Innovation in Compliance with Tom Fox

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We are reviewing the Lextegrity Product Suite, taking a deep dive into continuous risk monitoring, considering pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 3, I conclude my two-part visit Miller about risk monitoring with data analytics. We began with the Department of Justice’s (DOJ) 2020 Update to the Evaluation of Corporate Compliance Programs, (2020 Update), which mandated for the first time that compliance practitioners and the corporate compliance function have access to a company’s data lakes. Miller believes the DOJ 2020 Update has really been an eye opener for a lot of risk professionals and companies out there that they “need to do better.” Compliance professionals should have access to their own data as risk professionals, they need to have a plan and an actual program to monitor their company’s data. This works directly on the first two prongs of any compliance program; to prevent and detect actions which could be fraudulent, corrupt such as bribery, or other actions which could put your company in danger. This is even more true in 2021 as the DOJ is ramping up their enforcement efforts. Lextegrity provides a continuous monitoring solution that provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk. Miller emphasized the key is that your continuous monitoring solution should be flexible and curable to your specific company. The Lextegrity platform provides analyses that are broken out in a variety of areas to look for specific types of risk in that general risk-based area. It allows you to identify transactions that could be associated with some wrongdoing like bribery, corruption or fraud. However, what many compliance professionals struggle with is separating the wheat from the chaff. In other words, they are bogged down in the details of a transaction such as gifts, travel and entertainment (GTE) spend, lack of approvals on discounts or third-party issues and do not have the ability to step back and look at a bigger picture. We concluded by considering what connecting all these dots might look like. Miller said that by  “connecting the dots of risk you start to see other things happen, you catch an exception in this area and now you say, well, so-and-so was a major part of that. Let’s see what else they’ve touched in this area or looking at the cross impact between employee spend and vendor spend, and then be on that in the compliance space”. You can also cross-reference hotline reports, due diligence metrics, audit reports, training completion data and indeed “all this other program information that compliance has a hand into that can feed into this transactional data.” It can truly provide to you the broadest look at your compliance risk.Join us tomorrow where we explore pre-approvals and third-party due diligence with Kara Bonitatibus. For more on Lextegrity, check out their website here. 

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We will look at the Lextegrity Product Suite, take a deep dive into continuous risk monitoring, consider pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 2, I begin a two-part exploration Miller about risk monitoring with data analytics.We began with a discussion about what a continuous monitoring solution is. Miller said that it “provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk in their enterprise.” The Lextegrity application “features a library of dozens of prebuilt risk data analytics across a spectrum of focuses. We have risk-based statistical behavioral and policy-based, but really the key to our analytics is they are so configurable and contextual to your specific risks or your lines of business or the historical issues that your organization may have had so that the risk algorithm is actually tailored to your business and your exposure and not, um, some static configuration.” It can connect to a wide variety of EPR systems such as SAP, Oracle, Concur, Workday and others.The Lextegrity approach is different as it is focused on prioritizing your efforts within this monitoring of spend and revenue data, seeing the full context of the transaction and its risk results altogether, so that you can focus on the risk of that as a whole. It also is more risk focused and less control focus. Miller related that the Lextegrity “scoring algorithm is calculated at an aggregated level across multiple analytics to help you cut on the false positives and the noise as well as to then better prioritize your transactions in line with risk parameters that you set.” The solution connects with our approval workflows, our pre-approval tool, as well as workloads within this specific tool, enabling specific analytics, such as validating your approved amounts, against your actual amounts and those people that you actually said you were going to pay is who you paid.The Lextegrity solution can also take your third-party due diligence results and increase the risk scores of transactions with “high risk-third parties, as well any low risk third parties which are showing up in high-risk expense categories, beyond transactional risk scoring and highlighting the higher risk transactions for further review.” All of this allows the compliance professional to go “in and actually explore your data with that augmented risk detail and drill into different dimensions of your data, maybe geographic, maybe a subject, or a specific subject type or that spend nature.” All down into the actual transactional level of data.Join us tomorrow where I continue my exploration of continuous risk monitoring with Miller.For more on Lextegrity, check out their website here.

Tom Fox’s guests this week are Anil Karmel and Travis Howerton, co-founders of C2 Labs. They both had leading positions in the government’s nuclear weapons program and left to found their company. They and Tom talk about “fixing the cadence mismatch” between digitally transforming heavily regulated industries and the need for compliance.Technology vs Compliance“Business processes in heavily regulated industries are built to standardize the way systems are built, designed, deployed and to protect the organization,” Anil remarks. “So you know really to transform technology business processes need to also be transformed… There's really been this need to fix this cadence mismatch between the need to be compliant and the need to modernize technology.” Travis adds that two-thirds of organizations find digital transformation challenging. Their goal at C2 Labs is to help clients modernize their business processes using technology tools, while maintaining compliance, and even reducing cost and risk.RegOps in Compliance“One of the things we've heavily focused on,” Anil tells Tom, “is bringing DevOps to compliance in something we're calling regulatory operations or RegOps - where now you have the ability to transform the culture coupled with the tools to allow compliance professionals to quickly develop and deploy applications and ensure that they are continuously compliant, to simplify and automate regulatory compliance in real time.” Travis comments on the value of automating repetitive processes: it allows humans to focus on analyzing data and making better decisions based on that data. Tom asks if they advocate data visualization. Travis responds, “Our focus is making sure that you're capturing the right stuff in the right way and the most cost-effective way, and that it's driving real world risk reduction and improving compliance posture.”Digital Transformation in ActionTom commends C2 Labs’ philosophy of ‘digital transformation in action’. He asks the men to describe what the term means to them and why they believe in it. Anil posits that “digital transformation is going to disrupt nearly every company and organization on the planet over the next decade.” The problem, especially in highly regulated industries, is making that transformation a reality. He describes C2 Labs’ approach, which is heavily based on automation of useful and necessary processes. “Automating stupid is not an accomplishment,” he quips. The best technology is useless if you don’t stay compliant, however. As such, the company ensures that every improvement has an audit trail and is compliant with regulatory guidelines. Anil and Travis tell Tom how their company handles audit trails, including their Time Travel feature.The Future of Compliance“Where do you see this journey going around digital transformation five years or maybe even 10 years down the road?” Tom asks. Anil and Travis respond that digital transformation is an inevitable part of the next few years, and how ready you are for it will determine the fate of your company. You need continuous compliance to manage digital transformation, so there must be both a cultural as well as technological transformation in the compliance space. The question to answer is, “How do we help optimize the implementation of these regulations in a way that's repeatable, that gets the outcome that was intended without it being the drain on business?” Their compliance manifesto outlines a set of principles that can guide the discussion, they tell Tom.ResourcesC2Labs.comAnil Karmel on LinkedInTravis Howerton on LinkedIn

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We will look at the Lextegrity Product Suite, take a deep dive into continuous risk monitoring, consider pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 1, we meet Chanda, Miller and Bonitatibus who introduce Lextegrity and the Lextegrity Product Suite. Lextegrity began through a frustration Chanda had with the then products available to him for a compliance solution from the data analytics perspective, which would utilize data for risk management. Out of this frustration, Lextegrity was founded by subject matter experts across compliance, legal and audit disciplines with a real passion for risk management. Chanda wanted to combine more powerful tools with a world-class user experience all in a software solution. This comprised a more powerful and highly flexible automation and workflow technology integrations with other enterprise systems. So, we thought “why not build that dream software solution that we all wished when we were in house, focused software suite focused on spend and counterparty risk, including fraud, bribery, corruption, asset misappropriation, sanctions, conflicts of interest, and then addressing those risks using workflow as well as data analytics across the lifespan of those risks.”Chanda noted that within the space of digital transformation for risk management, Lextegrity is “right at the center of that transformation. Lextegrity has a workflow solution on one side that can really manage any workflow. The common ones are a third-party due diligence, conflicts of interest gifts, and hospitality, even industry specific workflows like HCP engagements and grants management for our life sciences customers.” Chanda said the Lextegrity system also creates workflows that integrate with Human Resources (HR) and financial systems to implement more powerful controls. “We have customers who approved donations in our system. We also have customers go to SAP to initiate the payment process, which connects to the Lextegrity system so that adds another layer of control.” Chanda went on to explain that Lextegrity has “a risk monitoring data analytics solution that connects with ERP systems, HR systems to risk score, every single transaction, together with workflows to manage those transactions visualizations and to visualize that enterprise risk as well.”  The bottom line is that “data really is at the core of what we’re doing, but it’s really, even more than that. We are really trying to solve internal control problems for our customers.” All of these factors have led to the emergence of Lextegrity as one of the most powerful risk and compliance platforms in the compliance space. Chanda noted that the Securities and Exchange Commission (SEC) specifically cited Lextegrity software in Alexion Pharmaceuticals’ Foreign Corrupt Practices Act (FCPA) resolution as part of their remediation credit, “which also helped them avoid the monitor”. Further, nearly 50% of the Lextegrity customer base today has selected the company’s products after a publicly disclosed FCPA matter. Lextegrity is “consistently being turned to help remediate programs, which gives us opportunities to be in front of authorities.”Join us tomorrow where begin an exploration of continuous risk monitoring. For more on Lextegrity, check out their website here. 

Paul Clayson has an interesting and eclectic career history: he went from real estate to politics - including working for two US Presidents - then to corporate finance and investing. He tells Tom Fox about his experience working as CEO of several technology companies after which he moved into consulting. He first consulted for AgilePQ, his present company, and was asked to join as CEO. Paul joins Tom to discuss the top lessons he learned as CEO, as well as security for technology in the present and future.Timely Intervention“...Encryption and security technology has lagged the development of computers,” Paul tells Tom. Computers are becoming smaller but existing encryption is too large to fit on these small devices. As a result, very few IoT devices have security on them. Paul feels strongly that it’s time to “catch up”.Leadership Lessons for CEOsTom asks Paul to share his top leadership lessons as CEO. Paul says:  The CEO has more bosses than any other position in the company; Your job as CEO is to get the best people and then create the environment for them to perform at their best; Be transparent about everything; He lives by two principles. Firstly, make gut decisions after finding all the data to support it; and secondly, it makes no sense doing those things well that you shouldn’t be doing at all. He explains that the difference between the board of directors and the CEO is oversight and fiduciary responsibility versus operation and execution.Security for the Present and FutureTom and Paul discuss Paul’s role at AgilePQ and the company’s prospects. “This product is needed; it's just needed,” Paul emphasizes. He outlines the markets they are targeting, which even includes their competitors. “They don't really have a full security system that can operate on the smallest of IoT devices,” he points out. “We have that so we can join with them, license to them our technology.” He tells Tom that their software not only protects the present but is ready for future technology as well. “We built [our software] not only to protect the IoT devices, but we built it so that when quantum computers become a reality - they will be able to process so much data so quickly they can break many of the encryption systems that are in the marketplace today - we built our technology to be post-quantum secure.”“What do board members, CEOs, and companies need to be thinking about for 2025 or perhaps even further, around security and encryption?” Tom asks. “People have to recognize that hackers and bad actors in the digital world are multiplying faster in many cases than the development of technology itself,” Paul responds. “Businesses today really need to be focusing on security at every level of the computing stack ... and they need to concentrate on multiple levels of security within each of those systems. He advises that security should be considered in the planning stage, not after you've already developed a product. “You need to think about it upfront and plan it as part of the operational aspect of the device... that you're building,” he comments.ResourcesPaul Clayson on LinkedIn AgilePQ.com Call Paul Clayson at (336)380-2800

Jenna Waters is a Cybersecurity Consultant at True Digital Security where she specializes in information security program development, industry compliance assessments, threat intelligence, and cloud security controls. She helps clients through the challenges of cybersecurity program development and holistic security consulting, and also consults companies across varying industries. Tom Fox welcomes her to this week’s show as they discuss technological safety within industries, and what her company is doing to curb cyber attacks.The Micro/Macro FocusJenna is a USN veteran, and during her time in the Navy, she worked on highly sophisticated computer information systems and with a lot of other sophisticated technologies as well. Tom asks her to elaborate on the Navy’s approach to cybersecurity as opposed to the public and private sector. Jenna iterates that the Navy, as well as any other military, federal, or law enforcement agency, is focused on a very global, or what she calls a “macro threat” environment. They are focused on protecting the country as a whole from cyber and information warfare attacks. On the other hand, the private and public sectors have a microfocus: in industries or specific business types and the risks and threats those industries or business types may face. “To End Security Breaches”Tom remarks that True Digital Security strives to bring an end-to-end solution, and makes mention of the company’s statement “To end security breaches.” Jenna explains that it’s the company’s goal and that True Digital strives to be at the forefront of cybersecurity. Doing this means preventing breaches from occurring in the first place. However, in the event that breaches do happen, ensuring that attackers don’t acquire vital information is important. “Even if you suffer a minor breach, they're just stuck because we want our clients to have a very layered defense, an in-depth approach that prevents them [attackers] from getting something valuable,” Jenna says.Software Inventory Management“It’s the process of keeping an updated inventory of all your software and your applications from even the smallest minutia of an application used within your IT environment,” Jenna says in response to Tom’s question about software inventory management. She adds that it's one core aspect of overall IT asset management. It enables the recording of vital information such as software update cycles, as well as ensuring that all the critical security patches are applied. Software Inventory Management keeps records of the quantity of applications software that exist within an organization. It helps detect if there’s been a breach as the bit size of applications changes when a breach occurs. The Impact of COVID-19The pandemic has not changed True Digital’s approach very much, Jenna remarks. What the company has been doing is helping clients pivot without the notice of attackers. Remote working comes with its own challenges and insecurities, and so assisting clients and pivoting in a way that helps them continue to achieve their cybersecurity compliance program and development goals is important. The rise in attacks emphasizes the need for structural and legal practices and precedents. Jenna stresses that governments of the world, as well as public and private sectors, need to come together to denounce cyber attacks and enforce actual consequences for these actions. ResourcesJenna Waters | LinkedInTrueDigitalSecurity.com

Jehan Jeyaretnam is the Director and Head of Compliance Services at Acuity Knowledge Partners, one of the world’s largest knowledge process outsourcing firms. Jehan leads the Compliance Business Division, supporting clients with regulatory and anti-financial crime surveillance issues. Tom Fox welcomes him to this week’s show as they discuss ways of implementing knowledge outsourcing within work environments.Knowledge ProcessingTom asks Jehan to define the term “knowledge processing.” Jehan explains that it is a point of view where you have the resources that are supported based on particular specialized knowledge. It’s an area where analytics and judgment reform is required, along with domain understanding and subject matter expertise. It is different from business processing in that it’s more than simply rules-led and considers knowledge offshoring functions. The Four Pillars of AcuityJehan explains that there are four pillars of compliance within Acuity Knowledge Partners. He states that the company supports its clients by combining these four aspects:  corporate compliance, which focuses on monitoring and surveilling communications and marketing materials; investment compliance and trade surveillance supports clients in the areas of investment guideline management from a market abuse perspective; anti-corruption financial crimes, which tackles due diligence for clients, transaction monitoring from an anti-money laundering perspective; forensic compliance, which takes a data science approach to compliance, while supporting clients who are based on-shore.  The Impact of COVID-19Tom asks Jehan to explain how his approach to compliance has shifted or changed due to the pandemic. Jehan states that the area that needed to improve due to the pandemic was understanding how to continue supporting clients while maintaining the compliance culture around it. When employees are working remotely, it’s important to ensure that company culture remains embedded. Changing the model so that there's enough surveillance and approachability is very important. From a business perspective, the pandemic caused Acuity to take more of a conservative approach to the compliance function with respect to budgets. The work volume increased, however, employees operating from their homes allowed for increased communication. Do More With LessCompanies need to be thinking about processing in the next five years, and how it may evolve. One way that Acuity supports its clients is by helping them do more with less. They create dedicated teams that can support them, by taking away some of the workflows that can be done offshore in a more cost-effective way. Freeing up your onshore teams and employees will allow them to be able to readily adapt to the changing workflows, environments, and operations. Because Acuity has implemented this model, they have provided a certain amount of flexibility in their workforce. Jehan advises other companies to do the same. If you want to increase efficiencies you need to "create a center of excellence" by bringing all the aspects of compliance together.ResourcesJehan Jeyaretnam | Twitter, LinkedInAcuityKP.com

Chris Fuller is an author and the President and CEO of Influence Leadership Inc, an organization focused on serving businesses through the development and growth of their people. He is a keynote speaker and has facilitated many strategic sessions for large companies. This experience has given him valuable, best-practice insights. Tom Fox welcomes him to this week’s show as they discuss ideas and strategies to help you around leadership.Mid-Level Management & Cultural ChangeChris wants to help leaders achieve their dreams, while also creating a great work environment for their employees. The day-to-day reality of leadership is a challenge, and new mid-level managers get burned out when they are promoted without proper preparation. "I have a strong focus on the first-time leaders, to prepare them so that they're set up for success, not set up for struggle," Chris says. Embedding this as a culture within an organization will have to involve senior leadership. "We start with the mid-level, we make sure that we equip and empower the new leaders, but then from an organizational effectiveness standpoint, we really want to impact cultural change at the senior leader level."Being Intentional & The Inspired Leadership PathwayBecoming an inspired leader means being intentional and purposeful. Chris gives an anecdote of going to see Hamilton, and he expresses that the kind of dedication put into the play is the kind of dedication we need to apply to the workplace. “If we take that to our daily lives, if we take that to our professional lives, how much inspiration and how much achievement can we start with? We can't have inspired results without intending to get there and being on purpose not on accident.” It’s part and parcel of Chris’ inspired leadership pathway which is about embodying a serving others mindset. “It's about being passionate and purposeful in what you do,” Chris explains. “It’s also about integrating operations with people and also being real and authentic in your relationships, while “executing with excellence.” The combination of cultural and fundamental execution is what will lead an organization to success. “And”, Not “Or”Chris’s style of leadership takes into account the “and” of everything: results and relationships; people and production. He utilizes both aspects and encourages leaders to do the same. “I've got to infuse that adventure and that sense of reality, the gritty reality of leading in the trenches with this infused adventure set to make it…. I'm going to equip and empower you but in the middle of it we're gonna have a blast.” People learn better through stories and when they’re having fun, Chris expresses. Culture is critical to a company’s development and ethical values, it needs to be emphasized from the top down. “A leader's behavior can tell the rest of the organization under them or those that witness them, that the cultural statements are simply a poster on the wall.”The Race Method & Celebrating PeopleTom asks Chris to explain the Race Method. Chris states that it’s one of the methods that came out of studying the Iditarod. The race methodology says: are you ready to run the race that is going to be mapped out for you, and what are those action steps that you need to do if your team isn't race-ready? You need to have action, or else the team is never going to be able to fulfill what you want them to fulfill. We have to teach them to do what we need them to execute. “We need checkpoints - evaluate the progress made and we can involve it. So ready, act, checkpoint, and evolve.” When employees do something right, we need to celebrate them, Chris adds. Make your values and culture clear, tie those literal behaviors together, and when they are activated in your employees, celebrate that to the fullest. ResourcesChris Fuller | LinkedIn, TwitterInfluenceLeadership.com

Eric Shepherd is the former CEO of Question Mark. In 2019 he stepped down and now runs a non-profit company called Talent Transformation, focused on helping individuals understand the future, leadership, and learning. Tom Fox welcomes Eric onto his week’s show as they discuss the ways organizations can better develop through a focus on learning rather than training.The Rise in TechnologyWith the rise in technological advances and automation, machines will be replacing human tasks, and what this means is that individuals will need to acquire new skills. “People will need to learn new skills and be more agile in their approach to work,” Eric says. “Just as technology is going to disrupt a lot of jobs, we can also use technology to help us learn the skills required for the 21st century,” he adds. He iterates that communication, collaboration, and conflict resolution are some of the most important skills that need to be developed and nurtured. Eric also adds that employees will feel bitter at having been displaced, and it is up to society to provide learning systems to help them transition into new roles.Talent Transformation PyramidEric had a good understanding of assessing knowledge skills and abilities but not of assessing behaviors, emotional intelligence, or personality traits. Understanding how mindset and skillset would support readiness and performance was important. “How would people be ready to do tasks and how would they perform but being based on both their behaviors and social-emotional intelligence,” he adds. He explains to Tom that the concept was hard to explain to people, so he created the ‘talent transformation pyramid’, showing how personality traits and cognitive systems would support performance at an individual level, team level, and organizational level. CEO Sets The CultureTom asks Eric what he sees as the CEO’s role in talent transformation, especially in regards to the coronavirus pandemic. Eric stresses that the CEO has to set the organizational culture and that that culture would differ depending on what business they’re running. In these uncertain times, employees are being bombarded with different fears that will affect their work performance. CEOs need to address those fears and establish a culture that says wellness, psychological safety, and inclusion are important. It has to come from the top, he argues.Learning Through CultureEric reiterates that the majority of repetitive tasks are going to be replaced by machines. What this means for humans in the future is that there will be more focus on creativity, communication, collaboration, and cooperation. Learning through culture will see organizations become more successful because they are being more creative and embracing the possibilities of the future. “The company that can embrace those talents and those skills is actually going to be more efficient, and having greater efficiency would lead to greater profitability simply because they're more agile and they're more nimble.”Learning Rather Than TrainingTom asks Eric to explain how the pandemic has changed his approach. Eric explains that now his company acts more as business advisors rather than doing actual assessments. With the impact of COVID-19, Eric has been uploading a lot of content to YouTube and his company’s website. Tom also asks Eric what companies need to think about in the next few years in regards to talent transformation. “Think about learning rather than training. Think about culture.”ResourcesEric Shepherd | LinkedIn, Twitter TalentTransformation.comeric@talenttransformation.comTalent Transformation by Eric Shepherd and Joan Phaup

Welcome to a special five-part K2 Integrity sponsored podcast, series Business and Financial Fraud: Yesterday, Today, and Tomorrow. Over the course of this series I have been joined by Joanne Taylor, a Managing Director at K2 Integrity. She has 20 years of legal, investigations and financial crime compliance experience, working within the financial and legal services industries. I am also joined by Ray Dookhie, a Managing Director in K2 Integrity’s Investigations and Risk Advisory practice, with more than 25 years of experience in compliance, integrity risk monitoring and management, and investigations. Over the series, we have considered the top fraud trends you might expect to see in 2021, what the regulatory landscape may well look like in 2021, best practices in fraud prevention, how to detect fraud and responding to fraud once it is uncovered. In our concluding episode, Part 5, Ray Dookhie joins me to discuss what a company should do after allegations of fraud arise.