Groundbreaking Results: Join Me for a Webinar on Benchmarking Your Compliance Reputation

Groundbreaking Results: Join Me for a Webinar on Benchmarking Your Compliance Reputation

Groundbreaking Results: Join us for a Webinar on Benchmarking Your Compliance Reputation

I'm delighted to be partnering with Steele Compliance Solutions to present a webinar unveiling the groundbreaking results from our research into the external reputation of compliance programs.  During this webinar you'll learn critical information to answer questions like:  What does your company’s external appearance say about your company’s commitment to compliance and ethics? What are others in your industry doing? And perhaps and most importantly, what are best practices in this critical space?

Join us for a webinar to hear the results of this research and to find out how companies in your industry scored using Spark Compliance’s proprietary algorithm, that scores programs in six critical areas:

  • Code of Conduct 

  • Corporate Governance 

  • Whistle-blower Provisions 

  • Anti-Bribery Commitments 

  • Data Privacy 

  • Supply Chain / Modern Slavery / Sustainability 

I'll be presenting with Tony Charles, Chief Client Officer for Steele.  Sign up HERE to join us, Tuesday, March 5th, 11:00 AM EST (4:00 PM GMT).  See you there!


Read More

What’s in a Name? Everything!

What’s in a Name?  Everything!

“I’m good with faces, but I never remember names.”  How many times have you heard someone say this?  Have you said it yourself?  If so, you’re missing a critical opportunity to make people feel special and to create an immediate sense of familiarity and warmth. 

Dale Carnegie, author of How to Make Friends and Influence People, said, “A person’s name is to him or her the sweetest and most important sound in any language.”  What should you do if you have trouble remembering names?  Here are five ways to make it easier.

Say Their Name Back to Them Immediately

Most people shake hands when they are introduced in a professional setting.  When this happens, take the opportunity to say the person’s name back to them immediately.  Let’s say you were just introduced to Juanita.  When she shakes your hand, repeat back, “It’s so nice to meet you, Juanita.”  By using the name immediately, you’re more likely to cement it into your mind.  You’ll also be able to be corrected early on if you get the name wrong or mispronounce it.  It’s much better to be immediately corrected than to learn weeks or months later that you’ve been calling someone by the wrong name.

Not only should you repeat the person’s name after you meet them, but you should also say it again when you part ways.  “It was so nice meeting you Shantok,” will solidify the name in your head, as you’ve now said it at least twice. 

Find a Celebrity to Associate with Them…

Read More

5 Crucial Questions to Ask About Your Third-Party Risk Management

5 Crucial Questions to Ask About Your Third-Party Risk Management

When was the last time you thought through your third-party management and due diligence process?  Perhaps you inherited a system that was in place when you arrived, and you’ve never changed it.  Perhaps you’re trying to manage it on an Excel sheet.  Perhaps you know it’s a problem, but you’ve never actually done anything about it…

Considering that 90% of reported FCPA cases involve a third-party intermediary, and one-in-two global enforcement actions involved a third-party, your third-party risk management program is a crucial part of your compliance program.

Is your current third-party risk management and due diligence system up-to-scratch?  Here are five questions you should be asking yourself to find out.

Question 1: Is my system truly risk-based?

The most frequent problem we see in due diligence program reviews is non-risk-based systems.  This usually happens because a conservative lawyer or compliance person worried that a risk-based system might let a problematic party through the system, endangering the company.  What tends to result from this blunt-instrument approach is over-spending and too much attention spent on lower-risk third-parties.

The DOJ endorses a risk-based approach.  The DOJ’s Resource Guide to the Foreign Corrupt Practices Act states that “performing identical due diligence on all third-party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third-parties that pose the most significant risks.  DOJ and SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low-risk area because greater attention and resources had been devoted to a higher risk area.”

Ask yourself whether lower-risk parties get a lower level of due diligence and whether the hoops those parties jump through are smaller than those required for higher-risk third-parties.  If the answer is no, re-think your approach.

Question 2: Is my system consistently applied? …

Read More

Thrilled to be Named a Trust Across America 2019 Top Thought Leader in Trust

Thrilled to be Named a Trust Across America 2019 Top Thought Leader in Trust

I am deeply honored to announce that I have been named a Trust Across America 2019 Top Thought Leader in Trust. For the past nine years, Trust Across America has identified, and honored professionals who are transforming the way organizations do business. 

The award celebrates global professionals who walk their talk in terms of trust.  This year’s honorees come from a broad functional base, including integrity, trust, leadership, culture, compliance, ethics, reputation and risk management, governance, communications, employee engagement, sales, and customer service.

You can see the full press release HERE.  

Read More

GDPR: Google and What the H*ll Do We Do Now?

GDPR: Google and What the H*ll Do We Do Now?

This is a guest post from Patrick O’Kane, lawyer (UK barrister), Data Protection Officer for a US Fortune 500 company, and author of GDPR: fix it fast – How to apply GDPR to your company in ten simple steps.

“It’s too early to say!” quipped the Chinese Premier in 1972 when he was asked about the effects of the French Revolution in 1789.

It may be too early to say how hard regulators across the EU will penalize ordinary companies for breaching the EU General Data Protection Regulation (‘GDPR’)., but last week we saw the first shot across the bow.  The French CNIL fined Google 50 million Euros, which finally broke the dam.  The fine was levied under GDPR for "lack of transparency, inadequate information and lack of valid consent regarding ads personalization".

GDPR came into effect on 25th May 2018. It is a data regulation nonpareil - arguably the most-hyped compliance regulation for a generation. 

Regardless, some of the GDPR hype has died down.

At the pinnacle of the hype, GDPR was more of a phenomenon than a compliance regulation. At one stage it was reported that it had outranked Beyonce on Google Search.

Consumers received emails from needy companies asking them to consent to marketing. GDPR ‘consultants’ of all shapes and sizes filled the marketplace. London lawyers promised to salve our GDPR anxiety if only we retained their services

And then…. nothing. By July 2018, it seemed to have slipped off may board agendas.

The Other GDPR fines

As you know, the maximum fine under GDPR is €20 million or 4% of a company’s global turnover (whichever is greater).

Some of the GDPR fines levied by Regulators have been tame. Before the Google action, post GDPR-fines have been scarce, and they have not been headline-grabbing. For example:

  • A German social media company was fined €20,000. The company had been hacked and 808,000 email addresses were compromised.

  • An Austrian retail company was fined €4,800 fine after its CCTV captured too much of the public sidewalk.

  • A Portuguese hospital was fined €400,000 after hospital staff illegally accessed patient records.

The Google fine – 3 takeaways …

Read More

Ask Kristy: How do I get paid to teach compliance?

Ask Kristy: How do I get paid to teach compliance?

Q:  I would like to become a part-time or adjunct university professor teaching compliance or anti-money laundering, but I don't really know where to start. How can I reach out to universities? Many thanks for your time and help.

Best regards,


A: Hi Adjunct-in-Waiting,   

Thanks for reaching out.  Compliance is a hot and growing topic, especially in law schools.  Many MBA programs are adding entire courses in corporate ethics and compliance, and some undergraduate colleges are adding compliance as an offering as well. 

At first it can seem tricky to get these types of roles.  After all, they don’t normally come in your LinkedIn feed.  However, it can be fun to be known as “professor,” and if you want to give back through teaching the next generation of compliance officers, it’s worth pursuing.  Here are some tried and true ways of getting into the adjunct teaching world. 

Call Your Alma Matter

The first place I'd look is to the dean at your alma mater.  Students enjoy learning from a successful professional that graduated from the school at which they’re studying.  You become a de facto role model by exemplifying a successful career post-graduation…

Read More