Compliance into the Weeds

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, join Tom and Matt as they delve into Microsoft's recent sanctions enforcement action with OFAC. They explore what went wrong and how you can avoid costly compliance failures, from potential red flags to reseller relationships. But it's not all doom and gloom as they discuss how Microsoft implemented a three lines of defense model for sanctions compliance, setting a benchmark for the industry. With Tom and Matt going into the weeds on the importance of centralization and persistent screening technology, this podcast is a must-listen for any compliance officer looking to stay ahead of the curve. Tune in now to find out more!" Key Highlights ·      Sanctions compliance case involving Microsoft ·      Microsoft's Sanctions Compliance Model·      Microsoft's Sanctions Compliance Program Remediation·      Sanctions Compliance and OFAC Guidance·      Impact of Russia invasion on Microsoft operations Notable Quote:"It's well worth giving the case a good look. So it was, I thought, a great lesson on resellers and the way the hardware and software industry did business."? ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, join Tom and Matt as they discuss a new sustainability framework that companies can use to improve their sustainability efforts. The document emphasizes the importance of data governance and using a recognized control framework for effective financial reporting, similar to COSO. The hosts explore the challenges of collecting and managing sustainability data, while highlighting the need for organizations to have a Chief Data Governance Officer and an in-house data committee. They discuss the importance of competent leadership, effective communication, and the role of vendors offering sustainability supporting solutions. Tune in to discover how the right oversight mechanisms can save organizations money by streamlining IT vendors and why sustainability data reporting is the new challenge of achieving Sarbanes Oxley compliance in the 2000s. Key Highlights·      COSO Internal Control Framework for Sustainability Disclosures·      Comparing Sustainability and Ethics/Compliance Frameworks·      Challenges in Sustainability Data Collection·      Importance of Data Governance in Large Enterprises Notable Quotes1.     “ESG and sustainable business information, on the other hand, tends to be longer term and more qualitative.” 2.     Revenue numbers are in dollar returns and carbon emissions are not.3.    Radically different sorts of disclosures and data there, but you have to think through. 4.    You're going to have to make sure that the data governance mechanisms you have? Do you have a Chief Data Governance Officer? Some organizations do. Do you have an in house data committee to think about are we collecting all of this data? ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, we discuss the consequences of insufficient disclosure regarding cybersecurity risks as demonstrated in the recent Blackbaud SEC enforcement action. The SEC requires companies to proactively disclose material events and the Delaware Court of Chancery is making it clear that senior executives are responsible for ensuring compliance with disclosure requirements. Tune in next week to hear more Compliance into the Weeds from Tom and Matt. Key Highlights·      The cost of poor communication: $3 million lesson from Blackbaud's FCC fine.·      Disclosure Controls and the Sarbanes Oxley Act·      The Consequences of Failing to Comply with the SEC and FCC Regulations on Reporting Data Breaches·      SEC Cracking Heads and What's Next Notable Quotes:1.      "Do words still matter? I think that they do."2.     "I couldn't think of at least 3 million reasons why that was a bad idea in hindsight, and maybe they should have been more forthcoming."3.      "Oh, well, actually, you know, we missed the revenue target, but we forgot to tell the CFO, people would be fired. You know, there would be heads stuck on the pikes. In front of the office lobby or something like that."4.     "A compromise of our data security that results in customer or donor personal or payment card data being obtained by unauthorized persons could, and that's the word. Could adversely affect our reputation with our customers and others." ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I continue our exploration of the collapse of Silicon Valley Bank (SVB) and take a deeper dive into the compliance angles. Silicon Valley Bank had taken some big risks which led to depositors having a near-death experience, shareholders losing all their money, and taxpayers ultimately supporting the bank's bailout. Despite the auditors giving an anodyne report on the bank’s risk management, the board, management and regulators all missed the big strategic risks. As a result, the bank collapsed, leaving Matt to question whether stakeholders were given the right assurance on the right things.Key Highlights·      What risk management strategies did SVB senior management and Board miss or ignore that could have prevented the financial disaster?·      Why did SVB's management decline to pursue improvements to their risk management practices after being warned by BlackRock consultants? ·      Did regulators miss the red flags raised by the San Francisco Fed examiners 18 months before the collapse of SVB?Notable Quotes:1.     "We should remember that really, the auditors’ report is going to give assurance on two points: Number one, is there a risk of material misstatement in the financial statements? And number two, does the audit firm have any substantial doubt about the organization's ability to continue as a going concern for roughly the next twelve months or so? That's how long it is. But it's those two things."2.     "When you have Elizabeth Warren and conservatives both raising hell at the same time, it's a valid issue to go and look at then because that does not happen too often."3.    "It's like nobody had thought about this when really once we rolled back DoddFrank protections and supervisory constraints specifically for mid-sized banks, which Republicans pushed through in 2018, once that happened, that became the systemic risk that regulators had to think about."4.    "Everybody kind of sort of knew there was a problem, but a whole lot of finger pointing and not enough planning and assurance and communication to the public at large and to investors." ResourcesMatt  on LinkedInMatt on Radical ComplianceTom on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I explore the collapse of Silicon Valley Bank (SBV) and its outcomes. We discuss the consequences if the Federal government fails to bail out Signature Bank in New York and Silicon Valley Bank. The Dodd Frank Act is examined and note that the SBV Chief Risk Officer left 8 months ago and was never replaced is a huge red flag. Will this event cause the Federal Reserve will pause interest rates hikes? Why did Libertarians from the tech industry scream for bail outs? Tom and Matt expertly unpack the complex details within the industry and provide insight and analysis into this relevant and timely industry topic. Key HighlightsThe Impact of Silicon Bank and SBV's Failures on the Banking Industry [02:01]Implications of Unsold Silicon Valley Bank Assets on Taxpayers [05:04]Challenge of Businesses Dealing with Employee Benefits under Federal Government Regulations [09:04]Effects of Changes to the Dodd-Frank Act on Midsized Banks [12:54]The Impact of Regulatory Ease on Business Failures [16:47]The Reasons Behind Silicon Valley Bank's Chief Risk Officer Quitting [20:53]The Impact of Social Media on Interest Rate Decisions by the Federal Reserve [24:52] Notable Quotes:1.     "So those loans were bringing in maybe 2 or 3 percent interest, but SVP had to be paying out interest rates that might be more at 4 percent. That difference is what undermined the capital structure and the balance sheet of SVB until people started getting skittish, and then they said, Maybe I should pull my money out, which made the bank even more weak, so people got even more skittish."2.     "The big issue, and this is why the business customer angle is important, is that under FDIC rules, a bank's deposits are insured up to 250,000 dollars per account."3.     "Is it a business if you can never fail? This was not too big to fail. This was we are not going to let anybody fail."4.    " You may not know where your key suppliers or your key customers or your key third parties are banking. Maybe you have that information. But does that mean you're going to have to assess the financial health of those financial institutions of your customers? And know if they're going to be able to pay you of your vendors or third-party suppliers? They can meet their payroll to deliver their services." ResourcesMatt  on LinkedInTom on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I dive into the hot topic of clawbacks, with a focus on Deputy Attorney General, Lisa Monaco's new pilot program and Kenneth Polite's take on the use of prosecutorial discretion for organizations. Our hosts explore the opportunities for corporate compliance and HR personnel for clawback solutions and the use of the Federation Corrupt Practices Act (FCPA). They also discuss the need for thorough documentation of personnel involved with and/or accused of illegal conduct, as well as the potential costs to shareholders. Bottom line: Tom Fox and Matt Kelly are here to take you on a deep dive into the complexities of clawbacks and help organizations get compliant and stay compliant.Key HighlightsProsecutorial Discretion and Credit [00:05:24]Implications of the Foreign Corrupt Practices Act on Corporate Compliance and HR [00:09:41]The Mathematics of Corporate Policy Development and Management [00:13:59]Corporate Compliance and the Foreign Corrupt Practices Act [00:17:47]Balancing Compliance and Risk in Business Practices [00:21:49] Notable Quotes:1.     "It is part of the department's larger effort to hold individuals more accountable and to have companies basically be participants in that project and to have companies embrace the culture of compliance, how would you hold individuals accountable if you're the company, you'd have that clawback clause over their head, and then you would now have more incentive to actually use it, which is not necessarily an easy thing."2.     "What we expect companies that use programs to address not only employees who engaged and wrongdoing a connection with conduct under investigation, but also those who had supervisory authority over the employees or business area engaged in in the misconduct and knew of or were willfully blind to the misconduct." 3.     "You must have the clawback policies in place, at the time of resolution, then get a reserve credit for those clawback compensation moneys that you must successively claw it back within the term of the resolution." 4.     "If you do try to recoup the compensation and you fail, you'll still be eligible for up to 25 percent of whatever you were trying to recoup."" ResourcesMatt in Radical ComplianceTom in FCPA Compliance and Ethics Blog Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into data analytics. Tom and Matt provide information on how to capture the data within the enterprise and create a road map within the framework of DOJ's guidance. Additionally, they cover how Excel can be used and suggest giving the data "spit and polish" in order to run it through analytics programs. Compliance into the Weed's podcast is a must-listen for anyone needing information and strategies to excel in their work.Key Highlights·      The Implementation of Data Analytics Programs [00:03:21]·      The Business Relationships and Risk Assessment of Data Collection [00:07:17]·      The Benefits of Utilizing Internal Resources for Compliance Analytics [00:10:48] ·      Organizing and Utilizing Compliance Data [00:14:42]  ·      Creating a Road Map with Excel [00:18:04]Notable Quotes1.     "We all talk about data handling. We all say it's important. We go here a justice department official at some conference. He or she will talk about how important data analytics is how they use data analytics. And of course, if they in the public sector can afford to do it, then certainly, we in the private sector must be able to do it. Because government has no money and if they can do it, we must be able to do it." 2.     "It's easy to think it's important in the abstract, but how are you actually going to do it? That's the part that compliance officers need to think through." 3.     "We're really looking for outlier transactions. We're looking for anomalous events of some kind. We're also looking for trend analysis to see if big huge swaths of transactions are moving in a certain direction that might be troublesome."4.     "You need to be, I think, maybe more on your game with devising a good business case for data analytics. It's easy to think it's important in the abstract, but how are you actually going to do it?" ResourcesMatt Kelly in Radical Compliance Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into having a values conversation to help companies start a conversation about values. If companies do not focus on values, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company's best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a culture of safety.Key Highlights·      The Importance of Workplace Safety [00:04:58]:·      The Need for Embedding Conversations about Values in the Workplace [00:09:00]·      Creating a Positive Corporate Culture. [00:12:26]·      The Dangers of Not Doing Corporate Compliance Properly [00:15:56] Notable Quotes 1.     "It makes a lot of sense to try and embed an awareness of them at the beginning, but it feels weird. It's kind of outside of people's comfort zone. It's especially outside of your comfort zone if you are not an ethics and compliance professional." 2.     "These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this." 3.     "It's easy for senior executives. To talk about ethical values. I think for a lot of low-level employees, those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It's your middle manager. It's your boss. You pay attention to what they say." 4.     "And these questions really are geared to help those managers, that audience, and their crucial tool." ResourcesMatt Kelly in Radical Compliance Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into ChatGPT, a natural language processing tool that works by indexing every piece of written content on the Internet. We discuss the impact of the Biden administration's proposals for AI and discusses NIST's voluntary AI framework and  the utility of chat GPT in the workplace. What should your organization consider about incorporating AI into both their shipping decisions and mission-critical processes. If you're interested in efficient and advanced AI technology, you don't want to miss this episode. Key Highlights Include·      Impact of Chat GPT on Jobs -The Quality of Chat CPG for non-English Speakers·      The Biden Administration's Nonbinding Guidelines for Artificial Intelligence.·      The Benefits of Adopting a Voluntary AI Framework by NIST for Defense Contractors·      The Impact of Artificial Intelligence on Shipping and Work Processes Notable Quotes1. "Chat GPT can answer pretty much anything. It won't necessarily tell you where it is getting this information. It will just give you information pretty much like the way Tom, I am answering your question right now. Just imagine text-based bot answering those questions in the same way. That's what it is." 2. "Will it make your job easier? Probably for a lot of people who struggle to come up with written content. Yes, it could. But specifically then for compliance officers and let's bring it back to what matters for our audience. We'll chat GPT as used by others make my job harder. Compliance officers. Now I think, actually, you have a lot to worry about there, and we could get into that." 3. "But I just view this as a huge boom to anyone who is interested in research, anyone who is interested in learning, can't replace the weekly and business journalist, Matt. So you're good to go at Radical Compliance." 4. "But you have identified really, I think, the heart of the problem that compliance officers need to think about now. Because to me, it's just 1 more tool." Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I take a deep dive into the recent Activision Blizzard settlement with the SEC for the company’s failings around internal controls regarding the detection and prevention of sexual harassment and its whistleblower protection laws.  Some of the highlights include:·      The background facts.·      The toxic culture which led to the claims.·      The denials by company officers that anything was wrong or to the validity of the claims. ·      How does this ruling tie into the Delaware court decision on the duty of oversight?·      Must there be a material risk for the creation of an information system?·      What about CCO certification?·      What does it all mean for CCOs going forward? ResourcesSEC OrderMatt Kelly in Radical Compliance Learn more about your ad choices. Visit megaphone.fm/adchoices