Innovation in Compliance with Tom Fox

Daniel Ramsey, CEO and Co-Founder of MyOutDesk, a virtual assistant company that helps small to medium-sized businesses get leverage, is this week’s guest. He joins Tom Fox to discuss the untapped resources of virtual assistance.Starting the BusinessTom asks Dan to recount why he founded MyOutDesk. Dan responds that he started a successful real estate practice, but soon realized that he needed more leverage in order to grow his business. However it was hard to find detail-oriented people who could fill in his roles, so he hired a few virtual assistants to do the paperwork and was amazed at their capabilities. From there, Dan says, he asked them if they had connections to other virtual assistants and he started MyOutDesk, which now has about 1200 employees in the Philippines. Blending and Cost EffectivenessDan believes in a blended work chart, where a portion of a company's employees are US based and everyone else is across the globe, and that companies are going to move toward this. It’s not a question of ‘if’, but ‘when’, Dan says. Everyone in your pipeline that is doing the work of running an existing system or process can and will someday be outsourced, which cuts down on costs significantly. According to Dan, one of his employees costs one quarter of the cost of a US based person to employ, meaning that there is incentive for businesses to have a virtual workforce.Vetting and Ongoing MonitoringDan offers advice to business owners about the vetting process of hiring an outsourcing provider. MyOutDesk does an FBI grade background check on all their employees, as well as a medical check to ensure they don’t have any debilitating illnesses that could hinder their productivity. He adds that business owners should ensure their potential outsourcing providers have wide scale experience and are licensed to operate in the countries where they provide their services. For ongoing monitoring of their virtual assistants and using the captured data for continuous improvement, they should invest in some task management or accountability platforms, which are inexpensive to implement and are an easy way to ‘juice’ the relationship between employer and virtual assistant. Talent On DemandMyOutDesk’s solution is talent on demand: when a client comes to them, the company does a thorough consultation about the client’s specific needs, and by the next day the client would have someone ready to work with them. This is beneficial to entrepreneurs, small to medium sized businesses, or any compliance officer running a large operation. ResourcesDaniel Ramsey on LinkedInMyOutDesk.comText SVP to 31996

Ben Locwin chats with Tom Fox about COVID-19 and the risk management issues associated with the disease in this week’s Innovation In Compliance show. What is Coronavirus?Ben says that coronaviruses have been around for a long time. During flu season, about 10% of patients with upper respiratory symptoms test positive for a type of coronavirus. The epicenter of the outbreak of this particular strain of the coronavirus is Wuhan, China, and there seems to be some correlation with the open air markets there. Though it’s suspected that the virus may have crossed from animals to humans, the nexus of the disease is unknown. He goes on to explain how the virus got its name and how it affects human cells.Symptoms and SpreadTom asks about the symptoms of the coronavirus (officially called COVID-19) and how it spreads. Symptoms, Ben says, include respiratory symptoms similar to a chest cold, such as coughing, having trouble breathing, and fever in more severe cases. In a relatively few cases, patients experience organ failure and septic shock and other serious issues, including death. Ben explains that this particular coronavirus spreads through aerosolized droplet infection: when an infected person coughs or sneezes in a public place, fine particulates of saliva and mucus are introduced into the air. Anyone there can inhale these particles and contract the disease. They can start experiencing symptoms within 2 to 14 days.Common Sense PreventionBen comments on the stigma associated with COVID-19. While travel restrictions and other such responses make good sense, he points out that the outbreak of the virus is not yet a pandemic. If you’re experiencing upper respiratory symptoms, see your healthcare provider right away to have a test done. Your sample will be sent to the CDC for testing to determine if you have COVID-19. He advocates common sense prevention measures, the most important of which is hand hygiene: wash your hands regularly. When you’re in a public place try not to touch your eyes, nose or mouth and don’t touch food without washing your hands first. Face masks may also be useful. If you feel ill, stay at home, he advises.Smart Risk Management PracticesTom comments that many businesses are struggling with how to manage the risk associated with the disease. He asks Ben to give some advice in this regard. Ben responds that companies should take a smart approach. While you shouldn’t start panic buying and selling, and cease all travel, you should certainly limit non-essential travel whenever possible. “That’s just essentially limiting our exposure to risk,” he says. Tom adds that there are a number of modern communication tools that can be used instead of traveling to meetings. It’s sad that it takes situations like this to force companies to examine their business operations, Ben comments. However, by cutting out non-critical practices, businesses not only limit their risk exposure, but it also allows them to employ operational excellence.ResourcesCDC.gov/Coronavirus

This week’s guest on the Innovation In Compliance show is Sean Freidlin, Director of Product Marketing at SAI Global. He and Tom Fox chat about the article he recently posted on LinkedIn, Rise and Shine: The Morning Show’s Wakeup Call to Corporate America.Overlapping ThemesSean says that the central themes in movies often overlap with the common themes in ethics and compliance programs. In particular, he noticed that Apple’s flagship program, The Morning Show, tackles almost every issue that compliance teams build training about or write about in their code of conduct. Issues such as sexual harassment, diversity and inclusion, whistleblowing and retaliation are issues that many companies deal with. Sean comments that he applauds the risk Apple took to make the show, which shows their commitment to speak up about abuse of power when they see it.Compliance and Ethics IssuesTom asks Sean what is the general story arc of The Morning Show. Sean summarizes the plot, which includes a sexual harassment scandal, and comments that the show explores the butterfly effect on the culture and the people working there, as well as the corporate politics that are involved in managing a scandal. Sexual harassment is one of the top two issues that ethics and compliance professionals have focused on in the last year, according to Sean. He highlights several lessons ethics and compliance professionals can garner from the show, including: Some people don’t know what isn’t allowed; There should be a deeper commitment to communicating company values and policies; The show highlights the role personal connections and relationships play in perpetuating a culture where people don’t do the right thing. A DilemmaYou might find it harder to do the right thing if you like your boss or your colleague, but you know they’re doing something wrong. Your relationship with that person may cloud your judgment, Sean says. A positive and ethical leader has a positive influence on employees’ behavior; but a manager or leader who disregards the rules, policies and values of the company, will negatively affect everyone else. The bottom line, Sean points out, is that relationships are an essential part of a compliant organization or a culture where people do the right thing. Tom quotes a line from Sean’s article, “Successful and powerful men can manage to survive and even thrive on their charm and influence, despite the unethical and immoral choices they make.” He and Sean discuss the moral and ethical dilemma of doing the wrong thing if it will help you be more successful.The Reality of WhistleblowingSean says that The Morning Show does an excellent job of exploring what happens after you blow the whistle. A common mantra today is ‘If you see something, you should say something,’ However, saying something is just the beginning, Sean says. The one who blows the whistle faces more than just retaliation: the emotional impact is even weightier. That person has to live with the stress of knowing that the misconduct they reported is ultimately going to be the catalyst for so much drama, such as people losing their jobs, and the company losing money.ResourcesRise and Shine: The Morning Show’s Wakeup Call to Corporate America Sean Freidlin on LinkedInSAIGlobal.comsean.freidlin@saiglobal.com

This week’s guest on Innovation In Compliance is Gini Dietrich, CEO and founder of Spin Sucks. Gini is a writer, blogger, speaker and all-around expert in the PR space. She recently wrote a blog post entitled, How to Spot Red Flags in New Business Relationships, which is the focus of her discussion with Tom Fox in this week’s show.Trust Your InstinctsTom asks Gini what inspired the blog post. She responds that she actually wrote the blog post as a reminder to herself to always look for red flags and always listen to her gut. She says that when you’re contemplating a prospective business relationship, there are a few questions you should always ask yourself. Do you see red flags? Can you get past them because there are other advantages? Should you discontinue the conversation and save yourself time, angst, money and resources in the long run? In the PR space, the most common red flag is unrealistic expectations, Gini explains.Why? Why? Why?Gini points out the importance of writing down red flags. For one thing, it makes them more concrete; and for another thing, you can take your questions into your meetings to remind yourself to ask certain questions if red flags arise. You should be constantly evaluating your business relationships. Ask follow up questions. Gini advocates asking why at least three times. Tom comments that the compliance industry uses that exact technique; it’s called root cause analysis.Learn to Say NoTom asks, “Why is the ability to say no critical for business owners and compliance professionals?” Gini responds that in business relationships, if you can’t find any red flags then it’s usually going to be a good relationship. The inverse is also true: if there are red flags then the relationship is usually going to be difficult. The other reason why being willing to say no is important, is that in the PR business as in compliance, you’re selling your time and you can’t scale that. So it’s critical to say no to things that will take your time away from what you should be doing. Tom mentions that part of Gini’s process is to try to disqualify every prospect. She comments that looking for reasons to disqualify a prospect, and finding them, makes it easier to say no to them. She shares tips on what red flags might look like from the employee and client perspective.ResourcesSpinSucks.comHow to Spot Red Flags In New Business Relationships

Ray Pathak is the COO of Nymity, which was recently acquired by TrustArc. He chats with Tom Fox about the acquisition and how his company is reimagining privacy.A Powerful CombinationNymity and TrustArc have been in the compliance space for a combined 40 years. Nymity has research expertise, and TrustArc is versed in automation and technology. The companies coming together with their complementary skills, have created something powerful and special in the marketplace. Reimagining PrivacyTom asks Ray to expand on its catchphrase, ‘Reimagining Privacy’. It’s about providing data intelligence within the compliance solution, Ray responds, so that companies can do more with less. “We want to empower organizations to understand their data better and by understanding it, be able to do more with their data.” He calls this ‘unleashing the data’. The wait-and-see approach used by so many companies is a failure waiting to happen, Ray argues. It may solve the problem of today, but it’s not viable long-term because you would have to start from scratch each time a new law comes out. He advocates a more proactive, take-control approach: build out a comprehensive privacy program so when a new law comes out you're just tweaking your program instead of creating a whole new one. Embedding four layers of research within their tools so that information is available to clients when they need it, makes Nymity’s solution different from other solutions on the market. Ray goes on to explain how this process brings privacy intelligence to their clients, saving them valuable time. Their comprehensive framework containing 139 different technical and organizational measures, grouped into 13 categories, and mounted to over 900 local and international laws allows clients using the framework to build out their data privacy program to comply with many laws.Future TrendsTom asks Ray to comment on the top issues in data privacy for 2020 and beyond. Ray responds that the first issue is the impact laws like CCPA will have. More states are coming out with privacy laws, likely to be more comprehensive than CCPA, he predicts. The second issue he talks about is making data privacy easier for people. Privacy is becoming more complex, but their privacy intelligence tool makes it more accessible for clients. Thirdly, he says that by combining technology with research, his company is helping to provide insights to organizations with their solution.ResourcesNymity.comTrustArc.com

This week’s guest on Innovation In Compliance is Garin Bergman, founder of the Palmtree compliance app. He chats with Tom Fox and Ronnie Feldman about the app, and how it puts compliance into the hands of employees.Making Compliance Simpler and TimelyRonnie believes that the next boundary in compliance is simplicity, not complexity. Garin’s innovative solution is a simple way to get compliance to people through technology, he says. Garin explains that Palmtree is a mobile application for smartphones and tablets that allows compliance departments to put their materials into their employees’ hands wherever they are. The app can recognize employees’ location and send them communications that might be relevant to their project or that might minimize compliance risk. In addition, having the app available on their devices - an environment they’re already used to and like to use - in an engaging and easy to read format, further supports the compliance program.Key FeaturesPalmtree has the ability to track and analyze metrics that are important to the company. Another innovative feature is the gift registry module. Garin explains that this allows individuals to submit gifts to be reviewed and approved by their supervisor. The supervisor is notified of the request and, using the information available in the app, makes an informed decision whether to allow the gift. The request is approved or declined right within the app, and the employee is notified. Additionally, robust back end analytics can provide reports on the types of gifts that have been given over the past two years.Solving A Compliance ProblemTom comments that an often overlooked reason why adoption of new technology is slow in the compliance industry is that it requires lawyers, who comprise the majority of the industry, to deviate from the static policies, procedures and delivery of training they’re accustomed to using.People also assume that having a solution like Palmtree will be very expensive, Garin says. However, the cost is quite reasonable and it can be deployed in as few as 45 to 60 days. Tom adds that it also allows you to comply with the Department of Justice’s requirements for ongoing improvement of your compliance program.ResourcesGetPalmtree.com

Gio Gallo, and his brother and co-CEO Nick Gallo, joined ComplianceLine because they saw a need for better vendor partners in the compliance industry. Their mission is to help more people every day. Today they care for the leaders who care for six million people around the world. Gio joins Tom Fox on this week’s show to talk about why the human element in compliance is mandatory and why it’s going to stay that way far into the future.Taking Care of PeopleComplianceLine helps compliance leaders by giving them actionable information so they can take care of their people. Gio lists the services his company offers, such as issue intake and case management, and hotline. Data Cannot Replace HumansTom comments about the increasing importance of collecting and monitoring data, given regulatory mandates. He asks Gio why he believes that data cannot be allowed to replace the human element. Gio responds that automation is great, for machines. However, you can’t define every scenario or what should be done in every interaction, so there’s no way you can automate everything. In addition, where there are issues that involve people, you need people to find information, and to plan and execute the appropriate fixes. As more repetitive tasks become automated, the human element is going to become more important, Gio predicts.Hotlines and EmpathyThe human element of compliance is especially relevant in hotlines. People expect that human-caused problems with human-required solutions have human-considered interactions, Gio says. People calling in to report a problem need to feel heard and that their issue is being considered by someone who will do something about it. Tom commends Gio on a ComplianceLine blog post entitled, I Hope Things Get Better for You: The Importance Of Empathy In Compliance Reporting. Gio responds that empathy drives effectiveness. It’s also the way to show care and respect for others. Anyone calling your hotline should feel cared for and listened to. When you engage with them in a caring way, you understand where they're coming from and you get better information. You can now follow up and close issues faster, and ultimately take care of damaging risks more quickly.ResourcesComplianceLine.comComplianceLine on YouTube | LinkedIn | Facebook | Twitter | InstagramComplianceLive podcastggallo@complianceline.com Blog post: I Hope Things Get Better for You

Trysha Daskam has been with Silver Regulatory Services since its inception 18 months ago. She is the in-house expert on Environmental Social Governance (ESG) at Silver and was brought in by founder Fizza Khan (guest on episode 108 of this podcast) to grow the ESG arm of the business. She chats with Tom Fox about how Silver Regulatory Associates helps their clients improve their ESG compliance.Creating an ESG ProgramTrysha defines ESG as a lens through which you comprehensively evaluate the investments that you make. It is often deemed a risk tool because it evaluates a set of environmental, social and governance risk factors that were not typically captured in traditional diligence. Tom asks Trysha to describe the steps a company should take to create an internal ESG program. She responds that companies should start by determining if they already have any ESG-related document that could form the basis of a policy. If not, then there are a few core steps to take: Create your guidance document that enumerates your ESG procedures; Train the investment personnel who will be responsible for the policy; Entrench the policy in the company culture through communication. How ESG Helps You See In The DarkESG is increasingly becoming a matter of corporate citizenship, Trysha says. It is a way for a firm to establish how it is acting responsibly towards its clients, employees and community at large. In addition, investors want to see that the ESG policies on paper are actually being implemented, that protective mechanisms were put in place to guard against considered risks. ESG should put a firm in a place where they are less surprised by things that happen, Trysha remarks; it’s another tool to help them see in the dark. Tom comments that it’s a framework to be able to not only analyze questions and manage risks, but also to give answers to multiple stakeholders.ESG for Investment FirmsTom asks where an investment firm should start if they want to evaluate their portfolio or potential acquisitions from an ESG perspective. Trysha responds with some questions they should ask: What do you deem to be a material ESG risk for the business that you are evaluating? From that list, are there any underlying sub factors that can be measured? ResourcesSilverRegulatoryAssociates.comEpisode 108 with Fizza Khan

Peter Grossman comes from a publishing and entertainment background, having worked at US Weekly and Rolling Stone. Given this background, he and his partner initially targeted the entertainment industry when they co-founded their production company, Labyrinth Training. However, they were offered the opportunity to work with AB InBev to create compliance training that their employees would actually pay attention to. Since that time, Labyrinth has focused on creating training for the compliance industry. Peter joins Tom Fox on this week’s show to talk about the innovative ideas, strategies and techniques in training and communications that his company brings to the compliance space. Fixing What’s Wrong With Compliance TrainingPeople love learning, Peter says, but they generally do not like school. The problem with compliance training is that it’s usually built by test takers, with little to no emphasis on engaging learners. Oftentimes you have a situation where compliance training is done in December when employees are the least engaged. That’s not the time to try to shove information down people’s throats, Peter argues. Training should be something that makes a difference, that changes behavior. As such, it should be something people want to do, not just have to do. You need to attach creative and innovative ideas to what you're trying to convey to grab people’s attention and make it memorable. Essentially, your training should be about engaging your workers year round in a culture change. Memorable StorytellingWhenever you roll out a training, it should feel like a cool office party, Peter says. The goal is to have people talking about it afterwards by attaching your policies to storytelling. Tom asks him how he applied this strategy at AB InBev. Peter shares the attention-grabbing narrative they developed for AB InBev’s compliance training program. It was so memorable and relatable that it became a company inside joke. What’s most important, he says, is that workers now remember what to do in certain moments because of that training. “The idea is that when you create characters that resonates with everybody, that’s what sparks the behavior change and gets people remembering it throughout the year,” Peter comments. He advocates bringing storytelling to everything - from broad topics to the most nuanced - because people will remember it.A New PodcastTom mentions that Peter will be joining the Compliance Podcast Network with his new podcast. He asks him to give listeners a preview of what is to come. Peter says the name of the podcast is In The Lab. It’s going to be a very loose, conversational show. He will bring his storytelling background to the show as the format will be about talking to people and hearing their stories. ResourcesLabyrinthTraining.com peter@gadfly.io 

Like its namesake, which was the first piloted aircraft to break the sound barrier, X1 values innovation and speed. The company is laser focused on fixing problems in new, better and more cost effective ways. Its software capability has evolved from search & productivity applications into the ability to collect social, media and web content for legal proceedings, as well as the ability to access and act on employee information in a scalable manner without disrupting productivity. CEO of X1, Craig Carpenter, joins Tom Fox on this week’s show to chat about how his company is making data accessible for its clients.Distributed GRC SolutionTom asks Craig to talk about X1’s distributed GRC solution. Craig responds that the name itself conveys that the software is wherever the data resides. Distributed GRC is a two-part product, he says. The first part is software that sits on an endpoint such as a laptop. The second part is a command and control layer that allows you to access your data sources and analyze what data is available as well as take action on it. Craig explains how X1 enables social media discovery in a forensically sound fashion. Data can be manipulated today, he comments. So being able to prove that your data is credible and that the chain of custody is accurate, is critical especially in the context of legal proceedings.Quick AccessTom comments that X1’s emphasis on speed equates to greater business productivity, efficiency and profitability. The company was founded for this very reason, Craig agrees. Finding the right information in a timely fashion, and being able to act on it for your productivity purposes, is critical to business. CFIUS and Preventing ViolationsThe Department of Justice’s new guidelines require companies to go beyond policies and questionnaires to using technology to validate data. Craig says that X1’s solution is a last mile validation piece. He and Tom discuss how X1 helps its clients comply with CFIUS (The Committee on Foreign Investment in the US) regulations. “Our technology is very effective because we can not only get the server data and some of the structure data as well to ensure that that’s compliant,” Craig comments, “but stuff on laptops and desktops where people work is also compliant. That’s kind of the key hidden element that we’re really good at attacking.”ResourcesX1.com