Compliance into the Weeds

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent MGM Reports data breach and what it may mean for CCOs and Danny Ocean.The MGM Grand data breach, a significant cyber-attack that disrupted MGM Resorts' operations across the U.S., has raised serious concerns about cybersecurity and regulatory requirements. Tom and Matt discuss the potential financial impact and regulatory investigations that may arise from the breach, emphasizes the severity of the situation and the potential consequences for MGM. They also question MGM's disaster recovery and business continuity plans and raises concerns about the network design vulnerabilities that allowed the attack to have such a widespread impact. He also discusses the implications of the breach in relation to new SEC rules mandating the disclosure of material cybersecurity events by public companies. Join Tom Fox and Matt Kelly as they delve deeper into these issues in this episode of the Compliance into the Weeds podcast. Key Highlights·      MGM Grand Cyber Attack Disrupts Operations·      Understanding the Impact of Qualitatively Material Cybersecurity Incidents·      Navigating Material Cybersecurity Event Disclosure Requirements·      Inadequate backup plans leading to operational disruptions·      MGM's Ransomware Attack and Business Continuity ResourcesMatt in LinkedInMatt on Radical ComplianceTom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent DOJ enforcement action involving Verizon Business Network Services for failure to have an effective cyber security compliance program.The recent case of Verizon's non-compliance with cybersecurity standards and subsequent remediation efforts has sparked a significant conversation in the realm of cyber compliance. Tom views this case as a roadmap for companies to enhance their cybersecurity programs, emphasizing the importance of gap analysis and pressure testing. He draws parallels between cybersecurity compliance and the Foreign Corrupt Practices Act (FCPA) compliance, suggesting that Verizon's case could serve as an example for other companies. Matt applauds Verizon's voluntary self-disclosure and extensive remediation efforts. He underscores the importance of disclosure, cooperation, and remediation in both cybersecurity and corruption cases, viewing Verizon's actions as a positive example for other companies. Join Tom Fox and Matt Kelly as they delve deeper into this topic in the latest episode of the Compliance into the Weeds podcast. Key Highlights·      Verizon's Cybersecurity Program Failures·      Enhancing Cybersecurity Compliance through Remediation Measures·      Automating Compliance Efforts with GRC Tools·      Potential Penalties for Non-Disclosure of Cybersecurity Issues ResourcesMatt in LinkedInMatt on Radical ComplianceTom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent pronouncements from the SEC regarding risk assessments together with control environments and all this played out in the Plug Power enforcement action.The importance of risk assessments and a strong control environment in companies cannot be overstated. These elements are crucial for effective internal controls and proper financial reporting, as emphasized by the SEC's chief accountant, Paul Munter. In this episode Tom and Matt underscore the need for thorough evaluation of potential pitfalls in risk assessments, citing insufficient personnel, changes in board or management composition, and hasty adoption of new strategies or technologies as potential triggers for flawed assessments. They highlight the significance of small control failures and entity-level failures, such as weaknesses in IT controls, as indicators of a weak control environment.. Join Tom Fox and Matt Kelly as they delve deeper into the topic of risk assessment in the latest episode of the Compliance into the Weeds podcast. Key Highlights·      Munter’s statement·      Enhancing Control Environment through Risk Assessments·      The Importance of Risk Assessments and Controls·      Attracting and Retaining Competent Individuals·      Flaws in Risk Assessment Beyond Insufficient Personnel·      Lessons Learned ResourcesMatt in LinkedInMatt blogged twice on these issues. A report on Munter’s statements here and on the Plug Power enforcement action hereTom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent FCPA enforcement action involving the Chinese business unit of 3M.The importance of post-event documentation and monitoring in preventing fraud and corruption cannot be overstated, as highlighted by the recent FCPA incident involving 3M China. Tom believes that while training and control environment adjustments are crucial, they may not be enough to prevent misconduct if individuals are determined to commit such acts. He emphasizes the need for hard evidence, such as post-event documentation, and recommends looking to the heavily regulated pharmaceutical sector for guidance.Matt stresses the importance of rigorous post-event documentation to ensure the legitimacy of business activities. Both Fox and Kelly gained these insights from their extensive experience in the field of compliance and their analysis of various fraud cases. To learn more about their unique perspectives on post-event documentation and monitoring, join them on this episode of the Compliance into the Weeds podcast. Key Highlights·      Background facts·      GTE in FCPA enforcement actions·      What happens when conduct is done secretly·      Concerns over the use of messaging apps·      Lessons Learned ResourcesMatt in LinkedInTom -blog post on the FCPA Compliance and Ethics BlogInstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent SEC and CFTC enforcement actions around messaging app non-compliance.Join Tom and Matt as they take a deep dive into the enforcement actions and then consider how such claims would impact non-regulated industries. Regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, are facing enforcement actions and hefty fines for their employees' use of messaging apps like WhatsApp and Snapchat that allow record preservation to be disabled. The involvement of senior managers in these misconducts has prompted the SEC to require an independent compliance consultant in settlements.The conversation between Tom and Matt emphasizes the importance of messaging policies and procedures in regulated industries and the need for stricter compliance measures. They also discuss the complexities and potential consequences of record-keeping obligations and the regulatory concerns over the use of messaging apps. The conversation briefly touches on the future of AI chatbots in customer service, with differing perspectives on their ethical implications. Overall, the conversation highlights the significance of messaging policies, enforcement, and compliance in regulated industries.Key Highlights·      Enforcement Actions Against Regulated Industries·      Enforcement actions and messaging policies·      Record-keeping obligations for broker dealers and other industries·      Regulatory concerns over the use of messaging apps·      Internal Controls and non-regulated industries ResourcesMatt LinkedInBlog Post in Radical ComplianceNo Smoke and No Fire: The Rise of Internal Controls Absent Anti-Bribery Violations in FCPA Enforcement by Karen Woody in Cardoza Law ReviewTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the PCAOB proposal for fraud and compliance audits.In this episode, we dive into the heated debate surrounding the proposed rule on auditors and fraud risk audits in this episode of Compliance into the Weeds. Compliance professionals and the audit community have contrasting perspectives on the PCAOB proposal to require audit firms to look more aggressively for compliance and legal violations at their client companies, and then report any such violations more promptly to the company’s board of directors. Discover the stipulations compliance professionals want to include, such as meeting with the chief ethics and compliance officer and reviewing the state of the compliance program. On the other hand, hear why the audit community, represented by the PCAOB, opposes the rule, arguing that auditors lack the necessary expertise and that fees would skyrocket without significant benefits. Gain insights into the complexities and challenges of asking auditors to take on compliance responsibilities. Tune in to understand the potential implications of the proposed rule on audit firms, compliance professionals, and investors. Key Highlights·       The PCAOB proposal implications for auditors, with a focus on effects on fraud risk audits.·       The difference in how compliance professionals and auditors perceive the impending rule.·       The practical difficulties auditors face when tasked with compliance roles.·       What are the potential cost and liability hikes for auditors, heralded by the enforcement of the rule?·       The uncertainties enveloping the approval and implementation process for the proposed rule. ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into the recently released SEC rules on cyber breach disclosures. This new era of cyber security calls for increased accountability and transparency from companies to protect investors and citizens from cyber threats. The U.S. Securities and Exchange Commission (SEC) recently adopted new cyber disclosure rules requiring companies to disclose material cybersecurity incidents and risks in their annual reports. This policy change will require companies to analyze and disclose the impacts of any material cybersecurity incidents, as well as any potential exemptions from disclosure that companies may seek.  Key Highlights ·      New Cyber Breach Disclosure Rules·      Material Breaches·      Role of the Board ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the current difficulties for auditors to perform an audit on AI.The use of AI in the tech world has brought with it a new concern: implicit bias. Auditing AI code is necessary to ensure that AI applications are free from bias and secure from cyber threats. This complex process involves examining the code of AI programs to ensure that they are functioning as intended and are not producing biased or unethical outcomes. In addition to auditing code, employers must also audit the outcomes of AI tools, and consider ethical considerations when defining the data that the AI is looking at. As AI hiring audits become increasingly necessary, it is more important than ever to ensure that AI applications are free from bias and secure from cyber threats. Key Highlights·      AI Implicit Bias·      Auditing AI Code·      AI Hiring Audits ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds! In this episode, Tom and Matt take up the recent CFTC enforcement action involving Bank of America.In yet another reminder of the importance of ethical practices within the banking industry, Bank of America recently faced civil charges for misconduct, including a junk fees scheme and opening credit cards for customers without their authorization. This follows in the footsteps of similar misconduct from Wells Fargo in the mid-2010s, which resulted in a hefty $185 million fine. To address the issue, Bank of America has agreed to discontinue its flawed incentive program and develop a compliance plan within 90 days. Banks must remain vigilant in their compliance efforts, capture customer consent and documentation, and have data analytics capabilities, or risk similar fines. Furthermore, this penalty emphasizes the need for banks to keep their practices updated with regulations.  Key Highlights ·      Facts of enforcement action·      BOA penalty·      BOA remediation·      Comparisons to Wells Fargo·      Banks behaving badly Resources:Matt KellyLinkedInBlog Post in Radical ComplianceTom FoxInstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, co-hosts Tom Fox and Matt Kelly are joined by Compliance Man himself Tim Khasanov-Batirov. We consider how the Airbus scandal has highlighted the importance of compliance and ethics in corporate conduct in France, and the need for reliable data in ESG reporting, artificial intelligence, and third party risk management. We also discuss the challenges faced by American and European compliance professionals, and the need for Diversity, Equity and Inclusion (DEI) in creating a strong speak up culture. They discussed the EU Whistleblower Directive, which states that anonymous reports should be allowed, and the importance of clean conduct in government agencies. Compliance practitioners have an important role to play in this process, and the EU is leading the world's discussions around ESG reporting.Key Highlights ·      ESG Reporting Requirements·      AI and DEI in Compliance·      European Compliance Challenges·      European Compliance vs US·      AI and Compliance in FranceResourcesMatt LinkedInTom InstagramFacebookYouTubeTwitterLinkedInTimLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices