Innovation in Compliance with Tom Fox

Tom and Tanya met virtually years ago, and she’s one of the most interesting people Tom has ever come across. Tanya started her career in early childhood education but she didn’t end up there; after a leaving childcare and being a stay-at-home mother, Tanya dedicated her life to something that matters to her: being healthy. How does that apply to you? When you move your body and exercise, you will be much better at your job.More Than Physical FitnessPhysical fitness isn’t just about your body. It’s about your mind, too, in how you see yourself and embrace who you are. Being fit is also about training your mind to embrace goodness, and it’s intrinsically connected to how your body feels. For those in compliance, it can be a lot of everyday stress. Practicing fitness of mind and body can help relieve that.How to Create a Positive MindsetIt’s as simple as waking up and thinking of one thing to be grateful about, and when you’re going to bed, decide on the best thing that happened that day. And it’s as hard as that, too. Your mindset is a part of you, so to change it, you have to change your habits. Like being physically fit, being mentally fit requires a bit of training. Here’s how to reboot your mindset:First, as you go about your day, recognize the small things and focus on how you feel. Give yourself permission to take five minutes to get centered again.Second is moving your body every day. Running, CrossFit, cycling, swimming, walking around the block: it doesn’t matter what you do so long as you do it consistently.Third is going to bed and thinking about the best thing that happened that day. It helps you focus on the positive aspects.Fourth, as you’re getting ready for work the next day, take a moment to reflect on who you and appreciate the good things about yourself.Fifth, surround yourself with positive people. You can’t imagine how negative people can drag you down. Even if they’ve been a friend for life, it might be worth breaking the friendship.SEA - The Self-EMPOWERMENT AcademyTanya talks about her membership community, who it’s for, and why women of all background should consider joining it. She also shares why she wears a leather jacket.ResourcesSelf-EMPOWERMENT Academy | Instagram | Twitter | LinkedIn | Facebook

Brian is the founder of Informed360, one of the most innovative companies Tom has come across in a very long time. Brian’s a little unique in the compliance field in that he’s not a lawyer, but that’s one of the main reasons, coupled with his experience running large programs, that caught the CEO’s eye. He talks about the career path that led him to Informed360.Under the Hood of ComplianceBrian talks about how having a great team working in a compliance department isn’t enough. When he looked ‘under the hood’ of how things were being run, he noticed some major problems. In other words, it was ‘all duct tape and glue.’ There were manual processes, lots of Excel spreadsheets all over the place, and disparate systems and applications that weren’t connected. Pulling data and information together was a painful process. This was what inspired him to create Informed360.The Role of TechnologyFrom risk assessments and disclosures and beyond, Informed 360 grew out of a real need for the compliance industry to catch up with technology. The main idea was to give data far more visibility. They didn’t just build for one compliance activity at a time. Instead, they asked: “How to companies manage their ethics compliance program?” That was the mindshift needed to build a holistic platform that can code a company’s compliance elements into their program. This allows for continuous improvement of the program and is at the heart of Informed360.A Project Management ToolIt’s great and necessary to have a risk assessment tool, but without action taken on that risk, it becomes a real issue. That’s why Informed360 is also a project management tool, pairing actions to resolve problems, again, with the continuous improvement concept in mind. And like any good project management software, there is a place to put all the documents and bits of information that are often scattered across computers and cloud storage. Brian also talks about how lean methods are working their way into compliance programs.Informed360 and Red Flag ReportingInformed360 recently announced a partnership with Red Flag Reporting that promises to be interesting and useful. Brian is the first to admit that a single system cannot do everything everyone needs done. So instead of building out certain functionalities, they have decided to look to market leaders and partner with them, and Brian talks about what that looks like for the future of Informed360.ResourcesInformed360 | LinkedIn

Today’s episode is a great one. Not only will we be talking about innovation in the field, but we’ll also address how today’s guest, Ted Hart, gives compliance officers a framework by which to think through issues that they face. Ted is the President and CEO of CAF America and brings 30 years of experience in advising global philanthropy.Ted and CAFCAF has a unique goal: to provide service to the philanthropic community, specifically to those in the United States who want to give abroad but have tax issues to face they don’t quite understand. They’ve been in business for 27 years.Cross Border GivingCAF America worked with several professionals in the market to write “Cross Border Giving.” The goal was to educate on a topic that can be confusing, so each professional wrote a chapter based on their expertise. The book and workbook together provide a great foundation, to which those who wish to donate to charities outside the US can refer.The 3 R’s and 7 Principles of International GivingRegulatory compliance, reducing the risks, and protecting reputation: these three things should be on the mind of every donor as they seek to give outside the US. As for the 7 principles, you’ll find a direct line back to the 3 R’s:Integrity of the processUnderstanding all aspectsRespect for the culturesResponsiveness to changing issuesFairnessCooperation and collaborationEffectivenessTed breaks down what each of these principles means in the bigger picture of giving, and how they inform good practices. They help keep the donor central to the process with their vision and mission. CAF works in such a way that donors can see exactly how their gifts are impacting people around the world, even for those people who can’t necessarily donate large amounts for extended periods of time.Working with CharitiesNot all charities are created equally, so CAF includes in its mission a rigorous vetting of charities and making sure they are doing with donors’ money what is expected of them. It’s a system of checks and balances that makes sure the people that donors want to help are getting the most out of the donations they send.The Legal Side of Cross-Border DonatingMoney laundering is a major concern when the same laws we have in the United States don’t apply in other countries, and it’s something CAF takes very seriously. No donor wants to learn that they have been funding terrorist activities. Ted talks about the strong procedures CAF has in place to prevent such things from happening.On the flip side of that coin, many governments around the world have tightened down and created regulations for money coming into their countries. They want to know where it’s going and how it’s being used. Ted talks about a new Chinese regulation and why CAF is one of the leading organizations compliant with Chinese law.Resources:Ted Hart: 202-793-2232 | info@cafamerica.org | CAF America | LinkedIn

It’s challenging enough to keep your own business secure. But when you also have hundreds of third-party suppliers, how can you make sure you aren’t vulnerable to attack? Joining us today is Dov Goldman, the Director of Risk and Compliance at Panorays, and on this episode, we’re talking about cybersecurity, and the strategies and measures you can put in place to keep you safe. Panorays Panorays automates your third-party security management. It enables you to easily view and manage the security posture of your third parties — including vendors, suppliers, business partners, agents, and other forms of intermediaries — who form an ecosystem around your company that represents you. You can continuously monitor your ecosystem, and at the same time, ensure compliance with regulations.The New York Department of Financial Services The NYDFS is focused on consumer protection. They regulate many thousands of financial services organizations, and they’re mandating that you do certain things to protect your consumers (for example, their confidential information) and your IT operations (for example, from hacking and other technology-driven threats). It’s the first regulation that Dov can remember, at least in the United States, that tells you the big picture, and in some areas, specifically how to build and manage an information security and privacy program. It’s relatively new and groundbreaking, illuminating the path for many organizations. Regulations re: third-party risk management program You need to manage your own cybersecurity in a certain way so you can manage the cyber risk associated with your third party service providers and outsourcers. The current regulations define a series of principles to follow: from identifying and risk assessing your third party providers, to having a set minimum cybersecurity standard for your suppliers, to having due diligence process that you apply to your subcontractors, including a periodic assessment based on risk. An added layer of complexityIf you have a set of security standards for your business, and you have third parties doing critical work for you, you would want those same standards applied to them. For all intents and purposes, they are part of your ecosystem and organization, or your “attack surface.”The complexity comes in because while you are able to do certain things within your organization to meet your security needs, you don’t have that kind of control with a third party. You need to implement third-party assessment and risk management programs, and then negotiate with the other parties to remediate any deficiencies to meet your standards. This also needs to be done at scale, because if you have 400 service providers, this doesn’t just mean you have to look at policies and procedures 400 times, you will have to look at them 400 times every year to keep everything secure. The Hacker’s ViewAt Panorays, they have what they call a 360-degree view that maps out a client’s digital assets via a smart questionnaire and through scanning your third parties. They’re finding everything you own in cyberspace, and then testing them for 10,000 (and growing!) ways hackers can penetrate your attack surface. The goal is to look for vulnerabilities across your entire ecosystem so you can remedy them immediately. After this, they scan constantly and show alerts when there’s a problem, so you can respond in real time and make sure you’re covered at all points. Resources Dov Goldman (LinkedIn) | Panorays | The New York Department of Financial Services 

How do you keep pace with innovation? Returning to the podcast is Syed Hussain, the Co-Founder & CEO at Liquidity Digital, a blockchain-based FinTech firm that’s building an end-to-end digital security system. How does this work and how can it make our organizations more efficient, more compliant, and more profitable? The shift to digital Traditional forms of capital formation are simply not keeping pace with what the capital demands of the markets are. What blockchain enables people to do is take their existing assets, digitize and securitize those assets, and transform them into digital securities. At Liquidity, they’re building a platform that will allow for the issuance of these digital securities, paving the way for capital markets to go and take the digital route. Benefits of digital securityDigital security is now bringing in opportunities that aren’t possible in the traditional world. Because these things are built on top of blockchain, it is inherently a very, very secure protocol. It’s transparent, as you’re able to store it on an immutable record and can trace any changes and transfers of ownership. It’s also accessible, allowing you to expand out into global markets. And because it’s digital, it’s made extremely efficient through automation, leading to massive cost reductions and a tremendous amount of savings. Regulations and Innovation Liquidity works hand in hand with regulators and partners with them: regulators are able to learn about the technology and build regulations around it, as well as helping Liquidity navigate regulatory channels so that while they leverage this new technology, they can make sure everything is compliant. Regulators are being very open-minded in their approach, and are seeing this new technology as something to look forward to that is leading the charge. This is something that is going to bring in massive amounts of innovation, and while innovation is always going to be ahead of regulation, what’s important is that regulations are able to quickly catch up. As innovators, the responsibility lies with us: we cannot make changes in reaction to regulations. We need to work with regulators so we can innovate proactively and have innovation through regulation. Resources Syed Hussain (LinkedIn) | Liquidity.Digital (Website) | Twitter

Is there still a place for good manners in today’s ruthless business world? Joining us today is Carrie Penman, the Chief Compliance Officer and Senior Vice President Advisory Services at NAVEX Global. She wrote an article entitled, The Cost of Incivility in the Workplace, and today we’re talking about why manners matter.Why the article: So many people don’t have a good understanding of the fact that how you say something is as — or more — important than what you say. Think about what it’s like to be on the receiving end of the message you have to deliver. How would you want that to be said to you? Rude, abusive, and harassing bullying behavior has been costing organizations big time for decades in terms of decreased productivity, lost top talent, loss of innovation, lower quality customer service, and more. Many of the reports that ethics and compliance officers receive over their hotlines are related to HR matters, and can lead to serious compliance violations. The Era of the Jerk Manager is Over: It was once accepted and expected that it was okay for the boss to be a jerk. These days, it’s become a lot less acceptable. The course of our discourse and the political environment has raised the issue for so many people and the expectations of employees have changed. Jerk behavior is so toxic to our cultures, organizations, and our ability to succeed. Committing to corporate values: Organizations have always had a set of core values, but the key is to commit to these values for them to have credibility. Is your organization living your core values in all aspects of your work? Are they enforced at all levels, i.e. no special rules for special people?The only way for this to work is for organizations to recognize and discipline for inappropriate behavior, because if those behaviors are accepted, it drives cynicism. Carrie shares a company’s litmus test for their values: can you hire and fire by them? We are all accountable: Employees may legitimately have a question or complaint about an interaction or a request from a manager, but it doesn’t give anybody the right to be rude or be a jerk. It’s basic human civility. Two wrongs don’t make a right: if the boss is being a jerk, that doesn’t mean the employee gets to be a jerk, too. We need to be accountable for our own behavior. Be present professionally and personally. It all comes down to respect.Resources: Carrie Penman | The Cost of Incivility in the Workplace | Top 10 Ethics & Compliance Trends for 2019 | The Era of the Jerk Manager is Over

Innovation comes in many ways, forms and inspirations. Today we consider the basic use of communication as an innovation for compliance. We’re chatting with Ben Adelberg, host of The Back of the Range Golf Podcast, and today he’s sharing his processes, tips, and tricks for innovation and moving forward with whatever it is you’re working on. Ben’s approach:Ben interviews a wide variety of people, so before he ever gets on the phone with them, he does a deep dive. He goes through all of their social media channels, websites they might have been on, books they’ve written — anywhere that might have information on them — and finds out every single thing he can that could potentially lead him to different and unique questions to ask his guests. His goal is to go through the entire episode and ask questions they’ve never been asked, which makes The Back of the Range unique and stand out among all the other golf podcasts.Publicizing the podcast:Publishing a podcast episode is just half the job. It could be the most entertaining episode, but if nobody really knows about it, it’s just going to sit there. So for every episode, Ben promotes it to his Facebook page, Twitter, Instagram, and uploads every episode on YouTube. He takes a 30- to 60-second long snippet of the episode and transforms it into what’s called an audiogram: a static picture with audio over it. It goes onto all his social media channels with a link to the episode. He’ll also make sure to tag the person the episode is featuring and mention anybody else that might have been mentioned in the snippet, so it shows up on anyone following those feeds as well. This increases your reach and gets that 60-second clip in front of as many people as possible. Leveraging tools:In this business, you’re trying to capture people’s attention. A post that just says “click on this link” isn’t giving a big reason to listeners or followers to click on the link. Create a captivating photo or video, maybe something comical, or create a poll question on Twitter or a contest on Instagram. Just like anything in life you want to accomplish, you’ve got to put the work in. Showing value:Ben read Joe’s autobiography twice, did a deep dive on all his events, and fortunately loved baseball and golf, so he was extremely well-prepared for the episode. With every single guest, he tries to show value and his legitimacy right away by asking different probing questions that show he’s done his research. Once you do that, they respect the fact that you’ve done your work, and armed with that and a clean phone line, the episodes turn out well.Resources:The Back of the Range Golf Podcast

Do you have HR processes in place? Join us on this episode of the Innovation with Compliance Podcast with Deb Muller, the CEO and Founder of HR Acuity, and we’re chatting about how human resources related technology and processes can help mitigate risks and create a safer workplace for everyone. No rhyme or reason Deb noticed that most of the investigations being done within HR in an organization had no rhyme or reason. There were no processes as to how they should be done. Talking to clients, she recognized the need to incorporate technology and consistency into the investigation lifecycle, because someone can just walk in the door with something to tell you and upend your entire day — not to mention pose an incredible amount of risk for the organization.Having a systemHuman resources are your most expensive resources, yet most companies don’t think about it when they think about risk or compliance. What happens when someone makes an allegation?  A proper compliance process will make sure you get to the right result, stop the behavior, and mitigate the risk.What HR Acuity’s system allows you to do is identify if you’ve had similar issues in the past, spot the trends in behavior, and get ahold of them before they lead to something else. You can nip situations in the bud, and the data allows you to get smarter about your people and figure out how you’re going to train them.Interpreting data What’s great about the data is that you can see the outliers. Once you know your norm or your benchmark, you’ll be able to spot the spikes and dips — things that are unexpected. You might now know what that actually tells you, but what that does is it gives you the information to go and ask the questions and find out what’s going on. What changed? What’s different? Did something happen internally? Externally? 10 Ways Technology Can Impact Your Employee Relations StrategyThis blog entry goes through all the different things you can get from technology. Many clients rely on the data to see if they’re at risk for class action suits, for example, where legal can just check the data as a “single source of truth,” go through historical information, and see if there’s anything they need to get on top of before it becomes a bigger issue. It’s not the issue, it’s how you handle itIf a process exists that people see and believe in, they are going to be more accepting of the outcome. We hear that 75% of people don’t come forward, and Deb believes it’s not because they don’t know how to come forward. It’s because they don’t know what to expect when they come forward. It can be scary: Am I going to be retaliated against? Am I going to have to recount my story in front of the person? Are they not going to do anything about it at all? Will it be held against me? One important thing about having a process in place is sending a message that you have a process in place. When someone has an issue, they’re going to feel much more comfortable coming forward, so having processes in place is so important in helping to create that safe workplace. Resources Deb Muller | HR Acuity | 10 Ways Technology Can Impact Your Employee Relations Strategy

What does it mean to be accountable and lead with accountability? Sam Silverstein is a consultant and author whose mission is to empower people to live accountable lives, transform the way they do business, and thrive at extraordinary levels. Join us as we take a deep dive into the subject of accountability and how it can impact the way we live and work.  Accountability vs. transparency These are two totally different elements. Transparency is being open and honest: admitting that you have made a mistake and saying you’re on it and fixing it. You’re not trying to hide it or pretend it didn’t happen, you’re just being human. This is critical, and transparency is an element that will help you toward a life of accountability as an individual or as a leader. But accountability is keeping your commitment to people. We talk about it a lot but many people have yet to figure out what it is. Accountability is not a way of doing, it’s a way of thinking, specifically, how we think about people. It isn’t just keeping your commitments to appointments and deadlines; it goes far deeper, like your commitment to the truth and to your values. Accountability IndexThe Accountability Index is a tool that measures an organization’s culture across 15 different indices. This gathers valuable information that ranges from engagement to an actual accountability score, and, using this data, helps an organization fine-tune their culture so they’re inspiring accountability up and down the organization. It’s the leadership’s responsibility to be accountable first, and then create that environment that inspires accountability. In a culture like this, accountability isn’t coerced. It’s simply that people want to take it upon themselves to get the job done and do it right. CultureEvery organization has a culture, either a culture by default, or a culture by design. Most organizations have cultures by default. When leadership takes the time to decide that this is what our culture is going to be, and creates an environment that values people and allows people to feel like they’re a part of the conversation and the solution, then that is a culture that inspires them to want to do their best. That’s the real power of accountability. The Accountability Movement, The Accountability Roundtable, and The Accountability Community ProjectThe Accountability Movement is about trying to get people on board with wanting to live a more accountable life individually, as well as being part of a more accountable world. The Accountability Roundtable is when, for example, clients who have already gotten on board with accountability invite leaders from different segments of the community, and, with Sam, talk about accountability over breakfast or lunch, discussing what it can do for their organizations and how it can impact the community.The Accountability Community Project is where they work with civic leaders in the community. This is when they roll up their sleeves and make an investment in time and energy resources, helping them put these principles into action to build a more accountable community. Resources for SamLinkedIn | Website | YouTube

What if compliance training didn’t have to be boring? Joining us on this episode is Andrew Rawson, the Chief Learning Officer for Traliant, a compliance training company. Today we’re talking about the future of compliance training: how to make it truly effective, useful, and even fun. The importance of trainingThe last couple of years have seen the intersection of two seismic forces that have created tremendous demand for quality training. The first was the #MeToo movement, which has brought up the whole topic of compliance training around sexual harassment — so much so that it’s become a need to have instead of a nice to have, even in states where it isn’t required. The second was a change in regulations in different states across the country, now requiring more than 10 million people to be trained. Effective compliance trainingThere is a difference between teaching people about the law and teaching them what to do. At Traliant, they wanted to train people how to behave. What do you do when you’re faced with a particular situation? That should be the focus. The training is also intentionally more modern: well-designed interfaces, interactive videos, professional actors, point systems, getting senior management to record training segments for their peers  — all of which help make learning more engaging. An important part of making training effective is making sure that people are encouraged to speak up, and that when they do, they’ll be protected. You might not be able to stop bad actors, but you can encourage witnesses to point out the behavior. Moving away from check-the-box trainingMuch of compliance training is very check-the-box: a once-a-year thing that companies do to get it over with. But that’s not an effective approach. Traliant has gone from doing one-and-done sessions to creating a more holistic training approach. Examples are 15-20 minute courses for managers involved in investigations and two-minute training videos on dating in the workplace that they call “sparks” — because they’re meant to spark conversations. Resources Preventing Workplace Sexual Harassment: 4 Top Trends for 2019 | Andrew Rawson | Traliant