Category Archives: Regulatory Risk

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Steering the Sales Strategy Toward Compliance

Posted on by

It isn’t difficult to understand that one of the main reasons a salesperson would make a bribe is to make a sale.

buy amoxil online abucm.org/assets/jpg/amoxil.html no prescription pharmacy

This kind of corrupt practice is common and even expected in many areas of the world. It is why sales and anti-corruption compliance are so often uttered in the same breath.

Sales and compliance is a pairing that must be examined closely and continuously. However, risk assessments often aren’t thorough, internal controls don’t catch suspicious transactions, and one side doesn’t know (or trust) what the other is doing.

When the compliance and sales functions aren’t aligned with respect to how they approach anti-corruption risk, all of the above missteps can happen. Even more frustrating is that most sales leaders want to behave ethically—they want to close sales based on their own skill rather than by cheating. Winning is that much sweeter when they do. So then, how do things keep going awry in practice?

For starters, the emphasis on ethical conduct doesn’t resonate with the sales department because they hear multiple conflicting messages. One comes from the top, that ethical conduct is important. The other comes from somewhere below the top, that sales goals must be met by any means necessary.

This is a situation that requires some serious thought; it means that your corporate culture isn’t unified. Instead, you have a subculture (meet sales goals) that contradicts the ethical culture the CEO and other senior executives like to talk about. If you can identify that you do have conflicting messages and subcultures at your organization, then you can attack that subculture with practical steps to stamp it out.

One place to start would be rethinking your incentive program. Sales teams live and die on incentives—and there’s nothing inherently wrong with that, if your incentives push them in the correct way. Do your incentives punish failure more than they reward success? Do they encourage cooperation among the team or do they pit sales reps against each other?

Of course, independent measures should be part of a compliance program, such as accounting controls that block suspicious payments to intermediaries, or audits of due diligence procedures. The compliance function always needs to act with independence, and verifying the sales team’s compliance with policy and procedure is part of that job.

Even so, companies don’t really encourage compliance itself. Rather, they explain compliance, which is a procedure that employees should follow. They encourage ethical conduct, which is (or should be) a core corporate value—and when employees embrace it, their behavior naturally follows the compliance procedures companies have established.

What’s the point of making this seemingly small distinction? The reason is that companies can indeed enforce compliance with the sales team: by auditing and punishing non-compliant behavior or sealing up opportunities for non-compliance. If those efforts are strong enough, you might even prevent compliance failures on those efforts alone.

Ultimately, though, what will the financial or cultural cost be? A stringent system of controls, rules, and punishment might make for fewer FCPA mistakes (although that’s a stretch). It also sounds like a painstaking system to implement and a miserable place to work.

The alternative is to make sure that ethical business conduct is at least an equal priority (if not greater) to hitting sales targets. Then you can ask: are we structuring incentives to support that priority?

buy seroquel online abucm.org/assets/jpg/seroquel.html no prescription pharmacy

Are we relying on intermediaries and agents to the minimum amount necessary? How many due diligence duties can we put onto the sales team, and how many do we place with compliance or audit to trust but verify?

These are important questions and their answers are not always easy to find.

buy tobradex online abucm.org/assets/jpg/tobradex.html no prescription pharmacy

In most organizations, with pre-existing sales functions, business practices, and cultures, the answers will also be laborious to implement. At least, however, sales and compliance will be aiming toward the same objective of doing business ethically—and that is what alignment is.

Working from a place of alignment stands a far better chance of keeping sales practices compliant than having sales and compliance teams circling each other in distrust.

That leads only to frustration and a negative work environment. Encouraging ethical conduct rather than merely “teaching compliance” will position your organization for greater success.

Cyber’s Human Side

Posted on by

People are often tired, distracted and overworked. They are bound to make mistakes, inadvertently overlook policies and procedures and have quick lapses in judgement—forgetting hours and hours of training.

Human error is a significant problem when it comes to managing cyber exposures. Most cyber surveys point to people as the root cause of a breach.

buy tretiva online medilaw.com/wp-content/uploads/2015/03/jpg/tretiva.html no prescription pharmacy

The Information Commissioner’s Office (ICO) compiles statistics about the main causes of reported data security incidents. In its first 2018 quarterly report, four of the five top causes reported to them involved human errors:

  1. Loss or theft of paperwork – 91 incidents
  2. Data posted or faxed to incorrect recipient – 90 incidents
  3. Data sent by email to incorrect recipient – 33 incidents
  4. Insecure web page (including hacking) – 21 incidents
  5. Loss or theft of unencrypted device – 28 incidents

James Bone, author of the “Cognitive Hack: The New Battleground in Cybersecurity…the Human Mind,” will lead a RIMS webinar Aug. 23 that explores the cognitive risk framework. Bone asks: are risk professionals considering the “human element” in their cyber risk management plan?

According to Bone, “The purpose of creating the cognitive risk framework is to begin to educate risk professionals about the need to incorporate the human element into their risk programs, to identify areas where human error or lapses can cause significant damage, and then design effective solutions.”

Bone points to the airline and automotive industries as examples where the value of human element risk management planning has already been realized. “Automation in cockpits, navigation systems, lane assistance technology and, even something as simple as the seatbelt demonstrate organizations’ and industries’ attention to human error risk mitigation.”

“All of us have a limit in our ability to work and focus at a very detailed level for long periods of time,” Bone said. “The ability to design a work environment that simplifies the work that people do will help reduce risk.

buy flomax online medilaw.com/wp-content/uploads/2015/03/jpg/flomax.html no prescription pharmacy

And, while human error is a piece of the cyber risk management puzzle, it isn’t the only human element cyber concern. Human routine, tendencies and employee processes are constantly monitored by cyber predators. “A sophisticated hacker can spend up to 18 months to two years setting their strategy to attack your organization,” he said. “They are studying the rhythm of the workflow and the movement of data across the firm. They gain a tremendous advantage by just sitting silently and watching.

buy renova online medilaw.com/wp-content/uploads/2015/03/jpg/renova.html no prescription pharmacy

Implementing a cognitive risk framework is no easy task. The key is data. “A lot of data is mislabeled, making it difficult for risk professionals to see the connection between an end result and the human behavior that caused it. In order to use data to its fullest, it needs to be properly categorized with descriptors that allow risk professionals to be able to leverage it,” Bone said.

Organizations with risk frameworks that fail to incorporate the human element are, in his opinion, acting on assumptions. “They are assuming people will be able to follow thousands of policies and procedures with perfect accuracy every time,” he explained. “We shouldn’t assume that people won’t be distracted at work and click on phishing emails. We shouldn’t assume that people will change their passwords as frequently as we want them to. We shouldn’t and can’t be afraid to incorporate new ideas and solutions to improve routines or, at least, make them more difficult to track.”

People are the common denominator. They are not perfect by any means, but incorporating a cognitive risk framework can be a valuable advantage that allows organizations to stay ahead of human element risks while identifying opportunities to improve processes and increase productivity.

Lawfulness of Financial Crime Data Processing Under GDPR

Posted on by

Much that has been written about the General Data Protection Regulation (GDPR) relates to the burden of obtaining proper consents in order to process data. This general theme has provoked questions about whether and how financial institutions can process data to fight financial crime if they need consent of the data subject. While there are certainly valid questions, GDPR is much more permissive to the extent data is used to prevent or monitor for financial crime.

buy vidalista online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/vidalista.html no prescription pharmacy

Clients and counterparties will often be more than happy to consent to data processing in order to participate in financial services. But consent can be withdrawn, so offering individuals the right to consent will give the impression that they can exercise data privacy rights which are not appropriate for highly-regulated activities.

Rather than relying on consent, the GDPR also permits (1) processing that is necessary for compliance with a legal obligation to which the controller is subject and (2) processing that is necessary for purposes of the legitimate interests pursued by the controller or a third party.

Some areas of financial crime prevention are clearly for the purpose of complying with a legal obligation. For example, in most countries there are clear legal obligations for monitoring financial transactions for suspicious activity to fight money laundering. The European Data Protection Supervisor stated in 2013 that anti-money laundering laws should specify that “the relevant legitimate ground for the processing of personal data should… be the necessity to comply with a legal obligation by the obliged entities….” The fourth EU Anti-Money Laundering Directive requires that obliged entities provide notice to customers concerning this legal obligation, but does not require that consent be received. And the U.K. Information Commissioner’s Office gave the example of submitting a Suspicious Activity Report to the National Crime Agency as a legal obligation which constitutes a lawful basis.

Very few commentators have attempted to cite a legal authority for anti-fraud legal obligations. The Payment Services Directive 2 (PSD2) requires that EU member states permit personal data processing by payment systems and that payment service providers prevent, investigate and detect payment fraud. But PSD2 has its own requirement for consent and this protection may fail without adequate implementing legislation in the relevant jurisdiction. Another possible angle is that fraud is a predicate offense for money laundering, and therefore the bank has an obligation to investigate fraud in order to avoid facilitating money laundering.

“Legitimate interests” are also permitted as a basis for processing. However, this basis can be challenged where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Financial institutions may not feel comfortable threading the needle between these ambiguous competing interests.

The GDPR makes clear, however, that several purposes related to financial crime should be considered legitimate interests. For example, “the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest” and profiling for the purposes of fraud prevention may also be allowed under certain circumstances. It is also worth recognizing that many financial market crimes such as insider trading, spoofing and layering are often prosecuted under anti-fraud statutes.

Compliance with foreign legal obligations, such as a whistle-blowing scheme required by the U.S. Sarbanes-Oxley Act, are not considered “legal obligations,” but they should qualify as legitimate interests.

While legal obligations and legitimate interests do not cover all potential use cases, they should cover most traditional financial crime processing.

buy chloroquine online https://www.rhythmedix.com/wp-content/uploads/2023/10/jpg/chloroquine.html no prescription pharmacy

Some banks have been informing their clients that a legal obligation justifies their processing for AML and anti-fraud. Others have included legal obligations and/or legitimate interests as potential justifications for a laundry list of potential processing activities.

While the GDPR became effective earlier this year, financial institutions will continue to fine-tune their approaches based on continuing familiarity with the requirements and legal and regulatory developments. Financial institutions need to revisit their client notifications to make sure that they have disclosed their data processing in a manner that reserves their rights for financial crime purposes. They should also confirm that their financial crime processing adequately falls under a defensible basis. And with this basic housekeeping performed there is hopefully little disruption to their financial crime and compliance operations.

The Business Impact of the Supreme Court’s Travel Ban Decision

Posted on by

In one of its most anticipated cases in decades, the U.

online pharmacy biaxin with best prices today in the USA

S. Supreme Court on June 26 upheld President Trump’s latest “travel ban,” delivering a key win to the Trump administration and one of its strict immigration enforcement stances. The Court concluded the president’s executive order—which largely targeted individuals from predominately Muslim countries—did not violate the Constitution’s Establishment Clause by favoring one religion over another, ruling that the order was a lawful exercise of the authority granted to the president by Congress.

The Supreme Court’s action now permits immediate enforcement of one of the president’s signature immigration policies that began in January 2017 and included repeated trips to the federal judiciary. Employers with workers from the affected countries—Iran, Libya, Syria, Yemen, Somalia, North Korea and Venezuela—now need to ensure proper protocols are put into place to spare employees from unnecessary risk and to preserve smooth business operations.

Given that the travel ban can be enforced immediately, employers should:

  • Identify employees who are nationals of banned countries. The effect of the ban differs between the seven countries, so consult immigration counsel to be sure you understand how the ban applies to the country of origin for your employees.
  • Instruct any affected employees who are abroad and have not previously been affected by the prior travel bans to return immediately.
  • Caution workers from the affected countries not to travel outside the United States.
    online pharmacy flexeril with best prices today in the USA

    While the underlying litigation surrounding the travel ban will continue in the lower courts, assume the ban will be in effect for the foreseeable future.

  • Tell foreign national employees to carry originals or clear copies of legal authorization to be in the U.
    online pharmacy tadalista with best prices today in the USA

    S. at all times and to consult with an immigration attorney before signing any paperwork presented by the Department of Homeland Security or the Department of State.

  • Instruct employees to cooperate and present evidence of their U.S. immigration documentation and legal status if they are stopped by an Immigration and Customs Enforcement agent.
  • Advise employees that if their temporary work visas are expiring, they should take immediate steps to extend those visas.
  • Consider whether to sponsor employees who are here on soon-to-expire temporary work visas for permanent residency, if they are eligible.