Categories
Compliance Into the Weeds

Compliance into the Weeds: What Are Boards Doing About AI (Hint: Not Much)

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt look into corporate reports on their Boards’ oversight of AI.

As the world ventures deeper into the age of artificial intelligence (AI), the issue of corporate governance over AI is emerging as a crucial point of discussion. Tech giants such as Google are facing demands for more board-level attention to AI risk management due to concerns about the lack of transparency and oversight.

Tom highlights this lack of detailed consideration of AI at the board level, raising doubts about whether boards are suitably prepared for AI’s rapid development and potential enforcement risks. His concerns are rooted in limited mentions of AI in proxy statements of S&P 500 companies, suggesting current practices might not be sufficient for the future.

Meanwhile, Matt emphasizes the need for boards to start considering staffing, expertise, and risk management related to AI without necessarily forming dedicated AI committees at present. Kelly’s concerns stem from the lack of detail in proxy statements about what boards are currently doing with AI, especially in tech-heavy companies like Google, indicating the need for potential formation of dedicated committees or sub-specializations in the future.

 Key Highlights:

  • AI Risk Management: Tech vs. Non-Tech Perspectives
  • Enhancing Corporate Governance Through AI Oversight
  • Technology Risk Oversight in Evolving Companies
  • AI Oversight for Corporate Boards: Future Risks

Resources:

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Governance and Risk Oversight

One of the ongoing questions from members of the Board of Directors is how to resolve the tension between oversight and management. I recently had the opportunity to visit with Joe Howell, former Executive Vice President (EVP) of Workiva, Inc., on this subject. Howell has worked on and with Boards of Directors at various companies, and I wanted to garner his understanding of the role of a Board, senior management, and a Chief Compliance Officer (CCO). Howell’s short response was an excellent starting point for understanding the role; put sand in management’s shoes.

The key to such a metaphor succeeding is that a Board of Directors, “by continuing to challenge management on these scenarios that management has considered and the stories management is telling itself about what could go wrong,” can “help get management out of its comfort zone by and large executive teams begin to believe themselves when they talk about how well they’re doing. The independent challenge that the board can offer is putting a little bit of sand in the shoe to make sure you’re thinking about things carefully can cause you to step back and focus your resources where they’re needed.”

Howell noted that the role of the Board is not management but oversight, focusing on governance. To do so, an effective Board should challenge senior management not only on what they have planned for but what they may not have considered or may not even know about. He said, “One perfect example is the reputation of those stakeholders involved in the company, and that can be the management team itself, the employees, and the board members themselves.” This is because reputational damage hurts everyone. Howell stated, “It’s essential as we go through some ways the Board can help management in that role. I think the things that make a difference to management is when the Board can be an effective devil’s advocate. Not managing management but helping them in their governing role by helping management to step back and think critically of their underlying assumptions and biases.”

A Board is more than just there to be a rubber stamp for senior management. It must exercise independent judgment, action, and oversight. Further, it is the Board’s role to ask hard, difficult, and probing questions to ensure management is doing its job and has considered other risk possibilities.

Three Key Takeaways:

  1. Boards should force management to open up the company to itself.
  2. Boards should be a grain of sand in the shoe of management.
  3. Boards should ensure senior management is aware of and planning for known and unknown risks.
Categories
Innovation in Compliance

Entrepreneurship and Risk Management with Adrienne Bellehumeur

Tom Fox’s guest in this episode of Innovation In compliance is Adrienne Bellehumeur. They discuss the significance of gap analysis in the design of internal controls, and why having a thorough understanding of design is critical to the success of gap analysis. They emphasize the importance of continuous improvement and avoiding a “pass-fail” approach to internal control programs. Adrienne also shares her five principles for creating high-value compliance programs.

Adrienne Bellehumeur is the Director and Co-owner of Risk Oversight, a firm specializing in internal controls, internal audit, and compliance programs. She has written a book called The 24-Hour Rule and Other Secrets for Smarter Organizations: Including the 6 Steps of Dynamic Documentation, which is set to be published on March 7th and is geared towards managers who are seeking solutions through documentation. This book aims to provide a fun and foundational approach to documentation for the modern knowledge workforce and is the first mass-market book on documentation best practices.

 

Some of the key points discussed during the show include:

  • Adrienne’s background and current role at her company, Risk Oversight, which specializes in delivering services to mid-sized oil and gas companies in the engineering sectors.
  • The purpose of gap analysis is to identify areas for improvement in processes and controls to support operational effectiveness.
  • Adrienne’s belief that internal controls should focus on good habits, accountability, and continuous improvement rather than just ticking boxes.
  • How Risk Oversight helps companies fulfill their obligation of oversight by providing entity-level control review and understanding best practices in governance.
  • The two best practices for board minutes, the “Goldilocks principle” and the “business judgment rule.”
  • The Caremark doctrine in Delaware and the importance of documentation of major risk management decisions.
  • Adrienne’s book The 24-Hour Rule, which is a mass-market book on documentation aimed at managers looking to solve problems through documentation and is applicable to various industries.

 

KEY QUOTATION:

“Risk management is about action.” – Adrienne Bellehumeur 

 

Resources 

Adrienne Bellehumeur | LinkedIn | Twitter 

Risk OversightThe 24-Hour Rule and Other Secrets for Smarter Organizations: Including the 6 Steps of Dynamic Documentation

Categories
This Week in FCPA

Episode 299 – the Yankees Cheated and Lost edition


The Yankees cheated and lost. The Astros and Red Sox cheated and won. What’s the lesson? Tom and Jay are back to look at some of the week’s top compliance and ethics stories.
 Stories

  1. More on using behavioral psych to make compliance changes. Vera Cherepanova in the FCPA Blog.
  2. Tackling money-laundering in real estate transactions? Ella Hawkins in GAB.
  3. Archegos founder indicted for fraud. Jaclyn Jaeger in Compliance Week. (sub req’d)
  4. Testing culture. Dylan Tokar in WSJ Risk and Compliance Journal.
  5. Renewed need for Board oversight of compliance. Mike Peregrine in CCI.
  6. Economic sanctions now national security issue. Dylan Tokar in WSJ Risk and Compliance Journal.
  7. Why compliance is a competitive advantage. Navex’s Risk and Compliance Matters.
  8. Toll Holdings and export control compliance failures? Matt Kelly in Radical Compliance.
  9. Boards making decisions under a stakeholder model. Robert Miller in Harvard Law School Forum on Corporate Governance.
  10. What to measure in DEI. Ngozi Okeh in practicalESG.

 Podcasts and More

  1. How can baking cookies get your through grief? Find out on this episode of The Hill Country Podcast as Kerrville Cookie Lady, Julia Cardoshinsky talks about her lifelong love affair with baking cookies.
  2. What is the only podcast dedicated to the intersection of Compliance and ESG? It’s the Compliance ESG Podcaston the CPN. Check out this week’s episode with Travis Miller and Jared Connors of Assent Compliance on the role of Supply Chain in ESG. For your added viewing pleasure check out the video pod on YouTube.
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. In Part 3, Susan moves into the CCO chairs at AECOM. In the final episode this month, Part 4, Susan details her move to and work at LRN.
  4. Why should you attend Compliance Week 2022? Find out in this podcast series featuring speakers at CW 2022. Listeners get a $200 discount to CW 2022 with the discount code TFLAW $200 OFF. Registration and agenda here.
  5. From the Editor’s Desk welcomes the new Compliance Editor in Chief, Kyle Brasseur to the podcast. Check out Kyle’s inaugural episode here.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Adventures in Compliance

The Creeping Man and Risk Management by the Board

We are back with another podcast on Adventures in Compliance, where we consider the intersection of Sherlock Holmes and Compliance. Today, I visit The Adventure of the Creeping Man. From this story we take the Holmes utterance to Watson “Come at once if convenient—if inconvenient come all the same”. This informs today’s discussion how Boards of Directors can be more involved in compliance through more effective oversight of risk management.
Compliance Takeaways

  1. What is the role of a company’s Board in a compliance program?
  2. A Board should not engage in management but should engage in oversight of the Chief Compliance Officer. The Board does this through asking hard questions, particularly around risk assessment, risk identification and risk management.
  3. What are 6 principles for Board oversight of compliance?
  4. Define the Board’s role.

A.Foster a culture of compliance risk management.
B. Incorporate risk management directly into a compliance strategy.
C. Define the company’s appetite for risk around compliance.
D. Execute the compliance risk management process.
E. Benchmark and evaluate the compliance process.
5. CCO reporting to the Audit/Compliance Committee must be structured carefully to promote ethics and compliance. Here are five best practices to help guide the reporting.
a. Quarterly reports.
b. Executive session.
c. Sitting in on other reports.
d. Informal relationship.
e. Annual report to full board.
Join us tomorrow as we mine the story of The Lion’s Mane for its compliance lessons.