Tag: Microsoft

Categories
Uncovering Hidden Risks

Ep 11 – Cybersecurity 101: What are the Three Pillars of a Robust Strategy

Cybersecurity is not just a defensive strategy; it can be a powerful driver of an organization’s success. In this episode, host Erica Toelle talks to Nashid Shaker, AVP, Information and Cyber Security Strategy at Canadian Western Bank Financial Group, and Antonio Maio, Managing Director at Protiviti, about how to tactically create a cybersecurity strategy that aligns with business goals, fosters trust, and enables innovation. Nash is an experienced and innovative cybersecurity leader passionate about orchestrating secure digital transformations that fuel growth, leveraging a multidisciplinary background in strategic planning and cybersecurity.

In This Episode, You Will Learn:

  • When it’s time to re-evaluate your cybersecurity strategy
  • What cybersecurity leaders should think about today to prepare for a future that will use AI.
  • Predictions for cybersecurity in the next 2–4 years.

Some Questions We Ask:

  • What is the top risk that organizations tend to overlook?
  • What are some tips for how cybersecurity leaders should engage with the C-suite?
  • Can cybersecurity contribute to an organization’s bottom line or mission?

Resources:

View Nash Shaker on LinkedIn

View Antonio Maio on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:               

Listen to: Afternoon Cyber Tea with Ann Johnson 

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net/

Categories
Daily Compliance News

Daily Compliance News: January 11, 2024 – The SAP Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • FINRA says AI is emerging.  (WSJ)
  • SAP has yet another FCPA enforcement action.  (FCPA Blog)
  • Microsoft OpenAI investment faces EU scrutiny. (Reuters)
  • The SEC approves a new type of Bitcoin fund.  (NYT)
Categories
Daily Compliance News

Daily Compliance News: July 18, 2023 – The Polite to Exit Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories covered in today’s edition:

  • Head of DOJ Criminal Division, Kenneth Polite, to step down. (WSJ)
  • What is risk? (NYT)
  • Microsoft to face EU probe over bundling. (FT)
  • Tesla Directors settle comp suit. (Reuters)
Categories
Uncovering Hidden Risks

Ep 10 – How eDiscovery Can Help You Reduce Data and Risks in Three Steps

Description:

As data volumes continue to balloon, it’s becoming clear that the quickest path to victory does not involve the fewest steps. This month’s episode of Uncovering Hudden Risks explores ways to defensibly move data minimization decisions upstream to collaboratively expedite the eDiscovery process. EJ Bastien, Director of Discovery Programs at Microsoft, joins Erica Toelle and guest host Caitlin Fitzgerald for the discussion. EJ leads the eDiscovery and Litigation Support team at Microsoft. EJ shares his experience using technology to address the challenges of eDiscovery in the modern cloud world and shares some strategies and best practices to help mitigate risk.

In This Episode You Will Learn:

  • Advice for organizations trying to handle the growing amount of new data types
  • Best practices for implementing an effective eDiscovery strategy
  • Why you should be excited about the future of eDiscovery

Some Questions We Ask:

  • What trends are you seeing that are affecting the eDiscovery space?
  • How you are approaching some of the new technology innovations?
  • What benefits are there to using Purview eDiscovery Premium internally at Microsoft?

Resources:

View EJ Bastien on LinkedIn

View Caitlin Fitzgerald on LinkedIn

View Erica Toelle on LinkedIn

Related Microsoft Podcasts:          

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked

Listen to: Security Unlocked: CISO Series with Bret Arsenault

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Categories
Uncovering Hidden Risks

Ep 9 – Don’t Get Caught Unprepared: Three Steps to Manage the Risks of Multicloud

This month’s episode of Uncovering Hidden Risks discusses the risks of running a multicloud strategy and how customers can think about this as they accelerate their digital transformation.

Ashish Kumar, Principal PM Manager at Microsoft, joins Erica Toelle and guest host Daniel Hidalgo on this week’s episode of Uncovering Hidden Risks. Ashish has over 25 years of experience in Engineering, Consulting, and Technology sales, helping businesses build products, increase revenue and market share, enhance branding, and lower operational costs. Ashish discusses the intersection between security and compliance, why knowing your posture is essential, and how we can have a safer digital world. You can also check out Ashish’s book, “Managing Risks in digital transformation.”

In This Episode You Will Learn:

  • The risks involved when you operate a multi-cloud environment
  • The importance of having real-time view of your cloud configuration and associated threats

Some Questions We Ask:

  • What is multi-cloud, and why is it important?
  • Can you share some takeaways for listeners looking to implement a multi-cloud strategy?
  • What is the main difference between hybrid and multi-cloud?

Resources:

View Ashish Kumar on LinkedIn

View Daniel Hidalgo on LinkedIn

View Erica Toelle on LinkedIn

Categories
Uncovering Hidden Risks

Ep 8 – Three Steps to Master Information Governance in Your Organization

Randolph Kahn, a globally recognized leader in information governance and President of Khan Consulting, joins Erica and guest host Natalie Noonan on this week’s episode of Uncovering Hidden Risks. Randolph has been an expert witness in significant court cases and is a trusted advisor to corporations and governmental agencies. He is also an accomplished author, speaker, and adjunct professor of Law and Policy of Electronic Information and The Politics of Information. Randolph and Erica discuss Information Governance and the industry trends they are currently seeing in this space.

In This Episode You Will Learn:

  • How the increase in regulations affects current data management trends
  • Why organizations are suffering information mismanagement failures
  •  If current technology capabilities and functionality are sufficient

Some Questions We Ask:

  • What requirements are important for information governance?
  • Why should organizations take advantage of newer technologies?
  • What’s next after an organization has clearly identified its new requirements?

Resources:

View Randolph Kahn on LinkedIn

View Natalie Noonan on LinkedIn

View Erica Toelle on LinkedIn

Categories
GalloCast

GalloCast – Episode 9, Live at ECI

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight into compliance brought to you by the co-CEOs of Ethico. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the Sunday dinner table. Hosted by Tom Fox, the Voice of Compliance.

In this episode of the GalloCast, the trio discusses some of the most challenging issues companies face regarding ethics and compliance. They start by diving into the recent $767 million fine slapped on British American Tobacco for colluding to sell cigarettes into North Korea, violating sanctions. They debate who should be held accountable for changing a company’s culture, how deep-rooted biases can affect decision-making, and the effectiveness of regulatory enforcement. The discussion covers the intricacies of ethics in different business models, including distributor and commissioned sales agent models. They also discuss the risks and benefits of a conservative approach and the adaptability of ethics and compliance programs.  The episode concludes by discussing cultural fit in mergers or acquisitions and how finding common ground and preserving distinctness can be accomplished. Don’t miss out on the wealth of insights and practical advice on navigating these challenging issues in the corporate world. Tune in to GalloCast now!

Key Highlights:

  • BAT’s illegal sales to North Korea
  • Determining Right and Wrong in Corporate Decisions
  • Balancing Values and Profit in Business
  • Balancing Compliance and Ethics Programs
  • Adapting Ethics & Compliance Programs
  • Ethics and Compliance Teams in Companies
  • Dangers of Groupthink in Decision-Making
  • Culture’s Role in Business Mergers and Acquisitions
  • Cultural Integration in Mergers & Acquisitions

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

Categories
Corruption, Crime and Compliance

Microsoft Pays OFAC and BIS Over $3.3 Million to Settle OFAC Sanctions Violations

Microsoft recently paid over $3 million for multiple sanctions violations involving illegal exports of services and software to sanctioned jurisdictions. The violations spanned seven years and involved prohibited Russian entities or persons located in the Crimea region of Ukraine. However, what makes this case particularly intriguing is the remedial actions taken by Microsoft, which offer best practices and insights into what can be done when resources are available. In this week’s episode of Corruption, Crime, and Compliance, Michael Volkov takes a deep dive into the Microsoft OFAC enforcement action.

He discusses these ideas:

  • Microsoft committed 1339 transactions in violation of multiple sanctions programs over seven years, totaling over $12 million worth of sales and services.
  • Violations included the sale of software licenses and the provision of related services from servers and systems located in the US and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.
  • The violations were due to Microsoft’s failure to obtain complete or accurate information on the identities of end customers and shortcomings in its restricted party screening. At times, Microsoft Russia employees intentionally circumvented Microsoft screening controls to prevent other Microsoft affiliates from knowing the identity of the ultimate end customers.
  • Microsoft’s significant remedial measures included enhancing its trade compliance program, improving its governance structure and screening resources, adopting a new three lines of defense model, and conducting a holistic risk assessment to identify and remediate instances of prohibited engagements.
  • Microsoft deployed a multidisciplinary internal investigation team proficient in 16 foreign languages, modified its procedures to respond to matches, and expanded the scope and volume of data screened.
  • “Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with risk.” 
  • Companies should consider conducting a holistic risk assessment to identify and remediate prohibited engagements and ensure that employees adhere to the sanctions compliance program.
  • OFAC emphasized that companies conducting business through foreign-based subsidiaries, distributors, and resellers should have sufficient visibility into their end-users, including through the provision of services after an initial sale.

 

KEY QUOTES:

“Now, when Microsoft supported these third party sales to prohibited parties, they provided prohibited software and services to SDNs and end customers in sanctioned jurisdictions and the violations occurred. The root cause really was because Microsoft did not have complete or accurate information on the identities of the end customers for Microsoft’s products.” – Michael Volkov

 

“Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with that risk and leverage in appropriate technological compliance solutions.” – Michael Volkov

 

“Testing or auditing, whether conducted on a specific element of a compliance program or enterprise wide level, are important tools to ensure that the program is working as designed and weaknesses are promptly remediated.” – Michael Volkov

 

Resources:

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

 

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 4

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in their podcast, 2 Gurus Talk Compliance, as they tackle topics on behavior economics, OFAC settlement lessons, the importance of the user experience in compliance policy creation, and more. They also discuss incorporating behavioral sciences into compliance strategies and the exciting changes in compliance consulting services. With their expertise, they share insights on how data, behavioral science, and innovative approaches can improve compliance programs, business processes, and profitability.

 

Listen as they provide valuable insights on understanding culture by starting a dialogue and the importance of finding someone to give a narrative to. Lastly, they discuss the challenge of bribery and corruption and the need for compliance professionals to be innovative, accept failures, and be comfortable with experimentation. Take advantage of this exciting and informative podcast episode from two renowned compliance experts, Tom Fox and Kristy Grant-Hart.

Highlights Include:

·      Evolution of Corporate Ethics and Compliance Programs

·      Microsoft OFAC Settlement

·      Irritating Emails

·      Behavioral Science in Compliance

·      Messaging Apps and Dept. of Business Denial

·      FTX and its (lack of) Internal Controls

 Notable Quotes

1.      “I don’t want to say the traditional tools are limited, but we’ve really evolved past them.”

2.     When they were specifically talking about the section on learning and training and talking about that frequently shorter in more bursts, more frequently where the learner gets to decide when and how they learn is really a lot not just with behavioral science, but also with adult learning theory.”

3.     “But again, 1 of the things that are so powerful about the enforcement act is that they tell us what we should be doing.”

4.     “Compliance professionals need to look at their sales models and see if they’re using distributors.”

Resources 

1.     Microsoft’s OFAC Settlement Underscores Important Remedial Measures

2.     FTX, Multimillion-Dollar Expenses Were Approved by Emoji

3.     Your Email Does Not Constitute My Emergency

4.     New DOJ policies about messaging apps and clawbacks threaten compliance departments’ standing

Connect with Kristy Grant-Hart on LinkedIn

Spark ComplianceConsulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

Microsoft OFAC Enforcement Action

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. In this episode, join Tom and Matt as they delve into Microsoft’s recent sanctions enforcement action with OFAC. They explore what went wrong and how to avoid costly compliance failures, from potential red flags to reseller relationships. But it’s not all doom and gloom as they discuss how Microsoft implemented three lines of defense model for sanctions compliance, setting a benchmark for the industry. With Tom and Matt going into the weeds on the importance of centralization and persistent screening technology, this podcast is a must-listen for any compliance officer looking to stay ahead of the curve. Tune in now to find out more!” 

Key Highlights 

·      Sanctions compliance case involving Microsoft

·      Microsoft’s Sanctions Compliance Model

·      Microsoft’s Sanctions Compliance Program Remediation

·      Sanctions Compliance and OFAC Guidance

·      Impact of Russia invasion on Microsoft operations

 Notable Quote:

“It’s well worth giving the case a good look. So it was, I thought, a great lesson on resellers and the way the hardware and software industry did business.”?

 Resources

Matt  on LinkedIn

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn