Innovation in Compliance with Tom Fox

Tom Fox welcomes brothers Nick and Gio Gallo, co-CEOS of ComplianceLine, along with Ronnie Feldman, CEO and founder of Learnings & Entertainments to this week’s show. They discuss innovative solutions to some of the challenges that compliance leaders face.Addressing Compliance ChallengesCompliance leaders often face challenges in getting management to address compliance issues. Tom asks his guests how they would counsel a client experiencing these challenges. Nick expresses that this new age demands modern approaches: you can’t use the same approaches as 10 and 15 years ago. He suggests leading with value and reaching across departments to get the desired attention from management.  The Game of InfluenceGio comments that employees aren’t all reading the DOJ guidelines, nor are they all pondering how to change their organization’s compliance policies. Ronnie adds that the innovation needed to bridge this gap is influence - leaders need to understand how it impacts change within an organization. He recommends learning activities that are short, fun, and interesting. Nick says, “This is 100% a game of influence. We’re either trying to influence our peers, we’re trying to influence leadership to get more budget, and really our mandate is trying to influence the behavior within our organization.” He adds that there are two sides to influence: the objective and the human side. We need both to transform our teams and organizations.Building a Speak Up CultureTom asks how an organization can build a ‘trust and speak up’ culture. Gio advises having a collaborative relationship with third-party vendors to be able to access information that may help to resolve employee issues. Ronnie comments that before creating any training program to tackle this or any issue, leaders should start with their objectives in mind. Think about the communication channels available and obstacles you may face, he remarks. “The goal is to influence the social environment,” he says, “and the best way to do that is to be interesting and short, and I think entertaining, because then you can put that in more places, and they're gonna like you.” Gio adds, “We as compliance leaders and ethics experts need to be the ones who lead beyond those strict requirements and say, ‘Well, this is what quality means. This is what is going to get us to engagement. This is the type of partner that's gonna help us figure out the thing that we don't know yet.’”The Importance of Active ListeningTom asks, “What skills does a compliance officer need beyond being able to read the law or to read a spreadsheet?” Ronnie stresses the importance of being an active listener. He uses an example from his time doing improv to illustrate his point. “The compliance department as a profession needs to be better at integrating and melding with other departments and also bringing those views into their organization,” Gio says. There needs to be more diversity within the organization in order for compliance to function more strategically. Why We Work TogetherL&E and ComplianceLine’s partnership is so fruitful because both companies have a similar ethos, according to Nick. They’re both trying to impact the workplace in the same way, Ronnie adds. He points out that the Gallo brothers love trying new approaches to create solutions, and that it brings a synergistic energy to the partnership that allows them to work well together. ResourcesComplianceLine.comGio Gallo at LinkedIn | TwitterNick Gallo at LinkedInLearnings & Entertainments: Website | LinkedIn Ronnie Feldman at LinkedIn | Twitter

Tom Fox welcomes Brett Manwaring to this week’s Innovation In Compliance podcast. Brett is a Managing Director, Financial Crimes Risk Management at K2 Integrity. Prior to joining K2 Integrity 8 years ago, he served at KPMG and JP Morgan Chase. Brett and Tom talk about the importance of documentation, from both a regulatory and business perspective.Innovation Can Happen OrganicallyIt’s a common perception that banks are resistant to innovation, Tom comments. In response, Brett remarks that banks, like most people, are resistant to change and innovation is closely tied to change. However, if banks realized what they have and what they can control, innovation could happen organically. A key component is understanding your data, he points out. K2 Integrity can help businesses organize their data into a central repository, which any department can access and leverage.Poised for Innovation but Unaware“When it comes to innovation,” Tom asks, “do you see smaller or perhaps midsized companies more poised to engage in innovation?” Brett replies that smaller companies are indeed more poised, but they often don’t know it. The reason they can innovate quicker is that they have less customers, transactions, and data to control. Less data equals more opportunity to innovate quickly. He shares tips on how companies can innovate but still remain compliant with financial regulations. One strategy is to do a data lineage exercise, which Brett says can set up companies for a positive yearly review with regulators. “[Great] reporting creates great discussion, and that great discussion creates great decision points, and those decision points - if they’re implemented correctly - are the basis for your yearly review with regulators.” The Case for DocumentationTo every line of business, including new products and services, there should be a compliance officer attached. “Every decision has a downstream impact,” Brett reminds listeners. “The decision you make is going to impact somebody else.” As such, the compliance officer helps the company to anticipate and mitigate the associated risks. “That will eventually lead to a good review at the end of the year from your regulator because everything’s ticked and tied and you thought downstream,” he adds. We face additional changes and risks due to the pandemic, so companies should make sure that their reporting reflects those changes. “The three most important things in any compliance program are the following: document, document, document,” Tom quips. “You laid out the business case of why documentation could be such a powerful business tool and a part of your overall business plan going forward,” he commends Brett.ResourcesK2Integrity.comK2 Integrity on Twitter | LinkedInBrett Manwaring on LinkedIn

Tori Reichman is VP Commercial at Vault Platform, a leading B2B enterprise software company. Vault Platform enables employees to report incidents and also “provides a single source of truth to the company so that the company can receive, manage and resolve incidents and also identify and manage risk around the company’s ethical and cultural health.” Her company’s offering and how it enables both employer and employee, is the topic of Tori’s discussion with Tom Fox in this week’s episode of Innovation In Compliance. Building Trust“One of the reasons I came to join [Vault Platform] is because there's something in it both for the employees and the employer,” Tori remarks. “It's really about building trust and creating trust between those two components.” Vault Platform can be used by organizations in a variety of industries to report on a variety of incidents. Tom asks how it can help companies with continuous monitoring and improvement of their compliance programs. Tori explains that Vault Platform allows companies to have real-time visibility into incidents occurring across the organization via the dashboard. “From an investigation resolution perspective, we also have always had the board at the center of it,” she comments. “[We are always thinking about] what the board needs to know to be able to provide guidance, to get that true visibility so they can see what’s happening.”The Rise of Employee Activism and CyberbullyingOne result of the #MeToo and Black Lives Matter movements is that companies are facing social pressure to act with integrity. Employee activism is on the rise around the world because workers want to speak out - they care about working with companies that take meaningful action on issues. Tom and Tori discuss the importance of creating a climate where employees feel psychologically safe to speak out about their experiences or what they witness. Tom introduces the important topic of diversity and inclusion. Tori says that she is pleased that the conversation today is more about equity and inclusion than about what makes us different. “It’s about how do we bring our different selves to work together to achieve the organization’s objectives or society’s objectives,” she points out.Cyberbullying is unfortunately becoming more common in the pandemic. Tom and Tori discuss this phenomenon, and Tori shares insights why it is so. One reason is that when people are under stress they are more likely to turn a blind eye to misconduct: they are focused on taking care of themselves, Tori says.ResourcesVaultPlatform.comVault Platform on LinkedIn | TwitterTori Reichman on LinkedIntori@vaultplatform.com Create a healthy cyberculture: Stop bullying at work

Tom Fox welcomes Simon Moss to this week’s show. Simon - who describes his background as “eclectic”, having worked in and led many companies over his career, including IBM -  is now the CEO of Ayasdi, one of the most innovative companies in the artificial intelligence space. Simon and Tom discuss the important work Ayasdi is doing for its clients.The Data ProblemTom asks why AI can’t seem to keep up with the volume of data that needs to be reviewed for AML, ABC and trade sanctions. Simon disagrees that it’s an issue of volume. The problem is diversity and distribution. He says, “The problem with data now is that it is so diverse, so distributed, and we’re still trying to deploy products of extraordinary innovation - including AI products -  in the same ways as we did in the 1970s.” He laments that we try to homogenize data into a construct, which uses 80% of our data management resources. “We have institutionalized redundancy in data management, and it is getting worse because of the proliferation of data sources.” While this structure works for data at rest, it is unsuitable for unstructured data and data in use.A Unique Approach“We don’t use the data model approach,” Simon remarks. Ayasdi believes that a company is represented in its data, so they create a model that is unique to each client. “...it knocks 40 to 50% off the time to actually deploy innovation,” he says. He explains why machine learning cannot effectively predict or discover crime or compliance issues. “Hypothesis-based machine learning is brilliant for finding a needle in a haystack... The problem with compliance is you’re looking for a needle in a stack of needles.” Ayasdi’s approach, on the other hand, is to let the data tell the story. “The breakthrough that Ayasdi uses,” Simon says, “is what’s called unsupervised learning as part of a machine learning process. In other words, we are not going to give the software a hypothesis of what to look for. We simply say, ‘Go find interesting stuff.’ Let the data tell us the story.”Innovating for the FutureAyasdi is engineering the operational diligence and deployment needed for the future. It was technology that drove the blue collar transformation of the early 2000s, and it is technology that will drive the transformation of the white collar industry over the next decade. “We're engineering our technology to make sure that we can service a customer expectation in the future,” Simon says. Tom comments, “It strikes me that the insights that could be generated [go] really far beyond the anti money laundering and fraud and corruption.” Simon agrees. He shares three examples of how Ayasdi has helped their clients gain valuable insights and profit from them. “What we're doing is we're creating true Alpha. We're creating true opportunity and we're creating true transparency. When those decisions are made, you know that the decision that has been created has all the explainability, all the referential insight that's needed, all the appropriate data, so that when a regulator comes in and says, Why did you do this? It's all completely supported.”The true challenge of innovation, Simon argues, is that a solution works at scale. “The challenge is, How do you optimize the operating model of an institution? And you do that by looking at the institution as a whole.”ResourcesAyasdi.comSimon Moss on LinkedIn

Welcome to a special five-part podcast series, The Six Elements of an Effective Compliance Program. This podcast series is sponsored by StoneTurn. To celebrate Corporate Compliance and Ethics Week, we will consider each of the six elements required for an effective compliance program. They include: Risk Assessment, Governance and Structure, Policies Procedures and Controls, Training and Education, Oversight and Reporting, and Response and Enhancements. Over this five-part podcast series, I will be joined by Stephen Martin and Valerie Charles, Partners at StoneTurn and Toby Ralston and Jamen Tyler, Managing Directors at StoneTurn. In this fifth episode, I visit with Valerie Charles on the twin topics of Oversight and Reporting: The Board’s Role in Compliance and Having a Speak Up Culture and Response and Enhancements: Continually Improving Your Compliance Program. Highlights include: Oversight and Reporting-the Board’s Role in Compliance and Having a Speak Up Culture What is the relationship between whistleblowers/hotlines/internal reporting/Speak Up culture and Internal Investigations? 3Rd Parties are still the highest FCPA risk. How and why has Due Diligence become even more important in the era of Covid-19. How should a CCO educate the Board on their role within the Compliance framework? How does a Board walk that fine line between management and oversight? What types of questions should a Board be asking a CCO? Response and Enhancements- Continually Improving Your Compliance Program What are some of the key elements of Third-Party Risk Management? In the 2020 Update, the DOJ strongly emphasized not simply oversight but continuous monitoring and continuous improvement. How can a CCO think through continuous monitoring and then using that information to improve a compliance program? What are some strategies for Continuous Monitoring? The 2020 Update mandated greater use of data by a CCO. Yet even with data, why is the human element so critical in any data-based solution? Root cause analysis is now a separate Hallmark of an Effective Compliance Program. How should a CCO use root cause analysis in response and enhancements? ResourcesFor more information on StoneTurn, click here.

Welcome to a special five-part podcast series, The Six Elements of an Effective Compliance Program. This podcast series is sponsored by StoneTurn. To celebrate Corporate Compliance and Ethics Week, we will consider each of the six elements required for an effective compliance program. They include: Risk Assessment, Governance and Structure, Policies Procedures and Controls, Training and Education, Oversight and Reporting, and Response and Enhancements. Over this five-part podcast series, I will be joined by Stephen Martin and Valerie Charles, Partners at StoneTurn and Toby Ralston and Jamen Tyler, Managing Directors at StoneTurn. In this fourth episode, I visit with Jamen Tyler on effectively getting your compliance messaging out. Highlights include:·      In the Work From Home era how can you determine the effectiveness of your compliance training and communications?·      In the 2020 Update, the DOJ for the first time discussed short training and communications, focusing on one issue messaging. What are some of the trends you are seeing in such micro-learning? What about other types of training?·      In terms of compliance training frequency and cadence, what are you seeing as current best practices?·      What are the advantages of compliance ambassadors across a multi-national organization? Can they be outside the compliance dept?ResourcesFor more information on StoneTurn, click here. 

Welcome to a special five-part podcast series, The Six Elements of an Effective Compliance Program. This podcast series is sponsored by StoneTurn. To celebrate Corporate Compliance and Ethics Week, we will consider each of the six elements required for an effective compliance program. They include: Risk Assessment, Governance and Structure, Policies Procedures and Controls, Training and Education, Oversight and Reporting, and Response and Enhancements. Over this five-part podcast series, I will be joined by Stephen Martin and Valerie Charles, Partners at StoneTurn and Toby Ralston and Jamen Tyler, Managing Directors at StoneTurn. In this third episode, I visit with Toby Ralston on why policies, procedures and internal controls are the backbone of your compliance program. Highlights include:  Why is the Code of Conduct foundational? Is one of the key functions of compliance policies to provide a deeper level of guidance? What audience should a Code of Conduct, policies and procedures be written towards? Should they be translated into local languages? Should you have employees attest to reading them or use some other model to demonstrate effectiveness? Why should Internal Controls for compliance be tied to your risk assessment? How do you do so? Internal controls are often seen as financial controls. Can you discuss some instances of non-financial controls and their importance? ResourcesFor more information on StoneTurn, click here.

Tom Fox welcomes Andrea Bonime-Blanc to this week’s show. Andrea is the author of Gloom to Boom: How Leaders Transform Risk into Resilience and Value, and a foremost name in compliance. She recently joined the Board of Advisors of Crisp. Andrea and Tom talk about her new role, and the increasing importance of ESG.Risk Intelligence as a ServiceAndrea explains that Crisp provides risk intelligence as a service: their “series of algorithms search the open Internet and the dark web and a variety of other sources for potential risks affecting their clients,” she says. “It’s basically a way of giving an early warning system to the client on risks that may affect the brand.” She adds that having a transversal approach towards emerging risk is vital.Compliance Should Be On Every BoardTom comments that Andrea has written extensively about the need to have compliance professionals in the boardroom. She responds that it’s even more critical today: “Risks are an everyday occurrence, and we have a convergence of big strategic risks this year like we've never seen before…” A compliance professional brings a unique perspective regarding risk, regulatory and compliance issues that helps to create a holistic long term strategy for an organization, especially in today’s complex, interconnected world. The Importance of InclusionAndrea and Tom discuss why inclusion may be even more important than diversity. “I think people are starting to realize there's some root causes here that need to change,” Andrea remarks. “And they're realizing that these are things that need to happen within their organizations in order to not just make their organizations reflect society more than they have, but to actually create competitive advantage. And that's really the bright side of this whole thing is, you're not just doing it to be a good citizen, you're doing it because it's good business as well.”Moving Towards Coordinated ESGEnvironmental, social, governance and technology issues are non-financial but can have a major financial and reputational impact on any organization, Andrea comments. As such, they need to be handled strategically to bring the most benefit to the company. The good news is that if you manage these issues well, you create better products and services. “Value is always the other side of the coin of risk,” Andrea comments.ResourcesGEC Risk AdvisoryCrispThinking.comGloom to Boom: How Leaders Transform Risk into Resilience and Value

Welcome to a special five-part podcast series, The Six Elements of an Effective Compliance Program. This podcast series is sponsored by StoneTurn. To celebrate Corporate Compliance and Ethics Week, we will consider each of the six elements required for an effective compliance program. They include: Risk Assessment, Governance and Structure, Policies Procedures and Controls, Training and Education, Oversight and Reporting, and Response and Enhancements. Over this five-part podcast series, I will be joined by Stephen Martin and Valerie Charles, Partners at StoneTurn and Toby Ralston and Jamen Tyler, Managing Directors at StoneTurn. In this second episode, I visit with Stephen Martin on compliance program governance and structure. Highlights include:·      A CCO must have access and expertise. Who should a CCO have access to and what should be a CCO’s level of expertise?·      A compliance function must be adequately resourced programs – what does this mean in practice? How much budget should your compliance program have? What should be your compliance function head count? What about those outside the compliance function that assist compliance?·      Why should a Board have compliance expertise? What does the Department of Justice’s 2020 Update to the Evaluation of Corporate Compliance say about compliance expertise on the Board?·      Why should there be a Compliance Committee, separate and apart from the Audit Committee?·      Why should the Compliance Committee on the Board have a Charter?Resources 

Welcome to a special five-part podcast series, The Six Elements of an Effective Compliance Program. This podcast series is sponsored by StoneTurn. To celebrate Corporate Compliance and Ethics Week, we will consider each of the six elements required for an effective compliance program. They include: Risk Assessment, Governance and Structure, Policies Procedures and Controls, Training and Education, Oversight and Reporting, and Response and Enhancements. Over this five-part podcast series, I will be joined by Stephen Martin and Valerie Charles, Partners and StoneTurn and Toby Ralston and Jamen Tyler, Managing Directors at StoneTurn. In this first episode, I visit with Stephen Martin on Risk Assessments. Highlights include: Properly seen, an effective compliance program is an ongoing ecosystem. Why is an effective compliance program dynamic, requiring an ongoing, multi-disciplinary approach? Businesses have traditionally had an historical bias toward financial and operational risk. Why have about legal and regulatory and reputational risks become so much more important in the era of Covid-19 and social justice movements around Black Lives Matter and Diversity and Inclusion? Why must these risks be assessed? The Department of Justice mandated in its 2020 Update to the Evaluation of Corporate Compliance Programs that risk assessments be performed on a much more ongoing basis, such as when risks change. What does this mean in practice? The Department of Justice said in its 2020 Update that compliance must break down silos and functional impediments to an effective compliance program. Why do you see this as so critical? The 2020 Update mandated greater information from a compliance program be used to improve it. How do you leverage code and policy questions received into enhancements to an overall Enterprise Risk Management process?  ResourcesFor more information on StoneTurn, click here.