Categories
Blog

Leveraging Technology for Culture Monitoring

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of corporate compliance enforcement action. In this Part 4, we consider review how to monitor your culture risk  strategy for effectiveness with Michael Parker.

Michael Parker is a seasoned compliance professional with extensive experience in cultivating and sustaining a compliance culture within businesses. He asserts that there is no universal approach to establishing a compliance culture, emphasizing the necessity of providing options and guidance to employees, rather than merely imposing rules. Parker underscores the importance of continuous engagement and communication in managing compliance culture risks, and the crucial role of leadership in setting the tone for compliance and fostering an ethical culture throughout the organization. He also acknowledges the significance of incentives in promoting compliance, but stresses that the approach to incentivizing employees should be customized to individual circumstances and should include a clear understanding of the consequences of non-compliance.

Leadership plays a pivotal role in fostering a culture of compliance. Executives must lead by example and embody the organization’s mission and values. As Michael Parker emphasizes, it is not just about telling employees what to do but guiding them towards making the right decisions. Providing options and knowledge is essential, as people may unknowingly make decisions that go against policies or regulations due to a lack of information.

To ensure ongoing engagement, businesses should view compliance as an ongoing process rather than a one-time activity. This approach involves continuous listening and asking for feedback from employees. It is important to provide guidance rather than just guidelines, helping individuals understand the purpose behind compliance policies. By championing the organization’s values and mission, leadership can create a trickle-down effect, encouraging employees to align their actions with the desired culture.

Incentives also play a significant role in promoting compliance. Just as third parties have an incentive to complete certifications and engage in compliance efforts to do business with a company, employees have a vested interest in working for an organization that upholds ethical standards. By aligning incentives with compliance initiatives, businesses can motivate employees to actively participate in maintaining a compliance culture.

Technology can be a valuable tool in monitoring and educating employees about compliance. Micro-learning courses, compliance training videos, quizzes, and surveys can be used to deliver targeted and concise information. Short videos with quizzes can help raise awareness and educate employees on compliance topics. Surveys, when kept short and incentivized, can provide valuable insights into the effectiveness of compliance efforts and help measure the culture of compliance within the organization.

Tracking and storing compliance-related information is essential for transparency and visibility. Utilizing applications with dashboards can help businesses monitor engagement, track completion rates of training videos, and collect survey responses. This data can provide compliance officers with valuable information for ongoing monitoring and identifying areas that require additional training or education.

I believe the key is in viewing culture as a risk and applying risk management principles to assess and monitor compliance efforts. By treating culture as a risk, businesses can assess their compliance risk, identify gaps, and remediate as necessary. This approach allows for a systematic and proactive approach to managing compliance culture.

However, creating and maintaining a compliance culture is not without its challenges. Compliance fatigue can occur if communication and education efforts become overwhelming or burdensome. To combat this, shorter and more interactive methods, such as micro-learning and office hours, can be implemented. These shorter bursts of information align with today’s culture of brief and engaging content, making compliance education more accessible and less burdensome.

In conclusion, creating and maintaining a compliance culture in businesses requires a multifaceted approach. Leadership must champion the organization’s values and mission, while incentives and technology can motivate and educate employees. Viewing culture as a risk and applying risk management principles can help businesses assess and monitor their compliance efforts. By considering the impact on employees and adapting communication and education methods to align with today’s culture, businesses can foster a strong compliance culture that promotes ethical behavior and regulatory adherence.

Join us tomorrow where we explore the continuous improvement of corporate culture.

Tune into Michael Parker on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 4 – Michael Parker on Monitoring Culture

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia in this series. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 4, we visit with Michael Parker to discuss a strategy to monitor your culture in the future.

Michael Parker is a seasoned compliance professional with extensive experience cultivating and sustaining a business compliance culture. He does not believe there is a one-stop,  universal approach to establishing a compliance culture, emphasizing the necessity of providing options and guidance to employees rather than merely imposing rules. Michael underscores the importance of continuous engagement and communication in managing compliance culture risks and the crucial role of leadership in setting the tone for compliance and fostering an ethical culture throughout the organization. He also acknowledges the significance of incentives in promoting compliance. Still, he stresses that incentivizing employees should be customized to individual circumstances and include a clear understanding of the consequences of non-compliance. Join Tom Fox and Michael Parker as they delve deeper into how to monitor your compliance program after you have created a culture management strategy in this episode of Unlocking Success: The Crucial Role of Culture in Compliance Best Practices podcast episode.

Key Highlights: 

  • Building a Compliance-Focused Leadership Culture
  • Leveraging Technology for Compliance Monitoring and Training
  • Driving Compliance Culture Through Executive Leadership

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com.

 Join us tomorrow in our concluding episode, where we continuously consider how to improve culture in the future.

Categories
Innovation in Compliance

Third-Party Management: A Risk-Based Approach – Part 1: Michael Parker on Risk Mitigation

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Consulting and Advisory Services; Stephanie Font, Director, Operations Optimization Group; Kairi Isse, Group Manager of Managed Services Group, Productions; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 1, I visit with Michael Parker on the need for risk mitigation to bring a third party into a relationship with your organization.

Parker has worked in the compliance arena for six years, learning from his experience in government and tech. For a compliance program to be successful, executive leadership must also have a Board of Directors buy-in for oversight. A third-party risk management platform aims to protect the business’s assets and create a single source of truth. Through such a mechanism, third parties can be screened for anti-bribery, anti-corruption, human trafficking, and much more. The Board needs visibility to make decisions and an audit log to show activity and diligence if ever needed. It is critical for all compliance functions to stay up to date with regulations and keep their third-party platform consistently updated.

Key Highlights

  • How can a risk-based approach, coupled with a single source of truth and a robust platform, help protect business assets and comply with changing regulations?
  • What is the German Supply Chain Act, and how can companies ensure compliance related to human trafficking and human slavery?
  • How can companies use visual analytics to gain insights into their risk-based approach and show evidence of due diligence in the face of an audit?

Notable Quotes

  1. “Companies don’t do bad things; people do. And as people do, the regulatory landscape changes and can change quickly. So keeping up with those changes is critical to protecting your assets and mitigating risk.”
  2. “We need to increase our defensibility and audibility if somebody comes knocking; we can show and illustrate that we have done our due diligence to mitigate any risk of doing business with this third party.”
  3. “Companies don’t do bad things; people do.”
  4. “Put a platform in place that is robust lends itself to a number of different benefits.”

 Resources

Michael Parker on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program-Risk Mitigation

With the ever-changing landscape of regulations and laws, it is becoming increasingly difficult for companies to keep up and remain compliant. In this 5-part blog post series, sponsored by Diligent, I will consider the full range of third-party risk management. Today, we consider the risk mitigation and I visit with Michael Parker, Director of Advisory and Consulting Services for Diligent, to discuss how to approach the Board of Directors around the crucial issue of third-party risk management and risk mitigation. Parker has been in the compliance industry for six years and has experience working with the Department of Homeland Security, Apple Computer, and over 300 clients in the compliance and legal space.

Parker dives into how Diligent’s platform helps companies assess risk and comply with compliance laws such as the FCPA, UK Modern Slavery Act, Uyghur Forced Labor Prevention Act and more. Join us in this five-part series to learn how Diligent’s platform can help reduce risk and ensure compliance.

Here are the steps you need to follow to also get risk mitigation:

  1. Screening – Screening for anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc.
  2. Risk-Based Approach – Evaluating the dossier of information to lead to a decision to approve or deny doing business with the third party.
  3. Documentation – Documenting activities, notes, attachments, and actions taken to show due diligence was done to mitigate risk.

Screening – Screening for anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc.

Screening is an essential first step in anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc. The process begins by collecting and inputting data into a single source of truth platform such as Diligent’s Third Party Risk Management System. This platform allows for a risk-based approach to screening, in which the compliance professional can assess the risk of doing business with a third party. This assessment includes screening for anti-bribery and anti-corruption, politically exposed persons, state owned entities, watch lists, and embargoes, as well as more recent regulations such as the German Supply Chain Act and the UK Modern Slavery Act. It also provides the ability to document and audit activities, allowing for better visibility and accountability from an internal and external perspective. Finally, the platform is constantly updated to ensure that it is compliant with any new laws or regulations that are implemented.

Risk-Based Approach – Evaluating the dossier of information to lead to a decision to approve or deny doing business with the third party.

The second step in the third-party risk management process is to take a risk-based approach in evaluating the dossier of information. This dossier typically includes the results of the screening process, any due diligence questionnaires, and any additional investigations that have been conducted. All these items should be compiled into a single source of truth and reviewed to ensure that the organization has done its due diligence in assessing the third party.

The risk-based approach should be tailored to the specific organization and its risk profile, as well as the specific third-party that they are doing business with. This evaluation should also take into consideration any changes in laws, regulations, and sanctions that may have been recently implemented. The diligence program should also be able to screen for a variety of different risks, such as anti-bribery, anti-corruption, human trafficking, politically exposed persons, state-owned entities, watchlists, and embargoes.

Once the evaluation is complete, the organization should have a clear understanding of the risks associated with doing business with the third party and can make an informed decision as to whether to approve or deny the business relationship. This risk-based approach should be documented for auditability in case of any potential future inquiries or investigations.

Documentation – Documenting activities, notes, attachments, and actions taken to show due diligence was done to mitigate risk.

Documentation is an essential part of risk mitigation and due diligence. It is important to maintain an audit trail of activities, notes, attachments, and actions taken related to third party risk management. This allows companies to easily access information and prove that they have taken the necessary steps to mitigate risk. A platform such as Diligent’s Third Party Risk Manager can be used to keep track of all the necessary documentation. All activities, notes, and attachments can be stored in a single source of truth, which provides visibility and auditability for the board. Additionally, the platform is regularly updated to ensure that it is up to date with the latest regulations and laws. This allows companies to remain compliant and mitigate risk. All these elements come together to form a dossier of information, which can be used to approve or deny business with third parties. Documentation is a key part of any risk management program and is essential for due diligence.

Over this five-part blog post series will explore reprioritizing you third-party risk management program. It is essential to properly evaluate third-party risk and to document all activities, notes, and attachments to remain compliant and mitigate risk. With the right platform and approach, companies can keep up with the ever-changing regulations and laws and protect their businesses from potential issues. With dedication and hard work, business owners can stay ahead of the curve in risk management and compliance.

For more information, check out Diligent here.

Listen to Michael Parker on the podcast series here.