Innovation in Compliance with Tom Fox

Welcome to a special five-part podcast series sponsored by K2 Integrity. This month we consider the intersection of compliance, diligence and mergers & acquisitions (M&A). I am joined by Hannah Coleman, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. She specializes in fast-moving, complex, and specialized research assignments in a variety of areas including investigative due diligence, corporate contests, intellectual property investigations, media transparency assessments, and litigation support. Also joining this week’s series is Tom Pannell, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. With a focus on financial investigations, Tom leads multi-disciplinary teams working with corporate clients and their legal advisors responding to crisis events, including multi-jurisdictional white-collar crime, misconduct, financial statement fraud, anti-bribery and corruption incidents, and compliance risk advisory work. In this third episode, I visit with Hannah on how to avoid being blinded by familiarity so that potential reputational issues do not surprise you down the road. Join us tomorrow as we consider deals through a global lens. For more on K2 Integrity, check out their website, here. 

Welcome to a special five-part podcast series sponsored by K2 Integrity. This month we consider the intersection of compliance, diligence and mergers & acquisitions (M&A). I am joined by Hannah Coleman, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. She specializes in fast-moving, complex, and specialized research assignments in a variety of areas including investigative due diligence, corporate contests, intellectual property investigations, media transparency assessments, and litigation support. Also joining this week’s series is Tom Pannell, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. With a focus on financial investigations, Tom leads multi-disciplinary teams working with corporate clients and their legal advisors responding to crisis events, including multi-jurisdictional white-collar crime, misconduct, financial statement fraud, anti-bribery and corruption incidents, and compliance risk advisory work. In this second episode, I visit with Tom on concerns in the current deal making scene. Join us in our next episode where consider avoiding potential reputational issues. For more on K2 Integrity, check out their website, here. 

Kayvan Alikhani is the CEO and co-founder of Compliance.ai, a company dedicated to empowering professionals with the smartest regulatory and compliance change management platform. He has over thirty years of experience and expertise in software and cybersecurity. Tom Fox welcomes him to this week’s episode as they discuss modernizing compliance practices and helping risk practitioners do a better job of managing risk.Red TechIt used to be that compliance professionals could manage the pace and complexity of regulations and changes happening around them with simple tools. Presently, the scope of changes and complexity has increased, giving rise to a set of modern solutions that can capture, monitor, and take action on these changes. This modern technology is called red tech. Compliance Meets AITom asks Kayvan to explain what ‘Compliance meets AI’ means to him. Kayvan responds that it means using AI to help compliance professionals make regulatory changes. “Artificial intelligence emerging as a stable, reliable, and cost affordable…. allows for you to model a set of behaviors and be able to predict the outcome of a basically new behavior, or map behavior to a specific classification,” he tells Tom. He explains the necessary components that would make AI work in compliance. Compliance.ai & Why It’s Unique Kayvan founded Compliance.ai to answer the question of what can be done in terms of automation. His company removes the “speed bump” users encounter when accessing regulatory content. Content is curated within hours as opposed to days, weeks, and months. Simplifying the tasks of compliance officers allows them to have more time to assist their organizations with changes that may be happening at that particular time. Simplicity enables the organization to convey the proper message to its stakeholders more rapidly.COVID-19 & BeyondKayvan tells Tom that due to the pandemic, his business got more focused on adding business continuity and improving business resiliency policies and making those policies accessible from anywhere at any time. Tom asks him what to expect in red tech risk and compliance in the coming years. “As more and more organizations start building these types of solutions we're going to see the formation of alliances across the sector where compliance is no longer used as a competitive advantage,” he explains. “The push for privacy regulations is going to be a big catalyst as well in terms of the common practices that are used both for maintaining data protecting data sharing data.”ResourcesKayvan Alikhani | LinkedIn | Twitter 

Welcome to a special five-part podcast series sponsored by K2 Integrity. This month we consider the intersection of compliance, diligence and mergers & acquisitions (M&A). I am joined by Hannah Coleman, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. She specializes in fast-moving, complex, and specialized research assignments in a variety of areas including investigative due diligence, corporate contests, intellectual property investigations, media transparency assessments, and litigation support. Also joining this week’s series is Tom Pannell, Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. With a focus on financial investigations, Tom leads multi-disciplinary teams working with corporate clients and their legal advisors responding to crisis events, including multi-jurisdictional white-collar crime, misconduct, financial statement fraud, anti-bribery and corruption incidents, and compliance risk advisory work. In this first episode, I visit with Hannah on issues relating to core due diligence issues.Join us in our next episode where consider concerns in today’s deal making scene. For more on K2 Integrity, check out their website, here. 

Justin Beals is the CEO and co-founder of Strike Graph, a company helping customers get through their cybersecurity audits. He’s a serial entrepreneur with expertise in AI, cybersecurity, and governance. He founded Strike Graph with the goal to make cybersecurity standards easy to understand and easily accessible. Tom Fox welcomes him to this week’s show to discuss cybersecurity, auditing, and building maturity within an organization.SOC/SOC2 AuditJustin explains to Tom the origins of SOC: it was created to ensure that third-party vendors who trade with public companies, and the public companies themselves, were implementing effective cybersecurity practices. SOC2 Audit is a cybersecurity standard that focuses on security within an organization in a number of ways including HR practices, code of conduct, and other compliance liability issues. SOC2 analysis is about how data is encrypted and how new codes get put on servers. “The achievement of something like a SOC2 represents two things: one is an organizational maturity and the second is an assessment of that maturity by an independent party,” Justin tells Tom.Trust is CurrencyTom asks Justin to share a few tips for when hiring a SOC2 auditor and why it is necessary. “The selection of the right auditor is important strategically because you're going to want to work with them for a while. Generally, you want to go back to the same auditor [because] it's more efficient,” Justin responds. Auditors we are familiar with know our practices and can measure them well. He points out that buyers and investors will pick the more trusted company; a company that has done a SOC2 audit is preferred over a company that hasn’t. Trust is what drives them and is what will influence buyers’ decisions.COVID-19 and What’s NextTom asks Justin to reflect on how the pandemic has affected Strike Graph. Justin remarks that his business was established during the pandemic and is a remote work organization. He adds that interest has grown due to the pandemic, and it helped build his company’s success. With the pandemic, certifications and audits are great tools that can help build trust with customers. Justin remarks that in the future, it’s going to be more commonplace to expect vendors to share any form of private information to achieve audits or certifications.ResourcesJustin Beals | LinkedIn | Twitter StrikeGraph.com

Rashelle Tanner is the Director of Compliance Learning Program at the Office of Legal Compliance at Microsoft. A senior attorney, she is responsible for the trust and integrity learning program for Ethics and Compliance. Rashelle develops and delivers learner-centered anti-corruption and ethical decision-making courses that empower employees to do business the right way. Tom Fox welcomes her to this week’s show to discuss how compliance professionals can incorporate and promote integrity in training, and how to reimagine training in innovative ways for the organization’s ultimate benefit.The Importance of IntegrityTom asks Rashelle to explain why integrity is integral to compliance. She stresses that people have to follow rules not just because they’re there, but also because they feel motivated to do so. The focus on “doing the right thing” is becoming less on what you can and cannot do, and more on your day-to-day decisions. Focusing on integrity will help you make more ethical decisions.Compliance and Integrity Through StorytellingRashelle tells Tom about incorporating integrity training through the use of storytelling. She describes how her team takes employees through compliance-related scenarios, and ethical issues, with characters based on workers at all levels of Microsoft. The episodes are based on what motivates people, and how it impacts their decisions. Rashelle remarks that this venture has helped build employee engagement and continues to encourage them to get involved with compliance training. She stresses the importance of keeping the content suspenseful to grab employees’ attention; however, it must also stand alone so that anyone can follow along. It also needs to have specific language in the given content in order to reach the target audience. Diversity and Inclusion in ComplianceTom switches to the topic of diversity and asks Rashelle her thoughts on the role of diversity and inclusion in compliance, and how compliance departments can drive that conversation forward. He adds that diversity is natural while inclusion is completely different. Diversity is getting one’s foot in the door while inclusion is being completely embraced and listened to. Rashelle stresses that inclusivity is a responsibility, and one she and her team emphasizes at Microsoft, and even within their serial training programs. She states that representing all walks of life in their episodes is a way of reaching not just their local employees but their international ones as well and making them feel seen and heard. ResourcesRashelle Tanner on LinkedIn | TwitterThe Learning Guild

Stacey Hanke is an author, keynote speaker, and the founder of Stacey Hanke Inc. The goal of Stacey Hanke Inc is to help leaders become their true selves by equipping them with the tools to increase their confidence and authenticity. Tom Fox welcomes her to this week’s show as they discuss influence and how it can help leaders and people who simply wish to learn how to become better employees.The Importance of ConsistencyTom asks Stacey to explain why consistency is critical to influence. Stacey expresses that it shows our peers, customers, and employees who we truly are as business leaders. Consistency in all forms within your organization - from how you answer messages and calls, to how you show up for interactions - builds trust. The moment we stop behaving consistently, we run the risk of individuals second-guessing who we are, and that creates a break in trust. Trust is the backbone of influence. Trust comes from respect, and they both work together to drive influence, so leaders have to stay consistent and reliable. Deliberate Practice“What’s practiced in private, gets rewarded in public,” Stacey says, quoting Michael A. Jordan. She adds that the training and mentoring she does is about what she calls “deliberate practice.” Deliberate practice is focusing on a different aspect of whatever skill you wish to work on, and practicing each aspect on a different day. It’s the mindset that every time you show up, it’s an opportunity to practice the whole idea of influence. It’s to practice as you’re delivering.Influence VirtuallyTom asks Stacey to explain how leaders can maintain their influence in a virtual environment. Stacey gives an anecdote of how she and her team went about doing so. She stresses writing down how you influence, engage, and interact in person, and then applying the same concepts to virtual meetings. She also advises leaders to adapt their messages based on where their listeners are.False Feedback, and The Influence Model“We don’t know what we don’t know,” Stacey says. She tells Tom about being given false feedback and gives the analogy of being a professional athlete being praised all the time. The true meaning of influence, she points out, is really consistency. Tom asks her to explain her influence model. She responds that it’s like a triangle with three “key drivers”: feedback, deliberate practice, and accountability. Feedback is what works and what doesn’t, and you can only build the feedback on deliberate practice. The final component is accountability which is simply improving our influence through the coaches in our lives.COVID-19 has exposed the lack of consistency in influence now that we’ve all been pushed into a virtual environment. Adaptability to new platforms and to people should be our focus moving forward. ResourcesStacey Hanke | LinkedIn, TwitterStaceyHankeInc.com

Today, we wrap up our multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc., with a special bonus episode where Parth Chanda, Founder and Chief Executive Officer (CEO), and I discuss Lextegrity’s Integrity Analytics Collective. What is the Integrity Analytics Collective? I put that question to its founder Chanda. He related that it was launched in 2020 “in partnership with nearly a dozen partner organizations from across the world.” It’s ultimate goal is to “collaborate with thought leaders to further democratize data analytics for organizations of all sizes globally.” The Collective brings together the practitioners from member organizations “who are really ‘into the weeds’ practitioners, they are thought leaders in those organizations and they bring all of us together with as well.” What we all have in common is “a desire to raise the standard of data analytics for everyone who wants access to them.”The Collective wants to help organizations of any size in the world to accelerate their data analytics as well as their automation efforts. At the core of the collective is building out a library of advanced data analytics, coupled with the ability to create analytics on the fly, through an out of the box solution. The Collective approaches data analytics in a way that opens up data analytics up to any organization. Chanda said, “it’s an ecosystem that we’re creating of ethics and compliance professionals to continue to add new analysis of the platform regularly, including new risk domains.”The Collective has members from companies as small as under 100 to companies with thousands of employees. Chanda stated, “we understood very early on that this is going to be a massive a cross industry, cross ecosystem effort. Each of those partners has a different perspective on things. Some of them are focused more on behavioral science element of ethics and compliance. Others are really focused on the forensic auditing perspective, the policy and rules-based perspective. We wanted to really have stakeholders from across the knowledge spectrum.” All the while recognizing that “the baseline of analytics is fairly standard. This means if you bring in a forensic auditor to do an investigation, they’re going to have a standard tool set for fraud and corruption analytics that are fairly standard. That is the concept we’ve really democratized. Yet, with an analytics engine, while the standards are fairly democratized and standard across companies, they need to be largely configurable based on the industry, the business model and frankly historical issues.”The goal of Lextegrity is to take insights, best practices and other information from its Collective partners and then incorporate them into your tools, modules and workflow modules. At the end of the day Lextegrity will have a more robust platform, which it will then share back with the partners or others in the compliance team. Chanda said, “part of our mission with the Collective is really to empower a lot of these expert organizations that do advisory work and provide them options to provide data analytics and automation to their clients, because they are the experts in their space. Again, it is really a difference in model for a software product company.” Moreover, “If there are new analytics, new ideas, new approaches that have worked for others, we want to know about them and make them available in the marketplace.” Chanda believes that it gives everyone a shared commitment to really move the needle forward for organizations and their risk management efforts to build this thought leadership ecosystem around data analytics.For more on Lextegrity, check out their website here.For more information on the Integrity Analytics Collective, click here.

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over this series, we have visited with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We have looked at the Lextegrity Product Suite, taken a deep dive into continuous risk monitoring, considered pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 5, I visit with Bonitatibus on integrations and the user experience. We began with data integration, which is one of the biggest challenges facing every Chief Compliance Officer (CCO), compliance professional and indeed corporate compliance function. Bonitatibus said the starting point is to create software solutions that are intuitive, data-driven and integrated. Lextegrity has created various integrations in the pre-approval application, core integrations include HR systems, which are used to support approval logic. It also includes routing requests to an immediate manager through workflow. Next there is a prebuilt integration with a database check of sanctions, state owned entity and adverse media information. There can also be embedded and automated screening directly into any of the workflows. This can provide through put our third-party due diligence application process and compliance approver procedure. She ended by noting, “we have a pretty tool set that we can offer our customers with respect to integrations.”We ended by looking down the road for Lextegrity. Bonitatibus is very excited about some of Lextegrity’s future vision and priorities. The company is very focused on continuing to prioritize integrations across the entire product suite to really continue to evolve the end-to-end solution and continue to break down those silos of managing spend risk and risks in general. The company will also continue to expand the analytics embedded in the workflow technology. Finally, and hopefully to the delight of Lextegrity customers, they want to have more and more powerful reporting and analytics and visualizations across all of the products. Great visualizations are as much of an art as they are a science. Yet Bonitatibus sees them as a very powerful tool. Lextegrity wants compliance professionals to “think of our products as a roadmap, where everything is modular.” This allows building out an entire end-to-end solution in a manner where can start on the journey and expand out “wherever it’s most helpful and beneficial to you. We would love to work with companies to take their compliance programs to the next level.”Join us for our concluding special bonus episode, where Lextegrity Founder and Chief Executive Officer (CEO), Parth Chanda visits with me on the company’s Integrity Analytic Collective.For more on Lextegrity, check out their website here.

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we are visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We have reviewed Lextegrity Product Suite, taken a deep dive into continuous risk monitoring, considered pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 4, I visit with Bonitatibus on pre-approvals and third-party due diligence. We began with a discussion of the pre-approval process and third-party due diligence monitoring tools that Lextegrity has developed. Bonitatibus initially noted that often times the business folks see the compliance function as the department of holding things up. This led the Lextegrity team to look at questions such as “how do you build a system that is easy to use, intuitive gets users in and out of the system and gets them the answers they need as quickly as possible?”The Lextegrity difference is that it can build workflows unique to your business. Bonitatibus noted the solution has workflows in 14 languages, soon to be 20. It can provide customers with template content, across multiple questionnaires. There is a library of content which based on an internal review of enforcement actions and other public source documents, all of which are configurable. She went on to say, “we implemented multiple workflows in over a dozen languages in a hundred countries and less than 90 days, in a new tech driven compliance program. That’s what makes our software really powerful.”We then turned to the question of how companies are in many cases not using the pre-approval workflows efficiently. One of the pillars of Lextegrity is to be more data driven across all of our products, including in the pre-approval workflow. “The Lextegrity solution embeds analytics and thresholds directly into the preapproval process, which provides approvers with data to inform their decisions. This means you are not simply looking at the information which is provided by the submitter or the requester. It expands out to things like aggregate spend and aggregate frequency. For example, how many gifts has this government official already received? How much has this particular healthcare professional received in the context of a meal or a consulting fee?” Join us tomorrow where explore integrations and the user experience with Bonitatibus. For more on Lextegrity, check out their website here.