Innovation in Compliance with Tom Fox

On today’s show, Tom chats with Kristy Grant-Hart, CEO of Spark Compliance Consulting. She and her team have developed a Spark Score Report, a tool to help you discover how your compliance program looks to the outside world. Kristy and Tom discuss the Spark Score report, what it means for your business and the industry, and how you can find out if your presence shows how truly committed your company is to compliance.What is the Spark Score Report? Is there a gap between how good your program is internally, and how it’s perceived externally? The Spark Score is a free report that gives you insights into just that. It’s a benchmarking tool that tells you what customers and outsiders see.Many underestimate just how important this information is. The public is looking at what you put out there. They’re searching for your presence — and this innovation solves this business need.This report that can be taken back to your company (e.g. your C-suite or managers) to help evaluate how your company is doing vis-à-vis others in the industry. Are you showing your commitment to compliance in a way that is quantifiable and benchmarkable? The report does that research for you. How is it measured?There are six different factors: Code of Conduct, Corporate Governance, Whistle-Blower Provisions, Anti-Bribery Commitments, Data Privacy, and Modern Slavery / Sustainability. These are weighted based on importance and how the factors work, so you can see where you fall out. Kristy shares examples of things the report evaluates, and underscores the point:  if you want to show people what is good about your program, there are ways to do it. Gathering a DatabaseAs Spark Consulting generates reports, they are also gathering a database of best practices. Which industries have the best approaches? And how can this affect — and help — other industries? The aim of the report is not solely to provide companies with information, it’s about raising everybody’s game to be better.Resources for KristyLinkedInWebsiteSpark Score ReportSpark Compliance Consulting

How can companies comply and keep up with the ever-evolving anti-money-laundering rules and regulations? Today we welcome Jennifer McEntire, the director of Financial Crime Compliance Strategy at LexisNexis Risk Solutions, where they combine big data and use advanced technology and analytics to help customers comply with regulations, evaluate and predict risk, and enhance their operational efficiency. Today, Jen and I are talking about how this can apply to non-financial service corporations, and the four key findings of their recently released report. How can commercial companies begin to assess their money laundering risk?Look at your money laundering risk instead of your anti-money-laundering compliance risk. Check your policies on payments, invoicing, and refunds, and ask if you can be used as a vehicle for money laundering. If you’re a company that sells high-value items, do you have controls in place that require refunds to go directly to the person who purchased in the first place or can payment be directed elsewhere?Look at your sanctions risk, then your anti-bribery and corruption risk. Then ask: What controls do I have? What gaps exist? How can I close those gaps? Look at your business from a different lens: money laundering, watch list screening, sanction screening, and anti-bribery and corruption.Use the data you have on your customers to get to know them better and perform due diligence. Who are they? What is the expected activity for that customer? What kind of transactions are normal for them? What geographic locations do they do business in? What kind of good data can you get? Then do regular audits to look for anomalies and irregularities.Your compliance professionals should communicate what the risks of non-compliance are. Compliance can sit with different silos (sometimes with finance, sometimes with operations), so you need a willingness to communicate better.How can companies keep up with ever-changing sanctions?You need to do your research to stay up to date: read the news, attend conference sessions, webinars, and listen to podcasts like this one.Make sure you pick a compliance vendor with roles like LexisNexis Risk Solutions: subject matter experts, people dedicated to anti-bribery and corruption, educating customers on what the regulations are.Key findings of report: The True Cost of AML Compliance: A United States Snapshot.The cost of anti-money-laundering compliance has risen significantly during the past 24 months. It’s about 25.3 billion, split down the middle between small institutions and midsize to large institutions. The findings also show that large corporations are much more efficient in approaching the compliance problem.AML compliance negatively impacts operations and business growth. Larger firms are leveraging technology in a way that’s creating efficiencies, and are able to do it faster. Smaller firms who aren’t are losing customers and have opportunity costs associated with compliance.Financial institutions that are using compliance technology and advanced data sets are able to minimize negative impacts of AML compliance requirements. Technology is your friend.A layered approach to AML technology is crucial to facilitating a more cost-effective, efficient compliance approach.Ongoing EducationWant to stay up to date with the latest compliance news in an easy to consume format? Go to our courses page and choose from several 4 hour-long training packages.ResourcesJennifer McEntire

Today’s guests are Jon Feig and Andy Reisman, who both work in the Integrity section of Ernst & Young. They are part of a group that published an article in Fraud Magazine entitled: What's your integrity agenda? Bridge the gap between intentions and behavior, which was an astounding piece in the area of innovation and compliance. What is integrity in an organization? Why do companies need to confront integrity risks directly? Andy defines integrity around actions: bridging the gap between the promises a company makes to act ethically, and its actual behavior to the stated promises. The main question is: “Are we doing what we said that we would do?” What is the issue of compliance? It’s both an art and a science. There are policies, systems, programs, and processes that control the integrity agenda. And these have to relate to helping leaders face issues and not shy away from tough questions and establishing compliance officers as trusted advisors. These pieces sit together as four interrelated elements of the integrity agenda.The four elements of the integrity agenda‘Governance’ is where it starts. It makes sure that integrity function design is present, roles and responsibilities are outlined, and that there exists a proper vision mission to ethical obligations. Jon goes into more detail about what questions the ‘Governance’ element answers to ensure the business is accountable. ‘Culture’ asks: do you have open and transparent communication? Does the organization feel protected? People should feel like they can talk to management about things that may be wrong or that they don’t like. Research shows that people want to do the right thing, and the culture needs to support that.‘Controls and Procedures’ covers things like third-party due diligence and management, identifying what characteristics may come forward through technology-enhanced procedures and data analytics about performance, and making sure there’s continuous improvement of controls. ‘Insights’ is a broad category, but its main question is: “Where is it that we’re trying to go and how can we find insights from whatever data exists?” It looks at the data from the above three categories and tries to prevent and detect problems. Jon digs deeper into the different questions and problems clients face, and how insights might help them uncover the answers and understand what’s possible. Final thoughts:Andy shares that the anti-fraud professional (whether a fraud examiner, an auditor, or a compliance professional) has made a commitment. They care not only about the losses to the company, but about ethical lapses that could corrode the culture of the company and undermine it. They understand the purpose of protecting the company, keeping it on course, separating those who are truly bad apples, guiding people who may be under conflicting partners, and empowering people.Jon leaves us with the compliance dilemma: how do we comply with various laws and regulations, as well as company policies and codes of conduct with decreasing budgets and higher scrutiny? It’s a very difficult position for compliance professionals to be in. So how do we use the integrity agenda to help solve the compliance dilemma? Resources:The article: “What’s your integrity agenda?”(Authored by Vince Walden, Eugene Soltes, Jon Feig, and Andrew Reisman in the September/October 2018 issue of Fraud Magazine)Jonathan Feig Andrew Reisman

We're midway through Tom's five-part series that explores innovation in the compliance function. In today's episode, he considers how design thinking can help Chief Compliance Officers create more robust compliance programs that will become deeply rooted in the company's core.In a recent Harvard Business Review (HBR) article, Jon Kolko discussed how design thinking can bring innovation into a compliance program. The article,  “Design Thinking Comes of Age," talked about how “the approach, once used primarily in product design, is now infusing corporate culture.” It can be used to redesign your compliance program for your internal customers, like your employees and contractors. The goal in redesigning the compliance program is to get these groups to fluidly follow compliance protocols without a second thought. Here are Kolko's Components of Design Thinking:Focus on the users’ experience with compliance. Designers should focus on the "emotional experience” of the users. Doing so allows the user to find emotional resonance with the compliance program, since the users' needs have been thoughtfully included vs. simply focusing on internal operating efficiencies.Create "design artifacts." This can be a physical item OR any document that has come to define the traditional organizational environment. Kolko shares that design artifacts are critical because, “they add a fluid dimension to the exploration of complexity, allowing for nonlinear thought when tackling nonlinear problems.”  Develop prototypes to explore potential solutions. Building parts of your system and testing it from the user's perspective is a better way to communicate ideas and obtain feedback. Although this might appear counterintuitive, it's important to remember that the key component for design thinking is a tolerance for failure.Exhibit thoughtful constraint when moving forward. Kolko ends this section by stating that sometimes you lead with “constrained focus.” That means one must be deliberate about which processes to include or remove in the compliance program redesign.Now that you understand the key components of design thinking, it's also vital that you understand the challenges that apply directly to the CCO or compliance practitioner in implementing design thinking. First, there must be a willingness to accept more ambiguity, particularly in the immediate expectation, for a monetary return on investment. Second, a company must be willing to embrace the risk that comes from transformation. The third is the resetting of expectations since design does not solve problems but rather “cuts through complexity” to deliver a better overall compliance experience.By following the key components of design thinking and overcoming these three challenges, the internal customers can demonstrate the compliance training's effectiveness and the company becomes a better-run organization.Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

What if you could create a team that would dramatically improve your company's forecasting ability? But to do so, you must expose those professional corporate forecasters' unreliability. Would you do it? Here for Part 2 of the five-part Innovation in Compliance series, Tom shares his insight into "superforecasting" and its role in compliance functions. Forecasting is the predictive capability organizations use to anticipate or enhance outcomes. The new "superforecasting" movement, led by Philip E. Tetlock and others, aims to enhance this capability even further by following four precepts.To frame the precepts, in a recent Harvard Business Review (HBR) article by Tetlock and Paul J. H. Schoemaker, entitled “Superforecasting: How to Upgrade Your Company’s Judgment,” the authors revealed three general observations: “Talented generalists can outperform specialists in making forecasts.”   “Carefully crafted training can enhance predictive acumen.”    “Well-run teams can outperform individuals.”  Here are the four precepts to move into superforecasting:Find the sweet spot between something entirely straightforward or seemingly impossible. For example, using scientific expertise and sound business judgment, or using data and intangibles like cultural fit and anticipated synergies to gauge outcomes.Train for good judgment. Provide your employees with the necessary training to understand probability concepts and techniques, as well as the effects cognitive biases have on their judgment. Build the right teams. Your team composition is critical to your superforecasting success. Look for: “Cautious, humble, open-minded, analytical, and good with numbers. In assembling teams, companies should look for natural forecasters who show an alertness to bias, a knack for sound reasoning, and a respect for data.” There must be trust among your team members to facilitate good outcomes. Regardless of errors and miscalculations, the superforecasters and the senior management should work together to build a secure environment where outcomes do not threaten the team itself.It's also important to note that tracking performance and providing feedback are essential to improve forecasting outcomes in the future. This also helps in creating an audit trail that the company can use to learn from both good and bad predictions. Ultimately, this will provide the team with the insight necessary to replicate, anticipate, or enhance specific predictions. Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

So far in this 5-part series, we’ve dived deep into the different aspects of ‘front line’ compliance. For the final episode, Tom discusses the process of innovation itself. In an article in the MIT Sloan Management Review, entitled “Finding a Lower-Risk Path to High-Impact Innovations," authors Joseph V. Sinfield and Freddy Solis came up with a different method to view the innovation process. They call it the ‘Lily Pad’ approach, and Tom breaks down some interesting ways to apply it.Tom begins with the premise of the article, found in the traditional risk-reward theory, that talks about how the way an organization views innovation affects the way the company goes about it. Those that invest more want to see more return, and those who don’t often see more incremental changes.Which one is more effective? The authors of the article mentioned above believe the incremental approach, or the ‘Lily Pad’ approach, allows a progressive cascade of innovation moving forward - or leaping from one lily pad to the next.The Lily Pad approach can be adopted for compliance. Ask the following questions:Does the innovation “offer multiple pathways from first principles to impact” and how relevant is the innovation to multiple business lines or units? Will the innovation change the perspective of employees and even move towards reconfiguring the compliance ecosystem? Finally, is there potential for both growth and improvement in the innovation going forward?After you have gone through and answered these questions, you should be ready to move forward with what the authors called ‘enabling actions’ and implement one or more of the innovations. By using their approach, the authors write that “Lily pad applications for an enabling innovation provide opportunities to match capability, purpose, and context in a manner that advances select performance dimensions of the innovation, aligns elements of ecosystems, and/or begins to shift” employee views across your organization. But more than simply the singular innovation, the lily pad approach allows your company to reduce the time and cost to jump to the next iteration of development.Here are 4 key questions to ask yourself about your compliance program:First, do you understand the role of innovation in your compliance strategy? Second can you spot the innovations as this may well require you to think differently, particularly if you come from the legal department or have legal training, which certainly does not favor or foster innovation. Next, do you have the ability to adapt to innovations in your compliance function to the company as a whole? Put another way, can you demonstrate how an innovation in compliance will help the company do business more efficiently and in compliance with applicable laws? We hope you have enjoyed this special five-part series highlighting some ways to innovate in compliance. For more information on the innovation process in compliance, check out my latest book, The Compliance Handbook. Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, visit Tom’s website and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

This week, Tom begins a five-part series on innovation in the compliance function. Seeing as the compliance space is in constant evolution, now is a good time to talk about some innovations and how companies can implement them in their own compliance programs. Today, Tom shares his insight on agile innovation methods that you can consider for your compliance program.In a Harvard Business Review (HBR) article entitled, “Embracing Agile,” authored by Darrell K. Rigby, Jeff Sutherland and Hirotaka Takeuchi, said that agile methodologies “involve new values, principles, practices, and benefits and are a radical alternative to ‘command and control’ style management.” The transition is then accomplished by strategically moving employees “out of their functional silos and putting them in customer-focused multidisciplinary teams."One of the most basic problems is that business executives know only the bare minimum when it comes to agile and its potential dangers. This impedes them from understanding the comprehensive approach that needs to be taken. In employing conventional management practices, senior management unwittingly undermines the agile process.A solution would be to have the executives learn the basics of the agile process and understand its conditions - what works for the organization and what doesn't. Start with a small test group and project, and let the operation spread organically.Here are some of the right conditions for the success of an agile initiative in the compliance arena:You should have the right market environment for the project.  You must be willing to innovate, particularly if there are complex compliance problems involved.  You will need to break down the solutions into digestible chunks, which might change the scope, but through cross-functional employee collaboration, you can have appropriate creative breakthroughs.  Breaking down the agile initiative process into digestible chunks allows for incremental developments. This allows you to gradually test the proposed solution, before rolling it out for employee base use. As your team uses these innovations, the work cycles can be broken down even further for more testing, and changes implemented without delays. This allows for a steady flow of feedback wherein late changes can be effectively managed, and interim mistakes become valuable lessons moving forward.Ultimately, the goal is to destroy the barriers blocking the development of the agile initiatives. The authors of the article list down 5 key pointers: 1) Get everyone on the same page. 2) Instead of changing the structures, change the roles so that the internal company disciplines can learn to work together simultaneously. 3) Name only one boss for each decision in the agile operating model, it must be clear who makes the final decision. 4) Focus on the team's collective intelligence and not an individual's. 5) Lead with questions, not orders.This agile exercise might not work in a compliance function in the corporate legal department. But for compliance functions that desire to practice comprehensive yet unexpected ways of doing compliance in their organization, the agile exercise might be the thing they need to anchor compliance into the very DNA of their organization.Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

What is the intersection of innovation in your compliance program and the requirements of an effective compliance program? Today, Tom Fox continues his 5-part series on the front lines of compliance with Hallmark 10 of the Ten Hallmarks of an Effective Compliance Program.Hallmark 10 states that: “A good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” What does that actually mean? In short, it’s about putting compliance into the fabric of your organization. There are many ways to go about doing this, and one of the most effective ways is through the continuous improvement technique of ‘internal inspection.’ Ben Locwin discusses this in Episode 266 of the FCPA Compliance and Ethics Report Podcast.With internal inspection, you’re looking at your program from the inside out. Ben Locwin explains it like this: “We have a problem. Let’s not run away from it. Let’s embrace it.” To do that, you should ask what you can do better, and what can you do next. The willingness of the organization to look at itself is key to continuous improvement.It’s not enough to admit there was a mistake and get rid of the employee who made it. Tom talks about how people aren’t willfully ignorant; they try to do the right things. It could be as simple as a clarity issue with how they understand their role or their work, and if that’s the case, the next employee could easily make the same mistake.Instead of laying blame at the people in the organization, it is wiser to do a ‘root cause analysis’ to determine and develop the preventative actions that can keep the problem from happening again. In other words, you fix the system and processes that led to the problem in the first place.Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, visit Tom’s website and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

What happens when a compliance program gets lost in translation? Or worse, what if you translate your compliance program but it's still missing important information and details? Carlos Ayres, Founding Partner at Maeda, Ayres & Sarubbi Advogados, works with compliance, investigations, and government enforcement to implement and enhance their compliance programs and anti-corruption measures. Tom and Carlos discuss the importance of ‘tropicalizing’ your compliance program and how it benefits the organization.What does tropicalizing your compliance program mean? Let's say you have a company in the United States and you decide to open a satellite branch in Latin America. It’s common practice for US-based headquarters to share their compliance programs and other resources to help set up the international branch. This is where the problems usually start. Compliance training programs and policies are often directly translated into the international branch's language with little to no regard for local compliance contexts and circumstances. This creates the opportunity for complete misreadings and misunderstandings of the compliance guidelines. This bare-minimum approach to sharing compliance programs across international borders often leaves the international branch vulnerable to compliance issues – which may lead to the violator's incarceration. Carlos talks about how the risk of non-compliance in the non-US branch/es is significantly higher because the employees don't understand the compliance risks and that they've even committed infractions in the first place.Carlos shares how using local databases to cross-reference the data in the US-based compliance program can improve its relevance to the non-US branch. Companies even have the option to hire vendors to conduct due diligence and provide key information that will help fill the missing data.Ignorance of the law is not a valid defense, so it's vital that non-US branches have proper compliance training programs. They'll have to be equally trained to comply both with US HQ policies as well as with local laws. Carlos talks about how companies should try to conduct compliance training using the non-US branch's local language for better training engagement and retention. He also mentions how making the training content more culturally appropriate helps keep participants from losing interest in the course material.On internal investigations, Carlos shares his opinion on data privacy laws and how they affect companies in Latin America. There's also the issue of how companies should handle hold notices. He says that a hold notice is best presented to an employee after the data and documents have been properly preserved or accounted for. Delivering the hold notice too early might result in employees attempting to destroy or tamper with evidence.Based on today's conversation, tropicalizing your compliance program shows promising benefits. It goes to show that relying on just compliance policy translations isn't enough to ensure compliance in a non-US-based branch. Focus on helping people understand what compliance training is for and how it can help them in the long-run.Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.Carlos AyresLinkedIn Website Email 

We know what a bribe is and what to do to avoid it, but bribery often takes many forms. If that's the case, how can you prepare employees to identify and address risks that aren't presented in black and white? Join Tom Fox and SAI Vice President of Learning, Rebecca Turco, as they discuss compliance training solutions. They talk about some of Rebecca's best practices in compliance and ethics training, along with other trends in learning.  Finding effective ways to target users with personalized training content can be quite a struggle for some companies. This is because one-size-fits-all compliance training programs aren't effective in delivering key information. This is where adaptive learning comes in handy. It presents content and relevant information in more meaningful and relatable ways. Rebecca talks about how adaptive learning doesn't reinvent the whole training process. How it gives participants the freedom to skip the topics they already understand and focus on new yet relevant pieces of information. By following this trend, employees are rewarded for their demonstrated training competency and the company can save more resources.How can compliance officers use adaptive training effectively? Rebecca talks about how asking questions and collecting participants' answers enable compliance officers to create better learner profiles. Data collected from these sessions are then adapted into their technology for ease of access and delivery.Asking employees reflective questions and branching out scenarios gauges the employee's course understanding. Not only will you understand how your employee will handle potential risks, but you will also see how effective your E&C program is. This enables compliance officers to gather better and more relevant data. When employees understand why they need E&C training and how it can help them perform their jobs better, then they'll improve.How can you meet both the legal and market requirements while being effective and targeted? Content must be engaging and accessible - there shouldn’t be any barriers from receiving the training. Tom and Rebbeca talk about SAI’s new technology-based learning solution called, ‘Ethics Anywhere.’ The beauty of adaptive learning is that it improves the user experience. It re-calibrates user data and generates more accurate data. It also helps the company to understand if there are any gaps in their training knowledge as well as their compliance program. The more personalized content you deliver, the more refined data you’re collecting. The more refined your data is, the better your future content will become. But content isn’t all there is to a successful compliance program, so balance content engagement and delivery. This will lead to learners becoming more and more engaged,  year after year. Ongoing EducationIf you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.Rebecca TursoLinkedIn SAI Global