Tag: compliance

Categories
Compliance Week Conference Podcast

Ellen Hunt on The Intersection of ESG & Compliance – Tactical Insights for Compliance and Risk Professionals

In this episode of the Compliance Week 2023 Speaker Preview Podcasts series, Ellen Hunt discusses some of her presentations at Compliance Week 2023, “The Intersection of ESG & Compliance-Tactical Insights for Compliance and Risk Professionals” and “A Career in Compliance.” Some of the issues she will discuss in her presentations are:

  • The Role of Compliance in ESG
  • The right way to choose your career path to reach your full potential while navigating roadblocks and dead ends 
  • Insights into various structures within the organization, with takeaways on the type of organization that may be best suited for your skillset

I hope you can join me at Compliance Week 2023. This year’s event will be May 15-17 at the JW Marriott in Washington, DC. The line-up of this year’s event is simply first-rate, with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 18th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. And many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners, gain insights into the agency’s enforcement areas, and walk away with guidance on remaining compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency, and more.
  • Bring actionable takeaways from your program from various session types, including ESG, Human Trafficking, Board obligations, and many others, for you to listen, learn and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount of $200 by using code TF200 on the link here.

Categories
31 Days to More Effective Compliance Programs

Third-Parties as Compliance Innovation Partners

It is universally recognized that third parties are your highest FCPA risk. Could you turn your third party from liability under the FCPA to an innovation partner for your compliance program? This is an area that only a few compliance professionals have mined, but once again, in compliance, you are only limited by your imagination. In a Supply Chain Management Review article by Jennifer Blackhurst, Pam Manhart, and Emily Kohnke, entitled “The Five Key Components for Supply Chain Innovation,” the authors identified five components common to the most successful innovation partnerships. They are:

Don’t settle for the status quo. This means you should not settle for simply the status quo in compliance.

Hit the road to hit your metrics. To understand your compliance risk from third parties, you must get out of the ivory tower and hit the road.

Send prospectors, not auditors. While an audit clause is critical in any third-party contract, from a commercial and FCPA compliance perspective, you can establish a “point of contact as an innovation manager for your third parties.”

Show and tell. As with all relationships, trust plays an important role in third-party compliance innovation, as “Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.”

Who’s running the show? This means “who is doing what, but also what each firm is bringing to the relationship regarding resources and capabilities.”

Three key takeaways:

  1. Use your third parties as innovators to assist your compliance program.
  2. Change your thinking about third parties and make them your partners.
  3. Do not settle for the status quo.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – ROI for 3rd Party Risk Management

A study by Forrester Research Inc. compared the user experience, which led to a positive ROI for the technology user around third-party risk management. I found the approach and methodology used persuasive and valuable for the compliance professional to consider evaluating such a process in your organization. Some of the key findings readily translate for the compliance practitioner. The first area was in risk assessments of third parties. If you provide a technological platform, you can enhance the speed and efficiency of your risk assessments on an ongoing basis. This decrease in time, both in terms of length and person-hours, will yield an immediate cost saving for your compliance function.

 

Various other factors could increase your ROI, as detailed in the Forrester report, which includes renewal assessments, ongoing monitoring, and increased business efficiencies for both your organization and the third parties, which would all work to increase ROI. Most critically, you would demonstrate the operationalization of your compliance program into the very fabric of your organization.

Three key takeaways:

1. Why is demonstrating ROI on your third-party risk management program important?

2. Determining ROI helps to demonstrate operationalizing your compliance program.

3. Determining third-party management program ROI can help to tear down compliance siloes.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Ongoing Monitoring of 3rd Parties

One of the key themes in the Evaluation of Corporate Compliance Programs is the use of data and data analytics in a best practices compliance program. This has specific application to third-parties. In the section entitled, Risk-Tailored Resource Allocation, the following question was posed, Does the company devote a disproportionate amount of time to policing low-risk areas instead of high-risk areas, such as questionable payments to third-party consultants, suspicious trading activity, or excessive discounts to resellers and distributors? Under the section entitled, Control Testing, the following question was posed, Has the company reviewed and audited its compliance program in the area relating to the misconduct? More generally, what testing of controls, collection and analysis of compliance data, and interviews of employees and third parties does the company undertake? Finally, under the section entitled, Payment Systems was the following query, How was the misconduct in question funded (e.g., purchase orders, employee reimbursements, discounts, petty cash)? What processes could have prevented or detected improper access to these funds? Have those processes been improved?

All of these questions make clear that the DOJ expects data analytics to be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third-parties. A clear majority of FCPA violations and related enforcement actions have come from the use of third-parties. While sham contracting (i.e., using a third-party to channel the payment of a bribe) has lessened in recent years, there are related data analysis that can be performed to ascertain whether a third-party is likely performing legitimate services for your company and is not a sham. There are several more complex analytics that can be run in combination to identify suspicious third-parties, and some of the simplest can be to look for duplicate or erroneous payments. This final concept of finding patterns that can be discerned through the aggregation of huge amounts of transactions, is the next step for compliance functions. Yet data analysis does far more than simply allowing you to follow the money. It can be a part of your third-party ongoing monitoring as well by allowing you to partner the information on third-parties who might come into your company where there was no proper compliance vetting. Such capabilities are clearly where you need to be heading.

Three key takeaways:

  1. Always remember to follow the money to see where a pot of money could be created to fund a bribe.
  2. Transaction monitoring techniques around fraud monitoring translate to data analysis for compliance.
  3. Do not forget to check names against known PEP and SDN lists.
Categories
FCPA Compliance Report

Incorporating EHS and Safety in an ESG Program

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Are you interested in learning about the overlooked importance of safety in ESG? Host Tom Fox and his guests from Traliant, Andrea Foster Mack and Maria D’Avanzo delve into this topic in the latest episode of the FCPA Compliance Report. Learn how prioritizing safety can lead to cost savings and become a major differentiator for corporations in talent acquisition and retention. The trio also discusses how EHS professionals can reduce risk by implementing hazard awareness training and preventing discrimination. Furthermore, they emphasize the value-add that safety can offer to organizations in terms of corporate governance and brand recognition. Tune in to hear the experts share their insights on how ESG and EHS align under the sustainability cause and how innovative business and management decisions can lead to environmental sustainability.

 Key Highlights

·      ESG and Safety Culture within Organizations

·      The Importance of Safety in Talent Retention

·      Corporate Governance and Safety in Organizations

·      The Importance of “E” in ESG Reporting

·      ESG and its Role in Elevating Brands

·      Managing Chemical Hazards and ESG Standards

 Here are three tips to consider when incorporating safety into your ESG strategy:

1. Communicate safety policies and performance to stakeholders, such as investors and customers, to build trust and enhance reputation.

2. Use safety data to identify improvement opportunities, mitigate risks, and promote continuous learning and innovation.

3. Develop partnerships and collaborations with other organizations and industries to address safety challenges and share best practices.

Resources

Andrea Foster Mack on LinkedIn

Maria D’Avanzo on LinkedIn

Traliant

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

Day 12 of One Month to Better 3rd Party Management – Auditing of Third Parties

Auditing third parties is critical to any best practices compliance program and an important tool in operationalizing your compliance program. This is a key manner in which a company can manage the third-party relationship after the contract is signed and which the government will expect you to engage in going forward. As stated in the 2020 Update, under the section entitled, Management of Relationships, is the following query: Does the company have audit rights to analyze the books and accounts of third parties and has the company exercised those rights in the past? This means you must not only have audit rights but also exercise them.

 Three key takeaways:

1. Be prepared.

2. It is not an investigative interview but an audit interview.

3. Listen, listen, and listen.

Categories
Data Driven Compliance

Anil Karmel on Revolutionizing Compliance with RegOps

Data Driven Compliance, hosted by Tom Fox, is a podcast featuring an in-depth conversation about the uses of data and data analytics in compliance programs. In this episode, host Tom Fox visits with Anil Karmel, co-founder of RegScale. They delve into the issue of compliance at scale. They discuss the concept of DevOps and how it can be applied to compliance through a discipline called “RegOps.” It emphasizes automating compliance to create a near-real-time process while providing a good user experience.

As a co-founder of RegScale, Karmel discusses their journey of cultural transformation in compliance, creating an API-centric platform to provide real-time evidence and automated reporting for compliance gaps. We highlight the need for a philosophical change in compliance and discuss the evolving regulatory and business landscape. Don’t miss out on this insightful podcast episode!

Key Highlights

·      Scalable Compliance Solutions

·      Reg Ops: Applying DevOps to Compliance

·      Streamlining Compliance Reporting with Real-time Information

·      RegScale: Solving Compliance Challenges for Enterprises

·      Modernizing Compliance through Regulatory Operations Approach

Notable Quotes

“Realize this manual paper-based process of trying to demonstrate regulatory compliance is just not something that can be scaled manually.”

“It needs to be easier for the producer and consumer to produce and consume the content.”

“You can present the status of your compliance program, where your gaps are in near real-time, where the associated risks are, and the cost to remediate.”

“Unless there is this transformation of how we do our jobs by leveraging a regulatory operations approach to leverage the best of the machine and the best of the human, we’re already behind the eight ball.”

 Resources

Anil Karmel on LinkedIn

RegScale

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-Managing 3rd Party After the Contract is Signed

The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the life cycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation, and contract compliance terms and conditions. However, as many companies mature in their compliance programs, the issue of third-party management becomes more important. It is also where the rubber meets the road of operationalizing compliance. It is also an area the DOJ specifically articulated in the 2020 Update that companies need to consider.

Managing your third parties is where the rubber meets the road in your overall third-party risk management program. You must execute this task. Even if you successfully navigate the first four steps in your third-party risk management program, those are in reality the easy steps. Managing the relationship is where the real work begins.

Three key takeaways:

  1. Have a strategic approach to third-party risk management.
  2. Rank third parties based on a variety of factors including compliance and business performance, length of the relationship, benchmarking metrics, and KPIs for ongoing monitoring and auditing.
  3. Managing the relationship is where the real work begins.
Categories
Creativity and Compliance

What the Heck Are We Doing?

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices that people use to consume information in their everyday, non-work lives, and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies and resources more accessible.

Get ready to tap into the minds of compliance gurus, Tom Fox and Ronnie Feldman, as they dive into how corporate culture impacts compliance. In today’s world, corporate culture is a key element of a best practice compliance program. However, many companies still focus on monitoring, risk assessment, policies, and procedures. Ronnie argues that the main goal of compliance is to stop people from doing bad things and to live up to company values. Discover how to create psychologically safe environments, train leaders to build trust, and use interesting and informative content to make your communication and training more engaging. Learn how middle management can work with compliance to build trust, regain institutional fairness for employees who speak up, and undo the lack of integrity observed in many organizations. Creativity and Compliance invites you to reach out for more information about the philosophy behind their solutions. Listen to the podcast today to take the first step towards a culture of compliance!

Key Highlights

·      The Importance of Corporate Culture in Compliance Programs

·      Addressing social and leadership environments in organizations

·      Promoting Integrity and Institutional Trust

·      Engaging Compliance Training Techniques

Key Quote

“We’re trying to stop people from doing bad things or said in a positive way. We’re trying to help We want our employees to live up to our values. Right?”

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Man Chooses the Target

Compliance Man Takes a EuroTrip – Geert Vermeulen on EU Whistleblower Directive

Compliance Man is back for a new season! Get ready for a EuroTrip with Tom Fox and Tim Khasanov-Batirov on their hit podcast, Compliance Man! In this episode, Compliance Man podcast hosts, Tom Fox, and Tim Khasanov-Batirov, speak with a compliance professional and founder of the Integrity Coordinator, Geert Vermeulen, about the challenges of implementing effective whistleblower policies in Europe. They discuss cultural differences, strict requirements on external whistleblowing, and the burden of proof on companies to show that retaliation did not occur. The speakers emphasize the importance of understanding cultural differences and developing precise policies to promote a speak-up culture. The conversation ends with a reflection on the evolution of whistleblower procedures in Europe and thoughts on where things might be headed in the future. This is a must-listen podcast for anyone interested in compliance and corporate culture.

Vermeulen highlights the challenge of implementing the directives into the national laws of member states, which has resulted in differences between states. Each state has its own specifications about what can be reported and what must not be reported. For instance, every state has different rules regarding protection against retaliation.

Here are some tips to help cope with this challenge:

1. Get familiarized with the national laws of the member states where your organization operates.

2. Set up a streamlined procedure and ensure that all employees are aware of the internal complaints and whistleblowing process.

3. Ensure that your whistleblowing process is confidential and that whistleblowers are protected against retaliation. 

Key Highlights

·      Lack of tradition of whistleblowing in Europe

·      Whistleblowing in emerging markets

·      One worldwide whistleblowing program?

·      Whistleblower protection and communication

·      Interplay of EU Whistleblower Directive and GDPR

·      The evolution of whistleblowing in Europe

 Resources

Geert Vermeulen on LinkedIn

The Integrity Coordinator

Tim Khasanov-Batirov on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn