In today’s edition of Daily Compliance News:
- FBI failures in Nassar probe. (Houston Chronicle)
- SEC awards 2 whistleblowers $114MM? (WSJ)
- Lawyer arranged hit, on himself. (BBC)
- DOJ alleges fraud in medical analytics. (NPR)
In today’s edition of Daily Compliance News:
In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode the always difficult decision of whether to pay or not to pay a ransomware demand.
Some of the questions we consider include:
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
I recently had the chance to visit with Koby Bambilia, Managing Director, at K2 Integrity. We discussed skills development and regulatory changes, together with tailored and risked based training. Bambilia has an interesting perspective on compliance training because of his unique background in the field. In addition to being a former compliance professional, he is also a former prosecutor. You do not often see that combination in a person specializing in compliance training. We started with the basic concept of training – in any regulatory guidance, both here in the US or abroad, which is always considered by the regulators as one of the pillars of Bank Secrecy Act (BSA) compliance program.
Skills Development and Meeting Regulatory Needs
Bambilia emphasized the regulators’ expectations for skills training. He has increasingly seen that “regulators are looking at the skills and career paths of bank employees. In other words, do the employees in their specific roles have the right set of knowledge, skills, and expertise to carry out their compliance responsibilities?” This has moved beyond strictly “compliance related roles but business-oriented roles as well.” He provided some examples such as private banking, loan officers, tellers, trade finance functions and correspondent banking departments. He stated, “The examiners will sample and check what experience and skills such employees have and what type of training they have received.” This led Bambilia to conclude, “thinking critically about whether the employees in key roles possess the right set of skills and expertise should guide institutions as they develop their training program, especially the long-term ones.”
I asked Bambilia if he could provide an example of such a situation. He recalled one institution where he worked which had more than 13,000 employees. As you might expect, there were multiple training requirements for employees. One of the challenges faced by the compliance function was how to verify all employees had completed the compliance training. Some 93% of employees completed compliance training so the challenge was to reach the remaining 7%. As Bambilia remarked, “We understood that it must be dealt with, and sometimes you have to take drastic measures to demonstrate that you are serious about compliance and serious when it comes addressing the regulatory expectations around compliance training.”
The compliance department went to the Board and proposed that any employee not completing their required compliance training would receive a 33.3% cut of the annual bonus. This stick approach worked and the completion numbers when up to 98%. What about the remaining 2%? They lost 33.3% of their annual discretionary bonus. The result was the next the completion rate for compliance training went up to 100%. But completion rates on employee compliance training are not enough as Bambilia said the regulators also want to see that the “compliance function has the right set of skills needed to perform their respective roles and duties. So, it’s something to think about and be prepared for before your next examination.”
We concluded our discussion by considering if finding solutions for compliance training “workarounds” or lack of employee participation has improved or dropped. Bambilia began by noting a very important aspect of compliance training, “with the right approach employees can be educated that training is not a form of punishment but actually a valuable tool which can help them do their job right. This is critical in keeping institutions “out of trouble.”” As Bambilia further explained, one of the functions of compliance is to “protect the Bank and the clients but it is also there to protect employees. And employees knowing through training what they have to do will keep them safe.”
Bambilia believes that now there are “better systems for e-learning and training solutions to ensure people are actually taking and completing these trainings. These systems can track, check the number of tries for passing the exam and even send the reminders.” Finally, institutions are moving toward more bite sized training (See: Espresso Training Shots). Bambilia explained that this can lead to not an entire day/week course but something that can fit within the regular workday; and this is even more applicable in today’s environment where most of us are working remotely, either in full or in hybrid mode.
Tailored and Risked Based Training
We next turned to why tailored and risked based training is so now critical. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.
Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.
The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.
Training begins, literally at the beginning with the requirement that a compliance professional must know the risk-profile of an organization, where the blind spots may be, and what exposures may emerge. Obviously, the past year during Covid-19 brought new risks in the working from home environment and those risks are changing again as we return to work. Your risk profile would include the types of products and services the institution provides. If you do not have corresponding banking accounts and your bank does not provide banking services to other financial institutions – and in this case corresponding bank related training may not be relevant. Similarly, if you are a financial investment institution and do not deal with cash, you do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, which can be triggered either by a new regulation or by a new product or service your institution wants to provide going forward. A compliance professional must continually assess compliance risks. Here Bambilia recommends having regular ongoing communication with the ““field”, don’t just stay at the headquarters and send emails – go visit some of the branches, and some of the departments; you get valuable insights.”
Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends – not just from a compliance perspective but also from an angle of operational efficiencies – you are assuring that your operation and IT staff know what to do going forward. If they know what to do – that will save a lot of pain and effort on their side, but also for you as a compliance officer.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.
Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 4, I am joined by Koby Bambilia to discuss why tailored and risked based training is so critical now.
In this episode we went into the weeds of specific tailored and risk-based training. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. I asked Bambilia if he could provide some examples from the world of financial institutions and financial services firms. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.
Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.
The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.
Training begins, literally at the beginning with the requirement that a compliance professional must know the risk-profile of an organization, where the blind spots may be, and what exposures may emerge. Obviously, the past year during Covid-19 brought new risks in the working from home environment and those risks are changing again as we return to work. Your risk profile would include the types of products and services the institution provides. If you do not have corresponding banking accounts and your bank does not provide banking services to other financial institutions – and in this case corresponding bank related training may not be relevant. Similarly, if you are a financial investment institution and do not deal with cash, you do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, which can be triggered either by a new regulation or by a new product or service your institution wants to provide going forward. A compliance professional must continually assess compliance risks. Here Bambilia recommends having regular ongoing communication with the ““field”, don’t just stay at the headquarters and send emails – go visit some of the branches, and some of the departments; you get valuable insights.”
Bambilia provided a couple of specific examples. In July 2017 FinCEN has announced changes to the CTR form 104, which included some fundamental changes and significant modifications to the CTR batch submissions. The client understood the importance in assuring their relevant staff were in full understanding of the new requirements and asked us to conduct in person training sessions for the relevant departments. Bambilia related, “this pro-active approach gained some priceless credit points at the very next regulatory examination, when examiners asked specifically to review how the Bank dealt with these new regulatory obligations.”
Bambilia pointed to another example, FATCA, a massive regulation imposed mostly on non-US financial institutions and had tremendous impact on almost every aspect at a Bank’s operations. One of the first challenges was how to introduce 500+ pages of new regulation to employees. Some ways Bambilia and his compliance team did so was to create “animated video clips of no more than 120 seconds which jumped into the employee’s screens once a month and while not interfering with their daily work – we got really good feedback on how they made the new regulation more manageable and understandable.”
Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends – not just from a compliance perspective but also from an angle of operational efficiencies – you are assuring that your operation and IT staff know what to do going forward. If they know what to do – that will save a lot of pain and effort on their side, but also for you as a compliance officer.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

In Part 2 of this series, we continue the conversation of how to bring order to the chaos of the early days of an FCPA investigation.
>
Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.
Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.

Are you exasperated or what? In this podcast series, co-hosts Thomas Fox and Gregg Greenberg, author of F*cking Argentina explores the current American psyche of being overworked, over-leveraged, overtired, and overwhelmed. Find out about modern America’s exasperation with well…exasperation.
Meet the character of Mitchell Weinberger, a divorced father who suffers through small talk with overbearing parents at his child’s back-to-school gathering. You can very well relate to his frustration and other clever and chuckles-filled tales of our collective exhaustion.
We are serving you some humor and fun in this episode of F*cking Argentina with Tom Fox and Gregg Greenberg.
ABOUT THE BOOK
F*cking Argentina and 10 More Tales of Exasperation by Gregg Greenberg is a compilation of short stories that dive into the American phenomenon of being in a near-perpetual state of aggravation. Greenberg’s anthology brings together eleven original pieces of work, each with their own slice of independent and distinct plot lines but all converging on the universal theme of exasperation. They run the whole gamut of scenarios, from the titular story “F*cking Argentina” wherein the country is once again in bankruptcy and a polite game of tug o’ war plays out on a porch, to “A Journeyman Tennis player’s Prayer” with a low ranking U.S. Open contender begging God for a comparable opponent. Both stories end with the superlative f-word, which showcases at some point in other stories, and a guaranteed chuckle from their readers. Buy the book here: http://fckingargentina.com/.
Aaron Agius is one of the world’s leading digital marketers according to Forbes. He is CEO of Louder.Online, one of the world’s leading digital agencies with offices in USA, Australia and Asia.
Aaron has a significant social following and founded the Global Marketing Leaders Group on Linkedin with over 11,000 active members of the marketing community. Aaron regularly contributes to some of the world’s largest editorial publications, including Forbes, Fortune, Entrepreneur.com, hubspot.com, business.com, ContentMarketingInstitute.com, VentureBeat.com, CMO.com.au, FastCompany.com and many more, with thought leadership on marketing and business growth.
Aaron works globally with clients such as Salesforce, IBM, Coca-Cola, Intel and scores of leading brands, showing them how to technically optimize their sites, perform influencer outreach and link acquisition and produce and distribute content that drives significant lead generation and ROI.
Aaron regularly speaks at conferences around the globe including the U.S, UK, Brazil, London and Australasia. His passion to help businesses is driven from his own experience. Aaron was at the cutting edge of the emerging digital marketing field over 12 years ago. He uses that lived experience and now translates it into revenue for clients. Get more great episodes over on Repurpose House, or watch the interview on YouTube!
In this episode, The Kitchen reviews OFAC’s settlement with NewTek, Inc. over apparent violations of Iran sanctions.

In this episode of The Ethics Experts, Gio welcomes Julio Briones, private duty home care business specialist, to the show.
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
Colleen Dorsey, our Great Woman in Compliance of the week, is well known for influencing Compliance careers early – she leads the University of St Thomas Compliance programming, preparing our Compliance Officers of tomorrow. Get a behind the scenes look into the evolution of Compliance education at the tertiary level.
Also in this episode Colleen gives the GWIC listenership a run down on using Artificial Intelligence and Machine Learning in Compliance programs. In Compliance, as with everything else, it’s important to keep up with new developments and tools that can help us achieve our goals more accurately and more efficiently. Those who don’t keep up will most certainly get left behind. Fortunately Great Women in Compliance listeners are invested in their own professional development and keep up with the wealth of information provided by GWIC guests. Colleen gives basic understanding to lay the foundation of what AI and Machine Learning are and explains how these tools can be used to benefit Compliance programs, using a real life example and what the future might hold for these areas.
Finally Colleen shares some of her wisdom surrounding self-awareness – you cannot improve yourself unless you know what you’re working with and where your gaps are so it’s important to be honest with yourself and be able to self-reflect objectively – with the help of others where necessary. Mary weighs in with some sound practical advice from Organizational Psychologist Adam Grant with a tip to make soliciting feedback easier for yourself and those around you.
Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020). Thank you to all those who have taken the time to rate the GWIC podcast and book, it’s much appreciated.
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.