As companies move forward on third-party risk management programs, and as automated third-party risk solutions are being implemented, compliance professionals have to re-examine and re-balance the allocation of resources and...more
Compliance officers face almost an infinite number of risks – not to be trite, but CCOs can drive themselves crazy identifying every plausible legal and compliance risk a company faces. I am exaggerating a little bit to make...more
2/11/2020
/ Anti-Corruption ,
Chief Compliance Officers ,
Compliance ,
Compliance Management Systems ,
Cooperative Compliance Regime ,
Corporate Governance ,
Ethics ,
Internal Controls ,
Policy Management ,
Risk Management ,
Third-Party Risk ,
White Collar Crimes ,
Willful Misconduct
I am reluctant to start off the New Year with a negative comment or posting. But I have a significant concern about the path and current state of ethics and compliance....more
1/24/2020
/ Automation Systems ,
Chief Compliance Officers ,
Compliance ,
Corporate Governance ,
Ethics ,
Internal Controls ,
Leadership ,
Risk Management ,
Senior Managers ,
Technology ,
Vendors
Moving on, 2019 was a big year in OFAC compliance. The Sanctions Compliance Guidance was a major change in sanctions compliance. OFAC has set high expectations for compliance. Whether companies have received and responded to...more
The path of the compliance profession has been remarkable. Recently, I have seen a number of tweets and postings from compliance thought leaders touting the accomplishments of compliance and the transformation of the...more
1/17/2020
/ Analytics ,
Anti-Corruption ,
C-Suite Executives ,
Chief Compliance Officers ,
Compliance ,
Compliance Management Systems ,
Compliance Monitoring ,
Corporate Culture ,
Corporate Governance ,
Leadership ,
Risk Management ,
Senior Managers ,
Technology ,
White Collar Crimes
As a passionate supporter of the compliance function, I continue to advocate for compliance officers and the importance of compliance to overall governance. Good compliance means good business – we all know that....more
As everyone knows, I am an eternal optimist. Being a cynic always leads to negative energy and results. As a former federal prosecutor, I am deeply committed to the idea of doing the right thing....more
1/15/2020
/ Anti-Bribery ,
Anti-Corruption ,
Chief Compliance Officers ,
Compliance ,
Compliance Management Systems ,
Compliance Monitoring ,
Corporate Culture ,
Corporate Governance ,
Corporate Management ,
Corporate Misconduct ,
Innovative Technology ,
Leadership ,
Risk Management ,
White Collar Crimes
Global companies face extraordinary risks through their reliance on third-party agents, distributors, consultants and vendors/suppliers. Federal prosecutors and regulators have had a record year in FCPA and sanctions...more
12/15/2019
/ Automated Systems ,
Compliance ,
Corporate Entities ,
Enforcement Actions ,
Foreign Corporations ,
Foreign Corrupt Practices Act (FCPA) ,
Legal Technology ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Sanctions ,
Third-Party ,
Third-Party Liability ,
Vendors
Corporate cultures do not operate in a silo or free from external influences.
Yet again, another profound grasp of the obvious. Employees, managers and senior leadership all bring their own experiences, perspectives,...more
12/12/2019
/ Anti-Corruption ,
Compliance ,
Conflicts of Interest ,
Corporate Culture ,
Corporate Governance ,
Corruption ,
Ethics ,
Foreign Corrupt Practices Act (FCPA) ,
Political Expression ,
Risk Management ,
Tone At The Top
In today’s aggressive enforcement environment, corporate board members have a target on their respective backs. Even with robust liability insurance, corporate boards are operating in a state of “ignorance is bliss.” ...more
We all are living in an era of rapid technological development – everyone understands that basic point. Even in a small way, we can observe the impact in ethics and compliance. Start with the simple transition from “paper”...more
Corporate boards all want to believe that their companies maintain an ethical culture. Each board members knows the right words, platitudes and buzz words to use. No one can fault them there. But like every issue in life,...more
I guarantee you if you ask your corporate board to define “ethical culture” and “compliance,” and their actual day-to-day responsibilities in this area, you will quickly realize most board members have no clue. ...more
Businesses are increasingly relying on the cloud to store confidential and sensitive information. One-third of information technology budgets are used for cloud services. Rapid growth in cloud storage is expected over the...more
9/12/2019
/ Best Practices ,
Board of Directors ,
Cloud Computing ,
Compliance ,
Confidential Information ,
Cybersecurity ,
Data Management ,
Data Protection ,
Incident Response Plans ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Senior Managers
We all know that businesses rely on a large number of third-party vendors to support their business operations. Many of these third parties require access to a company’s data and its internal information and technology...more
9/11/2019
/ Class Action ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Protection ,
Hackers ,
Incident Response Plans ,
Insurance Claims ,
Internal Controls ,
Popular ,
Public Relations ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
9/10/2019
/ Amazon Marketplace ,
Capital One ,
Cloud Computing ,
Compliance ,
Credit Cards ,
Cyber Attacks ,
Data Breach ,
Data Security ,
Data Theft ,
FBI ,
Financial Services Industry ,
GitHub ,
Identity Theft ,
Internal Controls ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Risk Mitigation ,
Slack ,
Third-Party Service Provider ,
Vendors
This is likely to be a politically incorrect posting. I hope I do not offend too many people, especially those new data privacy professionals.
As kids, we were always excited when an ice cream truck visited our...more
The California Consumer Privacy Act (CCPA) presents numerous compliance challenges for businesses. Given the heightened focus on consumer privacy and ever-increasing enforcement risks, companies have to move quickly to...more
8/21/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management
When the federal government fails to assume responsibility for establishing law and policy in important federal areas of jurisdiction, the individual states then spring into action to fill the vacuum. ...more
8/20/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Employee Training ,
Enforcement Authority ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Risk Management ,
State and Local Government
I have long predicted that corporate board members are in for a rude awakening. Corporate boards have to improve their ability and knowledge surrounding supervision and monitoring of a company’s ethics and compliance...more
8/7/2019
/ Blue Bell Creameries ,
Board of Directors ,
Breach of Duty ,
Bribery ,
Caremark claim ,
Compliance ,
Corporate Culture ,
Corporate Governance ,
Corporate Misconduct ,
Corporate Monitoring ,
Corruption ,
DE Supreme Court ,
Derivative Suit ,
Ethics ,
Failure to Comply ,
Fiduciary Duty ,
Food Contamination ,
Risk Management ,
White Collar Crimes
Compliance professionals are implementing their own monitoring and auditing strategies. Internal audit does not have the resources nor the time to assume responsibility for this function. If possible, internal audit may...more
As companies elevate their “game” in sanctions compliance, it is important that compliance officers critically examine the strengths and weaknesses of their compliance programs. Many companies already have a screening...more
In my showcase of profound but obvious points, let me add to my collection – an illegal bribe often turns on the actor’s state of mind. Did he or she act with corrupt intent?...more
As compliance strategies evolve and improve, more attention is being paid to data and measurement of a compliance program. Like every task associated with compliance, professionals have to be smart when it comes to this...more
Chief compliance officers have a hard job. CCOs know that fact and them fully embrace the challenges of their positions. At the same time, CCOs have extraordinary expectations placed on their shoulders – they are rarely...more