Compliance Week’s 16th annual National Conference kicked off Tuesday. Held virtually, the three-day event features 23 sessions and more than 60 speakers, with the opportunity for attendees to earn continuing education credit while also gleaning insight from our panels of compliance experts.

Below is a live blog for Day 1 of the event. The blog was updated by CW staff throughout the day sharing their takeaways and favorite moments from the conference.

To see more from Day 2, click here.

5:30 p.m. ET: Day 1 is in the books

Thanks for joining us! The conference will resume Wednesday morning at 9 a.m. ET with a keynote featuring Mary McNiff, chief compliance officer of Citi. Don’t miss it! - Kyle Brasseur

4:30 p.m.: Managing your cyber-security risk profile

Cyber-security risk profile

“It’s not a question of if you’ll ever be hacked—it’s a matter of when and how you respond.”

This point from David Kessler of BAE Systems isn’t novel, but it stresses the importance of having plans ready to go for handling cyber-incidents in today’s environment. Colonial Pipeline learned this the hard way when it was shut down by a ransomware attack last week (and now I’m probably going to have to pay $3-plus a gallon for gas as a result). - Kyle Brasseur

“If you don’t need the data, don’t collect it,” advised Kessler. - Aaron Nicodemus

“Embrace the highest bar of standards you’re required to meet,” said Steve Horvath, VP of Strategy and Cloud at Telos. In many cases, for cyber-security purposes, that’s the NIST framework, Horvath said.

Healthcare companies are a major victim of cyber-security incidents and breaches because they are not as heavily regulated as the financial services industry. Plus, in the case of ransomware attacks, they are known to pay, said Kessler. - Aly McDevitt

3:30 p.m.: Identifying and reporting DE&I analytics

As important as addressing diversity and inclusion has become for companies in maintaining their external reputation, it matters internally, too. As Emtrain CEO Janine Yancey noted, many diversity initiatives reflect the young workforce and the world they want to see.

Also interesting to hear consultant and CW columnist Amii Barnard-Bahn compare the current evolution companies are undergoing with diversity and inclusion to what compliance has undergone in the last 20 years. - Kyle Brasseur

A favorite maxim of Barnard-Bahn: “Process determines outcome.” - DeAnn Orie

2:30 p.m.: Behavioral analytics in your training initiatives

Behavioral Analytics

Interesting discussion on being data resistant, data aware, or data progressive. Being data resistant, at this point, puts you at a competitive disadvantage, says Neha Gupta, chief executive officer at True Office Learning. There are also a lot of forces in the regulatory space pushing the use of data analytics in compliance. - Aaron Nicodemus

“Why bother?” Gupta joked about how she once pooh-poohed a social media site she deemed unnecessary and resisted making an account. That site was LinkedIn. Her point? For companies who remain data resistant today, think twice.

Gupta also suggested a metric for measuring compliance training effectiveness: the volume of self-reported issues coming in through the hotline right *after* compliance training wraps. - Aly McDevitt

Susan Castaneda, CCO of Property & Casualty at The Hartford, shared a story about how the company revamped its training to make it job-specific; reduced training time from an hour to just about 30 minutes; and saw savings of $250,000 after a senior executive expressed his displeasure at being hounded to complete what he considered too much training at all levels. - DeAnn Orie

Had the pleasure of moderating this session. (Evidence of me in a blank white void in the image above). When we polled the audience, only 6 percent described themselves as “data resistant.” Have to imagine a lot of that has to do with guidance like the DOJ’s Evaluation of Corporate Compliance Programs, which was updated last year with guidelines for adequately resourcing compliance programs. Great insight from the panel into the DOJ’s guidance—hope all that attended enjoyed the discussion. - Kyle Brasseur

1:30 p.m.: Get ahead of your audit process

Dave Schmoeller of Reciprocity spoke a bit about proper planning during an audit and taking corrective action on audit findings. What’s important, he noted, is not only taking corrective action when there’s a finding, but actually correcting the root cause of the issues. - DeAnn Orie

12:30 p.m.: Regulatory change management

Regulatory Change Management

Some audio kinks to work through in this discussion, but the panelists carried through by questioning each other while the issue was resolved. All agree technological advances in the nonbanking financial sector is driving increased regulatory activity. - Aaron Nicodemus

CECO John Castelly and the team from ServiceNow discuss the need to digitize and get in front of technology to deal with evolving regulation. - DeAnn Orie

ESG regulations are coming, and it is best to plan for them, says Henry Engler of Thomson Reuters. Look at what’s happening in the ESG regulatory space in the European Union and United Kingdom for a preview of what’s coming to the United States. - Aaron Nicodemus

12:00 p.m.: Excellence in Compliance Award winners announced

  • CCO of the Year: Justin Ross, Chief Compliance Officer, FedEx Corp.
  • Compliance Program of the Year: Tenneco
  • Lifetime Achievement in Compliance: Emmanuel Lulin, Former SVP & Group Chief Ethics Officer, L’Oréal
  • Rising Star in Compliance: Jennifer Newton, Founder and CEO, NABCRMP
  • Compliance Innovator of the Year: Sarah Partington, Senior Compliance Officer/Director of Compliance Operations, The MetroHealth System
  • Compliance Mentor of the Year: Ellen Hunt, VP, Compliance Operations & Chief Privacy Officer, LifePoint Health
  • Compliance Consultant/Advisor of the Year: VANTAGE from Control Risks

Congratulations to the winners of this year’s Excellence in Compliance Awards and also to all the nominees. Tough year for compliance, and we had a lot of fantastic companies and compliance practitioners to choose from! - DeAnn Orie


11:00 a.m.: Leveraging compliance to create operational resiliency

Operational Resiliency

Operational resiliency is probably a term we’ve heard more in the last year than ever before: It’s “the ability of an organization to absorb and adapt in a changing environment,” said Patrick Potter of Archer.

No better example of a changing environment than COVID-19.

“The unique aspect of this past year is that it’s been systemic,” said Lisa Roth, president of consultancy Monahan & Roth and a former FINRA director. “… What it gave us is an opportunity for the industry and the regulators to align their focus.”

What’s important now is translating this momentum into permanent change, Roth added. - Kyle Brasseur

Online poll during the session shows almost 70% of respondents say their companies are taking action to build operational resiliency. - DeAnn Orie

10:30 a.m.: Sneak peek: Excellence in Compliance Awards

Winners will be announced at 12 p.m. ET. Check out the hardware:


10:00 a.m.: Value of assessing risks in your compliance program

Assessing Risks

David Martin, CCO of Benchmark Investments, on risk assessments: “Education is key. People don’t know what they don’t know. If you don’t educate your staff … if you don’t test that they understand, you could have a hole that you don’t know about.” - DeAnn Orie

Always interesting to be reminded how much new technologies reshape the compliance risk landscape. I like this quote from Benchmark Investments CCO David Martin: “The best thing to combat the new school is the old school.” What you already know from previous experiences can go a long way. - Kyle Brasseur

When asked the best way to address skill gaps, Fernanda Beraldi of Cummins advised companies hire more experts in data analytics. “People who have data analytics: They are your gold.” They can look at your processes and identify gaps, she said, adding that the combination of attorneys and data analytics pros “is a good marriage.” - DeAnn Orie

9:00 a.m.: James Comey kicks things off


Comey is talking about the Enron era—about a receding tide exposing naked bathers in his remarks at CW21. The receding tide exposing fraud was the subject of a recent CW cartoon. - Aaron Nicodemus

“It’s hard to prove the content of someone’s mind. … E-mail is an amazing window into someone’s mind.” - Comey speaking on how electronic communications have enhanced investigations.- DeAnn Orie


Comey on tone at the top: It’s really important, he says, but “tone all the way through matters tremendously.” - DeAnn Orie

Comey: “Culture goes bad like air goes bad: a little at a time.” - Patrick Romano

Comey says companies that believe compliance risk and personnel risk are separate risks are “kidding themselves.” - Jaclyn Jaeger


Comey shared his appreciation for an “Integrity Minute” video series at Lockheed Martin, where he formerly served as general counsel. The videos still exist here. - Aaron Nicodemus

Comey while answering a question on the recent Colonial Pipeline hack: “If you don’t have the backup systems in place in anticipation of a ransomware attack, you are incompetent.” - Jaclyn Jaeger

Comey says he misses the people at the FBI but not the “icky politicians” or the “political scrum.” He later added he doesn’t see himself returning to public service due to his now partisan views, which he deemed “necessary.” - DeAnn Orie

8:00 a.m.: Preparations underway


7:00 a.m.: Day 1 preview

Hello, all! Looking forward to CW2021 kicking off in just two hours. The day will begin with a keynote and Q&A session with former FBI Director James Comey before moving to panel discussions featuring compliance experts. Winners of our second annual Excellence in Compliance Awards will be announced at noon before we switch back to panel discussions through 5:20 p.m. ET.

Stay tuned for updates to this blog throughout the day and be sure to follow us on social media for more from the conference. - Kyle Brasseur