been added to the sanction list for using forced labor. (WSJ)
  • Terraform settles with the SEC for $4.5bn. (FT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

AI in Compliance Week: Part 4 – Keeping Your AI – Powered Decisions Fair and Unbiased

As artificial intelligence (AI) becomes increasingly integrated into business operations and decision-making, ensuring the fairness and lack of bias in these AI systems is paramount. This is especially critical for companies operating in highly regulated industries, where prejudice and discrimination can lead to significant legal, financial, and reputational consequences. Implementing AI responsibly requires a multifaceted approach beyond simply training the models on large datasets. Companies must proactively address the potential for bias at every stage of the AI lifecycle – from data collection and model development to deployment and ongoing monitoring.

Based upon what the Department of Justice said in the 2020 Evaluation of Corporate Compliance Programs, a corporate compliance function is the keeper of both Institutional Justice and Institutional Fairness in every organization. This will require compliance to be at your organization’s forefront of ensuring your AI-based decisions are fair and unbiased. What strategies does a Chief Compliance Officer (CCO) or compliance professional employ to help make sure your AI-powered decisions remain fair and unbiased?

The adage GIGO (garbage in, garbage out) applies equally to the data used to train AI models. If the underlying data contains inherent biases or lacks representation of particular demographic groups, the resulting models will inevitably reflect those biases. It would help if you made a concerted effort to collect training data that is diverse, representative, and inclusive. Audit your datasets for potential skews or imbalances and supplement them with additional data sources to address gaps. Regularly review your data collection and curation processes to identify and mitigate biases.

The composition of your AI development teams can also significantly impact the fairness and inclusiveness of the resulting systems. Bring together individuals with diverse backgrounds, experiences, and perspectives to participate in every stage of the AI lifecycle. A multidisciplinary team including domain experts, data scientists, ethicists, and end-users can help surface blind spots, challenge assumptions, and introduce alternative viewpoints. This diversity helps ensure your AI systems are designed with inclusivity and fairness in mind from the outset.

It would help if you employed comprehensive testing for bias, which is essential to identify and address issues before your AI systems are deployed. By Incorporating bias testing procedures into your model development lifecycle and then making iterative adjustments to address any problems identified. There are a variety of techniques and metrics a compliance professional can use to evaluate your models for potential biases:

  • Demographic Parity: Measure the differences in outcomes between demographic groups to ensure equal treatment.
  • Equal Opportunity: Assess the accurate favorable rates across groups to verify that the model’s ability to identify positive outcomes is balanced.
  • Disparate Impact: Calculate the ratio of selection rates for different groups to detect potential discrimination.
  • Calibration: Evaluate whether the model’s predicted probabilities align with actual outcomes consistently across groups.
  • Counterfactual Fairness: Assess whether the model’s decisions would change if an individual’s protected attributes were altered.

As AI systems become more complex and opaque, transparency and explainability become increasingly important, especially in regulated industries. (Matt Kelly and I discussed this topic on this week’s Compliance into the Weeds.) It would help if you worked to implement explainable AI techniques that provide interpretable insights into how your models arrive at their decisions. By making the decision-making process more visible and understandable, explainable AI can help you identify potential sources of bias, validate the fairness of your models, and ensure compliance with regulatory requirements around algorithmic accountability.

As Jonathan Marks continually reminds us, corporations rise and fall on their government models and how they operate in practice. Compliance professionals must cultivate a strong culture of AI governance within your organization, with clear policies, methods, and oversight mechanisms in place. This should include:

  • Executive-level Oversight: Ensure senior leadership is actively involved in setting your AI initiatives’ strategic direction and ethical priorities.
  • Cross-functional Governance Teams: Assemble diverse stakeholders, including domain experts, legal/compliance professionals, and community representatives, to provide guidance and decision-making on AI-related matters.
  • Auditing and Monitoring: Implement regular, independent audits of your AI systems to assess their ongoing performance, fairness, and compliance. Continuously monitor for any emerging issues or drift from your established standards.
  • Accountability Measures: Clearly define roles, responsibilities, and escalation procedures to address problems or concerns and empower teams to take corrective action.

By embedding these governance practices into your organizational DNA, you can foster a sense of shared responsibility and proactively manage the risks associated with AI-powered decision-making. As with all other areas of compliance, maintaining transparency and actively engaging with key stakeholders is essential for building trust and ensuring your AI initiatives align with societal values, your organization’s culture, and overall stakeholder expectations. A CCO and compliance function can do so through a variety of ways:

  • Regulatory Bodies: Stay abreast of evolving regulations and industry guidelines and collaborate with policymakers to help shape the frameworks governing the responsible use of AI.
  • Stakeholder Representatives: Seek input from diverse community groups, civil rights organizations, and other stakeholders to understand their concerns and incorporate their perspectives into your AI development and deployment processes.
  • End-users: Carsten Tams continually reminds us that it is all about the UX. A compliance professional in and around AI should engage with the employees and other groups directly impacted by your AI-powered decisions and incorporate their feedback to improve your systems’ fairness and user experience.

By embracing a spirit of transparency and collaboration, CCOs and compliance professionals will help your company navigate the complex ethical landscape of AI and position your organization as a trusted, responsible leader in your industry. Similar to the management of third parties, ensuring fairness and lack of bias in your AI-powered decisions is an ongoing process, not a one-time event. Your company should dedicate resources to continuously monitor the performance of your AI systems, identify any emerging issues or drift from your established standards, and make timely adjustments as needed. You must regularly review your fairness metrics, solicit feedback from stakeholders, and be prepared to retrain or fine-tune your models to maintain high levels of ethical and unbiased decision-making. Finally, fostering a culture of continuous improvement will help you stay ahead of the curve and demonstrate your commitment to responsible AI.

As AI is increasingly embedded in business operations, the stakes for ensuring fairness and mitigating bias have never been higher. By adopting a comprehensive, multifaceted approach to AI governance, your organization can harness this transformative technology’s power while upholding ethical and unbiased decision-making principles. The path to responsible AI may be complex, but the benefits – trust, compliance, and long-term sustainability – are worth the effort.

Categories
Compliance Into the Weeds

Compliance into the Weeds: AI Accountability and Explainability

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly delve into the recent speech by Michael Hsu, the head of the Office of the Comptroller of the Currency, on the accountability challenges posed by artificial intelligence in the banking sector.

The discussion highlights Hsu’s emphasis on the lack of a robust accountability framework for AI, illustrating the issue with the Air Canada chatbot incident. The conversation also touches on potential systemic risks AI could pose to the financial sector, the need for explainable AI, and the shared responsibility model used in cloud computing as a potential template for addressing these challenges. The episode underscores the necessity for compliance officers to ensure contracts and IT controls are in place and stresses the importance of developing trust and accountability mechanisms before widespread AI adoption.

Key Highlights:

  • AI Accountability: A Regulator’s Perspective
  • Case Study: Air Canada’s AI Mishap
  • Legal and Technological Challenges
  • Exploring Solutions and Shared Responsibility

Resources:

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance: Privacy and AI Compliance – A Principled Approach

In this episode of the Great Women in Compliance podcast, Hemma and Ellen host a roundtable with Hope Anderson, a partner in White & Case’s Data, Privacy & Cybersecurity Practice, and Jean Liu, Assistant General Counsel, Privacy, Safety, and Regulatory Affairs who joined Microsoft in 2023 as part of the Nuance Communications, Inc. acquisition.

Hope and Jean have a wealth of experience advising on privacy, AI, and data governance compliance issues, and they are well-positioned to leverage this experience in the wake of a rapidly evolving regulatory landscape. Hemma and Ellen didn’t waste a minute mining these two experts for practical tips and recommendations for those of us looking to get smart quickly and grapple with what seems like a behemoth task of keeping up with developments in technology and legislation while at the same time, making sure we don’t get left behind in learning to leverage AI in our functions.

Join us for an engaging ride through the ups and downs of privacy and AI compliance, and be inspired as we were by the great opportunities to develop new and exciting use cases while mitigating risk and the chance to unlock the power of responsible and ethical AI for our businesses.

Key Highlights:

  • Getting up to speed with the rapidly evolving regulatory landscape

  • The role of AI principles vs policies and procedures

  • Human Rights, Bias, and AI

  • Keeping the “Human in the Loop”

  • Thoughts on a US Federal AI or Privacy Law

  • Leveraging AI for Ethics and Compliance

  • Key resources and recommendations

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Guest Bios:

Hope Anderson is a partner in White & Case’s Data, Privacy & Cybersecurity Practice, based in Los Angeles. She has extensive experience advising on all aspects of privacy and is at the forefront of Generative AI, advising on the technology’s legal implications and practical applications. A member of the Firm’s Global Technology Industry Group, Hope has extensive experience in privacy and product counseling. She advises on e-commerce, privacy by design, Generative AI, AR/VR, biometrics, analytics, and issues implicating consumer protection, marketing, and advertising laws.

Jean C. Liu is an Assistant General Counsel in the Privacy, Safety, and Regulatory Affairs division and joined Microsoft in 2023 as part of the Nuance Communications, Inc. acquisition. Immediately before its acquisition, Jean served as Nuance’s Vice President and Chief Legal, Compliance, and Privacy Officer, leading the global legal, compliance, and privacy functions. She developed and implemented data privacy policies and practices to ensure that customer and business data, including protected health information, is strictly governed and privacy is maintained. Jean has over 29 years of experience leading compliance and privacy programs, successfully managing data incidents, including regulatory investigations, and implementing best governance and risk management practices across multiple industries.

Categories
The Hill Country Podcast

The Hill Country Podcast: The Entrepreneurial Spirit in Kerrville – Wynita Walther’s Transportation Service

Welcome to award-winning The Hill Country Podcast. The Texas Hill Country is one of the most beautiful places on earth.

In this podcast, Hill Country resident Tom Fox visits with the people and organizations that make this the most unique area of Texas. This week, Tom welcomes back Wynita Walther to discuss her thriving transportation business in Kerrville and Kerr County.

Wynita shares how she identified a need for a stylish and efficient transportation service, especially in a growing community without Uber or similar options. They delve into the business’s evolution, market adaptation, and the importance of a reliable transportation service for both locals and frequent travelers.

The discussion highlights Wynita’s grassroots marketing strategy, her plans for expansion, and the broader entrepreneurial opportunities available in Kerrville. Tom and Wynita also emphasize the support system and lifestyle benefits of starting a business in this vibrant micropolis.

Key Highlights:

  • Identifying the Need for a Transportation Service
  • Launching and Growing the Business
  • Marketing Strategies and Community Engagement
  • Opportunities for Young Entrepreneurs in Kerrville
  • Future Plans

Resources:

Wynita Walther on Facebook

Away Car Service

Other Hill Country Focused Podcasts

Hill Country Authors Podcast

Hill Country Artists Podcast

Texas Hill Country Podcast Network

Categories
Compliance Tip of the Day

Compliance Tip of the Day: AI Powered Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In today’s episode, we begin a weeklong look at some of the ways Generative AI is changing compliance and risk management. Today we look at how to set up AI-powered internal controls from a compliance perspective.

 

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: June 12, 2024 – The Russian Timber Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Russian timber and export control. (WSJ)
  • What happens when the Rule of Law dies out? (FT)
  • Uribe says Menendez was ‘all in’ on bribery and corruption. (WaPo)
  • U.A.W. Monitor Investigates Accusations Against Union Leader (NYT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

AI in Compliance Week: Part 3 – Embracing AI-Powered Internal Controls

Integrating artificial intelligence (AI) into internal controls is pivotal in the ever-evolving corporate governance landscape. We have closely followed the discussion around this emerging trend and the insights from industry experts like Jonathan Marks. In Part 3 of my five-part blog post series, I will explore the key considerations and best practices for leveraging AI to enhance an organization’s internal control framework.

Let’s start with the basics: ‘ What are internal controls?’ The best answer I have ever heard is still provided by Jonathan Marks, who says, “Internal controls are the mechanisms, rules, and procedures implemented by an organization to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud. They encompass the entire control environment, including the attitude, awareness, and actions of management and others concerning the internal control system and its importance to the entity.”

Consider that the foundation of any successful AI application lies in the quality and accessibility of data. Organizations must ensure that the data feeding into their AI systems is accurate, comprehensive, and the definitive “source of truth.” Failure to address data quality issues can lead to incorrect outputs that undermine the effectiveness of specific control mechanisms. Establishing robust data management practices, including data governance and integration, is crucial for unlocking the full potential of AI-powered internal controls. This is equally true for internal controls.

Effective implementation of AI-driven internal controls requires a skilled workforce. Companies must invest in developing internal capabilities to handle these advanced tools and accurately analyze the results. This may involve training existing employees, hiring specialized talent, and fostering a culture of continuous learning. Understanding the nuances of machine learning, natural language processing, and other AI techniques is essential for internal teams to leverage these technologies successfully. For the compliance professional, it may mean adding expertise or partnering with internal audit or your internal controls team to garner the talent needed to move to AI-powered internal controls.

The integration of AI into internal controls raises important ethical considerations. Acknowledging and addressing the inherent biases that can exist within specific AI algorithms is imperative. By creating AI systems that are open, fair, and responsible, organizations can preserve stakeholder trust and uphold their ethical norms. Incorporating ethical principles and bias mitigation strategies into designing and deploying AI-powered internal controls is critical.

Successful implementation of AI-driven internal controls often requires close collaboration with technology providers. Companies and compliance professionals should seek out respected partners who can offer customized solutions that align with their specific internal requirements. These collaborations can provide continuous assistance as the intelligence and capabilities of the AI systems evolve. By fostering a collaborative environment, companies can ensure that the integration of AI into their internal control framework is seamless and practical.

Key Considerations for AI-Powered Internal Controls

There are a few key considerations for organizations to ensure the ethical deployment of AI-powered internal controls:

  1. Transparency and Explainability: The AI system’s decision-making process should be as transparent and explainable as possible. Organizations should be able to explain how the system arrives at its decisions and recommendations and provide clear documentation on the data, algorithms, and assumptions used.
  2. Fairness and Non-Discrimination: The AI system should be carefully audited to ensure it does not exhibit biases or discriminate against protected groups. Organizations should implement testing and monitoring processes to detect and mitigate unfair or discriminatory outcomes.
  3. Human Oversight and Accountability: Clear human oversight and accountability measures should be implemented. Employees should be able to understand, challenge, and override the AI system’s decisions when appropriate. There should also be defined processes for addressing errors or unintended consequences.
  4. Data Privacy and Security: The data used to train and operate the AI system must be adequately secured and protected to respect employee privacy. Organizations should have robust data governance policies and procedures in place.
  5. Ongoing Monitoring and Adjustment: The ethical performance of the AI system should be continuously monitored, and organizations should be prepared to adjust or refine as issues are identified. This may require establishing an AI ethics review board or similar governance structure.
  6. Alignment with Organizational Values: The deployment of the AI system should be aligned with the organization’s ethical principles and values. There should be a clear understanding of how the system supports the organization’s mission and commitment to employee wellbeing.
  7. Employee Engagement and Education: Employees should be informed about using AI-powered internal controls and receive training on interacting with the system. This can help build trust and ensure the system is used appropriately.

By addressing these key areas, organizations can work towards the ethical deployment of AI-powered internal controls and build trust with their employees. Collaboration with ethicists, legal experts, and other stakeholders can help refine best practices in this rapidly evolving landscape. However, this remains an evolving and complex area that requires ongoing vigilance and adaptation.

Ethical AI Deployment

There are some examples of organizations that have successfully navigated the challenges of ethical AI deployment.

Microsoft has been faced with ensuring fairness and mitigating bias in AI systems. To meet this, the company developed a comprehensive, Responsible AI Standard outlining principles and practices for ethical AI development.

IBM was challenged to achieve transparency and explainability in AI-powered decision-making. To meet this challenge, IBM has invested in explainable AI (XAI) technologies, such as its AI Explainability 360 toolkit. This enables developers to understand and interpret the inner workings of their AI models.

Google faced privacy and security concerns when using employee data for AI development. Google has established a Responsible AI Principles framework emphasizing data privacy and security, including differential privacy and secure multi-party computation techniques.

Salesforce must ensure alignment between AI-powered tools and the organization’s ethical values. To this end, it developed guidance through its AI Ethics & Humanism Council on the responsible development and use of AI across the company. This includes aligning AI systems with Salesforce’s core values.

Anthem needs to gain employee trust and acceptance in using AI-powered internal controls. To do so, Anthem has implemented an “AI Ambassadors” program, where select employees are trained to help their colleagues understand and navigate the company’s AI-powered systems, fostering greater acceptance and trust.

These examples demonstrate how leading organizations have proactively addressed the ethical challenges of AI deployment through a combination of technical, policy, and organizational approaches. By prioritizing principles like fairness, transparency, privacy, and alignment with corporate values, these companies have made progress in ensuring the responsible and trustworthy use of AI within their organizations, particularly around AI-powered internal controls.

Both compliance and internal audit professionals must recognize the pivotal role that AI can play in enhancing the effectiveness of internal controls. By proactively exploring the incorporation of AI into their control mechanisms, organizations can gain a significant advantage in managing the complexities of modern enterprises and the ever-increasing data landscape. The deliberate integration of AI into internal controls will be a crucial factor in determining the success and resilience of an organization’s overall governance framework.

Integrating artificial intelligence into internal controls represents an opportunity for organizations to strengthen their control environment and make more informed decisions. Compliance professionals can help AI-powered internal controls become a cornerstone of effective corporate governance by addressing data quality, skill development, ethical considerations, and collaboration. I am excited to see how this technology continues to evolve and reshape the way we approach internal control systems and your compliance program.

Join us tomorrow as we examine the role of compliance in keeping AI decisions fair and unbiased.