Innovation in Compliance with Tom Fox

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 2, I am joined by Tina Rampino who discusses ‘espresso shots’ of training to help facilitate attainable training demands.

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 4, I am joined by Koby Bambilia to discuss why tailored and risked based training is so critical now.In this episode we went into the weeds of specific tailored and risk-based training. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. I asked Bambilia if he could provide some examples from the world of financial institutions and financial services firms. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends - not just from a compliance perspective but also from an angle of operational efficiencies - you are assuring that your operation and IT staff know what to do going forward. If they know what to do - that will save a lot of pain and effort on their side, but also for you as a compliance officer.”K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over this series, we are breaking down corporate culture, compliance training and communications by discussing topics such as breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 3, I am joined by Koby Bambilia to discuss the intersection of meeting compliance skill development and regulatory requirements.

Peter Baumann is Tom Fox’s guest on this week’s episode of the Innovation in Compliance Podcast. He is the founder of ActiveNav, a company that helps its customers reduce data risk, make better management decisions and comply with privacy regulations. He has been in the information governance field for 30 years both as a publisher and as a content creator. Peter joins Tom to talk about how the disciplines of information governance, and the data industry, relate to a variety of compliance issues.How Information Governance Has ChangedThe most significant change in information governance, Peter tells Tom, has been its explosion of growth. Companies used to only operate from a singular network, and via a single machine. There was well managed control, and no-one else was able to have access to the information filtered through those single networks and machines. That is no longer the case. With the rise of the internet and connecting corporate networks with each other, the control has collapsed and sensitive data has become more accessible.Being Compliant Through Data Retention PoliciesPeter iterates that companies need to have a map of their data and what's actually in it. "Until you get there, you're always gonna fall short of meeting any of these privacy regulations because you can't actually say what you've got, where it is, and whether you should have it," he adds. Companies need a top and bottom approach to their data mapping, which lets companies know how to approach these issues strategically. Peter also stresses that senior management need to treat their data as if it's the best asset in their organizations. "Only when those things become a kind of de facto position will organizations start to manage and govern their data appropriately," he tells Tom.Unstructured Data & Eradicating Dark DataPeter explains that unstructured data is data that sits outside of a database environment. The very idea of a database is based on the concept of structure, so any data existing outside of it is unstructured. To get rid of dark data, companies need to have an understanding of what data they have, its nature, size, and where it is stored. That is the first step. The second step is minimization, that is, doing a system cleanup of redundant files or records that are beyond their natural retention policies. The final step would then be to find your sensitive data, understand what it is, then either encrypt or delete it, or move it somewhere else. This will get you to your government's baseline. The Impact of COVID-19 & Looking To The FutureThe pandemic has changed how companies approach data as content has become more fragmented now. "The biggest change I'd say, is the shift in both commercial, private, and government towards more collaborative based tools," Peter remarks. He gives the examples of Microsoft Teams and Slack. The downside of these tools however, is that they don't have the appropriate mechanisms built into their platforms to ensure that they are complying with governance. With respect to the future, companies should expect to see penalties and fines start to drift down to mid-market and eventually smaller businesses. "Ignorance and the lack of policy systems and preemptive planning won't be tolerated as an excuse by the courts," Peter warns. The tools and the experience are out there to ensure that companies are aware of what data they have so they will be expected to comply with regulations and face the consequences if they don't.ResourcesPeter Baumann | LinkedIn | TwitterActiveNav

Welcome to this special podcast series, Integrity Matters: Culture, Training and Compliance, sponsored by K2 Integrity. This week I visit with Koby Bambilia, Managing Director, and Tina Rampino, Associate Managing Director. Over the series, we will break down corporate culture, compliance training and communications. Topics include breaking down the big picture on culture, espresso shots of training, skills development and regulatory changes, tailored and risked based training and operational aspects of training. In Part 1, I am joined by Tina Rampino who breaks down the big picture on culture.We began with the basics: that a culture of Compliance is the foundation of an organization’s compliance program. Rampino said it is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by an institution’s Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.Rampino detailed some key questions to ask, such as “What is the tone that is set from the most senior levels of the organization? Are employees motivated by doing any and all business no matter the risk? Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?” She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”An effective compliance training program can help to ensure that an institution is regularly addressing new issues and emerging risks. It also helps to ensure that employees have the right knowledge and skills necessary to perform their roles, so they understand the risks within the institution and their business area as well as the consequences of non-compliance. Rampino detailed some of the areas your organization should focus on with the following questions, “Do our training programs match the risks of our institution, and the variety of functions within it?”; “Do our employees have the right experience and training to do their jobs?” and “Are we regularly addressing new issues and ensuring our programs help our teams deal with emerging risks?”In terms of an effective communications program, institutions should ensure robust and recurring communication. “One and done” is not an effective way to deliver communications or develop an organizational culture. A robust program issues clear messages in a recurring fashion. Rampino concluded with some key takeaways on communications. First, institutions that want to create a culture of compliance should issue policy alerts and remind staff of changes. Second, information should then be easily accessible and readily available for employees. Finally, town halls, quarterly newsletters, and even short video messages explaining changes can be effective ways to ensure that all staff members understand what they must do to support the institution’s focus on compliance.For more information, go to K2 Integrity.

John Lee Dumas, host of the award-winning podcast Entrepreneurs on Fire, joins Tom Fox on the last installment of Looking Back at 9/11 to commemorate the 20th anniversary of the 9/11 attack. He tells Tom how his life changed in that pivotal moment, and the big lessons he learned. A Time of WarJohn tells Tom that he was in his final year at Providence College, and in the ROTC cadets, on 9/11. When he saw the towers fall, he knew at once that it would change the trajectory of his career. He and his roommate looked at each other and they knew “that our next four years of active duty army experience went from being in the peacetime army to looking like we were going to war.” Within hours they were called to active duty: “We just became officers in the US army during a time of war,” John recalls.Leadership Lessons from the ArmyTom asks John what leadership lessons he learned from his time in the army. John outlines three major takeaways that his time in combat taught him: To learn from those who went before. “I learned right at the beginning, I needed to stand upon the shoulders of giants,” he remarks. A good decision now is better than a great decision later. Action is everything. Make the best decision you can with the information you have, take action, then adjust if you need to when you know more. If you discover later on that you made a wrong decision, cut your losses and move on. Don’t compound that mistake by staying in a bad place, John advises. “I kept being willing to pull back and say let's try again, until I finally made a great decision. It took six years to make my first great decision, but that great decision has led to the last 10 years of living the exact life that I want to live.” What Americans Should RememberJohn wants Americans to appreciate their freedom, because it was hard won. He tells listeners, “So few people have ever experienced what true lawlessness is. And until you’ve experienced that, it's hard to really appreciate what we do have here. But you know, this is a great country and it is the home of the free because of the brave. And I hope that's just something that we will always remember.”ResourcesJohn Lee Dumas: Entrepreneurs on Fire | Twitter

Scott Moritz is Tom Fox’s guest on this episode of Looking Back at 9/11. Scott is the Senior Managing Director at FTI Consulting Risk and Investigations, assisting clients and their outside counsel in managing their response to white collar crime, misconduct and bribery incidents. He is also the host of the podcast series, Fraud Eats Strategy. Scott joins Tom to talk about how the events of 9/11 impacted the FBI.How 9/11 Changed The FBI: Structural and Cultural Ambidexterity9/11 fundamentally changed the FBI overnight. Scott remarks that for a long time after 9/11, the FBI was primarily focused on the attack on the Trade Center. That was the Bureau’s main investigation, and it was being worked on by all the FBI field offices, and virtually every foreign attache office in the world. Many scholars, through various organizational studies and surveys, assumed that the FBI would have created simultaneous frontline structures and processes to balance their two competing missions: national security and law enforcement. The scholars also posited that perhaps the FBI would engage in cultural ambidexterity, which would be to refuse to take on the mission of national security altogether. The FBI did something altogether unexpected and tackled both. The Benefit of One Agency“There was this rapid emergence of two clear, but distinct, identities, and eventually, you know, one new unified identity FBI, but some changes where, terrorism cases were centralized at headquarters...This was a big departure from the way that the FBI normally operated,” Scott tells Tom. By staying as a single agency, the FBI had better access to local law enforcement agencies and could take better advantage of defendants with information that could advance the national security mission.A Shift In The Private SectorTom asks Scott to talk about any changes in the private sector he was personally involved in. The major change in the private sector post-9/11, especially with respect to financial institutions, was the induction of the Patriot Act which also paved the way for other significant changes. Financial Institutions and broker dealers had to harden the security of buildings and supply chains across the country’s infrastructure. There was also the explosion of no fly lists, watch lists and terrorist watch lists. Banks, building owners and brokerage companies had to navigate these systems often, and quickly. Scott was very involved in helping these institutions in their anti money laundering obligations, as well as their security obligations. Looking To The FutureTom asks Scott to share some reflections on 9/11, and for the future. Scott remarks that post-9/11, the country was more united and people were more compassionate to one another. The best of humanity in forms of kindness and outpouring of love was seen not just from Americans to each other, but from the rest of the world to America. He hopes that someday he can see that kind of love and unity again. ResourcesScott Moritz | LinkedIn | TwitterFraud Eats Strategy

Eric Feldman is Tom Fox’s guest on this episode of Looking Back at 9/11. Eric is the Senior Vice President and Managing Director at Affiliated Monitors, a company that deals with monitoring large and small companies in the government contracting, construction, engineering, manufacturing, and financial services. He also conducts assessments of corporate ethics and compliance programs across many countries. Eric joins Tom to talk about the impact the events of 9/11 had on the role of Inspector General.The Impact of 9/11 on The IG's RoleEric explains to Tom that 9/11 was the most informative time of his career, and the careers of many other Inspector Generals. It was a refocusing moment for everyone. Eric got to work within the oversight function, but as part of the mission he was overseeing. "That focus on mission was it for me," he tells Tom. Eric expresses that understanding the mission helped make him a better Inspector General. IGs all over the world became more concerned with looking at the broader picture of how funds were being used at their agencies to fight the war on terror, instead of the minutiae of looking at time and attendance reporting.The Importance of The IG NowTom asks Eric to elaborate on how the IG's role rose in prominence post-9/11. Eric explains that government IGs became "part of the team" in different ways. There is more collaboration now across the agencies that IGs oversee. There is also independence: Eric expresses that there must be a balance between collaboration and independence. IGs are especially important as they ensure that the dollars being spent on the war and mission are being spent properly.A Wake Up Call of UnityEric reflects that 9/11 was a wake-up call for the United States. The country came together, and there was a level of unity and patriotism, as well as a sense of duty that overtook politics. Eric hopes that the people can return to that unity without another catastrophe. ResourcesEric Feldman | LinkedIn | TwitterAffiliated Monitors

Alex Dill is Tom Fox’s guest on this episode of the Looking Back at 9/11 Series. Alex is a scholar and professor specializing in financial regulation, risk management and compliance. He also has corporate experience in ​​the ethics of business practices in finance, bankruptcy, bond covenants, and debt markets. He joins Tom to talk about The Patriot Act’s impact on responding to terrorist threats.How 9/11 Changed AMLBefore 9/11, AML regulations were very lax and backward looking. The focus was on prosecuting crimes that were already committed, and prosecuting money laundering, more so than the financing of terrorism. Banks weren’t engaging in meaningful customer due diligence as they felt the process invasive. After 9/11, this all changed. Law enforcement agencies and financial institutions revamped their policies and procedures to take a more preventive approach to AML and financing of terrorism. This led to The Patriot Act.The Financial ResponseTom asks Alex if he saw a similar regulatory response with non-financial institutions with respect to Patriot Act AML procedures post-9/11. “There was a huge amount of rulemaking that had to be done,” Alex responds. He adds that public companies adopted customer due diligence, and that it was applied more broadly to different sectors, but with a risk-based approach. Companies now had to file suspicious activity reports, not just banks. Customer identification was also introduced. “The Patriot Act sought to encourage cooperation among law enforcement agencies, and among the financial institutions themselves to share information and obtain information from foreign law enforcement authorities,” Alex tells Tom.The Challenge With The Patriot Act Alex explains to Tom that there are challenges with the Patriot Act. A major challenge is detecting the financing that goes into these attacks. Funds that finance these actions are sourced from both legal and illegal means, and that is a major issue. The transaction amount can be small, and this might pose a risk to some compliance officers. Technology in Anti-TerrorismAlex remarks that technology is very important moving forward in the fight against terrorism, as it has changed the way we function in our world. The downside of technology is that it has also helped create some of the compliance issues we have today. Social media platforms have helped to create polarization in the society, and programs like cryptocurrency have been used by criminals for money laundering, and financing terrorism. However, Alex ends with a positive note stating that the AML act of 2020 has been doing the work to help curb these issues.ResourcesAlex Dill | LinkedIn | Twitter

Juan Zarate is the Global co-Managing Partner and Chief Strategy Officer at K2 integrity. On 9/11 he was a prosecutor at the Treasury Department working on international enforcement issues, anti money laundering, anti-corruption and anti-terrorist financing. He joins Tom Fox to commemorate the 20th anniversary of 9/11. They discuss how his role changed, the Treasury Department response and what the tragic event means for him.A Change of Mission9/11 changed the mission of the Treasury Department. Juan tells Tom, “We went after terrorist financing to try to disrupt and dismantle Al-Qaeda's terrorist networks and infrastructure, and disrupt how illicit financing was flowing through the international system.” He recalls where he was on the fateful day and how seeing the smoke from the Towers and the Pentagon affected him emotionally. Something very different was happening, he recalls; the country was under attack.He outlines the strategic, departmental and tactical changes implemented after 9/11 to fight terrorism. The President declared that we were now at war. “The attitude and the strategic direction of the government was [that] we now have to prevent terrorist attacks,” Juan recalls. “We have to disrupt and dismantle terrorist networks. And that led to an entire preventative paradigm for the counter-terrorism approach to the government.” The new mission of the Treasury Department was the following areas, Juan remarks: “How do you use financial information more aggressively? How do we think about the use of tools and authorities that the Treasury has, like sanctions, anti money laundering rules? How do we think about the relationships internationally with central banks, finance ministries? How do we get the world on board to disrupt terrorist financing, to rip these organizations out of the legitimate financial commercial world?” The Patriot Act was one tactical change, among others, that was implemented to achieve the new mission of fighting terrorism.What 9/11 MeansTom asks Juan, “What are your reflections now as we come up on the 20th anniversary of the day of 9/11, and really what it meant for America and for you 20 years later?” Juan responds that he has mixed emotions. He thinks about the victims and their families first of all. That day changed history, he says. “It changed the way that the U S government viewed the world. It changed the way that we operated our strategy. And it changed the sense of our vulnerability.” The recent events in Afghanistan make the 20th anniversary even more difficult for Juan. “I have very mixed emotions coming on the 20th anniversary of 9/11,” he concludes, “but I'm very proud of the work that we did. I'm proud of the people I served with and my sympathies go out to the victims and their families.”ResourcesJuan Zarate at K2 Integrity