Innovation in Compliance with Tom Fox

Andy Rudin is the Managing Principal of Contrary Domino, a management consulting company that improves financial performance by optimizing internal operations. Tom Fox welcomes him to this week’s show to talk about revenue risk management and revenue governance, and what they mean for the sales officers within organizations.  Contrary DominoRisk management is not often factored in the sales and marketing funnels of organizations. Andy founded Contrary Domino to answer this need. The percentage and likelihood of revenue opportunities closing or coming to fruition aren't often thought of as risk management problems. "I saw that opportunity and wanted to bring more process rigor to that, more mathematical rigor and bring the risk management principles into the realm of revenue generation," he tells Tom. Contrary Domino's client base is mainly information technology firms with sales forces of ten or more. "Helping organizations establish that culture and then establish processes and mechanisms to prevent ethical problems from occurring or at least minimizing their likelihood is central to what I do," Andy says. Revenue Risk ManagementTom asks Andy to define revenue risk management. "Revenue risk management is taking the fundamental risk framework that you might find in any other discipline and bringing the same principles into risk management," he explains. It entails going through risk identification, risk polarization, and other activities where you're considering various outcomes. "You're looking at your worst case, your best case, and then you're most likely case, and then running through your scenarios iteratively and then determining what are we most likely to achieve," Andy remarks. Revenue Governance"The involvement and oversight of revenue generation activities by others in a cross-functional, a cross-departmental way in an organization," is Andy's definition for revenue governance. In the past, companies left the revenue engine in the sole hands of the sales department. Presently, revenue operations have been spread out to where even customer support can be responsible for it. The governance aspect relates to all entities in the organization having visibility into the activities of the sales department, and what they are doing. "Coupled with that is the opportunity to take action if something is not compatible with corporate strategy or if certain processes or activities that are occurring in generating revenue bring risk into the organization," Andy adds. The Future of Revenue Risk ManagementTom asks Andy to shed some light on what role revenue risk management will play in the coming decade. Risk management in the realm of sales is going to become more dominant. Even though most organizations haven't put the formal risk management rigor to their sales department, they are thinking along those lines. There will also be a greater role for financial planning in the sales operations as more businesses become integrated. ResourcesAndy Rudin | LinkedIn | Twitter Contrary Domino

Evgeny Likhoded is the founder and CEO of ClauseMatch, a company that provides financial institutions with a modern AI-based compliance platform to transform their regulatory change management process. Tom Fox welcomes him to this week’s show to talk about ClauseMatch, how it helps its clients, and the evolution of compliance.  Digital Transformation: The Core of ClauseMatchBringing digital transformation to governance risk and compliance is at the core of the ClauseMatch platform. What ClauseMatch has built is a way for companies to collaborate in real-time on content, specifically content that needs strict and strong governance processes. "Primarily our platform is used for managing policies and procedures in a way that enables companies to track every single change every time the policy changes," Evgeny tells Tom. Ultimately it helps clients show their regulators that they have interpreted and incorporated the rules into their own internal governance frameworks, and have communicated that to their employees. The Evolution of ComplianceEvgeny cautions that it's not enough to have a compliance manual just sitting around. Compliance regulations and objectives need to be distributed and have engagement with the entire organization. A large part of ClauseMatch's roadmap is driven by customer challenges, and how they might be addressed and another part is driven by the market. "There are a lot of things that we see on the market that will drive the adoption of compliance solutions," Evgeny says. Regulated firms won't be the only ones affected by the changes happening in the market. "Privacy regulations aren't just for regulated firms," he adds. Every firm that is holding some form of data for its clients and customers is subject to these regulations. This, along with a greater emphasis on ESG are two prime examples on how compliance has evolved for companies. Smart and Connected ComplianceTom asks Evgeny to define smart and connected compliance. Connected compliance is the ability to understand and connect compliance content that comes from many different sources. This means the obligations, procedures, and policies that come from various regulators. "We need to rewrite the policies and procedures we need to make sure that their controls are still compliant with the regulations and obligations, and if they're not connected you can never estimate the full impact of that," Evgeny explains. Smart compliance is where individuals can start using machine learning and natural language to understand these connecting links across the organization. Looking AheadTom asks Evgeny what key trends will shape compliance technology in the future. Evgeny explains that the need for compliance technology will only increase during 2022 and onward. New regulations will be introduced for cryptocurrency activities and assets, as well as various regulatory frameworks with ESG. Cybersecurity will have a lot more scrutiny from regulators and governments as well. ResourcesEvgeny Likhoded | LinkedIn | Twitter ClauseMatch

Mac Bartine is the CEO of SmartRIA, a market-leading compliance software platform. Tom Fox welcomes him to this week’s show to talk about his company's services and contributions to the compliance sector, what SmartRIA offers clients in terms of cybersecurity, and the future of technology solutions.  The Minimum Viable ProductThe Minimum Viable Product (MVP) is the first part of the startup process for platforms. It is recognizing the problems within your platforms and also believing that you can solve them. Mac explains to Tom that the problem SmartRIA solution identified in terms of the MVP is the compliance obligations. So many individuals are not experienced in managing compliance in their given industries, and so need a source of structure that understands where they are. SmartRIA offers them that, as well as the tools and frameworks needed. Vendor Due Diligence & Data GovernanceVendor due diligence and vendor management are key to managing cybersecurity risk. "You have to understand who you're working with and what precautions they're taking as a business to protect you from cyber risk," Mac tells Tom. Having access to the proper documentation that reflects this is also important. SmartRIA has a plethora of different policies and procedures to protect clients' data and takes the lists of vendors their clients have and itemizes each risk. Data governance falls under the same bracket as due diligence, that is, who has access to the vendors and what devices they use to access the data from those vendors.SmartRIA as an SEC SolutionThe solutions that you use for compliance obligations have to be done in a way that documents everything as it happens. "If it isn't documented, it didn't happen," Mac says. Internal auditors aren't in the position of giving the benefit of the doubt because they have no evidence of due diligence. SmartRIA has the tools to help its clients through this by way of PDF files, workflows, and documents. To The FutureTom asks Mac what the future will be like for technology solutions. Regulations in every industry are going to increase. "Across every industry, there is an increasing need for cybersecurity-related evidence, and tracking of what's happening in that space," Mac says. Data governance and vendor due diligence are big parts of that, but compliance management is going to also become more important.ResourcesMac Bartine | LinkedIn | Twitter SmartRIA

Dan Zitting, previously Chief Product Officer, now holds the title of CEO at Galvanize, a software company that helps its clients achieve their goals and objectives. He is also now the Chief Product Officer of Diligence. Tom Fox welcomes him back to this week’s show to take a look back at the GRC professional's role in corporate ESG and risk management. GRC On The FrontlineA company's defenses have to be in the remit of their GRC professional, not left up to the CSO. Dan remarks that while there is engagement by GRC professionals in minimizing company cyber risk, more needs to be done. GRC professionals have to ask themselves if they are managing cyber risk in ways that are helpful to the company's CSOs, by providing tools and resources to support them. "There's still work to be done in making sure that everything we're doing from a policy, controls, and compliance standpoint is actually adding value for the CSO and helping them deploy their programs, as opposed to just feeling like they're being checked on by the police to see if they're doing it right," Dan tells Tom. ESG and InvestmentInvestor dollars are fueling the growth and expansion of ESG and aren't only coming from investment funds anymore. Private equity firms and banks are getting involved. If someone wants to borrow money, insurance companies assess ESG risk as part of their overall risk management strategy. "If companies want to access capital, they need to have an ESG program in place," Tom remarks.A Role To PlayThe best way, Dan suggests, to get GRC professionals to understand the ownership roles they have to play in ESG, is by creating a center of excellence for ESG. By creating this center, and making ESG a business objective, you can then split the responsibilities across the organization. "Splitting the responsibilities across those different lines of defense for those different functions in a way where somebody…can get a combined view of how effective we think we are from an ESG standpoint, should be the goal," Dan adds. The Importance of Real-Time ReportingReal-time reporting is the G in ESG. Being able to give an accurate picture of risk to a company's board is intrinsic to ESG, and is vital to acting on those risks efficiently. "Risk professionals too often are asking 'Why don't I have real-time information,' instead of actually being the one out creating it and bringing in the technical skill necessary to be able to analyze data fast enough to get real-time insight," Dan expresses. Governance in the present and future needs to move at a pace faster than it has in the past, in order to report on risks. Being able to point out to the board when governance is failing, so that measures can be implemented, is also extremely important. ResourcesDan Zitting | LinkedIn | Twitter GalvanizeDiligence

In this episode of Taxman, Tom Fox and Tracy Howell conclude the special series by discussing a topic that has yet to be explored by most: tax and ESG. How Tax and ESG IntersectTracy tells Tom, “There are external forces pulling tax into the ‘S’ and ‘G’ of ESG.” In the social sector, different jurisdictions have different tax rates and laws, and as companies begin to operate in a tax-efficient manner, their activities will gravitate towards lower tax regimes. Tracy adds, “You’ve got forces trying to push the concept of ‘fair share’ rather than compliance with tax laws of different jurisdictions.” Governance-wise, it’s becoming more common for companies to be required to talk about their compliance tax audits. The Role of Tax in a CompanyWith the growing pressures on ESG transparency, there’s a push to standardize reporting and scorecarding of companies based on their tax transparency. This would include things like the reporting of an organization’s effective tax rate. Tax and ESG in Multinational Organizations Institutional investors play a major role in impacting the activities of a multinational company. When making investment decisions, these entities heavily incorporate ESG scorecards with tax transparency, further emphasizing the need for a relationship between the two sectors. ResourcesTom Fox’s EmailTracy Howell | Email | LinkedIn

As the Taxman five-part series nears the end, Tom Fox and Tracy Howell tackle an important topic that has become more prominent over the years: tax and supply chain. How Tax Can Help Supply ChainSupply chain in a traditional sense focuses on the acquisition of goods, in particular the quality, cost, and delivery. There can be a substantial tax component in each of those steps to help companies attain goods at the lowest possible cost. Consequently, if supply chain does not have a relationship with tax, it can result in additional surprise costs being attached to goods. Data beyond the cost of goods, material, and service can be used to model and predict the additional tax burden so that better procurement decisions can be made. Mitigating the Risk of Mission Creep Establishing a connection between tax and supply chain in an organization is good, but the relationship needs to be kept fresh for a positive impact. In a company, people may be focused on so many different things that they forget to interact. Creative people tend to expand their roles and look for goods and services in different locations, which can be the cause of a mission creep. Hence, having constant close interaction between supply chain and tax allows for changes in functionality to be documented and implemented into the organizational framework.Elements of a Tax-Efficient Supply ChainTom and Tracy discuss the elements of a tax-efficient supply chain. This includes: Examination of the entire scope of what’s being manufactured and sold to allow the creation of tax opportunities to bring value-based on special purpose entities.  Coordination of transactions in a supply chain with transfer pricing.  Compliance with tax laws and regulations.  Documentation of the process.  ResourcesTom Fox’s EmailTracy Howell | Email | LinkedIn 

In episode 3 of the Taxman series, Tom Fox and Tracy Howell strive to answer the question: 'Why should tax have a seat at the table?’Tax and the TableThe table refers to the front end of when an organization is trying to define what it wants to do, where it wants to do it, and how it’s going to perform. A corporation’s ultimate objective is to generate net income or distributable profit, something tax professionals are well-suited to assist with because they are experts in damage control and risk mitigation. Tracy points out, “Tax can provide an umbrella to achieve corporate objectives if they’re involved in the front end.”Tax’s Relationship with Other Stakeholders In a company, a functional lead will often pose the question: ‘Why do we need tax here?’ According to Tracy, “A good tax guy has to be proactive and provide examples to get the tax men at the table.”Educating Corporate Functions Outside of Tax Tracy’s advice is to build a relationship with the functional experts, and “create the situation where you’re a trusted business advisor”. He recommends one-on-one interactions above all. However, it is important to remember that in a global organization, the outcome may not always be successful. For this approach to yield positive results, he comments, “there has to be some buy-in, compliance, and a willingness to talk tax.”ResourcesTom Fox’s EmailTracy Howell | Email | LinkedIn

Tom Fox and Tracy Howell continue their exploration of the intersection between compliance and tax in episode 2, where they touch on the practice of transfer pricing. The Concept of Transfer PricingTransfer pricing encompasses the methodologies required by tax code to price transactions between affiliated companies. Devising an arm's length rate for comparable transactions between comparable entities is more art than science. As far as compliance is involved, Tracy believes that, “If you’re a compliance officer that can say anything more than just the words, ‘transfer pricing,’ then you are, indeed, an FOT (friend of tax).” Parties Involved in Transfer PricingGovernments (taxing jurisdictions) tend to be involved with different regimes for selling and buying. Third party organizations that are involved currently only consist of the OECD (Organization for Economic Cooperation and Development), who push standard transfer pricing laws and regulations throughout the world. The objective of the governments is to get their fair share, and they do so by trying to obtain the maximum multi-jurisdictional transaction profit. Consequently, the OECD attempts to provide guidance on what constitutes a fair share. “What’s fair is just somebody’s opinion,” Tracy tells Tom.Developing a Transfer Pricing Strategy As a multinational corporation, it is crucial to set transfer pricing policies and business practices at the beginning. This involves identifying the appropriate methodology that will be used to price the transactions between affiliates. Documenting this process of analysis and conclusion helps to adopt a suitable transfer pricing methodology. In summary: perform analysis, document analysis, then adopt the findings in future transactions. Tracy poses the question, “How often have you seen a company that’s got the policies and procedures, but somebody’s not following them?” Claiming to have global policies for all multinational intercompany transactions, and then failing to follow them leads to an extreme loss of credibility - this is why it is important to comply with local documentary requirements, “You’ve got to follow the laws, even if they’re a little bit different.” ResourcesTom Fox’s EmailTracy Howell | Email | LinkedIn 

Tom Fox is back again for a special new five-part series called Taxman. Tracy Howell, Tom’s colleague and tax expert extraordinaire, joins in to discuss the intersection between compliance and tax. Why Should Compliance and Tax Interact? All organizations have an enterprise risk management (ERM) system. One risk common to multinational companies especially is corporate tax risk; and yet, it tends to remain under the radar. While tax professionals are usually very good at identifying and mitigating tax risk, if there is no close interaction between compliance and tax professionals, the risks are elevated. Sophistication in Taxing Jurisdictions Most jurisdictions have a tax code, but street rules tend to also be in play. “You have to establish very early on that you don’t pay bribes,” Tracy advises. The results of following the law are more expensive, but it pales in comparison to the cost of putting your company at risk. ResourcesTom Fox’s EmailTracy Howell | Email | LinkedIn

Tom Fox welcomes Brad Hibbert on this episode of the Innovation in Compliance Podcast. Brad is the Chief Strategy Officer of Prevalent, Inc. He joins Tom to talk about how Prevalent helps companies manage third-party risk, the importance of risk management, and what the future for risk management in the compliance world may look like. Managing Third-Party RiskTom asks Brad to explain how Prevalent helps companies manage third-party risks. "We have a SaaS platform that helps organizations identify those risks, report against those risks, and then provide remediation capabilities to reduce those risks at every stage of the vendor lifecycle," Brad tells Tom. Risk management is no longer about just doing reactive reporting on an annual basis. Risk has to be proactively monitored, identified, and reduced on a day-to-day basis, and especially when companies are having day-to-day conversations with their third parties during contract execution. Prevalent enables its risk management platform by having different team members interact with the third parties to collaborate and reduce the risks at every stage of the vendor life cycle. A Must HaveThird-party risk management is a must-have right now, and will continue to be in the future. "What organizations are realizing is they have to move beyond the compliance check box and actually reduce the risk associated with these third parties," Brad remarks. Compliance is one of the drivers of this, but another main factor is the pandemic. COVID has changed the way companies and businesses operate, and has also exposed their weaknesses. With the shift to the hybrid work environment, and the increase of work from home, companies have had rapidly onboard third-party risks due to the use of online platforms. The risk of cyber-attacks and information being leaked is high, so being able to manage and protect companies from that is paramount. The Contract Essentials SaaS SolutionTom asks Brad to explain the contract essentials SaaS solution. The SaaS solution allows the company to onboard or add existing contracts. Prevalent's platform has very strong workflow and collaboration capabilities that focus on vendor risk, which is also good for profiling current contracts to see where the risk lies. Companies can use the SaaS solution to upload their contracts, or any related documentation surrounding it to a secured file, and it allows them to collaborate with third parties outside of the corporate network.The Future of Third-Party Risk ManagementBrad predicts a convergence of third-party risk management and the broader third party. "We're going to continue to focus on building solutions that are easy to use that enable data sharing between the different groups that promote efficiency, collaboration, and then risk reduction," he says. Organizations can no longer simply rely on assessments, instead must have continuous insights play major roles at all levels of the vendor life cycle. Monitoring the financial risk, the business risk, and the cyber risk proactively to create appropriate measures is something that will continue as well. ResourcesBrad Hibbert | LinkedIn | TwitterPrevalent, Inc.