Compliance into the Weeds

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!Get ready to dive into the fraud risk management and prevention world with Compliance into the Weeds, hosted by Tom Fox and Matt Kelly. In this episode, they break down the recently released fraud risk framework by COSO and the Association of Certified Fraud Examiners and how it’s necessary for today’s cyber-based fraud and cryptocurrency. They stress the importance of data analytics and internal hotlines to prevent fraud and that all employees need to be trained to detect and prevent fraud in their industry. The hosts also discuss how financial reporting controls may not always detect fraud and how anti-fraud controls are essential. With the rise of new types of fraud like ESG and greenwashing, the hosts recommend the fraud risk report for audit and compliance professionals to stay informed about risks swirling around corporations today. Take advantage of this informative and fascinating podcast. Tune in to Compliance into the Weeds now. Key Highlights:·      Fraud Risk Management: COSO Report 2nd Edition·      Effective Fraud Prevention Training for Employees·      Importance of Anti-Fraud Controls in Fighting Fraud·      COSO Fraud Risk Guidance and the Fraud PentagonNotable Quotes:“But when you think about it, we have a lot of external factors, such as the rise of cryptocurrency, which is riddled with fraud and corruption risk. New methods of cyber-based fraud, which didn’t exist, say, 2016, the 2010s before that. Rise of ransomware in particular, which wasn’t quite a big thing back then that it is all over the place now.”“Most frauds, you the risk management function, you might never catch them. By looking for them, you’ll have to depend on somebody else coming to you from the enterprise, say, I think this person over here is doing something sketchy.”“Fraud is having a moment. And fraud risk is on the forefront of many people’s minds from many different areas.”“We need to do better at finding ways to assess and understand your fraud risk and then implementing new controls as necessary to push that risk down to acceptable levels.”ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking to stay updated on compliance and ethics? Look no further than Compliance into the Weeds, with co-hosts Tom Fox and Matt Kelly! Looking to stay updated on compliance and ethics? Tune in to the Compliance into the Weeds podcast with hosts. In this episode, they tackle the corruption scandal involving ComEd and its parent Exelon, and highlight the progress made in their compliance program reforms. With the release of their second public progress report, compliance and corporate executives can learn from changing ComEd's company culture and supply chain overhaul. The podcast also dives into integrating compliance concerns into HR processes and identifying supervisory groups that may need closer monitoring. Don't miss out on this informative and insightful episode available now!Key Highlights ·      Significance of the report·      Compliance and the Supply Chain·      Compliance and Exit Interview·      Using this report going forward Notable Quotes:“I just have to acknowledge that state of Illinois finally convicted someone for corruption.”“These reports provide not just simply a roadmap of how to change culture, but really a way to think through what may seem like an insurmountable problem.”“I applaud Exelon for establishing this comprehensive supply chain risk management effort and making supply chain compliance a big part of its supply chain risk program.”“It is compliance, which is driving overall supply chain risk management and business efficiency, which is inevitably lead will inevitably lead greater profitability if done correctly and that with a variety of other areas and companies having supply chain risk.” ResourcesMatt LinkedInBlog Post in Radical ComplianceCheck out our prior podcast on ComEd’s 2022 Compliance Report hereTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!Tom Fox and Matt Kelly dive into the recent enforcement action against British American Tobacco (BAT) for violating North Korean sanctions. After years of evading sanctions and funneling over $630 million, regulators have imposed the maximum penalty. Join the podcast to understand the scheme enacted by BAT and the consequences of their actions. They also discuss the need for clarity around who is responsible for ensuring compliance with OFAC and the Justice Department for the next 5 years. With potential penalties looming, the consequences senior management could face, and the extent of compliance commitments expected of BAT, this is a case you want to take advantage of. Listen to Tom and Matt make sense of this perplexing case and what it means for companies in countries like North Korea. Key Highlights: ·   Sanctions enforcement on British American Tobacco·   The North Korean Scheme of British American Tobacco·   British American Tobacco's Sanctions Compliance Penalty and Requirements·   Legal implications of BAT's North Korea joint ventureNotable Quotes:“I almost think we should just name this series, ‘the hits just keep on coming’ as sanctions is the new FCPA.”“This is a long-running, complicated scheme involving the highest levels of BAT knew this was going on to evade sanctions risks.”“Short of Activision Blizzard, this case strikes me as 1 of the most egregious that we have seen in any form of trade control, export control, trade sanctions, FCPA, or other major corporate white collar.”“They talk about how BAT and its subsidiaries knew full well that US sanctions said you can't do business with North Korea; they were upset over how BAT publicly announced it.” ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more, looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!In this episode, Tom and Matt discuss the recent $300 million fine against Seagate Technology Corporation for violating US sanctions against Huawei. They analyze Seagate's approach to sanctions compliance, especially when compared to Microsoft's response to similar violations. With billions of dollars in sales at stake, the implications of these cases for compliance officers are huge. With frank insights, deep knowledge, and engaging dialogue, Compliance into the Weeds is a must-listen for anyone interested in sanctions compliance and the world of business.Key Highlights:·      Seagate's controversial business dealings with Huawei·      Seagate's Sanction Violations and Compliance Programs·      Seagate's Violation of Foreign Product Rule·      Expanding Lessons for Compliance Officers Notable Quotes:"Sanctions is going to be the new FCPA risk," according to the US Justice Department.""The failure to acknowledge your culpability is a key multiplier under the federal sentencing guidelines. And so if this had been any criminal penalty, this fine and penalty would have gone through the roof.""Look to your left, look to your right, see what other people are doing, what they're getting in trouble for, and incorporate those lessons learned into your risk assessment.""Sanctions are hard, and companies can misunderstand this. Well, very specifically, the rule that got Seagate into trouble is known as Foreign Direct Product Rule or what is it exactly, the foreign-produced direct product rule?"ResourcesMatt LinkedInBlog Post in Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Join Tom Fox and Matt Kelly in the latest episode of "Compliance into the Weeds" as they delve into the world of SOX compliance. In this discussion, Matt shares insights from recent webinars and Cornerstone Research studies on class action lawsuits related to accounting issues, while Tom emphasizes the importance of preventing accounting fraud through robust internal control systems. They shed light on the role of IT controls in ensuring the integrity and security of financial systems, as well as the challenges auditors face in verifying their effectiveness. They go on to discuss how companies can mitigate the risk of fraud by implementing strong access and cybersecurity controls and adapting to new business environments. Don't miss out on this captivating episode which offers practical tips and strategies for compliance officers and industry professionals alike!Key Highlights·      Current SOX compliance priorities·      The cost of lawsuits involving SOX compliance failures, financial accounting and financial restatements are going up·      2023 PCAOB inspection priorities Notable Quotes:“None of those numbers are going in the right direction for SOX compliance officers.”“A lot of what SOX compliance is and a lot of what auditors are looking at relates to IT controls.”“We rely so much on IT now to run the accounting system, the accounts payable, the finance function, a lot of what you need to assure a strong accounting system is really how are you governing software that is running those apps.”“That, however, assumes that you've got strong cybersecurity and strong access controls around getting into that portal.” ResourcesMatt  on LinkedInMatt’s 3 articles on Radical Compliancea.     SOX Complianceb.     Lawsuits over SOX failuresc.     PCAOB Inspection PrioritiesTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, join Tom and Matt as they delve into Microsoft's recent sanctions enforcement action with OFAC. They explore what went wrong and how you can avoid costly compliance failures, from potential red flags to reseller relationships. But it's not all doom and gloom as they discuss how Microsoft implemented a three lines of defense model for sanctions compliance, setting a benchmark for the industry. With Tom and Matt going into the weeds on the importance of centralization and persistent screening technology, this podcast is a must-listen for any compliance officer looking to stay ahead of the curve. Tune in now to find out more!" Key Highlights ·      Sanctions compliance case involving Microsoft ·      Microsoft's Sanctions Compliance Model·      Microsoft's Sanctions Compliance Program Remediation·      Sanctions Compliance and OFAC Guidance·      Impact of Russia invasion on Microsoft operations Notable Quote:"It's well worth giving the case a good look. So it was, I thought, a great lesson on resellers and the way the hardware and software industry did business."? ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, join Tom and Matt as they discuss a new sustainability framework that companies can use to improve their sustainability efforts. The document emphasizes the importance of data governance and using a recognized control framework for effective financial reporting, similar to COSO. The hosts explore the challenges of collecting and managing sustainability data, while highlighting the need for organizations to have a Chief Data Governance Officer and an in-house data committee. They discuss the importance of competent leadership, effective communication, and the role of vendors offering sustainability supporting solutions. Tune in to discover how the right oversight mechanisms can save organizations money by streamlining IT vendors and why sustainability data reporting is the new challenge of achieving Sarbanes Oxley compliance in the 2000s. Key Highlights·      COSO Internal Control Framework for Sustainability Disclosures·      Comparing Sustainability and Ethics/Compliance Frameworks·      Challenges in Sustainability Data Collection·      Importance of Data Governance in Large Enterprises Notable Quotes1.     “ESG and sustainable business information, on the other hand, tends to be longer term and more qualitative.” 2.     Revenue numbers are in dollar returns and carbon emissions are not.3.    Radically different sorts of disclosures and data there, but you have to think through. 4.    You're going to have to make sure that the data governance mechanisms you have? Do you have a Chief Data Governance Officer? Some organizations do. Do you have an in house data committee to think about are we collecting all of this data? ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, we discuss the consequences of insufficient disclosure regarding cybersecurity risks as demonstrated in the recent Blackbaud SEC enforcement action. The SEC requires companies to proactively disclose material events and the Delaware Court of Chancery is making it clear that senior executives are responsible for ensuring compliance with disclosure requirements. Tune in next week to hear more Compliance into the Weeds from Tom and Matt. Key Highlights·      The cost of poor communication: $3 million lesson from Blackbaud's FCC fine.·      Disclosure Controls and the Sarbanes Oxley Act·      The Consequences of Failing to Comply with the SEC and FCC Regulations on Reporting Data Breaches·      SEC Cracking Heads and What's Next Notable Quotes:1.      "Do words still matter? I think that they do."2.     "I couldn't think of at least 3 million reasons why that was a bad idea in hindsight, and maybe they should have been more forthcoming."3.      "Oh, well, actually, you know, we missed the revenue target, but we forgot to tell the CFO, people would be fired. You know, there would be heads stuck on the pikes. In front of the office lobby or something like that."4.     "A compromise of our data security that results in customer or donor personal or payment card data being obtained by unauthorized persons could, and that's the word. Could adversely affect our reputation with our customers and others." ResourcesMatt  on LinkedInMatt on Radical ComplianceTom InstagramFacebookYouTubeTwitterLinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I continue our exploration of the collapse of Silicon Valley Bank (SVB) and take a deeper dive into the compliance angles. Silicon Valley Bank had taken some big risks which led to depositors having a near-death experience, shareholders losing all their money, and taxpayers ultimately supporting the bank's bailout. Despite the auditors giving an anodyne report on the bank’s risk management, the board, management and regulators all missed the big strategic risks. As a result, the bank collapsed, leaving Matt to question whether stakeholders were given the right assurance on the right things.Key Highlights·      What risk management strategies did SVB senior management and Board miss or ignore that could have prevented the financial disaster?·      Why did SVB's management decline to pursue improvements to their risk management practices after being warned by BlackRock consultants? ·      Did regulators miss the red flags raised by the San Francisco Fed examiners 18 months before the collapse of SVB?Notable Quotes:1.     "We should remember that really, the auditors’ report is going to give assurance on two points: Number one, is there a risk of material misstatement in the financial statements? And number two, does the audit firm have any substantial doubt about the organization's ability to continue as a going concern for roughly the next twelve months or so? That's how long it is. But it's those two things."2.     "When you have Elizabeth Warren and conservatives both raising hell at the same time, it's a valid issue to go and look at then because that does not happen too often."3.    "It's like nobody had thought about this when really once we rolled back DoddFrank protections and supervisory constraints specifically for mid-sized banks, which Republicans pushed through in 2018, once that happened, that became the systemic risk that regulators had to think about."4.    "Everybody kind of sort of knew there was a problem, but a whole lot of finger pointing and not enough planning and assurance and communication to the public at large and to investors." ResourcesMatt  on LinkedInMatt on Radical ComplianceTom on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I explore the collapse of Silicon Valley Bank (SBV) and its outcomes. We discuss the consequences if the Federal government fails to bail out Signature Bank in New York and Silicon Valley Bank. The Dodd Frank Act is examined and note that the SBV Chief Risk Officer left 8 months ago and was never replaced is a huge red flag. Will this event cause the Federal Reserve will pause interest rates hikes? Why did Libertarians from the tech industry scream for bail outs? Tom and Matt expertly unpack the complex details within the industry and provide insight and analysis into this relevant and timely industry topic. Key HighlightsThe Impact of Silicon Bank and SBV's Failures on the Banking Industry [02:01]Implications of Unsold Silicon Valley Bank Assets on Taxpayers [05:04]Challenge of Businesses Dealing with Employee Benefits under Federal Government Regulations [09:04]Effects of Changes to the Dodd-Frank Act on Midsized Banks [12:54]The Impact of Regulatory Ease on Business Failures [16:47]The Reasons Behind Silicon Valley Bank's Chief Risk Officer Quitting [20:53]The Impact of Social Media on Interest Rate Decisions by the Federal Reserve [24:52] Notable Quotes:1.     "So those loans were bringing in maybe 2 or 3 percent interest, but SVP had to be paying out interest rates that might be more at 4 percent. That difference is what undermined the capital structure and the balance sheet of SVB until people started getting skittish, and then they said, Maybe I should pull my money out, which made the bank even more weak, so people got even more skittish."2.     "The big issue, and this is why the business customer angle is important, is that under FDIC rules, a bank's deposits are insured up to 250,000 dollars per account."3.     "Is it a business if you can never fail? This was not too big to fail. This was we are not going to let anybody fail."4.    " You may not know where your key suppliers or your key customers or your key third parties are banking. Maybe you have that information. But does that mean you're going to have to assess the financial health of those financial institutions of your customers? And know if they're going to be able to pay you of your vendors or third-party suppliers? They can meet their payroll to deliver their services." ResourcesMatt  on LinkedInTom on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices