Innovation in Compliance with Tom Fox

In this episode, Tom welcomes back Travis Howerton and they explore the importance of NIST 800-53 Rev. 5, the latest version of the National Institute of Standards and Technology's security guidance for organizations. With new controls to address privacy and a heightened focus on supply chain and third-party risk, this version of the NIST standard is essential for organizations to access government contracts and revenue and is increasingly important to protect organizations from cyberattacks. Automation is also becoming increasingly necessary to help organizations meet these standards, highlighting the need for continuous improvement of security measures. This episode goes in-depth on NIST 853 Rev Five, making it a must-listen for organizations looking to stay secure and compliant.The US government is increasingly turning to automation and AI to meet its security and compliance standards. With the transition of FedRAMP from guidance to law, companies are now required to use it and meet certain cybersecurity standards to do business with the US government. NIST 800-53 Rev. 5 addresses regulatory change around privacy with GDPR and other things and includes new control families and changes to existing ones.As the government continues to revise its standards, the need for automation is becoming increasingly important. The National Institute of Standards and Technology (NIST), a standards body within the federal government, is working with the Open Security Controls Assessment language (OSCAL) team to develop standards. NIST has interacted closely with the OSCAL team, creating an open-source repo on GitHub and building communities of interest. Additionally, NIST works with other government agencies, tool providers, and industry to develop standards.FedRAMP provides clarity of goal for vendors and customers but is expensive and time consuming to achieve. Cybersecurity is no longer a cost center, but a requirement to do business with the US government. The Department of Defense requires companies to meet certain cybersecurity standards to do business with them. Other agencies are taking similar stances in regard to cybersecurity. Companies are now required to have a compliance program to do business with them. Cybersecurity is now seen as one of the top risks to businesses, causing legal risk, revenue loss, and embarrassment.Key Highlights·      NIST 800-53 Rev. Five·      NIST and FedRAMP·      Cybersecurity Requirements·      Cybersecurity Regulations·      Continuous Improvement of Standards Resources Travis Howerton on LinkedInRegScaleTom FoxInstagramFacebookYouTubeTwitterLinkedIn

Is messaging compliance giving your compliance function headaches. Welcome to a special 5 part podcast post series messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series I have visited with Chip Jones Executive Vice President, Compliance and Business Development at Global Relay;  Alex Viall, Director, Regulatory Intelligence at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennie Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager in Business Development for the Global Relay App. We have considered the the US and UK regulartory framework for messaging apps, consider if business innovation being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app. In our concluding Part 5, I visit with Raewyn Danvers, Sales Manager in Business Development for the Global Relay App on how to stay ahead of regulations. In this fifth episode in a 5-part series, host Tom Fox and guest Raewyn Danvers discuss how compliance professional can stay ahead of regulatory compliance technology trends. In their conversation, Raewyn highlights the growing significance of mobile messaging in compliance, especially with millennials and Gen Z entering the workforce. They also discuss the pros and cons of using corporate devices versus bring your own device (BYOD) policies in the workplace, before introducing Global Relay as a solution for managing and archiving communication data in a compliant manner. As a long-term partner in compliance, Global Relay offers dedicated onboarding specialists and account representatives to ensure customers stay on top of the latest technology trends. Interested in learning more? Check out Global Relay's website for a demo today! Key Highlights·      Trends in Mobile Messaging Compliance Technology·      Adapting to Technology for Workforce Retention·      Corporate Devices v. BYOD·      Global Relay's Technology Integration and Data ManagementFor more information go to Global Relay.

Is messaging compliance giving your compliance function headaches. Welcome to a special 5 part podcast post series messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series I will visit with Chip Jones Executive Vice President, Compliance and Business Development at Global Relay;  Alex Viall, Director, Regulatory Intelligence at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennie Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager in Business Development for the Global Relay App. Over this series, we will consider the the US and UK regulartory framework for messaging apps, consider if business innovation being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app. In this Part 4, I visit with Jennie Clark on the recently released Global Relay Report: Compliant Communications in 2023. In this fourth episode in a 5-part series, host Tom Fox has a fascinating interview with Jennie Clark, Head of Content at Global Relay. They discuss the recently released report on compliant communication and fines faced by companies. Discover how they gathered information from customers and industry experts to contextualize these findings. Find out why 59% of respondents from regulated industries, particularly financial services, have banned apps such as WhatsApp and WeChat. Explore the more creative solutions discussed in the report, including the idea of corporate-issued devices rather than BYOD. Gain insights into communication compliance challenges and how education and training around compliance culture can help employees understand the consequences of non-compliance. Don't miss out on this insightful conversation on Global Relay Industry Insights Report.Key Highlights·      Global Relay's "Compliance Communications 2023" Report·      Regulating Communication Channels in Businesses·      Communication Compliance Challenges and Business OpportunitiesFor more information go to Global Relay.To obtain a copy of the Insights Report, Compliance Communications 2023, click here.Join us in our concluding episode where we discuss Compliant Communications in One App

Is messaging compliance giving your compliance function headaches. Welcome to a special 5 part podcast post series messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series I will visit with Chip Jones Executive Vice President, Compliance and Business Development at Global Relay; Alex Viall, Director, Regulatory Intelligence at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennie Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager in Business Development for the Global Relay App. Over this series, we will consider the the US and UK regulartory framework for messaging apps, consider if business innovation being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app. In this Part 3, I visit with Rob Mason on the current and upcoming UK regulatory landscape.In this third episode in a 5-part series, Tom Rob Mason, Director of Regulatory Intelligence at Global Relay. In this episode, Rob shares his experience, having worked with Lloyds Banking Group, UBS and the UK's conduct regulator. The podcast delves into current UK regulatory priorities, data protection issues, and the importance of operational risk management, compliance and surveillance in the banking industry. Hear Rob's insights on the evolution of the remit of the FCA, the role of monitoring communication effectively without breaching data privacy, Brexit and data protection issues, and the need for closer monitoring to avoid scandals. If you want to learn from industry experts and how to manage risk and compliance, tune in to UK Regulatory Landscape.Key Highlights Latest UK Regulatory Priorities Comparison of FCA and SEC Regulations Data Protection and Operational Resilience in the UK Impace of the Merger of Credit Suisse and UBS Closing Remarks and Website Invitation For more information go to Global Relay.Join us in our next episode where we look at the Global Relay Report: Compliant Communications in 2023.

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series I will visit with Chip Jones Executive Vice President, Compliance and Business Development at Global Relay;  Alex Viall, Director, Regulatory Intelligence at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennie Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager in Business Development for the Global Relay App. Over this series, we will consider the the US and UK regulartory framework for messaging apps, consider if business innovation being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app. In this Part 2, I visit with Alex Viall to explore the interestion of regulation and innovation. In this second episode in a 5-part series, Tom visits with UK regulatory compliance expert, Alex Viall, in this thought-provoking podcast as they discuss the dynamics between business innovation and regulatory compliance. Discover how the evolution of technology is causing a generational shift in communication and how this impacts businesses in the industry. Hear about the importance of capturing conversations and messages for law enforcement purposes and the need for policies and procedures to manage risks effectively. Don't miss the expert insights on practical solutions, training, and monitoring policies to stay compliant. Tune in now and learn why banning communication isn't the answer, and how a proactive attitude can lead to better risk management and regulatory compliance.Key Highlights·      Balancing Innovation and Compliance in Messaging·      Challenges of Ephemeral Messaging in Business·      Communications Compliance and Training for Business Conversations·      Overcoming Ineffectiveness of Communication BansFor more information go to Global Relay.Join us in our next episode where we look at the current UK regulatory landscape for messaging apps.  

Steve Horvath, a Telos cybersecurity leader with nearly 20 years building risk and compliance solutions, joins to discuss supply chain cyber risk. He covers Xacta’s evolution into an enterprise risk platform. They talk NIST frameworks, software bills of materials, attack surface management, and the need for board-level cyber education.

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series I will visit with Chip Jones Executive Vice President, Compliance and Business Development at Global Relay;  Alex Viall, Director, Regulatory Intelligence at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennie Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager in Business Development for the Global Relay App. Over this series, we will consider the the US and UK regulartory framework for messaging apps, consider if business innovation being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app. In this Part 1, I visit with Chip Jones on the current US regulatory landscape for messaging apps. In this first episode in a 5-part series, Tom visits with  Chip Jones, Executive VP of Compliance and Business Development at Global Relay. They discuss the challenges of maintaining communication compliance in various industries, with a focus on off-channel communications, particularly in the financial services industry. Chip shares insights on the recent collective settlement issued by the SEC, which sends a clear message to firms about the importance of adhering to internal policies on communication retention and supervision. Learn about how Global Relay is helping firms monitor their communications to detect fraudulent activities and avoid compliance issues. Don't miss this informative podcast, which ends with a teaser for the next episode on the impact of regulatory action on business innovation. Key Highlights·      The Challenges of Regulatory Compliance in the US·      SEC enforcement actions on communication violations·      Monitoring Electronic Communications in Financial Services·      Off-channel Communications ConsequencesFor more information go to Global Relay.Join us in our next episode where we ask the question: Is business innovation being stifled by regulatory action? 

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this concluding Part 5, we consider the role of the Board of Directors in a compliance program with David Greenberg.In this episode, Greenberg discusses the board’s legal obligations, emphasizing their duty to exercise reasonable oversight over potential misconduct and failures of compliance with law and policy. The podcast also delves into the importance of integrating compliance programs into a company’s overall strategy and developing strong relationships with senior management, such as the chief legal officer or chief compliance officer. Listeners will learn the importance of finding the right committee to oversee compliance obligations and utilizing outside experts for insight and guidance. This conversation is essential for board members and executives who want to ensure accountability, initiate change, and drive organizational success. Don’t miss out on this informative and engaging episode of “The Role of the Board” episode.Key Highlights: Legal obligations and oversight for corporate boards Importance of integrating compliance into the company culture Board Oversight and Relationship Building with CCO The Significance of Outside Perspectives for Boards Notable Quotes:“There is a strong obligation on boards to exercise reasonable oversight over all potential misconduct and failures of compliance law and policy should a reasonable board has known and taken steps…should that body have known and should it have done more than it did.”“Boards principally should be asking tough questions and following up on those questions.”“Anything that is not integrated into the real levers and machinery of the business will not be successful.”“That chief compliance officer who knows the head of the audit committee or compliance committee or governance committee is much more able and comfortable picking up the phone and saying to the chair, Houston, we’ve got a problem.”For more information go to Diligent.com

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 4, we discuss how to put together a training program for third parties with Andrew Rincon.Join Tom Fox in an exciting episode about building a stronger culture of compliance through targeted and effective training as he interviews Andrew Rincón. Discover how the compliance industry has evolved and how technology has significantly improved compliance programs. Find out how efficient compliance processes create goodwill for compliance professionals and make them true partners of the business with the help of technology and reliable due diligence partners. Andrew Rincón shares Diligent’s screening and monitoring options for third-party suppliers and the customized anti-bribery and anti-corruption training, available in multiple languages, also perfect for bite-sized, animated micro-learnings. Tune in to learn how to educate distributors and internal gatekeepers on compliance and useful resources for compliance professionals, only on a training program for 3rd parties.Highlights Include: The Role of Compliance with Distributors Efficient Due Diligence for Distributors Diligent’s Anti-Bribery and Sanctions Screening Solutions Compliance Training & Internal Controls for Distributors NOTABLE QUOTES:“And commission sales agents are certainly recognized as, if not the highest, a high risk, under the FCPA and other compliance regimes.”“One area the thinking has evolved on, and it sounds like your career and my career, is that due diligence alone is insufficient.”“So being as efficient as a process. And nowadays, everything moves at the speed of light.”“But nowadays, with the amount of information that gets published every single day throughout the world, where there’s so much content out there.”For more information, go to Diligent.comJoin us tomorrow as we conclude our series with a look at the role of the Board of Directors in a compliance program.

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 3, we consider the always challenging topic of defining training effectiveness with Jessica Czeczuga.In this episode, Tom sits down with Kevin McCoy, a customer success manager at Diligent, to talk about the importance of targeted training in compliance. They dive into the importance of engaging employees through microlearning and Diligent’s unique use of cartoon-animated videos to make the content accessible to different audiences. They also discuss the significance of translating the training into different languages and tailoring it to specific risk areas for different teams. The podcast emphasizes that training leadership and the board in compliance is crucial, and they touch on risk-based training for individuals with a significant impact on the company’s financials. This episode is a must-listen if you want to discover the best strategies for planning and analyzing training to achieve desired outcomes and where to find more information about Diligent training solutions. Join them for the next episode on training effectiveness and improving compliance today.Key Highlights: Targeted Training in Compliance & Ethics Effective and Targeted Training Translation Training and Leadership in High-Risk Industries Effective Training Planning and Execution Notable Quotes“It’s very important then to have your content translated into different languages.”“There’s a lot of progress has been made over the years with machine translation and also AI is getting very popular, but we still use human-based translators.”“But within the board or within leadership within the company, he was almost untouchable. It was like he built up fear in the organization, and people were actually afraid to ask questions.”“The really important thing is to have versatile different types of training.”For more information, go to Diligent.com.Join us in our next episode, where we define the effectiveness of compliance training.