Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 4 – A Training Program for 3rd Parties

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 4, we discuss how to put together a training program for third parties with Andrew Rincón.

Join Tom Fox in an exciting episode about building a stronger culture of compliance through targeted and effective training as he interviews Andrew Rincón. Discover how the compliance industry has evolved and how technology has significantly improved compliance programs. Find out how efficient compliance processes create goodwill for compliance professionals and make them true partners of the business with the help of technology and reliable due diligence partners. Andrew Rincón shares Diligent’s screening and monitoring options for third-party suppliers and the customized anti-bribery and anti-corruption training, available in multiple languages, also perfect for bite-sized, animated micro-learnings. Tune in to learn how to educate distributors and internal gatekeepers on compliance and useful resources for compliance professionals, only on a training program for 3rd parties.

Highlights Include:

  • The Role of Compliance with Distributors
  • Efficient Due Diligence for Distributors
  • Diligent’s Anti-Bribery and Sanctions Screening Solutions
  • Compliance Training & Internal Controls for Distributors
Notable Quotes

“And commission sales agents are certainly recognized as, if not the highest, a high risk, under the FCPA and other compliance regimes.”

“One area the thinking has evolved on, and it sounds like your career and my career, is that due diligence alone is insufficient.”

“So being as efficient as a process. And nowadays, everything moves at the speed of light.”

“But nowadays, with the amount of information that gets published every single day throughout the world, where there’s so much content out there.”

For more information, go to Diligent.com

Join us tomorrow as we conclude our series with a look at the role of the Board of Directors in a compliance program.

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 3-Defining the Effectiveness of Compliance Training

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, a Principal Instructional Designer; Andrew Rincon, Global Accounts Management Advisor at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third-parties, and the role of the Board of Directors. In this Part 3, we consider the always challenging topic of defining the effectiveness of training with Jessica Czeczuga.

The Department of Justice (DOJ) requirement for ‘effective’ training is one of the most challenging areas for compliance professionals. Fortunately, Jessica Czeczuga is a highly respected Principal Instructional Designer with a remarkable 25-year career in the learning and development field and as a seasoned content creator, Jessica has collaborated with numerous experts to create effective training programs that resonate with different learning styles. I was able to visit with her on some of the key steps to get Improved training effectiveness through micro-learning and metrics.:

1. Adopt micro-learning techniques for content delivery
2. Utilize interruptive training methods for behavior disruption
3. Tailor targeted training for at-risk employees

1. Adopt micro-learning techniques for content delivery. Adopting micro-learning techniques is an essential approach for effectively delivering content to learners, particularly in the realm of compliance training. Micro-learning encompasses the practice of focusing on quick, digestible, and repetitious bursts of learning that serve to reinforce essential concepts while being easily accessible to learners. This method deviates from traditional lecture-style training, power point induced traing and allows for an interruptive and integrative learning experience that caters to the needs of varying learners. Leveraging micro-learning as a tool for training purposes allows for a higher likelihood of information retention and eventual behavior modification, as it allows individuals to reflect on their own learning patterns and apply the concepts in a more seamless way.

Czeczuga believes that by utilizing metrics such as pre and post-test scores and survey feedback to determine the effectiveness of training and cater the approach accordingly, highlighting the importance of collaboration between the compliance and training departments in this process. The adoption of micro-learning for compliance training holds significant importance as it ensures that all employees have a comprehensive understanding of relevant concepts and principles. Given that this understanding forms the basis of an organization’s culture of compliance and ethics, it is crucial to ensure that the training methods employed are effective in communicating this information.

2. Utilize interruptive training methods for behavior disruption. One essential approach to keep in mind when implementing compliance training is the use of interruptive training methods for behavior disruption. Interruptive training takes the form of quick, simple, and repetitious bursts of learning that are easily accessible and cater to different styles of learning. This approach allows for content delivery that is geared towards disrupting employees’ routine and thought patterns to promote engagement, behavior change, and a deeper understanding of the material.

Czeczuga noted this approach can be especially beneficial for sending general compliance messages like anti-bribery or corruption communications to a broad audience. Additionally, she related that pre and post-tests can provide useful metrics to determine the effectiveness of the training, while surveys can offer additional insights into how well the content is resonating with employees. In this way, interruptive training methods not only serve to catch employees’ attention and disrupt thought patterns but also allow for a more objective assessment of training success.

3. Tailor targeted training for at-risk employees. In recent years, there has been a significant shift towards more targeted and efficient training methods, particularly for at-risk employees. As a result, targeted training for at-risk employees ensures that they receive the specialized instruction they need, while also making it more likely that they will retain the information and apply it in their daily work activities. Czeczuga explained that even though there may be a need for longer, more focused training for certain employees who are considered more at risk, micro-learning can still be a highly effective tool for delivering general messages, like those related to anti-bribery. The interruptive nature of micro-learning allows it to be delivered in various modes, catering to the needs of different types of learners.

Czeczuga also emphasized the usefulness of pre- and post-tests as a means of assessing training effectiveness, as well as the value of surveys in gauging learner feedback. The importance of tailoring targeted training for at-risk employees cannot be overstated, as the consequences of compliance failures can be both costly and damaging to an organization’s reputation. Ensuring that these employees have the necessary information and tools to act ethically and responsibly is crucial in promoting a culture of compliance and minimizing risk. Collaborative efforts between compliance and training departments are essential for developing and implementing training strategies that strike the right balance between targeted, in-depth instruction for at-risk employees, and more generalized training for the broader staff. Ultimately, a well-executed and carefully tailored training program will lead to improved effectiveness and a more robust compliance culture throughout the organization.

The importance of effective compliance and training programs cannot be overstated for professionals in this field. The steps outlined above provide a comprehensive approach to building and sustaining a robust training strategy that not only engages your employees but also drives positive behavioral changes. From embracing micro-learning techniques and interruptive training methods to fostering collaboration between departments and reinforcing the message consistently over time, these steps can ultimately transform your organization’s culture into one that values and prioritizes compliance. Seize this opportunity to elevate your training efforts, and witness the remarkable impact on your organization as a whole.

Join us tomorrow for a review of training for 3rd parties.

For more information go to http://diligent.com/compliancetraining.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 3 – Defining the Effectiveness of Compliance Training

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 3, we consider the always challenging topic of defining training effectiveness with Jessica Czeczuga.

Join Tom Fox and Jessica Czeczuga from Diligent in this episode as they discuss how to make compliance training effective. Jessica shares insights from years of creating targeted training materials, emphasizing the shift from traditional classrooms to microlearning. She explains how microlearning enhances comprehension, adaptability, and retention in learners. Tom and Jessica also explore the role of testing and assessments in compliance training and showcase the power of surveys in shaping the culture of compliance within organizations. Take advantage of this informative episode that will transform how you think about compliance, train, and communicate.

Highlights Include:

  • Effective Microlearning for DOJ Training
  • Benefits of Microlearning for Corporate Training
  • The Evolution of Compliance Training Testing
  • Building a Culture of Compliance and Ethics
Notable Quotes:

“Microlearning is probably one of the most effective ways to convey content to your donors.”

“One of the things that I love about microlearning beyond all those other benefits is the ability to put together what we call a multimodal communication campaign.”

“Even with all the benefits of microlearning, there are certain situations where longer and more targeted or focused training may be necessary.”

“But I think if you have a training function and a compliance function, they should always be in communication.”

For more information, go to Diligent.com

Join us tomorrow when we review a strategy for training third parties.

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 2-The Value of Targted Training

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, a Principal Instructional Designer; Andrew Rincon, Global Accounts Management Advisor at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third-parties, and the role of the Board of Directors. In this Part 2, we consider the the value of targeted training with Kevin McCoy.

Navigating the complex world of international compliance requires a thorough understanding of regional regulations and a commitment to keeping your workforce informed and prepared. As a corporate compliance and ethics professional, it falls upon you to create robust training programs that cater to the specific needs of your organization across various regions. Improved engagement and effectiveness of compliance training have significant implications on both personal and professional levels, ensuring that employees understand their responsibilities and the consequences of non-compliance. This blog post will guide you through essential steps to enrich your training content, provide additional resources, and establish a successful learning culture within your organization.

Targeting training is not just a buzzword; it is a necessary step towards improving engagement and effectiveness in our compliance and ethics training programs. By understanding our audience’s needs, creating interactive content, and measuring our efforts’ impact, we can significantly improve our employees’ compliance knowledge and behavior. Let’s make a commitment to prioritize targeted training in our strategies and achieve the desired results.Here are the steps to get Improved engagement and effectiveness of compliance training.:

1. Analyze regional regulatory requirements.

2. Customize training content for specific regions.

3. Develop engaging micro-learning modules.

1. Analyze regional regulatory requirements. Compliance training can be an essential aspect of the corporate landscape, ensuring that all employees remain up-to-date on the latest regulations and company policies. However, these training programs can sometimes be perceived as bland and disconnected from the day-to-day activities of the workforce. This is why it is vital for organizations to analyze regional regulatory requirements and create targeted training that is engaging and relevant to their participants. By understanding the specific compliance concerns for each region, organizations can develop tailored content that effectively addresses the most pressing issues. This not only produces more meaningful training sessions, but also increases the likelihood of employees retaining and applying the acquired knowledge in their jobs. Kevin McCoy, noted the importance of tailoring compliance training to regional regulatory requirements. He recommended examining the distinct rules and guidelines for each area where the company operates and utilizing this information to create targeted learning initiatives. By continually monitoring and updating training materials to reflect the evolving regulatory landscape, companies can ensure their employees are equipped with the knowledge and tools necessary to navigate today’s complex business environment.

2. Customize training content for specific regions. Customizing compliance and ethics training content for specific regional requirements is a crucial factor in ensuring its effectiveness. This approach ensures that the material is relevant, precise, and engaging, leading to better retention and understanding among employees. Adapting the content to suit regional rules and regulations, customs, and culture ensures that employees are better equipped to navigate the challenges they face in their specific locations. Furthermore, it demonstrates the company’s commitment to being culturally sensitive and respecting the diverse perspectives of its global workforce. Ultimately, this targeted approach fosters a more ethical, culturally aware, and regulatory compliant workforce, lessening the likelihood of legal and ethical breaches.

McCoy focused on the importance of targeted training in the global business landscape, emphasizing you should create compliance and ethics training content that caters to different regional requirements as well as varied risk-based areas within a company. For instance, sales teams would require training around conflict of interest while manufacturing teams would need training on health and safety regulations. He discussed strategies such as animated videos tailored for specific regions and languages, using native speakers to ensure the content is culturally sensitive and accessible to a wider range of employees. By adapting the content to the specific needs of your employees you will foster a more comprehensive understanding of compliance and ethics across diverse global teams.

3. Develop engaging micro-learning modules. Developing engaging micro-learning modules is an essential step to create effective compliance and ethics training programs for employees. Micro-learning consists of short, easily digestible pieces of training content that employees can access and engage with at their own pace. Implementing micro-learning modules allows companies to address specific topics and target unique segments of their workforce, ensuring that employees receive relevant and timely information. This ultimately leads to increased employee engagement, improved retention of knowledge, and a greater overall impact on the company’s compliance program.

McCoy noted that engaging,  micro-learning modules can focus on such diverse topics such as conflict of interest, anti-bribery, and anti-corruption. These modules can also be culturally sensitive and translated into different languages using native speakers to ensure proper understanding and engagement for a global audience. Moreover, they tailor the content to target different risk-based areas in the company— sales teams may receive training on conflict of interest, whereas manufacturing teams might focus on health and safety. By providing offline training options in various formats such as PowerPoint presentations and PDFs, they further enhance accessibility and engagement.

For corporate compliance and ethics professionals, mastering the art of delivering engaging and effective training is crucial in fulfilling their obligations and safeguarding their organizations. The steps outlined by McCoy, ranging from regional adaptation and micro-learning to offline training formats and supplemental resources, provide a comprehensive blueprint for achieving the desired result. By adopting these strategies, you are laying the foundation for a solid compliance training program that not only keeps employees engaged but also actively contributes to upholding the organization’s ethical standards. It’s time to put these tips into action and experience the remarkable transformation in your compliance training initiative.

For more information go to http://diligent.com/compliancetraining.

To hear more from McCoy on the value of targeted training, click here.

Join us tomorrow where we consider the difficult subject of what is effective training.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 2- The Value of Targeted Training

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 2, we consider the importance of targeted training Kevin McCoy.

In this episode, Tom sits down with Kevin McCoy, a customer success manager at Diligent, to talk about the importance of targeted training in compliance. They dive into the importance of engaging employees through microlearning and Diligent’s unique use of cartoon-animated videos to make the content accessible to different audiences. They also discuss the significance of translating the training into different languages and tailoring it to specific risk areas for different teams. The podcast emphasizes that training leadership and the board in compliance is crucial, and they touch on risk-based training for individuals with a significant impact on the company’s financials. This episode is a must-listen if you want to discover the best strategies for planning and analyzing training to achieve desired outcomes and where to find more information about Diligent training solutions. Join them for the next episode on training effectiveness and improving compliance today.

Key Highlights:

  • Targeted Training in Compliance & Ethics
  • Effective and Targeted Training Translation
  • Training and Leadership in High-Risk Industries
  • Effective Training Planning and Execution

Notable Quotes

“It’s very important then to have your content translated into different languages.”

“There’s a lot of progress has been made over the years with machine translation and also AI is getting very popular, but we still use human-based translators.”

“But within the board or within leadership within the company, he was almost untouchable. It was like he built up fear in the organization, and people were actually afraid to ask questions.”

“The really important thing is to have versatile different types of training.”

For more information, go to Diligent.com.

Join us in our next episode, where we define the effectiveness of compliance training.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 1 – The Importance of Ongoing Communications

Get ready to learn about Building a Stronger Culture of Compliance Through Targeted and Effective in a 5 part podcast post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 1, we consider the importance of ongoing communications with Kunal Agrawal.

In this episode, Tom Fox visits Kunal Agrawal, the Director of Customer Success at Diligent, about the importance of ongoing communications. Kunal shares his extensive background in technology and customer success and explains how his team helps customers with their day-to-day challenges. The podcast focuses on the significance of ongoing communication in compliance, and Kunal stresses the importance of maintaining a consistent cadence in communication to keep the momentum going. The podcast speakers discuss the use of humor in communication and how it differs based on cultural differences. They also emphasize the importance of understanding guidelines to prevent the compromise of sensitive information. This podcast is packed with valuable insights that will help you improve compliance in your organization. To listen to the full episode, head over to diligent.com!

Key Highlights:

  • The importance of communication cadence in compliance
  • Importance of Communication Cadence
  • Effective Communications for Compliance Professionals
  • Compliance with Sensitive Information

Notable Quotes:

“But you take a little bit different approach, and you help clients think about the ongoing part of ongoing communications. And frankly, I’ve never met anyone who talked about that approach.”

“I think having a certain workflow and, as you said, a cadence is equally important. The number one priority is your annual trainings, which is extremely important, and you need to do it.”

“If there is a pattern to a cadence, then people know what to expect and when.”

“If something goes wrong and if any single person in the organization doesn’t understand the guidelines, and in the processes around this, it can reveal compensation data or even health care data and compromise so much information in the world, which can land into hands of the people you don’t want them to get access to.”

For more information go to Diligent.com.

Join us in our next episode where we consider the value of targeted training.

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 1- The Importance of Ongoing Communications

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, a Principal Instructional Designer; Andrew Rincon, Global Accounts Management Advisor at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third-parties, and the role of the Board of Directors. In this Part 1, we consider the importance of ongoing communications with Kunal Agrawal.

Compliance professionals are often tasked with the challenge of keeping employees up-to-date with changing rules and regulations while also fostering a culture of accountability. To achieve this, it is essential to develop targeted ongoing communication strategies that resonate with diverse audiences and drive compliance. Through regular cadence of communication, utilizing various mediums, and taking into account cultural nuances, you can ensure that your organization stays ahead of compliance risks and fosters a culture of trust and integrity. Here are the steps to get improved compliance through effective ongoing communication.:

1. Establish a regular cadence for communications
2. Develop customized messages for diverse audiences
3. Utilize various communication mediums effectively

1. Establish a regular cadence for communications. Establishing a regular cadence for communications is a crucial step in achieving effective ongoing communication in compliance. With the ever-increasing complexity of regulations, compliance professionals need to ensure that employees are kept up-to-date on new developments and requirements. A predictable pattern and schedule for communications can help to instill the habit of ongoing communication among employees and stakeholders, ensuring that they are well-informed and prepared to adhere to necessary guidelines. This regularity allows audiences to anticipate and expect updates, making it more likely that they will engage in and retain the information being shared. By maintaining a consistent schedule, compliance professionals can create a conducive environment for the organization to thrive in terms of meeting regulatory guidelines and staying compliant with the latest rules and developments.

Agrawal emphasized the need to maintain regular ongoing communication, as this allows organizations to address the constantly evolving landscape of technology, data privacy, healthcare regulations, and trading compliance challenges. He suggested maintaining a consistent pattern for communications, such as sticking to a set schedule, to create a pattern and habit for employees to follow. Agrawal also acknowledged the importance of customizing these communications across different mediums and using visual aids when appropriate to cater to the needs of different geographical locations, diverse employee profiles, and varied cultural backgrounds. It is essential to establish a regular cadence for communications, as this fosters a culture of compliance and increases employees’ understanding of the guidelines, expectations, and best practices relating to their roles.

2. Develop customized messages for diverse audiences. Ongoing communication in compliance is essential for fostering a strong culture of adherence to regulatory guidelines and instilling the habit of continual learning among employees and stakeholders. With the ever-changing landscape of regulations in various sectors, it becomes increasingly important for compliance professionals to create well-formulated communication strategies that cater to the diverse needs of their audience. One crucial aspect of these strategies is developing customized messages that cater to the unique cultural nuances, roles, and learning preferences of the different members of the organization. By personalizing the content, compliance professionals can ensure that the information is more relevant, engaging and impactful, resulting in more effective communication and, ultimately, better compliance outcomes.

Agrawal focused on the importance of tailoring compliance communications to the specific needs and cultural contexts of diverse audiences. He noted that the ever-evolving nature of technology, data privacy, healthcare regulations, and trading compliance demands that compliance professionals consistently create and deliver content that truly resonates with their audiences. Agrawal highlighted the need to validate internal content with local audiences to guarantee the appropriateness and relevance of the materials.

3. Utilize various communication mediums effectively.  Utilizing various communication mediums effectively is a crucial step in creating an ongoing communication strategy for compliance professionals. With the rapidly changing landscape of regulations, particularly in industries such as technology, data privacy, and healthcare, it is essential to ensure that employees and stakeholders are aware of the latest requirements and guidelines. To achieve this, compliance professionals must adopt a diverse range of communication channels that cater to different audiences, geographical locations, and cultural sensitivities. This includes not only relying on traditional methods such as emails and newsletters, but also embracing newer technologies and platforms, such as instant messaging apps, internal document repositories, and video conferencing tools. By doing so, the compliance professionals can ensure that relevant and timely information is disseminated effectively and efficiently, thereby promoting a culture of compliance and reducing the risk of non-compliance.

Agrawal elaborated on the importance of identifying the right communication mediums to deliver compliance messages effectively. Promoting a culture of continuous communication, Agrawal stressed the need to maintain a regular cadence for communications to create a predictable pattern and habit. This enables the target audience to anticipate and be more receptive to the information shared. Agrawal emphasized the significance of tailoring communication to cultural nuances and appropriateness, particularly with regard to humor. He recommended validating content with a local audience, ensuring that humor is presented effectively and does not alienate or offend the intended recipients.

For compliance professionals striving to maintain a seamless flow of crucial regulatory information, a strategic and robust communication plan cannot be undermined. From our discussion with Kunal Agrawal, we distilled the essence of achieving improved compliance communications. Through regularly engaging with stakeholders in a tailored manner, leveraging multiple communication mediums, and staying attuned to feedback and cultural nuances, compliance officers can ensure that their messaging is accurate, relevant, and impactful. We encourage you to take these invaluable insights to heart, and empower yourself to craft and refine communication strategies that will drive your organization towards compliance excellence.

For more information go to http://diligent.com/compliancetraining.

Join us tomorrow where we consider the value of targeted training.

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program – Key 2022 FCPA Enforcement Actions

From the Foreign Corruption Practices Act (FCPA) enforcement actions in 2022, one clear theme emerges; that is, organizations must reprioritize their third-party risk management programs. Many companies are becoming complacent in this arena, not realizing the potential consequences of not properly assessing their third-party risk management practices. I recently had the opportunity to visit with Alexander Cotoia of the Volkov Law Group to discuss importance of reprioritizing third-party risk management and how organizations can assess the effectiveness of their current practices. We review three 2022 FCPA enforcement actions to explore the importance of proper third-party risk management and how to avoid the potential consequences of not properly assessing these risks. Join us as we explore the details and implications of these enforcement actions and how organizations can reprioritize their compliance programs for the ever-changing dynamics of third-party risk management.

Here are the steps you need to follow to reprioritize your third-party risk management program.:

  1. Understand that third-party risk, especially as it pertains to anti bribery and corruption concerns, is a universal constant and still the highest risk.
  2. Reassess the framework by which third parties are evaluated and objectively evaluate the totality of risks posed by a potential business partner to the organization.
  3. Implement a risk-based approach to third party risk management.
  1. Understanding third-party risk

Understanding that third party risk, especially as it pertains to anti-bribery and corruption, is a universal constant is an important step in the risk management process. As evidenced by three key enforcement actions, ABB Limited, Oracle and GOL Airlines, organizations must evaluate the risks posed by potential business partners and ensure that the information collected is adequate to objectively assess the totality of the risks. Organizations should be aware that the DOJ requires companies to adopt a risk-based approach to third party risk management. To ensure that the organization is compliant with these regulations, they should review their existing practices and be prepared to supplement them if necessary. Additionally, organizations should be aware that they may be given credit for voluntary disclosure and cooperation efforts when faced with potential violations. This may be beneficial when determining penalties and is an important factor to consider when dealing with third party risk.

  1. Reassess your third-party framework

Reassessing the framework by which third parties are evaluated and objectively evaluating the totality of risks posed by a potential business partner to the organization is a critical step in reprioritizing your third-party risk management strategy. This should be approached holistically, focusing on the information being collected and its adequacy in objectively evaluating risks. Organizations should adopt a risk-based approach, as recommended by the DOJ, and not simply have a one size fits all approach. This approach should include due diligence, assessing the potential partner’s reputation and business practices, verifying their legitimacy and background, and understanding their country of origin and its laws. Additionally, organizations should consider the potential partner’s relationship with government officials and whether it could violate any anti-bribery or corruption laws. If any of these issues are identified, organizations should look into it further to ensure that their partner is compliant. By doing this, organizations can ensure that they are not engaging in any activities that could be deemed illegal or unethical. 

  1. Implement a risk-based approach

Implementing a risk-based approach to third party risk management is essential to any organization’s compliance program. This involves assessing the external parties on which an organization relies operationally, and identifying any risks associated with those external parties. This assessment should include evaluating their qualifications and experience to ensure they are able to meet the organization’s expectations. Additionally, organizations should consider conducting background checks on potential external parties, and assessing any potential conflicts of interest that may arise. Once potential external parties have been identified, organizations should consider conducting due diligence to ensure that the external party has not been involved in any fraud, bribery, or other criminal activities. Organizations should also consider developing contracts and compliance policies for external parties and monitoring their activities to ensure compliance. Finally, organizations should consider developing a training program for their external parties to ensure they understand the organization’s expectations and policies. By implementing a risk-based approach to third party risk management, organizations can reduce the risk of an FCPA violation and ensure their organization remains compliant.

Third-party risk management one of the most critical components of any organization’s compliance program. Organizations should take the initiative to reprioritize third-party risk management and assess the effectiveness of their current practices. Through the exploration of three enforcement actions and the introduction of the joint compliance note, this article has highlighted the importance of properly assessing third-party risk and how to best prepare for the ever-changing dynamics of third-party risk management. By implementing a risk-based approach to third party risk management, organizations can protect themselves from potential violations of the FCPA and ensure their organization remains compliant. With the right tools, processes, and dedication you can achieve the same results and protect your organization from costly fines and penalties.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Alexander Cotoia on the podcast series, sponsored by Diligent here.

Check out the Volkov Law Group here.

Categories
Innovation in Compliance

Third-Party Management: A risk-based approach – Part 4: Adam Bailey on Reporting

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 4, I visit with Adam Bailey to look at the role of the Board in risk, audit, compliance, and ESG and the reporting from executive teams and GRC practitioners to take risks and seize chances.

Bailey has worked to help organizations better manage their risk by providing insight and clarity to boards of directors. He strived to enable executive teams and GRC practitioners to assess and manage strategic risks, ultimately connecting boards, practitioners, and executives together to innovate and drive growth. With the complexity of third-party relationships continuing to grow, companies need to adopt a continuous improvement approach to contend with unforeseen risks. A corporate compliance function is not just something nice to have, but a must and a Board needs clear and relevant data to make the best decisions. Organizations need to use the necessary tools to ensure that Boards have the visibility to manage their third parties and make informed decisions.


Key Highlights

1. A compliance function must support leaders through its reporting work.
2. Companies can effectively manage third-party risk with a risk-based approach and robust processes.
3. Connecting Board, senior executives, and practitioners together to enable organizations to take risks and innovate is critical.

Notable Quotes

  1. “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”
  2. “Continuous blanket monitoring of all third parties with every risk asset you can think of is just not feasible and probably wouldn’t deliver the outcomes that we need.”
  3. “We know that change is constant, regulators are looking for risk management policies and practices which continually improve and evolve over time.”
  4. “We need robust processes and systems in place to make sure that when you create your third-party profile, it’s screened against sanctions lists, embargo watch lists, et cetera, to provide the rich data that’s there.”

Resources

Adam Bailey on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program -Reporting

Today’s business landscape is becoming increasingly complex and globally interconnected, with the average business now working with over 100 third-party vendors. While this presents a wealth of opportunities, it also brings a range of challenges for boards and GRC professionals alike when it comes to third-party risk management. I recently visited with Diligent’s Senior Vice President of Products, Adam Bailey on how to tackle these challenges and leverage third-party risk management to identify opportunities and equip boards to take risks, innovate and drive things forward. Here are the steps you need to follow to also get clarity, insight, innovation.:

  1. Understand the role of the board in oversight and provide clarity on third-party risk management.
  2. Board review Codes of Conduct.
  3. Continuous improvement view of risk management.
  4. Utilize real-time data to react to changing times.
  5. Ensure commitment to shared values and ethical cultures.

 1.Understand the role of the Board in oversight

Understanding the role of the Board in oversight and providing clarity on third-party risk management is an essential step in any risk management strategy. Obviously, the Caremark Doctrine is the leading authority which Boards must follow. But more than simply oversight to  meet a legal requirement, businesses should see the business opportunity by creating a business process which connects employees, compliance professionals, executives, and boards together in a seamless process. This connection enables a culture of continuous improvement that starts at board level and cascades down through the structures of the business. This allows two-way communication between boards and compliance professionals, so that boards can clearly communicate their risk management strategy and expectations. 

  1. Board review of Codes of Conduct

A key role for any Board is to review and refresh if needed your organization’s Code of Conduct on a regular basis. When it comes to third-party risk management this is needed to  ensure that the third parties are following the company’s established guidelines. A Board should understand the importance of third-party risk management and how to fulfill their role of oversight. There should be an enterprise-wide single source of data for every Board to ensure effective governance, risk and compliance. Boards should also be provided with dashboards to allow for continuous monitoring of third-party relationships and to provide real-time information and data to enable businesses to react to changing times. Ultimately, companies need to show that their Board is making a good faith effort to address risks by having due diligence processes in place and effective plans to monitor those processes.

  1. Continuous improvement view of risk management

A key role for any Board is to implement a continual improvement view of risk management. This shifts an organization’s focus from a one-time due diligence approach to ongoing, rigorous due diligence designed to identify risk areas and set benchmarks for improvement. This allows a Board to have a clear view of the risks involved and make informed decisions. A two-way dialogue is also important, with data flowing up to the board and actions cascading back down to the compliance team. 

  1. Utilize real-time data to react to changing times

There is probably no more important task for a Board in 2023 than responding to changing times. Obviously Covid-19 is still in front of mind, but the change political, geographic, economic and even climate changes are moving much more quickly now. For a Board to provide effective oversight, it must have access to real-time data to react to changing times. This is both from a regulatory perspective and a business/reputational perspective. All internal stakeholders should be connected with enterprise-wide single source of all nonfinancial data required for effective governance, risk, and compliance. The platform also provides real-time information and data so Boards can quickly react to changing times. Furthermore, the platform adds relevancy and context to the risk data which helps Boards make informed decisions based on the potential upside and downside of taking on certain risks.

  1. Ensure commitment to ethical values and ethical cultures

It really all does start at the top and Boards must ensure commitment to ethical values and ethical cultures. Boards should mandate that companies adopt a continual improvement view and embrace not just one and done due diligence, but ongoing monitoring and continuous improvement. Boards should mandate that organization enforce their commitment to ethical values, ethical cultures, and honest business practices. When it comes to third parties, Boards must understand the risk each third-party poses and to consider the business in question and the sort of inherent nature of the dealings with that third-party. Having a robust platform also provides real-time information and data throughout the relationship with the third-party, dashboards to monitor third-party information, and a single source of truth for all nonfinancial data. This allows for a two-way dialogue between GRC professionals and the board to ensure that the board has the clearest, most relevant, and most targeted information to inform better decisions.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Adam Bailey on the podcast series here.