Tag: cyber

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending September 9, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

·       Insufficient cyber plan = FCA violation.  (DOJ Press Release)

·       Roger Ng banned for life.  (YaHooFinance)

·       FASB adopts crypto accounting rules. (WSJ)

·       Ken Paxton and slow creep of corruption. (Texas Tribune)

·       Spanish Women’s National team coach fired.  (ESPN)

·       Ramaswamy’s claims of FDA corruption disavowed by company he founded. (Reuters)

·       FIFA suspends head of Spanish football. (FT)

·       Using AI to improve workplace safety. (WSJ)

·       DOJ to go after Oligarch’s facilitators. (WSJ)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: September 8, 2023 – The Slow Creep of Corruption Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending July 29, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Zelensky warns about corruption. (FT)
  • Ukraine tackles corruption. (EuroNews)
  • New cyber disclosure rules go into effect. (AP)
  • Najib deposed in 1MDB case. (Bloomberg)
  • Cognizant investigation not outsourced. (WSJ)
  • DWS closes in on settling greenwashing charges. (FT)
  • Prosecutors want SBF jailed pre-trial. (WSJ)
  • DOJ revamps Crypto enforcement team. (WSJ)
  • Altice co-founder denies corruption. (Reuters)
  • US consultancies struggle in China after raids. (FT)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: July 24, 2023 – The Struggling in China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • DOJ revamps Crypto enforcement team. (WSJ)
  • Altice co-founder denies corruption. (Reuters)
  • US consultancies struggle in China after raids. (FT)
  • GOP release FBI report showing no Biden corruption in Ukraine. (Bloomberg)
Categories
Blog

Travis Howerton on Automating Security & Compliance

Automation in the compliance arena is becoming increasingly ubiquitous. Yet many of the most significant innovations for automation are not found in the anti-bribery/anti-corruption space but in adjacent spaces. That message was once again driven home to me when I had the chance to sit down with Travis Howerton, Co-Founder and Chief Technology Officer (CTO) at RegScale for a podcast interview (Howerton’s interview will post on the Innovation in Compliance Podcast in August.)

What I found most interesting and indeed the most insightful for the compliance professional is that the US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 853 Revision Five addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.

As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.

FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.

The government is driving the need for robust cybersecurity down the supply chain. Cyberattacks can be used for a number of nefarious reasons, including theft of IP. The government is looking to make cybersecurity a requirement in law and contracts and can cancel contracts for cause if not met. Boeing now has the clout to require companies to have a NIST certified or attested cybersecurity program.

NIST 853 Revision Five is the latest version of the government’s standards for cloud services providers. It includes new control families and changes to existing ones. It is expensive to develop a Rev Four package and the government is likely to continue to revise the standards. Third party assessment organizations will have to train up on new families and redo a lot of work to meet the new standards. Cyber hiring metrics in the US show that there is not a surplus of people to meet the increased demand for Rev Five.

Categories
Daily Compliance News

Daily Compliance News: May 19, 2023 – The Ronnie Feldman Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Meta channels their inner Ronnie Feldman. (WSJ)
  • BODs wake up to cyber security risks. (FT)
  • The lawyer doesn’t want the name disclosed. (Reuters)
  • What is geo-strategic corruption? (The Conversation)
Categories
This Week in FCPA

Episode 295 – the Baseball is Back edition


MLB and the players manage to work out their differences as Tom Brady unretires. Jay and  Tom to look at some of the week’s top compliance and ethics stories in the Baseball is Back edition.

Stories

  1. Is ESG in crisis? Lawrence Heim in practicalESG.

2.     Compliance-The Single. Matt Kelly in Radical Compliance.
3.     Corporate investigations and waiver of privilege. Debevoise lawyers in Compliance and Enforcement.
4.     Fear based compliance. Mike Volkov in Corruption Crime and Compliance.
5.     A view on corruption from the front lines. Tom and Matt interview Tim Khasinov-Batirov on Compliance into the Weeds. Matt blogs in Radical Compliance.
6.     Holistic 3rd party management. Mike Volkov, Susanna Cagle and Carol Williams in Risk and Compliance Matters.
7.     What kind of person resists a bribe? Gary Drevitch in Psychology Today.
8.     Ethisphere announces 2022 WME.  Ethisphere Press Release. Erica Salmon Byrne on the FCPA Compliance Report.
9.     Are cyber whistleblowers different. Kenji Price, Scott Ferber and Mark Schreiber in CCI.
10.  If you are going to IPO, better ESG first. Bob Conlin in Forbes.com.

Podcasts and More

11.  In March on The Compliance Life, I visit with Audrey Harris, Managing Director at AMI, formerly CCO at BHP. In Part 1, she discusses her academic background and early professional career. In Episode 2, Audrey moves to the CCO chair at BHP. In Episode 3, she moves back to private practice.
12.  Tom and Megan Dougherty are back with 2 more episodes of the MCU series. Guardians of the Galaxy Part 1 and Part 2.
13.  Taxman: On the Intersection of Tax and Compliance. A 5-part series with Tracy Howell. Part 1-why compliance needs to talk to tax. Part 2-transfer pricing. Part 3-why tax needs a seat at the table. Part 4-tax and supply chain. Part 5-tax and ESG.
14.  Tom visits with Hill Country Joanne Easley on The Hill Country Podcast.

Categories
Daily Compliance News

February 4, 2022 the Culture Matters Edition


In today’s edition of Daily Compliance News:

  • More Wells Fargo culture issues. (WSJ)
  • Homeland Security to study cyber-attacks.  (Bloomberg)
  • KPMG sued for $1.8bn over Carillion debacle. (Reuters)
  • WFT gets sued yet again. (WaPo)
Categories
Coffee and Regs

What’s Next for Cybersecurity in 2022?

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.