This week the Compliance Kitchen is looking at sanctions levied on Russia because of its invasion of Ukraine. Today, the UK’s first wave of sanctions on Russia in regards to Ukraine.
Consulting expert Laura Tulchin passionately advocates the implementation of ESG, working in the mantra of “minimizing risk today means optimizing opportunity.”
In this episode, she dives deep into the growing significance of ESG in the pandemic, the social and monetary advantages, the cruciality of regulation, and how ESG is looking into the future.
▶️ Optimizing ESG Opportunity in the Pandemic with Laura Tulchin
Key points discussed in the episode:
✔️ Laura Tulchin summarizes her professional and educational background.
✔️ Laura Tulchin explains the increasing relevance of ESG in the past two years. Companies with perceived good ESG performance are financially outperforming their competitors.
✔️ESG gains steam in today’s fractured social and capitalist system. Consumers are seeking purpose, even in the way they spend their money. Transparency in ESG is enough incentive for companies to step up.
✔️ The formation of the International Sustainability Standards Board in the 2021 UN Climate Change Conference was a step forward for ESG standardization. Laura Tulchin believes that we still have a long way to go. A hodge-podge of voluntary standards still remains in the ISSB, along with jurisdictional regulations in the EU.
✔️ Interpretation and analysis – or looking under the hood – are still challenging in ESG reporting. The necessary tools needed to achieve a higher level of transparency aren’t readily available. Some businesses resort to presenting a positive but generalized report to gain mass favor.
✔️ ESG isn’t a one-size-fits-all program. It’s bound to be managed in different ways across industries.
✔️Compliance lays a strong foundation for a good ESG program.
✔️ ESG should be an accurate portrayal of an organization’s social and environmental impact.
✔️ ESG isn’t just about saving the elephants. It’s also about saving your dollars. Running an ESG program brings long-term profit. Nowadays, consumers are more conscious of who they’re buying from and whether products are ethically sourced and manufactured.
✔️ ESG would soon become a natural business practice.
Laura Tulchin is an MBA with expertise in ESG risk, compliance, and governance. She has extensive experience with investment professionals, large multinationals, and financial institutions in managing risk and bringing the right frameworks, processes, and tools for risk management. She is hands-on with big-data and technology implementation experience to help clients determine strategic vulnerabilities and use data effectively to understand, measure and mitigate risk.
Connect: https://www.linkedin.com/in/laura-tulchin-b5577611/

Tom Fox welcomes Yusuf Moolla on this episode of the Innovation in Compliance Podcast. Yusuf is a Director at Risk Insights, co-cost of The Assurance Show Podcast, and co-author of The Data Confident Internal Auditor. He joins Tom to talk about how compliance professionals can utilize data analytics, data governance, and internal auditing.
Best Approaches To Data
The easiest way to approach data, Yusuf suggests, is to think about it as another form of evidence. “Over the years we’ve collected lots of manual documents as evidence…Data is just another piece of evidence,” he tells Tom. Data can be used by anybody, and it is very simple to do so. Currently, there has been an emergence of open-source tools to process data which has made it easier and cheaper for individuals. These open source tools have made it safer as well, as there are options to look into the source code for digital traps. Visualization is another approach to data that individuals can utilize. While relatively new, being able to visualize techniques both in terms of exploring and explaining data is becoming something that is gaining traction in the data analytics world.
Internal Auditing Approaches
Yusuf explains to Tom that there are four main data approaches to consider when doing internal audits:
- Data being used purely for reporting
- The data-driven approach where the data does the talking
- The process-focused approach
- The hypothesis-focused approach
There are similarities between the process and hypothesis approaches. The process-focused approach has been the traditional way of doing audits. Over the years, however, it’s become less about how the process is done to achieve the intended result; it’s now about what the auditing result is. “So it’s not about looking at whether a process actually works the way that it’s been designed, it’s about looking at whether the process is working in the way in which it’s intended to be able to achieve its outcome,” Yusuf adds.
Data Governance in Auditing
Making sure that data doesn’t fall into the wrong hands as an auditor is one of the main facets of data governance. It is a very basic and traditional approach, but over the years professionals have been implementing it in an overzealous way. This can hinder the ability to create value through data. Yusuf suggests a slight reverse approach where everyone has access to data unless there is a specific reason for them not to. “We want to keep a range of data elements secure, but others we want to open up,” Yusuf tells Tom.
A Look Ahead
Tom asks Yusuf what the future of data analytics, data governance, and internal auditing will look like in the coming years. Yusuf explains that there will be a greater use of data science, and a greater use of data within internal audit without the need for data scientists and specialists. More practitioners will be getting into, and understanding IT, and more people will be using data for themselves. This will free the data scientists from the more mundane tasks, so they will have time to dedicate to the more advanced techniques. The same would apply for compliance as well.
Resources
Yusuf Moolla | LinkedIn
Risk Insights
The Assurance Show
The Data Confident Internal Auditor
In today’s edition of Daily Compliance News:
-
- According to TI-CPI, Nigeria second most corrupt country in West Africa. (Business Insider Africa)
- How allowing corruption corrupts those who allow it. (The Guardian)
- Gertler offers deal to end corruption investigations. (Haaretz)
- Leak broke Ericsson corrupt payments to ISIS. (ICIJ)
Episode 113 – Melanie Sponholz

In this episode of The Ethics Experts, Gio welcomes Melanie Sponholz. Melanie Sponholz, MSPT, CCEP, CHC, CHPC, is the Chief Compliance Officer for Waud Capital Partners, Healthcare. Waud is a leading middle market private equity firm with a focus on healthcare and business and technology services.
This week the Compliance Kitchen is looking at sanctions levied on Russia because of its invasion of Ukraine. Today, the US introduces Comprehensive Sanctions on so-called Donetsk and Luhansk People’s Republics.

In this episode of The ESG Report, David Simon, author of the LinkedIn article ‘The “G” in ESG, is Tom Fox’s guest. They discuss the article’s content as well as the role of compliance in governance.
The Link Between a Company’s Meta-Contract and Governance
The term ‘meta-contract’ was coined by one of David’s Oxford professors, Alan Morrison. A meta-contract is what an organization is all about, including how it will and won’t do business. Governance refers to how well or how poorly a company adheres to its meta-contract. Tom mentions that monitoring this is something compliance professionals do day in and day out, and David agrees; ensuring that a company behaves consistently with its values is something compliance professionals are best at.
Incorporating Stakeholders’ Views in a Company
Once you accept stakeholder capitalism, you must ask yourself, ‘Where do I draw the line?’ To David, from an ESG perspective, the key to answering this is authenticity and integrity, “Look at your values and who your stakeholders are, and rank them in terms of priority. It’s a very individualized exercise, and it’s important for company leadership to be honest and look at who they are, and what they aspire to be.” He resists the idea of everybody fitting into the same box, because, “It’s bound to fail; I don’t think it really represents their true meta-contracts.”
The Importance of Compliance in Corporate Governance
David points out that compliance professionals are really well-suited to take the meta-contract and implement it in a way that’s enforceable and consistent throughout the organization. One of the great things about ESG is that it allows compliance to broaden its horizons. Compliance can get very focused on true compliance with the law or regulatory regimes, but there are certain violations and scandals that are worse than others, and that ties to what their meta-contract is. These violations may not be violations of the law, but rather, violations of who they are as an organization. David comments on this, “From a compliance perspective, compliance professionals need to think more broadly than just the laws; more about what their organizational meta-contract is, and take steps to avoid violating it.”
RESOURCES
Tom Fox’s email
David Simon | Twitter | LinkedIn | The “G” in ESG: Governance
Almost all of the world has condemned the Russian invasion of the Ukraine and I will add my small voice to that condemnation. In trying to choose what to write, I did not want to emphasize the better the geopolitical commentary, so I decided to focus on how this invasion and its attendant fallout might impact compliance professionals and programs. At this point Russia has limited its attacks to Ukraine but my fear as more EU, other Western allies and the US respond with arms and technical support to the Ukraine government and army, we might see Russia unleash its cyber warfare specialists on those who are supporting Ukraine with material and other support. This week I am going to write about some of the issues a Chief Compliance Officer (CCO) needs to think about now. Today, I consider Russia.
The list of sanctions is growing as the situation on the ground becomes more intense and dynamic, so you need to be in constant contact with your operations, sales and supply chain functions. At this point, you should probably add Belarus to that list as they appear to be the only other country actively supporting Russia at this point. Given the US, EU and UK sanctions that have been levied and likely will be sanctioned over the next few days and weeks, at this point your organization probably needs to prepare for a full ban on sales from your organization into Russia. Russia (and Belarus) appears to be headed to the same list as North Korea and Iran and your business needs to ready.
Know Your Customer
One of the first thing every CCO needs to do right now is determine what goods, products or services flow from, through or to Russia. This means knowing who your customers are and where they are located. If you have not stopped selling to any Russian companies now you probably need to stop tomorrow. But this inquiry does not stop or even start at the Russian border. It means any products which might go into Russia through any of your sales channels. Do you have distributors? What countries are they in? Same inquiry for resellers. Any entity that can get your company’s products into Russia needs to be determined now. Make preparations now to cease all business.
Time for your legal department to start looking at every force majeure clause in every contract. Because of where I live, I have looked at force majeure clauses almost every hurricane season and I cannot remember one that did not include a war clause. I rewrote many such clauses to make such pandemic and other health emergencies covered. But your corporate legal department needs to be ready to invoke them under the war clause.
Who is in Your Supply Chain?
The same level of inquiry you put into KYC right now should go into your Supply Chain. Obviously if you have suppliers in Russia, you need to be prepared to jettison that relationship. However even if you do not formally or legally terminate those relationships, your organization needs to be ready for serious disruptions for any components you may be depending on for your company’s products. But once again it is not simply your direct suppliers. If you have never done a deep dive into at least five levels of your supply chain, NOW is the time do so. If there are base materials or component parts coming to your organization from that part of the world anywhere in your supply chain, you had best appreciate that risk sooner rather than later. The Financial Times (FT) has reported that Russia “is also an important source of metals used in manufacturing such as nickel, titanium, palladium and aluminium. Titanium is needed by aircraft and aero-engine manufacturers such as Boeing, Airbus and Rolls-Royce, while palladium is used in catalytic converters, electrodes and electronics.” Indeed, 14% of the world’s aluminium comes from Russia.
Even if you can still have the parts manufactured, you still must bring them to your manufacturing facilities, either in the US or Europe. Thomas L. Friedman, writing in the New York Times (NYT), said, “if Poland just halts truck and rail traffic from Russia to Germany, “as it should,” it would create immediate havoc for Russia’s economy, because the alternative routes are complicated and need to go through a now very dangerous Ukraine. Anyone up for an anti-Putin trucker strike to prevent Russian goods going to and through Western Europe by way of Poland? Watch that space. Some super-empowered Polish citizens with a few roadblocks, pickups and smartphones could choke Russia’s whole economy in this wired world.” If the fighting continues much longer, we will begin to see major transportation disruptions spreading not only from Russia and Ukraine but also to eastern Europe.
Third Parties
At this point, I hope that ever CCO knows who their third-party sales agents are and that they are monitored on a regular basis. I also hope this same level of knowledge extends down to other third parties such as distributors, joint venture (JV) partners or other types of business relationships in Russia. Indeed the Washington Post announced BP was pulling out of its JV with Rosneft. But more than simply those direct relationships, you can sell your organization’s products into Russia through resale. When was the last time, you looked at your End User report? If it has been more than a few months, I would suggest that you move such a review to the top of your list early this week.
Every multinational organization needs to be fully engaged on these matters and a host of others. Michael Peregrine, writing in Forbes.com last week, said that corporate boards can perform the dual role of both governance and providing support to senior management. Indeed, they may well be obligated to do so. For every CCO reading this I would suggest you call the head of your compliance committee, tell them what you are doing, see what information they want and ask what resources they might be able to provide to you now.
Tomorrow, I will review some issues when looking at Ukraine.
In today’s edition of Sunday Book Review:
· 1984
· Animal Farm
· Homage to Catalonia
· Down and Out in Paris and London