Categories
Compliance Tip of the Day

Compliance Tip of the Day: The Attorney Client Privilege

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the parameters of the attorney client privilege.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Life with GDPR

Life With GDPR: Karen Moore on The EU, Corporate Sustainability Due Diligence Directive

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Jonathan is on a short hiatus and in this episode, we have a special guest, Karen Moore who discusses the EU’s Corporate Sustainability-Due Diligence Directive.

Karen Moore is a well-versed professional in the area of impact assessments and due diligence, with a particular focus on human rights and environmental issues to prevent and address potential harm. Her perspective, shaped by her extensive experience, is that impact assessments and due diligence are key indicators of a corporation’s commitment to preserving the environment and upholding human rights.

Moore emphasizes the importance of these processes not only within a company’s own activities, but also within those of its suppliers and indirect suppliers. She stresses the need for a robust due diligence process, including tracking progress, publishing annual statements, implementing complaints procedures, and involving all employees.

Additionally, she highlights the challenges of managing these processes, such as complex questionnaires for third-party suppliers and the need for streamlined assessments. She believes in a proactive approach to corporate responsibility, going beyond regulatory requirements to foster sustainable practices and ethical decision-making.

 Key Takeaways:

  • Ethical and Sustainable Business Practices Compliance Guidelines
  • Ethical Evaluation for Data Privacy Compliance in the US
  • Ethical Data Handling for GDPR Compliance
  • Ethical Business Practices in Supply Chains

 Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Connect with Karen Moore

Categories
Blog

Insights on the EU Corporate Sustainability Due Diligence Directive from GDPR

Regarding corporate social responsibility and data protection, impact assessments and due diligence can seem like a labyrinth of legal jargon and regulatory requirements. However, understanding the importance of these processes is crucial for any corporation looking to not only comply with regulations but also build trust with customers and stakeholders. In this blog post, we will dive into the intricacies of impact assessments and due diligence, answering common questions and providing practical tips for corporations navigating the complexities of the Corporate Sustainability Due Diligence Directive (CSDDD).

We will consider the following questions:

  1. What role does GDPR compliance play in navigating the complexities of the CSDDD?
  2. Why are privacy impact assessments important for the CSDDD?
  3. How can corporations comply with the CSDDD?

In the ever-evolving landscape of corporate responsibility and ethical governance, staying ahead of regulatory directives is crucial for businesses looking to comply and positively impact society and the environment. One such directive that is making waves in the corporate world is the CSDDD. In the wake of its near full adoption by the European Council, the implications of this directive are profound, prompting organizations to rethink their approach to sustainability, human rights, and environmental impact.

The parallels between the CSDDD and the General Data Protection Regulation (GDPR) serve as a reminder of the importance of proactively addressing ethical considerations within corporate governance. Just as with the GDPR, which focuses on data privacy and protection, the CSDDD underscores the necessity of corporate diligence in ensuring environmental responsibility, human rights protection, and fair business practices.

GDPR compliance is a critical component of navigating the complexities of the CSDDD. GDPR sets strict guidelines for how companies handle the personal data of EU citizens. By ensuring compliance with GDPR regulations, corporations can demonstrate their commitment to data protection and privacy, essential for building trust with customers and stakeholders in today’s data-driven world. One of the key components of GDPR compliance is to conduct regular audits of your data processing activities to ensure compliance with GDPR requirements. Implement robust data protection measures, such as encryption and access controls, to safeguard personal data and mitigate the risk of data breaches.

The essence of both GDPR and CSDDD is to take a proactive approach to compliance. By instilling a culture of responsibility within the organization, companies can effectively navigate the complexities of regulatory frameworks like the CSDDD. From conducting impact assessments to tracking progress and publishing annual statements, the directive emphasizes transparency and accountability in corporate operations.

Compliance with the CSDDD requires a proactive approach to data protection and privacy. Corporations must establish robust data governance frameworks, implement privacy-by-design principles, and regularly audit their data processing activities. By prioritizing data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. You should work to develop a data protection policy that outlines your organization’s commitment to data protection and privacy. Train employees on data protection best practices and provide ongoing support to ensure compliance with the CSDDD.

This is also true of privacy impact assessments (PIAs), essential for identifying and mitigating privacy risks associated with data processing activities. By conducting a PIA, corporations can assess the potential impact of their data processing activities on individuals’ privacy rights and take steps to minimize any adverse effects. PIAs are especially important in the context of the CSDDD, where data protection and privacy are paramount concerns. You should work to integrate privacy impact assessments into your data processing workflows to identify and address privacy risks proactively. Engage with data protection authorities and stakeholders to ensure transparency and accountability in your privacy practices.

While the CSDDD is a European directive, its reach extends beyond the EU’s borders, impacting US companies with significant operations or income derived from the region. This broad scope necessitates a thorough evaluation of supply chains, supplier relationships, and potential risks associated with non-compliance. The CSDDD’s requirements for due diligence and supplier engagement underscore the interconnected nature of global business operations.

As organizations strive to align with the CSDDD, integrating existing laws and guidelines from related legislation, such as GDPR, becomes essential. From incorporating OECD guidelines to addressing human rights and environmental impact, companies must adopt a comprehensive approach to compliance. By leveraging technological solutions and strategic staffing, businesses can streamline their compliance efforts and enhance their impact on society and the environment.

The convergence of directives like the CSDDD and GDPR heralds a new era of ethical governance for businesses worldwide. By embracing the principles of sustainability, human rights protection, and environmental stewardship, organizations can meet regulatory requirements and contribute to a more responsible and equitable corporate landscape. As we navigate the complexities of corporate responsibility, let us heed the lessons from these directives and strive to do the right thing, both ethically and legally.

Navigating the complexities of impact assessments and due diligence in the context of the CSDDD may seem daunting. Still, with a proactive approach to data protection and privacy, corporations can demonstrate their commitment to responsible data management and build trust with customers and stakeholders. By prioritizing GDPR compliance, conducting privacy impact assessments, and implementing robust data protection measures, corporations can navigate the complexities of the CSDDD effectively.

Categories
Great Women in Compliance

Great Women in Compliance: Amy Mertz Brown on Financial and Regulatory Compliance

Welcome to the Great Women in Compliance Podcast!

In this episode, Lisa visits with Amy Mertz Brown, the SVP Chief Compliance and Privacy Officer at BECU.

Amy started her career in the US government, where she was one of the first leaders at the  Consumer Financial Protection Bureau and was formerly the Chief Compliance Officer at the US Securities and Exchange Commission.  She discusses the similarities and differences between her government and in-house regulatory experiences, and the importance of specific training and detailed work instructions in highly regulated industries.

Amy also shares how she has built her career, and what she views as important in deciding on taking on a new role. Amy and Lisa also talk about Reshma Saujani’s views about imposter syndrome, rather than looking at the reasons someone feels like an imposter and questioning the concept and how it impacts women.

Key Highlights:

  • Regulatory Compliance in the Government and in the Private Sector
  • Regulatory Compliance Through Monitoring and Training
  • Navigating Evolving Financial Regulations
  • Questioning the Imposter Syndrome

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Employee Rights in an Interview

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider what employee rights you need to consider during an internal investigation.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: April 17, 2024 – The Oreos in Trouble Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • EU to fine the Oreo maker. (FT)
  • The Chief AI Officer.  (FT)
  • US avers it won’t seek the death penalty in Assange extradition. (Reuters)
  • Will SCT make all bribes legal? (NYT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Do We Need More Centralized Compliance?

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into recent study on bias in workplace hiring and use the study to consider if compliance needs to be more centralized.

The topic of discriminatory patterns in hiring is an interesting yet contentious issue. It encompasses biases in recruitment based on factors such as names, gender, and race, which, unfortunately, are still prevalent in various companies.

Tom believes that these discriminatory practices hamper equal opportunities and, hence, need to be addressed earnestly. Drawing from his likely experience in promoting fair employment practices, he emphasizes the need for diversity and inclusion initiatives.

On the other hand, Matt attributes such discriminatory hiring patterns to inherent biases and prejudices of employers. He argues that discriminatory practices result in a lack of diversity in the workplace as qualified individuals are overlooked based on their race, gender, or age.

Following from his perspective on the matter, Kelly champions the execution of policies that foster equality and fairness in the hiring process. 

Key Highlights:

  • Bias in Hiring Practices Based on Names
  • Bias Reduction Through Centralized Recruitment Operations
  • Enhancing the control environment through Internal Audits
  • Ethical Alignment for Compliance Management Success

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Uncovering Hidden Risks

Ep 13 – Unveil Data Security Paradoxes

Herain Oberoi, General Manager of Data Security, Privacy, and Compliance for Microsoft, joins Erica Toelle and guest host Tina Ying, Senior Product Marketing Manager at Microsoft, on this week’s episode of Uncovering Hidden Risks. Microsoft has recently released a new report called the Data Security Index. Erica, Tina, and Herain explain what drove the team to complete this research, release the report, and share valuable insights that can empower organizations to optimize their data security programs.

In This Episode You Will Learn:

  • Why do more tools bring less security, but organizations still adopt them?
  • When organizations should allocate resources to optimize data security
  • How security leaders can lead their teams with the goal of enhancing all-up security posture

Some Questions We Ask:

  • How can organizations enhance their data security posture?
  • Should organizations purchase best-of-suite or best-of-breed solutions?
  • What advice do you give organizations facing the challenge of using isolated solutions?

Resources:

View Herain Oberoi on LinkedIn

View Tina Ying on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/

Categories
Blog

Using RegTech To Enhance the Fight Against Financial Crime

Have you heard these common myths about anti-money laundering technology solutions? Myth 1: Anti-money laundering technology solutions are only necessary for financial institutions. Myth 2: Anti-money laundering technology solutions are too complex and expensive for small businesses. Myth 3: Anti-money laundering technology solutions can eliminate the need for manual compliance efforts.

I recently had the opportunity to visit with  Matt DeLauro, the Chief Revenue Officer at SEON, to explore these and other questions. (You can listen to the episode on Innovation in Compliance.) We considered the impact of real-time detection services and the importance of breaking through traditional data silos for a robust approach to fraud prevention and regulatory compliance. We also considered security measures such as device fingerprinting, the evolution of Suspicious Activity Reports, and the future landscape of compliance and anti-fraud efforts, and this episode offers a wealth of knowledge for compliance practitioners and professionals.

We also considered the critical importance of Anti Money Laundering (AML) regulations, particularly in the wake of increased sanctioned activities within European banking systems. Regulatory bodies emphasize the need for heightened AML efforts in the financial industry to combat money laundering and ensure compliance. Machine learning emerges as a key tool in detecting anomalies and potential money laundering attempts, with companies like SEON at the forefront with their integrated machine learning algorithms.

How can compliance professionals stay ahead of increasingly sophisticated money launderers and fraudsters? Financial crimes are evolving rapidly, but innovative RegTech solutions give compliance teams new tools. One interesting approach is to leverage device fingerprinting for fraud prevention. Device fingerprinting analyzes device metadata like location, typing patterns, and orientation to catch real-time account takeovers and bot attacks. By gathering intelligence on the device, compliance teams can identify suspicious access attempts and stop fraudsters.

Moreover, detecting and preventing fraudulent activities necessitates monitoring anomalous behaviors, such as unusual device access or IP addresses. Utilizing device fingerprinting data, behavioral biometrics, and machine learning algorithms can help identify patterns of fraudulent activities and enable real-time fraud detection to thwart fraudulent transactions instantly.

Another approach is through scaling monitoring with machine learning. This is because reviewing transactions manually is hugely time-intensive and limits scalability. Machine learning models overcome this by continually improving detection rates and reducing reliance on large manual review teams. Such an approach can identify complex schemes that rules-based systems miss and enable businesses to expand without compromising compliance. Continuously training machine learning models to enhance detection capabilities and prevent fraud in real time can aid in fraud detection and prevention. By feeding back labeled data on identified fraud or money laundering attempts into the machine learning algorithms, companies can improve detection accuracy over time.

This approach can be enhanced by unifying siloed data sources (this is the converse of how the Department of Justice presented this to compliance professionals, of breaking down data silos.) Centralizing compliance data from across departments gives investigators a holistic view of risk. This prevents the need to manually compile relevant information from separate systems, speeding up reviews and providing broader context.

Another financial crime protection strategy is to generate SARs automatically. This approach uses large language models, which can auto-generate the lengthy suspicious activity reports (SARs) regulators require. Rather than investigators manually piecing together all the details over hours, smart software reduces it to a few clicks, saving significant time and effort. Automation has revolutionized the generation of Suspicious Activity Reports, reducing the time spent on investigations and increasing efficiency. Centralized data and machine learning capabilities are crucial for better detecting potential fraudulent activities and streamlining the reporting process.

Leading compliance teams are embracing RegTech solutions to strengthen financial crime defenses in the face of growing threats from organized fraud rings and money laundering networks. The future will require even more agility to counter emerging criminal tactics. In the evolving landscape of financial crimes, with fraudsters leveraging sophisticated techniques and interconnected networks to bypass traditional controls, companies must adapt and innovate their fraud and compliance strategies to stay ahead of the curve in combating financial crimes. To drive this point home, DeLauro encapsulates the urgency and necessity for adaptive anti-money laundering measures with the following: “Companies that have a static or maybe a long-standing permanent set of controls around fraud and compliance get figured out by the fraudsters and the money launderers very quickly.”

As AML regulations take center stage as a national security priority, the podcast episode underscores the pivotal role of automation, machine learning, and continuous innovation in strengthening AML efforts and safeguarding financial ecosystems against fraudulent activities. Matt DeLauro’s insights shed light on the dynamic landscape of financial crimes and the imperative for organizations to embrace proactive prevention strategies to combat money laundering effectively.

Categories
Innovation in Compliance

Innovation in Compliance: Staci Wright on Compassionate Workplace Solutions – The Heart Profit Movement

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. Today, I visited Staci Wright, a leader in the heart-profit movement.

Staci Wright is a seasoned entrepreneur with a diverse portfolio of six successful businesses, ranging from service-based to product-based ventures, established over the past two decades. Her perspective on the “heart profit movement” is rooted in her belief in the power of compassion, care, and connection in the workplace to not only enhance productivity but also address important societal issues.

This perspective is born from her experience leading “IP2Market,” a company that merges manufacturing patented products with a focus on building brands that prioritize employees’ welfare.

As the founder of the Heart Profit movement, Staci has implemented initiatives like onsite childcare, meals, and mental health coaching in her workplaces, embodying her view that a supportive environment allows employees to flourish rather than merely survive. This approach to business, she believes, fosters a more compassionate era where profit does not come at the expense of employee care.

Key Highlights:

  • Footrest-Inspired Self-Care Products for Bath Time
  • Compassionate Workplace Culture Initiative
  • Employee Wellbeing Initiatives in Manufacturing
  • Cultivating Compassionate Work Environments for Success
  • Compassionate Workplace Solutions: Profit with Heart

Resources:

Staci Wright on LinkedIn 

Heart Profit

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn