Tag: Risk Management

Categories
Blog

Nicholas Latham on Implementing Frameworks for Effective Risk Management in Organizations

I recently had the opportunity to visit with folks from Diligent. We look down the road at key issues in 2024 in a podcast series sponsored by Diligent entitled Compliance Professionals Adapting to Change: Industries, Regulations, and Beyond. I could chat with Nicholas Latham, Renee Murphy, Jessica Czeczuga, Yee Chow, and Alexander Cotoia. Over this series, we discussed compliance communications in regulated industries, managing conflicts of interest at the Board level, the Board’s role in compliance training and communications, navigating the current ESG landscape, and professional growth and mentorship in compliance. In this first blog post, we discuss accounting and risk management frameworks.

One of the key topics discussed in the episode was the importance of risk assessment frameworks in identifying and mitigating organizational risks. Latham highlighted two widely used frameworks, the COSO Framework for Internal Controls and ISO 31,000, which both provide a comprehensive approach to risk management. These frameworks help organizations establish effective communication processes and gain a holistic view of risk across different departments.

The COSO Framework for Internal Controls focuses on enterprise risk management. It emphasizes the need to assess an organization’s control environment, determine risk appetite, and identify crucial risks for the business’s success. Information and communication processes, including training and monitoring activities, are built around these assessments to ensure effective risk management.

We next discussed the relevance of the “Single Pane of Glass” concept, often associated with the COSO Framework for Internal Controls. This concept provides a unified view of an organization’s operations and risk management, flattening hierarchical structures and promoting transparency. By implementing this approach, executives and leaders can comprehensively understand what is happening across the organization rather than just within individual departments.

We noted the challenges associated with compliance communication issues, particularly in e-communications. Latham emphasized the importance of setting the tone at the top, with executive leadership emphasizing the criticality of compliance and its impact on the organization and its customers. Training plays a crucial role in ensuring compliance, but Latham noted that the amount and frequency of training in today’s environment may not be sufficient. He stressed the need for organizations to step up their training efforts and be prepared for increasingly stringent regulatory scrutiny.

Monitoring e-communications poses a significant challenge due to the sheer volume of interactions. Latham suggested leveraging artificial intelligence (AI) to analyze a larger communications sample and identify potential risks. This approach could help organizations identify improper processes, training gaps, or script issues that may contribute to compliance breaches.

As a compliance professional, your understanding of risk assessment frameworks, such as the COSO Framework for Internal Controls and ISO 31,000, highlights the importance of comprehensive risk management practices. The “Single Pane of Glass” concept and the challenges associated with compliance communication issues provide valuable guidance for organizations navigating the complex risk and compliance landscape. As regulatory scrutiny continues to increase, compliance professional’s expertise will continue to serve as a valuable resource for organizations seeking to enhance their risk management practices and ensure compliance in an ever-evolving technological landscape.

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com

Join us tomorrow when we consider conflicts of interest at the Board of Directors.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 4 – AI Driven Risk Management and Fraud Prevention

Through leveraging AI-driven solutions, companies can collect and analyze survey data to identify patterns and trends that may indicate potential risks. This empowers organizations to take proactive measures to mitigate these risks and foster a culture of trust and transparency.

Another area of significance is mapping risks to controls. This allows a compliance professional or risk manager to know where risks are occurring within an organization and then map them to corresponding controls. This permits compliance functions to assess the effectiveness of their controls and identify areas that require improvement. By leveraging AI-driven solutions, organizations can gain a comprehensive understanding of their risk landscape and make data-driven decisions to strengthen their control environment.

AI-driven solutions have the potential to revolutionize risk assessment and fraud prevention. By leveraging these solutions, companies can enhance their compliance efforts, improve efficiency, and make data-driven decisions. However, it is crucial to balance automation with human expertise and address challenges related to data availability and quality. Ultimately, the successful implementation of AI-driven solutions requires a holistic approach that considers the impact on employees, fosters a culture of trust and transparency, and aligns with the organization’s risk management objectives.

Three key takeaways:

  1. Data visibility allows organizations to effectively manage their compliance efforts and make data-driven decisions.
  2. By leveraging AI-driven solutions, compliance functions can generate dashboards and analytics that provide real-time insights into their risk landscape.
  3. This not only improves efficiency but also enables auditors to focus on understanding the data and identifying potential risks.

For more information on this month’s sponsor check out KonaAI.com.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Data Analytics: Day 2 – Data-Driven Solutions for Compliance and Risk Management

In today’s rapidly evolving business landscape, compliance and risk management have become critical components of any successful organization. With the increasing complexity of regulations and the growing need for transparency, companies are turning to AI and data-driven solutions to enhance their compliance programs and mitigate risks. A key to this approach is the user adoption of AI-driven compliance tools.

AI and data-driven solutions have the potential to revolutionize compliance and risk management practices. By leveraging advanced analytics, machine learning, and automation, organizations can enhance decision-making processes, improve efficiency, and proactively address compliance risks. However, it is essential to prioritize user adoption, consider the impact on user experience, and strike a balance between automation and human judgment. With the right approach, AI and data-driven solutions can become valuable assets in the pursuit of effective compliance and risk management.

 Three key takeaways:

1. Compliance, risk management and corporate legal can all benefit from a data-driven approach to risk management.

2. By setting up alerts, compliance officers can be notified in real-time about potential risks or non-compliant activities.

3. There will always be the need for a balance between automation and human judgment.

For more information on this month’s sponsor KonaAI, check out their website, here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Written Standards: Day 17 – Policies for Third-Parties

As every compliance practitioner is well aware, third-parties still present the highest risk under the FCPA. The DOJ 2023 ECCP devotes an entire prong to third-party management. It begins with the following: A well-designed compliance program should apply risk-based due diligence to its third-party relationships.  Although the degree of appropriate due diligence may vary based on the size and nature of the company or transaction, prosecutors should assess the extent to which the company has an understanding of the qualifications and associations of third-party partners, including the agents, consultants, and distributors that are commonly used to conceal misconduct, such as the payment of bribes to foreign officials in international business transactions.
This set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance program must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party management: 1) business justification; 2) questionnaire to third-party; 3) due diligence on third-party; 4) compliance terms and conditions, including payment terms; and 5) management and oversight of third parties after contract signing.
I continually give my mantra of compliance, which is “Document, Document, and Document”. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program.

Three key takeaways:

  1. Use the full five-step process for third-party management.
  2. Make sure you have Business Development involvement and buy-in.
  3. Operationalize all steps going forward by including business unit representatives.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

Managing Culture Risk

Welcome to a special five-part blog series on building a stronger culture of compliance, sponsored by Diligent. In this series I will visit with Yvette Hollingsworth-Clark, Viktor Cuijak, Jessica Czeczuga; Michael Parker; and Alexander Cotoia. In this series, we will consider what is culture, how to assess culture, putting together a strategy to manage culture based upon this assessment, the monitoring of that strategy going forward and using information from your monitoring to engage in continuous improvement of your culture.

Many compliance professionals struggle with the ‘softness’ of culture. However, properly viewed culture can be seen as another type of risk for any organization. Viewed through this lens, culture can then be assessed, managed, monitored and improved as any other business risk. This has become even more important since the announcement in October 2021 by Deputy Attorney General Lisa Monaco, that the Department of Justice would assess corporate culture as a part of corporate compliance enforcement action. In this Part 3, we consider how to manage your culture risk through the crucial role of managers with assess your culture with Jessica Czeczuga.

Jessica Czeczuga is a seasoned professional with over two decades of experience in the training and development field, specializing in areas such as finance, quality, compliance and ethics, leadership, and communication training. Jessica brings a unique perspective to the compliance space, emphasizing the pivotal role of managers in shaping and reinforcing company culture. She believes that managers, being the most influential group within an organization, should be adequately trained to align with the desired culture and equipped with the necessary tools to effectively communicate and reinforce cultural values. Jessica also advocates for the collaboration between compliance professionals and HR to improve culture, leveraging their counseling skills and creating clear processes for reporting and addressing culture-related issues.

According to Czeczuga, managers are the most influential group in an organization when it comes to shaping company culture. They are the boots on the ground, constantly interacting with the employees that report to them. Their ability to talk and influence gives them a lot of power in driving the desired culture. Therefore, it is crucial for organizations to reach out to managers and get them on board with the desired culture, as they will naturally drive that message deeper into the organization.

She emphasized the importance of managers in shaping and reinforcing company culture was discussed. Managers play a significant role in driving the desired culture deeper into the organization, as they are in constant contact with employees and have the ability to support, promote, permit, or ignore certain behaviors and values.

To effectively manage culture, compliance professionals need to empower and train managers. Just like any other training program, a strong training program should be set up for managers, focusing not only on providing them with information about the desired culture but also on practical application. Role-playing and conversations with employees are key to driving behavior change and ensuring that managers are equipped to deliver the desired cultural messages.

The collaboration between HR and compliance departments is also important in reinforcing the importance of culture and driving a culture of reporting. HR, with its extensive touchpoints with employees, plays a crucial role in reinforcing compliance and culture messages. By partnering with HR, compliance professionals can ensure that the messages about culture are consistent and delivered from multiple angles, making them stronger and more impactful.

HR can also provide valuable insights and skills to the compliance function. HR has as many touchpoints with employees as any other corporate function, making it an ideal partner for compliance in reinforcing culture. HR can help compliance professionals in delivering messages about culture to different levels of employees and can provide guidance on how to address culture issues in conversations with employees.

The key takeaway is that managers have a crucial role in shaping and reinforcing company culture. They are the gatekeepers of culture and have the power to drive the desired culture deeper into the organization. To effectively manage culture, compliance professionals should focus on empowering and training managers, while also collaborating with HR to reinforce culture messages. Practical application, such as role-playing and conversations with employees, is key to driving behavior change and ensuring that managers are equipped to deliver the desired cultural messages.

In conclusion, the role of managers in shaping and reinforcing company culture cannot be underestimated. They have the ability to support, promote, permit, or ignore certain behaviors and values, making them the most influential group in an organization when it comes to culture. By empowering and training managers, and collaborating with HR, compliance professionals can effectively manage culture and drive the desired behaviors and values throughout the organization.

Join us tomorrow where we explore monitoring culture.

Tune into Jessica Czeczuga on the Diligent podcast series Unlocking Success: The Crucial Role of Culture in a Best Practices Compliance Program.

Categories
Innovation in Compliance

Unlocking Success: The Crucial Role of Culture in Compliance: Part 3 – Jessica Czeczuga on Creating a Strategy to Manage Culture

Welcome to a special series on building a stronger culture of compliance through targeted and effective training sponsored by Diligent. I will visit with Yvette Hollingsworth-Clark, Viktor Culjak, Jessica Czeczuga, Michael Parker, and Alexander Cotoia. Over this series, we will consider what culture is, how to assess culture, putting together a strategy to manage culture based upon this assessment, monitoring that strategy in the future, and using information from your monitoring to improve your culture continuously. In Part 3, we visit with Jessica Czeczuga on how to develop a strategy to manage your culture risk.

Jessica Czeczuga is a seasoned professional with over two decades of experience in training and development, specializing in areas such as finance, quality, compliance and ethics, leadership, and communication training. Jessica brings a unique perspective to the compliance space, emphasizing the pivotal role of managers in shaping and reinforcing company culture. She believes that managers, the most influential group within an organization, should be adequately trained to align with the desired culture and equipped with the necessary tools to communicate and reinforce cultural values effectively. Jessica also advocates for collaboration between compliance professionals and HR to improve culture, leveraging their counseling skills and creating clear processes for reporting and addressing culture-related issues. Join Tom Fox and Jessica Czeczuga as we dive deeply into this topic in this Unlocking Success: The Crucial Role of Culture podcast episode.

Key Highlights: 

  • The Impact of Managers on Company Culture
  • Collaborative Partnership: HR and Compliance Driving Reporting
  • The Role of Managers in Shaping Culture

Ready for Purpose-Driven Compliance? Diligent equips leaders with the tools to build, monitor, and maintain an open, transparent ethics and compliance culture. For more information and to book a demo, visit Diligent.com.

 Join us tomorrow, where we consider how to monitor culture going forward.

Categories
Data Driven Compliance

Data Driven Compliance: Heidi Hunter on Leveraging AI and Data-Driven Solutions for Risk Management in The Financial Industry

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, which is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs. Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers and acquisitions.

In this podcast episode, Tom Fox and Heidi Hunter, Chief Product Officer – GBG Americas, explore the intersection of compliance, risk analysis, fraud detection, and cybersecurity. They discuss the importance of identity verification solutions in meeting regulatory requirements and mitigating fraud during customer onboarding. The conversation also delves into the challenges and opportunities of AI in compliance, emphasizing the need for transparency and documentation. AI’s role in risk analysis and fraud detection is examined, highlighting the need for human reasoning and oversight to overcome AI’s limitations. The importance of understanding and mitigating cybersecurity risks is emphasized, with a discussion on red-team and blue-team exercises. Overall, the episode provides insights into maintaining compliance, mitigating risks, and addressing threats in the financial industry.

·      Identity verification solutions

·      Challenges and Opportunities of AI in Compliance

·      The Role of AI in Risk Analysis

·      AI and Fraud Detection

·      The Importance of Understanding and Mitigating Cybersecurity Risks

Resources:

Heidi Hunter on LinkedIn

GBG

 

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Data Driven Compliance

Data Driven Compliance: Igor Volovich – Compliance Therapy

Are you struggling to keep up with the ever-changing compliance programs in your business? Look no further than the award-winning Data Driven Compliance podcast, hosted by Tom Fox, is a podcast featuring an in-depth conversation around the uses of data and data analytics in compliance programs.

Tom welcomes Igor Volovich, the Compliance Therapy doctor from Qmulos, to discuss how to bridge gaps between compliance, security, and risk management. Volovich emphasizes the need for education and evangelism to unlock the value that compliance could offer businesses. He introduces their compliance therapy branding and highlights the importance of evidence-based compliance management through automation to improve trustworthiness. As we move towards real-time risk governance, automation is key for continuous attestation. Compliance processes have been highly manual and outdated, but regulatory bodies recognize the importance of automation in managing risks.

In the podcast, Tom dives into the need for convergence in compliance and discussing risk in real-time and translating technical terms into risk frameworks. If you’re interested in the convergence of compliance, security, and risk, check out Qmulos’ published guide and resources on their website and social media profiles. Don’t miss out on the chance to learn from the experts and continue the conversation with Igor Volovich and Tom Fox. Listen today! 

Key Highlights

·      Introduction of Compliance Therapy Expert

·      Objective Compliance Management: From Opinion to Evidence

·      Importance of trust and governance in data

·      Revolutionizing Compliance Processes with Automation

·      Effective Risk Management for Businesses 

KEY QUOTES

“Most of the folks have these really weird misconceptions about what compliance is We need to reframe the mindset to rejoin the conjoined twins of compliance and security and risk and get them back together.”

“How do we evolve from this opinion-based compliance management, to objective evidence based compliance management. That’s the question that we asked. It’s more robust. It’s more trustworthy. it’s more real. Right? We’re moving from fiction to fact.”

“Within the sphere of influence that we actually do have, how much control can you exert? How much control can you demonstrate reliably, incredibly? To me, that’s the metric. How much can you prove about what you know? Is it belief or is it true? That’s the thing that we try to focus on.”

“The ultimate answer is, of course, automation, you can’t throw more people at the problem.”

Resources:

Igor Volovich on LinkedIn 

Qmulos

 Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: May 16, 2023-the AI and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

Stories Include

  • Using AI to manage risk. (InsideBigData)
  • How will AI change the workplace. (WSJ)
  • Using AI to manage regulatory risk frameworks. (PYMNTS)
  • Will AI help compliance? (Forbes)
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Questionnaire

The next step in the five-step process is the questionnaire. The term ‘questionnaire’ is mentioned several times in the 2020 FCPA Resource Guide. It is generally recognized as one of the tools that a company should complete in its investigation to understand better with whom it is doing business. The questionnaire should be mandatory for any third party that desires to work with your company as it mandates the proposed business partner commit to the required information in writing before beginning the due diligence process. Remember, if a third party does not want to fill out the questionnaire or will not fill it out completely, you should not walk but run away from doing business with such a party.

One of the key requirements of any successful compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter, as small businesses can face significant risks and will need more extensive procedures than other businesses facing limited threats. The level of risk that companies face will also vary with the type and nature of the third parties with which they may have business relationships. For example, a company that appropriately assesses that there is no risk of bribery on the part of one group of its third parties will require nothing in the way of procedures to prevent corruption in the context of those relationships. By the same token, the bribery risks associated with reliance on a third-party agent representing a company in negotiations with foreign government officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks.
The questionnaire fills several vital roles in your overall management of third parties. It provides key information you need to know about who you are doing business with and whether they can fulfill your commercial needs. Just as important is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, U.K. Bribery Act, or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Three key takeaways:

  1. You must have enough information to fully identify the owners, UBOs, and related parties to determine if there is foreign official involvement.
  2. All commentary on best practices compliance programs requires questionnaires.
  3. If a third party refuses to fully respond to your questionnaire, run and don’t walk away from the proposed relationship.