Tag: Risk Assessments

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 18 – Risk Assessments

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 18 episode, we discuss the essential role of risk assessments in anti-corruption compliance programs.

Key highlights:

  • The Importance of Regular Risk Assessments
  • Methodologies for Risk Assessment
  • Steps in Conducting a Risk Assessment

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
ACI FCPA Conference 2025

ACI-FCPA Conference Speaker Preview Series – Anik Shah on Lawyering Through These Uncertain Times

In this episode of the ACI-FCPA and Global Anti-Corruption Conference Speaker Podcasts series, Anik Shah discusses his panel at the event, “Lawyering Through Uncertainty: The New Reality of Advising Clients and Making Decisions in Unchartered Territory.”

Some of the issues the panel will discuss are:

  • Navigating current client dilemmas;
  • Risk Assessments and Internal Investigations;
  • Recalibrating your compliance program for 2026 and beyond.

I hope you can join me at the ACI–FCPA Conference. This year’s event will take place on December 3-4 at the Gaylord National Resort & Convention Center in National Harbor, Maryland, near Washington, D.C. The lineup of this year’s event is simply first-rate, featuring some of the top FCPA professionals, white-collar attorneys, and compliance practitioners in the field.

The 2025 program is being completely redesigned to help your organization stay agile, responsive, and ahead of the curve. Expect a dynamic agenda shaped by real-world priorities, practical takeaways, and the most cutting-edge thinking in compliance—led by a faculty of global practitioners with boots on the ground, encountering the very risks that come across your desk.

Please join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount by using the code D10-999-CPN26.

Categories
Great Women in Compliance

Great Woman in Compliance – Building Strategic and Effective Risk Assessments

In this episode of the Great Women and Compliance Podcast, co-hosts Hemma Lomax and Lisa Fine discuss the breadth and depth of effective risk assessments with guests Jisha Dymond and Lisa Beth Lentini Walker.  Jisha and Lisa Beth have both worked in highly regulated and high-profile industries. Jisha most recently served as Chief Ethics & Compliance Officer at OneTrust, and Lisa Beth is currently the Deputy General Counsel, Corporate Legal, and Assistant Secretary at Marqeta, as well as the CEO and Founder of Lumen Worldwide Endeavors.

They discuss various aspects of assessing risk and how to align the needs best for your compliance risk assessments with other functions to develop strategic and holistic approaches that influence organizational direction. The discussion touches on the importance of cross-functional collaboration, effective use of data and AI, and practical steps for implementing comprehensive risk management processes.

Key highlights include:

  • Holistic vs. Compliance Risk Assessments
  • Engaging Key Stakeholders
  • Building Trust and Cross-functional Collaboration 
  • Data-Driven Risk Assessments
  • The Role of AI in Risk Management
Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 49 – Compliance, Controls, and Cosmic Risks: What Return to Tomorrow Teaches About Risk Assessments

Few episodes of Star Trek TOS capture the perils and promise of risk assessments like “Return to Tomorrow,” the classic second-season adventure where Kirk and his crew face a literal mind-bending dilemma. For compliance professionals, “Return to Tomorrow” offers more than sci-fi drama. It serves as a blueprint for effective risk assessment, rich with lessons for every organization navigating uncertainty.

Lesson 1: Identify and Understand the Full Scope of Risks—Don’t Let Opportunity Blind You

Illustrated By: The crew is awestruck by the possibility of contacting one of the galaxy’s oldest civilizations. Sa

Compliance Lesson: Risk assessments often begin with an exciting opportunity, such as expansion, innovation, new markets, or partnerships. However, in the excitement of the moment, organizations may overlook hidden dangers. Just as the Enterprise crew is dazzled by the promise of ancient knowledge, compliance teams can be swept up by the potential upside of a new venture.

Lesson 2: Involve All Stakeholders in Risk Analysis—Don’t Go It Alone

Illustrated By: Sargon asks for the voluntary use of Kirk, Spock, and Dr. Mulhall’s bodies for his species’ survival. Spock, McCoy, and Mulhall debate the risks, with McCoy especially vocal about the potential dangers to the hosts.

Compliance Lesson: Risk assessments cannot be conducted in a vacuum. Kirk’s leadership shines as he brings together key stakeholders for honest discussion, each bringing their unique expertise, biases, and concerns.

Lesson 3: Evaluate Controls and Safeguards—Trust, but Verify

Illustrated By: The process of transferring Sargon and his companions into human hosts is carefully orchestrated, but Spock, ever the scientist, insists on “fail-safes.

Compliance Lesson: Risk assessment without strong controls is little more than wishful thinking. The Enterprise crew is willing to take calculated risks, but only after establishing controls.

Lesson 4: Beware the Human Element—Risk Changes When Emotions Run High

Illustrated By: Henoch quickly abuses his power, attempting to make the arrangement permanent and manipulating others to his advantage.

Compliance Lesson: Risk assessments that focus solely on systems, processes, or technical controls ignore the most volatile variable of all: people. Henoch’s deception is a vivid reminder that intentions can change, and personal incentives can undermine even the best-laid plans.

Lesson 5: Prepare for Rapid Escalation—Build Resilience into Your Risk Response

Illustrated By: As Henoch’s true motives become clear and the threat to the crew escalates, Kirk, McCoy, and Nurse Chapel must rapidly adapt their strategy.

Compliance Lesson: Even the best risk assessment cannot predict every twist and turn. The ability to respond with agility is what separates organizations that survive crises from those that they undone.

Final ComplianceLog Reflections

Return to Tomorrow” is more than a sci-fi adventure. It is a parable for today’s risk-conscious enterprise. The Enterprise crew faces the unknown not with blind optimism, but with rigor, transparency, and a willingness to confront hard truths. They model a process every compliance professional can adopt:

So, the next time you’re charting your organization’s course through risk, remember: as Captain Kirk once intoned early in this episode, “Risk is our business.” For the compliance

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Red Flags Rising

Red Flags Rising: S01 E06 – FRESH LOOKS – Export Controls Risk Assessments

Mike & Brent return to their prior “Fresh Looks” series to highlight their September 28, 2023, post on NYU Law School’s Program on Corporate Compliance & Enforcement blog, Know Your Customer, But Also Yourself: A Fresh Look at Sanctions & Export Controls Risk Assessments in the Era of the “New FCPA.” Mike & Brent discuss the post’s inspiration (01:22), the importance of conducting risk assessments that are both holistic and dynamic (03:20), how such risk assessments help companies and internal trade compliance professionals (07:44), the collective knowledge doctrine (09:41), the importance of the “battlefield effect” (10:22), the role for boards of directors and c-suite management (13:41), and conclude with the next installment of Brent Carlson’s popular segment, “Managing-Up” (17:30).

Resources:

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 18 – Risk Assessments

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

In this episode, we discuss the essential role of risk assessments in anti-corruption compliance programs. A well-structured risk assessment forms the foundation of every corporate compliance program. We explore how organizations should identify, assess, and define their risk profiles, emphasizing the need for annual risk assessments whenever business risks change. The focus then shifts to geopolitical issues, supply chain dynamics, and evolving work environments and how these should be factored into compliance risk assessments. Historical perspectives from DOJ guidelines and the importance of a robust risk identification, analysis, and management methodology are also discussed. As highlighted, documenting these processes is crucial for developing an effective compliance strategy that evolves with the company’s risk landscape. Finally, the episode outlines the steps to create a comprehensive risk management strategy post-assessment, including policy development, training, monitoring, and updating protocols.

Key highlights:

  • The Importance of Regular Risk Assessments
  • Methodologies for Risk Assessment
  • Steps in Conducting a Risk Assessment

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
Blog

When New Business Risks Emerge: Lessons for Compliance from The Creature from the Black Lagoon

Ed. Note: This week, leading up to Halloween, I will examine lessons for compliance professionals through the lens of the great Universal Movie Monsters: Frankenstein, Wolfman, Dracula, and The Mummy. Today, we consider what compliance needs to do when new business risks emerge through the lens of the 1954 monster movie classic The Creature from the Black Lagoon. 

============================================================

We move from the 1930s to the 1950s to look at the classic horror film The Creature from the Black Lagoon. In this movie, a team of scientists stumbles upon an uncharted and dangerous lagoon in the Amazon rainforest, only to discover the terrifying Gill-man. What starts as a routine scientific expedition quickly becomes a struggle for survival as the group faces an unexpected threat from an unknown entity. As compliance professionals, this scenario is an apt metaphor for when new business risks emerge or your business model changes unexpectedly.

The film offers valuable lessons on preparedness, adaptability, and vigilance in the face of the unknown lessons echoed in the latest guidance from the 2024 Evaluation of Corporate Compliance Programs(2024 ECCP) and commentary from industry experts like Nicole Argentieri. In this post, we will explore what *The Creature from the Black Lagoon* teaches us about managing new business risks, assess the 2024 ECCP’s guidance on this issue, and consider how Principal Deputy Assistant Attorney General Lisa Argentieri’s views on the 2024 ECCP further inform our approach to compliance in a changing business landscape.

Identifying the Uncharted Waters: Recognizing New Risks

The scientists in The Creature from the Black Lagoon ventured into unknown territory, unaware of the dangers lurking beneath the surface. Similarly, when a business undergoes a shift in its business model, whether through entering new markets, launching new products, or facing changes in regulatory environments, new risks can emerge that were previously uncharted. The first step in managing these risks is recognizing them.

The 2024 ECCP stresses the importance of continuously assessing and identifying new risks as part of an effective compliance program. The ECCP notes that businesses should engage in ongoing risk assessments, particularly when significant changes in business operations occur. Compliance officers must have a mechanism to detect these changes early and respond accordingly.

Nicole Argentieri emphasizes this point, highlighting the need for businesses to be proactive rather than reactive. In her commentary on the ECCP, Argentieri notes that one of the key elements of a robust compliance program is its ability to evolve with the business. Companies must quickly recalibrate their risk assessments and compliance strategies when new risks appear. As the film illustrates, failing to anticipate or identify new threats can leave you vulnerable, just as the scientists were unprepared for the dangers in the lagoon.

 Assessing the Threat: The Need for a Swift and Comprehensive Risk Evaluation

Once the scientists in the film realize that the Gill-man is a threat, they must quickly reassess their entire situation. In the corporate world, the appearance of a new risk demands a similar response: swift and comprehensive evaluation. Businesses must assess the immediate risk and its broader implications on the company’s operations, reputation, and compliance obligations.

The 2024 ECCP strongly emphasizes the need for businesses to adapt their risk assessments to reflect changes in operations or the external environment. Whether the company is expanding into a new geographic area, introducing new products, or dealing with changing regulations, the risk landscape will shift. Compliance officers must ensure their risk management frameworks are flexible enough to incorporate these new threats.

Argentieri has noted that when new risks emerge, companies must act swiftly to integrate them into their compliance programs. This involves conducting fresh risk assessments and ensuring that any changes in the business model are reflected in compliance policies, training, and monitoring systems. Like the characters in the film, who adapt their strategies as they learn more about the Gill-man, compliance teams must evolve their strategies based on a full understanding of the new risk landscape.

Adapting Your Strategy: Revising Policies, Procedures, and Controls

The central characters in The Creature from the Black Lagoon must quickly adapt their approach to survive. Similarly, when new business risks arise, compliance officers must reevaluate and adjust existing policies, procedures, and internal controls. The 2024 ECCP clearly states that policies and controls should not remain static. Instead, they must be revised to reflect the changing nature of business operations and risks.

When your business model changes, you cannot assume that your existing compliance framework will continue to be effective. For example, expanding into new geographic regions may introduce new risks related to anti-bribery and corruption (ABAC), data privacy, or supply chain integrity. New product offerings bring consumer protection, product safety, or intellectual property risks to the forefront. The ECCP recommends reviewing and updating your internal controls, third-party risk management processes, and compliance training to ensure that all aspects of your compliance program remain relevant.

Argentieri’s analysis of the 2024 ECCP reinforces this point. She has argued that businesses must build dynamic and agile compliance programs. The compliance function should be involved in key decision-making processes as the business grows and changes. When new risks emerge, the compliance department must be ready to overhaul procedures and policies swiftly. This could mean expanding due diligence efforts, revising conflict-of-interest policies, or rolling out new training programs to address the specific nature of the risk.

Vigilance and Monitoring: Ongoing Risk Management

In The Creature from the Black Lagoon, the characters must always stay vigilant to avoid the creature’s attacks. When new risks emerge, businesses must maintain a heightened level of vigilance through ongoing monitoring and testing of their compliance programs. The 2024 ECCP underscores the importance of regular monitoring to ensure compliance programs work as intended, especially in the face of new business risks.

The ECCP recommends incorporating data analytics and other technological tools to monitor compliance activities in real-time. For example, if your business is expanding into new regions, you may want to enhance monitoring of third-party relationships in those areas to ensure compliance with local laws and regulations. Continuous monitoring allows businesses to spot emerging risks early and respond before they become critical issues.

Argentieri has highlighted the need for compliance professionals to stay engaged with the business as it evolves. She suggests that compliance officers must work closely with business leaders to understand the company’s strategic direction and anticipate new risks before they fully materialize. Compliance professionals can avoid potential threats by actively participating in business discussions and decision-making and adjusting their monitoring programs accordingly.

Training and Communication: Keeping Everyone in the Loop

In the film, survival depends on everyone being aware of the danger and working together to manage it. Similarly, once new risks have been identified, ensuring that all employees, from the C-suite to the front lines, are informed and equipped to handle them is essential. The 2024 ECCP stresses the importance of communication and training as key components of an effective compliance program, especially when new risks are introduced.

When a business model changes or a new risk emerges, compliance officers must update training programs to reflect these developments. Employees should understand the nature of the new risks and how to navigate them within the company’s compliance framework. Regular communication from leadership about the importance of compliance and the role employees play in managing risk is critical for building a culture of compliance.

Argentieri has noted that training should be tailored to address the risks that have arisen. For example, if a company is entering a market with heightened anti-corruption risks, the compliance training should focus on identifying red flags for bribery and navigating local regulatory requirements. Just as the characters in The Creature from the Black Lagoon needed to work as a team to survive, businesses must ensure everyone is on the same page when managing new risks.

The lessons from The Creature from the Black Lagoon offer valuable insights for today’s compliance professionals. When faced with new and unforeseen threats, quickly adapting and responding is crucial for survival. The 2024 ECCP reinforces this need for agility, emphasizing the importance of ongoing risk assessments, the revision of policies and procedures, and vigilant monitoring.

Nicole Argentieri’s commentary on the ECCP provides further guidance, urging companies to build compliance programs that can evolve in real-time with the business. Just as the characters in the film had to adapt to survive, compliance officers must ensure their programs are flexible enough to respond to new risks and changing business models. By staying alert, adapting quickly, and fostering a culture of compliance, businesses can navigate uncharted waters and emerge stronger on the other side.

Join us tomorrow, where we will consider the 1954 movie version of The Creature from the Black Lagoon and how companies must assess and manage new and emerging risks.

Categories
Compliance Into the Weeds

Compliance into The Weeds: The Complexity of Risk Assessments

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.

Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom and Matt take a deep dive into the variables a compliance professional should consider when performing a risk assessment. We also say a few words about our experiences in the total solar eclipse of April 8.

Risk assessments in compliance encompass the careful evaluation of both external and internal risks, necessitating a carefully planned process for overseeing various risk assessments within a company. This task, while intricate and often challenging, is a crucial aspect of compliance.

Fox emphasizes the necessity of precisely defining the scope of risk assessments, which could involve assessing external threats, internal controls, or both. He proposes that companies could benefit from the guidance of internal audits, external consultants, or professional service firms.

Similarly, Matt acknowledges its complex and challenging nature. Kelly underscores the importance of a disciplined, coherent approach to managing risk assessments across different parts of an organization, suggesting the possibility of involving assistance from third-party firms or internal audit teams.

Both Fox and Kelly’s perspectives underscore the importance of strategic planning, effective management, and possible external input in conducting risk assessments in compliance programs.

Key Highlights:

  • Comprehensive Approach to Conducting Risk Assessments
  • Collaborative Risk Assessment for Compliance Optimization
  • Enhancing Compliance through Internal Control Testing
  • Strategic Integration of Compliance in Enterprise Risk
  • Celestial Event Viewing: The Influence of Clouds

Resources:

Matt on Radical Compliance

 Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance – Christina Marshall on Global Compliance Leadership

Welcome to the Great Women in Compliance Podcast. In this episode, we visit Christina Marshall, an experienced ethics and compliance leader with extensive experience working with US and foreign regulators. Her expertise is in fraud and corruption investigations, risk assessments, and operationalizing compliance in complex global organizations. She currently leads the Oracle EMEA Compliance team, which is responsible for driving compliance through Europe, the Middle East, and Africa. She is a US-trained litigator with a Juris Doctor from Fordham University School of Law.

Christina has worked in private practice as well as as a senior counsel within the Division of Enforcement at the Securities Exchange Commission, which is responsible for investigating violations of the FCPA. Her extensive experience also includes teaching as a professor of Securities Regulation, White Collar Crime, Corporations and American Law. Based on her extensive experience, Christina is highly skilled in investigating procurement fraud, money laundering, and corruption, leading risk assessments, and creating preventative compliance practices.

Christina’s perspective on compliance best practices is that it should function as a partnership with the business, focusing significantly on transparency and support for business leaders, rather than acting as the ‘police’. Her knowledge in this area has been shaped by her prior experience at the US Securities and Exchange Commission’s Division of Enforcement and her extensive engagement with regulators worldwide. Additionally, her time spent teaching law in Russia has enriched her global perspective. She emphasizes the necessity of involving business partners in risk mitigation, with an emphasis on fostering trust and respect, particularly during challenging investigations.

Key Highlights:

  • Collaborative Approach to Achieving Compliance Goals
  • Efficient Risk Management Through Practical Prioritization
  • Fostering Trust Through Investigative Transparency
  • Encouraging Curiosity and Open Communication Culture
  • Global Compliance Strategies in Multinational Operations
  • Tailoring Compliance Programs for Regional Teams
  • Enhancing Compliance Practices Through Root Cause Analysis
  • Enhancing Efficiency Through Clear Communication

Resources:

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Week Conference Podcast

Compliance Week 2024 Speaker Preview Podcasts – Elizabeth Simon on More Holistic Risk Assessments

In this episode of the Compliance Week 2024 Speaker Preview Podcasts series, Elizabeth Simon discusses her panel presentation at Compliance Week 2024, “Innovative Approaches to Enterprise Risk Assessments.” Some of the issues she and her colleagues will discuss in this podcast and her presentation are:

  • How compliance can help the entire business mitigate risk
  • How to take a holistic approach to enterprise risk management
  • Seeing old friends, making new ones, and learning about new best practices at Compliance Week 2024

I hope you can join me at Compliance Week 2024. This year’s event will be held April 2-4 at the Westin Washington, DC, Downtown. The line-up is first-rate, with some top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 19th year, join 500+ compliance, ethics, legal, and audit professionals who gather to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. Compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs, among many others, to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders, and ethics and compliance visionaries.
  • Hear from 80+ respected cross-industry practitioners, including CEOs, CCOs, regulators, federal officials, and practitioners, to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from panels on leadership, fraud detection, confronting regulatory change, abiding by cross-border rules and regulations, and the always-favorite fireside chats.
  • Bring actionable takeaways from various session types, including cyber, AI, Compliance, Board obligations, data-driven compliance, and many others, to your program for you to listen, learn, and share.
  • Compliance Week aims to arm you with information, strategy, and tactics to transform your organization and career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount on the registration price. Enter the discount code TFOX2024 for $200 off.

The Compliance Podcast Network produces the Compliance Week 2024 Preview Podcast series. Compliance Week sponsors this series.