In case you missed it, there has been a lot of change in how organizations are dealing with #compliance. Risk management concepts, use of data, using compliance to lead to greater business efficiency, third-party risk, just to name a few.
It’s as if compliance has gotten a face lift recently and looks a whole lot more like a risk function adding value instead of just a cost of doing business.
I’m joined by Tom Fox to discuss some of the recent changes and how he has incorporated the “nuts and bolts” needed to operationalize compliance in your organization in his updated “The Compliance Handbook, 2nd Edition” where he shares practical tips like 31 days to a more effective compliance function.
As usual, we don’t just jam about compliance and #risk, but also music and some career advice you won’t want to miss.
Save 20% on Tom’s new book when you use this link: https://lexisnexis.com/fox20
Listen in at: http://www.jasonmefford.com/jammingwithjason/
00:00:01.319 –> 00:00:10.950
Jason Mefford: Welcome to another episode of jamming with Jay said hey today I have my friend Tom fox with me and we’re going to talk a little bit about compliance.
00:00:11.490 –> 00:00:16.890
Jason Mefford: Because he just came out with a new book that compliance handbooks second edition.
00:00:17.520 –> 00:00:26.310
Jason Mefford: And so you know, again, even if you’re not in compliance you’re going to want to stick around because Tom has been in this industry, for a long time.
00:00:26.820 –> 00:00:36.180
Jason Mefford: And you never know what’s going to come out on one of these episodes anyway so whatever you do stick around and listen to the entire episode and let’s roll that episode.
00:00:38.220 –> 00:00:40.080
Jason Mefford: hey Tom how you doing today man.
00:00:40.560 –> 00:00:41.790
Thomas Fox: it’s good to have you back on great.
00:00:42.990 –> 00:00:44.250
Thomas Fox: yeah and to be with you.
00:00:45.180 –> 00:00:49.740
Jason Mefford: I know you know you have you have been in this space for a long time.
00:00:51.570 –> 00:01:00.360
Jason Mefford: And and have have this compliance handbook out for quite a while right so so I guess, one of the questions, just like right off is.
00:01:00.780 –> 00:01:09.000
Jason Mefford: Why did you why did you take, like the compliance Bible that you already had and kind of create a second edition what’s what’s new or why did you go through and do this.
00:01:10.620 –> 00:01:21.450
Thomas Fox: Sure Jason so the original compliance handbook came out in late spring of 2018 and then in 2019 and 2020.
00:01:21.990 –> 00:01:31.110
Thomas Fox: We had some significant releases of information from the Department of Justice in 2019 we had the original evaluation of corporate compliance programs.
00:01:31.500 –> 00:01:43.380
Thomas Fox: which was updating the 2017 version, then we had the Department of Justice and I trust division come out with their evaluation of corporate compliance programs which added some really interesting.
00:01:44.370 –> 00:01:48.930
Thomas Fox: They were and I trust factors, but I thought applicable to and a corruption compliance as well.
00:01:49.260 –> 00:01:56.640
Thomas Fox: And, of course, under the antitrust law, you have both civil and criminal jurisdiction, so they focused on that a little bit more.
00:01:57.000 –> 00:02:07.140
Thomas Fox: We also had ofac come out with their version of a best practice compliance program once again with a little bit different focus, because it was trade compliance, so we had.
00:02:08.070 –> 00:02:14.790
Thomas Fox: Some significant information come out from Department of Justice and ofac and in in June of 2020.
00:02:15.180 –> 00:02:24.870
Thomas Fox: The Department of Justice updated their evaluation of corporate compliance programs and really changed the focus in a couple of key couple of ways, I thought needed to be highlighted.
00:02:25.230 –> 00:02:35.520
Thomas Fox: And then on July 1 I think 2020 the Department of Justice and Securities and Exchange Commission jointly came out with their update.
00:02:35.850 –> 00:02:50.670
Thomas Fox: To the fcp a resource guide, which was originally released in 2012 which, in my opinion, this is the single best resource guide for all things F CPA not simply compliance and so that I thought wanted.
00:02:51.360 –> 00:03:00.540
Thomas Fox: An update and I went through and rewrote about 40% of the book so there’s a lot of new information in there, it incorporates the most.
00:03:02.850 –> 00:03:12.120
Thomas Fox: Significant changes from the Department of Justice SEC ofac perspective and a lot of new information for the compliance practitioner as well.
00:03:13.800 –> 00:03:28.590
Jason Mefford: Well, I know cuz you know living here in the US, you know, because a lot of people that listen might be international, but we have some crazy compliance rules here in the US right, I mean we’re probably i’m guessing probably about the most.
00:03:30.090 –> 00:03:33.540
Jason Mefford: Controlled compliant regulated.
00:03:34.830 –> 00:03:44.220
Jason Mefford: country in the world right, and so, and a lot of these ones that you just throw out there are some some big names heavy hitters you know when the SEC comes down and they start calling.
00:03:44.730 –> 00:03:53.550
Jason Mefford: You got to pay attention right and I remember, because you mentioned F CPA and some of the some of the updates because I remember you know back in the day.
00:03:54.150 –> 00:04:03.570
Jason Mefford: The Federal Government pretty much said Look, we expect everybody to have good ethics and compliance programs or we’re not we’re going to really tell you what it is right it’s like wink wink.
00:04:04.860 –> 00:04:14.400
Jason Mefford: We know it when we see it, and if you’re not doing it then we’re going to be chopped right, and then I think there were some memos that kind of came out of the SEC if i’m remembering right.
00:04:14.880 –> 00:04:18.330
Jason Mefford: They kind of gave a little bit of guidelines that’s where like those those seven.
00:04:18.780 –> 00:04:27.210
Jason Mefford: Things that you usually think about where we’re kind of came from right but there’s there’s been this evolution, slowly but it sounds like from what you’re talking about.
00:04:27.660 –> 00:04:33.600
Jason Mefford: The last couple of years there’s been a lot more guidance actually coming out of the government of what they’re expecting.
00:04:35.070 –> 00:04:47.370
Thomas Fox: right starting in about 2015 we started hearing this is probably be music to your ears, but much more emphasis on data data analytics and use of data and your compliance Program.
00:04:47.730 –> 00:04:57.360
Thomas Fox: So obviously i’m a lawyer and data was not something we learned about in law school, not that was antithetical to the practice of law, but it was not something we focused on so.
00:04:58.140 –> 00:05:06.540
Thomas Fox: When you couple the Cosa 2013 internal controls framework with the DOJ emphasis on data, which was really emphasized in the.
00:05:07.590 –> 00:05:18.900
Thomas Fox: update, we saw the DOJ say specifically ctos had to have access to all corporate data, but more importantly, how to use that tab you had to analyze that data.
00:05:19.260 –> 00:05:30.870
Thomas Fox: You have to have continuous monitoring and continuous improvement, so this was really the most specific week heard the DOJ so they’ve been talking about that and speeches and.
00:05:31.230 –> 00:05:40.890
Thomas Fox: Other things over the past three or four years, but we saw a real acceleration with the update and now I think that’s probably the biggest driver.
00:05:41.490 –> 00:05:50.730
Thomas Fox: In compliance innovation right now is how can you get a handle on your data, how do you find out what data, you have, then, how do you analyze it.
00:05:51.660 –> 00:05:57.450
Thomas Fox: And then how can you incorporate that into a compliance program for continuous improvement, so those.
00:05:57.900 –> 00:06:05.670
Thomas Fox: that’s what’s really driving compliance now and it’s been interesting to see that evolution, but it certainly picked up during the pandemic and probably.
00:06:06.210 –> 00:06:23.220
Thomas Fox: i’m sure the coincidence of the June one release date of the update to the evaluation was coincidental nevertheless when it came out it really got a lot of people’s attention and data is something that is probably the most one of the most ubiquitous terms in compliance now.
00:06:24.390 –> 00:06:34.920
Jason Mefford: Well, it is it’s it’s funny because as you’re talking, you know because i’ve always usually kind of held you know risk and compliance is to kind of separate things but it’s.
00:06:35.370 –> 00:06:45.270
Jason Mefford: It seems like from what you’re talking about that there is more of this confluence now of this right is he is I mean we see this from.
00:06:45.750 –> 00:06:54.270
Jason Mefford: The ISO 31,000 standard on risk management right they came out with it, they updated it a couple years, I think it was a 18 or 19 they updated that.
00:06:54.840 –> 00:07:04.560
Jason Mefford: And so, now has been incorporating those concepts those risk management concepts into their other standards as they’re updating them.
00:07:05.010 –> 00:07:15.510
Jason Mefford: And so now it’s almost like the government has come back and said hey everybody compliance by itself right let’s start incorporating some of these risk management things you know, like you said it’s got to be continuous.
00:07:15.930 –> 00:07:26.190
Jason Mefford: it’s got to be you know have it, have an improvement, because as you’re going through as you’re looking at it and hey, by the way, everybody has data, so you guys should be able to start telling.
00:07:26.940 –> 00:07:34.290
Jason Mefford: Whether you’re compliant or not right, you should start kind of self monitoring, that is, that is, that kind of what i’m hearing what what’s coming out.
00:07:35.520 –> 00:07:44.370
Thomas Fox: No you’re absolutely spot on and one of the things I saw the last year with the pandemic was the acceleration of trends that have been percolating in.
00:07:44.820 –> 00:07:52.860
Thomas Fox: 2017 2018 and 2019 to accelerate X exponentially and coupled with the fact with certainly from the legal.
00:07:53.220 –> 00:07:59.640
Thomas Fox: kind of compliance perspective, the traditional way you would look at issues is go to an investigation, you might do an interview.
00:07:59.940 –> 00:08:18.510
Thomas Fox: You might sit down and talk to some people, you might review documents all that kind of all went out the window last year and really the only thing left was data, and so it forced people like myself who perhaps not use data primarily as the source for continuous monitoring or numbers.
00:08:19.560 –> 00:08:36.810
Thomas Fox: To really embrace that because we had to, and now that we’ve had to I think it’s a much more efficient way much certainly much more holistic way into your first point, I think you’re also spot on that we’ve had this much more or greater recognition that this is just risk.
00:08:38.100 –> 00:08:43.110
Thomas Fox: We had pandemic risk last year now we’ve got returned to work risk and got supply chain risk we got.
00:08:43.890 –> 00:08:48.930
Thomas Fox: Third party risk we have cyber cyber security risk we have data privacy risk, and of course we have.
00:08:49.350 –> 00:09:00.660
Thomas Fox: You know the social justice and diversity inclusion movements that gained speed last year, so you have a reputational risk, how are you going to look at those all and it has to be really a holistic integrated approach.
00:09:01.890 –> 00:09:07.800
Jason Mefford: Well, and it’s interesting because, even when you think about you know risk in general right.
00:09:08.850 –> 00:09:17.160
Jason Mefford: Why does the government come out with new laws with new regulations, because the government is trying to manage some risk.
00:09:17.550 –> 00:09:40.800
Jason Mefford: Right of businesses may be operating in a way that they don’t like right that ends up often having a very detrimental impact to the economy to two individuals right as well, and so they’re trying to manage kind of like the business environment within the country by putting these.
00:09:40.920 –> 00:09:51.630
Jason Mefford: i’ll use the word controls right because everybody likes the word controls, but really a regulation is trying to force organizations to operate in a certain way.
00:09:52.080 –> 00:10:02.670
Jason Mefford: To reduce that general public risk right and like you said, I think the pandemic is just really accelerated a lot of stuff that was already happening anyway.
00:10:03.420 –> 00:10:09.270
Jason Mefford: But it’s it’s interesting you know, like you said that that now they’re focusing much more on data.
00:10:09.870 –> 00:10:27.990
Jason Mefford: And you know, in a way, because organization should kind of know what’s going on, they should be tracking what’s going on and, as things change, they should be trying to get out in front of it, you know whether that’s compliance or just risk in general right.
00:10:29.370 –> 00:10:43.050
Jason Mefford: So, yes it’s kind of interesting and I know you said you know about 40% of the book has been updated so i’m guessing a lot of these this data concept is brought into it, or what are what are kind of the main updates that you’ve done since the first edition.
00:10:44.670 –> 00:11:00.480
Thomas Fox: So the main updates for around data they were around innovation, they were around managing managing your third parties, because in the compliance world third parties are still viewed as as the highest risk and once again with the monitoring and updating.
00:11:00.990 –> 00:11:02.070
Thomas Fox: In the.
00:11:03.780 –> 00:11:08.880
Thomas Fox: first evaluation that came out in 2019 there was discussion to have root cause analysis.
00:11:09.330 –> 00:11:20.160
Thomas Fox: And that was eventually added as an additional hallmark to the original 10 hallmarks of effective compliance program so there’s a discussion of how a root cause analysis is really different.
00:11:20.640 –> 00:11:32.790
Thomas Fox: than a investigation or an interview even two different focus with a different goals and why that’s important the joint ventures which.
00:11:33.780 –> 00:11:43.830
Thomas Fox: Whatever the business venture in it is and the types of business venture are only limited by our collective business imaginations whether it’s a jv a teaming agreement or anything else.
00:11:44.580 –> 00:11:56.340
Thomas Fox: had to figure out how to manage those but the other thing that’s that really I saw in in the bigger picture Jason was the move the moves that are being made.
00:11:57.240 –> 00:12:06.690
Thomas Fox: are really leading to greater business efficiency and so originally compliance programs were written policies and procedures, written by lawyers for lawyers.
00:12:07.410 –> 00:12:14.400
Thomas Fox: The Kosovo framework of 2013 for internal controls was for a lot of people, including myself, just a revelation.
00:12:14.850 –> 00:12:22.290
Thomas Fox: Because I now saw the controls is the backbone of the compliance program and that led to key performance integral integral.
00:12:22.950 –> 00:12:31.230
Thomas Fox: indicators with a lot of ways to measure efficiency in ways that I certainly hadn’t been aware of before and so that gave us this data.
00:12:31.710 –> 00:12:42.180
Thomas Fox: And if you can improve your business efficiency, while making your compliance program more effective, I think that equates to read a return on investment, we had a lot of that going on.
00:12:42.990 –> 00:12:48.570
Thomas Fox: And I think that’s one of the big accelerants we saw from from last year as well if you’re going to look at your.
00:12:49.470 –> 00:13:00.270
Thomas Fox: Spending your gift traveling and your payment spend and determine that it’s inefficient for the sales cycle for the sales process.
00:13:00.810 –> 00:13:14.040
Thomas Fox: And you can reduce your spend to give travel entertainment spend to government officials you’ve saved money you’ve made your process more efficient you’re more compliant and you’re probably going to get a better Roi from that sales team focusing on those customers.
00:13:15.330 –> 00:13:21.540
Jason Mefford: Well, so this is it’s going in an interesting way because you know, like if we think about.
00:13:22.830 –> 00:13:30.690
Jason Mefford: Like I said it looks like compliance now is taking on more of kind of these risk management principles right which one of them that ISO talks about is that.
00:13:30.750 –> 00:13:40.740
Jason Mefford: Risk Management adds value to the organization right, so that you shouldn’t be spending more on managing risk than the benefit that you’re getting.
00:13:41.190 –> 00:13:51.210
Jason Mefford: And I know for a long time it’s always been all compliance is just something we got to do it’s money we got to spend we hate doing it, but we got to do it right.
00:13:51.900 –> 00:14:04.470
Jason Mefford: To where now, it sounds like it’s it’s also having more of that value discussion and about ways to lead to these greater business efficiencies that compliance just isn’t about.
00:14:05.160 –> 00:14:16.530
Jason Mefford: Following that regulation but it’s also like you said it’s those controls in the background that are helping us actually run a better business as well right because a lot of times.
00:14:17.700 –> 00:14:18.030
Jason Mefford: yeah.
00:14:19.200 –> 00:14:22.080
Thomas Fox: Let me pick up on that last point, because that’s really critical.
00:14:23.220 –> 00:14:36.960
Thomas Fox: 10 years ago, five years ago, maybe three years ago when certainly I thought about the management of risk, it was to protect the company, but my thinking of all, because if you properly manage risk it’s actually a business advantage.
00:14:37.350 –> 00:14:40.860
Thomas Fox: If you can respond more quickly, because you have the controls in place.
00:14:41.160 –> 00:14:47.160
Thomas Fox: To accept greater risk because you already have the controls in place to manage that risk.
00:14:47.910 –> 00:14:53.610
Thomas Fox: With oversight with controls and the human element, it can make your business more nimble more agile.
00:14:53.910 –> 00:15:00.090
Thomas Fox: And that’s I think one of the things we saw last year companies were able to pivot much more quickly when they could manage that risk.
00:15:00.390 –> 00:15:08.970
Thomas Fox: Here was you know early on in the pandemic a school of thought that well we’ll just override these controls or we won’t follow these controls, because it’s a unique situation.
00:15:10.230 –> 00:15:14.820
Thomas Fox: The companies that already had the controls in place and could just have greater.
00:15:15.300 –> 00:15:26.130
Thomas Fox: Risk Management oversight were able to more quickly respond, and I think that played out for a lot of different industries in the past year, so i’m really seeing that risk management.
00:15:26.520 –> 00:15:40.620
Thomas Fox: now being thought of as a business advantage because you can respond more quickly, and one thing i’ve learned over the years is, the greater the risk, the greater potential profits and if you can figure out a way to manage great nervously neighbor you’re going to make.
00:15:40.710 –> 00:15:42.330
Thomas Fox: More money and so.
00:15:43.410 –> 00:15:45.150
Thomas Fox: I think we’ve seen a lot of that as well.
00:15:45.990 –> 00:15:55.140
Jason Mefford: Well, because that’s that’s one of the things and i’ll use the you know ISO 31,000 risk management, because one of their risk response things I talked about is increased the risk.
00:15:55.710 –> 00:16:06.300
Jason Mefford: And I know when people read that they’re like what do you what what, no, no, no here we’re for value preservation right we’re but but it’s that point again of but those companies who can.
00:16:06.780 –> 00:16:14.010
Jason Mefford: Who, who have the processes and the controls in place, they can take more risk intelligently.
00:16:14.640 –> 00:16:22.410
Jason Mefford: And they can actually increase the risk and still have a higher reward right and so those are the ones that are going to end up winning more.
00:16:22.950 –> 00:16:31.710
Jason Mefford: But it’s but it’s interesting because this this dialogue that we’re having kind of It reminded me of a lecture I sat through when I was doing my MBA many years ago.
00:16:32.190 –> 00:16:38.700
Jason Mefford: And this was before all of the environmental, you know now everybody’s like Oh, he s G s G s G right.
00:16:39.480 –> 00:16:50.400
Jason Mefford: This was before all the environmental push had happened, and I remember that this professor, she would she was a very you know left wing environmentally friendly person and so she was.
00:16:51.030 –> 00:16:57.990
Jason Mefford: You know kind of talking about the benefits of being an environmentally friendly company.
00:16:58.740 –> 00:17:09.810
Jason Mefford: And you know, most of us in the audience for like, but this just costs more money, it costs more money right we can’t it’s it’s reducing profits and she stopped, and I remember saying something like.
00:17:10.290 –> 00:17:18.450
Jason Mefford: Why do you think that this just costs more money can’t it also be an advantage for the organization.
00:17:19.200 –> 00:17:23.040
Jason Mefford: And then I remember at that time you know a lot of us were still kind of thinking, she was a little crazy.
00:17:23.430 –> 00:17:29.520
Jason Mefford: But it wasn’t but a couple of years, you know, and all of a sudden, we had these huge companies like walmart going.
00:17:29.880 –> 00:17:38.070
Jason Mefford: holy crap if I read you know if I switch out all of the lights in my store to you know compact fluorescent instead.
00:17:38.550 –> 00:17:48.300
Jason Mefford: it’s not only good for the environment but i’m i’m spending like 40% less in energy costs holy crap right, so the minute that they decided that.
00:17:48.660 –> 00:17:57.600
Jason Mefford: There was huge investment and huge push but it took that mindset shift and it just sounds like we’re starting to have some of that mindset shift now.
00:17:57.960 –> 00:18:08.190
Jason Mefford: In the compliance area as well it’s not just a cost of doing business but it’s it’s an investment in in doing good business right.
00:18:09.480 –> 00:18:17.130
Thomas Fox: Your spa when when companies talk about we’re going to reduce our carbon footprint, I immediately here how much is that going to save us.
00:18:18.210 –> 00:18:24.570
Thomas Fox: isn’t going to be environmentally friendly, yes, help our stock price, maybe, but we will have absolutely save money.
00:18:26.910 –> 00:18:27.240
Jason Mefford: yeah.
00:18:28.350 –> 00:18:35.610
Jason Mefford: So it’s interesting that we’re kind of kind of coming that way now, I know I think you know the the compliance handbook I think you.
00:18:35.640 –> 00:18:46.470
Jason Mefford: You published through lexis nexis right and if i’m remembering that right, so why you know lexis nexis I always I always thought that was a great term I just love that.
00:18:47.340 –> 00:18:59.490
Jason Mefford: The alliteration of it too right but but maybe you know just just talk for a minute what what is lexis nexis, why did you choose them as somebody to publish the compliance handbook through.
00:19:01.020 –> 00:19:13.110
Thomas Fox: So lets us nexus is the world’s largest legal publisher and about May of last year I got an email from them telling me that they were going to start a.
00:19:13.920 –> 00:19:22.050
Thomas Fox: Compliance adjunct to their legal publications and they wanted me to come on board as a first compliance also author.
00:19:22.530 –> 00:19:27.720
Thomas Fox: And so I sat down with them, or I guess virtually sat down with them, because it was in May.
00:19:28.110 –> 00:19:39.300
Thomas Fox: and your work on a contract and I was at i’m absolutely thrilled to be a part of lexis nexis because they literally are the world’s largest legal publisher they want to start coming out with a compliance series.
00:19:39.660 –> 00:19:49.110
Thomas Fox: And they they focus on the nuts and bolts, how do you do it in you name the area and so that’s exactly what the compliance handbook is.
00:19:49.530 –> 00:20:01.950
Thomas Fox: The best nuts and bolts book, in my opinion, and doing a best practice compliance program so I work with them, I had they came in and took over the editing role for my wife so she was thrilled.
00:20:03.060 –> 00:20:06.180
Jason Mefford: She was happy happy wife happy man right So there you go.
00:20:07.980 –> 00:20:19.380
Thomas Fox: So that worked out well and i’m going they took over the publication, it was released it’s available in their bookstore for immediate release now.
00:20:19.800 –> 00:20:21.120
Jason Mefford: wow well.
00:20:21.390 –> 00:20:36.120
Thomas Fox: They were a pleasure to work with, I never worked with a professional editor before so obviously I bring a certain perspective to the process they’re renewing very different perspective, a non legal perspective so when they would email me and say this doesn’t make sense.
00:20:37.140 –> 00:20:47.700
Thomas Fox: They were right may not make sense to someone without my professional background and that meant it didn’t make sense to potential reader so I really learned a lot from that process and enjoyed that process.
00:20:48.660 –> 00:20:57.060
Jason Mefford: Well, and the nuts and bolts, I think, is what’s important because it’s so i’m glad that that’s kind of the approach of this has, and that it is.
00:20:58.170 –> 00:20:59.340
Jason Mefford: Like that one place where.
00:20:59.340 –> 00:21:04.830
Jason Mefford: People can go to actually get down to that level because so much of the time you know it’s.
00:21:05.250 –> 00:21:15.900
Jason Mefford: People people talk and theories and Oh, this is the nice to do kind of thing right but it, but it leaves the people who are the practitioner.
00:21:16.380 –> 00:21:29.010
Jason Mefford: That has to actually execute going yeah but what am I supposed to do right, so they get some big lofty goal, or they get some theoretical thing pushed at them.
00:21:29.490 –> 00:21:46.950
Jason Mefford: But at the end of the day, they still have to execute they still have to figure out how to make this work, and so it sounds like you know, in the second edition that you’re giving a more of the here’s how you would actually implement this test your company kind of step by step.
00:21:48.960 –> 00:21:54.810
Thomas Fox: Absolutely so Chapter one actually is 31 days to a more effective compliance program where I.
00:21:55.380 –> 00:22:05.430
Thomas Fox: Literally in 31 different entries talk about how you can improve your compliance program with one or two things each day and then each entry.
00:22:05.760 –> 00:22:13.020
Thomas Fox: has three key takeaways and each one of those takeaways are things you can do it a little or no cost to.
00:22:13.500 –> 00:22:21.090
Thomas Fox: Make your compliance more coupons per plant program more effective that day I keep that same format throughout the book in terms of.
00:22:21.420 –> 00:22:34.470
Thomas Fox: Every chapter every entry has three key takeaways a long time ago, I heard there’s a lot of things you can learn in the law there’s a whole lot less that you actually need to know, so I tried to give.
00:22:35.340 –> 00:22:46.140
Thomas Fox: The compliance practitioner that same approach you can know a lot more, but here’s the things you need to know and here’s three things you can do today to make your compliance program more effective and i’ve had.
00:22:46.770 –> 00:22:51.450
Thomas Fox: Several readers of the first book tell me that that’s exactly how they used it they read it.
00:22:51.960 –> 00:23:02.760
Thomas Fox: it’s very biblical 12 chapters, so you can read it is either the 12 tribes or 12 months, and you can read a chapter A month and with an entry each day.
00:23:03.060 –> 00:23:13.530
Thomas Fox: that’s a 750 to 800 words and with three key takeaways the things you can do that day to incorporate into your compliance program it’s designed for.
00:23:13.800 –> 00:23:23.280
Thomas Fox: liberty, the company that doesn’t have a compliance program all the way up to the amazons of the world, you want to use it to enhance or upgrade their program as well.
00:23:24.810 –> 00:23:29.940
Jason Mefford: Well it’s good, because I know you know when I talked to a lot of compliance people, the one thing that I hear often is.
00:23:31.230 –> 00:23:41.790
Jason Mefford: i’m overwhelmed right there’s so much to do, I mean so again, if you take even a midsize company here in the US, the amount.
00:23:42.600 –> 00:23:46.650
Jason Mefford: of compliance that we have to do is pretty overwhelming.
00:23:47.310 –> 00:23:56.490
Jason Mefford: Right and, and so I like that approach to have look just just take it a little bit at a time right it’s like the big elephant, you need a little bit each day.
00:23:56.940 –> 00:24:05.880
Jason Mefford: read a chapter once a month, you know do this one little thing each day and you’re going to get closer and closer right because.
00:24:06.270 –> 00:24:11.220
Jason Mefford: Like I said I I hear that, from a lot of people and I I usually tell them look just.
00:24:11.670 –> 00:24:23.220
Jason Mefford: focus on what’s most important right in front of you at the time right because they might come to me and say i’ve got 20 different things, I have to you know regulations, I have to follow which one do I do, how do I do them all, at the same time.
00:24:23.940 –> 00:24:33.060
Jason Mefford: Well, you can’t do all of them at the same time right, and again I mean you’ve got more experience from from the regulator’s side, but what I tell people so fact.
00:24:33.990 –> 00:24:48.510
Jason Mefford: check me on this too, because if i’m wrong, let me know but I usually tell them look, you know the regulators are more interested in the fact that you’re trying and you’re working towards that, then that necessarily everything.
00:24:48.510 –> 00:24:49.230
Thomas Fox: Is button down.
00:24:49.260 –> 00:24:56.640
Jason Mefford: Yes, they wanted all that way but they’re going to give you some credit for the try factor right.
00:24:59.400 –> 00:25:01.800
Jason Mefford: am I saying that right to people okay.
00:25:01.950 –> 00:25:03.090
Thomas Fox: you’re saying that right people.
00:25:03.420 –> 00:25:04.800
Thomas Fox: With a couple of caveats.
00:25:04.950 –> 00:25:08.190
Thomas Fox: yeah number one that process has to be documented.
00:25:08.820 –> 00:25:17.340
Thomas Fox: And anyone who’s ever heard he speaks it knows that I continually say the three most important things in any compliance program are the following.
00:25:17.730 –> 00:25:28.560
Thomas Fox: document document document whatever you do document and that way of a regulator comes knocking you can do that you as a compliance professional can do exactly what you Jason just suggested.
00:25:29.070 –> 00:25:34.920
Thomas Fox: here’s my problem here’s how i’m remedying it and here’s the steps i’m taking here’s the steps i’m going to take.
00:25:35.400 –> 00:25:46.320
Thomas Fox: And that really mirrors what the Department of Justice said in the update the June 2020 updating, a violation of corporate compliance programs which It all starts with a risk assessment.
00:25:46.770 –> 00:25:56.790
Thomas Fox: But then, after you assess your risk and put in a program to manage that risk, you have to monitor that program and that’s continuous monitoring and that’s what leads to continuous improvement.
00:25:57.300 –> 00:26:12.240
Thomas Fox: That was the first time they really linked the risk assessment to continuous monitoring but it’s a it’s a much more formal way of saying what you just said he was our problem here’s i’m going to fix it and here’s the steps, I have taken it will take if it’s document.
00:26:13.230 –> 00:26:21.030
Jason Mefford: yeah so you got to make make sure and document because that’s that’s the thing too, I mean I know we you know we both did some work with outside for quite a while, too, and I remember.
00:26:21.420 –> 00:26:28.830
Jason Mefford: You know, I think that one of the definitions are paraphrasing but you know compliance is about documenting and proving.
00:26:29.370 –> 00:26:34.500
Jason Mefford: That you actually complied with the requirements, so there has to be that documentation side of it.
00:26:34.980 –> 00:26:42.030
Jason Mefford: Because again if somebody comes in and asking and you’re like well you know yeah we did that well, can you can you prove it to me, can you show it to me.
00:26:42.540 –> 00:26:46.710
Jason Mefford: And I think you know again that’s probably one of the reasons why now data.
00:26:47.220 –> 00:26:57.210
Jason Mefford: is so important, again, because the data shows or proves that you did it as well right and that you are monitoring it and that you are.
00:26:57.510 –> 00:27:09.660
Jason Mefford: addressing issues when things come up right it’s it’s one way to actually document and prove stuff and ties a lot better into the risk assessment, which again is interesting and that’s that’s.
00:27:10.440 –> 00:27:19.350
Jason Mefford: it’s it sounds like this is the approach that you’re suggesting to people to is look assess what’s most important focus on those areas first.
00:27:19.710 –> 00:27:33.810
Jason Mefford: And then start filling in, as you can right so again it’s more of that risk management concepts being brought to compliance instead of trying to do everything right away what’s most important and start working start working through that.
00:27:35.100 –> 00:27:46.110
Thomas Fox: And there’s even a career development reason to do it and I took this from a friend of mine who told me that every day on back when we had daily desk calendars.
00:27:46.710 –> 00:27:49.170
Jason Mefford: Writing those yeah.
00:27:49.560 –> 00:28:01.200
Thomas Fox: yeah he would write 123 things he had done that day to enhance his compliance program and he did it for two reasons, one was well three one, so we had a record he could recall.
00:28:01.620 –> 00:28:08.370
Thomas Fox: To have a regular came knocking he had a note which he could then show the regular see I wrote this down on July 7.
00:28:08.940 –> 00:28:15.060
Thomas Fox: But equally importantly, when he went in for annual salary negotiations, he had a record of everything he had done.
00:28:15.870 –> 00:28:32.400
Thomas Fox: And he would use that in salary negotiations, each year, so, and no one can ever say it work and been insufficient because he had a written documentation of 123 things he had done every day to enhance the compliance program so for career development reasons it can work as well.
00:28:33.270 –> 00:28:35.520
Jason Mefford: And I think it’s good too, because sometimes.
00:28:36.600 –> 00:28:47.040
Jason Mefford: You know people in these professions, you know it within companies, sometimes it’s it’s it’s pretty hard you know I I grew up my dad was a general contractor.
00:28:47.580 –> 00:28:53.790
Jason Mefford: You build a house, you see something tangible right, I used to build furniture, you know when I was younger.
00:28:54.180 –> 00:29:04.020
Jason Mefford: Well, when you build a piece of furniture it’s something tangible that you can see, at the end of the day, you saw exactly what you did and there’s a lot of satisfaction.
00:29:04.470 –> 00:29:17.490
Jason Mefford: In any of the trades, where you use your hands and you see something tangible, but in our professions they’re not really tangible and so doing something like that seems like not only to help him with his career.
00:29:18.240 –> 00:29:29.550
Jason Mefford: With a salary negotiation, but i’m sure that that gentleman probably had much more satisfaction in what he was doing because he was documenting.
00:29:30.090 –> 00:29:41.550
Jason Mefford: Those things that he was doing you can’t see it tangibly, but if you write it down on your desk calendar, then you can feel good about what you actually did that day and that provides a lot more.
00:29:41.970 –> 00:29:53.790
Jason Mefford: job satisfaction, makes us happier in general to write, because we can see that we’re actually having an impact we’re we’re moving the needle in the way that it needs to go as well, so.
00:29:54.960 –> 00:29:56.460
Jason Mefford: Great stuff great stuff.
00:29:58.020 –> 00:30:05.220
Jason Mefford: Alright, so tom’s got a new book compliance handbook second edition available through lexis nexis so.
00:30:05.640 –> 00:30:19.620
Jason Mefford: Make sure in the in the notes down below there will be a link for you to be able to go out and pick up a copy of that, but you know before we do a quick wrap up here Tom I always love to bring in music when I can as well to right so.
00:30:21.120 –> 00:30:34.260
Jason Mefford: So so here’s here’s a couple of musical questions and then we’ll kind of end with a with a you know sage advice from Tom at the end, but so if I throw out, are you are you more a Beatles or more of a stones person.
00:30:36.510 –> 00:30:41.550
Thomas Fox: Well, I have to start off with acknowledging that ringo starr’s at one today.
00:30:44.190 –> 00:31:01.170
Jason Mefford: he’s fabulous he’s the forgotten beetle that people do not realize how big of a George and ringo people don’t don’t give the credit to, but without those two men, the Beatles would have never been what they were yeah so.
00:31:01.230 –> 00:31:02.700
Jason Mefford: And i’d be birthday rainbow.
00:31:04.740 –> 00:31:09.840
Thomas Fox: Evelyn said in an interview that they asked him, who is the most talented people and he said rinka.
00:31:11.700 –> 00:31:24.570
Thomas Fox: which really surprised me about six or seven years ago, the stars aligned with ring oh playing in Houston on a Friday night and Paul McCartney playing in New Orleans the next Saturday.
00:31:25.320 –> 00:31:26.640
Jason Mefford: So you get to go to my life.
00:31:26.640 –> 00:31:27.000
Thomas Fox: And not.
00:31:29.850 –> 00:31:32.310
Thomas Fox: Having said all of that, I must stones guy.
00:31:35.190 –> 00:31:36.300
Jason Mefford: yeah well it’s.
00:31:36.330 –> 00:31:38.880
Jason Mefford: funny yeah yeah go ahead yeah.
00:31:40.590 –> 00:31:42.450
Thomas Fox: sympathy with the devil’s my favorites.
00:31:43.110 –> 00:31:55.260
Jason Mefford: yeah no I when I was younger I remember you know, listening to the stones a lot love the Beatles but but yeah growing up, I was more of a stones guy cuz I was I liked heavier.
00:31:56.490 –> 00:32:08.940
Jason Mefford: The older i’ve gotten I mean i’ve got respect for both of those groups, I mean there’s some stuff that the stones have done that holy crap I mean, but you know i’ve gotten more respect for both of them and what they’ve done.
00:32:10.020 –> 00:32:10.500
Jason Mefford: So yeah.
00:32:11.970 –> 00:32:20.370
Jason Mefford: Anyway, well that’s good it’s see it’s it’s interesting what everybody has done because I remember one of the ringgold stories that I heard was.
00:32:21.840 –> 00:32:28.290
Jason Mefford: One of the songs I listened to a lot is here comes the sun, and that was one that the George wrote.
00:32:28.800 –> 00:32:42.390
Jason Mefford: interesting story on that he actually played hooky one day he was supposed to be in the recording studio and he said screw that and he hung out with clapton for the day at clapton sales and any ended up writing this song and then he came in.
00:32:42.510 –> 00:32:43.950
Jason Mefford: And it was written in seven eight.
00:32:44.010 –> 00:32:54.300
Jason Mefford: Which is a hard path anyway, but he handed it to ringo and he’s like rainbow you got to come up with some way to do this and he’s like.
00:32:58.440 –> 00:33:08.520
Jason Mefford: You know kind of thing and it’s like just like that ringo pulled out, that that signature drum track that’s actually in that song to to a song that was.
00:33:09.990 –> 00:33:10.800
Jason Mefford: yeah so.
00:33:11.820 –> 00:33:17.460
Jason Mefford: A lot of a lot of talent in that man so anyway, I just love bringing up bringing up music a little bit too so.
00:33:18.210 –> 00:33:23.400
Jason Mefford: And usually one of the questions is who’s your favorite Beatles so you already answered that one for me, too, so I got that but.
00:33:24.240 –> 00:33:30.420
Jason Mefford: But yeah now, one thing I like to do at the end, too, because you know both both you and I have we’ve been in our careers for a long time.
00:33:31.320 –> 00:33:50.880
Jason Mefford: And it’s always helpful because a lot of people who listen are still early on in their career, so you know if you were to look back now to maybe a mid 20s Tom what advice would you give your younger self now that you’ve already gone through your career.
00:33:51.450 –> 00:34:01.200
Jason Mefford: And so now we’re much or much wiser in in in where we’re at but yeah what advice would you give to yourself that other people could benefit from as well.
00:34:13.980 –> 00:34:16.410
Jason Mefford: have to be like earth shattering either, but it’s a.
00:34:17.970 –> 00:34:19.050
Thomas Fox: I would say.
00:34:21.930 –> 00:34:23.340
Thomas Fox: professionally.
00:34:24.660 –> 00:34:26.490
Thomas Fox: master subject matter.
00:34:27.870 –> 00:34:30.780
Thomas Fox: The reason I picked compliance.
00:34:32.010 –> 00:34:34.200
Thomas Fox: In my solo career was that.
00:34:35.550 –> 00:34:38.610
Thomas Fox: In 2009 or 2010.
00:34:40.200 –> 00:34:49.620
Thomas Fox: There were maybe five or 10 fcp a cases and I could read the F CPA I could read the case law, I could give tom’s interpretation.
00:34:50.850 –> 00:34:55.950
Thomas Fox: of both the case line the CPA and it was as valid as anyone elses.
00:34:57.180 –> 00:35:04.800
Thomas Fox: Because there’s just a very few case law, just one of the few areas of the law that there are so few cases and and so.
00:35:05.550 –> 00:35:19.050
Thomas Fox: I spent that that time I spent basically the Malcolm gladwell 10,000 hours and writing and learning, and so I had that subject matter expertise, but if you can go niche you can go very big yeah.
00:35:19.710 –> 00:35:25.710
Jason Mefford: Well that’s good advice, because I know so many people that I thought I talked to especially earlier on in their career.
00:35:26.100 –> 00:35:37.320
Jason Mefford: They want to go everywhere right I want this certification and that certification and that certification, which is fine, but what’s what’s the method behind it what’s the reason behind it and.
00:35:37.320 –> 00:35:51.330
Jason Mefford: becoming truly a master in a particular subject matter, will do you well for your career right and so that’s great advice time it’s worked well for you as well, so yeah.
00:35:51.360 –> 00:35:52.860
Jason Mefford: Everybody know, everybody knows you.
00:35:53.100 –> 00:36:00.120
Jason Mefford: For that, now, but again it’s the important part of that you brought up there to that Malcolm gladwell 10,000 hours.
00:36:00.630 –> 00:36:07.470
Jason Mefford: You know that’s from from one of gladwell his books, where it really kind of talks about that look it takes about 10,000 hours.
00:36:07.980 –> 00:36:23.190
Jason Mefford: To really become an expert in something right and so again that might seem like a big thing, but just as we were talking about compliance right, how do you get 10,000 hours of expertise in something you start today, and you do alone.
00:36:24.390 –> 00:36:27.540
Jason Mefford: Right and you just kind of get started with it and go but.
00:36:28.620 –> 00:36:32.220
Jason Mefford: Great advice well Tom thanks for coming on today it’s.
00:36:33.600 –> 00:36:48.660
Jason Mefford: You opened my eyes to a lot of stuff too, because I haven’t had my head in compliance as much the last few years, and so to hear some of the changes to it, your new book that came out the compliance handbook second edition.
00:36:50.310 –> 00:37:02.820
Jason Mefford: Great stuff for people that are in this area, and especially if if they haven’t really thought about it there’s been a lot of changes the last year or two that they probably should get more educated on start spending some of those 10,000 hours that way so.
00:37:04.350 –> 00:37:07.230
Jason Mefford: Any any last words Tom before we head out.
00:37:08.100 –> 00:37:12.360
Thomas Fox: So thanks so much for having me on, and please buy my book yeah.
00:37:13.050 –> 00:37:22.770
Jason Mefford: go out and buy buy his book like I said we’ll put a link in the in the section area below so make sure you click on that link and go get his book, so you can get the nuts and bolts.
00:37:23.130 –> 00:37:32.400
Jason Mefford: on how to actually implement and improve compliance in your organization so thanks Tom and we’ll see everybody on the next episode of jammin with Jason see ya.