Tom Fox’s guest on this episode of the Innovation in Compliance podcast is Erica Toelle. Erica is the Senior Product Marketing Manager for Records Management and InfoGov at Microsoft. As a long-time member of the Microsoft community, she has been dedicated to growing the information governance and records management business and listening to customers and partners to make solutions better. Erica joins Tom to talk about her role at Microsoft, and how the info governance and record management space will evolve in the near future.
Improving Operations
Erica loves to help companies improve their operations using technology. It’s interesting to work with an organization’s compliance experts and help to translate their requirements into Microsoft technology, she tells Tom. “The pace of change in technology has been fast the last 20 years and there are often better ways of doing things, but you have to balance doing things the best way with disrupting productivity and business through change,” she remarks. She argues that it’s better to use a solution that everyone finds easy to use but only has 80% of the desired features, than one that has 100% of the desired functionality but which no one wants to use. “As the compliance person, if you make a solution that’s too hard to use because it’s your ultimate compliance dream, people are going to use their company credit card to buy a different cloud subscription….or figure out how to share files with people outside the company,” she says.
Translating Microsoft Offerings To Solve Compliance Needs
The main issue Erica sees with respect to translating Microsoft offerings to solve compliance needs is that there aren’t clearly defined roles and responsibilities in the organization. “In order to really create a good offering around any of the compliance tools, you have to get the business decision-makers and the business experts together with IT, and then figure out how you want to work together and divide those roles and responsibilities,” she comments.
What’s Next
The records management industry needs to shift its thinking to a more electronic approach. In the coming years, we’re going to see artificial intelligence be leveraged more to deal with the volume of electronic records.
Listen here to Microsoft Week episode 1, featuring Alan Gibson, Director of Legal and Compliance Innovation at Microsoft.
Listen here to Microsoft Week episode 2, featuring Abbas Kudrati, Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group.
Listen here to Microsoft Week episode 3, featuring Joseph Davis, Microsoft’s Chief Security Advisor for Health and Life Sciences.
Tune in tomorrow for episode 5 featuring Jesus Fernandez.
Resources
Erica Toelle | LinkedIn | Twitter
Microsoft 365 Compliance
12 O’Clock High, a podcast on business leadership brings together stories from history, the arts and movies, research and current events to consider leadership lessons. In this episode, Richard Lummis and Tom Fox begin a 10-part summer series on leadership lessons from biographies found in Plutarch’s Lives. Each week we will pair an ancient Greek and Roman to learn about their lives, the comparison and contrast between the two men and what leadership lessons with might draw from their lives. In today’s episode we look at the Greek Pericles and the Roman Fabius Maximus. Highlights include:
- Introduction of Plutarch’s Lives as historical work.
- Lives of Pericles and Fabius Maximus.
- Comparison in the lives of Pericles and Fabius Maximus.
- What leadership lessons can be drawn from the lives of Pericles and Fabius Maximus.
Resources
Plutarch’s Lives by Bill Thayer
In today’s edition of Daily Compliance News:
- The MLB circus has begun. (HoustonChronicle)
- Ex-Goldman banker settles FCPA case. (WSJ)
- Now the hard part at Exxon. (NYT)
- Don’t fly American this summer. (FT)
Las Vegas has come to symbolize the commercialization of gambling. Casino gaming has become an extension of the global hospitality and tourism business While the mob may not be the factor it once was, criminals are still attracted to casinos and as a result, illicit money still finds its way into casinos banks despite their devotion of considerable compliance and anti-money laundering resources designed at keeping it out. Financial crisis aside, casinos are the most profitable and desirable centerpieces of global hotel and casino gaming empires.
>
Join us each week as we take a deep dive into the various forms of fraud across the world and discuss crime families, penny stock boiler rooms, international money launderers, narco-traffickers, oligarchs, dictators, warlords, kleptocrats and more.
Scott Moritz is a leading authority on white-collar crime, anti-corruption, and in the evaluation, design, remediation, implementation, and administration of corporate compliance programs, codes of conduct. He is also considered an authority in the establishment, training, and oversight of the investigative protocols carried out by financial intelligence, corporate security, and internal audit units.
The EU and US reach an agreement on the ongoing WTO Boeing-Airbus dispute; FEMA eases up on some export restrictions of PPE.
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley. In this episode, Lisa speaks with Lloydette Bai Marrow, who is the Founder and Principal Consultant of ParaMetric Global Consulting. Lloydette is based in London, and prior to starting ParaMetric, she was a Principal Investigative Lawyer within the UK Government’s Serious Fraud Office, and a prosecutor in various UK governmental agencies.
Lloydette comes from a very entrepreneurial family and took that mindset and her own experience to build her consultancy. She talks about how she identified what she wanted to do when she left the SFO, and how she and ParaMetric have grown. In particular, she talks about how her experience as a prosecutor has been a great asset, but also how she has adapted to collaborating with organizations in her current role. On the other side, she has used her experience to train investigators and prosecutors in Sierra Leone and globally to help build stronger anti-corruption prosecutions.
The Great Women in Compliance Podcast is proudly featured on the Compliance Podcast Network and sponsored by Corporate Compliance Insights. If you enjoyed this episode please subscribe to the podcast and rate it on your podcast player to help other compliance professionals find it.
For those of you in the northern hemisphere, it is the season for beach reads and you may be traveling after a long break. For your time off, you can pick up a copy (or download) “Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.
Joseph Davis, Microsoft’s Chief Security Advisor for Health and Life Sciences, is a trained medical practitioner, but his professional background is “almost 100% IT and cybersecurity.” He has always been interested in technology: in medical school he helped develop a program to assist clinicians in diagnosing their patients more accurately. He joins Tom Fox on Day 3 of Microsoft Week to talk about the role of cybersecurity in life sciences and the traits cybersecurity professionals need to do their jobs effectively.
The Role of Cybersecurity
Tom asks, “What is the role of cybersecurity in the healthcare life science industry today?” Joseph responds that it’s a must-have since this industry is considered critical infrastructure. People’s lives depend on keeping systems and processes safe from cyber attacks, he points out. Most medical devices now have communication components such as WiFi or Bluetooth – these are called connected medical devices – so they are vulnerable to cybersecurity breaches which can cause them to malfunction. Joseph tells Tom that it’s more imperative now for providers in the healthcare industry to vet their supply chain, but smaller companies may not have the resources to do so, leaving them more vulnerable to bad actors.
Serve with Humility
Cybersecurity affects every department, so leaders need to get everyone on board. This requires humility, diplomacy and flexibility, Joseph says. Tom asks him to talk about his blog post, Ego and the Role of Cybersecurity Leaders, and why you have to take ego out of the equation. “I like to serve humbly,” he responds. “The focus really needs to be on protecting the organization and safety… I think when we’re so focused on where we are in our career… our focus gets distorted.” Tom comments that most cybersecurity professionals he knows have a calm disposition. He asks why this is necessary and helpful in the role. You have to keep a cool head, Joseph answers. Bad things are going to happen, and many things will be out of your control, so you have to be flexible. “Control lightly” those things that you can control, and always remember that you’re working with a team. Tom quotes Joseph’s blog, “Every trust decision is a risk management exercise.” They agree that every decision – in life and in cybersecurity – carries some form of risk and is founded on trust of the outside world.
Keeping Clients Up-to-Date
Joseph says that his role at Microsoft is “to work exclusively with senior leaders at each of one of my customers to bring them up to speed on the modern workplace and how we’re approaching cybersecurity in the more hybrid environment that we’re living in now.” He finds that while some customers are eager to embrace innovation, others are entrenched in their traditional methods. “The problem with many of the customers that we have currently is that their approach is fighting the last attack or the last type of compromise that they had; whereas their threat actors are constantly evolving and finding new ways in,” he tells Tom. He and Tom discuss whether the defense and depth approach still has value. Joseph comments that identity has to be considered as well: “Attackers these days they’re not really breaking in as much as logging on,” he remarks. He advocates for computer-aided interventions and data encryption as the last facet of security. “You can’t rely on the user to be your last line of defense,” he emphasizes.
Listen here to Microsoft Week episode 1, featuring Alan Gibson, Director of Legal and Compliance Innovation at Microsoft.
Listen here to Microsoft Week episode 2, featuring Abbas Kudrati, Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group.
Tune in tomorrow for episode 4 featuring Erica Toelle.
Resources
Joseph Davis at LinkedIn
Microsoft Security Blog
Blog post: Ego and the Role of Cybersecurity Leaders
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into a lesson learned long ago by the Nixon Administration, adapted for 21st century cybersecurity. It’s not just the breach, it is not disclosing the breach to authorities and investors for which companies get in hot water. Some of the issues we consider are:
- What are your reporting obligations after a breach?
- Why is the SEC interested in how you inform investors?
- Why does the legal department want to hide any breaches?
- What are the costs for failure to disclose?
- What does this mean for compliance going forward?
Resources
Matt in Radical Compliance
Example of Cybersecurity Disclosure Failures
In today’s edition of Daily Compliance News:
- Engine No. 1 Board nominees overwhelmingly won. (HoustonChronicle)
- Will FTC block marriage of James Bond and Amazon? (WSJ)
- Airlines face backlash. (NYT)
- Home of Wirecard ex-chair raided. (FT)
Ten years ago, Compliance was all about policies and procedures that are mere guidelines that hugely unaddressed how to measure compliance effectiveness, identify the metrics, and look at the accounting data. Internationally recognized anti-fraud and compliance thought leader Vincent Walden shares his insights on how far we’ve come since then. He talks about the practical strategies, tools, and techniques used in fraud detection and prevention applied to compliance and how data and data analytics have evolved, and his overall inspiring perspective in this conversation.
Major takeaways discussed in the episode:
✔️ Why Vincent’s involvement in fraud prevention in the early years of his career taught him strategies about the use of data and data analytics in compliance. “When a company was investigated for FCPA, what was the first thing that they asked for? They wanted emails and payment transactions. And why weren’t we looking at those proactively? And that’s really what drove my interest in building proactive compliance programs because I saw so many FCPA investigations that finding those improper payments was what they were making and breaking the cases. And that’s what drove a lot of my passion for building out these compliance program models.”
✔️ As an early advocate of using data in compliance solutions, Vincent saw how vital the melding is of internal audit and compliance. “Internal audit understood the books and records and compliance understood the legal risks. The magic was when the two worked together. That’s how it started. We’ve seen compliance become more mature, particularly over the last two to three years.”
✔️ Beginning in 2017, the DOJ started talking about the use of data in compliance. This changed the reception in the marketplace, empowering CCOs to have sufficient access to operational transactional data sources that were spot-on and accelerated proactive discussions. Compliance professionals will become more data-driven as time goes on.
✔️ Data sharing consortium in the future. According to Vincent, the idea of companies sharing their risk algorithms without having to share their data to build better, data-driven compliance programs and sharing best practices is something fascinating and worthy looking forward to.
✔️ The creation of A&M’s Digital Twin service is Vincent’s dream compliance monitoring platform. “This allows us to pull in client-relevant payments data and risk scores in a cost-effective way. That means what used to take me 300+ hours of staff time to pull payment data out of a system, and all the mathematical gymnastics put in a database and build out reports now takes me less than 30 hours. That’s a 10x reduction in time and a 10x reduction in fees.”
Vincent Walden is a Managing Director with Alvarez & Marsal’s Disputes and Investigations in New York. He specializes in forensic data analytics, continuous controls monitoring, information governance, and legal discovery services. His primary focus area is in providing leading technology perspectives on proactive compliance programs and reactive investigations.
LinkedIn: @vincewalden
Email: vwalden@alvarezandmarsal.com
____________________________________________________________________
About Thomas Fox:
Thomas Fox, the Compliance Evangelist®, is one of the leading writers, thinkers, and commentators on anti-bribery and anti-corruption compliance. In this latest edition of The Compliance Handbook, he continues to arm seasoned compliance professionals and those new to the realm with the practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25