Tag: compliance

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Key Compliance Issues for 2024

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into issues Matt has on his radar for compliance professionals in 2024.

Matt Kelly is well known for zigging when everyone else is zagging. At the start of each year, he publishes a column that looks at key issues for compliance professionals in the year ahead. This podcast takes a deep dive into these issues. The rapidly evolving landscape of AI, cybersecurity, and governance is increasingly shaped by regulatory and compliance trends. In this context, industry experts Tom Fox and Matt Kelly offer insightful perspectives. We consider governmental oversight of AI, with more specific AI regulations in 2024, while also highlighting the potential of AI integration into compliance products and platforms. We also look at issues with the SEC, PCAOB, and DOJ.  Join Tom Fox and Matt Kelly as they delve deeper into these topics in this episode of the award-winning Compliance into the Weeds.

Key Highlights:

  • FEPA and its enforcement
  • NOCLAR and the PCAOB
  • SEC v. Solar Winds and its CISO
  • AI-Regulation and Business Use
  • SEC right to disgorgement 

Resources:

Matt Kelly on LinkedIn

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 1 – What 2023 Brought to Compliance

2023 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate enforcement actions under the Foreign Corrupt Practices Act (FCPA), there were significant announcements from the Department of Justice (DOJ) that directly impacted compliance professionals and compliance programs.

The first came in January, and it was an update to the Evaluation of Corporate Compliance Programs (2023 ECCP). Next, we heard speeches about the increased focus on clawbacks and other areas of consequence management. In October, Deputy Attorney General (DAG) Lisa Monaco introduced a new Mergers & Acquisitions Safe Harbor Policy in October. Finally, in late November, Acting Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivered remarks at the 39th International Conference on the Foreign Corrupt Practices Act (FCPA) on the use of data analytics in a compliance program and DOJ expectations going forward.

The 2023 ECCP brought forward several new initiatives laid out in the 2020 Update to the Evaluation of Corporate Compliance Programs, including additions and deletions.

In October 2023, Deputy Attorney General Lisa Monaco announced a new policy regarding M&A. It is a Mergers & Acquisitions Safe Harbor policy that encourages companies to self-disclose criminal misconduct discovered by an acquiring company during the acquisition of a target company.

In November, Nicole Argentieri, Acting Assistant Attorney General for the Criminal Division, speaking at the ACI National FCPA, reported that the DOJ is stepping up its own use of data analytics to identify instances of corporate misconduct and will boost its cooperation with overseas law enforcement to bring more anti-corruption cases as well. The DOJ and SEC are increasingly focusing on data analytics for corporate compliance, signaling higher expectations for larger companies. Both agencies have successfully utilized data analytics in various areas, such as securities and healthcare fraud, and are actively improving their own capabilities in this field. She made several important points for all compliance professionals, which will be significant going forward into 2024 and beyond.

Three key takeaways:

1. 2023 was a key year for the DOJ’s evolution in its views on compliance programs.

2. Clawbacks, incentives, and consequence management have become more important.

3. The new DOJ safe harbor initiative for M&A raises many questions.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 18-Strategic Considerations for Implementing AI in Compliance

What are the key factors that impact these strategic considerations for implementing AI in compliance, exploring the tradeoffs, challenges, and importance of considering the impact on decision-making.

Key Considerations

1.     Understand the impact of AI on the company.

2.     Maintain an inventory of all tools used.

3.     Understand the tools for cost efficiency and risk avoidance.

4.     Involve all business sectors in AI discussions.

5.     Utilize AI for better data usage in compliance.

While implementing AI in compliance brings numerous benefits, there are tradeoffs and challenges to consider. One tradeoff is the need to balance exploration and innovation with rules and regulations. Another challenge is the selection of AI tools.

Implementing AI in compliance requires strategic considerations and decision-making. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider. Balancing exploration and rules, as well as selecting the right AI tools, are challenges that need to be addressed. By carefully navigating these considerations and challenges, companies can leverage AI to enhance their compliance programs and stay ahead in an ever-evolving regulatory landscape.

Three key takeaways:

1. What are the key factors that impact these strategic considerations for implementing AI in compliance?

2. Compliance professionals need to stay updated with the latest AI developments and trends, which requires continuous learning and keeping abreast of industry news and insights.

3. Understanding the impact of AI, maintaining an inventory of tools, considering cost efficiency and risk avoidance, involving all business sectors, and utilizing AI for better data usage are key factors to consider.

For More information on KonaAI, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program: Day 17-Adapting Compliance Programs for Cloud Technologies

As organizations transition to remote work and embrace cloud technologies, it is crucial to adapt compliance programs to ensure regulatory obligations are met.

Companies are shifting away from traditional tools like Excel or SharePoint towards centralized systems that facilitate compliance monitoring. Compliance teams can no longer rely on face-to-face collaboration and need systems to manage communication, investigations, and case management. This shift towards virtual platforms for communication has also increased the need to capture and record voice data for compliance purposes.

Adapting compliance programs for remote work and cloud technologies is essential in the current business landscape. Compliance program visibility, capturing and recording communication data, leveraging cloud technologies, and embracing AI-driven compliance monitoring are key factors to consider. By balancing these factors and focusing on risk-based approaches, organizations can ensure they meet their regulatory obligations while enabling their compliance teams to focus on their core responsibilities. The future holds even more advancements in cloud technologies and AI, promising increased defensibility and improved compliance monitoring capabilities.

 Three key takeaways:

1. Companies are shifting away from traditional tools like Excel or SharePoint towards centralized systems that facilitate compliance monitoring.

2. You must focus on the explainability  and defensibility of your AI models.

3. By focusing on risk-based approaches, organizations can ensure they meet their regulatory obligations while enabling their compliance teams to focus on their core responsibilities.

For more information on KonaAI, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics – Day 15: Data Analytics – Fuel that Powers Both Law and Compliance

Data analytics is revolutionizing the field of law and compliance, providing valuable insights and enhancing effectiveness. Data analytics is often referred to as the fuel that moves the compliance engine. It provides the necessary insights to make informed decisions and drive compliance programs effectively. By analyzing data, compliance professionals can gain a deeper understanding of their organization, such as the number of employees per region, which can inform communication strategies and training initiatives. Simply put, to become a better compliance professional, you must become a better businessperson.  This underscores the importance of understanding the business context and using data analytics as a tool to drive compliance efforts.

Data analytics is of utmost importance in the field of law and compliance. It provides valuable insights, enhances effectiveness, and drives compliance programs. Compliance professionals must strive to become better businesspeople and understand the role of data analytics as the fuel that moves the compliance engine. By leveraging data analytics, law firms like Thinkeen can offer innovative solutions for complex transactions. However, education and awareness about the importance of data analytics are still needed to fully harness its potential. Balancing tradeoffs and addressing challenges associated with data analytics are crucial for successful implementation. Ultimately, data analytics is a powerful tool that can transform the way laws and compliance are approached, leading to more effective and efficient outcomes.

Three key takeaways:

1. Data analytics is often referred to as the fuel that moves the compliance engine.

2. We need more education and awareness about the importance of understanding data so that you can extract the right information

3. Data analytics is a powerful tool that can transform the way laws and compliance are approached, leading to more effective and efficient outcomes.

For more information on KonaAI, click here.

Categories
Innovation in Compliance

Innovation in Compliance – Paul Trulove on The Future of Authentication: Password Less and Secure

Innovation comes in many forms, and compliance professionals need to not only be ready for it but also embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Paul Trulove, CEO at SecureAuth.

Paul Trulove is a seasoned cybersecurity expert with a strong background in identity management, currently serving as the CEO of Secure Auth. With 15 years of experience in the field, Trulove is a strong advocate for the evolution towards password-less authentication in cybersecurity. He sees a shift away from traditional username and password authentication towards more secure and user-friendly methods that leverage device-level capabilities and biometrics. Trulove emphasizes the importance of organizations embracing and funding these changes and the need for collaboration across different industries to ensure a comprehensive and secure authentication framework. Join Tom Fox and Paul Trulove on this episode of the Innovation in Compliance podcast to delve deeper into this fascinating topic

Key Highlights:

  • Secure Auth: Making Authentication Secure and User-Friendly
  • The Evolution Towards Password-Less Authentication
  • Identity-Driven Zero-Trust Cybersecurity Approach
  • The Rise of Password-Less Authentication Technology
  • The Evolution of Authentication and Access Management

 Resources:

Paul Trulove on LinkedIn

SecureAuth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance and AI

Compliance and AI: Jag Lamba – Certa’s AI Tools for Streamlining Procurement and Compliance Processes

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this exciting new podcast series, Compliance and AI. Hosted by Tom Fox, the award-winning Voice of Compliance, this podcast will look at how AI will impact compliance programs into the next decade and beyond. If you want to find out why the future is now, join Tom Fox on this journey to the frontiers of AI. Today, Tom hosts Jag Lamba, founder and CEO of Certa, on their new AI-based tool, Design AI.

In today’s rapidly evolving business landscape, organizations are constantly seeking ways to enhance efficiency and agility in their procurement and compliance processes. The emergence of artificial intelligence (AI) has provided new opportunities to streamline these operations and respond effectively to supply chain disruptions and compliance requirements. Certa, a leading provider of AI-powered solutions, has developed innovative tools that aim to address these challenges and revolutionize the way organizations manage their procurement and compliance functions.

One of Certa’s flagship AI tools is Design AI, which allows customers to design and edit workflows and integrations using natural language. This eliminates the need for technical expertise, making it easier for organizations to create and digitize new workflows or modify existing ones. With Design AI, customers can simply express their requirements in plain English, and Certa’s AI technology will generate the necessary questionnaires, workflows, and integrations based on their specific needs. This empowers organizations to quickly adapt and optimize their processes, ensuring they remain agile in the face of dynamic procurement and compliance landscapes.

Resources:

Jag Lamba on LinkedIn

Certa

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 14 – Continuous Converged Compliance

How can you integrate compliance, risk management, and your security framework? Igor Volovich, Vice President, Compliance Strategy at Qmulos, introduced the innovative concept to this discussion: Converged Continuous Compliance. This approach aims to reunite compliance, security, and risk management, which have historically operated independently.

One of the key requirements impacting this new approach is the need to bridge the gap between these functions from both a data and human perspective. These concepts serve as a translator, helping organizations navigate the complex landscape of compliance, security, and risk management. By speaking the language of these three functions, Converged Continuous Compliance brings them together and facilitates collaboration.

Corporate compliance needs to promote new approaches to compliance and risk management by challenging misconceptions, reuniting compliance, security, and risk management, emphasizing data governance oversight, and advocating for automation. These approaches aim to enhance efficiency, increase trust in compliance reports, and ultimately drive a greater return on investment. As organizations navigate the ever-evolving landscape of compliance, it is crucial to consider the impact of new approaches and strike a balance between different factors to achieve effective compliance and risk management.

Three key takeaways:

  1. The DOJ has stated that a chief compliance officer and a corporate compliance function must have visibility across all data sets in an organization. Converged Continuous Compliance aligns with this message.
  2. The bottom line is that we have accepted certain models of how compliance is done, what compliance means, what it delivers to the enterprise, and what it fails to deliver to the enterprise.
  3. It is crucial to consider the impact of new approaches and strike a balance between different factors to achieve effective compliance and risk management.

For more information on KonaAI, click here.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Congress Fills a Gap – FEPA

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the Foreign Extortion Prevention Act (FEPA), a groundbreaking law that aims to combat corruption by criminalizing foreign government officials who solicit or accept bribes from US entities.

This law complements the Foreign Corrupt Practices Act (FCPA), which penalizes companies for offering bribes, and introduces new challenges and implications for anti-corruption measures. Tom views FEPA as a long-overdue measure that fills a gap in anti-corruption efforts. He agrees with Matt emphasizes that FEPA addresses a long-standing concern of anti-corruption advocates. Both Fox and Kelly anticipate further guidance from the Department of Justice on how this new law will interact with existing measures under the FCPA. Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast.

 

Key Highlights:

  • Combating Foreign Corruption: FIFA’s Powerful Impact
  • Implications of FIFA Cooperation on FCPA Prosecution
  • Extradition Challenges in FIFA Corruption Cases
  • The Impact of the Name and Shame List

Resources:

Matt Kelly on LinkedIn

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Congress Fills a Corruption Hole: The Foreign Extortion Prevention Act (FEPA)

The compliance community has long recognized the gaping hole in the Foreign Corrupt Practices Act (FCPA). As a supply side law, it criminalizes the payment of bribes, not the demand to pay a bribe or extortion. The gap was recently filled by the Foreign Extortion Prevention Act (FEPA) which extended crucial protections to Americans working abroad and provides the Department of Justice (DOJ) with a potent new tool. By criminalizing both the giving and demanding of foreign bribes, FEPA seeks to level the playing field for American workers while fostering ethical business practices globally. FEPA represents a promising solution to protect Americans working overseas, promote fair business competition, and combat corruption on a global scale. With its potential to bring about meaningful change, FEPA is a vital step in safeguarding American values and interests in the international arena. Sam Rubenfeld, cited to Scott Greytak, the director of advocacy for Transparency International US, for the following, “FEPA is a landmark, bipartisan law that holds the potential to help root out foreign corruption at its source. It is arguably the most sweeping and consequential foreign bribery law in nearly half a century.”

This legislation fills a significant gap in anti-corruption measures and raises important questions about its implications for the enforcement of the Foreign Corrupt Practices Act (FCPA) and the cooperation expected from companies involved in bribery schemes. FEPA, part of the National Defense Authorization Act (NDAA), addresses a long-standing concern among anti-corruption advocates. While the FCPA has been effective in penalizing US companies for offering bribes to foreign officials, there has been a lack of legal mechanisms to hold foreign government officials accountable for accepting these bribes. FEPA now provides prosecutors with the means to pursue such officials.

One of the key aspects of FEPA is that it criminalizes the solicitation or acceptance of bribes by foreign government officials from US entities. This complements the FCPA, which focuses on the offering of bribes by US companies. By targeting both sides of the bribery equation, FEPA aims to create a more comprehensive and effective framework for combating corruption.

However, the implementation of FEPA is not without its challenges. One of the main challenges is the extradition of foreign officials for prosecution, particularly from countries like Russia or China. Extradition processes can be complex and time-consuming, and cooperation from foreign governments may not always be forthcoming. This poses a significant hurdle in holding foreign officials accountable under FEPA.

Another notable feature of FEPA is the introduction of a “name and shame” list. This list is intended to publicly identify, and shame foreign government officials involved in bribery schemes. While this may serve as a deterrent, it could also have unintended consequences. For instance, it may impact Transparency International’s corruption perception indexes, potentially affecting the rankings of countries and their relations with the US. Additionally, it could have implications for US companies operating in those countries, potentially straining foreign relations.

The passage of FEPA raises important considerations for compliance officers and companies. They need to assess how this new law may impact their existing controls and policies. The arrival of FEPA as a tool to combat corruption is undoubtedly a positive development. However, it is crucial to carefully evaluate the potential implications for FCPA prosecutions and the cooperation expected from companies involved in bribery cases.

Compliance officers should also consider the potential changes in the calculus for prosecutors. With FEPA in place, prosecutors may now have the legal means to pursue foreign government officials complicit in bribery schemes. This raises questions about the extent to which companies will be required to assist the DOJ in pursuing FEPA cases alongside FCPA cases. Companies may need to provide testimony and cooperate in the prosecution of foreign officials, potentially impacting the resolution of FCPA violations.

Looking ahead, it is essential for the DOJ to provide clarity on how FEPA will be utilized and what expectations companies should have when caught up in FEPA-related investigations. Transparency and guidance from the Department of Justice will help companies navigate the potential challenges and ensure compliance with the law.

The bottom line is that FEPA represents a significant step in the fight against corruption. By criminalizing the solicitation or acceptance of bribes by foreign government officials from US entities, FEPA fills a crucial gap in anti-corruption measures. However, challenges remain in extraditing foreign officials for prosecution and managing the potential consequences of the “name and shame” list. Compliance officers and companies must carefully consider the implications of FEPA on their operations and update their controls and policies accordingly. With proper guidance and cooperation, FEPA can be a powerful tool in combating corruption and promoting ethical business practices.

Penalties under FEPA include (from Transparency International)

  1. Expanding Legal Protections: FEPA amendment U.S. bribery law (18 U.S.C. § 201) to make it illegal for foreign officials to corruptly demand, seek, receive, or accept bribes under two crucial circumstances:
  • From U.S. individuals or companies.
  • From any person while within the United States, in connection with obtaining or retaining business.
  1. Stringent Penalties: Those found guilty of violating FEPA could face severe consequences, including:
  • Criminal fines of up to $250,000 or three times the value of the bribe, whichever is greater.
  • Prison sentences of up to 15 years.
  1. Transparency and Accountability: FEPA introduces a vital accountability mechanism by requiring the DOJ to publish an annual report. It will include the following:
  • It examines the scale and nature of foreign bribe demands against American companies, shedding light on the extent of the issue.
  • It evaluates the effectiveness of U.S. diplomatic efforts aimed at safeguarding American businesses from foreign bribe demands.
  • It assesses the efforts of foreign governments to prosecute individuals involved in corrupt practices against American interests.

Matt Kelly and I take a deep dive into FEPA on this week’s Compliance into the Weeds. To listen, click here.