Compliance Perspectives

By Adam Turteltaub Andres Cuevas, Compliance Director LATAM for EmergentCold explains from Chile that for compliance officers to be successful in Latin America they need to stop thinking about Latin America as a whole and start thinking much more about each country and its culture. And, of course, we must be mindful that each company also has a culture of its own. To navigate the differences and build consistency, he advocates for having a strong set of baselines rules that are common across your enterprise and the region. Establish what is non-negotiable. But, at the same time, it’s important to work with local leaders to have an understanding of what the local realities are, work with them and respond accordingly when variations are necessary. Compliance leaders also need to be mindful of the legal requirements of each country. In Chile, for example, he reports that there are more than 250 crimes that the company can be found liable for. Listen in to learn more about how to navigate your compliance eff

By Adam Turteltaub Mark Diamond wants you to stop thinking of records retention as a chore and start thinking of it as a driver of compliance. In this podcast the President & CEO of Contoural shares that retention schedules have grown in importance with increased requirements for privacy and safeguarding personal data. That, in turn, is having an enormous impact on the risks and costs of ediscovery. Proper retention schedules also have significant impact on employee productivity and collaboration, as well as using AI in less risky ways. Organizations are now increasingly treating records based on their business value and are developing retention schedules that reflect their worth. One of the greatest challenges they face, though, is the tendency of employees to want to hold onto everything just in case. While it’s understandable, it adversely affects efficiency, as employees are forced to wade their way through obsolete records. Part of the solution, he suggests, is to develop a “super schedule” for docu

By Adam Turteltaub In a recent issue of Compliance & Ethics Professional ®, Nick Gallo, Chief Servant and Co-CEO of Ethico addressed the control paradox, a situation in which the controls designed to prevent misconduct, actually encourage it. Think of it like the person whose car has so many airbags that they no longer fear an accident and drive quicker. So what’s the solution? He argues it’s creating an environment where we have faith in controls, but not too much, and focus on helping those on the front line make the right decisions. That includes, he says, teaching not just what you should do but why. It also means encouraging ownership of ethical issues, not outsourcing it. Listen in to learn more about how to get better control on your controls. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Recently, Gartner released very intriguing research into third party risk. Chris Audet, Vice President and Chief of Research in the Gartner Assurance Practice tell us that they found business has it’s spending all wrong. Too much is invested in due diligence, and not enough time and effort is spent on monitoring. There research found that the business unit knows the risks third parties pose and is seeing it firsthand. When relationship managers were surveyed, 84% had seen changes to the risk profile and 76% found a third party had provided materially inaccurate information.  In fact, 95% had seen something troubling in the past year. So why aren’t they reporting this information to the compliance team and what would get them to share more? There were three main answers, Chris reports: Creating more relationship ownership objectivity. Too many feel too strong a tie to the third party. Confidence in identifying red flags. Encouraging objectivity and providing reassurance that compli

By Adam Turteltaub Risk assessments are not new in healthcare, and in specific regulatory areas are required. But, that doesn’t mean things aren’t changing.  More and more organizations are embracing enterprise risk assessments (ERM) as a way to assess the range of risks that they face, including  legal and regulatory concerns. Getting the risk assessment right is particularly challenging for healthcare organizations, explains Robert Stratton, Executive Director – Enterprise Risk and Security; Corporate Compliance Official and Senior Counsel for Northwest Permanente. Robert is also the author of the chapter “Enterprise Risk Management in Healthcare” in the latest edition of the Complete Healthcare Compliance Manual. The mix of insurance, patient care professionals, large sums of money and complex structures makes the risk map challenging. On the positive side, electronic health records can provide a wealth of information to inform your ERM efforts, as can frontline employees who can provide insights into w

By Adam Turteltaub As if ransomware and phishing attacks weren’t enough to keep us up at night, now AI is enabling a whole new range of cyber threats. Ryan Redman, Product Manager, Marketing and Brett Sommers, Director of GRC Products at Onspring warn that the nature of attacks is evolving.  Vishing, in which criminals use technology to imitate the voices of colleagues and organization leaders, is being used to trick people into revealing passwords, share data or send money. Employees need to learn to be wary and even confirm requests, even from trusted voices, via email or other means. Healthcare and manufacturing are two industries that have been singled out by bad actors for this kind of attack. Aside from training, what else can compliance teams do? They recommend: Focusing your resources on high value risk areas Ensuring your cyber defenses are as strong as they need to be Reviewing your third parties to ensure that a compromise won’t come from someone hacking into their systems Understandin

By Adam Turteltaub These are fractious times, and it’s often difficult to figure out what to do, what comes next and keep people with divergent views working together. Despite these challenges, Anna Romberg, Executive Vice President, Sustainability, Legal and Compliance for Getinge,  doesn’t believe that things are hopeless. In an article she co-authored with Richard Bistrong for Harvard Business Review, they  laid out several strategies for successfully navigating the current era. In this podcast, she reminds us that ethics and compliance programs are about more than following the law. They are also about encouraging good behavior, which includes following the company’s values, no matter how the political winds are blowing. With that said, now is a good time to do what organizations need to do, which is assess their values periodically to ensure that they are relevant, and the organization is living up to them. At the same time, she encourages the compliance team to embrace friction. It is inevitable wh

By Adam Turteltaub Do you ever wish you were made of rubber, especially nowadays with so much change? Do you wish that you could be flexible enough to handle every new legal regulatory change or every business demand without breaking? It’s not likely to happen, but compliance industry veteran Lisa Beth Lentini Walker believes that we can become more resilient. Resilience, she observes, is a mindset. We can work to become more adaptable and open to change by framing it in the right way. If you look at it with dread, you are less likely to succeed. But, if you recognize that nothing is permanent, change is inevitable and focus on what needs to be done, the chances of success are much greater. Look at change as an opportunity to shine and show leadership. Become the person who management trusts to look to the future and find the path forward for the organization. The workforce, too, wants to know that they can count on you to keep them safe and the company operating strongly. Listen in to learn more about beco

By Adam Turteltaub Uzbekistan, Kazakhstan, Tajikistan, Turkmenistan and Kyrgyzstan were all born out of the dissolution of the Soviet Union. With large energy deposits of national gas, many global companies and their suppliers are operating within these countries. To better understand the compliance risks there, we spoke with Timur Khasanov-Batirov, a compliance officer with deep and wide roots in the region. While we may think of this area as one region, he warns that there are substantial differences by country. Kazakhstan is the most developed, and compliance has gained significant traction in large companies, primarily in the oil and gas sector. Uzbekistan saw three major FCPA cases, and, as a result, compliance has garnered a great deal of attention. The other three countries have much smaller economies and less developed compliance cultures. In addition, Turkmenistan has a fairly-closed economy, which complicates the picture. While it is easy to focus on the anticorruption risk in the region, there

By Adam Turteltaub It’s not a good time to be a manufacturer of ten-foot poles. That’s because with the growing number of sanctions regimes, there are an increasing number of companies and individuals that businesses shouldn’t touch with a poll of ten feet, or any length for that matter. Rachel Gerstein, who most recently served as Vice President, Global Ethics and Compliance Counsel for Gartner, explains in this podcast that trade sanctions are laws and regulations designed to prevent and punish engaging with countries, organization and individuals who the government has deemed a threat to national and international security, or has committed human rights violations. Many countries have sanctions regimes, although the United States tends to have the strongest. The US, for example, has countrywide sanctions against Iran, Cuba, Syria and North Korea, as well as numerous sanctions against Russian individuals and entities. The government’s enforcement arm is the Department of the Treasury’s Office of Foreign

By Adam Turteltaub The current fee-for-services model in healthcare has challenges, to say the least. Value-based care, explains, Colleen Gianatasio, Vice President of Compliance, CoventBridge, takes a different approach by asking four questions: What are the needs for both patients and providers? What are the challenges and barriers to meeting them? What technology and other resources are available? How will providers be measured for success, and when will they be reimbursed? In answering these questions there is an underlying emphasis on a much more collaborative and transparent approach among patients, providers and payers. There is also a commitment to understanding the community as a whole. For those looking for advice on how to pursue value-based care, she offers several thoughts, including: Be thoughtful in your use of technology solutions Give all your stakeholders a seat and voice at the table Break down the silos, and communicate openly and frequently Listen in to more about the

By Adam Turteltaub Recently Protiviti released an intriguing report: Top Compliance Priorities for U.S. Healthcare Organizations in 2025. In this podcast their Global Healthcare Compliance Leader, Leyla Erkan, shares some of the key priorities they revealed: Managing technology. This includes wearable devices, AI, telehealth platforms and more. All have great promise, but each comes with significant risk. Privacy and security. Many organizations are struggling with right of access issues, reproductive health data, and using data more effectively to deliver care. Not to mention the issues of data breaches and ransomware. Integrating quality and safety into compliance programs. As with value-based care, expectations have grown for compliance to play a key role in ensuring quality and safety. Billing and coding. Cloning of documentation remains a key risk area along with lack of documentation. New technologies hold great promise but there are challenges in areas such as using AI. Listen in to learn mo

By Adam Turteltaub How much is your cybersecurity program worth? Traditionally the thinking has kind of been: if we don’t have a breach it’s expensive but valuable, and if we do have one it’s both expensive and worthless. Eric Shoemaker of Genius GRC advocates for a different way to value cybersecurity efforts. Instead of just looking at what it prevents, also look at what it enables: your organization to do business with less friction. A good cybersecurity  program give customers the confidence that you are safe to do business with. It prevents business interruptions, and doesn’t get too much in the way of the business. So track things like deals successfully closed after reviewing the company’s cyber defenses. He also argues for using near misses as a way to demonstrate value. Each incident provides an opportunity to examine what could have gone wrong, what controls worked, and what enhancements could be made to strengthen them. Listen in to learn more about how you can establish the value of your cybe

By Adam Turteltaub Virginia MacSuibhne is not your typical compliance officer. It’s not surprising then that this former global chief compliance at Agilent and Roche, who also has an Etsy shop selling irreverent, NSFW compliance merch, decided she wanted to do an atypical podcast. Rather than focusing on a brilliant idea she had or a huge success, she suggested we discuss the mistakes she has made. Each of them has an important lesson for others in compliance. Mistake #1: Do the code of conduct yourself. It’s far better to involve the business team both to gain their insights and get their buy in. Mistake #2: Think working inside a company is like working for their law firm. When you work in a company, even in the legal department, you need to focus on relationships and be less transactional. There’s no clock or timesheet to record billable hours. So spend the time getting to know your colleagues and building personal connections with them. Mistake #3: Disregard the rhythm of the business. Every business

By Adam Turteltaub A good, juicy case study is great for compliance training. An artfully created scenario can also be remarkably effective, especially for ethics training. What makes them so appealing, and how do you use them best? Colin May, Adjunct Professor at Stevenson University, explains that problem-based learning is very effective for adults both for knowledge transfer and retention. It also helps people apply what they have learned. Case studies, which are based on actual incidents, and scenarios, which are fictional, also benefit from a human love of stories. When determining whether to use a case study, scenario or some other learning method, he advises first thinking about the outcome: what do you want people to take away from the training. Next, think about the debriefing after employees have had a chance to either read the case study or act out a scenario. That subsequent conversation may prove to be the most valuable part of the learning exercise. Be sure, too, to keep your case studies a

By Adam Turteltaub There’s a lot of discussion about the relationship between compliance and the general counsel. Less words, though, have been dedicated to the important relationship between compliance and HR. Netherlands-based Asaf Shalev, Global Ethics, Risk & Compliance Lead for DLL rightly observes that maximizing synergy between the work of HR and compliance is a key for success of both the compliance program and the business. The departments share overlapping interests in a number of areas, including the code of conduct. He advocates both sides working closely together to ensure that it is human centric. When it comes to compensation, HR can help by building in compliance-related metrics. When it comes to discipline, HR can ensure that it is documented, consistent and fair. They can also be helpful for navigating local the labor laws that may apply. Listen in to learn more about how to make the compliance-HR relationship work from recruiting and onboarding through the entire employee lifecycle. L

By Adam Turteltaub Stress can be a good thing. Burnout, though, is something altogether different and very real for compliance professionals. Sarah Hadden (LinkedIn), CEO and Publisher of Corporate Compliance Insights shares in this podcast the not always encouraging data on stress and burnout from their 2025 Compliance Officer Working Conditions, Stress & Mental Health survey. The research did reveal some very good news. Compliance officers are generally happy with their work. They have a sense of purpose and feel that what they are doing is important. The findings also revealed a small but notable increase in the belief that the organization is supportive of compliance efforts. On the other side of the coin, though, only 7% said that job stress was not an issue. More concerning, 51% reported that they are experiencing burnout. What causes that burnout? A variety of factors are in play including the fast pace of regulations, personal liability fears, lack of time and resources and even AI. One of the g

By Adam Turteltaub There is a tendency to think of risk assessment as one thing and demonstrating the value of the compliance program as another. In this podcast, Catherine Bruno, Assistant Director Office of Integrity and Compliance (OIC) at the FBI shows that the risk assessment process can also be a great way to demonstrate the value of a strong compliance program. So how do they make that happen?  First, the OIC ensures that individuals who are closer to the risk, the subject matter experts at each of the divisions at FBI headquarters, as well as each field office, are involved both from the start and on an ongoing basis. Every six months the OIC requires them to spend time assessing compliance risk and put forward at least one. This process ensures participation without demanding too much of the field’s time. In advance of that meeting, the OIC conducts a training session, provides a model agenda, and may do a presentation on a particular risk area. They also require that, at the meeting, the particip

By Adam Turteltaub The words “works council” inspires fear and dread in the hearts and minds of many who have never worked with them. They need not, says Lisanne Winde, attorney at law at Wybenga advocaten and Alain Lambert, regional ethics and compliance officer for Central Europe at WSP. In this podcast, they share how the works council can actually help compliance teams. These entities are not unions but are specific to the company. They can be helpful for facilitating communication with employees and giving greater legitimacy to company policies. In practice they collaborate with management and can be more helpful than those unfamiliar with them may think. However, there are times when working with the works council is not just a nice to have but a requirement. Issues relating to whistleblowing and disciplinary policies are two examples. And there may be others, as well.  The laws vary by country. To make the most out of the relationship they recommend taking time to listen to what the works council

By Adam Turteltaub An audit by a Unified Program Integrity Contractor auditor, better known as a UPIC audit, can be a very scary thing. Providers are often shocked and even indignant to receive a letter notifying them of the audit and alleging fraud. Jon Rawlson (LinkedIn), President & Founder of Armory Hill Advocates, reminds us that the audit was likely not triggered by an allegation but by an algorithm catching outlier events such as a provider processing claims outside of their normal daily work, utilizing a DME, a skin substitute or some other expensive item that is outside the norm. Once you have calmed down after reviewing the letter, he advises acting immediately but calmly. Begin reviewing the documents you have been providing the Medicare program and bring in whatever help you need. And, don’t forget you have a five step appeal process that enables you to prove  your innocence. But, be mindful of the timeline the government gives. The consequences can be grave if you miss a deadline. Listen in