Tag: Data

Categories
Compliance Tip of the Day

Compliance Tip of the Day: What The Pandemic Changed for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we consider the ongoing trends that accelerated during the pandemic year of 2022 and how these changes have impacted compliance literally forever.

These changes include:

  1. Compliance Convergence
  2. Public/private partnership in the ABC fight
  3. Data, Data, Data
  4. Compliance as an ethical & business advantage

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Data Driven Compliance

Data Driven Compliance: Sheetal Parikh on Banking Integration: Connecting Banks and Fintech Companies

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast hosted by Tom Fox. It features an in-depth conversation about the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions. Today, we look at the intersection of data analytics, banking, and compliance with Sheetal Parikh.

Sheetal Parikh is a seasoned attorney with over 18 years of experience in the financial services industry, currently serving as the Associate General Counsel and VP of Compliance at Treasury Prime. Drawing from her extensive background in securities and commodities litigation and regulatory work, Parikh advocates for a collaborative approach to integrating Fintech and banks, with a strong emphasis on compliance. She believes that Treasury Prime’s role is not to offload compliance functions but to provide banks and Fintech with a toolkit and set of tools, both through technology and expertise, to establish a compliance program that suits their specific risk profile and use case. Parikh also foresees a future where fintech companies offering banking products and services will face more direct oversight and regulation, as they are currently regulated indirectly through banks. Join Tom Fox and Sheetal Parikh on this episode of the Data Driven Compliance podcast to delve deeper into this topic.

Highlights Include:

  • Banking Integration and Compliance Solutions
  • Responsible Innovation in the Banking Industry
  •  Consequences of Regulatory Non-Compliance
  • Regulating Fintech Companies as Banks

 Resources:

Sheetal Parikh on LinkedIn

Treasury Prime

 Tom Fox 

Connect with me on the following sites:

Threads

Instagram

Facebook

YouTube

Twitter

Categories
Corruption, Crime and Compliance

Catching Up with California and State Data Privacy Laws

California’s data privacy regulations, primarily embodied in the California Consumer Privacy Act (CCPA) and its extension through the California Privacy Rights Act (CPRA), constitute a pioneering and influential framework. These regulations, effective from 2018 and further strengthened in 2020, set a standard for data protection not only within the state but also across the national and global economy. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the nuances of the CCPA and CPRA, and the evolving data privacy landscape.

You’ll hear Michael talk about:

  • The lack of a federal data privacy law in the United States has led to a complex patchwork of state laws. Businesses are faced with the challenge of navigating these varied regulations, which contributes to compliance complexities.
  • California, through the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), is a leader in data privacy regulation in the United States, with implications for both the national and global economy. The CPRA, enacted in 2020, establishes the California Privacy Protection Agency (CPPA) to enforce the law robustly.
  • The CPRA introduces critical changes, including: 
  • Protection of employee and business-to-business personal information, which is now subject to the same privacy protections as consumer personal information. 
  • Enhanced consumer rights, such as the right to access, delete, and correct their personal information, and the right to opt out of the sale of their personal information.
  • Companies are now obligated to implement reasonable security precautions and undergo annual cybersecurity audits and risk assessments.
  • In addition to California, other states such as Virginia, Colorado, Utah, Iowa, and Connecticut have also enacted data privacy laws that echo the GDPR. Businesses must stay up-to-date on evolving compliance requirements and adapt their systems accordingly.
  • Compliance issues comprise risk assessments, impact assessments, adherence to data breach requirements, and compliance with notification standards. Companies are developing systems based on the most stringent set of laws to guarantee compliance.

 

KEY QUOTES

“We have a patchwork of laws that apply in the United States. Unfortunately, we continue to suffer from the absence of a federal data privacy and breach notification law. Congress has tried for years to broker a deal here, but it has never been able to overcome strong lobbying forces. Whether it’s high tech trial lawyers, law enforcement, or other gadflies, the public continues to suffer.” – Michael Volkov

 

“Many commentators have suggested that California’s data privacy laws and regulations are starting to look closer and closer to the EU’s GDPR regime.” – Michael Volkov

 

“To me, we’re getting into a more strict regulation. We already have, under the California Consumer Privacy Act, a requirement to have on your website: an ‘opt out’ in terms of any information that you may provide to a website, that it can’t be used by the entity for sharing or selling or whatever consumer products purposes. So keep tabs on the California events.” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Data Driven Compliance

The Uses of Data Driven Compliance: Part 4 – What to Ask For and How to Ask For It

Welcome to Data Driven Compliance. In this podcast, we discuss how to use data to improve and enhance the effectiveness of your compliance program, creating greater business efficiency, all leading to more return on investment for your compliance regime. Join host Tom Fox as he explores how data will drive your compliance program to the next level. This podcast is sponsored by KonaAI.

I recently had the opportunity to visit with Vince Walden, founder and CEO of KonaAI, for a podcast series on the uses of data driven compliance. Over these five podcasts, we will discuss generative AI and ChatGPT in compliance, the profiles of a corrupt payment, making the business case for data-driven compliance, what to ask for and how to ask for it, and some success stories. In Part 4, we discuss what data a CCO needs to ask for and how to do so.

Vince Walden brings knowledge and experience in continuous compliance monitoring and risk assessment processes. Walden’s perspective on the topic is that it should be approached as a journey, not a one-time program. He emphasizes the importance of proactive risk assessments and continuous monitoring, advocating for an iterative approach demonstrating constant improvement in compliance efforts. This perspective is shaped by his belief that meeting regulatory expectations requires a diligent and ongoing commitment to improvement.

Walden also suggests that data sources should be identified based on the results of the fraud risk assessment and that the ease of obtaining the data should be considered when prioritizing analytics projects. To delve deeper into what data a CCO should ask for and how to ask for it, join Tom Fox and Vince Walden on this Data Driven Compliance podcast episode.

Key Highlights:

  • Continuous improvement through risk assessments and monitoring
  • Effective risk assessment through diverse data sources
  • Uncovering hidden relationships through expense categories

Resources:

Connect with Vince Walden on LinkedIn

Check out Kona AI

Connect with Tom Fox on LinkedIn

Categories
Blog

What Data to Ask For and How to Ask for It

I recently had the opportunity to visit with Vince Walden, founder and CEO of KonaAI, for a podcast series on the uses of data driven compliance. KonaAI is the sponsor of those podcasts. This blog post series will flesh out the podcast show notes over the next five blog posts, and we will discuss generative AI and ChatGPT in compliance, the profiles of a corrupt payment, making the business case for data-driven compliance, what to ask for and how to ask for it and some success stories. In Part 4, we will explore what data to ask for and how to ask for it.

As always, I am joined by Vince Walden, founder and CEO of KonaAI. There is a quiet revolution happening in the realm of compliance. It’s one that, if harnessed correctly, can turn a typically reactive process into a proactive strategy. I am, of course, talking about data-driven compliance. By using the vast amounts of data your organization collects, you can uncover potential compliance risks before they become actual problems. This approach can be a game-changer for your role as a compliance officer and your organization’s overall risk management strategy. No longer will you be caught off guard. Instead, you’ll lead the charge with real-time insights and actionable data.

Imagine a world where compliance isn’t a headache but a strategic advantage. You’re not constantly putting out fires but predicting and preventing them. It might sound like a dream, but it doesn’t have to be. How so? Well, by adopting a data-driven approach to compliance. This innovative method allows you to identify, assess, and manage potential compliance risks based on actual data. It’s about staying one step ahead, making informed decisions, and truly adding value to your organization. It’s not just about avoiding penalties and meeting regulations anymore. It’s about creating an environment of continuous improvement and proactive risk management.

Let’s paint a picture. You’re in a game of chess. But in this game, you’re not just reacting to your opponent’s moves. You’re anticipating them, strategizing, and making proactive decisions. That’s the power a data-driven approach to compliance can bring to your role as a compliance officer. It’s more than just crunching numbers and keeping up with regulations. It’s about leveraging the power of data to identify and mitigate risks before they materialize. It’s about transforming compliance from a cost center into a strategic asset. So, if you’re curious about how to make this data-driven shift, buckle up because we’re about to dive deep into this transformative realm.

Compliance monitoring and risk assessment are crucial components of any effective compliance program. In a recent episode of the podcast “Data Driven Compliance,” hosted by Tom Fox and featuring Vince Walden, the topic of continuous compliance monitoring and risk assessment process was explored in depth. This article aims to comprehensively analyze the critical factors that impact this process, discuss the tradeoffs involved in balancing different factors, and explore the challenges associated with other approaches.

Vince highlighted the importance of starting with a fraud risk assessment. This initial step allows organizations to identify high-frequency and high-impact risks and implement mitigating controls. Compliance professionals can prioritize their efforts and focus on the most critical areas by assessing the likelihood and impact of various risks on a scale of one to ten.

Data sources play a crucial role in risk assessment. Financial accounting systems and third-party data are valuable sources of information for identifying and mitigating risks. Tracking and categorizing expenses in accounting systems is significant for identifying anomalies and assigning risk scores. Vince highlighted the significance of having a centralized system, such as the Kona platform, to streamline this process.

However, relying solely on analytics without integrating them into the fraud risk assessment would be best. He emphasized the need for alignment between data analysis and risk assessment to ensure efforts are focused on addressing the identified risks. Simply conducting data analytics without considering the underlying risks may not yield meaningful results.

One of the challenges in continuous compliance monitoring and risk assessment is the availability and accessibility of data. Some data sources may need help, requiring compliance professionals to prioritize based on the ease of data acquisition and its value. For example, if faced with choosing to conduct a data analytics project in Brazil or China, Walden suggested starting with Brazil due to the relative ease of obtaining data from that region.

Another challenge lies in the scope of compliance monitoring. Walden emphasized that compliance monitoring is not a one-time, all-encompassing effort. It is a journey that involves proactively assessing risks and monitoring them from location to location. Compliance professionals should focus on demonstrating continuous improvement rather than tackling all threats at once. This approach aligns with regulators’ expectations of an effective due diligence program.

In addition to the primary focus on risk assessment, Walden highlighted the importance of considering ancillary areas of inquiry. For instance, looking at places such as charitable donations or marketing spending can provide valuable insights into potential risks of bribery or corruption. The KonaAI tool can help correlate these ancillary data points and provide a more comprehensive view of compliance risks.

In conclusion, continuous compliance monitoring and risk assessment require a thoughtful and balanced approach. Organizations can identify and prioritize risks, starting with a comprehensive fraud risk assessment. Data sources, such as financial accounting systems and third-party data, play a crucial role in this process. However, aligning data analytics with the identified risks is essential to ensure meaningful results. Compliance professionals should also consider the data availability challenges and scope of compliance monitoring. Organizations can meet regulatory expectations and enhance their compliance programs by demonstrating continuous improvement and considering ancillary areas of inquiry.

Resources:

Connect with Vince Walden on LinkedIn

Check out KonaAI

Connect with Tom Fox on LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: eCom Surveillance and Cybersecurity Data Management

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

Data has become much more ubiquitous and needs to be incorporated into business processes. AI data cleansing helps to reduce false positives and provides context to alerts generated by the system. AI capabilities are divided into three categories: removing duplicative content, detecting risk, and providing context. AI-powered data cleansing strips out non-human generated content and focuses on what was sent by an individual. This helps to lower false positives in alerts generated by the system.

The need for eCom surveillance is increasing as communication sources become more varied. Slack, Zoom, Teams, Bloomberg chat, and Ice chat are all becoming commonplace, and companies need to be able to capture data from these sources. Artificial intelligence and machine learning models are being deployed to empower a compliance officer to focus on what’s important and be risk-based. Companies that have been hesitant about the cloud are now moving their data to the cloud.

The amount of voice business that is happening over Zoom and teams and other voice channels has skyrocketed. Regulators have been very clear that you need to capture and record that voice data. Customers have asked for more and more data sources to capture, including audio. Compliance teams need systems to manage collaboration, case management tools, and review tools. Technology allows compliance teams to no longer use Excel or SharePoint to manage their own internal processes.

The combination of technology and compliance is transforming the industry. Artificial intelligence capabilities have come a long way in the past few years and are already good enough to provide a lot of value to customers. The innovation over the next few years will be on the defensibility front, proving defensibly why something was alerted on and why something else was not. Technology is available to capture every data source that’s out there, and it is essential for compliance teams to leverage this technology to remain compliant and competitive.

 Key Highlights

·      Ecom Surveillance

·      Cybersecurity Data Management

·      AI and Compliance

Resources:

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance – AI Tech for Data Compliance, Part 1

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

Data compliance risks are a major concern for organizations of all sizes as data collection and storage grows. A key is to prevent these risks by detecting misconduct before it occurs. AI technology is used to pinpoint risk and misconduct, providing context to alerts. Searching unstructured data is a critical process for organizations to identify and mitigate hidden risks, and the right technology is necessary to incorporate multiple file types and data sources. By equipping with the right processes and technology, organizations can proactively look for hidden risks and take preventative steps to ensure compliance.

Data has become much more ubiquitous and needs to be incorporated into business processes. AI data cleansing helps to reduce false positives and provides context to alerts generated by the system. AI capabilities are divided into three categories: removing duplicative content, detecting risk, and providing context. AI-powered data cleansing strips out non-human generated content and focuses on what was sent by an individual. This helps to lower false positives in alerts generated by the system.

Regulators are now focusing on prevention as part of best practices compliance programs. A key is to prevent misconduct before it occurs by setting expectations that this behavior is not tolerated in the organization. Compliance teams can quickly take action and remediate activity when an incident is found. Consistent approach by compliance teams in quickly remediating bad behavior creates a culture where misconduct is not tolerated.

Unstructured data is data that doesn’t have a hierarchy associated with it, such as Word documents, emails, and text messages. Your app built on unstructured data analytics problems, such as responding to government requests, cyber breach response, and compliance monitoring. Organizations should have processes in place to proactively look for hidden risks. Technology is needed to search through unstructured data to find hidden risks.

 Key Highlights

·      Data Compliance Risks

·      Data Cleansing Importance

·      Preventing Misconduct

·      Detecting Risk with AI

·      Searching Unstructured Data

 Resources: 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Jakub Ficner on Unlocking Data with Investigative Monitoring

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. The intersection of law, compliance, and data is becoming increasingly important in cross-border transactions, mergers, and acquisitions.

In this episode, Tom welcomes Jakub Ficner, Director of Partnership Development at Case IQ. We discuss how to unlock data through investigations and monitoring. With the Department of Justice’s 2023 Evaluation of Corporate Compliance Programs emphasizing the importance of assessing and monitoring risks, Investigative Monitoring is an invaluable protocol for companies to demonstrate their commitment to compliance. This protocol involves collecting data from an investigation to identify anomalies and assess risks, allowing companies to create a culture of compliance and meet the Department of Justice’s requirements.

This structured process allows data analysis and root cause analysis to understand a topic better. Continuous improvement is essential for any compliance program, and Investigative Monitoring provides a way to collect data and ensure fair and consistent outcomes, as well as focus on time and resources. Conversations between two parties are important for gaining insight into a topic, making Investigative Monitoring an essential tool for any company.

Key Highlights:

  • Investigative Monitoring
  • Investigating Anomalies
  • Continuous Improvement
  • The Process

 Resources:

Jakub Ficner on LinkedIn 

Case IQ

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

Categories
Uncovering Hidden Risks

Ep 10 – How eDiscovery Can Help You Reduce Data and Risks in Three Steps

Description:

As data volumes continue to balloon, it’s becoming clear that the quickest path to victory does not involve the fewest steps. This month’s episode of Uncovering Hudden Risks explores ways to defensibly move data minimization decisions upstream to collaboratively expedite the eDiscovery process. EJ Bastien, Director of Discovery Programs at Microsoft, joins Erica Toelle and guest host Caitlin Fitzgerald for the discussion. EJ leads the eDiscovery and Litigation Support team at Microsoft. EJ shares his experience using technology to address the challenges of eDiscovery in the modern cloud world and shares some strategies and best practices to help mitigate risk.

In This Episode You Will Learn:

  • Advice for organizations trying to handle the growing amount of new data types
  • Best practices for implementing an effective eDiscovery strategy
  • Why you should be excited about the future of eDiscovery

Some Questions We Ask:

  • What trends are you seeing that are affecting the eDiscovery space?
  • How you are approaching some of the new technology innovations?
  • What benefits are there to using Purview eDiscovery Premium internally at Microsoft?

Resources:

View EJ Bastien on LinkedIn

View Caitlin Fitzgerald on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:          

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Categories
Data Driven Compliance

Data Driven Compliance: Igor Volovich – Compliance Therapy

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Tom welcomes Igor Volovich, the Compliance Therapy doctor from Qmulos, to discuss how to bridge gaps between compliance, security, and risk management. Volovich emphasizes the need for education and evangelism to unlock the value that compliance could offer businesses. He introduces their compliance therapy branding and highlights the importance of evidence-based compliance management through automation to improve trustworthiness. As we move towards real-time risk governance, automation is key for continuous attestation. Compliance processes have been highly manual and outdated, but regulatory bodies recognize the importance of automation in managing risks.

In the podcast, Tom dives into the need for convergence in compliance and discussing risk in real-time and translating technical terms into risk frameworks. If you’re interested in the convergence of compliance, security, and risk, check out Qmulos’ published guide and resources on their website and social media profiles. Don’t miss out on the chance to learn from the experts and continue the conversation with Igor Volovich and Tom Fox. Listen today! 

Key Highlights

·      Introduction of Compliance Therapy Expert

·      Objective Compliance Management: From Opinion to Evidence

·      Importance of trust and governance in data

·      Revolutionizing Compliance Processes with Automation

·      Effective Risk Management for Businesses 

KEY QUOTES

“Most of the folks have these really weird misconceptions about what compliance is We need to reframe the mindset to rejoin the conjoined twins of compliance and security and risk and get them back together.”

“How do we evolve from this opinion-based compliance management, to objective evidence based compliance management. That’s the question that we asked. It’s more robust. It’s more trustworthy. it’s more real. Right? We’re moving from fiction to fact.”

“Within the sphere of influence that we actually do have, how much control can you exert? How much control can you demonstrate reliably, incredibly? To me, that’s the metric. How much can you prove about what you know? Is it belief or is it true? That’s the thing that we try to focus on.”

“The ultimate answer is, of course, automation, you can’t throw more people at the problem.”

Resources:

Igor Volovich on LinkedIn 

Qmulos

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn