Innovation in Compliance with Tom Fox

Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing questions in compliance is to demonstrate the Return on Investment (ROI) in your compliance program, by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 4, we consider finance and investment models for the corporate compliance function.Some of the highlights of this episode include: ·      How does the Black Swan model of risk relate to the corporate compliance function? ·      When is a possible event simply a risk and when is it a Black Swan event?·      Why is business continuity so critical?·      What are Private Equity and Venture Capital models of funding and how to they relate to the corporate compliance function? ·      How to think about the payout of an investment in compliance.ResourcesGio Gallo on LinkedInNick Gallo on LinkedInComplianceLine

Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing questions in compliance is to demonstrate the Return on Investment (ROI) in your compliance program, by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program.Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 3, we consider how a CFO and finance department might see ESG investments differently than a CCO and compliance professional.Some of the highlights of this episode include: A CFO and finance function will more likely see ESG in relations to capital markets, bank financing, index funds and even insurance costs. How can a CCO speak this language about not only the compliance program but in leading the company’s ESG efforts? How to package your data, documentation and reports regarding ESG to appeal to a CFO. Seek input on what investors are looking from your ESG program. ResourcesGio Gallo on LinkedInNick Gallo on LinkedInComplianceLine

Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing questions in compliance is to demonstrate the Return on Investment (ROI) in your compliance program, by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program.Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 2, we consider how compliance can be seen as extending the value of compliance across your entire organization.Some of the highlights of this episode include: How might a finance professional view things differently from a compliance professional? Just as CCOs plan for integrated risk across an organization, CFOs do the same for financial return. How should a compliance professional look differently at their work, through a finance lens? Why is rice on the chess board so apt? What is the compliance professional missing about compound interest? ResourcesGio Gallo on LinkedInNick Gallo on LinkedInComplianceLine

Tom Fox read about Jeff Grant’s work in The New Yorker and was intrigued, so he invited him on this week’s show. Tom describes Jeff’s work as “an unusual professional passion”. Listeners will be inspired by Jeff’s story: what led to his arrest and prison sentence, his redemption, and how he now helps others recover.“I Was the Problem”Becoming a lawyer was the perfect fit for Jeff’s skill set and attitude, he tells Tom, but it was “very bad for me in terms of bipolar disorder and my alcohol and drug abuse.” He describes his descent into white collar crime, his subsequent arrest and resignation from his law practice. A suicide attempt, intervention, and a stint in rehab all contributed to his ‘aha moment’ and the road to recovery. “I was the one who had been doing things wrong, and I didn't really realize that the whole time,” he recalls. “...that was the turning point that I realized that I was the problem.”Progressive Prison MinistriesTom asks Jeff what led him to found Progressive Prison Ministries. Going to prison sober was the catalyst, Jeff replies. He stayed sober throughout his sentence, and on his release, he started to volunteer at criminal justice and drug and alcohol nonprofits. He also went to seminary and became an ordained minister. “I just wanted to help people who were in the same situation we were in,” he tells listeners. He had to go it alone, but he wanted others like him to have someone to turn to for support.12-Step ApproachJeff’s approach to helping white-collar offenders recover is based on the Alcoholics Anonymous 12-step program. Unlike AA meetings, however, his meetings are facilitated by leaders. The act of sponsoring someone is ministering to them, he says; your sponsor gives you a lot of advice, in a 12-step sort of way. “The spirit of the steps are there,” he tells Tom. What’s more powerful to him, however, is the fellowship. The Monday meeting is only a small part of it, he tells Tom. He explains how they match members together, and that they keep in contact throughout the week. “It's like being a cop,” he remarks, “you're on the job 24 hours a day, and being in recovery is being in recovery 24 hours a day… So this is really a 24-hour a day support network.”Supporting the FamiliesTom asks, “How does the family work into white-collar recovery?” They often have it worse than the defendant, Jeff answers, because they are usually unaware of what the defendant has been doing, and reality hits them “between the eyes with something like an arrest or the FBI showing up at the door.” He comments on the high incidence of divorce and family estrangement and laments that recovery is not advanced even in his network. However, they welcome everyone who needs them, he points out. “We want to provide a place of support and comfort for anybody who doesn't have a built-in support network or is estranged from their support networks.” Supporting Attorneys and Grant Law“I was really intrigued by some of the information on your website, one of which was that the white-collar support group can help attorneys struggling to cope with a broken justice system,” Tom comments. He asks Jeff to explain more about this. We try to help attorneys understand the humanity of white-collar offenders, Jeff responds. “We try to bring a full picture to a very complicated situation that people tend to want to paint with a very broad brush.” He is happy that more defense attorneys, prosecutors, judges, and probation officers want to learn how to integrate Jeff’s theology to be “more just and more merciful and perhaps more lenient” in their dealings with white-collar defendants. ResourcesJeff Grant on LinkedIn | TwitterGrant Law Prisonist.org

Welcome to a special five-part podcast series on how to unlock the gold in your program, hosted by Tom Fox with guests Gio and Nick Gallo from ComplianceLine. One of the ongoing questions in compliance is to demonstrate the Return on Investment (ROI) in your compliance program, by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick walk you through how demonstrate ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. Join us for the full 5 episodes and learn to see your compliance program in an entirely new light. In this Part 1, we consider how compliance can be seen as a corporate ROI multiplier by looking at the impact of compliance across your entire organization. Some of the highlights of this episode include: ·      The financial principles in unlocking the ROI of compliance. ·      Why the alignment of compliance with other disciplines in your organization is not only critical but a key to unlocking compliance gold. ·      Compliance budgeting is not simply about a cost center mentality. It requires a different type of discussion. ·      Frameworks for improving your thinking about compliance. ·      Building a complex and transparent case to OPEN the discussion about your assumptions rather than only including unobjectionable assumptionsResourcesGio Gallo on LinkedInNick Gallo on LinkedInComplianceLine

Jordan Domash returns as Tom Fox’s guest in this week’s show. Jordan is the General Manager at Relativity, a company that makes software to help users organize their data. Jordan has been leading Relativity’s communications surveillance product for the past few years and is in charge of the sale and development of the platform. This week, Jordan and Tom talk about changes in data management and cybersecurity approaches, what regulators look for and how cybersecurity will evolve in the coming years.Relativity and RegulationWith the explosion of data volumes due to an increase in communication platforms, the variety of data sources that need to be monitored has exploded as well. In regulated organizations, employees who want to engage in mischievous activity know they're being monitored, and so are consciously doing everything they can to avoid detection. However, technology has advanced so that it is now able to capture and monitor every data source that's widely used today. Relativity offers dozens of different tools that allow a compliance officer to focus on what's truly important. "At the end of the day it's about being risk based...It's about focusing on your highest risks in the organization, defining them in advance, defining the population that is susceptible to that risk, and focusing your energy on reviewing alerts that seem the highest risk within those categories," Jordan tells Tom.A Change In ApproachThe pandemic has affected how people approach data management and cybersecurity. It has also affected how Relativity Trace responded to these issues. Regulators have made it clear that the data from voice interactions need to be recorded. Relativity has seen an influx of customers and clients requesting for more data sources to capture voice data. "We need to invest a lot to keep pace with the evolution of the world's communication habits," Jordan remarks. Compliance teams are also no longer operating next to each other so a lot of the collaboration that is happening with these teams require systems to manage them. Relativity has built tools that allow compliance teams to use one main tool to manage their internal processes. "We'd like that all centralized in the system where the actual compliance monitoring is happening," Jordan adds. The Impact of COVID-19The biggest impact the pandemic has had on regulatory scrutiny is the reinforcement that obligations don't change in a remote work environment. Compliance officers still need to capture all communication vehicles. Individuals may be communicating differently, or are no longer in a controlled environment, but capturing and monitoring communication data is just as important. What's NextIn the coming years, Jordan tells Tom, businesses will be shifting away from on-site technology and moving more heavily towards cloud technologies. In compliance and compliance monitoring, there is going to be a greater focus on leveraging AI capabilities. ResourcesJordan Domash | LinkedIn Relativity

Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I have visited with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we broke down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports. Today, in our concluding episode, Part 5, I am joined by 6clicks co-founder Ant Stevens, as we look down the road for what will be next for 6clicks. Stevens said that 6clicks was founded some two and half years ago to bring an affordable, accessible and easy to use, GRC capability to lots of businesses around the world. The second related mission “was to ensure that the platform was effective in driving productivity gains for both businesses and advisors and by advisors such as lawyers, accountants, general business management consultants and business advisors. These goals were achieved through a platform built from the ground up. We thought about GRC, we identified some things that were necessary for us to have in place to compete effectively in the market.” We turned specifically to AI. Here Stevens sees the application of AI into two buckets. The first is to help businesses automate or streamline what otherwise would be a complex and time-consuming activity. The second is to identify things in data that even a professional would struggle to do effectively, without the use of some sort of technology. That is what I have called ‘finding patterns in raked leaves.’Here Stevens turned to Haley, the 6clicks AI intelligence engine. Now “Haley helps companies with two major challenges. One is to identify similarity across standards, laws, or regulations that they need to comply with. Most are still doing this using manually spreadsheets, multiple tabs and feed lookups. There is overlap across multiple jurisdictions around the world which are generally seeking to do similar things. Businesses need to think about that in a unified way. Haley’s first application is identifying similarity across standards, laws or regulations. The second challenge is to take an existing control framework within a company and quickly identify where the gaps are relative to a standard law regulation.”I asked Stevens if he could look down the road a bit and perhaps give us a teaser about what 6clicks might be developing. He said, “it is around our mission focusing on making GRC affordable and accessible for businesses. In the long-term, I think there is much to further automate processes for advisors, and we’re going to focus on that. To me that represents huge opportunity for innovation. We are going to look at tools, techniques to enable GRC professionals make all of this more of a reality.” Another initiative is what Stevens termed “a marketplace” which can be “be tailored by advisors for their clients. What we want to do is take this concept to the next level and allow individuals to seamlessly share, as part of their community, in a crowdsource context, both content and best practices that they have identified within the 6clicks platform and make that available to all the 6clicks users around the world.” Most excitingly for me Stevens added, “we want to bring that same sort of capability into the world of risk and compliance.”For more information on 6clicks, check out their website here. 

Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 4, I am joined by 6clicks Chief Technology Officer, Dr. Heather Buker and we take up producing an audit-ready report with 6clicks Pixel Perfect™. Buker is the transitional resource who takes the engineering and tech part of the 6clicks solution and puts it into a workable solution for customers. She says of herself, “you can see me, affectionately, as a translator if you will of the product and functionality and how that translates to business use cases, value propositions and things that clients really care about.” She went on to note, “functionality is only as good as the value proposition that it serves. I am here to make sure that those two things meet. I’m kind of the bridge.”The problem that the 6clicks Pixel Perfect™ helps solve is repeatability. As Buker explained, “The more we can make GRC processes repeatable, even when it comes to reporting, the easier our platform will be to use and the more widely adopted we can become. To solve for this in the reporting world, we decided to automate report generation.” I asked her for an example, and she said, “6clicks Pixel Perfect™ can take a completed PCI DSS assessment and return Section Six of the report on compliance, filled out an audit ready.” This means a template mandated by the Security Standards Council to drive this functionality and ensure the report is ready to be submitted and properly formatted when generated. All an organization has to do is complete their PCI assessment and the platform will perform our “6clicks magic on the other side and deliver the PCI form from those assessment results minus all of the hassle. We are talking hours upon hours of time savings for QSAs merchants and others on their engagements.”We concluded with some of Buker’s thoughts on how multiple stakeholders can use the information that 6clicks Pixel Perfect™ solution creates, up and down the chain in an organization, literally from the technical folks on the front lines up to the Board of Directors. She emphasized “what this functionality has to be, has to be up and down, high level, low level, right to Board members who have their monthly meeting or senior management that maybe, managing multiple projects across various lines of business. They don’t always know what they’re looking at when they look at some of these low-level risk, detailed reports or even data in general. We must make it digestible for them. We have to make it meaningful for them. We have to be able to produce reports and analytics at a really high level.”  Join us tomorrow where we conclude our series by visiting with company co-founder Ant Stevens as we explore what’s next for 6clicks.For more information on 6clicks, check out their website here. 

Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 3, I am joined Stephen Walter to discuss curating and maintaining robust GRC content.Walter said that for someone just starting out at a budding GRC program “navigating the complexities of achieving and maintaining, compliance within a number of regulations and or authorities can be quite daunting.” With all these regulatory compliance requirements, comes content needs. Curating the needed content which could be regulatory or compliance content or it could be as wide and as varied as “content assessments, audits, frameworks, best practice, risk libraries, policies, and control sets.” Providing and housing all of these can present some serious challenges. Next, overlay that content spread through different management systems like Google or SharePoint; together with mailboxes and, as Walter notes, “it really creates chaos. Next consider outdated regulations, leading to outdated risk management policies and other required internal content materials, can all equal noncompliance with the legislations.”One interesting observation was that because risk and compliance has been elevated in organizations, right up to the Board agenda, these conversations are resonating with companies. This allows smaller companies to have more robust risk and compliance functions through the use of GRC tools and advisors. Walter is seeing much less of a top-down approach where unilateral decisions are made the top. It can now be a more bottom-up approach, democratizing the approach to risk and compliance and bringing in the people that are actually in the trenches to convey their message upward in the company as well. This can make the job of a GRC professional much easier with the wide variety of stakeholders involved, there is something for everyone. A GRC tool allows for the jettisoning of outdated methods and processes so a company can innovate itself into a better system.Walter concluded with a few thoughts on the 6clicks content library, which he termed “massively rich.” It all begins with authority documents which are the standards, laws, and regulations. From there you move down to policies, which are the measures you put in place to mitigate risk or demonstrate compliance with the controls within them. Next these controls have responsibilities, such as “who does what, how often and when the control measures, which those responsibilities are maintain the effectiveness of that control.” Those are all there already inside the 6clicks content library and you can create your own.Join us tomorrow where we take up the topic of producing audit-ready reports with 6clicks Pixel Perfect™, with 6clicks Chief Technology Officer, Dr. Heather Buker.For more information on 6clicks, check out their website here.

Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning (ML) in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 2, I am joined by Andrew Robinson to discuss utilizing ML and AI into your GRC practice. For GRC professionals working internationally, Robinson said they must “maintain mappings or what you commonly call in the US ‘crosswalks of compliance’ frameworks.” He went on to explain these frameworks are “useful because it can allow a consultant to help a client understand how they might stack up against a particular standard. Robinson provided the example that if an organization is already complying with ISO 27,001, through these mappings, it might be able to give them an idea about what that level of compliance they have through the lens of a different framework or standard that may be relevant like the NIST cybersecurity framework.” This productivity increase and potential cost saving does not remove the human element. This final concept is critical in moving forward. Robinson said, “I’m of the view that humans have a very important role to play. This role is supervising the machine learning models to make sure that what they are producing and the results that they are coming out with are accurate and reliable.” If they are using spreadsheets and word documents; they should, come to terms with the fact that companies and clients no longer want spreadsheets and word documents as a deliverable. GRC professionals and consultants need to need to start using similar tools and improving the way that they service their clients. Clients, both in-house and external, are starting to demand and look for this approach. Robinson noted, “the reality is that if you are doing anything else it will be seen as subpar, and no one wants to be delivering sort of subpar products. I look for a solution that can meet your customer expectations and help you deliver your services long into the future.”We concluded by looking at GRC tools with ML and AI at a strategic level, at the senior executive level and even at the Board of Director level. Robinson feels that management at this level “understands the benefits because they understand the problem.” Their goals are to simplify compliance while understanding risk exposure. From this point, management can move to create a risk-based solution. Robinson believes, these are the types of “business problems that executives are dealing with on a daily basis. Having awareness of the machine learning model can help them navigate that complexity.” From where I sit, when you can take a tool that improves business process efficiency and use it to increase profitability through more effectual risk management it is a win for everyone. Join us tomorrow where we take up the topic of curating and maintaining robust GRC content. With 6clicks Head of Marketing, Stephen Walter.For more information on 6clicks, check out their website here.