Tag: Boards of Directors

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Boards and Operationalizing Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Your Board must work to operationalize compliance at all levels of your organization entirely.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Compliance Into the Weeds

Compliance into the Weeds: What Are Boards Doing About AI (Hint: Not Much)

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt look into corporate reports on their Boards’ oversight of AI.

As the world ventures deeper into the age of artificial intelligence (AI), the issue of corporate governance over AI is emerging as a crucial point of discussion. Tech giants such as Google are facing demands for more board-level attention to AI risk management due to concerns about the lack of transparency and oversight.

Tom highlights this lack of detailed consideration of AI at the board level, raising doubts about whether boards are suitably prepared for AI’s rapid development and potential enforcement risks. His concerns are rooted in limited mentions of AI in proxy statements of S&P 500 companies, suggesting current practices might not be sufficient for the future.

Meanwhile, Matt emphasizes the need for boards to start considering staffing, expertise, and risk management related to AI without necessarily forming dedicated AI committees at present. Kelly’s concerns stem from the lack of detail in proxy statements about what boards are currently doing with AI, especially in tech-heavy companies like Google, indicating the need for potential formation of dedicated committees or sub-specializations in the future.

 Key Highlights:

  • AI Risk Management: Tech vs. Non-Tech Perspectives
  • Enhancing Corporate Governance Through AI Oversight
  • Technology Risk Oversight in Evolving Companies
  • AI Oversight for Corporate Boards: Future Risks

Resources:

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Dottie Schindlinger on Corporate Governance and the Diligent Institute

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Dottie Schindlinger, Executive Director of the Diligent Institute.

The Diligent Institute, the governance research arm of Diligent Corporation, is on a mission to promote governance excellence by providing valuable resources and support to board members and senior leaders. Through research, thought leadership, podcasts, web shows, and certification programs, the institute addresses topics such as climate leadership, ESG, cyber risk, strategy, and AI ethics. Programs like the Next Gen Board Leaders Program and Director Network software facilitate peer-to-peer networking and board opportunities.

The Diligent Academy offers e-learning certification programs for directors, while the Diligent Forum provides a platform for directors to discuss specific themes with guest speakers. The conversation emphasizes the importance of empowering board members with the right information and insights to make informed decisions. It also discusses the changing role of directors in today’s business landscape, with a focus on digital transformation, cybersecurity, and customer satisfaction. The Diligent Institute aims to be a trusted resource for directors, providing valuable knowledge and understanding of their needs.

Key Highlights

  • Diligent Institute: Empowering Board Leaders
  • Diligent Academy and Forum
  • ESG Momentum
  • ESG Views and Director Confidence
  • The Changing Role of Directors

 Resources

Dottie Schindlinger on LinkedIn

The Diligent Institute

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: September 7, 2023 – The SBF in Jail Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • FCA to review treatment of PEPs. (WSJ)
  • Corruption in Spanish League refereeing. (Reuters)
  • Bread, water and PB. (NYT)
  • The next generation in corporate boardrooms. (FT)
Categories
Corruption, Crime and Compliance

Board Oversight and Monitoring of AI Risks

As companies rapidly adopt artificial intelligence (AI), it becomes paramount to have robust governance frameworks in place. Not only can AI bring about vast business benefits, but it also carries significant risks—such as spreading disinformation, racial discrimination, and potential privacy invasions. In this episode of Corruption, Crime and Compliance, Michael Volkov dives deep into the urgent need for corporate boards to monitor, address, and incorporate AI into their compliance programs, and the many facets that this entails.

You’ll hear Michael talk about:

  • AI is spreading like wildfire across industries, and with it comes a whole new set of risks. Many boards don’t fully understand these risks. It’s important to make sure that boards are educated about the potential and pitfalls of AI, and that they actively oversee the risks. This includes understanding their obligations under Caremark, which requires them to exercise diligent oversight and monitoring.
  • AI is a tantalizing prospect for businesses: faster, more accurate processes that can revolutionize operations. But with great power comes great responsibility. AI also comes with risks, like disinformation, bias, privacy invasion, and even mass layoffs. It’s a delicate balancing act that businesses need to get right.
  • Companies can’t just use AI, they have to be ready for it. That means adjusting their compliance policies and procedures to their specific AI risk profile, actively identifying and assessing those risks, and staying up-to-date on potential regulatory changes related to AI. As AI grows, the need for strong risk mitigation strategies before implementation becomes even more important.
  • The Caremark framework requires corporate boards to ensure that their companies comply with AI regulations. Recent cases, such as the Boeing safety oversight, demonstrate the severity of the consequences when boards fail to fulfill their responsibilities. As a result, boards must be proactive: ensure that board members have the technical expertise necessary, brief them on AI deployments, designate senior executives to be responsible for AI compliance, and ensure that there are clear channels for individuals to report issues.

 

KEY QUOTES

“Board members usually ask the Chief Information Security Officer or whoever is responsible for technology [at board meetings], ‘Are we doing okay?’ They don’t want to hear or get into all of the details, and then they move on. That model has got to change.”

 

“In this uncertain environment, stakeholders are quickly discovering the real and significant risks generated by artificial intelligence, and companies have to develop risk mitigation strategies before implementing artificial intelligence tools and solutions.”

 

“Board members should be briefed on existing and planned artificial intelligence deployments to support the company’s business and or support functions. In other words, they’ve got to be notified, brought along that this is going to be a new tool that we’re using, ‘Here are the risks, here are the mitigation techniques.’”

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – Vin DiCianni on Board Inquiries into Compliance

Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? We start with several general statements about the role of a Board in U.S. companies. First, a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this by asking hard questions, risk assessment, and identification.

A white paper by Deloitte & Touche LLP, entitled, Risk Intelligence Governance—A Practical Guide for Boards, laid out six general principles to help guide Boards in the area of risk governance. These six areas can be summarized as follows:

• Define the Board’s role. There must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.

• Foster a culture of risk management. All stakeholders should understand the risks involved and manage such risks accordingly.

• Incorporate risk management directly into a strategy. Oversee the design and implementation of risk evaluation and analysis.

• Help define the company’s appetite for risk. All stakeholders need to understand the company’s appetite or lack thereof for risk.

• How to execute the risk management process. Maintain an approach that is continually monitored and has continuing accountability.

• How to benchmark and evaluate the process. Systems need to be installed which allow for evaluation and modifying the risk management process as more information becomes available or facts or assumptions change.

All of these factors can be easily adapted to compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue.

 Three key takeaways:

1. The Board’s role is to keep really bad things from happening to a company.

2. There are six general areas the point can inquire into and lead from.

3. A Board should have direct access to information on the company’s compliance program.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – OIG Guidance for Boards Regarding Compliance

The OIG white paper “Practical Guidance for Health Care Governing Boards on Compliance Oversight (OIG Guidance), provides an excellent road map for thinking about how to structure a Compliance Committee for your Board and a Board’s obligations. As an introduction, the OIG Guidance states that a Board must act in good faith around its obligations regarding compliance. This means that there must be both a corporation information and reporting system and that such reporting mechanisms provide appropriate information to a Board. It states: The existence of a corporate reporting system is a key compliance program element, which not only keeps the Board informed of the activities of the organization but also enables an organization to evaluate and respond to issues of potentially illegal or otherwise inappropriate activity.

The OIG Guidance sets out four areas of Board oversight and review of a compliance function:

  1. Roles of, and relationships between, the organization’s audit, compliance, and legal departments;
  2. Mechanism and process for issue-reporting within an organization;
  3. Approach to identifying regulatory risk; and
  4. Methods of encouraging enterprise-wide accountability for the achievement of compliance goals and objectives.

The OIG Guidance is an excellent review for not only compliance professionals and others in the healthcare industry but a good primer for Boards around their duties under a best practices compliance program. The U.S. Sentencing Guidelines, the Hallmarks of an Effective Compliance Program, the OIG Guidance, and OIG Corporate Integrity Agreements can be used as baseline assessment tools for Boards and management in determining what specific functions may be necessary to meet the requirements of an effective compliance program.

Three key takeaways:

  1. Information flow up to the Board is critical.
  2. Compliance should be institutionalized in your company as a way of life.
  3. A Board needs to consider all risks.

For more information check out The Compliance Handbook, 3rd edition, available from LexisNexis here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Compliance Expertise on the Board

Every Board of Directors needs a true compliance expert sitting at the table. Almost every Board has a former CFO, former head of Internal Audit, or persons with a similar background, and often these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training, and SME that can help all companies with their financial reporting and other finance-based issues. So why is there, not such compliance SME at the Board level?

This requirement was set out in 2017 in the FCPA Corporate Enforcement Policy, where one of the criteria to be evaluated in a compliance program is “the availability of compliance expertise to the board.” Finally, the 2020 Update to the Evaluation of Corporate Compliance Programs, under the section entitled Oversight, posed the following questions What compliance expertise has been available on the Board of Directors?

The DOJ and Securities and Exchange Commission introduced this concept to the FCPA Resource Guide, 2nd edition. It means that when your company is evaluated by the DOJ, under the factors set out in the 2020 Update and the FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific SME on the Board and on that committee.

Three key takeaways:

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have both called for greater compliance expertise on the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to both the CCO and Compliance Department.

For more information check out The Compliance Handbook, 3rd edition, available from LexisNexis here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Prudent Discharge of Board Obligations

What are the obligations of a Board member regarding the FCPA? Are the obligations of the Compliance Committee under the FCPA at odds with a director’s “prudent discharge of duties to shareholders”? Do the words prudent discharge even appear anywhere in the FCPA? In the case of Stone v. Ritter, the proposition is found that “a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists.” From the case of In re Walt Disney Company Derivative Litigation, she drew the principle that directors should follow the best practices in ethics and compliance. The Board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using customary economic metrics and overseeing compliance with applicable laws and regulations.

While the Board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The Board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the Board must take appropriate action if and when it becomes aware of a material problem it believes management is not properly handling.
There is no reference to prudent discharge in the FCPA itself. However, a Board member might think more than twice about the prudent discharge of duties to the shareholders as both the DOJ and SEC now might wish to look into a Board’s prudent discharge of duties under the FCPA.

Three key takeaways:

  1. What is prudent discharge?
  2. What is your process for doing compliance at the Board level?
  3. A Board must have active rather than passive engagement around compliance.

For more information, check out The Compliance Handbook, 3rd edition, available from LexisNexis here.

Categories
Innovation in Compliance

Third-Party Management: A risk-based approach – Part 4: Adam Bailey on Reporting

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 4, I visit with Adam Bailey to look at the role of the Board in risk, audit, compliance, and ESG and the reporting from executive teams and GRC practitioners to take risks and seize chances.

Bailey has worked to help organizations better manage their risk by providing insight and clarity to boards of directors. He strived to enable executive teams and GRC practitioners to assess and manage strategic risks, ultimately connecting boards, practitioners, and executives together to innovate and drive growth. With the complexity of third-party relationships continuing to grow, companies need to adopt a continuous improvement approach to contend with unforeseen risks. A corporate compliance function is not just something nice to have, but a must and a Board needs clear and relevant data to make the best decisions. Organizations need to use the necessary tools to ensure that Boards have the visibility to manage their third parties and make informed decisions.


Key Highlights
1. A compliance function must support leaders through its reporting work.
2. Companies can effectively manage third-party risk with a risk-based approach and robust processes.
3. Connecting Board, senior executives, and practitioners together to enable organizations to take risks and innovate is critical.

Notable Quotes

  1. “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”
  2. “Continuous blanket monitoring of all third parties with every risk asset you can think of is just not feasible and probably wouldn’t deliver the outcomes that we need.”
  3. “We know that change is constant, regulators are looking for risk management policies and practices which continually improve and evolve over time.”
  4. “We need robust processes and systems in place to make sure that when you create your third-party profile, it’s screened against sanctions lists, embargo watch lists, et cetera, to provide the rich data that’s there.”

Resources

Adam Bailey on LinkedIn

Check out Diligent’s 3rd party products and services here.