How to Survive a GDPR Data Breach in the USA Eventually, every company will deal with cybersecurity issues that include hacking that exploits security controls and technical, physical, or human-based elements. Such an emergency requires a robust internal incident response plan as soon as possible. Compliance leader, attorney, and international public speaker Kortney Nordrum reminds you of these crucial situations; “You want to have a plan before you have to use a plan.” Key points discussed in the episode:
✔️ Make sure there’s an incident or a crisis plan and that you have a set you’re going to call, who’s going to get on the phone, and who will make decisions. These should be documented so that there’s no time for guesswork when things are urgent.
✔️ Ensuring a solid system for awareness should start at the level of the customer service representative and the email help desk teams to preempt data breach issues. Have the right people be able to ring the right alarm bells early in your organization.
✔️ Evaluate the extent of the information security hack or breach on top of all other risk and regulatory assessments.
✔️ Determine which are the impacted customers and employees and analyze the individual countries of residence. Figure out where reporting should happen as prescribed in the General Data Protection Regulation (GDPR) of the European Union.
✔️ Set up a toll-free number for questions and work with the core team on public notices or any public response. When we see organizations getting hacked, you’ll see it on a blog before that organization says anything publicly. Make sure to direct the message rather than have gossip around what happened.
✔️ Engage a forensic firm if needed if in-house knowledge is not enough to assess what happened, how the breach occurred, and set the steps necessary to prevent it from happening again.
✔️ It is best for compliance professionals to remember what the adage says: “an ounce of prevention is worth a pound of cure.” Getting ready for a hacking incident requires early planning on initiating incident response measures tested at least yearly and reducing or preventing adverse impacts should they happen. —–
———————————————————————–
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Cou
Tom Fox’s guest this week is Lauren Sparks. Lauren is the founder, Chairperson and President of Agility Bank, a woman-owned and led commercial community bank. Lauren has more than 35 years experience as a banking executive and has dedicated her career to helping growth-oriented business leaders achieve their financial goals. She and Tom talk about digital innovations for banking, and why community banks should not be written off as a thing of the past.
Fostering Small and Medium Business
Lauren founded Agility Banking because she felt that many women were being left behind in the decision processes in financial services. As a women-owned and women-led organization, Agility Banking is a minority depository institution. This designation offers many opportunities, such as having larger financial institutions and large corporations as partners. “Community banks fill a space and do lending that the larger banks have backed away from,” Lauren explains. Loans are harder to come by for smaller businesses and community banks like Agility are helping to mitigate that issue. With the technology that Agility is putting together, they can do smaller loans and bridge the gap that’s in the small and medium business market. Community banks can also pivot quicker than larger banks, as evidenced by the past few months.
Meeting Clients Where They Are
Agility is all about meeting clients where they are and creating innovations that can make banking easy and convenient. “So much about what we’ve built for the bank is about being on the client side of the desk,” Lauren stresses. “So more than just a checking account and really being able to adapt to circumstances and meeting the customer where they are, as opposed to always demanding that the client comes to the bank on the bank’s terms.” The approach has been taking the perspective of a business bank and adapting to what the evolving small business market needs.
Looking Ahead
Agility is positioning itself for the ecosystem of the future. The banking industry is becoming more and more digital every day. As such, Agility always has to be prepared to spend money on new technology to make themselves available to their clients.
Resources
Lauren Sparks | LinkedIn
Agility Banking
Code of Ethics: A Win-Win-Win for Compliance, Employees and the SEC
In this episode, our team of former CCOs, Dan Haynes and Victoria Olson discuss why a code of ethics tool is not only beneficial to compliance but to employees and to stay on the SEC’s good side for upcoming exams.
About Our Guest Speakers:
Dan Haynes joined CSS in 2017 providing consulting services to investment advisers, registered investment companies and private investment funds. Prior to joining CSS, Dan was the Chief Compliance Officer for Summit Strategies Group. Summit is a large institutional pension consultant in the Midwest with multiple private funds – ultimately around $180 billion in assets under administration. Dan implemented several aspects of, and oversaw the entire compliance program. His time there resulted in experience in NFA/CFTC registration and regulation, Private Fund oversight, and the pension consulting world overall. Prior to Summit, Dan was the Chief Compliance Officer for Buckingham Asset Management and BAM Advisor Services. Dan is also a member of the Charles Schwab Compliance Advisory Board.
Victoria Olson has been a compliance consultant for several years, most recently with Alaric Compliance Services. She is a Certified Regulatory and Compliance Professional (CRCP issued by FINRA Institute at Wharton), and a Chartered Life Underwriter. She also completed the Certified Anti-Money Laundering specialist (CAMS) course. Victoria previously served as the Chief Compliance Officer to an SEC-registered investment adviser and has extensive experiencing working with RIAs. Prior to consulting, Victoria was Chief Compliance Officer and AML Compliance Officer at Forethought Financial, Director of Compliance at Prudential Financial, and a Senior Compliance Officer at The Phoenix Companies. Victoria formerly served as Chair of the FINRA District 11 Committee and successfully completed the FINRA Series 4, 6, 7, 24 and 66 Examinations.
Brian and Tim check in on a wide range of topics, including the newly issued Hong Kong Business Advisory, the U.S. response to the crackdown in Cuba, the fate of Nord Stream 2, and the (possibly dimming?) prospects for JCPOA 2.0. Then, in the Lightning Round, we spend a few minutes sharing our thoughts on the first six months of sanctions and export controls enforcement activity under the Biden administration.
Subscribe * Apple Podcasts * Spotify * Amazon Music * Google Podcasts * Stitcher
Questions? Contact us at podcasts@milchev.com.
EMBARGOED! is not intended and cannot be relied on as legal advice; the content only reflects the thoughts and opinions of its hosts.
Timestamps:
0:10 Introduction and Roadmap
The Rundown
4:30 Hong Kong Business Advisory
14:38 The Cuban People Rise Up… and Sanctions Follow
27:34 U.S.-Germany Agreement on Nord Stream 2
39:10 The Latest on JCPOA 2.0
52:45 Lightning Round: Early Trends in Biden Era Enforcement
1:05:55 Final Thoughts
***Stay sanctions free.***
Categories
Get Out of the Echo Chamber
You’re in an echo chamber and probably don’t even realize it. In this #JammingwithJason #podcast episode we look into how your echo chambers are probably holding you back in realizing your potential, and how you can break free. I’m also sharing some thoughts on the recently released 2021 North American Pulse of #InternalAudit report. Take a listen and then read the report for yourself. Choose what to believe and what not to believe. Most importantly, make your own decisions and stop letting other people tell you what to believe and what to do.
Listen in as the Kitchen takes a look at the recent Belarus sanctions news from the UK, where the government issues Belarus General License for Air Traffic Control Services and few days later Designates Belarusian JSC AGAT-Electromechanical Plant. Across the big pond, OFAC issues General License 5G for PDVSA 8.5% Bond.
In this episode of The Ethics Experts, Nick welcomes Amii Barnard-Bahn, managing principal of Barnard-Bahn Coaching & Consulting and author of the “Promotability Index,” to the show.
/p>
Categories
The SEC and ESG with Karen Woody
Tom Fox welcomes Karen Woody, Assistant Professor of Law at Washington and Lee University and “uber SEC watcher”, to this week’s episode of the ESG Report. They have an engaging discussion about how the SEC views its role in advancing ESG, and how ESG can impact potential investment opportunities.
Pushing ESG Forward
The SEC is driving the conversation on ESG disclosures, Karen tells Tom. Their new reporting guidelines on climate risk will be out soon, and they believe there should be more robust reporting in other ESG areas as well. Corporate America should not be surprised, Karen says, as “there’s a very clear link between climate risk and even investor risk and financial risk…” Better reporting will ensure that investors have a better understanding of their investment risk.
ESG Overlap
The Exxon shareholder revolt is a great example of how environmental and governance issues can overlap. This case, Karen remarks, “says a lot about governance and activists and the power you can have with what was a very small sliver of control.” Another area of overlap is between social and governance, especially regarding compensation. “It’s an interesting time to be watching this field because it hits on every aspect of life in some ways,” Karen comments. Investors are increasingly looking at ESG as a material factor in deciding where they want to invest.
Part of the Total Mix
More investors see ESG as part of the total mix when deciding if an investment is sound. Karen believes that the SEC will move towards more robust ESG reporting standards, but these will be qualitative rather than quantitative. They’re also becoming more strict about enforcement, she tells Tom. Tom asks her to contrast the difference in approach toward ESG between the Trump and Biden administrations. She responds that the ESG is more of a priority under Biden and explains how the SEC is helping to further that agenda.
Resources
Karen Woody on LinkedIn | Twitter | Washington and Lee University of Law
In this Episode of the FCPA Compliance Report, I am joined by fan fav and now Hughes Hubbard & Reed partner Mike DeBernardis. We take a look back at some of the key enforcement actions and issues from Q2-2021. Highlights of this podcast include:
- FCPA prosecutions. In the corp sphere, only one doesn’t really mean anything going forward.
- FCPA Individual Prosecutions. Is the Yates Memo finally leading to results?
- Anti-Trust. Will the focus on the large enforcement actions against Big Tech lead to an overall reduction or will the Division be going strong against all forms of anti-competitive behavior?
- FCA, Fraud in PPP and PPE. Where to you see this going?
- What about SEC enforcement actions? Will we see more in the areas of accounting fraud, SPACs, climate change and ESG areas?
- Do CCOs really need to worry about individual enforcement actions?
- What about environmental crime enforcement actions?
Resources
Mike DeBernardis on the HughesHubbard website
Mike DeBernardis on LinkedIn