Innovation in compliance brings you interviews with industry leading experts who are changing the way practitioners approach compliance. Host Tom Fox, the Compliance Evangelist and Voice of Compliance is driving the conversation about compliance into the 2020s and beyond with his focus on innovations for the compliance practitioner and the compliance profession. If you want to learn how to bring business solutions to compliance problems to more fully operationalize compliance, this is the podcast for you.
Third-Party Management: A risk-based approach - Part 3: Kairi Isse on Implementation and Maintenance
hace 2 horas
14:55Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 3, I visit with Kairi Isse, on the implementation of your third-party risk management program after the contract is executed. Learning about the risk posed by third-party vendors to a company's compliance program can be an eye-opening experience. However through the use of an AI-based ongoing monitoring search tool with customizable features, auditable trails, for third-party risk management; an organization can ensure that their compliance programs are effective and reduce their risks of fines and reputational damage in the implementation stage after contract is executed. Key Highlights · How can modern companies effectively manage third party risk and protect their reputation? · What are the best ways to monitor third parties in a stable vendor ecosystem? · How can AI and machine learning make third party management more efficient and effective? Notable Quotes 1. "The key to this effective risk management is truly the follow up, the ongoing follow up to ensure that all the controls are in place and if needed, are changed." 2. "The key to effective risk management is the ongoing follow up to ensure all the controls are in place and if needed, are changed." 3. "It's not the most data, it's the right data." 4. "Everything is audited in there; there's audits for the third-party profiles, there are audits for each of the cases." Resources Kairi Isse on LinkedIn Check out Diligent’s 3rd party products and services here.
Third-Party Management: A risk-based approach – Part 2: Stephanie Font on Questionnaires and Due Diligence
hace un día
15:55Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Associate at the Volkov Law Group. In this Part 2, I visit with Stephanie Font, on the need for evaluation of potential third-party through questionnaires and determination of the necessary due diligence investigations to comply with regulations, while navigating using questionnaires to uncover the truth. What is the importance of understanding regulations and risk factors when creating questionnaires to help with due diligence. Through understanding the risk model and what specific regulations the company needs to comply with, creating effective questionnaires to help with due diligence can become easier. Stephanie also found out that having a due diligence risk management system can automate some of the process and help flag any potential risk factors. With the help of questionnaires and due diligence, Stephanie was able to learn how to effectively document and investigate potential third parties. Key Highlights How questionnaires can be used to comply with regulations and inform a risk model. How due diligence investigations can help to uncover risk factors in a potential third party. How a third-party risk management system can automate parts of the process. Notable Quotes 1. "Knowing what you're trying to comply with and thinking of those questions that are going to get you there is probably the top thing." 2. "Don't lose your common sense and listen if your gut tells you something's wrong." 3. "Documentation is key to create an internal audit trail and have something to show to regulators." 4. "Know your own risk model and build the risk model into the system to flag any potential risk factors." Resources Stephanie Font on LinkedIn Check out Diligent’s 3rd party products and services here.
Don't miss an episode of “Innovation in Compliance with Tom Fox” and subscribe to it in the GetPodcast app.
Is Data Fit for Purpose? with Malcolm Hawker
hace un día
29:11Is your company's data fit for purpose? In this episode of the Innovation in Compliance podcast, host Tom Fox welcomes Malcolm Hawker of Profisee, a company that creates MDM software, to discuss the importance of data quality, master data management (MDM), and data governance. They also explore how proper data management can drive exceptional results, reduce costs, and ensure compliance. Malcolm Hawker is a seasoned data management and governance professional with over 30 years of experience. Malcolm spent 15 years in product leadership, including a stint as Chief Product Officer at a software startup in Austin, Texas. He also led an IT organization at a $2 billion publicly traded company. Malcolm has since specialized in data management, master data management, and governance, working as an analyst for Gartner before joining Profisee as the Head of Data Strategy. Malcolm's passion is helping organizations leverage data to drive results. You’ll hear Tom and Malcolm talk about these ideas: Data must be accurate, complete, timely, and unique to be fit for purpose within an organization's business processes. Master data management (MDM) solves the "single version of the truth" problem, helping organizations maintain consistent and trustworthy data across various systems and departments. Effective data governance involves creating and implementing policies and procedures related to data management to optimize value, reduce costs, and ensure compliance. High-level, cross-functional, and functional levels all require tailored governance strategies. A CDO should define how data governance drives the three levers of revenue, cost savings, and risk mitigation within an organization. Corporate governance is typically the focus of boards of directors, while data governance is more of a functional or operating level concern. Data privacy plays a significant role within data governance and must be addressed with robust policies and procedures. Data governance can contribute to ESG initiatives, with one example being the reduction of carbon footprint through better data management and retention policies. No matter where technology trends lead, the foundation of accurate, consistent, trustworthy, and fit-for-purpose data remains essential for successful decision making and operations. "Modern younger business leaders are turning to LinkedIn, they're turning to YouTube, they're turning to podcasts for these types of insights [about business]. I need to be where the business leaders are." Malcolm shares best practices from a data management, data quality, and MDM perspective through his CDO Matters LIVE podcast. Malcolm's experience at AOL during its rapid growth period on his approach to innovation. KEY QUOTES "Data quality is all about making sure that you have data that is fit for purpose, that can be used efficiently in operations within the business, can be accurate and consistent, and trustworthy within the analytics, the reports that are used by that organization.." - Malcolm Hawker "My point here is that from a governance perspective, …the foundation of data quality, master data management - all the things that go into creating accurate, consistent, trustworthy, fit for purpose data - those things never go away." - Malcolm Hawker "Modern younger business leaders are turning to LinkedIn, they're turning to YouTube, they're turning to podcasts for these types of insights. I need to be where the business leaders are." - Malcolm Hawker Resources: Malcolm Hawker on LinkedIn CDO Matters LIVE Podcast Profisee
Third-Party Management: A risk-based approach - Part 1: Michael Parker on Risk Mitigation
hace 2 días
17:55Welcome to a special 5-part podcast series, sponsored by Diligent. Over this series we will consider a risk-based approach toe third-party risk management. Over this series I will visit with Michael Parker is the Director of Advisory and Consulting Services, Stephanie Font, Due Diligence Service expert; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 1, I visit with Michael Parker on the need for risk mitigation to bring a third-party into a relationship with your organization. Parker has worked in the compliance arena for six years, learning from his experience in government and tech. For a compliance program to be successful, executive leadership and there must be Board of Director buy-in for oversight as well. The goal of a third-party risk management platform is to protect the assets of the business and create a single source of truth. Through such a mechanism, third parties can be can screened for anti-bribery, anti-corruption, human trafficking, and much more. The Board needs visibility in order to make decisions and an audit log to show activity and diligence if ever needed. It is critical for all compliance function to stay up to date with regulations and keeping their third party platform consistently updated. Key Highlights How can a risk-based approach, coupled with a single source of truth and robust platform, help protect business assets and comply with changing regulations? What is the German Supply Chain Act and how can companies ensure compliance related to human trafficking and human slavery? How can companies use visual analytics to gain insights into their risk-based approach, and show evidence of due diligence in the face of an audit? Notable Quotes "Companies don't do bad things, people do. And as people do, the regulatory landscape changes and it can change quickly. So keeping up with those changes is critical to protecting your assets and mitigating risk." "We need to increase our defensibility and increase our auditability if somebody comes knocking, we can show and illustrate that we have done our due diligence to mitigate any sort of risk of doing business with this third party." "Companies don't do bad things, people do." "Put a platform in place that is robust lends itself to a number of different benefits." Resources Michael Parker on LinkedIn Check out Diligent’s 3rd party products and services here.
Compliance with Data Privacy with Bill Piwonka
27:17Legal GRC focuses on the various activities and responsibilities that people who report to legal must carry out, such as data privacy and breach response. In this week’s show, Tom Fox reconnects with Bill Piwonka, Chief Marketing Officer of Exterro, to discuss compliance with data privacy. They discuss the concept of legal GRC, which is a subcategory of the larger umbrella of GRC. They also explore how Exterro's legal GRC software can help companies manage their data effectively and efficiently while ensuring compliance. Prior to Bill Piwonka’s current position at Exterro, he had extensive experience running marketing teams for typically small software companies, helping build them as they grew. His knowledge of both startups and large multinational global organizations, including Intel and Oracle, has given him a unique perspective on the dynamics of different companies. As an expert in compliance and data privacy, Bill's insights and expertise are invaluable to organizations seeking to improve their compliance programs. Key ideas you’ll hear Tom and Bill discuss: Legal GRC is a subcategory of the larger umbrella of GRC that focuses on the various activities and responsibilities that people who report to legal must carry out, such as data privacy and breach response. Understanding where your data is, who owns it, and what regulations apply to it is crucial to effective data management and compliance. Data governance, data security, and data cleansing are key components of ESG, particularly in the G part, and the management of data is a mandatory step under ESG. Having a data inventory and understanding what regulations apply to that data from a retention perspective and disposition is essential to minimizing risk and ensuring compliance with various regulations. The key to minimizing risk and ensuring compliance is to have the processes and technology that enable you to constantly push the deletion button, in accordance with your retention policy. Extero has broad capabilities in eDiscovery, privacy forensic investigation, incident response, and cybersecurity compliance. Its clients include a wide range of professionals, such as IT, legal ops, GC, compliance, privacy, and HR. Regulatory obligations around data security and document turnover are a significant concern for organizations, and Extero's eDiscovery product can help clients comply with government agencies' requirements and store relevant information in their ESI vault. Extero's consent product can help organizations with obtaining and revoking consent across any medium and demonstrate their compliance. Legal departments are now recognizing the need for people, process, and technology to address issues that are now being enforced, especially on the privacy side. Process orchestration gives legal departments the ability to manage, measure, and optimize their processes and ensure defensibility. Extero's marketing strategy is to provide high-quality educational content for the people who would ultimately use their products, such as benchmark surveys, case law alerts, and privacy alerts. KEY QUOTES "Legal has to be involved in all the different GRC activities." - Bill Piwonka "You have to have the guts to push the deletion button. When you have the processes and the technology that enable you to constantly push that button, you're going to minimize your risk and you're going to ensure compliance across a whole swath of regulations." - Bill Piwonka "If I can help somebody understand how to optimize a data subject access request process or how to conduct a document review more efficiently, and help them do their jobs more effectively - and I do that for five years - they are more productive, they're more efficient, and they like the content that we're creating." - Bill Piwonka Resources: Bill Piwonka on LinkedIn | Twitter Exterro
The Secret Power of Meditation with Kara Goodwin
21:54"Most successful executives are well aware of meditation and the secret power of it, and that it has a competitive advantage because it can change the way they're thinking, access more levels of creativity and intuition," says Kara Goodwin, a meditation expert and Tom Fox’s guest on the latest episode of Innovation In Compliance. Kara and Tom discuss the transformative power of meditation, the benefits it offers to individuals and companies, and how it can help people find balance and purpose in their lives. She also talks about how meditation can change your brain, reduce anxiety and depression, and unlock your creativity and intuition. Kara Goodwin is a certified meditation teacher, and the host of The Meditation Conversation Podcast. With a corporate background in IT and sales, Kara's journey into meditation began when she moved to Italy and discovered the transformative power of this practice. Since then, she has been helping people develop their meditation practice through coaching, retreats, and online courses. Through her work, she seeks to help individuals and organizations find balance, purpose, and fulfillment in their personal and professional lives. You’ll hear Kara and Tom discuss: Meditation means something different to every person, but to Kara it's existing in a state that's beyond - beyond thoughts, beyond the body, beyond time, and beyond space. Meditation is getting to a state of higher consciousness, where the cycle of daily thoughts does not exist. Developing a meditation practice changes the brain and the nervous system. It can also translate to a person's state outside of meditation, where they can have a higher perspective on things. It allows them to slow down and not get caught up in the minutiae of the day. Being able to tell when you're off balance is simply taking mental stock of yourself. "It's just what's showing up for you in your world… It's becoming aware of how we feel and really even having a perspective that has a distance between what we feel and noticing what we feel," Kara says. You can't solve problems when you're operating in the same mindset they were created in. "When we're in problem-oriented consciousness, we're not necessarily going to find the solution for that problem in the same level of consciousness where the problem is," Kara remarks. "It's by raising ourselves into a higher level of consciousness that we can have access to more creative solutions, more holistic solutions, more win scenarios." Meditation is becoming an important component of mental health for businesses and companies. Kara uses the example of the NFL using meditation tactics to keep themselves calm in the high-stress environment they deal with. In addition, employers caring for their employees can also do more to create better working conditions. Caring for their employees in more holistic ways and seeing them as fully formed human beings, will impact the quality of their work. Meditation helps nurture whole-brain thinking. Nurturing whole brain thinking and allowing yourself space allows for higher consciousness, which promotes productivity and activity. KEY QUOTE "When we're in problem-oriented consciousness, we're not necessarily going to find the solution for that problem in the same level of consciousness where the problem is." - Kara Goodwin “[Meditation] is really getting into that state of a higher mind where we're not so focused on the little ins and outs and details of the day and the cycles of our thoughts.” - Kara Goodwin "Most successful executives are well aware of meditation and the secret power of it, and that it has a competitive advantage because it can change the way they're thinking, access more levels of creativity and intuition." - Kara Goodwin Resources Kara Goodwin | Twitter | Instagram The Meditation Conversation Podcast
Creating the Insights Lab with Zachary Coseglia
29:49In this insightful episode of the Innovation In Compliance podcast, Tom Fox welcomes Zachary Coseglia, the founder of the Ropes & Gray Insights Lab, to talk about the creation of the unique consultancy within the law firm. Zach dives into the challenges of building a team with diverse skill sets and backgrounds for a new function like the Insights Lab. He shares the value of data analytics for compliance, and how it can be used to improve investigations and understand patterns of behavior across the organization. Zach also highlights the complexities of working in-house, including managing relationships and understanding organizational intricacies. With over a decade of experience in the pharmaceutical industry, healthcare, and life sciences, Zach Coseglia built a strong background in investigations, compliance analytics, and digital compliance. During his time as head of investigations in Asia Pacific for Pfizer, he came up with the idea to create an analytics and behavioral science consultancy within a law firm, which led to the birth of the Insights Lab. Key takeaways from the episode include: Building an analytics consultancy within a law firm or compliance department requires investment in technology and human capital. Zach brought together people with diverse skill sets, backgrounds, and experiences to build a team that reflects the needs of the consultancy being created. He combined subject matter expertise of compliance and data analytics to build the team for the Insights Lab. Zach believes that to build a successful analytics consultancy within compliance, it's important to bring in people who have done this work in other industries. He stresses that they can bring unique perspectives and experiences that can drive innovation and progress within the organization. The potential of data analytics to promote a better, stronger compliance program through identifying trends, patterns of behavior, and driving efficiencies. Zach reflects on his experience working in-house and highlights the challenges of managing relationships and understanding organizational intricacies. He stresses the importance of effective relationship building and an intentional and strategic approach to building new capabilities or functions within an organization. Compliance is a deeply human discipline that involves shaping human behavior through policies, procedures, training, and programs. Behavioral science, cultural psychology, and behavioral economics play a critical role in compliance and ethics work. Compliance programs that only focus on rules are short-sighted. Human-centered design is a powerful approach to building effective compliance programs that engage with people and amplify their voices. KEY QUOTES: "I think that there's a huge opportunity for us to embrace behavioral science, to embrace a more scientific point of view, to embrace the world of data in ways that actually advance our profession." - Zach Coseglia “With all of the data we had available to us, we have this opportunity to understand human behavior in ways that go beyond just the rules.” - Zach Coseglia “I have felt for a long time that compliance is being treated - has been treated - as this exclusively legal, regulatory, enforcement-related exercise oftentimes led by lawyers, when in fact, compliance is a deeply human discipline.” - Zach Coseglia Resources: Zach Coseglia at R&G Insights Lab | LinkedIn Ropes & Gray Insights Lab | Podcast: There Has to Be a Better Way?
Leveraging Technology in Third-Party Risk Management with Jag Lamba and Jared Ezzell
25:34Jag Lamba and Jared Ezzell from Certa, join Tom Fox on the Innovation In Compliance podcast to explore the essential elements of a thriving third-party risk management program. They emphasize the significance of minimizing reliance on third-party self-disclosures by utilizing technology and data. They also highlight the importance of integrating due diligence, training, and ongoing monitoring to create a comprehensive approach to risk management. The conversation extends to payment controls, charitable donations, and the integration of the program into the overall third-party risk management lifecycle. Jag is the founder and CEO of Certa. Jared Ezzell is the Chief Customer Officer. Certa is a third-party lifecycle management platform for procurement, compliance, and ESG. Their no-code platform provides an easy and efficient way to digitize and manage the lifecycle of all suppliers, partners, and customers. Certa's automated onboarding, contract lifecycle management, and ESG management eliminate the procurement bottleneck, allowing companies to onboard third parties three times faster. With their cutting-edge technology, Certa is transforming the way businesses manage their third-party relationships, ensuring compliance and sustainability at every step. Here are some key points Tom, Jag, and Jared talk about: Jared talks about his professional background and his role at the company Certa, their products, and their customers. The hallmark of an effective anti-bribery and anti-corruption compliance program is the concept of risk assessment. Jared discusses the nine elements developed by Certa for an effective compliance program. The three dimensions of a complete solution for compliance risk management are full spectrum risk management, the full life cycle of the third party, and the full spectrum of third parties. A successful technology transformation project should be a modular rollout, with a focus on solving the highest pain point within three months and continuously phasing the rollout to avoid becoming overwhelmed. Jag and Jared clarify that while the company doesn't play the role of creating the documentation, they provide input and help evidence the client's defensible positioning in support of the client's policies. Jag tells Tom that the ongoing monitoring of third-party relationships requires companies to have data sources and processes in place, have a controls framework to act on information, and automate controls to handle egregious alerts. KEY QUOTE: “The ability to systematically enforce payment controls is a key common practice in successful third-party risk management." - Jared Ezzell Resources: Jag Lamba on LinkedIn | Twitter Jared Ezzell on LinkedIn Certa
Entrepreneurship and Risk Management with Adrienne Bellehumeur
25:15Tom Fox’s guest in this episode of Innovation In compliance is Adrienne Bellehumeur. They discuss the significance of gap analysis in the design of internal controls, and why having a thorough understanding of design is critical to the success of gap analysis. They emphasize the importance of continuous improvement and avoiding a "pass-fail" approach to internal control programs. Adrienne also shares her five principles for creating high-value compliance programs. Adrienne Bellehumeur is the Director and Co-owner of Risk Oversight, a firm specializing in internal controls, internal audit, and compliance programs. She has written a book called The 24-Hour Rule and Other Secrets for Smarter Organizations: Including the 6 Steps of Dynamic Documentation, which is set to be published on March 7th and is geared towards managers who are seeking solutions through documentation. This book aims to provide a fun and foundational approach to documentation for the modern knowledge workforce and is the first mass-market book on documentation best practices. Some of the key points discussed during the show include: Adrienne's background and current role at her company, Risk Oversight, which specializes in delivering services to mid-sized oil and gas companies in the engineering sectors. The purpose of gap analysis is to identify areas for improvement in processes and controls to support operational effectiveness. Adrienne's belief that internal controls should focus on good habits, accountability, and continuous improvement rather than just ticking boxes. How Risk Oversight helps companies fulfill their obligation of oversight by providing entity-level control review and understanding best practices in governance. The two best practices for board minutes, the "Goldilocks principle" and the "business judgment rule." The Caremark doctrine in Delaware and the importance of documentation of major risk management decisions. Adrienne's book The 24-Hour Rule, which is a mass-market book on documentation aimed at managers looking to solve problems through documentation and is applicable to various industries. KEY QUOTATION: “Risk management is about action.” – Adrienne Bellehumeur Resources Adrienne Bellehumeur | LinkedIn | Twitter Risk Oversight | The 24-Hour Rule and Other Secrets for Smarter Organizations: Including the 6 Steps of Dynamic Documentation
Key Board Issues Going Forward with Christina Bresani
18:44What are some of the challenges facing board members in providing meaningful oversight? Christina Bresani, head of William Blair’s Corporate Advisory Team, is here to share her take. Host Tom Fox and Christina are going to delve into the current state of the corporate world, touching on the challenges faced by boards of directors. They'll also discuss the increase of unsolicited offers and the importance of being prepared for them. This is a thought-provoking conversation that will shed light on the current landscape of the corporate world. Christina Bresani is a seasoned investment banker with over 25 years of experience. She joined UBS right after graduation from Wellesley College where she studied economics and Spanish. After 20 years at UBS, she joined William Blair and currently leads the Corporate Advisory Team, a team that focuses on advising public companies on all things mergers and acquisitions. Key points you’ll hear them discuss: Christina tells Tom, “About 85% of the transactions that we're seeing right now start with an unsolicited proposal.” They are advising clients on being prepared for unsolicited proposals and valuations in an uncertain market. How William Blair works with clients to optimize their portfolio and their process for evaluating selling or spinning off businesses. ESG is a focus area for boards. It’s now considered a "must-have" and not a "nice-to-have". Boards and management teams focus on ESG as a day-to-day part of their decision-making process. Christina is happy to see companies take a more holistic oversight around ESG at the board level. There has been an increase in shareholder activism and companies are worried about it and seeking help in preparing for it. “Ultimately, what companies need to be thinking about is how to create shareholder value,” Christina tells listeners. This is what should be top of mind for boards going forward, she remarks. KEY QUOTE: “There are always intertwined relationships between boards and companies, and the real goal is to get all the brains together in a room to figure out if a deal makes sense for both sets of shareholders.” - Christina Bersani Resources Christina Bresani on LinkedIn William Blair