Categories
Great Women in Compliance

Lloydette Bai Marrow, the Compliance Entrepreneur


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley. In this episode, Lisa speaks with Lloydette Bai Marrow, who is the Founder and Principal Consultant of ParaMetric Global Consulting.  Lloydette is based in London, and prior to starting ParaMetric, she was a Principal Investigative Lawyer within the UK Government’s Serious Fraud Office, and a prosecutor in various UK governmental agencies.
Lloydette comes from a very entrepreneurial family and took that mindset and her own experience to build her consultancy. She talks about how she identified what she wanted to do when she left the SFO, and how she and ParaMetric have grown. In particular, she talks about how her experience as a prosecutor has been a great asset, but also how she has adapted to collaborating with organizations in her current role. On the other side, she has used her experience to train investigators and prosecutors in Sierra Leone and globally to help build stronger anti-corruption prosecutions.
The Great Women in Compliance Podcast is proudly featured on the Compliance Podcast Network and sponsored by Corporate Compliance Insights. If you enjoyed this episode please subscribe to the podcast and rate it on your podcast player to help other compliance professionals find it.
For those of you in the northern hemisphere, it is the season for beach reads and you may be traveling after a long break. For your time off, you can pick up a copy (or download) “Sending the Elevator Back Down: What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.

Categories
Innovation in Compliance

A Progressive and Humble Leadership to Cybersecurity with Joseph Davis


 
Joseph Davis, Microsoft’s Chief Security Advisor for Health and Life Sciences, is a trained medical practitioner, but his professional background is “almost 100% IT and cybersecurity.” He has always been interested in technology: in medical school he helped develop a program to assist clinicians in diagnosing their patients more accurately. He joins Tom Fox on Day 3 of Microsoft Week to talk about the role of cybersecurity in life sciences and the traits cybersecurity professionals need to do their jobs effectively.
 

 
The Role of Cybersecurity
Tom asks, “What is the role of cybersecurity in the healthcare life science industry today?” Joseph responds that it’s a must-have since this industry is considered critical infrastructure. People’s lives depend on keeping systems and processes safe from cyber attacks, he points out. Most medical devices now have communication components such as WiFi or Bluetooth – these are called connected medical devices – so they are vulnerable to cybersecurity breaches which can cause them to malfunction. Joseph tells Tom that it’s more imperative now for providers in the healthcare industry to vet their supply chain, but smaller companies may not have the resources to do so, leaving them more vulnerable to bad actors.
 
Serve with Humility
Cybersecurity affects every department, so leaders need to get everyone on board. This requires humility, diplomacy and flexibility, Joseph says. Tom asks him to talk about his blog post, Ego and the Role of Cybersecurity Leaders, and why you have to take ego out of the equation. “I like to serve humbly,” he responds. “The focus really needs to be on protecting the organization and safety… I think when we’re so focused on where we are in our career… our focus gets distorted.” Tom comments that most cybersecurity professionals he knows have a calm disposition. He asks why this is necessary and helpful in the role. You have to keep a cool head, Joseph answers. Bad things are going to happen, and many things will be out of your control, so you have to be flexible. “Control lightly” those things that you can control, and always remember that you’re working with a team. Tom quotes Joseph’s blog, “Every trust decision is a risk management exercise.” They agree that every decision – in life and in cybersecurity – carries some form of risk and is founded on trust of the outside world.
 
Keeping Clients Up-to-Date
Joseph says that his role at Microsoft is “to work exclusively with senior leaders at each of one of my customers to bring them up to speed on the modern workplace and how we’re approaching cybersecurity in the more hybrid environment that we’re living in now.” He finds that while some customers are eager to embrace innovation, others are entrenched in their traditional methods. “The problem with many of the customers that we have currently is that their approach is fighting the last attack or the last type of compromise that they had; whereas their threat actors are constantly evolving and finding new ways in,” he tells Tom. He and Tom discuss whether the defense and depth approach still has value. Joseph comments that identity has to be considered as well: “Attackers these days they’re not really breaking in as much as logging on,” he remarks. He advocates for computer-aided interventions and data encryption as the last facet of security. “You can’t rely on the user to be your last line of defense,” he emphasizes.
 
Listen here to Microsoft Week episode 1, featuring Alan Gibson, Director of Legal and Compliance Innovation at Microsoft.
 
Listen here to Microsoft Week episode 2, featuring Abbas Kudrati, Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group.
 
Tune in tomorrow for episode 4 featuring Erica Toelle.
 
Resources
Joseph Davis at LinkedIn 
Microsoft Security Blog 
Blog post: Ego and the Role of Cybersecurity Leaders
 

Categories
Compliance Into the Weeds

Disclosures of Cyber Security Disclosure Failures


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into a lesson learned long ago by the Nixon Administration, adapted for 21st century cybersecurity. It’s not just the breach, it is not disclosing the breach to authorities and investors for which companies get in hot water. Some of the issues we consider are:

  • What are your reporting obligations after a breach?
  • Why is the SEC interested in how you inform investors?
  • Why does the legal department want to hide any breaches?
  • What are the costs for failure to disclose?
  • What does this mean for compliance going forward?

Resources
Matt in Radical Compliance
Example of Cybersecurity Disclosure Failures

Categories
Daily Compliance News

June 23, 2021 the No Marriage? edition

In today’s edition of Daily Compliance News:

  • Engine No. 1 Board nominees overwhelmingly won. (HoustonChronicle)
  • Will FTC block marriage of James Bond and Amazon? (WSJ)
  • Airlines face backlash. (NYT)
  • Home of Wirecard ex-chair raided. (FT)
Categories
The Compliance Handbook

Evolution in Data Analytics with Vincent Walden


Ten years ago, Compliance was all about policies and procedures that are mere guidelines that hugely unaddressed how to measure compliance effectiveness, identify the metrics, and look at the accounting data. Internationally recognized anti-fraud and compliance thought leader Vincent Walden shares his insights on how far we’ve come since then. He talks about the practical strategies, tools, and techniques used in fraud detection and prevention applied to compliance and how data and data analytics have evolved, and his overall inspiring perspective in this conversation.
Major takeaways discussed in the episode:
✔️ Why Vincent’s involvement in fraud prevention in the early years of his career taught him strategies about the use of data and data analytics in compliance. “When a company was investigated for FCPA, what was the first thing that they asked for? They wanted emails and payment transactions. And why weren’t we looking at those proactively? And that’s really what drove my interest in building proactive compliance programs because I saw so many FCPA investigations that finding those improper payments was what they were making and breaking the cases. And that’s what drove a lot of my passion for building out these compliance program models.”
✔️ As an early advocate of using data in compliance solutions, Vincent saw how vital the melding is of internal audit and compliance. “Internal audit understood the books and records and compliance understood the legal risks. The magic was when the two worked together. That’s how it started. We’ve seen compliance become more mature, particularly over the last two to three years.”
✔️ Beginning in 2017, the DOJ started talking about the use of data in compliance. This changed the reception in the marketplace, empowering CCOs to have sufficient access to operational transactional data sources that were spot-on and accelerated proactive discussions. Compliance professionals will become more data-driven as time goes on.
✔️ Data sharing consortium in the future. According to Vincent, the idea of companies sharing their risk algorithms without having to share their data to build better, data-driven compliance programs and sharing best practices is something fascinating and worthy looking forward to.
✔️ The creation of A&M’s Digital Twin service is Vincent’s dream compliance monitoring platform. “This allows us to pull in client-relevant payments data and risk scores in a cost-effective way. That means what used to take me 300+ hours of staff time to pull payment data out of a system, and all the mathematical gymnastics put in a database and build out reports now takes me less than 30 hours. That’s a 10x reduction in time and a 10x reduction in fees.”
Vincent Walden is a Managing Director with Alvarez & Marsal’s Disputes and Investigations in New York. He specializes in forensic data analytics, continuous controls monitoring, information governance, and legal discovery services. His primary focus area is in providing leading technology perspectives on proactive compliance programs and reactive investigations.
LinkedIn: @vincewalden
Email: vwalden@alvarezandmarsal.com
____________________________________________________________________
About Thomas Fox:
Thomas Fox, the Compliance Evangelist®, is one of the leading writers, thinkers, and commentators on anti-bribery and anti-corruption compliance. In this latest edition of The Compliance Handbook, he continues to arm seasoned compliance professionals and those new to the realm with the practical, actionable guidance and tools needed to design, create, implement and continually enhance a best practices compliance program.
 
Order your copy OR copies of The Compliance Handbook: A Guide to Operationalizing Your Compliance Program. Save 25% off.
http://www.lexisnexis.com/fox25

Categories
Coffee and Regs

Expanding Your Compliance Program Through Trade Surveillance

Expanding Your Compliance Program Through Trade Surveillance

 
In this episode, CSS’s former CCOs Allison Fraser and Matt Calabro sit down to discuss trade surveillance and how CCOs can mitigate the risk factors through the trade lifecycle – from pre-trade to trade execution and post-trade. They’ll also dive into how compliance together with operations and third parties can build out a robust and automated trade surveillance program.
 

 

About Our Guest Speakers:

Allison Fraser provides compliance consulting services to investment advisers, registered investment companies and private investment funds, including conducting annual compliance program reviews and testing, developing risk assessments and preparing for SEC examinations. She also assists clients with drafting policies and procedures and preparing regulatory filings. On behalf of, the Compliance Services division of CSS, Allison served as the Chief Compliance Officer for a family of alternative funds registered under the Investment Company Act of 1940. Prior to joining CSS, Allison served as a Senior Vice President of Compliance at Northern Trust Investments, Inc. (“NTI”), the asset management subsidiary of The Northern Trust Company. In this capacity, she managed and administered the compliance due diligence program for NTI’s Multi-Manager Solutions and Outsourced Chief Investment Officer businesses. Allison also was the Chief Compliance Officer of two registered funds of hedge funds advised by NTI as well as a member of the funds’ Pricing and Disclosure Committees. Before joining NTI, Allison served as the Compliance Director for General Motors Asset Management, where she assisted with the administration of the compliance program for this registered investment adviser.



Matt Calabro is an experienced Chief Compliance Officer, having served as CCO for registered mutual funds, investment advisers and a family of UCITS funds. Before joining CSS, Matt was Deputy CCO at Delaware Investments, where he led the daily activities of the firm’s compliance department covering advisory, fund and distribution activity. Under his leadership, Delaware implemented specific improvements in its guideline compliance, advertising review and Code of Ethics programs. Prior to Delaware, Matt spent 20 years in Raymond James’ investment advisory business, where he led mutual fund operations. While there, Matt implemented and upgraded controls, processes and technology and also served as the first full-time CCO to the mutual funds following the adoption of the Compliance Rule. Matt leverages his compliance and operations experience in the investment management industry to assist advisers and investment companies in advancing the effectiveness of their compliance programs.

 
 

Categories
The Compliance Life

Gabe Hidalgo – Beyond the CCO Chair


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Gabe Hidalgo, Managing Director at K2 Integrity and former CCO.
In is role at K2 Integrity, Hidalgo sees problems and issues for clients through a variety of lenses. His time as a CCO gives him insight and empathy into the challenges of a CCO. His time at the Federal Reserve Bank of New York gives him insight into the regulatory mindset for financial institutions. He continues to emphasize that the buck stops with the CCO. AML compliance will only grow and continue to become more important, not simply for financial institutions but for commercial corporations going forward.
Resources
Gabe Hidalgo LinkedIn Profile
Gabe Hidalgo K2 Integrity Profile
K2 Integrity

Categories
Compliance Kitchen

China Anti-Foreign Sanctions Law


In this episode, we gather information on the new China’s anti-foreign sanctions law that appears to rank higher on the legal ladder that the previous Chinese government’s Unreliable Entity List and Blocking Rules, adding to the already opaque Chinese global trade landscape.

Categories
Innovation in Compliance

Innovation Through Info Security with Abbas Kudrati


 
Abbas Kudrati is the Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group and is Tom Fox’s second guest on Microsoft Week. Abbas has spent the duration of his career providing thought leadership, strategic direction, and deep customer and partner engagement through Microsoft’s initiatives and operations. On this episode, he and Tom are talking about a range of topics surrounding info security and Abbas’ role at Microsoft.
 

 
The Evolution of Cybersecurity & Its Challenges
When security was first introduced, it was called IT Security, and its primary focus was securing everything within a network behind a firewall. Society has since moved from a firewall to the cloud. The focus on complaints within an organization has also shifted from local to multinational. 
 
End-to-End Security
End-to-end security’s focus is people, process, and technology. Abbas says that focusing on end-to-end security means turning your attention to 14 different domains of policy. It means ensuring that the right people are on your teams and managing the security surrounding that. It means managing data access, business communication security, product security, and supply relationship security.
 
 Risk Appetite & Risk Management
“You cannot implement security without having conducted a detailed risk assessment and understanding what is your current risk appetite,” Abbas tells Tom. When starting the risk management process, Abbas stresses the importance of having a threat model. “Define what are the various threats, and then embed those threats into your risk management,” he emphasizes. 
 
What’s Next
In the near future, the citizens of the emerging South Asian economy will be using the internet much more, and that there will be higher demand for cybersecurity professionals. The demand will be impossible to meet, so there will be more automation. Tom asks him to elaborate on what’s next for Microsoft’s cybersecurity group. Abbas explains that the group is continuously improving its product to be more inclusive, and also that security and privacy are being built into their products by design and not an afterthought.
 
Listen here to Microsoft Week episode 1, featuring Alan Gibson, Director of Legal and Compliance Innovation.
 
Tune in tomorrow for episode 3 featuring Joseph Davis.
 
Resources
Abbas Kudrati | LinkedIn | Twitter
Abbas Kudrati book, Threat Hunting in the Cloud
 
 

Categories
Jamming with Jason

Corporate Quitters with Jason Mefford


Yep, you read that correctly. In this special episode of #jammingwithjason the tables are turned again and you get to hear Jason interviewed on Robert Berry’s Corporate Quitters podcast.
We discuss how Jason helps people with career insurance – how you can succeed in your current job, develop the skills that help you get that promotion or new position at a new company, or even help you get a new job quicker if you happened to be laid off or fired.
We also get into Jason’s story on how he left being a corporate executive and why he does what he does now with his various businesses, and so much more. Listen in at: http://www.jasonmefford.com/jammingwithjason/ to hear all the juicy details.