Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.
Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.
Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.
Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
How does the discovery of the Creature from the Black Lagoon guide a compliance professional in managing new and emerging risks?
David Caruso is the founder and managing director of the Dominion Advisory Group, a consulting firm based in Virginia, near the nation’s capital. The firm works with banks facing regulatory enforcement actions across the U.S., Europe, and Asia. David aids institutions and organizations in navigating financial crime risk and compliance modernization globally.
As a former special agent with the US Secret Service and a graduate of George Washington University since 1996, he has been at the forefront of shaping the financial crime risk and compliance profession more generally. Building anti-money laundering (AML) and sanctions compliance programs at banking and financial institutions across the US and internationally, overseeing headline-grabbing corruption and money laundering investigations, and building and selling a RegTech software firm have afforded him an ideal perspective to reflect on every major issue and trend occurring in the financial crime compliance space for the past 25 years.
In this episode of Regulatory Ramblings, David shares his reflections on a nearly three-decade career in AML and financial crime compliance with our host, Ajay Shamdasani.
He recounts having worked at global institutions like JP Morgan, Riggs Bank, Wachovia, Washington Mutual, and HSBC, to name a few. His notable achievements include his time as Riggs Bank’s chief compliance and AML officer.
In that role, he was hired to address some program weaknesses cited by the US Treasury Department’s Office of the Comptroller of the Currency (OCC). While at Riggs, David’s team uncovered two notorious international corruption schemes involving the government of Equatorial Guinea and former Chilean dictator Augusto Pinochet. The team’s work led to investigations by the Department of Justice and the U.S. Senate Permanent Subcommittee on Investigations.
The cases drew worldwide media attention from justice authorities in the US, UK, Spain, and Chile. The facts uncovered by David at Riggs shook US lawmakers and regulators, kicking off 10 years of active regulatory and law enforcement action against banks across the US.
After Riggs, David founded The Dominion Advisory Group in 2005. From his ringside seat near Washington, DC, he works closely with executive management, boards, and outside counsel to craft responses and build entire financial crime risk and compliance programs to address regulatory concerns—of which there has been no shortage in recent years.
David also discusses the allure of AML and financial crime compliance and what brought him to the professional path he has been on for over three decades. Methodologically speaking, he recounts what has changed in AML and financial crime in that time and what has remained the same.
He concurs that since 1970, so many additional requirements and expectations have been created that AML teams still need to catch up on their primary mission. Reflecting on the impact of the Bank Secrecy Act (1970), the USA PATRIOT Act (2001), the Foreign Account Tax Compliance Act (2010), or FATCA, and the more recent Anti Money Laundering Act (2020), he shares his views on how the impact of regulatory action has distracted from compliance professionals’ more critical tasks—with an eye towards how the regulatory exam-focused mindset of money laundering reporting officers (MLROs) affects operations and innovation.
David also depicts the pervasive and ongoing discrepancies between what domestic and international/supernational policy-setting organizations, like the Financial Action Task Force (FATF), based in Paris, say and what they do. He says, “No one wants to ask if new rules and regulations are working and whether they prevent crime or have the unintended consequence of reducing [economic] growth?”
He acknowledges the degree of geopolitical hypocrisy when it comes to AML and financial crime compliance, as well as when it comes to fighting bribery, fraud, and corruption internationally. Washington, New York, London, and Brussels all too often regulated the financial world. Yet, while the US and UK, and increasingly the EU, are some of the most aggressive jurisdictions regarding financial crime enforcement actions, their regulatory apparatus is often used to further their geopolitical goals. It is a view that many outside the West hold.
The conversation concludes with David’s views on why sanctions against Russia stemming from its 2022 invasion of Ukraine have largely been unsuccessful, how technologies such as artificial intelligence can help AML/KYC/FCC compliance, and what policy recommendations he suggests moving forward.
We are bringing you the Regulatory Ramblings podcasts with assistance from the HKU Faculty of Law, the University of Hong Kong’s Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech.
Today, we conclude a multipart blog post series exploring one of the biggest corporate scandals of the 1990s, the Bre-X mining scandal. Our most recent blog post explored the foundational lessons from the Bre-X scandal for today’s compliance professionals, focusing on due diligence, transparency, corporate governance, and more. In today’s concluding blog post, we focus on additional critical areas where compliance officers can play a pivotal role in ensuring organizational integrity. From fostering a strong whistleblowing culture to leveraging modern technologies for continuous monitoring, these strategies will help prevent financial fraud, uphold ethical standards, and do business in compliance into 2024 and beyond.
The Role of Whistleblowing and Ethics Programs
A lack of transparency and accountability within Bre-X contributed to the persistence of fraud for years. If a robust whistleblowing mechanism had been in place, the red flags might have been raised earlier, potentially preventing the massive fallout.
Encouraging Whistleblowing. One of the most critical aspects of modern compliance is creating a culture where employees feel empowered to speak up without fear of retaliation. Compliance officers should focus on building and maintaining secure, confidential channels where employees can report unethical or suspicious activities. A strong whistleblowing framework protects the organization from reputational damage and demonstrates to employees that integrity is a top priority.
Ethics Training. In addition to promoting whistleblowing, regular ethics training can help build a culture of transparency and accountability. Employees must be educated on the importance of ethical decision-making and how their actions contribute to the company’s long-term success. Compliance teams can reinforce the core values of honesty and integrity across the organization through frequent workshops, case studies (including Bre-X), and clear guidance on ethical behavior.
Risk Management and Scenario Planning
The Bre-X scandal is a stark reminder of the importance of comprehensive risk management. The ability to foresee potential risks and prepare accordingly can be the difference between averting a disaster or getting caught in one.
Assessing and Mitigating Risk. Risk management is central to the work of a compliance officer. Rigid risk assessments are non-negotiable in industries like mining—where speculation, large financial stakes, and geographical challenges intersect. Compliance professionals must develop strategies that identify, assess, and mitigate potential risks early, whether they stem from operational, financial, or reputational sources. For instance, resource overestimation, as seen in Bre-X, could have been mitigated with proper checks on geological data and third-party verification.
Scenario Planning. Preparing for various fraud scenarios, including “what if” situations similar to Bre-X, is a valuable exercise. Scenario planning enables organizations to consider how they would respond in the event of fraud or a major compliance breach. Companies should develop detailed crisis management plans, identify key decision-makers, and outline steps for navigating potential crises. In the event of another large-scale scandal, having these contingency plans in place will reduce the organization’s response time and limit damage.
Continuous Controls Monitoring and Auditing
The importance of continuous monitoring cannot be overstated, particularly in industries prone to high levels of fraud, such as mining, finance, or healthcare. Compliance professionals must champion ongoing oversight to ensure early detection of potential issues.
Ongoing Oversight. Continuous auditing of processes and transactions is an effective way to catch problems before they escalate. In the Bre-X case, regular audits of geological sample reporting and financial disclosures could have flagged discrepancies early on. Compliance teams today should implement robust monitoring programs that examine critical areas like financial performance, regulatory adherence, and ethical behavior. Routine audits of key operational processes, especially in high-risk industries, can prevent fraudulent behavior from going undetected.
Use of Technology. The rise of data analytics and artificial intelligence (AI) has transformed the compliance landscape. In 2024, compliance professionals must embrace technology that enhances real-time monitoring capabilities. By leveraging AI and big data, companies can detect anomalies or suspicious activities before they evolve into significant problems. For example, automated systems can track financial reporting patterns or identify irregular resource estimates, helping compliance teams intervene before major fraud occurs.
Global Considerations and Jurisdictional Awareness
In today’s globalized business environment, companies often operate in multiple countries, each with its regulatory requirements. Compliance professionals must stay abreast of international standards and ensure the organization complies with all regions.
Navigating International Regulations. The Bre-X scandal highlighted the complexities of operating in different jurisdictions. While Bre-X was a Canadian company, much of its fraudulent activities occurred in Indonesia, and the regulatory landscape vastly differed between the two countries. In 2024, compliance officers must develop an in-depth understanding of the regulatory environments in each jurisdiction where their company operates. This includes legal compliance and cultural and business norms that could impact operations and risk management strategies.
Cross-Border Cooperation. In an interconnected world, no company is an island. Regulatory bodies across countries are increasingly cooperating on compliance and enforcement efforts, especially in mining, finance, and pharmaceuticals. Building relationships with regulatory agencies in different jurisdictions is vital for compliance professionals. These partnerships can help organizations navigate complex international regulations and stay on top of emerging global compliance trends.
The Bre-X scandal was a watershed moment for the mining industry and for compliance professionals across sectors. The lessons from this case are invaluable in shaping how compliance is approached in 2024. Compliance officers can safeguard their organizations from the devastating consequences of fraud by encouraging a culture of whistleblowing, implementing comprehensive risk management practices, leveraging technology for continuous monitoring, and understanding global regulatory landscapes.
Fraud prevention is a continuous journey that requires vigilance, transparency, and a proactive mindset. Today’s compliance professional’s responsibility is not just to respond to incidents but to anticipate them, fostering a corporate culture prioritizing ethics and accountability at every level. This concludes our series on the Bre-X scandal. By learning from the past, compliance professionals can build a more resilient, transparent future for their organizations.
What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance.
In this episode, Tom visits with Vall Herard, CEO of Saifr.ai, which is aimed at transforming compliance in the financial services industry.
Saifr.ai is an AI company aimed at transforming compliance in the financial services industry. Herard shares his professional background, the founding and objectives of Saifr, and the company’s innovative AI solutions, including marketing communications compliance, electronic communications compliance, and AML/KYC capabilities. We cover how Saifr.ai uses AI to help compliance officers by providing tools that streamline their work and embed compliance checks in everyday processes. Herard also touches upon AI ethics, adaptive risk management, and the future of AI in compliance. He hints at upcoming innovations, including the compliant adaptation of large language models like ChatGPT for financial services.
In this episode of Trekking Through Compliance, we consider the compliance and leadership lessons from the episode The Doomsday Machine, which aired on October 20, 1967, and occurred on Star Date 4202.9.
The Enterprise responds to a distress beacon from the Starship U.S.S. Constellation and then finds the battered remains of the ship itself. Kirk sends a boarding party to the Constellation to investigate. Its commander, Commodore Matt Decker, is in a state of shock and not very coherent. Even after McCoy injects him, Decker can say that his ship was attacked by “that thing.”
Kirk beams Decker and McCoy back to the Enterprise. The Doomsday Machine attacks the Enterprise. Commodore Decker pulls his rank and assumes command over Spock’s objections. Kirk sees what is going on from the Constellation and begins heading toward the Doomsday Machine using impulse power.
Kirk angrily orders Spock to re-assume command of his authority, which he does. Decker steals a shuttlecraft and pilots it into the Doomsday Machine, killing himself but producing a small power drop in the Doomsday Machine. Kirk reasons that the starship explosion might be capable of destroying the alien vessel. Scott rigs the Constellation to explode, then transports it to the Enterprise. The Constellation then explodes, turning the planet killer into a harmless pile of space junk.
Commentary
The Enterprise encounters a planet-destroying robot and must devise a way to stop it. Fox underscores various compliance and risk management lessons: establishing robust incident response protocols, fostering cross-functional teamwork, ensuring organizational resilience, balancing short-term fixes with long-term solutions, cultivating a culture of compliance and innovation, and maintaining situational awareness and adaptability. These lessons are essential for compliance leadership in 2024.
Key Highlights
Story Synopsis: The Doomsday Machine
Fun Facts and Behind the Scenes
Compliance Leadership and Risk Management Lessons
Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein
In this episode of Trekking Through Compliance, we consider the compliance and leadership lessons from the episode The Apple, which aired on October 13, 1967, and occurred on Star Date 3715.0.
A Landing Party finds danger on a seemingly pristine planet as the Enterprise is threatened. The planet’s inhabitants are the feeders of Vaal. Kirk asks to be taken to Vaal, just as Scott reports that the Enterprise is being dragged into the planet by a tractor beam from the planet.
Kirk and Spock go to confront Vaal. Vaal responds by calling a thunderstorm and striking Spock with a lightning bolt. The people of Vaal then attack, killing a security guard. As usual, the rest of the landing party fends off the attack and gets off unscathed. Kirk has Scott attack Vaal with the ship’s phasers to weaken. This drains Vaal’s power reserves and frees the people from his grip. Spock accuses Kirk of giving the people the equivalent of the apple of knowledge and driving them from their Eden, but Kirk maintains that Spock’s resemblance to the Devil is much more apparent than his own.
Commentary
The episode follows Captain Kirk and his landing party as they encounter the planet Gamma Trianguli VI and grapple with its godlike ruler, Vaal. The discussion highlights critical business ethics lessons, including the dangers of paternalistic control, respecting cultural sovereignty, ensuring transparency, avoiding disruption of stable systems, fostering self-determination, and balancing short-term and long-term impacts. Additionally, this episode reflects on the broader implications of Kirk’s actions on the planet’s civilization and draws parallels to modern ethical concerns in compliance programs.
Key Highlights
Story Synopsis
Fun Fact and Episode Themes
Business Ethics Lessons from The Apple
Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein
Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation.
In this podcast, host Tom Fox welcomes back Mike DeBernardis to discuss recent corruption convictions involving individuals connected to Venezuela, as highlighted in Hughes Hubbard & Reed’s ‘Month in a Minute.’
We use these criminal matters as a starting point to discuss how companies can effectively manage compliance in high-risk areas by assessing risks, crafting risk management strategies, implementing specific controls, documenting processes, and training employees. We emphasize the importance of maintaining thorough documentation to meet regulatory requirements and auditing standards.
In this episode of Trekking Through Compliance, we consider the episode Arena, which aired on January 19, 1967, with a Star Date of 3045.6.
The Enterprise arrives at the Cestus III Outpost by invitation of its commanding officer, but the crew finds the outpost obliterated and then under attack from an unknown vessel. Both ships enter a new space sector and lose all propulsion power shortly after. Enterprise is contacted by the Metrons, who announce they will pit the respective captains in a one-to-one battle to the death. Kirk is transported to the planet’s surface along with the other captain of the Gorn.
Kirk attempts to communicate with the Gorn but has not received a response. Kirk lies in wait for the Gorn and fires on him. As Kirk prepares to deal a death blow, he considers the Gorn’s claims that the attack on Cestus III was only self-defense and allowed him to live. Suddenly, the Gorn disappears, and a Metron appears to Kirk, congratulating him on not only winning the battle but showing the advanced trait of mercy for one’s enemy, leading the Metron to comment that “you are still half-savage, but there is hope,” and that the Federation should seek out the Metrons again in several thousand years.
Commentary
In this episode of ‘Trekking Through Compliance,’ host Tom Fox explores episode 18 of the original Star Trek series, ‘Arena.’ The narrative details Captain Kirk’s encounter with the Gorn and the intervention by the Metrons, who force them into a duel to the death. Key elements include the destruction of the Earth Observation Outpost, the high-stakes battle between Kirk and the Gorn, and Kirk’s ultimate moral and strategic decisions. Fox highlights several leadership lessons for compliance professionals drawn from the episode, including adaptability, empowering subordinates, emotional intelligence, strategic thinking, and principled decision-making. These insights aim to enhance the skills of compliance officers in navigating corporate governance and risk management.
Key Highlights
The Duel: Kirk vs. The Gorn
Behind the Scenes and Cultural Impact
Leadership Lessons from Arena
Resources
Excruciatingly Detailed Plot Summary by Eric W. Weisstein
Compliance professionals face increasing pressures to adapt and innovate in today’s rapidly evolving landscape. On a recent episode of Innovation in Compliance, I visited with Matt Lowe, the Chief Strategy Officer at MasterControl. We discussed how AI is revolutionizing quality management in the life sciences industry. With a background in engineering and extensive experience at MasterControl, Matt offered a unique perspective on integrating AI into compliance processes. We deeply explored how AI is poised to transform the compliance field.
Generative AI is being utilized to create comprehension-based testing automatically. This innovation significantly reduces the time required for compliance-focused training, transforming a process that once took hours into a task completed in minutes. This approach resonates with the broader compliance community, where efficiency and accuracy are paramount. By automating the generation of training materials, AI can help ensure that employees are adequately trained on your internal policies and procedures, helping your organization maintain compliance with regulatory standards.
Perhaps one of AI’s most exciting promises is the shift from reactive to predictive and preventative compliance. Traditionally, risk management has focused on identifying and correcting issues after they occur. However, AI offers the potential to predict and prevent problems before they arise. By analyzing vast amounts of data, AI can identify patterns and anomalies, allowing organizations to address potential issues proactively.
This predictive capability is precious in the life sciences industry, where the stakes are high. Ensuring the highest quality products can directly impact patient safety and regulatory compliance. Leveraging AI to predict and prevent quality issues represents a transformative shift in managing compliance.
When implementing AI in compliance, you should take a risk-based approach. This involves starting with low-risk AI applications to gain confidence in the technology before moving on to more critical areas. For instance, generating training exams is a low-risk application that can still deliver significant benefits. As organizations become more comfortable with AI, they can explore its use in more complex and higher-risk areas.
This cautious approach aligns with the principles of compliance, where assessing and managing risk is a fundamental aspect of the profession. By gradually incorporating AI, organizations can mitigate potential risks while harnessing the technology’s power to enhance compliance processes.
While AI offers tremendous potential, we both stressed the importance of the “Human in the Loop” approach. AI can provide valuable insights and automate processes, but human oversight remains crucial. This is particularly important in life sciences, where the consequences of errors can be severe. Ensuring that humans review and validate AI-generated outputs helps maintain the accuracy and reliability of compliance efforts. This “Human in the Loop” reflects a balanced approach to AI integration. By combining the strengths of AI with human expertise, organizations can achieve a more robust and effective compliance framework.
Lowe shared his vision for the future of AI in compliance. He envisions a world where AI becomes integral to software applications, transforming how professionals interact with technology. Instead of navigating complex interfaces, users will engage with AI-driven chatbots that provide instant answers and guidance. This shift will enable compliance professionals to access the information they need more efficiently and effectively. AI has the potential to identify gaps in compliance frameworks and suggest appropriate controls. This capability can significantly enhance the effectiveness of compliance programs by ensuring that organizations are always prepared for audits and regulatory scrutiny.
As AI continues to evolve, collaboration within the industry will be essential. Lowe mentioned initiatives like the Convention for Healthcare AI, where industry players and regulators discuss the ethical implications and best practices for AI use. Such collaborations are vital to ensure that AI is leveraged responsibly and ethically, particularly in industries like life sciences, where the impact on human health is significant.
AI has transformative potential for compliance. By automating routine tasks, shifting from reactive to predictive compliance, and adopting a risk-based approach, AI can significantly enhance the efficiency and effectiveness of compliance programs. However, the human element remains crucial to ensure accuracy and reliability. As the industry continues to explore and embrace AI, collaboration and ethical considerations will play a vital role in shaping the future of compliance. By harnessing the power of AI, organizations can stay ahead of regulatory requirements, improve product quality, and ultimately protect patient safety. The journey towards AI-driven compliance is just beginning, and the possibilities are exciting and profound.
The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.
Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!
In this episode, Tom and Matt delve deep into Citigroup’s $126 million trading error, resulting from poor internal controls.
They discuss how a simple ‘fat finger’ error by a trader led to a major flash crash on European stock exchanges in 2022, and how the failure of Citigroup’s internal controls allowed it to happen. The discussion covers multiple compliance lessons, including the importance of understanding the human element in control design, the need for adequate staffing and monitoring, and the necessity of consistent global risk management.
Fox and Kelly also highlight the importance of addressing findings from internal audits and maintaining urgency in improving internal controls. They emphasize that companies should think creatively about risk management, taking into account various global factors, including holidays and local regulations.
Key Highlights:
The Citigroup Internal Control Fiasco
Compliance Lessons from Citigroup’s Mistake
The Human Element in Compliance and Control Failures
