Categories
This Week in FCPA

Episode 286 – the Georgia Finally Beats Alabama


The college football season has ended with UGA finally defeating UA. Tom and Jay turn their full attention to the NFL playoffs now and also look at some of the week’s top compliance and ethics stories this week in the Georgia Finally Beats Alabama edition.

Stories

1.     Carnival and Princess Cruise Lines violated DPA yet again. Matt Kelly in Radical Compliance. DOJ Press Release.
2.     Prioritizing items from the Strategy on Countering Corruption. Worth McMurray in the FCPA Blog.
3.     DOJ to look at short sellers. Jaclyn Jaeger in Compliance Week (sub req’d).
4.     Proposed framework for CCO liability analysis. Mengqi Sun in WSJ Risk & Compliance Journal.
5.     Manipulation on timing of FCPA enforcement action? Matthew Stephenson debunks a new article in GAB.
6.     ComTech comes to financial institution compliance. Christian Wunderly in the FCPA Blog.
7.     Phil Tetlock and Superforecasting come to risk management. Jim DeLoach in CCI.
8.     Ethics and FCPA predictions for 2022. Mike Volkov with a double dose of Carnac the Magnificent. Ethics here. FCPA here.
9.     Banks develop climate risk consortium. Aaron Nicodemus in Compliance Week(sub req’d)
10.  Liability of local representatives under GDPR. Kelly Hagedorn and Matthew Worby in Compliance and Enforcement.

Podcasts 

11.  Tom and Matt Kelly conclude a 2-part podcast series on issues they are following in 2022.  On Compliance into the Weeds, Part 1 and Part 2.
12.  In January on The Compliance Life, I visit with Valerie Charles, partner at StoneTurn. Val has one of the most interesting journeys in compliance. In Part 1, she discussed her academic background and early professional career. In Part 2, she discusses her move to ComTech.
13.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Classroom Insider. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. In Episode 4, Colin Manchester discusses the evolution of the disclose or abstain rule.
14.  Mikhail Reider-Gordon returns in Lies, Spies & Corporate Crimes: The Wirecard Saga, with Season 2, Episode 3 Shell Games.
15.  Check out 31 Days to a More Effective Compliance Program returns, which runs for the month of January, from January 1 to January 31. Available on the Compliance Podcast NetworkMegaphoneiTunes, and all other top podcast platforms.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Great Women in Compliance

Jonathan Armstrong – Original Gangster Great Gentleman in Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

Welcome to the first Great Women In Compliance episode for 2022. Lisa and Mary are really excited about starting off another year of connecting, communicating and celebrating our GWIC family.

While Mary and Lisa usually start out each quarter with a joint discussion, this time they do a joint interview with a guest who was there when this podcast was born. Jonathan Armstrong is a strong supporter of women in compliance, diversity, and is an expert in GDPR, Brexit, and many other multinational issues, as well as a partner at Cordery Compliance, and is based in the UK. He is also on the Compliance Podcast Network as a co-host of the “Everything Compliance” and “Life with GDPR” podcasts.

 In this episode, we talk about what he thinks should be top of mind for E&C professionals in multinational organizations, how Brexit has impacted compliance programs, and what is new in the world of GDPR and data privacy.

Jonathan is also known for his ability to connect and build relationships. and talks about how he builds his network and his approach. Lisa and Mary like to think that one of the highlights of Jonathan’s career is that he won the GWICie for Comic Relief, and not only will you understand why after listening to this episode.

As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Life with GDPR

Potpourri Edition


Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. We use the recent speech by Deputy Attorney General Lisa Monaco as a jumping off point to discuss how this change in DOJ enforcement policy and focus will be impacted by GDPR, the new EU Whistleblower Directive and how increased international cooperation around international anti-corruption compliance may play out. Some of the issues we consider include:

  1. Data protection issues under the new DOJ FCPA enforcement policy?
  2. Monitorships outside the US.
  3. Data privacy and investigations.
  4. Class actions in the UK going forward.
  5. Increased cooperation between the DOJ/SEC and the UK Serious Fraud Office.

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Survive and Thrive

How to Survive a GDPR Data Breach in the USA


How to Survive a GDPR Data Breach in the USA Eventually, every company will deal with cybersecurity issues that include hacking that exploits security controls and technical, physical, or human-based elements. Such an emergency requires a robust internal incident response plan as soon as possible. Compliance leader, attorney, and international public speaker Kortney Nordrum reminds you of these crucial situations; “You want to have a plan before you have to use a plan.” Key points discussed in the episode:
✔️ Make sure there’s an incident or a crisis plan and that you have a set you’re going to call, who’s going to get on the phone, and who will make decisions. These should be documented so that there’s no time for guesswork when things are urgent.
✔️ Ensuring a solid system for awareness should start at the level of the customer service representative and the email help desk teams to preempt data breach issues. Have the right people be able to ring the right alarm bells early in your organization.
✔️ Evaluate the extent of the information security hack or breach on top of all other risk and regulatory assessments.
✔️ Determine which are the impacted customers and employees and analyze the individual countries of residence. Figure out where reporting should happen as prescribed in the General Data Protection Regulation (GDPR) of the European Union.
✔️ Set up a toll-free number for questions and work with the core team on public notices or any public response. When we see organizations getting hacked, you’ll see it on a blog before that organization says anything publicly. Make sure to direct the message rather than have gossip around what happened.
✔️ Engage a forensic firm if needed if in-house knowledge is not enough to assess what happened, how the breach occurred, and set the steps necessary to prevent it from happening again.
✔️ It is best for compliance professionals to remember what the adage says: “an ounce of prevention is worth a pound of cure.” Getting ready for a hacking incident requires early planning on initiating incident response measures tested at least yearly and reducing or preventing adverse impacts should they happen. —–
———————————————————————–
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Cou
 

Categories
Life with GDPR

Happy Birthday GDPR, Part 2

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today we conclude a special two-part episode in honor of the 3rd anniversary of the go-live of GDPR. We review five key developments in GDPR review, regulation and enforcement over the past 3 years. In Part 1, we looked at the increased militancy in GDPR enforcement, both from regulators and in private actions and enforcement trends over the past 3 years.  In this Part 2, we consider the where of doing business, data security and customers issues as they have evolved over the past 3 years.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

Happy Birthday GDPR, Part 1

 
In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today we begin a special two-part episode in honor of the 3rd anniversary of the go-live of GDPR. We review five key developments in GDPR review, regulation and enforcement over the past 3 years. In this Part 1, we look at the increased militancy in GDPR enforcement, both from regulators and in private actions and enforcement trends over the past 3 years.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

Looking Back and Looking Forward

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we take a look back at some of Jonathan’s most significant cases, enforcement actions and events in data privacy/data protection in 2020. We also consider the potential impact of Brexit on data transfers between the UK and the EU and how this will impact data transfers between the UK and US.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

Reduction to GDPR Fines by EU Courts


In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider EU courts reducing fines and penalties assessed by data protection regulators. The case reminds us that, as we said before, data protection authorities are likely to face challenges to high fines in the courts. In some respects, the fine mechanism in GDPR is based on the system in use in competition law cases where the success rate in appeals has been high. Some of the highlights are:

  1. Background to several cases.
  2. What did the court say?
  3. What did the regulators say?
  4. What are the lessons learned for the data protection/data privacy compliance specialist?
  5. What steps can your organization take?

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
FCPA Compliance Report

Jonathan Armstrong on the UKBA, GDPR and Modern Slavery Compliance

The FCPA Compliance Report is the longest running podcast in compliance, premiering on July 31, 2015. This week begins a series of podcasts leading up to the 500th anniversary episode of the FCPA Compliance Report, which will post on Monday, August 31. Over the next five episodes, I will post podcasts of 5 top FCPA and compliance commentators. Over this week, I will be joined by Mike Volkov, Matt Kelly, Jonathan Armstrong, Jay Rosen and Jonathan Marks. Each will speak about the evolution of compliance from their own unique perspective. In this episode, I visit with Jonathan Armstrong, co-founder of Cordery Compliance. We take a look back at the evolution of UK and EU laws around bribery, data privacy/data protection and modern slavery and the compliance response.
Some of the highlights include:

  • The UK Bribery Act was a seminal law for international anti-corruption enforcement which brought another sheriff to town.
  • How tech monopolies have led to greater enforcement in the UK and EU.
  • How one person can make a change. Max Schrems was a law school student in 2011.
  • How the US model of FCPA enforcement influenced regulators across the globe.
  • The evolution of DPAs in the UK and elsewhere.
  • Armstrong believes the fight against slavery is a job only half well done.

Lineup 
I hope you will listen in to each episode over this week. The lineup will be:
Monday, August 24-Episode 495-Mike Volkov on changes in FCPA enforcement.
Tuesday, August 25- Episode 496-Matt Kelly in changes he has observed in compliance from the business journalist perspective.
Thursday August 27-, August Episode 498-Jay Rosen in changes in compliance from the business development perspective.
Friday August 28-, August Episode 499-Joanthan Marks on changes compliance mirroring those from internal audit.
Monday, August Episode 500-the Anniversary Episode.

Categories
Life with GDPR

Requirements for the DPO

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Belgian Data Protection Authority which imposed a fine of €50,000 ($54,203) on an un-named organization for non-compliance with the GDPR conflict of interest requirement; in the selection of its Data Protection Officer.  Some of the highlights are:

  1. What were the issues and interests involved in this case?
  2. What are the requirements for a DPO under GDPR?
  3. How and why was the company ‘seriously negligent’?
  4. What are the implications going forward?
  5. What is this decision’s precedential value?
  6. How much expertise, authority and autonomy must a DPO have going forward?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.