Compliance into the Weeds

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom Fox and Matt Kelly take a deep dive into the dismissal of the SEC’s enforcement action against Solar Winds and CrowdStrike cybersecurity failures.Tom and Matt begin with UnitedHealth’s costly ransomware attack, a federal judge’s ruling against the SEC’s lawsuit over SolarWinds’ cybersecurity practices, and CrowdStrike’s flawed software update impacting global corporations.The episode explores the regulatory challenges of enforcing effective cybersecurity controls and the implications for companies and their compliance programs. The discussion highlights the need for better IT general controls and the role of different stakeholders, including Congress, regulatory agencies, and audit firms, in addressing these cybersecurity risks.Key Highlights: UnitedHealth Ransomware Attack Breakdown SolarWinds Cybersecurity Lawsuit Regulatory Challenges and Implications Operational Risk Management and IT Controls Call to Action for Compliance and Audit Professionals Resources:Matt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom Fox and Matt Kelly take a deep dive into a recent SEC enforcement action involving RR Donnelley, where a cyber breach was characterized as an internal controlIn this episode, we discuss how criminal activities in cyberspace are outpacing regulatory measures and the law’s ability to keep up. The conversation touches on the idea that access controls for valuable corporate assets, whether financial data or sensitive information, are becoming indistinguishable in the eyes of cybercriminals. The discussion includes a thought-provoking perspective on merging cybersecurity and anti-money laundering functions, as both deal with improper electronic transactions. The core concern is not just the breach itself, but also the prevention of data exfiltration.Key Highlights: Corporate Jewels: Money vs. Data Cybersecurity and Anti-Money Laundering Improper Electronic Transactions Focus on Data Exfiltration Conclusion: Preventing Data Theft Resources:Matt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode Tom Fox and Matt Kelly take a deep dive analyzing term-ending Supreme Court decisions from a compliance perspective. They address the Jarkesy decision on SEC in-house tribunals, the Loper ruling overturning the Chevron deference doctrine, and the Snyder decision that narrows the scope of federal anti-corruption law. Despite the headlines, they conclude that these rulings have minimal direct impact on corporate compliance programs, emphasizing the ongoing importance of ethical integrity and effective compliance practices.Key Highlights·      Supreme Court Cases Impacting Compliance·      The Jarkesy Decision: Minimal Impact on Compliance·      The Loper Case: Chevron Deference Overturned·      The Snyder Decision: A Controversial Ruling·      Implications and Final ThoughtsResourcesMatt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode Tom Fox and Matt Kelly take a deep dive into the complexities surrounding the Department of Justice's potential decision to criminally prosecute Boeing under its Deferred Prosecution Agreement (DPA) related to the 737 MAX crashes. They explore the various facets of corporate justice, including retribution, remediation, and societal interests, as well as the challenges in balancing justice for the victims and the broader implications for public safety and corporate culture. The discussion also covers the FAA’s role, the potential for new operational limits on Boeing, the impact and structure of compliance monitorships, and what compliance officers can learn from this high-stakes scenario.Key Highlights·      DOJ and Boeing: The 737 MAX Dilemma·      Corporate Justice: Individuals vs. Corporations·      Balancing Justice and Corporate Interests·      Deferred Prosecution Agreements: Compliance Challenges·      07:33 Financial Penalties vs. Operational Limits·      The Potential of Monitorships·      FAA's Role and Challenges·      Compliance Lessons and Future ConsiderationsResourcesMatt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode Tom Fox and Matt Kelly delve into the recent speech by Michael Hsu, the head of the Office of the Comptroller of the Currency, on the accountability challenges posed by artificial intelligence in the banking sector. The discussion highlights Hsu's emphasis on the lack of a robust accountability framework for AI, illustrating the issue with the Air Canada chatbot incident. The conversation also touches on potential systemic risks AI could pose to the financial sector, the need for explainable AI, and the shared responsibility model used in cloud computing as a potential template for addressing these challenges. The episode underscores the necessity for compliance officers to ensure contracts and IT controls are in place and stresses the importance of developing trust and accountability mechanisms before widespread AI adoption.Key Highlights·      AI Accountability: A Regulator's Perspective·      Case Study: Air Canada's AI Mishap·      Legal and Technological Challenges·      Exploring Solutions and Shared ResponsibilityResourcesMatt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode of ‘Compliance Into the Weeds’, Tom and Matt take a deep dive into last week’s trial verdict against Donald Trump in NYC and lessons for the compliance professional.We explore the importance of internal controls, consistent consequence management, and effective leadership. They also delve into how compliance officers can learn from the storytelling strategies used in the trial and emphasize the application of the rule of law.Key Highlights: Overview of Trump’s Criminal Conviction Internal Controls and Compliance Lessons Consequences Management and Consistent Enforcement Ethical Leadership and Communication Who is your audience? Storytelling in Compliance Final Thoughts and Rule of Law Resources:Matt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom and Matt delve deep into Citigroup’s $126 million trading error, resulting from poor internal controls.They discuss how a simple ‘fat finger’ error by a trader led to a major flash crash on European stock exchanges in 2022, and how the failure of Citigroup’s internal controls allowed it to happen. The discussion covers multiple compliance lessons, including the importance of understanding the human element in control design, the need for adequate staffing and monitoring, and the necessity of consistent global risk management.Fox and Kelly also highlight the importance of addressing findings from internal audits and maintaining urgency in improving internal controls. They emphasize that companies should think creatively about risk management, taking into account various global factors, including holidays and local regulations.Key Highlights: The Citigroup Internal Control Fiasco Compliance Lessons from Citigroup's Mistake The Human Element in Compliance and Control Failures Global Consistency in Risk Management Resources:Matt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom Fox and Matt Kelly take a deep dive into a recent report by Prevalent on Third Party Risk Management in 2024 and Microsoft’s 2024 Environmental Sustainability Report.Tom and Matt discuss the challenge companies face in aligning their sustainability goals with their supply chain management. They question whether sustainability functions within a company have the authority to influence supply chain decisions, such as rejecting suppliers that do not meet sustainability criteria.We discuss the  Microsoft Report, noting that while the company acknowledges it has not yet achieved the ability to reject non-compliant suppliers, it suggests a target of improvement by 2030. The core issue highlighted is whether sustainability initiatives will have significant influence over supply chain decisions in the future. Key Highlights: Intersection of Supply Chain Risk Management and Sustainability The Role of Sustainability in Supply Chain Decisions Microsoft’s Journey Towards Sustainable Supply Chain Management The Energy Industry Model Resources:Matt on Radical ComplianceTom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom and Matt look at the absolutely scathing report issued by the law firm Cleary Gottlieb on the toxic culture of harassment and abuse at the Federal Deposit Insurance Corporation.A recent scandal has been unveiled in the U.S. banking sector, spotlighting the Federal Deposit Insurance Corporation (FDIC). A report has unveiled a toxic corporate culture riddled with instances of harassment, whistleblower retaliation, and poor leadership under Chairman Martin Gruenberg.Fox, viewing the scandal as a pivotal moment, emphasizes the need for accountability and radical change within the organization, particularly in addressing the issues revealed in the report. Despite the daunting challenges, Fox maintains a level of optimism, believing that with the right management and leadership changes, the FDIC can rectify its corporate culture.Kelly recognizes the deep-seated cultural issues brought to light by the report, nonetheless, he believes that due to the FDIC's relatively small size, with the right leadership and cultural shifts, it is possible to turn the organization around. Both experts' perspectives are rooted in their understanding of corporate culture and governance, and their beliefs in the power of effective leadership and cultural change.Key Highlights: Toxic Culture Exposed in FDIC Report Ethical Culture Assessment in Banking Regulation Systems Toxic Culture: Mismanagement & Whistleblower Retaliation Structure and Toxic Corporate Environment Transformative Potential within the FDIC Resources:Matt Kelly on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject.Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!In this episode, Tom Fox and Matt Kelly look into an absolutely wacko SEC enforcement action involving BF Borgers and its founder and principal, Benjamin Borger’s.The auditing sector was recently rocked by the Securities and Exchange Commission’s (SEC) investigation into BF Borgers CPA, an auditing firm with over 1,600 problematic disclosures. The incident, which serves as a reminder of the critical role played by audit committees in ensuring appropriate audit procedures,.Only a fraudster can admire the audacity of Benjamin F. Borgers in fabricating audit reports for hundreds of clients, which underscores the need for enhanced governance and regulatory measures to prevent similar incidents in the future.We discuss the impact on smaller public companies, focusing on their struggles to find competent and affordable audit firms. Matt raised the question of where the company’s audit committees were during all this fraudulent work. He also speculates on potential legal repercussions for Borgers and his firm. Both perspectives highlight the gravity of the situation, the need for improved oversight, and potential consequences of such actions.Key Highlights: Audit Quality Oversight in Regulatory Environment Finding New Auditors After Losing Previous Firm Limited Options for Small Company Auditors Proactive Monitoring of Audit Firms by Committees Resources:Matt on Radical Compliance Tom  InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices