Categories
Blog

Managing Culture Risk

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of corporate compliance enforcement action. In this Part 3, we consider how to manage your culture risk through the crucial role of managers with assess your culture with Jessica Czeczuga.

Jessica Czeczuga is a seasoned professional with over two decades of experience in the training and development field, specializing in areas such as finance, quality, compliance and ethics, leadership, and communication training. Jessica brings a unique perspective to the compliance space, emphasizing the pivotal role of managers in shaping and reinforcing company culture. She believes that managers, being the most influential group within an organization, should be adequately trained to align with the desired culture and equipped with the necessary tools to effectively communicate and reinforce cultural values. Jessica also advocates for the collaboration between compliance professionals and HR to improve culture, leveraging their counseling skills and creating clear processes for reporting and addressing culture-related issues.

According to Czeczuga, managers are the most influential group in an organization when it comes to shaping company culture. They are the boots on the ground, constantly interacting with the employees that report to them. Their ability to talk and influence gives them a lot of power in driving the desired culture. Therefore, it is crucial for organizations to reach out to managers and get them on board with the desired culture, as they will naturally drive that message deeper into the organization.

She emphasized the importance of managers in shaping and reinforcing company culture was discussed. Managers play a significant role in driving the desired culture deeper into the organization, as they are in constant contact with employees and have the ability to support, promote, permit, or ignore certain behaviors and values.

To effectively manage culture, compliance professionals need to empower and train managers. Just like any other training program, a strong training program should be set up for managers, focusing not only on providing them with information about the desired culture but also on practical application. Role-playing and conversations with employees are key to driving behavior change and ensuring that managers are equipped to deliver the desired cultural messages.

The collaboration between HR and compliance departments is also important in reinforcing the importance of culture and driving a culture of reporting. HR, with its extensive touchpoints with employees, plays a crucial role in reinforcing compliance and culture messages. By partnering with HR, compliance professionals can ensure that the messages about culture are consistent and delivered from multiple angles, making them stronger and more impactful.

HR can also provide valuable insights and skills to the compliance function. HR has as many touchpoints with employees as any other corporate function, making it an ideal partner for compliance in reinforcing culture. HR can help compliance professionals in delivering messages about culture to different levels of employees and can provide guidance on how to address culture issues in conversations with employees.

The key takeaway is that managers have a crucial role in shaping and reinforcing company culture. They are the gatekeepers of culture and have the power to drive the desired culture deeper into the organization. To effectively manage culture, compliance professionals should focus on empowering and training managers, while also collaborating with HR to reinforce culture messages. Practical application, such as role-playing and conversations with employees, is key to driving behavior change and ensuring that managers are equipped to deliver the desired cultural messages.

In conclusion, the role of managers in shaping and reinforcing company culture cannot be underestimated. They have the ability to support, promote, permit, or ignore certain behaviors and values, making them the most influential group in an organization when it comes to culture. By empowering and training managers, and collaborating with HR, compliance professionals can effectively manage culture and drive the desired behaviors and values throughout the organization.

Join us tomorrow where we explore monitoring culture.

Tune into Jessica Czeczuga on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 3 – Jessica Czeczuga on Creating a Strategy to Manage Culture

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 3, we visit with Jessica Czeczuga on how to develop a strategy to manage your culture risk.

Jessica Czeczuga is a seasoned professional with over two decades of experience in training and development, specializing in areas such as finance, quality, compliance and ethics, leadership, and communication training. Jessica brings a unique perspective to the compliance space, emphasizing the pivotal role of managers in shaping and reinforcing company culture. She believes that managers, the most influential group within an organization, should be adequately trained to align with the desired culture and equipped with the necessary tools to communicate and reinforce cultural values effectively. Jessica also advocates for collaboration between compliance professionals and HR to improve culture, leveraging their counseling skills and creating clear processes for reporting and addressing culture-related issues. Join Tom Fox and Jessica Czeczuga as we dive deeply into this topic in this Unlocking Success: The Crucial Role of Culture podcast episode.

Key Highlights: 

  • The Impact of Managers on Company Culture
  • Collaborative Partnership: HR and Compliance Driving Reporting
  • The Role of Managers in Shaping Culture

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com.

 Join us tomorrow, where we consider how to monitor culture going forward.

Categories
Data Driven Compliance

Data Driven Compliance: Heidi Hunter on Leveraging AI and Data-Driven Solutions for Risk Management in The Financial Industry

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

In this podcast episode, Tom Fox and Heidi Hunter, Chief Product Officer – GBG Americas, explore the intersection of compliance, risk analysis, fraud detection, and cybersecurity. They discuss the importance of identity verification solutions in meeting regulatory requirements and mitigating fraud during customer onboarding. The conversation also delves into the challenges and opportunities of AI in compliance, emphasizing the need for transparency and documentation. AI’s role in risk analysis and fraud detection is examined, highlighting the need for human reasoning and oversight to overcome AI’s limitations. The importance of understanding and mitigating cybersecurity risks is emphasized, with a discussion on red-team and blue-team exercises. Overall, the episode provides insights into maintaining compliance, mitigating risks, and addressing threats in the financial industry.

·      Identity verification solutions

·      Challenges and Opportunities of AI in Compliance

·      The Role of AI in Risk Analysis

·      AI and Fraud Detection

·      The Importance of Understanding and Mitigating Cybersecurity Risks

Resources:

Heidi Hunter on LinkedIn

GBG

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Igor Volovich – Compliance Therapy

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Tom welcomes Igor Volovich, the Compliance Therapy doctor from Qmulos, to discuss how to bridge gaps between compliance, security, and risk management. Volovich emphasizes the need for education and evangelism to unlock the value that compliance could offer businesses. He introduces their compliance therapy branding and highlights the importance of evidence-based compliance management through automation to improve trustworthiness. As we move towards real-time risk governance, automation is key for continuous attestation. Compliance processes have been highly manual and outdated, but regulatory bodies recognize the importance of automation in managing risks.

In the podcast, Tom dives into the need for convergence in compliance and discussing risk in real-time and translating technical terms into risk frameworks. If you’re interested in the convergence of compliance, security, and risk, check out Qmulos’ published guide and resources on their website and social media profiles. Don’t miss out on the chance to learn from the experts and continue the conversation with Igor Volovich and Tom Fox. Listen today! 

Key Highlights

·      Introduction of Compliance Therapy Expert

·      Objective Compliance Management: From Opinion to Evidence

·      Importance of trust and governance in data

·      Revolutionizing Compliance Processes with Automation

·      Effective Risk Management for Businesses 

KEY QUOTES

“Most of the folks have these really weird misconceptions about what compliance is We need to reframe the mindset to rejoin the conjoined twins of compliance and security and risk and get them back together.”

“How do we evolve from this opinion-based compliance management, to objective evidence based compliance management. That’s the question that we asked. It’s more robust. It’s more trustworthy. it’s more real. Right? We’re moving from fiction to fact.”

“Within the sphere of influence that we actually do have, how much control can you exert? How much control can you demonstrate reliably, incredibly? To me, that’s the metric. How much can you prove about what you know? Is it belief or is it true? That’s the thing that we try to focus on.”

“The ultimate answer is, of course, automation, you can’t throw more people at the problem.”

Resources:

Igor Volovich on LinkedIn 

Qmulos

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: May 16, 2023-the AI and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

Stories Include

  • Using AI to manage risk. (InsideBigData)
  • How will AI change the workplace. (WSJ)
  • Using AI to manage regulatory risk frameworks. (PYMNTS)
  • Will AI help compliance? (Forbes)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Questionnaire

The next step in the five-step process is the questionnaire. The term ‘questionnaire’ is mentioned several times in the 2020 FCPA Resource Guide. It is generally recognized as one of the tools that a company should complete in its investigation to understand better with whom it is doing business. The questionnaire should be mandatory for any third party that desires to work with your company as it mandates the proposed business partner commit to the required information in writing before beginning the due diligence process. Remember, if a third party does not want to fill out the questionnaire or will not fill it out completely, you should not walk but run away from doing business with such a party.

One of the key requirements of any successful compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter, as small businesses can face significant risks and will need more extensive procedures than other businesses facing limited threats. The level of risk that companies face will also vary with the type and nature of the third parties with which they may have business relationships. For example, a company that appropriately assesses that there is no risk of bribery on the part of one group of its third parties will require nothing in the way of procedures to prevent corruption in the context of those relationships. By the same token, the bribery risks associated with reliance on a third-party agent representing a company in negotiations with foreign government officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.
The questionnaire fills several vital roles in your overall management of third parties. It provides key information you need to know about who you are doing business with and whether they can fulfill your commercial needs. Just as important is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, U.K. Bribery Act, or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Three key takeaways:

  1. You must have enough information to fully identify the owners, UBOs, and related parties to determine if there is foreign official involvement.
  2. All commentary on best practices compliance programs requires questionnaires.
  3. If a third party refuses to fully respond to your questionnaire, run and don’t walk away from the proposed relationship.
Categories
GalloCast

Gallocast – Episode 8

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of Ethico. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the Sunday dinner table. Hosted by Tom Fox, the Voice of Compliance.

In the Gallo Cast, host Tom Fox visits with brothers Nick and Gio Gallo to discuss topics from Silicon Valley Bank’s $200 billion accounting fraud to the importance of daddy-daughter dates. They debate the role of leadership and the importance of non-financial incentives for corporate compliance. Nick and Gio touch on discussions about risk and return in banking, the impact of social media, and the use of metrics for executive performance assessment. They urge people to reach out for help when struggling and encourage leaders to create a workplace that fosters connection, compassion and understanding. Listen to the GalloCast and find out how to be a better leader and a better person.

Key Highlights

·       The Impact of Low Interest Rates and Yield Chasing: Discussing the Silicon Valley Bank Collapse

·       The Impact of Silicon Valley Bank’s Composition of Depositors and Yield Chasing on the Stock Market Crash.

·       The Risks of Taking Big Swings: A Look at Silicon Valley Bank Leadership

·       The Role of a Bank’s Chief Risk Officer in Times of Crisis and the Implications of a Zero Interest Policy.

·       The return of capital and the risks to improve income for short-term gain.

·       The Role of Executive Leadership in setting Company Goals and Values.

·       Rewarding Compliance to Promote a Positive Culture

·       Corporate Transparency and Measures to Assess Compliance Team Performance

·       Measuring the Effectiveness of Compliance Teams

·       Creating Space to Talk About Mental Wellbeing in the Workplace

·       Creating an Empathetic Workplace for Stress Relief and Support

·       Creating a Comfortable and Supportive Workplace Environment

·       The Benefits of Creating Lasting Memories with Loved Ones

·       The Impact of Daddy-Daughter Activities on Emotional Bonding

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Coming Conflict with China-Business Challenges and Responses: Good Compliance is Good Business

In the short span of the 21st Century, the world’s two top powers, the United States and China, have moved inexplicably toward a showdown. This evolved from a commercial competition into something more akin to permanent non-kinetic warfare. What does this mean for US business doing business in and with China? For this special 5-part blog post series, I visited with Brandon Daniels, CEO of Exiger, to explore issues diverse as a real danger, supply chain, exports, cyber-attacks, and IP theft from the business perspective and give the compliance and business executive their viewpoints on what you can do to not only prepare your company but protect it as well. In concluding Part V, we lay out the business response to the coming conflict with China-good compliance.

In the face of rising tensions with China, it’s essential for businesses to take proactive steps to protect themselves. In the fifth and final episode of our five-part series on the coming conflict with China, we outline the integral roles of government, public companies, businesses, think tanks, consultants, product providers, and service providers in addressing the challenge. The  importance of compliance as good business practice cannot be overstated. We also discuss the strategies of risk assessment and risk management necessary to weather the coming storm.

Here are the steps you need to follow to create good compliance in your organization to help you meet the China challenge.:

  1. Identify risks
  2. Assess risks
  3. Implement a risk management strategy
  1. Identify risks

 The first step in addressing the upcoming conflict with China is to identify risks. This can be done by looking at the transcript and thinking about what risks are present in the context of the conversation. For example, the transcript mentions potential conflict with China, cyber intrusions, human rights abuses, national security threats, and IP theft. All of these topics should be considered potential risks that need to be assessed.

One of the main risks is the economic and national security threat that comes from insider threats. This includes cyber intrusions, credential theft, and other malicious activities. Additionally, public companies need to be aware of the potential for IP theft, human rights abuses, and other forms of economic sabotage. It is also important to understand the need for investment in cyber hardening, diversification away from China, and incentives for public markets. Finally, businesses must be aware of the need for risk assessment and risk management strategies, as well as the need to monitor and upgrade those strategies as necessary. All of these risks must be identified in order to effectively address the coming conflict with China.

  1. Assess risks

Once the potential risks have been identified, the next step is to assess the likelihood of the risks and their potential impacts. This can be done by looking at past experiences and current trends. It is also important to consider the potential of the risks, as well as the severity of the impacts. For example, if a risk involves cyber intrusions, it is important to consider the potential for data theft, as well as the impact of a data breach on the company’s reputation.

Finally, it is important to look at the potential solutions for the identified risks. This can be done by looking at the solutions that have been suggested in the transcript, such as regulation, funding, and raising awareness. It is also important to consider the potential costs and benefits of each solution, as well as the potential for implementation. By assessing the risks, the solutions, and their potential impacts, businesses can develop an effective risk management strategy.

 3. Implement a risk management strategy

A risk management strategy is essential for preparing for a potential conflict with China. This strategy should involve identifying risks, assessing the potential impact of each risk, creating a plan to manage each risk, and monitoring the implementation of the risk management plan. Government regulators can lead this effort by raising awareness of the interconnected issues and prioritizing the expenditure of resources to mitigate risk. Additionally, incentives can be provided to public companies to invest in risk mitigation strategies. Businesses should also take the initiative to assess their own risks and create plans to reduce them. This can be done through utilizing existing technology to make processes more efficient and cost effective. Finally, raising awareness is essential to ensure that everyone is aware of the potential risks posed by the conflict with China. This can be done through education and providing resources to help people understand the risks and how to mitigate them.

The coming conflict with China presents numerous risks to businesses, governments, and the public at large. It is essential to assess the risks, create a risk management strategy, and implement it. By taking the initiative to identify, assess, and manage risks, businesses can protect themselves and stay competitive in this ever-changing landscape. The bottom line is good compliance is good business because good compliance is good business process. With the right knowledge, tools, and strategies, you too can be prepared for the coming conflict with China and protect your company from potential risks.

For a deeper dive into these issues, check out the 5-part podcast series with Tom Fox and Brandon Daniels, here.

Categories
Daily Compliance News

March 23, 2023 – The No Chickens Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Don’t want no chickens. (Reuters)
  • End of Swiss exceptionalism. (Bloomberg)
  • Banks botching risk management. (WSJ)
  • Companies are looking at another year of shareholder sustainability proposals. (WSJ)
Categories
Blog

Compliance Lessons from the SVB Failure

The recent events surrounding Silicon Valley Bank have been both shocking and eye-opening. From the depositors who faced near death experiences, the shareholders who lost all their money, and the taxpayers who supported the bailout, it’s clear that there were multiple levels of oversight that failed to stop this disaster from happening. In this week’s episode of Compliance into the Weeds, Matt Kelly and myself explored the roles of KPMG, the Board of Directors and management, institutional investors, and the regulators, to uncover the lessons the compliance professional can take away from this debacle.

There were three key areas that SBV and those who advised it failed in. They included:

  1. Failures in identifying the poor risk management practices and the lack of assurance around the bank’s ability to access emergency cash.
  2. Failures by the Board of Directors and senior in responding to the red flags raised by the BlackRock consultants.
  3. Failures by SVB who was not prepared with a plan to resolve the crisis when it occurred.

Poor Risk Management Practices

The first step in understanding the lack of assurance around the bank’s ability to access emergency cash is to identify its poor risk management practices. KPMG, the banks’s auditors, may have given an anodyne report that stated there was no material risk of misstatement, but they could not have predicted the strategic risks that SVB was taking.  SVB got into trouble around its financial assets,  namely low-interest rate loans that SVB issued in the late 2010s. When the Federal Reserve started jacking interest rates to cool down inflation, the value of those loans fell. It put the bank in a precarious position. It is not clear what the bank’s management did but whatever it was, it was clearly insufficient.

Board and Senior Management Failure to Address Red Flags

Both the Board and senior management failed to respond adequately to the red flags raised by the BlackRock consultants, who SVB hired in late 2020, to look at their risk management practices. According to the report, SVB failed 11 of 11 criteria for risk management, indicating that there were serious issues present. This assessment should have been a red flag for management and the board’s risk committee, which met 18 times in 2022. It is not clear whether they discussed the BlackRock consultants’ report, but it is clear that the risk of rising interest rates and the lack of hedging to offset these risks was ignored. Despite this, the bank declined to pursue the opportunity for improvements.

Moreover by this time, the San Francisco Fed had already given Silicon Valley Bank at least six citations for poor risk management practices and not doing enough to assure easy access to emergency cash. This should have been a warning sign to both regulators and investors, yet it seems that no one was prepared for the eventual collapse of the bank. This oversight deficit points to a lack of communication and assurance from the board and management to the public, which is a key compliance lesson for other organizations.

 Lack of a Plan

Clearly, SVB was not prepared with a plan to resolve the crisis when it occurred. There was a clear lack of communication between the board and management of Silicon Valley Bank, it’s audit firm, and the regulators. The board and management of Silicon Valley Bank were aware of the risks that their strategies posed, as evidenced by their hiring of BlackRock consultants to assess their risk management processes. However, they failed to take the necessary steps to address the issues identified by the consultants, leaving the bank exposed to the risk posed by rising interest rates. The auditors also failed to point out the strategic risk of the bank’s holdings, instead offering an anodyne report that did not indicate any risk of material misstatement or substantial doubt about the bank’s ability to continue as a going concern. Finally, the regulators, such as the San Francisco Fed, had raised multiple red flags about Silicon Valley Bank’s risk management practices and potential lack of access to emergency funding, yet they failed to create a plan to address these issues before the crisis occurred. As a result, the public, investors, and depositors were left in the dark, without a plan to respond to the crisis.

The collapse of Silicon Valley Bank is a stark reminder that organizations need to take effective steps to ensure proper oversight and risk management. This includes both board and management members being aware of the risks posed by their strategies, engaging with auditors to assess the risks, and having a plan in place to deal with potential crises. The Silicon Valley Bank case serves as an example of what can happen when these steps are not taken and the consequences of such a failure. It is up to organizations to learn from this case and take the necessary steps to ensure that a similar disaster does not occur again. Despite the gravity of the situation, there is still hope that organizations can achieve the same level of compliance and oversight by following the lessons from this case.

Check out the full episode of Compliance into the Weeds, here.