The Compliance Complex...have we cracked the code?

The Compliance Complex...have we cracked the code?

Insights from Christopher Annand, Director of Global Ethics & Compliance, Cargill

The other week I had the pleasure of meeting with Christopher Annand, Director of Global Ethics and Compliance at Cargill. Christopher is a compliance professional who has over 15 years of experience in the industry, and specializes in the development and delivery of compliance education and outreach programs at what is the largest privately owned company in the United States, and one of the largest in the world. Cargill operates in 70 countries spanning the globe and is comprised of 150,000 employees, all

working to drive the growth and success of the global food and agriculture enterprise. Christopher has the task of overseeing the governance and control factors in the compliance program, as well as managing the global teams and business partners. In short, he makes sure employees are keeping up with the Cargill standards. Sound easy? Not in the slightest. Compliance is one of the most difficult and complex jobs to work in because managing people has proven time and time again to be the hardest task on earth. When it comes to behavioral change...it is said to be near impossible.

Christopher explained how from the very beginning back in 1865, one of the first promises founder William Cargill made was, “my word is as good as my bond”. From there on out, they were committed to sticking to these 7 guiding principles, which Christopher listed off the top of his head.

1. We obey the law.
2. We conduct our business with integrity.
3. We keep accurate and honest records.
4. We honor our business obligations.
5. We treat people with dignity and respect.
6. We protect Cargill’s information, assets, and interests.
7. We are committed to being a responsible global citizen.

Cargill holds their employees to stringent operational and workplace standards, but when it comes to what works most effectively to ensure employees understand and comply...well, the devil is in the details. Workplace policy and corporate culture is something every company is focusing on making a top priority, but unfortunately it's because we have seen consequences have become too big to bare. Just last week Starbucks’ CEO Kevin Johnson spent upwards of $12M to shut down all locations and hold a nationwide racial-bias training following an incident where a staff member called the police on two black men in a Philadelphia Starbucks. Wells Fargo has come a long way in realizing the importance of having good culture alongside a trusted reputation, after their recent incident where over 3,000 employees were found to have opened fake bank accounts in order to make monthly quotas. Starbucks and Wells Fargo serve as examples of what happens when employees fall away from an organization’s core values. What could they have done differently?

At Washington D.C.’s Compliance Week 2018, Christopher shared his views on his use of data, a closely related topic buzzing amongst all businesses these days correlating directly to information about behavior. Christopher explained, “he can glean plenty from training data--how many people have completed it, how much time they spent in training, how they received their training--but that doesn’t necessarily speak to the effectiveness of the training to sway how people behave”. In my research about compliance, I have found the same consensus across the board. Systems and softwares have done a phenomenal job of collecting information and categorizing it into data, but when it comes to applying that data to see and measure real results in the workplace, it takes an even deeper level of strategic integration. 

Compliance officials like Christopher Annand are working diligently to “crack the code” for what works best to prevent non-compliance incidents from happening. Companies are now taking more proactive measures to mitigate their exposure, but in a world that is more connected, and therefore more vulnerable than ever before, is it enough? The holy grail lies in what changes employee perception and overcomes resistance to compliance in order to achieve higher levels safety, ethics and morale, and productivity in the workplace. “The drip method is good and works effectively, and the visual animations I have been creating seem to really stick with employees, but behavior change is a big topic and I haven’t cracked it yet.” Welcome to the compliance complex. With every challenge comes more avenues for innovation. I think we are onto something, but we have our work cut out for us.

Written by Charlotte Whiteman - Defense Mitigation & Remediation Advisor

Neztec Solutions Inc.

For more information, email at charlotte.whiteman@neztecs.com

Visual Storytelling Gives Power to Truth: Interview with Marc Havener - Producer, Founder & CEO of Resonate Pictures

This week I had the pleasure of meeting with Marc Havener, Founder and CEO of Resonate Pictures. As told on Resonate’s website, Marc worked in Hollywood for 10 years as an Assistant Director and Production Assistant on feature films like Pirates of the Caribbean, Confessions of a Dangerous Mind, Wedding Crashers, 2 Fast 2 Furious, and more. Marc’s golden revelation to build a business around ethics related films (Q Resonate Pictures) came during his time working on the Office style series for Bearing Point, his first ethics and compliance related series. Marc has traveled the world on film adventures and has won multiple awards and a regional Emmy; and now Marc is breaking new ground integrating cinema and critical messaging for training films.

Marc is a creative mind and very forward thinking, someone whom I would call a “progressive storyteller”. I imagined Marc asking himself questions like, “What if the stories we show in movies could spark more ethical behavior in humans? And if we hit the right demographic at a large scale, what if we could influence a whole culture of higher ethics, safety, and wellbeing?” Personally, I envision this “ethical storytelling” as a string, a current of electricity. The lesson is the current traveling into the viewer's brain, this energy excites the viewer’s mind and emotions to jump to a higher frequency (consciousness) which results in people’s thoughts and actions aligning with higher standards of compliance. It’s really a simple formula. 

Visual Stimuli + Empathy + Logic + Values + Workplace Policy + Understanding the WHY 

= 

A CULTURE OF COMPLIANCE

This concept is something Marc describes as being “sticky”...a “sticky story”. The end goal is to have that electrical current, that sticky string, resonate with people and link them to the characters of the film, weaving them into the larger fabric of a stronger morale society. I was excited to ask Marc a few questions. Marc is very passionate about what he does, and here is a window into his WHY.

Q1: What is storytelling and why is it so important to you?

Story is the best vehicle to carry a message. The problem is we are inundated with messages and it’s difficult to know which ones to pay attention to as well as remember the messages we want to remember. So we use stories to make a message human and "sticky". At its essence, a story is made up of a character who faces a dilemma and must make choices and act to overcome it. This struggle causes internal change and provides a new perspective and understanding of life. When told well, a story causes the listener to identify emotionally with the character and vicariously experience the same change, giving them practice to face similar, real life challenges.

Q2: What is the greater impact of storytelling to society?

Humankind has used storytelling to inform and transfer values for ages, causing a society to become the stories it tells itself. Think about it, we pay attention to anecdotes and testimonies that support and explain our perspectives. But when we are faced with a story that nudges us, that helps us see life from a different angle, in a way that resonates, it changes us a little. The best stories help us understand each other better, make us more kind, generous, brave, forgiving, etc. This creates better communities and better cultures. The potential is that it becomes normalized to help others strive for their best rather than striving only for personal gain.

Q3: Why is the visual aspect of storytelling so powerful?

It taps into the power of nonverbal communication - a form of communication that influences us more than words (and powerpoints!).  A good actor can establish empathy with simply and expression. Add to that composition of the frame, lighting, color, sound and music…and you’re able to send a powerful message in a matter of moments.

Q4: When was the moment when you realized that visual storytelling was so influential, and could be used for something more meaningful like ethical behavior change?

I remember when I was seven I saw Fox and the Hound in the movie theater. To this day I think about how that film influenced how I view my friendships, teaching me not to take them for granted. I haven’t seen the film since but it remains lodged deep into my memory. Our most visceral memories are the ones attached to emotions. Attaching information to emotion is what gives a story it’s power.

Q5: Considering the public now has at least a general understanding of the power of visual storytelling, and more prominently scientists and techies understand the power of the screen, do you ever feel like you’re fighting a battle for the good guys? 

What do you think of those who exploit this power for personal or business gains only? Do you believe there is a social responsibility to use the power of visual storytelling as a force of good?

I don’t think it’s any different than any other tool that can be used for good or bad. Short gains will always be made when you exploit the tool. But eventually, the truth always wins. So those of us playing the long game have nothing to worry about. We just need to hang in there!

Q6: In the context of your business, how do you plan to use ethical and safety storytelling to spark positive change in other businesses?

We bring a filmmakers perspective to training videos. I’ve been in the film industry for over 20 years and what drives me to make “corporate" films is the same thing that drives me to make “film” films. It's their unique ability to influence people (or employees) to live life better. Messages involving ethics and safety are particularly suited for storytelling because they often hinge on empathy - a by-product of a well-told story. Our productions involve a little more investment than a typical corporate training video because we believe the creative (screenwriting, acting, cinematography, editing, sound) really is worth it. It can mean the difference between a video that makes employees role their eyes and one that ignites empathy. We partner with companies who share similar values and are serious about creating a culture where their employees can flourish.

Thanks Marc for sharing your story. We look forward to seeing more of it up on a screen. Long live the all-mighty truth!

Written by Charlotte Whiteman - Defense Mitigation & Remediation Advisor

Neztec Solutions Inc.

For more information, email at charlotte.whiteman@neztecs.com

The government standard.

Thomson Reuter

Before the Enron scandal, many companies did not consider an ethics and compliance department. Since then the Department of Justice has made considerable modifications to investigations. To properly charge and evaluate companies during lawsuits, the Department of Justice issued the McNulty memo in 2006.  During criminal prosecutions of corporate entities, prosecutors must determine, among other things, whether a compliance program is just a "paper program" or whether it is truly an "effective" one. 

There are three key takeaways from the memo:

1. The existence and adequacy of the pre-existing compliance program.
2. Remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies.
3. As part of their analysis, prosecutors should determine whether the corporation has provided adequate resources to the compliance program, the visibility of the program to employees, and the employees' impression of the corporation's commitment to the program.

But how can a company avoid such charges and make sure that their messages are properly relayed to their employees? Flash forward to 2018 and almost every company now has an ethics and compliance department and a system to send complaints or ethical concerns. There are strict compliance programs, but how can we be sure that it is really effective?

Take Wells Fargo - they have been undergoing a new compliance program - or rather, trying to implement an effective one. The past few years they have had to redesign multiple programs that continue to not meet government standards. The OCC says that Wells Fargo did not execute a comprehensive plan to address compliance risk management deficiencies, fill mission-critical staffing positions, implement a reliable risk assessment and testing program and report compliance concerns adequately to the board. Many of their problems cam from internal audits within the company that inconsistently applied its policy and charged borrowers extension fees they should not have. This year they received a $1 billion fine with an additional $800 million accrual in the first quarter.

The success of a compliance program really depends on the measurements they use. It has to be scalable, understandable, and easily implemented. A company has to get out of hot water - or prevent it- by following the expectations and guidelines of the McNulty memo. With that in mind - there must be an effective tone from the top and culture that the company's leaders must demonstrate. That’s easier said than done, especially in an international and multicultural environment.

Avoid the headlines.

Written by Caitlin Schmit - Strategic Brand Manager

Neztec Solutions Inc.

For more information, email at caitlin.schmit@neztecs.com

Compliance Fettuccine!

Foodcollection/Getty Images

Could the culture of ethics and integrity be delicious like pasta cooked by Lidia Bastianich?  

Lidia is one of the most recognizable Emmy award-winning TV host chefs in the world, author of a best-selling cookbook, and renowned restaurateur. She travels the world doing guest appearances on other famous chef shows, like Julia Child: Cooking with Master Chef’s, speaking at events, cooking for charities and fundraisers, sharing her experience with young audiences at schools and universities to spread her delectable and deliberate recipes. What better way to spread the love! 

Last week I had the delightful honor of sitting down with Lidia. Her love of cooking must be contagious because she gave me some great food for thought -- If Lidia can cook her pasta for people around the world to enjoy, perhaps companies could combine their ethics and compliance ingredients into building a culture of integrity so all employees across an organization can love compliance too! Inspired by Lidia's renown Fettuccine with Mafalda Sauce recipe, my corporate compliance recipe would look something like this: 

1          cup of ethics
1 1/2    cups of compliance
2          dashes of integrity
1          pinch of professionalism
2          cups of refined culture
1          handful of happiness

Baked well and served on a visual communications platform, rather than the old traditional pasta bowl of trainings. Now employees can learn and embrace for best visibility, repetition, and behavioral change. Mmmmm :) Viola! A culture of compliance served...I think we are onto something.

I felt a connection to Lidia upon learning that her passion for food is her connection to her grandmother. I have a similar connection to compliance and ethics through my grandfather, Harry J. Hurley. He was the Chairman of the Board of Ethics of Medicine in America and I remember when I learned that, I felt like I was carrying on his legacy in a way. He was motivated to serve a higher purpose for the well-being of society, and through my work at Neztec I feel like I'm also able to fight the fight for the good guys. My grandfather had strong integrity, and his medical practice was his life’s devotion. These people, Lidia, her grandmother, my grandfather, and many, many others are people we have to look up to as role models. It is incredible to see the spirited growth in a person when that someone devotes their life to becoming expert in a chosen path to dignified work, following passion down an interconnected road of success and happiness. This is the difference between a career and a profession. Through compliance and ethics, we welcome all to join in on that greater mission.

As Lidia always says to all of her pasta lovers, “Tutti a tavola a mangiare!” (Everyone to the table to eat!). So I will invite all compliance lovers to step up to the table, “Bon appetit and cheers to doing it right!"


Written by Charlotte Whiteman - Defense Mitigation & Remediation Advisor
Neztec Solutions Inc.

For more information, email at charlotte.whiteman@neztecs.com

Every single day you get caught in the grey.

Cryptocurrency World

It seems like the Bitcoin frenzy has died down a bit, and now the real system behind it - blockchain - is under fire. Or rather, how to audit blockchain and similar platforms to match the evolving responsibilities.

Many organizations have decided to accept and use cyber transactions but have not explicitly designated specific roles to process the information, audit the system, and oversee its security. The fear of fraud and criminal activities continues to grow and seems to constantly come up in our news feed. Regulatory challenges are slowly emerging and companies are trying to figure out how to best perform customer due diligence on virtual currency transfers. The Facebook scandal has opened a flood of questions and demands that companies may not be prepared to answer, and what sort of new regulations and penalties will surface. As cyber-responsibilities continue to evolve, the pressure on internal auditors continues to increase. That includes ensuring that their efforts align with the companies' overall cyber-security approach and effectively transmitting messages to their employees. 

Rise of the Machines: The Internet of Things

It is important now more than ever for companies to behave ethically. The question is, how can you guarantee your employees will behave that way? According to Brian Brown, the Principal and Cybersecurity Practice Leader at Mazars USA said that there are three lines of cyber-security defense that must improve together: business units and cyber-security teams, risk management, and internal audit. Brown said the key to help many internal audit departments would be "external help when it comes to cyber-security because it's typically not a core skill set that they are going to maintain as part of their department". A survey conducted by Compliance Week and Mazars USA found that 31 percent of respondents felt that their cyber-security efforts were "managed", aka their processes were being properly monitored and performance measured. Apparently, only 25 percent of respondents do not track the maturity of their cyber-risk programs, to which Brown responded, "If you do not have a framework in place, you are going to be haphazard in your approach to managing your cyber-risk, and your results are going to show that." Essentially, is it worth it for your company to ignore the impending costs and damages we can, and should, expect in the future?

As we have seen in the past, it only takes one person to make the wrong decision that could upend a company. Don't let that be you.

Written by Caitlin Schmit - Strategic Brand Manager

Neztec Solutions Inc.

For more information, email at caitlin.schmit@neztecs.com

References:

https://www.complianceweek.com/news/news-article/internal-audit’s-cyber-responsibilities-continue-to-evolve#.Ws4hOkxFxPZ
https://www.complianceweek.com/news/news-article/auditors-develop-early-plans-for-how-to-audit-blockchain#.Ws4hFExFzeJ
https://www.complianceweek.com/news/news-article/as-cryptocurrency-creeps-into-mainstream-aml-risks-multiply#.Ws4kYUxFzeJ

Talk about Data Protection is EVERYWHERE. Best thing to do...get educated, ASAP.

Last Wednesday we posted a blog about Data Protection (AKA Data Privacy as we say here in America). Whether you are talking about Facebook’s latest and greatest scandal or talking about the EU’s recent General Data Protection Regulation (GDPR) going into effect on May 25 (DON’T PANIC), you’d better understand what people are talking about. The buzz about data security is everywhere, and whether you acknowledge it or not, it directly affects us all.

Even just last week, I had an opportunity to attend a major Data Protection Conference in Washington D.C.’s Marriott Hotel. I sat in on the 4-hour discussion about the implementation of GDPR. One of the attendees was a member of British Parliament herself. The basic discussion went a little something like this:

What is GDPR? Adopted April, 27 2016, and enforceable May 25, 2018 GDPR is the European Union’s regulation on protection and free flow of personal data.

What is “Data Protection”? The process of safeguarding important/personal information from corruption, compromise, or loss. 120 countries have data protection laws and 30 more have bills in place...the United States is not one of them.

Why is Data Protection relevant to today? The importance of data protection increases as more information is collected on tech platforms and transferred through the internet. That information is then categorized into data and stored. Complexity arises in the relationship between the transfer and dissemination of that information to and amongst businesses (controllers and processors) and public perception/expectation of privacy or transparency with the usage of that information, which up until now has been lacking due to the political and legal underpinnings of that information.

Who does GDPR affect? GDPR will directly affect all 28 EU member states plus 3 EEA member states. Local implementation will also take place for members who are late to the party. In a global scope, GDPR sets a precedent that affects us all.

Is GDPR possible to implement in the U.S.? The key thing to understand here is that when laws are enacted in the EU they are quicker to pass through legislation. EU parliament implements regulation as a framework among all member states so it applies to all business and industries across the board, as opposed to the United States where we mandate regulation sectorally. Why? We’ll for one, complexity. We have a large and highly diverse country consisting of 50 states all abiding by different local laws and regulations, coincidentally tailored around industry clusters. Second, touching on “coincidence”...thinking about the amount of money that is passed around from big business to government, it sure makes things “coincidentally” convenient for those business clusters of major US conglomerates to not have to abide by certain regulatory standards. One time at a speech about the problem of bribery in Russia, I raised the question, “If bribes are called gifts in Russia and they are considered a problem, what is the difference of that and lobbying in the United States?” The speaker gave no answer.

The underlying matter of what we are all talking about here is risk and exposure. On the consumer side, if your data is not protected YOU are at risk. Risk of being hacked, risk of having your identity stolen, risk of being blackmailed...to name a few. The exposure is the dire outcome of that threat. You go from having $100,000 in your account to having $0 (hack), you found out your suddenly existent other persona just got caught smuggling drugs across the Mexican border (identity theft), or someone has proof of your affair and they’re asking for 1 million dollars in return for their silence (blackmail).

So what is the overlap between Neztec and data protection? How does advanced visual communication help with defense mitigation? How can the dissemination of information in the area of compliance and regulation help create awareness? Well, that’s your answer right there. If the root of exposure comes from a lack of awareness, the solution is to educate the individual. Dissemination of messages in the form of visual communication is more effective for creating an aware group of people. And if we want to defend companies against the threat of exposure, in this case repercussions from leaked information, we need to ensure that their employees are informed effectively; just like the everyday person needs to be aware in order to defend themself against getting hacked. Educate, create awareness, heighten your defense. The approach is the same. The end result is in the way you play the game.

Written by Charlotte Whiteman - Defense Mitigation & Remediation Advisor
Neztec Solutions Inc.

For more information, email at charlotte.whiteman@neztecs.com

Hackers Wanted.

The amount of data breaches and cyber attacks we see in the news is ridiculous. And those are just the ones we know about! In March, the Atlanta city government systems were shut down due to a cyber attack. There were also data breaches in healthcare facilities, pharmaceutical companies, Saks fifth Avenue, MyFitnessPal, public schools and universities, etc. What they all have in common: we don't know who did it. It makes one wonder, why didn't I learn how to be a hacker?

Not only that, but more and more companies are revealing that they have capitalized on our information and sold it to other companies. Considering how often people in America, and society overall, freely give out information it should not come as a surprise. But, how are we supposed to measure the limitations?

In Germany, a leading cyberwarfare specialist by the name of Sandro Gaycken said that the government can do little about hacking, being hacked, and that data is stolen from ministries all the time. This week the German federal network admitted that for up to a year they had been infiltrated by a major cyberattack.

America is not alone in these attacks, nor should we assume that. Unfortunately, this is old news. What with the Russian Facebook scandal and poisoning of an ex-spy it is not surprising that many people believe that Russia is behind the breach in Germany as well. Of course, this is all speculation. Much of the news we are receiving now happened many months ago.

It is easy to imitate or copy Russian programs, but especially difficult to actually pinpoint who, what, where, and most importantly why. Shouldn't that be a top priority? Naturally, our President has tweeted about it, which has affected some stock options and lends a weary eye over trading with the United States. The question is, what can and will we actually do about it?

Moving back into Germany, a new hacker-soldier elite is being trained at the Bundeswehr University to serve as a solution. They are building a new digital forensic lab for software development to train IT experts to make it more difficult for hackers to break into the system. The agency plans to employ 13,500 soldiers and 1,500 civilians. The German Defense Minister Ursula von der Leyen said it best, "There are no outer or inner borders in cyberspace!"

We live in a complex and fast moving society, where everything can and will go wrong. How your company trains and recruits its employees is important, but are we teaching students effectively or reaching out to the right demographic? What can your company do to have its employees prepared to monitor, realize, and prevent information from getting into the wrong hands?

Written by Caitlin Schmit - Strategic Brand Manager

Neztec Solutions Inc.

For more information, email at caitlin.schmit@neztecs.com