Tag: Jag Lamba

Categories
Blog

Upping Your Game – Compliance Moves into the 2030s

On February 10, 2025, the Trump Administration suspended investigations under and enforcement of the Foreign Corrupt Practices Act via Executive Order. Many compliance professionals have since wondered what this will mean for corporate compliance programs. Hui Chen, in a blog post entitled Pause in FCPA Enforcement: Crisis or Opportunity?, said, “Many in the compliance world have expressed lament, concerns, and anger. Understandably so. This may feel like an existential crisis for an industry so dependent on enforcement as its raison d’être. Yet, in every crisis, there is an opportunity. This is no exception.” She stated, “We will have the opportunity to find out which companies do not believe they need to engage in bribery to be competitive. But we will also see companies recalibrate their risk tolerance not because the door to foreign bribery has been wedged open, but because their past fear-driven strategy resulted in a sometimes overly narrow view of corporate risk and responsibility in this space.” She listed three key areas to start, the third being “it’s time to up your game.”

I agreed wholeheartedly with Chen. Inspired by Chen, I wanted to write a book for compliance professionals about how they could think through ‘Upping Their Game’ using currently existing Generative AI (GenAI) tools to improve their compliance programs dramatically. It all starts with the precept from Carl Hahn, “To me, the animating reason for our compliance program was to deliver business value. And that was my proposition on day one. It is a positive business-forward proposition based on returning on investment, returning value to the business, being part of the business strategy, enabling the achievement of strategic goals, and enabling the company to successfully deliver to its customers, investors, stakeholders, and employees.” As compliance professionals, it is critical to recognize that this moment is not merely about incremental improvements. The Trump Executive Order brings to the compliance profession a rare inflection point where revolutionary technological advancements, if harnessed strategically, can elevate our profession to a new level of effectiveness, efficiency, and organizational value.

Once reliant on manual oversight, reactive reporting, and periodic audits, compliance monitoring is evolving into a proactive, real-time capability empowered by sophisticated AI technologies. Compliance professionals historically functioned as gatekeepers, viewed as necessary but inconvenient barriers to business velocity. But now, driven by AI, compliance stands poised to shed that restrictive image, embedding directly into core operational workflows and thus shifting from gatekeeper to integral business partner.

Today, the cutting edge of compliance is driven by two primary strands of AI: predictive analytics, leveraging machine learning, and GenAI. Each has distinct capabilities, but combined, they represent a powerhouse able to address the vast majority of traditional compliance challenges and emerging risks. At its core, compliance seeks to identify, manage, and mitigate risks. Traditionally, this has meant looking backward, investigating past issues, and reacting to problems after they occur. AI fundamentally shifts compliance from this rearview mirror perspective to a forward-looking, predictive posture. Machine learning technologies empower compliance officers to train AI models on vast quantities of historical data, teaching systems to recognize patterns and indicators that suggest elevated risk in real-time.

Today, a compliance officer can use predictive analytics to tag transactional data by risk category, identifying potential bribes, improper payments, fraud, conflicts of interest, and sanctions violations. With these capabilities, compliance teams can proactively identify, isolate, and remediate issues before they escalate, significantly reducing organizational exposure and regulatory risk.

This shift from reactive to proactive risk management also enhances compliance agility. Organizations equipped with AI-powered monitoring can swiftly pivot to address new regulatory developments or emerging business risks. Because AI can integrate and analyze data in real-time from diverse sources, such as financial records, employee communications, operational metrics, and third-party data, the organization is positioned to respond to regulatory inquiries swiftly, accurately, and effectively, thus greatly enhancing compliance resilience.

AI offers a transformative capacity to integrate compliance directly into essential business processes by embedding compliance directly into an organization’s operations. Andrew McBride’s approach is termed the “Holy Grail” for compliance professionals who seek to seamlessly embed compliance responsibilities within operational workflows, enabling employees to carry out compliance tasks without interrupting their regular business activities.

For all these reasons and more, I am thrilled to announce the publication of my latest book, Upping Your Game: How Compliance and Risk Management Move to 2030 and Beyond. The compliance function is uniquely situated to lead the management of risk going forward, and in this book, I provide every compliance professional with key tactics, concepts, and strategies to move forward with GenAI today to answer the call to Up Your Game. Each chapter is dedicated to one area of a compliance program: risk management, third parties, training, chatbots, and embedded compliance. I provide key lessons for compliance professionals in each chapter and a case study on how one or more companies have created GenAI tools that can be adapted for compliance. Each one of these strategies meets Hahn’s precept to enhance business value.

I  interviewed some of the top thinkers on GenAI in the compliance field for this book. Contributors included Vincent Walden, CEO of konaAI, a global, AI-driven technology company focused on anti-fraud, anti-corruption, and compliance risks. Matt Galvin, co-founder of Gentic Global Advisors. Carl Hanh, co-founder of Gentic Global Advisors. Dr. Hemma Lomax, Deputy General Counsel, Vice President, Global Head of Ethics and Compliance at Docusign. Jag Lamba is the founder and CEO of Certa. Eric Sydell is a co-founder and CEO of Vero AI.

I hope you check out the book and use it as a basis for Upping Your Game going forward. KonaAI, a leading data analytics firm, sponsored this book.

You can purchase a copy of the book on Amazon.com.

Categories
Compliance and AI

Compliance and AI: Harnessing AI and Innovation: A Deep Dive into Compliance and Disruption with Jag Lamba

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These are but three questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom is joined by Jag Lamba for a discussion on the intersection of innovation and disruption.

Jag frames his thoughts on disruption through theories from Clayton Christensen and practical examples from ventures like Tesla. They explore how these concepts translate to the compliance world, particularly through the lens of artificial intelligence. Jag elaborates on the role of generative AI in streamlining third-party risk management, from data gathering to ongoing monitoring. He shares insights on embedding compliance into core business processes, reducing friction, and creating commercial value, highlighting success stories and future potential. They look into the use of RegTech for policy management and regulatory updates, emphasizing the importance of automation for modern compliance frameworks. The podcast showcases how AI can transform compliance from a costly necessity to a strategic asset that drives business efficiency and growth.

Key highlights:

  • Understanding Disruption and Innovation
  • Elon Musk’s Approach to Innovation
  • AI in Third Party Risk Management
  • The Value of AI in Compliance
  • RegTech for Automated Compliance
  • Embedding Compliance into Business Processes

Resources:

Jag Lamba on LinkedIn

Certa AI 

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
FCPA Compliance Report

FCPA Compliance Report – Jag Lamba on Navigating Compliance Challenges in a Rapidly Changing World

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast on compliance. In this episode, Tom welcomes Jag Lamba, CEO of Certa.AI, the podcast’s sponsor.

We look at the recent events involving economic and trade sanctions levied on Colombia (now withdrawn) and the announcement of DeepSeek as a cost-effective competitor to ChatGPT in the AI space to discuss how quickly your risks can change. We overlay this discussion through the lens of the DOJ’s 2024 Update on the Evaluation of Corporate Compliance Programs (2024 ECCP). Jag provides insights on how compliance officers can proactively manage risk amidst rapidly changing global landscapes by ensuring their programs are well-designed, adequately resourced, and effective. Key takeaways include the importance of data, controls, and technology in building robust compliance frameworks and using business impact and ROI to secure necessary resources.

Key highlights:

  • Current Events Impacting Compliance
  • 2024 ECCP-Designing a Well-Structured Compliance Program
  • 2024 ECCP-Adequate Resourcing for Compliance Programs
  • 2024 ECCP: Effectiveness of Compliance Programs in Practice
  • Proactive Risk Management Strategies
  • Export Controls and Compliance Challenges

Resources:

Jag Lamba on LinkedIn

Certa.ai

Categories
FCPA Compliance Report

FCPA Compliance Report: Jag Lamba on Integrating AI with Existing Compliance Systems

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this edition of the FCPA Compliance Report, Tom Fox welcomes back Jag Lamba from Certa AI, the sponsor of this podcast, to consider the integration of AI into your overall compliance framework.

Our discussion emphasizes the importance of using great software to effectively integrate AI into existing processes, systems, and teams. For successful implementation, the software should be both flexible and scalable to suit different organizational needs and volumes. Moreover, the incorporation of guardrails is crucial in areas like third-party compliance due to AI being a relatively new technology. These guardrails function as a framework to prevent excessive autonomy, similar to the limitations set on a new coworker. It is fascinating to look at the cutting-edge use of AI in compliance.

 

Highlights in this Episode:

  • Integrating AI with Existing Systems
  • The Human in the Loop
  • Flexibility and Scalability in Software
  • Key Elements: Guardrails in AI

Resources:

Jag Lamba on LinkedIn

Certa.AI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Innovation in Compliance – Jag Lamba on Simplifying Data Analysis with AI

Innovation comes in many areas and compliance professionals need to not only be ready for it but also embrace it. One of those areas is telehealth and telemedicine. My guest in this episode is Jag Lamba, founder and CEO of Certa.

Jag Lamba, the CEO and founder of Certa, is an engineering expert who has led his team in developing AI tools for streamlining procurement and compliance processes. Lamba’s perspective on these tools is that they are a game changer, particularly for non-procurement users who often struggle with navigating new tools and forms. To address this, Certa has integrated an email chat bot for request intake, making the process more user-friendly and familiar. Lamba believes that this approach will result in increased buy-in from business users and improved efficiency in procurement and compliance processes. His dedication to solving real problems with AI sets Certa apart as a leader in the industry. Join Tom Fox and Jag Lamba on this episode of Innovation in Compliance to learn more about Lamba’s innovative approach to streamlining procurement and compliance processes.

Key Highlights:

  • Streamlined AI Design with Natural Language
  • Enhancing Organizational Agility with Certa Assist
  • Instant Report Generation with Insights AI
  • Email Chat Bot for Simplified Request Intake

Resources:

Jag Lamba on LinkedIn

Certa

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Jag Lamba on Revolutionizing Procurement and Compliance Processes

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, This podcast features an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode. Today, I visited Jag Lamba, founder and CEO of Certa, on Certa tools, which facilitate data-driven compliance.

Jag emphasizes the importance of solving real-existing problems with AI. Certa’s AI tools are designed to address tangible challenges faced by clients rather than being mere marketing buzzwords. Lamba highlights the increasing dynamism in procurement and the prevalence of supply chain disruptions, especially in the wake of the pandemic and geopolitical issues. The agility provided by Certa’s AI tools becomes crucial in such scenarios, enabling organizations to navigate these challenges effectively.

The impact of Certa’s AI tools goes beyond streamlining processes. Lamba emphasizes that digitization and automation not only enhance efficiency but also enable organizations to be more agile and responsive to changing requirements. By digitizing processes related to compliance, procurement, or environmental, social, and governance (ESG) initiatives, organizations can identify opportunities for improvement and drive better business processes and controls. This not only benefits the organization as a whole but also enhances the standing of the individuals responsible for managing these processes within the firm.

Resources:

Jag Lamba on LinkedIn

Certa

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance and AI

Compliance and AI: Jag Lamba – Certa’s AI Tools for Streamlining Procurement and Compliance Processes

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this exciting new podcast series, Compliance and AI. Hosted by Tom Fox, the award-winning Voice of Compliance, this podcast will look at how AI will impact compliance programs into the next decade and beyond. If you want to find out why the future is now, join Tom Fox on this journey to the frontiers of AI. Today, Tom hosts Jag Lamba, founder and CEO of Certa, on their new AI-based tool, Design AI.

In today’s rapidly evolving business landscape, organizations are constantly seeking ways to enhance efficiency and agility in their procurement and compliance processes. The emergence of artificial intelligence (AI) has provided new opportunities to streamline these operations and respond effectively to supply chain disruptions and compliance requirements. Certa, a leading provider of AI-powered solutions, has developed innovative tools that aim to address these challenges and revolutionize the way organizations manage their procurement and compliance functions.

One of Certa’s flagship AI tools is Design AI, which allows customers to design and edit workflows and integrations using natural language. This eliminates the need for technical expertise, making it easier for organizations to create and digitize new workflows or modify existing ones. With Design AI, customers can simply express their requirements in plain English, and Certa’s AI technology will generate the necessary questionnaires, workflows, and integrations based on their specific needs. This empowers organizations to quickly adapt and optimize their processes, ensuring they remain agile in the face of dynamic procurement and compliance landscapes.

Resources:

Jag Lamba on LinkedIn

Certa

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Leveraging Technology in Third-Party Risk Management with Jag Lamba and Jared Ezzell

Jag Lamba and Jared Ezzell from Certa, join Tom Fox on the Innovation In Compliance podcast to explore the essential elements of a thriving third-party risk management program. They emphasize the significance of minimizing reliance on third-party self-disclosures by utilizing technology and data. They also highlight the importance of integrating due diligence, training, and ongoing monitoring to create a comprehensive approach to risk management. The conversation extends to payment controls, charitable donations, and the integration of the program into the overall third-party risk management lifecycle. 

Jag is the founder and CEO of Certa. Jared Ezzell is the Chief Customer Officer. Certa is a third-party lifecycle management platform for procurement, compliance, and ESG. Their no-code platform provides an easy and efficient way to digitize and manage the lifecycle of all suppliers, partners, and customers. Certa’s automated onboarding, contract lifecycle management, and ESG management eliminate the procurement bottleneck, allowing companies to onboard third parties three times faster. With their cutting-edge technology, Certa is transforming the way businesses manage their third-party relationships, ensuring compliance and sustainability at every step.

 

Here are some key points Tom, Jag, and Jared talk about:

  • Jared talks about his professional background and his role at the company Certa, their products, and their customers. 
  • The hallmark of an effective anti-bribery and anti-corruption compliance program is the concept of risk assessment.
  • Jared discusses the nine elements developed by Certa for an effective compliance program.
  • The three dimensions of a complete solution for compliance risk management are full spectrum risk management, the full life cycle of the third party, and the full spectrum of third parties.
  • A successful technology transformation project should be a modular rollout, with a focus on solving the highest pain point within three months and continuously phasing the rollout to avoid becoming overwhelmed.
  • Jag and Jared clarify that while the company doesn’t play the role of creating the documentation, they provide input and help evidence the client’s defensible positioning in support of the client’s policies.
  • Jag tells Tom that the ongoing monitoring of third-party relationships requires companies to have data sources and processes in place, have a controls framework to act on information, and automate controls to handle egregious alerts.

 

KEY QUOTE:

“The ability to systematically enforce payment controls is a key common practice in successful third-party risk management.” – Jared Ezzell

 

Resources:

Jag Lamba on LinkedIn | Twitter 

Jared Ezzell on LinkedIn 

Certa