Categories
Innovation in Compliance

Series Spotlight: Revolutionizing GRC with 6clicks: Part 1 – Managing a Multi-Entity GRC Architecture with 6clicks Hub and Spoke


Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 1, I am joined by Joe Schorr on Managing a Multi-Entity GRC Architecture with 6clicks Hub and Spoke.
Schorr handles global channels, which encompasses service provider partners and technology partners and the traditional channel resale role. We turned to the ‘hub and spoke’ model which 6clicks advocates. He said that 6clicks pioneered the evolution from a multi-tenant or federated approach of GRC architecture to hub and spoke model. The difference is that in a multi-tenant or federated approach it is seen as much more vertical or up and down the chain. But the hub and spoke is “just like with airline travel, back in the old days of networking, where we had hubs, routers and switches and the computers all hooked to a hub.”
Schorr went to explain, “in our model, we’re using what we call center of excellence, think of it as the headquarters or the hub or the terminal and an airport. And they have the different wings go out to the different entities.” The architecture can “pull different types of data and analytics from those entities, or those folks are out there bringing them back into the center of excellence.” Additionally, “the center of excellence by the same token can have a lot of centralized benefits like templates and controls which they are able to push that out at the same time to all these different entities.” Schorr believes it is “the holy grail of what people have been looking for; to control from a central location really complex information that require a ton of data flowing both ways.”
Moreover, the hub and spoke approach facilitates a GRC conversation with a wide variety of people. This could include compliance professionals, lawyers, other non-technical folks at the C-suite or executive level and certainly in the Board level and everywhere in between. It helps to define everyone’s role in the GRC and broader risk management process. Schorr said, “That’s beauty of it because you can craft it. For instance, in a Private Equity company with multiple portfolio companies, there is much sensitive information and, not everybody in every portfolio company needs to see what’s going on in every other portfolio company. This approach allows an organization to segregate all that data yet allows you the freedom to utilize the information you want to as access control is built into the architecture.”
We continued on the example of the private equity firm with multiple portfolio companies, which are sometimes in the same industry, but sometimes not. There is always a wide variety of data and disparate sources of data that you have to pull in. This disparate data has to be collected, in a manner that can be utilized by the private equity firm, the corporate office, whatever the hub might be. However, the stakeholders, corporate subsidiaries or portfolio companies at the end of the spoke might need that data to make tactical if not strategic decisions. Next, overlay reporting to senior management and then a Board of Directors, all in a changing regulatory environment. This hub and spoke architecture can be an incredibly powerful way to collect and utilize data. Schorr explained, “if you are hired to do a risk assessment against 200 portfolio companies, you have a massive set of risk data in all kinds of different things. You have collected data; you have interviews, you have done vulnerability scanning, you’ve done risk assessments, third party risk assessments, vendor assessments, everything you could possibly imagine. That is all rolled up collected somewhere and a bunch of smart people look at it and we’re all trying to grade it and do things manually and push it around. And at the end of the day, just like you said, this is really important.”
This approach allows you to prepare a Board level C-suite report. You can also create a functional management report for middle management as that level is usually the one which must read this and decipher it and then push it out. Schorr said, “there is also a bottom layer which a report needs to go out to. It’s almost a raw data level report that goes out to the people in the field or the people at those portfolio companies who are responsible for fixing things” the hub and spoke approach to 6clicks GRC architecture allows you to work on those levels.
Join us tomorrow where we take up utilizing machine learning and AI in your GRC practice with Andrew Robinson, 6clicks co-founder and Chief Information and Security Officer.
For more information on 6clicks, check out their website here.
 

Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 5: GRC Then and Now


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I have visited with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community, reviewed GRC and K2 Intelligence FIN and today, in Part 5, we conclude with a look at GRC then and now.
I found most interestingly that Jeremy Kroll believes one of the key mainstays of GRC is something that many compliance professionals are only now coming to realize, which is that proactive compliance is more effective and more cost effective than reactive compliance. With the addition of technology, it is possible to do things not only more quickly and more efficiently but in a much more cost-effective manner. Jeremy Kroll noted, “What we’re seeing is the velocity of data available, the increasingly important role of technology, coupled with a multi-disciplined approach within organizations to create governance, frameworks, risk management techniques and abilities, and compliance programs that are even more essential now.”
Moving forward, compliance and ethics as well as GRC professionals, who are living and breathing the mission every day, are more fully operationalized down to the front lines. It is these risk management professionals who will be the ones first identifying the risk and risk management strategy. As Jeremy Kroll noted, “This will help you to flatten the curve and that risk particularly to your reputation or your business. I would say, come on over the water’s warm here, we’re growing very quickly. And I think as a proof point, the investment community is showing up every day at our doorstep. And they’re also thankfully investing in a lot of other businesses in our field and technology, RegTech, CompliTech, also professional services and advisory.”
We ended by agreeing that GRC is going to be one of the most exciting areas, including the outsourcing of compliance, which also includes training and education. Here Jeremy Kroll said, “we are taking people who are already in their forties, fifties, or even sixties, and we’re retraining them. And so, pivoting and making a career change and growing in this field, this is a growth field and we want that wisdom. We want that judgment. We want that business or life experience. And you can couple that with young employees and technology enablement, and then you can add tremendous value to clients.” It really does not get much better than that.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.

Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 4: GRC and K2 FIN


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week am visiting with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community. In Part 4, we consider GRC and K2 Intelligence FIN and will conclude tomorrow with a look at GRC then and now.
Jeremy Kroll counseled that you must “start with an investigative mindset and understanding what the core risks are. Where is that inflection point? Sometimes you might find out a little bit late, but so long as you are quick to react and pivot, you can change the calculus. That means you have to be ready with enough resources internally. You need to make sure that you have a couple of key crisis response or organizations on speed dial because you can’t do everything yourself and your team is usually focused on doing business as usual.” He ended with “how do you be prepared and be in a position to make sure it is a normalized environment when you are dealing with a significant risk to your organization?”
A growing area is outsourced compliance, which was once again recognized in the 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs. Jeremy Kroll noted, “For entities of any size, it’s important to have the ability to constantly monitor and update compliance procedures and protocols as risk profiles change. However, we also know compliance budgets are under tremendous pressure to adhere to budget cuts and to create greater efficiencies. As a result, our third-party managed services offer outsourced technology and manpower service that enables these organizations to meet regulatory requirements and control costs. We leverage flexibility and scalability across areas including coping with a shortage of experienced employees; improving compliance processes; developing and maintaining a robust technology infrastructure; and tackling global compliance demands.” Jeremy Kroll concluded, “This way, for entities who don’t know where to begin or simply do not have the internal resources, they can rely on organizations like ours to help.”
Please join us for our final episode of this podcast series where we examine GRC: then and now.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.

Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 3: GRC and the Investment Community


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we are reviewing the current Governance, Risk, and Compliance (GRC) landscape, GRC at work, GRC and the investment community, GRC and K2 Intelligence FIN and will conclude with a look at GRC then and now. In Part 3, we consider GRC and the investment community.
It turns out that the investment community should be one of the biggest users of GRC platforms and technologies, particularly when we examine recent events around risk exposure in anti-money laundering (AML) and other illicit activity. Private equity is built to grow businesses and GRC is a key component as a solutions system. One regulatory area that Jeremy Kroll pointed to was AML, “AML was something you might hear about because of narco-traffickers and that some of the big money center banks were in trouble because they were banking drug dealers. After September 11th, everything changed. There was a wellspring of professionals entering the field, either they entered it because they wanted to serve in government or they wanted to pivot in their careers and go from being an auditor, a lawyer, an in-house risk manager into this whole area of fighting terrorism, through tracking, tracing, and reducing the threat of illicit finance. It only picked up steam and in part because of the whole financial collapse and crisis in 2008. Even beyond that, I think what happened was that the regulatory and enforcement bodies both in the United States and Europe have really committed to cracking down because there is money laundering going on.”
All of this has led Jeremy Kroll to conclude that investment firms are looking to invest in companies that can help mitigate these risks more than ever in a post-COVID 19 environment and that an increased innovation and growing number of solutions emerging. Please join us tomorrow where we look at GRC and K2 Intelligence FIN.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.

Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 2: GRC at Work


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In Part 2, we consider some examples of GRC at work.
From the Foreign Corrupt Practices Act (FCPA) world, there is Siemens, which sustained a $1.6bn fine from both US regulators and German regulators for its institutional corruption. The case still remains a landmark settlement and clear failure of a GRC framework. While the company had the rules, policies, and procedures written down, their GRC controls ultimately failed because of a lack of adequate leadership and a culture that enabled corrupt behavior. Following the enforcement action, it became clear they had to reinforce their compliance controls and corporate governance framework.
We ended with some of the biggest takeaways. First, mitigate risk on an ongoing basis. Next, be proactive, not reactive. Finally, it is all about culture. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC and the investment community.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.

Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 1: GRC Explained


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future.
Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In this Part 1, we consider the current GRC landscape.
GRC aims to synchronize information, processes and practices across the enterprise to help entities operate more efficiently by enabling effective information sharing about risk, aligning risk mitigation with organizational goals, allowing for more accurate and effective risk insights, while avoiding wasteful redundancies. Kroll related that a high-level explanation of GRC is “governance is at the top of an organization, literally the very tone from the top. So, at the end of the day, it’s, how can you share information, align your plans, to organize your goals and create an environment where you get more accurate, more effective insights to help you mitigate or manage risk”. GRC ensures that the people who are in the position to avoid risk and effectuate risk avoidance activities can effect that change, alter the course before things go wrong, based upon having the right information.
We turned to risk appetite. Jeremy Kroll believes “organizations have evolved and now there is precious little time to really experiment and figure out not whether something is going to go haywire”. This make is more about business resiliency. To be able to start or expand a business in this competitive world, you have to have a certain appetite for risk. GRC provides a framework to not only “have that appetite, but also be able to take certain decisions; whether that is a geographic expansion and going into a new market or going from investing in a people based businesses, and then starting to pivot into technology.” You can take certain risks as you either evolve or even transform the organization or team. Kroll pointed out that GRC can allow for an “organizational design that allows the highest levels of the business to listen and have the information flow to them and then react quickly that an organization does not lose its way.”
We next turned to the components of a strong GRC framework. They include: tone at the top governance; an effective method to identify, assess and quantify the risk; the ability to train and enforce compliance requirements; independent testing of mitigation measures and to close gaps and remediate deficiencies; audit programs focused on continual improvement and reporting; and the ability to communicate all of the above up the chain of command to the decisionmakers and change agents where decisions can be made and adjustments that cascade back down through the organization.
With these components in place, Jeremy Kroll then expanded out on how they are used. It begins with identifying the risks and then assessing them. From there you create a risk management plan and “once you have that plan in place, being able to monitor it, which leads to training and the constant reassessment, not just of the systems, but the people in your organization.” Moreover, if there is a failure, how quickly can you react and remediate? Jeremy Kroll concluded that it is actually “putting your plan into practice.” He provided the example that if you are a senior inhouse counsel and you are having a conversation with an engineer out in the field, you must, “feel their pain, to understand what it’s like to perform at a high-pressure environment.”
He concluded that GRC has become a much broader part of the conversation across the board. For example, this has become a larger part of the due diligence process for investors examining portfolio companies or acquisitions. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC at work.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.

Categories
Innovation in Compliance

Why GRC is the Keys to the Kingdom with Matt Kunkel


Matt Kunkel saw a need in the market for “a platform that could act as a central nucleus and bring together and automate in a flexible, easy fashion, all of the different components that make up a traditional governance, risk and compliance regulatory program.” He, together with John Siegler and Dan Campbell, founded LogicGate to fulfill that need. Matt joins Tom Fox on this week’s show to talk about LogicGate’s GRC platform and how it helps businesses improve their bottom line.

Every Business Needs a GRC Champion
Matt wants to give business leaders the keys to the kingdom from a technology perspective. Leaders should be able to own and maintain Governance, Risk and Compliance (GRC) technology that grows and evolves alongside the company’s growth and evolution. A well run GRC program has multiple stakeholders throughout the organization, he points out, especially a champion who will advocate for a culture of risk and compliance. He shares six tips for choosing the best GRC solution.
Managing Third Party Risk
Tom asks about the key exposure points in third party risk and how LogicGate’s solution helps to manage those risks. Matt responds that the best GRC program is only as good as the third parties we use and the programs they have in place. He explains the role of their platform in managing third party risk as well as performing due diligence. 
Risk is Good
Matt explains why all businesses should have a Business Continuity Playbook: it’s your Bible to tell you what to do when a disaster strikes, he says. He emphasizes that risk is good. “Risk is good. Companies are built and scaled and grow and achieve great things because they take on… additional strategic risk,” he remarks. It’s about evaluating where risk lies and taking the necessary mitigating steps that would enable you to take on more risk and drive better business outcomes. “I hope that we as an industry can elevate compliance professionals, risk professionals, security professionals to a spot where we can help the organization make strategic decisions based on risk to drive better top-line outcomes, more revenue for the business. It’s not just about asset protection, it’s about revenue generation,” he comments.
Resources
LogicGate.com
LogicGate on LinkedIn | Twitter
Matt Kunkel on LinkedIn