Reading Roundup: Top Stories in Compliance
Is there ever a slow week in compliance-related news? Not that we can remember. It’s tough to keep up with the latest developments in regulatory requirements, industry standards and internal best practices for compliance professionals. Onspring is here to help. We’ve gathered the articles, opinions and insights below that will bring you up to speed.
By Jeffrey Klink (Corporate Compliance Insights)
Excerpt: “Being discreet is critical; the general rule is this: people you tell not to talk about things will absolutely talk about things. Rumors fly fast, and they can disrupt an organization’s employee morale and productivity. Limit the sharing of information, especially at the beginning of any investigation, and know that many internal investigations go wrong almost from the start when interviews take place before the facts are understood. Internal investigations sometimes require almost Job-like patience to succeed.”
By Michael Volkov (Corruption, Crime & Compliance Blog)
Excerpt: “In some cases, a thorough due diligence reveals few risks but there might be a gut feeling that the third party is not all they are cracked up to be. A third party by definition is not an employee and a company has little control over the third party-s day-to-day activities. I am not suggesting that due diligence is worthless or that there is no way to assess the risk of a third party. To the contrary, I believe in due diligence as a discipline and a comparative technique that provides valuable insight and assessment of future risks. Some of the process involves intangibles relating to a business sponsor, the justification for hiring a third party, the nature of the interactions with the potential third party in the due diligence process, and an overall sense of the third party’s commitment to ethics and compliance. There is no reason to ignore your gut reactions to these factors and others when reviewing due diligence information.”
By Matt Kelly (Radical Compliance)
Excerpt: “Clearly the routine control activities for harassment don’t help much. How useful is anti-harassment training and certification for an employee who believes the normal rules do not apply to him, and can put that belief into practice? What good is a reporting hotline, really, if the subject of the complaint oversees the HR department and everyone else? Even if the victims speak up about harassment (good), the damage to the company will be extreme (bad). The solution has to be structural: a deliberate effort to design the company so that even with a superstar talent at the heart of operations, that person cannot direct company resources to empower his misconduct.”
By Gaurav Pal (CSO)
Excerpt: “Most people cringe or roll their eyes when told that security by compliance is the best path forward. The primary reason for this is the notion that compliance is merely a checkbox exercise that does not yield any true benefit and certainly does not yield better security. My experience has been slightly different. The challenge has been not the regulations or the compliance itself, but the manner in which compliance has been assessed and overseen. A strong and dynamic oversight and compliance framework must accompany the new cybersecurity regulations. This is an emerging area where industry, government and associations have an opportunity to fashion the right compliance architecture.”
By Katie Wilcox (Onspring)
Excerpt: “An effective platform allows the compliance team to define what they communicate with each individual stakeholder. What details do they need to see? Has a control for which they are responsible been changed or has the underlying regulatory information been updated? What are the key action items for them personally? All this can be communicated in a targeted fashion down to the individual team member, which helps them regard the tool as useful and important, rather than noise to be ignored.”
Following @Onspring on Twitter for more up-to-the-minute news for governance, risk management and compliance professionals.