Categories
Data Driven Compliance

Data Driven Compliance: Igor Volovich – Compliance Therapy

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Tom welcomes Igor Volovich, the Compliance Therapy doctor from Qmulos, to discuss how to bridge gaps between compliance, security, and risk management. Volovich emphasizes the need for education and evangelism to unlock the value that compliance could offer businesses. He introduces their compliance therapy branding and highlights the importance of evidence-based compliance management through automation to improve trustworthiness. As we move towards real-time risk governance, automation is key for continuous attestation. Compliance processes have been highly manual and outdated, but regulatory bodies recognize the importance of automation in managing risks.

In the podcast, Tom dives into the need for convergence in compliance and discussing risk in real-time and translating technical terms into risk frameworks. If you’re interested in the convergence of compliance, security, and risk, check out Qmulos’ published guide and resources on their website and social media profiles. Don’t miss out on the chance to learn from the experts and continue the conversation with Igor Volovich and Tom Fox. Listen today! 

Key Highlights

·      Introduction of Compliance Therapy Expert

·      Objective Compliance Management: From Opinion to Evidence

·      Importance of trust and governance in data

·      Revolutionizing Compliance Processes with Automation

·      Effective Risk Management for Businesses 

KEY QUOTES

“Most of the folks have these really weird misconceptions about what compliance is We need to reframe the mindset to rejoin the conjoined twins of compliance and security and risk and get them back together.”

“How do we evolve from this opinion-based compliance management, to objective evidence based compliance management. That’s the question that we asked. It’s more robust. It’s more trustworthy. it’s more real. Right? We’re moving from fiction to fact.”

“Within the sphere of influence that we actually do have, how much control can you exert? How much control can you demonstrate reliably, incredibly? To me, that’s the metric. How much can you prove about what you know? Is it belief or is it true? That’s the thing that we try to focus on.”

“The ultimate answer is, of course, automation, you can’t throw more people at the problem.”

Resources:

Igor Volovich on LinkedIn 

Qmulos

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: May 16, 2023-the AI and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

Stories Include

  • Using AI to manage risk. (InsideBigData)
  • How will AI change the workplace. (WSJ)
  • Using AI to manage regulatory risk frameworks. (PYMNTS)
  • Will AI help compliance? (Forbes)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Questionnaire

The next step in the five-step process is the questionnaire. The term ‘questionnaire’ is mentioned several times in the 2020 FCPA Resource Guide. It is generally recognized as one of the tools that a company should complete in its investigation to understand better with whom it is doing business. The questionnaire should be mandatory for any third party that desires to work with your company as it mandates the proposed business partner commit to the required information in writing before beginning the due diligence process. Remember, if a third party does not want to fill out the questionnaire or will not fill it out completely, you should not walk but run away from doing business with such a party.

One of the key requirements of any successful compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter, as small businesses can face significant risks and will need more extensive procedures than other businesses facing limited threats. The level of risk that companies face will also vary with the type and nature of the third parties with which they may have business relationships. For example, a company that appropriately assesses that there is no risk of bribery on the part of one group of its third parties will require nothing in the way of procedures to prevent corruption in the context of those relationships. By the same token, the bribery risks associated with reliance on a third-party agent representing a company in negotiations with foreign government officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.
The questionnaire fills several vital roles in your overall management of third parties. It provides key information you need to know about who you are doing business with and whether they can fulfill your commercial needs. Just as important is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, U.K. Bribery Act, or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Three key takeaways:

  1. You must have enough information to fully identify the owners, UBOs, and related parties to determine if there is foreign official involvement.
  2. All commentary on best practices compliance programs requires questionnaires.
  3. If a third party refuses to fully respond to your questionnaire, run and don’t walk away from the proposed relationship.
Categories
GalloCast

Gallocast – Episode 8

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of Ethico. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the Sunday dinner table. Hosted by Tom Fox, the Voice of Compliance.

In the Gallo Cast, host Tom Fox visits with brothers Nick and Gio Gallo to discuss topics from Silicon Valley Bank’s $200 billion accounting fraud to the importance of daddy-daughter dates. They debate the role of leadership and the importance of non-financial incentives for corporate compliance. Nick and Gio touch on discussions about risk and return in banking, the impact of social media, and the use of metrics for executive performance assessment. They urge people to reach out for help when struggling and encourage leaders to create a workplace that fosters connection, compassion and understanding. Listen to the GalloCast and find out how to be a better leader and a better person.

Key Highlights

·       The Impact of Low Interest Rates and Yield Chasing: Discussing the Silicon Valley Bank Collapse

·       The Impact of Silicon Valley Bank’s Composition of Depositors and Yield Chasing on the Stock Market Crash.

·       The Risks of Taking Big Swings: A Look at Silicon Valley Bank Leadership

·       The Role of a Bank’s Chief Risk Officer in Times of Crisis and the Implications of a Zero Interest Policy.

·       The return of capital and the risks to improve income for short-term gain.

·       The Role of Executive Leadership in setting Company Goals and Values.

·       Rewarding Compliance to Promote a Positive Culture

·       Corporate Transparency and Measures to Assess Compliance Team Performance

·       Measuring the Effectiveness of Compliance Teams

·       Creating Space to Talk About Mental Wellbeing in the Workplace

·       Creating an Empathetic Workplace for Stress Relief and Support

·       Creating a Comfortable and Supportive Workplace Environment

·       The Benefits of Creating Lasting Memories with Loved Ones

·       The Impact of Daddy-Daughter Activities on Emotional Bonding

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Good Compliance is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we lay out the business response to the coming conflict with China-good compliance.

In the face of rising tensions with China, it’s essential for businesses to take proactive steps to protect themselves. In the fifth and final episode of our five-part series on the coming conflict with China, we outline the integral roles of government, public companies, businesses, think tanks, consultants, product providers, and service providers in addressing the challenge. The  importance of compliance as good business practice cannot be overstated. We also discuss the strategies of risk assessment and risk management necessary to weather the coming storm.

Here are the steps you need to follow to create good compliance in your organization to help you meet the China challenge.:

  1. Identify risks
  2. Assess risks
  3. Implement a risk management strategy
  1. Identify risks

 The first step in addressing the upcoming conflict with China is to identify risks. This can be done by looking at the transcript and thinking about what risks are present in the context of the conversation. For example, the transcript mentions potential conflict with China, cyber intrusions, human rights abuses, national security threats, and IP theft. All of these topics should be considered potential risks that need to be assessed.

One of the main risks is the economic and national security threat that comes from insider threats. This includes cyber intrusions, credential theft, and other malicious activities. Additionally, public companies need to be aware of the potential for IP theft, human rights abuses, and other forms of economic sabotage. It is also important to understand the need for investment in cyber hardening, diversification away from China, and incentives for public markets. Finally, businesses must be aware of the need for risk assessment and risk management strategies, as well as the need to monitor and upgrade those strategies as necessary. All of these risks must be identified in order to effectively address the coming conflict with China.

  1. Assess risks

Once the potential risks have been identified, the next step is to assess the likelihood of the risks and their potential impacts. This can be done by looking at past experiences and current trends. It is also important to consider the potential of the risks, as well as the severity of the impacts. For example, if a risk involves cyber intrusions, it is important to consider the potential for data theft, as well as the impact of a data breach on the company’s reputation.

Finally, it is important to look at the potential solutions for the identified risks. This can be done by looking at the solutions that have been suggested in the transcript, such as regulation, funding, and raising awareness. It is also important to consider the potential costs and benefits of each solution, as well as the potential for implementation. By assessing the risks, the solutions, and their potential impacts, businesses can develop an effective risk management strategy.

 3. Implement a risk management strategy

A risk management strategy is essential for preparing for a potential conflict with China. This strategy should involve identifying risks, assessing the potential impact of each risk, creating a plan to manage each risk, and monitoring the implementation of the risk management plan. Government regulators can lead this effort by raising awareness of the interconnected issues and prioritizing the expenditure of resources to mitigate risk. Additionally, incentives can be provided to public companies to invest in risk mitigation strategies. Businesses should also take the initiative to assess their own risks and create plans to reduce them. This can be done through utilizing existing technology to make processes more efficient and cost effective. Finally, raising awareness is essential to ensure that everyone is aware of the potential risks posed by the conflict with China. This can be done through education and providing resources to help people understand the risks and how to mitigate them.

The coming conflict with China presents numerous risks to businesses, governments, and the public at large. It is essential to assess the risks, create a risk management strategy, and implement it. By taking the initiative to identify, assess, and manage risks, businesses can protect themselves and stay competitive in this ever-changing landscape. The bottom line is good compliance is good business because good compliance is good business process. With the right knowledge, tools, and strategies, you too can be prepared for the coming conflict with China and protect your company from potential risks.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
Daily Compliance News

March 23, 2023 – The No Chickens Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Don’t want no chickens. (Reuters)
  • End of Swiss exceptionalism. (Bloomberg)
  • Banks botching risk management. (WSJ)
  • Companies are looking at another year of shareholder sustainability proposals. (WSJ)
Categories
Blog

Compliance Lessons from the SVB Failure

The recent events surrounding Silicon Valley Bank have been both shocking and eye-opening. From the depositors who faced near death experiences, the shareholders who lost all their money, and the taxpayers who supported the bailout, it’s clear that there were multiple levels of oversight that failed to stop this disaster from happening. In this week’s episode of Compliance into the Weeds, Matt Kelly and myself explored the roles of KPMG, the Board of Directors and management, institutional investors, and the regulators, to uncover the lessons the compliance professional can take away from this debacle.

There were three key areas that SBV and those who advised it failed in. They included:

  1. Failures in identifying the poor risk management practices and the lack of assurance around the bank’s ability to access emergency cash.
  2. Failures by the Board of Directors and senior in responding to the red flags raised by the BlackRock consultants.
  3. Failures by SVB who was not prepared with a plan to resolve the crisis when it occurred.

Poor Risk Management Practices

The first step in understanding the lack of assurance around the bank’s ability to access emergency cash is to identify its poor risk management practices. KPMG, the banks’s auditors, may have given an anodyne report that stated there was no material risk of misstatement, but they could not have predicted the strategic risks that SVB was taking.  SVB got into trouble around its financial assets,  namely low-interest rate loans that SVB issued in the late 2010s. When the Federal Reserve started jacking interest rates to cool down inflation, the value of those loans fell. It put the bank in a precarious position. It is not clear what the bank’s management did but whatever it was, it was clearly insufficient.

Board and Senior Management Failure to Address Red Flags

Both the Board and senior management failed to respond adequately to the red flags raised by the BlackRock consultants, who SVB hired in late 2020, to look at their risk management practices. According to the report, SVB failed 11 of 11 criteria for risk management, indicating that there were serious issues present. This assessment should have been a red flag for management and the board’s risk committee, which met 18 times in 2022. It is not clear whether they discussed the BlackRock consultants’ report, but it is clear that the risk of rising interest rates and the lack of hedging to offset these risks was ignored. Despite this, the bank declined to pursue the opportunity for improvements.

Moreover by this time, the San Francisco Fed had already given Silicon Valley Bank at least six citations for poor risk management practices and not doing enough to assure easy access to emergency cash. This should have been a warning sign to both regulators and investors, yet it seems that no one was prepared for the eventual collapse of the bank. This oversight deficit points to a lack of communication and assurance from the board and management to the public, which is a key compliance lesson for other organizations.

 Lack of a Plan

Clearly, SVB was not prepared with a plan to resolve the crisis when it occurred. There was a clear lack of communication between the board and management of Silicon Valley Bank, it’s audit firm, and the regulators. The board and management of Silicon Valley Bank were aware of the risks that their strategies posed, as evidenced by their hiring of BlackRock consultants to assess their risk management processes. However, they failed to take the necessary steps to address the issues identified by the consultants, leaving the bank exposed to the risk posed by rising interest rates. The auditors also failed to point out the strategic risk of the bank’s holdings, instead offering an anodyne report that did not indicate any risk of material misstatement or substantial doubt about the bank’s ability to continue as a going concern. Finally, the regulators, such as the San Francisco Fed, had raised multiple red flags about Silicon Valley Bank’s risk management practices and potential lack of access to emergency funding, yet they failed to create a plan to address these issues before the crisis occurred. As a result, the public, investors, and depositors were left in the dark, without a plan to respond to the crisis.

The collapse of Silicon Valley Bank is a stark reminder that organizations need to take effective steps to ensure proper oversight and risk management. This includes both board and management members being aware of the risks posed by their strategies, engaging with auditors to assess the risks, and having a plan in place to deal with potential crises. The Silicon Valley Bank case serves as an example of what can happen when these steps are not taken and the consequences of such a failure. It is up to organizations to learn from this case and take the necessary steps to ensure that a similar disaster does not occur again. Despite the gravity of the situation, there is still hope that organizations can achieve the same level of compliance and oversight by following the lessons from this case.

Check out the full episode of Compliance into the Weeds, here.

Categories
Daily Compliance News

March 17, 2023 – The SVB Fallout Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Vendor risks after SVB collapse.  (WSJ)

·       CFOs evaluate cash strategies after SVB failure.  (WSJ)

·       SVB Failure: Arrogance, incompetence, or both? (Bloomberg)

·       SEC’s role in protecting from financial collapses. (Reuters)

Categories
Compliance Into the Weeds

Beneath the Bailout: The Collapse of Silicon Valley Bank

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I explore the collapse of Silicon Valley Bank (SBV) and its outcomes. We discuss the consequences if the Federal government fails to bail out Signature Bank in New York and Silicon Valley Bank. The Dodd-Frank Act is examined, and noting that the SBV Chief Risk Officer left 8 months ago and was never replaced is a huge red flag. Will this event cause the Federal Reserve will pause interest rate hikes? Why did Libertarians from the tech industry scream for bailouts? Tom and Matt expertly unpack the complex details within the industry and provide insight and analysis into this relevant and timely industry topic.

 Key Highlights

The Impact of Silicon Bank and SBV’s Failures on the Banking Industry [02:01]

Implications of Unsold Silicon Valley Bank Assets on Taxpayers [05:04]

Challenge of Businesses Dealing with Employee Benefits under Federal Government Regulations [09:04]

Effects of Changes to the Dodd-Frank Act on Midsized Banks [12:54]

The Impact of Regulatory Ease on Business Failures [16:47]

The Reasons Behind Silicon Valley Bank’s Chief Risk Officer Quitting [20:53]

The Impact of Social Media on Interest Rate Decisions by the Federal Reserve [24:52]

 Notable Quotes:

1.     “So those loans brought in maybe 2 or 3 percent interest, but SVP had to pay out interest rates that might be more at 4 percent. That difference undermined the capital structure and the balance sheet of SVB until people started getting skittish, and then they said, Maybe I should pull my money out, which made the bank even more weak, so people got even more skittish.”

2.     “The big issue, which is why the business customer angle is important, is that under FDIC rules, a bank’s deposits are insured up to 250,000 dollars per account.”

3.     “Is it a business if you can never fail? This was not too big to fail. This was we are not going to let anybody fail.”

4.    ” You may not know where your key suppliers, customers, or key third parties are banking. Maybe you have that information. But does that mean you’re going to have to assess the financial health of those financial institutions of your customers? And know if they can pay you for your vendors or third-party suppliers. They can meet their payroll to deliver their services.”

 Resources

Matt  on LinkedIn

Tom on LinkedIn

Categories
Daily Compliance News

December 31, 2022 – The $296MM Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Today’s stories include:

  • Business risk to increase in 2023. (WSJ)
  • Bahamas regulator says it holds $296MM in FTX assets. (Reuters)
  • A Texas con artist. (Houston Chronicle)
  • What is good business leadership? (NYT)