The Latest Thought Leadership & White Papers

As government regulation deepens around the world, compliance risk is only growing in importance as a core business issue. And while there's been plenty of talk about the role of an enterprise compliance approach in managing these risks, the details have always been a little fuzzy. Enterprise compliance: The Risk Intelligent approach, helps bring things into focus. It discusses some key components of enterprise compliance and offers readers a practical guide to the tough questions they should consider asking about their own compliance efforts.

Today's businesses operate in complex, geographically distributed, and highly dynamic environments. This white paper from EMC examines the dynamics converging to make IT more central to managing risk and compliance and explores strategies for building more complete and meaningful risk management programs that help their organizations adapt to these complexities while increasing their business flexibility and better controlling their corporate risk profile.

This Bloomberg BNA report brings you expert analysis and practical guidance to comply with the Physician Payment 'Sunshine' Rule, which mandates certain manufacturers and group purchasing organizations (GPOs) to report payments made to physicians, hospitals and other health-care providers. As the health care industry looks toward the August 1st deadline set by CMS requiring data collection to begin and submission of electronic reports due by March 31, 2014, Getting Ready for the Physician Payment 'Sunshine' Rule, from Bloomberg BNA presents an expert view of the practical implications of the rule and what applicable manufacturers and GPOs can do to prepare.

On May 20, Compliance Week and Kroll released their Anti-Bribery & Corruption Benchmarking Report at the 8th Annual Compliance Week Conference in Washington, D.C. The results give compliance officers a view into the anti-bribery and corruption threats they face and share resources for creating a risk-based compliance program. If you haven't already downloaded a copy, now is your chance.

This e-book is a collection of OCEG's famed illustrations: double-page spreads you can read, review, and consult as you develop and enforce your own AML program. Each is accompanied by a column by OCEG president Carole Switzer and a roundtable discussion with sponsors Ernst & Young, Thomson Reuters, Stephen Platt & Associates, and KYC360.com, who offer expert advice and thought leadership that Compliance Week has published jointly with OCEG. Together, these resources will help identify business risk and guide you toward a successful solution.

This e-Book on information governance is produced by Compliance Week in cooperation with HP Autonomy. The e-Book offers various articles from Compliance Week regarding the importance of data classification, the process of creating an effective data security policy, and how to keep data secure against both internal and external threats. Also included is the HP Autonomy white paper, New Demands Are Changing the Face of Today's Archive.

This Compliance Week e-Book, a special publication sponsored by NAVEX Global, offers articles on managing the policy lifecycle, from drafting and validating to approving and implementing, as well as increasing security and protecting against data breaches. Also included is the NAVEX Global white paper, "Business Case: The ROI of Policy Management."

Who knew that the art of anti-money laundering (AML) compliance had so much in common with the science of spotting fake paintings? Governance, risk management, and compliance (GRC) professionals responsible for sniffing out potential AML-related fraud have less sophisticated tools to deploy, but it's not much of a stretch to suggest that those responsible for developing an effective customer risk assessment program can learn a thing or two from experts who spot fake paintings. Truly knowing your customer requires companies to keep their eyes wide open regarding who they are serving at all times. And just like the art expert, the AML expert running an effective customer risk assessment program can't depend solely on fancy tools and gadgets but must employ good, old-fashioned due diligence and ongoing monitoring.

Chief audit executives continue to pursue more effective practices and seek out ways to exert greater influence over strategy, according to a Grant Thornton survey of more than 330 audit executives from U.S. organizations. The third annual survey aims to better understand and articulate the current thinking of audit executives on a range of issues affecting the internal audit function. Perhaps one of the biggest challenges for audit executives is the ongoing quest to rebalance traditional internal audit activities and methods, while becoming more strategic in mindset and progressive in work approach. Although they are headed in the right direction, our findings highlight opportunities and obstacles on the path toward adding ever-greater value.

As a compliance professional, you know that the ability to apply policies consistently can lead to effective information governance, but there are challenges that can deter the implementation of sound governance processes. Because most systems today only manage content in their own repositories, information is decentralized—and there's the added complexity of new formats like audio, video, and social media. Download this HP Autonomy white paper and learn more about how policy-based information governance delivers a next-generation approach that can give you a higher Return on Information, with less risk.

Brocade worked with Skillsoft to develop a training solution to meet its compliance needs. Using the Skillsoft Academy learning management system, courses from Skillsoft Legal Compliance Courseware Collection and customized courses, the company developed a program that effectively tracks compliance and automates course reminders for employees. Sophisticated reporting capabilities allow managers to see which employees are due—or overdue—for training. Skillsoft's ability to integrate with other programs helps further the success of the training program.

This e-Book on cloud security is produced by Compliance Week in cooperation with Proofpoint. The e-Book offers various articles from Compliance Week regarding the ease and advantages the cloud affords, e-Discovery concerns associated with the move to the cloud, and ways to improve security in response to the rise of cloud computing and mobile devices. Also included is the Proofpoint white paper, "What Every Enterprise Should Know About the Cloud."

Businesses are struggling to meet a broad range of global regulatory demands on data across the enterprise, and the implementation of the Dodd-Frank Act has broadened these demands. Firms are now required to have the ability to quickly and accurately reconstruct trades, including related pre- and post-trade communications. Bloomberg Vault offers end-to-end record-keeping to meet these challenges across trades and communications, including voice compliance through a partnership with Orange Trading Solutions. The seamless integration allows on-site voice recording systems to deliver archived data directly to Bloomberg Vault for consolidated record-keeping, analytics, and search.

Electronic communication supervision is expensive and time consuming—and can still expose your organization to unnecessary risk. After all, many solutions are cobbled together out of archiving systems and require extensive manual intervention. Find out about an integrated, flexible solution that not only fully addresses regulatory requirements, but goes above and beyond to enhance the efficiency and effectiveness of your compliance efforts. Built on the IBM ECM platform, iZon Compliance combines industry-leading, lexicon-based and meaning-based searches to deliver substantially fewer false positives and zero in on potential violations that truly require manual review.

The Dodd-Frank Wall Street Reform and Consumer Protection Act ushers in enormous and lasting changes that will introduce fundamental shifts in the legal, regulatory, and policy landscape, effecting virtually all organizations. The key to remaining compliant will require systems and processes that can automatically ingest, understand, and categorize all data types, structured and unstructured, regardless of location or format. Download this white paper to learn how systems that allow you to declare information as records will help you satisfy all DFA archiving and retention requirements and provide immediate access to business information, by entity ID or unique swap identifier, as requested by regulators.

A well-designed business risk assessment program is the key to a successful anti-money laundering program. For companies with ineffective AML pro­grams, avoid­ing the rigorous self-analysis necessary to strengthen AML capabilities is no laughing matter. It can be extremely expensive, as com­panies shelling out tens of millions of dol­lars to regulatory agencies as punishment for allowing transactions connected to drug smuggling and other illegal activity can attest. An effective business risk assessment program will identify where you should focus, how things are changing, and where you need build-out areas. Without it, your AML program will be inefficient as well as ineffective.

The 2013 Ethics and Compliance Hotline Benchmark Report is a resource you can use to benchmark your compliance program against industry standards and provide actionable insights into policy management, training, awareness, and more. Helpline data that is carefully tracked, reviewed, benchmarked, and presented with context often provides the early warning signs needed to detect, prevent, and resolve problems.

Tokenization—replacing card numbers with tokens—is one method of data protection and PCI audit scope reduction that is recommended by the PCI DSS Security Standards Council. Reducing PCI audit scope using tokenization can both accelerate initial compliance efforts and reduce costs for future audits. However, today's traditional tokenization solutions have shown to have severe drawbacks including failure to scale and unexpectedly high costs, and they introduce more operational issues than they solve. Learn how to overcome these critical business problems with stateless tokenization, which greatly simplifies the complexity of deploying and managing tokenization by generating consistent tokens using random numbers while completely eliminating the need for a distributed token vault or traditional database.

Financial institutes are required to maintain and produce a variety of records related to their business activities, many of which exist in an electronic format. In order to satisfy the increasing number of regulatory mandates around electronic data, organizations should assess their regulatory obligations and streamline efforts to capture, maintain, identify, and produce these records to regulators. Globanet offers ten steps to guide organizations through this complex process.

In Hollywood, money launderers tend to operate in an audience-friendly way, but reality is far more unstable and complex. The gritty truth is that the intense complexity and fluid nature of money laundering requires companies to implement and maintain an AML capability that operates as a finely tuned, powerful, and efficient engine. A well-designed anti-money laundering program can protect an enterprise from reputation damage, assist in legal compliance and ensure the organization is free from criminal wrongdoing.

This e-Book on continuous auditing and monitoring is produced by Compliance Week in cooperation with ACL. The e-Book offers various articles from Compliance Week regarding the rise of continuous auditing as a way to better understand and control many business processes. Specifically it examines how continuous auditing provides better, faster insight into where there may be risks that need to be addressed and what steps to take to bring the idea of continuous auditing from goal to reality. Also included is the ACL white paper, "Maturing the Use of Data Analytics."

Is your organization poised to face the compliance challenges and legal questions that arise from data storage solutions? Are you up-to-date on the latest legal developments and concerns in the areas of privacy, data security, retrieval restrictions, and preservation? This special report details various compliance challenges related to cloud storage and provides guidance for achieving compliance and explains the critical role IT personnel play in research and e-discovery.

When a situation arises requiring HR to launch an investigation, it is often a crisis. Reacting in the heat of the moment can lead to rushed, unplanned, and ultimately less-effective investigations that can make the situation worse. Diving directly into interviews is a common but critical mistake; interviews are essential investigative tools, which must be strategic and well planned to be effective. Every organization should have a strong incident management system that includes reporting systems and processes and a response plan to assess, investigate, and resolve issues.

With increases in the volume of unstructured enterprise data and growth in workforce mobility, the security of intellectual property has never been more critical. Tracking where data resides, who has access, the changes made, relationships to other data, and its chain of custody provide companies with the ability to become IP aware.

Today, organizations are utilizing archiving technology to address a number of business needs, including the need to more effectively manage the growth of information repositories, as well as the need to address regulatory reporting requirements. However, the most common business driver that leads organizations to invest in archiving technology is to address the early stages of legal discovery and internal investigations, where companies seek to improve current methods of identification, collection, and preservation that have proven to be too expensive, disruptive, and inexact.

With the deployment of Proofpoint Enterprise Archive, organizations have realized significant cost savings in automating complex discovery processes, while reducing risks associated with manual, inexact methods. Read this white paper to learn how organizations can reduce their archiving and discovery costs by 40 to 60% with cloud-based archiving; how legal teams can realize a productivity gain through greater self-service with a cloud-based solution vs. manual tape-retrieval processes, and; why investments in storage, hardware, and professional services increase with on-premise archiving solutions.

The SEC's Conflict Minerals Rule, which took effect on Jan. 1, 2013, imposes substantial compliance obligations on an estimated 6,000 SEC registrants and potentially hundreds of thousands of domestic and foreign private companies of all sizes. Schulte Roth & Zabel provides a checklist in this white paper advising on the Conflict Minerals Rule, which contains near-term action items for companies in the earlier stages of developing and implementing their Conflict Minerals Rule compliance programs.

Michael Rasmussen's white paper titled "Anti-Bribery & Corruption: The Good, The Bad & The Ugly" details how ongoing transaction monitoring can ease the anti-corruption compliance burden by delivering operational effectiveness, efficiency, and agility to compliance programs. With the expanding regulations, increased fines, and sanctions around the world, today's organizations need preventative and detective measures to monitor for corruption. Monitoring transactions and the personnel that perform them to detect and prevent bribery, corruption, and other types of fraud can strengthen existing elements of anti-corruption programs. "Anti-Bribery & Corruption: The Good, The Bad & The Ugly" examines the requirements and logic for evaluating transaction monitoring as a component of a best practices compliance program.

Your business and the way you use data is likely becoming more complex internally and more connected to others across the Cloud. The onus on you to protect all of this data in your care increases as the data chain itself grows longer and longer. "Privacy by Design" is not the latest piece of software, or a two-day class that suddenly makes your organization impervious to damaging claims from outside. It is rather a philosophy that you and your organization's most influential executives must understand, embrace, and sponsor—even mandate—throughout every level of every division of your operation.

What's the first thing that comes to mind when you hear retaliation? If you're like most governance, risk-management, and compliance managers—and like most people, period—your brain probably churned out "whistleblower," "fired," or maybe even "corporate scandal." It turns out that retaliation is a much broader activity than most people understand. Legal actions related to retaliation are more pervasive than many managers and executives realize. A closer inspection of the recent rise in retaliation claims and the ways companies respond to these and other governance and compliance risks suggests that something is missing in many GRC efforts.

This e-book is a compendium of OCEG's famed illustrations: double-page spreads you can print out, stare at, and contemplate as you develop, implement, and enforce your own policies. Each is accompanied by a column by GRC 2020 Research Principal Analyst Michael Rasmussen and a roundtable discussion with sponsors of the illustrations who offer expert advice and thought leadership, that Compliance Week has published jointly with OCEG over the last six months. Together, these resources provide a clear pathway toward successful policy management.

This e-Book on Corruption is produced by Compliance Week in cooperation with Kroll Advisory Solutions. The e-Book offers various articles from Compliance Week on how to minimize, understand, and control third-party risk. Also included are the Kroll Advisory Solutions white papers "Investing in the BRICs: Extra Due Diligence Is Vital" and "Third-Party Compliance: Part of a Comprehensive Compliance Policy."

Many policies are written and then left to slowly rot over time. What was a good policy five years ago may not be the right policy today. Those out-of-date but still existent policies can expose the organization to risk if they are not enforced and complied with in the organization. Effective policy management requires that the policy lifecycle have a regular maintenance schedule. Some organizations rank their policies on different risk levels that tie into periodic review cycles—some annually, others every other year, and others every three years. Best practice is for every policy to undergo an annual review.

In addition to the demand to meet evolving legal and regulatory requirements, organizations are creating a sea of structured and unstructured content in more formats and sent over more channels than ever before. Packed with practical advice, this white paper discusses new demands on the electronic archive, the pitfalls of legacy approaches, and how Meaning Based Computing can take archiving to the next level. Readers can also learn about flexible deployment options, intelligent search, and how the use of meaning can optimize business processes in early case assessment, legal hold, and eDiscovery.

Whether in terms of maximizing opportunities or reducing unwanted risk, research shows that a company's system of governance, culture and leadership—its "Human Operating System"—makes a significant difference in everything from overall financial performance to innovation, loyalty, customer satisfaction, reputation and levels of misconduct.

This e-Book on e-Discovery is produced by Compliance Week in cooperation with Autonomy. The e-Book offers various articles from Compliance Week on the challenges surrounding FCPA investigations, merger & acquisition litigation, and the expansion and proliferation of mobile computing. In addition, Autonomy offers the white paper, "Best Practices for Meeting Critical e-Discovery Challenges."

Any successful company can tell you that their smartest decisions do not tend to be those of a reactive nature. When it comes to stock price, shareholder value, and the bottom line, the best businesses are anticipating change and taking proactive measures to ensure their processes are not only scalable but are also those that position the company for success. Learn how anticipating the impact of IFRS convergence or adoption will help your business optimize costs, mitigate risk, and appeal to global investors.

Mergers and acquisitions are under increased scrutiny from the Securities and Exchange Commission and the Department of Justice as they look for evidence of FCPA violations in cross-border deals. In order to avoid "buying a felony," multi-lingual due diligence efforts need to include a thorough review of activities that could be construed as corrupt. Both buyers and sellers must be more informed, via accurate translations, of the risks and ramifications associated with FCPA violations and take the necessary precautions to protect themselves from potential prosecution.

This Compliance Week e-Book is produced by Compliance Week in cooperation with KPMG. It offers various articles from Compliance Week on navigating the ever-growing sea of data and how to process and make the most of the vast amount of information available. In addition, KPMG offers the white paper, "Creating the Connected Enterprise to Drive Information Insights."

Ineffective and unenforced policies are rampant within organizations and are a thorn in the side of compliance and policy managers. Organizations end up with policies scattered on dozens of sites with no defined understanding of what policies exist and how they are enforced: An ad hoc approach to policy management allows anyone to create a document and call it a policy.

CFOs should never be constrained by waiting on software or third parties to execute financial strategy. WebFilings provides the CFO with complete control when timing the submission of earnings releases, corporate actions, and quarterly or annual reports to the SEC. The speed and flexibility of this fully integrated, cloud-based solution has made a difference of millions of dollars to WebFilings customers and their stakeholders. Read the full business brief to learn more about how timing filings can allow CFOs to pinpoint control and maximize value.

This white paper explores the latest ideas on evaluating cloud deployment: public or private clouds, data location and privacy, data ownership and access, and cloud technology ownership. It offers best practices for cloud-based information governance and outlines solutions for e-discovery, archiving and records management, social media and electronic communication governance, and data protection.

Changing behavior is rarely easy or quick. It doesn't happen overnight or because of good intentions, whether it involves an individual dropping those last ten pounds or a company facing sanctions brought on by ethical misconduct. Simply announcing a new policy, issuing a revised Code of Conduct, or adding another training session to an existing program won't work. What drives behavior change is effective communication—and that requires relevance, reinforcement, and responsiveness.

The importance of an in-house Securities and Exchange Commission reporting solution with built-in XBRL tagging capabilities is becoming more and more evident as many companies complete their first exercise in detailed tagging. With financial reporting teams looking to take control of their tagging, it is clear to see that additional insight is needed around the selection of XBRL tags. Read the complete white paper now and start improving the quality of your tagging on your next report.

The disclosure landscape is constantly changing, improving and then changing again — causing public companies to continuously encounter an increasing amount of regulatory requirements for disclosure reporting. While businesses try to keep on top of new regulations and trends, it can be easy to lose sight of an effective disclosure management cycle — particularly when there's no standard cycle in place. This study will describe a twelve-step disclosure management cycle that businesses can use as a beacon for ensuring they are not only compliant, but also tuned-in to the requirements and needs of regulators, stakeholders, investors, lawyers, accountants, competitors and more.

This e-Book is produced by Compliance Week in cooperation with Business Controls, Inc. The e-Book offers various articles from Compliance Week on whistleblowing, the fear and threat of retaliation, and how to promote and maintain an effective compliance hotline. There is also the Business Controls white paper "Compliance Professionals Prepare for Big Challenges Ahead".

In today's increasingly regulated and challenging corporate environment, boards of directors face new risks, threats, and uncertainty. As a result, it's difficult for compliance officers to know where to begin discussions with their boards, especially with such challenges and obligations pulling board members' focus in so many directions. Nevertheless, a few times a year, boards turn to their compliance officers and general counsels and ask, "Have we got it all covered?" In this new white paper, LRN suggests the best approach with which to steer these conversations, and offers up the right questions for both parties to ask for the best possible outcomes.

Written policies are essential—but they are only effective if individuals are aware of them and committed to them, and if expectations are understood. In today's legal climate, having an audit trail of when policies were communicated, when individuals were trained, and when individuals acknowledged their commitment and understanding of them is critical to defending the organization when faced with legal and regulatory matters.

In the past five years, we have seen compliance failures and ethical lapses of colossal proportions, some of which might prompt ethics and compliance professionals and corporate executive teams to reasonably ask, "Could that happen here?" In this new white paper from LRN, learn how to build truly sustainable and effective ethics and compliance systems, shift attitudes, prevent compliance failures, and elevate behavior and performance.

Policy development is continual, whether creating new policies or revising existing ones in response to change. Organizations need a structured approach to policy development supported by appropriate technology to ensure that policies are developed and approved in a consistent manner in accordance with the scope and design of the policy management system.