[ad_1]
Chicago-based Alliant Credit Union has selected Jamie Warder as its chief information officer and head of business strategy, effective July 8. In his new role, Warder is responsible for the technology and business strategy at the $20 billion credit union, according to a company release. His experience as chief digital officer for KeyBank and time […]
[ad_2]
Vaidik Trivedi
Source link
[ad_1]
NEW YORK, NY, May 16, 2024 (Newswire.com)
–
Pypestream, a leader in customer engagement solutions powered by conversational AI, is proud to announce that it has achieved GovCloud compliance. This significant milestone underscores Pypestream’s commitment to providing secure, reliable, and compliant digital solutions for government agencies and their constituents.
Achieving GovCloud compliance means that Pypestream’s platform meets the stringent security and regulatory standards required by government entities. This compliance ensures that sensitive data is protected and managed in accordance with federal guidelines, providing peace of mind to agencies that rely on Pypestream for their digital engagement needs.
“Security and compliance are paramount in today’s digital landscape, especially for government agencies handling sensitive information,” said Gary MacDougall, CTO of Pypestream. “Achieving GovCloud compliance is a testament to our dedication to maintaining the highest standards of data security and integrity. This compliance not only allows us to extend our secure, AI-powered customer engagement solutions to state agencies but also puts us on the path to achieving FedRAMP authorization. We are excited to help government clients better serve their constituents with secure and innovative technology.”
Pypestream’s platform leverages advanced conversational AI to provide seamless and intuitive interactions between agencies and the public. With features like 24/7 automated customer support, real-time updates, and personalized communication, government agencies can enhance their service delivery while ensuring data security and compliance.
In addition to achieving GovCloud compliance, Pypestream continues to innovate and expand its offerings to meet the evolving needs of its clients. Pypestream is committed to providing cutting-edge solutions that drive efficiency, improve user experiences, and maintain the highest levels of security.
For more information about Pypestream and its Gov Cloud compliant solutions, please visit www.pypestream.com.
About Pypestream
Pypestream is a leading provider of AI-powered customer engagement solutions. The company’s platform enables businesses and government agencies to connect with their customers through secure, automated conversations. By leveraging the power of conversational AI, Pypestream helps organizations improve customer satisfaction, reduce operational costs, and drive digital transformation.
Contact Information
Lauren Clements
Head of Marketing
pr@pypestream.com
SOURCE: Pypestream
Source: Pypestream Inc
[ad_2]
[ad_1]
[ad_2]
Tom Hymes
Source link
[ad_1]
The recent turmoil at New York Community Bancorp is raising more questions about its auditor KPMG, which last year faced scrutiny over its audits of three now-defunct regional banks.
KPMG has built up a large business auditing U.S. banks and had long audited Long Island-based New York Community. The bank’s stock is down nearly 70% this year after a
The latter disclosure seemingly conflicts with an audit KPMG performed in 2022, when KPMG said the bank’s internal controls were effective.
The facts over KPMG’s audits aren’t public, making it hard to gauge whether auditors rightfully pushed back as New York Community quickly grew in 2023. But the bank’s disclosures of weaknesses are the latest headache for KPMG, which
“There’s no excuse for it,” said Francine McKenna, a former KPMG consultant whose
Debates over KPMG’s audits of those three banks — and now, the struggling New York Community — center around whether auditors are to blame for poor decision-making by the banks, or whether the blame lies solely on CEOs. A full answer on that question is not yet clear, but all four cases highlight the perils of rapid growth.
When growing quickly, banks’ risk management and financial reporting effectiveness must “keep pace with their growth in assets,” said Kiridaran Kanagaretnam, a professor at York University in Canada who researches bank accounting.
KPMG did not comment on the issues at New York Community. In a statement, KPMG spokesman Russ Grote said the firm has “long had a substantial and dynamic audit practice in the financial services industry.”
“We conduct our audits in accordance with professional standards, maintaining auditor independence. Due to client confidentiality, we have no specific comment,” the KPMG spokesman said.
Spokespeople at New York Community did not respond to requests for comment.
The three regional banks that failed last year were all darlings of bank investors who preferred high-growth banks. New York Community long took a more old-fashioned approach, having bulked up mostly through a series of smaller mergers in the 2000s.
Then came December 2022, when in an effort to diversify away from
In a securities filing last week, New York Community said that it had “identified material weaknesses” in its internal controls for loan reviews, citing “ineffective oversight, risk assessment and monitoring activities.”
The company also delayed the release of its annual report, saying it’s “been working diligently to finalize” it but must first complete its review of the issue. The company said it expects its annual report to state that its internal controls over financial reporting “were not effective” at the end of 2023 and lay out a “remediation plan” to fix those weaknesses.
The bank’s issues highlight the need for the “strictest controls and auditing” for retail-focused banks since they handle everyday depositors’ money, said Atul Shah, a professor at City University of London. Shah wrote
“Aggressive CEOs who wish to grow the numbers very fast will despise controls and favour risky assets,” Shah said in an email. “This has to be checked in time and regulated.”
One potential explanation for New York Community’s problems in 2023 is the difficulty of integrating Flagstar Bank and the chunks of Signature Bank all within one system, said Jack Castonguay, an accounting professor at Hofstra University.
In 2022, New York Community’s loan portfolio was entirely its own, but last year the company absorbed two other sets of loan books that “may not be structured” the same.
“It’s kind of like if all your devices have lightning chargers, and then you have a USB-C phone,” Castonguay said.
KPMG may also have found the same weaknesses as it looked at the bank’s books from last year, though that information is not public yet, Castonguay noted.
Last year, Castonguay
Others, such as McKenna, have been far more critical and argued the failures reflect auditors failing to take a hard look at all the assumptions that make up a bank’s financial statements. McKenna also criticized the “revolving door” between KPMG and bank leadership, noting the CEOs of both First Republic and Signature both held top roles at KPMG.
“It seems like we’ve got a little cottage industry in audit partners thinking they can run banks,” McKenna said. “And clearly, they’re not doing a very good job.”
New York Community recently replaced CEO Tom Cangemi, who worked at KPMG for a few years after college but did not become a partner there — since he instead took on chief financial officer roles at banks.
Cangemi, who was the architect of the bank’s recent growth, did not respond to a request for comment.
[ad_2]
Polo Rocha
Source link
[ad_1]
An advisory committee, set up by Paytm owner One97 Communications after the Reserve Bank’s action on its payments bank business, is at a stage of engagement with the company on matters related to the terms of reference for the panel, the panel’s head and former chairman of Sebi M Damodaran said.
“We have been engaging with the group on matters relating to the Advisory Committee’s terms of reference,” Damodaran said on Sunday in response to a query about his engagement with Paytm.
He said that the panel members are external advisors and at present Paytm is engaged in dealing with the RBI.
On January 31, the RBI asked PPBL (Paytm Payments Bank Ltd) to stop further deposits, credit transactions, or top-ups in any customer accounts, prepaid instruments, wallets, FASTags, and National Common Mobility Cards, after February 29. Later, the central bank extended the deadline till March 15.
Paytm on February 9 announced setting up of a group advisory committee headed by Damodaran. The committee was set up to advise the company on strengthening compliance and on regulatory matters.
Meanwhile, the Reserve Bank on Friday asked the National Payments Corporation of India (NPCI) to examine the possibility of migrating Paytm Payments Bank customers using the UPI handle ‘@paytm’ to 4-5 other banks, in a bid to prevent any disruptions in the payment ecosystem.
Damodaran was speaking at the release of his biography ‘The Turmeric Latte’ compiled by one of his former colleagues.
During a panel discussion at the event, when he was asked about his views on the functioning of Sebi at present, Damodaran said the capital markets regulator has bandwidth problems with respect to the large amount of issues that it has to handle.
“Sebi has a huge challenge. The bandwidth seems inadequate to tackle the large number of issues that they have to tackle. In the process, it sometimes feels like they are biting more than they can chew,” Damodaran said.
The book, curated by former Tripura cadre IAS officer Dinesh Tyagi who last served as Managing Director of CSC E-Governance, has contributions from former colleagues of Damodaran including former mines secretary Sushil Kumar.
The book also mentions about “threats” received by Damodaran, when he was the joint secretary in the information and broadcasting ministry, for some decisions taken by him.
[ad_2]
[ad_1]
All around the world, regulatory bodies are constantly creating and revising laws and making regulatory changes that govern businesses operating in specific industries. While most of these laws are only applicable to large corporations that meet specific requirements, sometimes they apply to smaller businesses, too. That’s why it’s important to have a strategy for remaining in compliance with all applicable laws. It’s just not possible to stay on top of ever-changing industry regulations manually.
According to data published on FintechFutures.com, the first two quarters of 2023 saw more than $3.7 billion in financial enforcement fines. A French ad company called Criteo was fined 40€ million for violating the GDPR by not getting user consent for targeted advertising. The original fine was 60€ million, but the company sought to get it reduced. Other companies in varying industries have also been hit with steep fines, and the only way to avoid this situation yourself is to stay on top of compliance requirements.
[ad_2]
Kimberly Zhang
Source link
[ad_1]
Each month, the Bank Automation News editorial team does a deep dive into topics relevant to the banking industry and, this year, AI dominated the headlines. From AI-driven credit decisioning to implementation and generative AI, FI executives shared how the technology is changing the industry.
Following are the editors’ favorite AI features of 2023:
Buy-versus-build is a common question when discussing AI within financial institutions. FIs including Barclays, Citi, Deutsche Bank, HSBC and JPMorgan weighed in on how they are investing in the technology — most taking a hybrid approach on buying in-house and selecting third-party vendors to provide the technology.
Financial institutions this year looked to AI and automation to speed up processes and add efficiencies. However, when implementing AI-driven decisioning, FIs needed to consider biases and compliance. That’s where large language models, explainability and data training are needed.
The finance industry explored generative AI technology such as implementing it within customer support, fraud detection, natural language processing and language translation. Rather than just tapping ChatGPT, FIs have since rolled out their own generative AI technologies for internal and client-facing chatbots.
Generative AI uses in finance will continue to surface in 2024 as the technology adapts and FIs invest in it.
Get ready for the Bank Automation Summit U.S. 2024 in Nashville on March 18-19! Discover the latest advancements in AI and automation in banking. Register now.
[ad_2]
Whitney McDonald
Source link
[ad_1]
[ad_2]
Claudia Post
Source link
[ad_1]
Opinions expressed by Entrepreneur contributors are their own.
In recent years, the cybersecurity environment has significantly transformed due to the adoption of more stringent regulations. As hackers become more sophisticated and audacious by the day, governments and regulators worldwide are catalyzing proactive measures to safeguard citizens and businesses alike.
Following the EU’s revolutionary General Data Protection Regulation (GDPR) legislation back in 2018, we witnessed the US and even NATO forging ahead in the war against cyber criminals. For CEOs, understanding and adapting to this evolving landscape is not just a matter of compliance but a strategic imperative.
Regulations have become more intricate and stringent in response to the escalating threat landscape. A prime example is last year’s SEC cybersecurity rules, which mandate public companies to divulge comprehensive information about their cybersecurity risks and the strategies to mitigate them. Moreover, these rules also advocate for the active involvement of CEOs in overseeing cybersecurity policies. This signifies a paradigm shift toward a more proactive and vigilant approach to safeguarding company assets.
CEOs must also recognize that cybersecurity regulations vary from one country to another. Depending on the physical position of their clientele, businesses might have to adhere to multiple regulations. Take, for instance, the EU’s GDPR. It stands as one of the most rigorous cybersecurity regulations globally, applicable to any entity that handles the personal data of EU citizens. Imagine a business serving the US, Europe, and India, along with the SEC’s cybersecurity rules and GDPR, the US’s national cybersecurity strategy, India’s Data Privacy Bill, and many more necessitates CEOs to possess an intimate knowledge of the specific regulations applicable to the data they handle.
Fines are only the tip of the iceberg in terms of the financial consequences of non-compliance. Legal fees, forensic investigations and potential lawsuits can take a heavy toll. Take GDPR as an example. Violations of its stringent data protection regulations can result in fines amounting to 4% of a company’s global revenue or €20 million, whichever is higher. This serves as a stark reminder that non-compliance can have severe financial repercussions, with the potential to cripple even the largest corporations. Additionally, there’s the less tangible but equally significant cost of lost opportunities and market share as customers migrate to competitors they perceive as more secure.
Beyond the financial repercussions, reputation is another currency no CEO can afford to squander. A cybersecurity breach can inflict immeasurable damage to a company’s standing, eroding trust among stakeholders, customers and partners. CEOs must recognize that compliance is not merely a checkbox exercise but a foundational element of corporate responsibility and trust-building.
Related: Cybersecurity Is No Longer An Option. Your Money Is in Immediate Danger.
As a CEO, there are strategic steps you can take to prepare your organization for the labyrinth of cybersecurity regulations. This journey starts by embarking on a comprehensive risk assessment voyage to fathom the intricacies of your organization’s cybersecurity landscape. This entails delineating the scope of data collected and stored, identifying the systems and applications in use, and envisaging potential threats. Armed with this understanding, you can prioritize risks and craft a bespoke plan for mitigation.
A robust cybersecurity program serves as the linchpin of your organization’s resilience. It should encompass a spectrum of security controls, including Identity and Access Management solutions for access control, Unified Endpoint Management solutions for device management and data encryption, and Endpoint Detection and Response solutions for proactive response. Additionally, establish a regimen for periodic testing and evaluation of cybersecurity compliance to ensure its efficacy.
Lastly, the IT department and every employee are accountable for the organization’s security. The entire workforce must shoulder the onus of cybersecurity compliance. This requires a top-to-bottom commitment from the C-suite. CEOs are responsible for actively fostering a security culture, providing staff members with the skills and resources they need to recognize and address potential risks and setting the standard for the whole company. This involves regular engagement with the company’s cybersecurity strategy, understanding the risks, and making informed decisions. A well-trained workforce is an invaluable asset in the battle against cyber adversaries. This strengthens the company’s overall security posture and demonstrates a commitment to employee well-being. Concurrently, organizations must also invest in a skilled cybersecurity team to manage their compliance strategy effectively.
Related: How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks
Compliance should not be viewed as an imposition but rather as a shared objective that aligns with the organization’s broader goals. Incentivizing compliance fosters a sense of collective responsibility and reinforces the importance of cybersecurity across all departments. While they might inadvertently strain business operations, cybersecurity regulations are no longer a choice but a necessity in the digital world.
As the regulatory landscape tightens its cybersecurity grip, CEOs face challenges and opportunities. Embracing compliance safeguards the organization from regulatory penalties and fortifies its reputation and resilience in the face of evolving threats. By cultivating a culture of security, staying vigilant in the face of shifting regulations, and recognizing the holistic impact of compliance, CEOs can not only meet the demands of the present but also thrive in the age of cyber resilience.
[ad_2]
Apu Pavithran
Source link
[ad_1]
[ad_2]
Nohtal Partansky
Source link
[ad_1]
There is a general complaint encountered by developers from among open banking participants, even after partner APIs are made available: Adoption isn’t straightforward.
We’ve experienced this across hundreds of integration points. Even with the developer assistance toolbox, which includes documentation, software developer kits and sandboxes, and developer self-service consoles, partner integration timelines are intractable. Developer and support teams are overloaded for each integration.
For financial products with complex customer journeys and for BaaS partnerships requiring complex on-boarding, compliance and API integrations, the degree of handholding required is even greater.
This also impacts open banking accessibility, putting it out of reach for the broader ecosystem. If there is a high cost to a partnership, the benefit becomes a key criterion. As financial institutions become picky about who partners with them, this de-levels the playing field creating a disadvantage for smaller players.
So, what is the right level of integration assistance? How can open banking be made accessible to all?
This is a discussion on how to create integration options for your API consumers. I’ll discuss what the options are and why and when they are meaningful.
A typical partner integration follows these 4 steps:
1. Channel front-end: This is the application on which the services powered by the APIs will be made available to the end user. This is where the partner designs its customer journey.
However, while the partner has complete control over the branding, look and user experience (UX), this is also where the customer authenticates themself, inputs their personal information, and provides consent to the app to share this via APIs. For designing such a user interface (UI), a partner without adequate experience may require oversight to ensure that the overall customer journey meets the regulatory requirements.
2. Data security compliance: In addition to consent, there are compliance requirements that govern how and what customer data should be captured, transmitted, shared and stored. In an open banking partnership, this compliance may also be the responsibility of all ecosystem partners involved in the integration, and the integrating partner needs to ensure that its application and connectors meet the requirements.
3. API service orchestration: In a typical multi-API journey, the APIs need to be stitched together to create the journey. This may entail a session management and authority; message encryption and decryption; third party handoffs; and logic-built into a middleware layer, which may likely be development-intensive, depending on the complexity of the journey.
4. API integration: For each API required for the journey, the partner application must consume the API; this means it must be on-boarded and complete the configuration requirements, complete the development to call the required methods and consume the responses.
Not all partners in the integration may have the capability for all four steps. For example, there may be incumbents from a nonfinancial industry who want to partner with a bank for co-branded lending or a card offering for its customers, but don’t meet the PCI-DSS compliance requirements.
This means there will need to be significant investment from the partner to become compliant or that a sub-par customer experience design will result. Also, there may be smaller fintechs without the developer capacity for the orchestration effort required. Hence, they may need to stretch beyond their reach to make the partnership happen.
How can we best reduce the integration effort?
The nuance this question misses is that different types of partners have very different needs. There are players who want complete control over their customers’ experience, and want to “look under the hood” and tinker with the parts, nuts and bolts. There are players who want control, but do not want to take on the burden of compliance. And there are players who only want the BaaS partnership to complete their digital offerings, but don’t want to invest in any additional development.
The starting point is, of course, understanding partner archetypes and partner requirements from the integration. The platform solution design follows these four needs.
1. Build-your-own integrations: Making raw materials and tools available
This integration option is analogous to starting from basic raw materials, or ingredients, and is for those that know exactly what they want and how to achieve it. The key platform offerings are the APIs and a complete developer experience toolbox. If you’re curious about what that means from an API banking context, we have a piece about that.
The kind of integrating partners who are likely to use the build-your-own option are those with offerings closely adjacent to banking, and that have done this before.
2. Integration with managed data compliance: All raw materials and tools, with compliance crutches
With this option, also, the integration partner has all the raw materials to completely control the experience, but without the overhead of compliance, especially related to sensitive data.
With the help of cross-domain UI components, tokenization, collection and storage of data can be handled entirely at the bank end, while the partner only has to embed these components into its front-end.
This option is especially helpful for those integrating partners that want to control the experience, but to whom financial services is not a core offering, and so compliance is an unnecessary overhead which they are happy to avoid.
3. Pre-built journeys
Offering pre-built journeys allows a partner to focus only on the front-end experience, while the entire API orchestration and compliance is handled in a middleware layer and abstracted away for the integrating partners.
For a typical banking service, designing an API-first journey means working with a number of separate endpoints and stitching the services together. For instance, a simple loan origination journey for a customer may look like this: (simplified for illustration)
This journey requires five services from the bank: customer authentication and consent, customer personal data collection, credit decisioning and approval, KYC and loan disbursal.
Stitching these services together to create a single end-to-end digital experience for a customer may call for a thick middleware with a database and caching, data tokenization and encryption, session management, handoffs across services and other related orchestration.
To enable partners to deliver this journey without the need for orchestration, this layer can be moved to a platform on the bank side and offered as an integration solution to the partners. The partner now only needs to integrate with the platform, and build its UI and UX.
Such a solution, of course, helps drastically cut down development time for the integration and is especially compelling for smaller players and channel sales partners that want to offer banking products or services to their customers.
4. Pre-built UI or shareable links
No integration required, but with directly embeddable, customizable UIs, partners can offer the relevant banking functionality or services with minimal effort. This is equivalent to a contextual redirect and is extremely useful for cases where the partner wants to avail itself of only minimal open banking services and does not want to go through the entire on-boarding, configuration and integration processes required for all other integration options.
While it is certainly possible to continue to grow partnerships by offering customizations and assistance to each integration, for achieving a rapid scale-up in open banking ecosystem partnerships, there is a need for a platform that standardizes these concerns and cuts across developer experience and integration needs.
Tvisha Dholakia is the co-founder of London-based apibanking.com, which looks to build the tech infrastructure to remove friction at the point of integration in open banking.
[ad_2]
Tvisha Dholakia
Source link
[ad_1]
PENSACOLA, Fla., June 28, 2023 (Newswire.com)
–
Antares Vision Group, through rfxcel, a leading provider of supply chain traceability and compliance solutions, has been awarded a spot on the General Services Administration (GSA) Multiple Award Schedule (MAS) contract. With partner Lovell Government Services (‘Lovell’), this significant achievement demonstrates the companies’ commitment to federal and state government entities that operate pharmacies and the patients they serve.
The Drug Supply Chain Security Act (DSCSA) is designed to improve the safety and security of the drug supply chain in the United States by rapidly detecting and removing harmful drugs. It requires manufacturers, distributors, dispensers (i.e., pharmacies and health systems), and other entities to track, trace, and verify certain medicines as they are received and dispensed.
Through its partnership with Lovell, rfxcel is the first DSCSA compliance software provider to be awarded a spot on the GSA MAS contract, a procurement vehicle for government agencies to purchase goods and services from pre-approved vendors. rfxcel’s DSCSA solution for government dispensers is already in use by the Ohio Department of Veterans Affairs.
“Listing on the GSA MAS contract through Lovell is a win-win for everyone,” said rfxcel Vice President of Government Services, Greg Moulthrop. “First, it protects patients who use government pharmacies. But it also enables government agencies to easily and efficiently purchase our DSCSA compliance software solutions and gives government customers the dual benefit of complying with the DSCSA while working toward their SDVOSB procurement goals.”
“We are excited to partner with Antares Vision Group, through rfxcel, on this initiative,” said Chris Lovell, CEO of Lovell Government Services. “rfxcel has made it their mission to help federal pharmacies meet DSCSA compliance requirements by November 2023 and Lovell is honored to play a part in it. DSCSA isn’t just about protecting the supply chain, it is also about protecting patients.”
For more information, contact rfxcel Senior Government Affairs Advisor, Kevin Smith, at ksmith@rfxcel.com or 563-590-9408.
About Antares Vision Group & rfxcel
Antares Vision Group, through rfxcel, is a leading provider of supply chain traceability and compliance solutions. The company’s mission is to deliver value to its customers through a comprehensive suite of software solutions that ensure supply chain integrity, visibility, and regulatory compliance. rfxcel’s solutions have been used by leading companies in industries such as pharmaceuticals, food and beverage, and consumer goods. Learn more here.
About Lovell Government Services
Lovell Government Services is a trusted government vendor since 2013 with a proven track record of success. Lovell is a two-time Inc. 5000 honoree and leader in the federal space. They partner with medical and pharmaceutical companies looking to better serve veteran and military patient populations, increase their federal revenue, and win government contracts. Click here to learn more.
Source: Lovell
[ad_2]
[ad_1]
Opinions expressed by Entrepreneur contributors are their own.
In an ever-changing landscape of regulations, staying ahead of legal and regulatory changes is critical to safeguarding your business’s success. It can be daunting to navigate the legal complexities, so read along for essential advice to help you stay on top of legal and regulatory changes, avoid potential pitfalls and ensure your business stays on the path to success.
Entrepreneurs benefit greatly from keeping track of changing laws as it is critical for the success and sustainability of their businesses. Regulations and laws affect every aspect of business operations, from hiring and firing employees to product development and marketing.
Staying informed about these changes is vital for businesses to avoid potential legal pitfalls and penalties for non-compliance. Failure to comply with new regulations could result in costly fines, damage to reputation, legal disputes and even a loss of business. Being aware of new laws and regulations enables businesses to effectively adapt and adjust their operations accordingly, which can help them to gain a competitive advantage and grow their businesses.
Here is how entrepreneurs can navigate legal and regulatory changes:
Keeping up to date with regulatory changes is crucial in ensuring that you are operating your business well within the guidelines. Regularly reviewing government websites, consulting with legal experts, subscribing to industry newsletters and attending conferences and seminars relevant to your industry are some of the tried-and-true ways to stay on top of changing regulations.
You can also consider joining a professional association or networking group for your industry to stay informed on regulatory changes. Monitoring the websites and social media sites of government agencies is one of the best ways to stay informed about the most current changes that may occur. Going directly to the source of changing information is more reliable than solely relying on the media and news outlets.
Related: What Business and Government Should Do When Innovation Outpaces Regulation
Consistently monitor your business practices to ensure your business is compliant with regulatory changes. Regular internal audits can help businesses identify areas of non-compliance and take corrective actions. Entrepreneurs can develop an audit checklist to review their operations regularly and ensure that their business practices and processes are current with current regulations. Documenting compliance with the regulations can also help you avoid costly errors. Maintain accurate records to track compliance with regulatory requirements and ensure that all relevant employees understand and follow the new regulations.
Leveraging technology solutions can help streamline regulatory compliance. Software solutions can help automate and track compliance requirements by providing the necessary insight to manage your compliance obligations. Some technology solutions can automatically monitor legal and regulatory updates and even provide insights into changes that could potentially impact your business. Tools like Visualping.io, Social Mention, Evernote, RSS Feed Reader and Feedly are each excellent examples of technology solutions that can help entrepreneurs streamline the monitoring process.
Related: Never Underestimate How Easy It Is to Screw Up When Deploying New Technology
In the case that you are uncertain about compliance updates and how they will impact your business, consult with legal and regulatory experts. They will provide insights into the implications of the changes for your business and advise you on how to comply with the new regulations. Seeking professional advice from lawyers, accountants and regulatory experts can provide peace of mind and reduce overhead costs. By partnering with an experienced legal team, businesses of any size can access the legal expertise they need to ensure they are in compliance with regulations.
Related: Know When to Trust Your Gut and When to Seek Outside Advice
Navigating legal and regulatory changes can be challenging, but it’s fundamental for entrepreneurs to ensure that their businesses are compliant. Remember, compliance is not optional – it’s essential to the success of your business.
[ad_2]
Ken Wisnefski
Source link
[ad_1]
[ad_2]
Brian Stone
Source link
[ad_1]
Opinions expressed by Entrepreneur contributors are their own.
Ingenuity and the entrepreneurial spirit have always been integral components in what it takes to succeed and grow in a competitive marketplace. With the numerous tasks and considerations business owners must juggle when starting a business, there’s already a lot to worry about. Throw regulatory risk in the matrix of items businesses must face and that is an overwhelming total.
According to a report by the U.S. Chamber of Commerce Foundation, it is estimated that federal regulations cost the American economy up to $1.9 trillion each year from direct costs, lost productivity and higher prices. On top of that, businesses that are non-compliant with regulations pay, on average, 2.71 times the amount they would on regulatory-conscious practices.
Few industries are immune to regulatory risk. The manufacturing industry tops the list as the most regulated with over 200,000 regulations, according to Industry Today — and in the same report, finance and insurance are the second most regulated sectors with almost 128,000 relevant regulations. Additional domestic and international highly regulated industries in a list curated by Deloitte include health care, transportation, life sciences, energy, agriculture, construction, defense and postal services.
Although compliance poses a headache, regulations do play an important role. Numerous governmental regulatory bodies — such as the Environmental Protection Agency (EPA), Food and Drug Administration (FDA), Securities and Exchange Commission (SEC) and Federal Trade Commission (FTC) — exist to protect consumers and the integrity of the domestic and abroad fiscal environment, as well as to promote fair and ethical practices. But with so many regulatory agencies and policies existing, it isn’t surprising countless businesses find themselves caught in potential regulatory violations.
Having the tools to avoid non-compliance penalties and stay ahead of regulatory risk is critical to the financial health and longevity of your business. Regardless of your industry, regulatory risk is an ever-present threat due to robust and ever-changing policies that pose tremendous costs if you aren’t properly protected or completely compliant. The following practices position a business so it’s safeguarded against rising costs and increased risk of regulatory compliance.
Related: Risk, the Entrepreneur and Intelligent Disobedience
Before anything else, make sure the people you employ model values and character you deem essential for your business. After all, regulatory compliance often comes down to trust — being able to trust that employees will respect and adhere to regulations and value the protection that regulations provide consumers and end-users.
With government regulations and regulatory risk, that principle is a significant determining factor in how well your business can adhere to regulations enforced by governing bodies, especially since your employees carry out your business’s mission and their commitment can make adherence to federal regulations simpler when working together as a cohesive unit. Putting policies and policy/regulation training in place also helps ensure your employees stay aware of changes in regulatory standards and keep contributing in positive ways to your business.
Cutting to the chase, your business needs to conduct ongoing internal audits to determine points of weakness and see areas of current or future potential risk. Implementing a regulatory compliance team/officer is also a great idea to ensure your company follows mandates handed down by government agencies, lest you incur their wrath.
From a penalty standpoint, Chron reports that a business unknowingly violating health regulations must pay a minimum of $5,000 for each infraction committed. A number that goes up to $70,000 per violation if the business is deemed to have willfully violated regulations. For small and mid-size businesses, this can devastate and seem like an uneven punishment given how little the fines affect larger businesses.
A real-world example of a regulatory violation and its cost comes from Target and its General Data Protection Regulation (GDPR) fines from 2017. In 2013, Target’s system was hacked and 41 million of its customers’ payment card accounts were compromised. Subsequently, Target settled a class-action lawsuit with victims of the hack for $10 million. Although Target was not intentionally mishandling its customer data, it was a breach nonetheless.
Given the tight regulations and restrictions that GDPR enforces, this cost Target a further $18.5 million from a multi-state settlement in 2017. In terms of penalties, healthcare and personal data-related breaches consistently result in tens of millions of dollars in fines.
Related: Target’s Security Breach Stresses the Need for Better Cyber Security
In a report from McKinsey & Company, traditional insurance companies and their respective policies may be able to protect your business’s regulatory/compliance risks. While still behind the curve in getting new policies immediately out there, traditional insurance is working to keep up with rapidly changing economic and regulatory environments.
Another option when transferring risk is captive insurance. A captive insurance company is owned by the company or company owner and is a form of self-insurance where premiums (minus claims) are retained as profit. For risks like regulatory compliance, captive insurance is uniquely suited to address the risk since the policies can be written more broadly and customized to address an evolving, complex threat such as regulatory risk. It can also fill the gaps in a traditional insurance policy and ensure an exclusion won’t prevent claims from being paid.
Related: What Business and Government Should Do When Innovation Outpaces Regulation
When growing a business within a highly-regulated industry, it’s extremely challenging to stay on top of evolving regulations and policies unless you have specific experts on your team dedicated to ensuring compliance. However, not all businesses have the capacity for a role such as this. Thus, it behooves businesses to follow best practices and have resources in place to properly address and mitigate the risk.
[ad_2]
Randy Sadler
Source link
[ad_1]
Trust Exchange and their partner EpiCentric have announced a joint venture, EcoCertify, to help companies manage ESG compliance.
Press Release
–
Nov 18, 2022 10:15 EST
PHILADELPHIA, November 18, 2022 (Newswire.com)
–
Trust Exchange, a collaborative compliance platform, today announced that it is launching a new product with partner EpiCentric Consulting to offer an ESG-compliance solution. EcoCertify is a cloud-based platform that powers a business to connect suppliers and their entire supply chain network, affording remarkable transparency, and the ability to create clear, real-time communication of ESG requirements and capabilities throughout their ecosystem. It can be customized to fit most any workflow to dramatically streamline the process of monitoring, real-time reporting, and tracking.
“ESG compliance is rapidly becoming a critical component of every company’s DNA,” says Edward Sullivan, CEO of Trust Exchange. “These emerging guidelines are complex and require multiple touchpoints inside and outside of organizations. The only way to solve this problem effectively is via collaboration. This partnership between EpiCentric and TrustExchange will enable companies to have the best-in-breed knowledge embedded into a collaborative platform.”
“The challenges facing companies in ESG compliance are growing by the week, and it’s a cause for concern inside the C-Suite of any company with a supply chain,” states Hain MacKay-Cruise, CEO of EcoCertify. “The ability to take an ESG strategy and operationalize it takes resources, time and often extensive funding. Establishing a well-laid plan supported by date and customizable dashboards is what EcoCertify brings to the table. Our partnership with Trust Exchange allows for the use of a best-in-class platform configured to support the needs and rigor of sustainability reporting.”
To learn more about Trust Exchange request a demo or sign up for a free trial
About Trust Exchange
Trust Exchange is a business information gateway that allows for the exchange and verification of mission-critical information with partners, suppliers and third parties. Trust Exchange is a cloud-based, secure, and scalable platform with high configurability and customization. With a unique approach of peer 2 peer crowdsourcing, Trust Exchange allows customers to automate compliance and regulatory management with high accuracy and real-time data. Trust Exchange is currently serving financial institutions, government, and businesses nationwide.
For more information, visit www.trustexchange.com
Follow Trust Exchange on LinkedIn
About EpiCentric Consulting
As an elite business consulting firm, we work with companies that need complex solutions to transform their organization. Through years of experience, we understand what it really takes to implement a successful transformation effort—and make it stick. Leveraging our decades of leadership experience, we have created a knowledge-centric service delivery organization full of energetic, talented, proactive people that our clients love working with.
For more information, visit: https://www.epicentricconsulting.com
Source: Trust Exchange
[ad_2]
[ad_1]
Press Release
–
Aug 24, 2022
RESTON, Va., August 24, 2022 (Newswire.com)
–
Earthling Security, LLC, an SBA 8(a) certified small business, is proud to announce that they are accredited to evaluate cloud-based solutions for state and local government agencies as a State Risk and Authorization Management Program (StateRAMP) Third Party Assessment Organization (3PAO). Earthling Security received accreditation status becoming a StateRAMP 3PAO.
Under StateRAMP, Earthling Security is required to be certified under the same ISO 17020:2012 accreditation for 3PAOs as the Federal Risk and Authorization Management Program (FedRAMP). A2LA recently renewed Earthling Security’s FedRAMP 3PAO accreditation. With this most recent renewal, Earthling Security has now also achieved StateRAMP accreditation.
Achieving StateRAMP accreditation aligns with Earthling Security’s mission of making it easy for organizations to do business in complex regulatory environments. “StateRAMP creates a standardized practice for state and local governments to validate cloud security,” said Yusuf Ahmed, Earthling Security’s CEO. “Earthling Security is proud to be StateRAMP accredited. We look forward to partnering with states to ensure that their vendors meet their cybersecurity and compliance standards.”
Additionally, Earthling is now offering fully automated and managed StateRAMP compliant environments in Amazon Web Services (AWS), Microsoft Azure and the Google Cloud Platform (GCP). Earthling’s managed StateRAMP service offerings are built off of the ongoing development of automated infrastructure deployments and continuous control implementation.
About StateRAMP
StateRAMP is an independent not-for-profit organization that helps states reduce cybersecurity risks from insecure cloud solutions by providing a common cloud security verification approach aligned with the National Institute of Standards and Technology (NIST) 800-53 and individual state cybersecurity standards. StateRAMP partners with FedRAMP 3PAO organizations to assess cloud service providers (CSP) for certification. The StateRAMP model levels the playing field for CSPs and ensures state agencies have access to certified, cyber-ready vendors.
Earthling Security
Government and commercial organizations have to have secure systems, with compliant, properly designed and implemented architectures. Earthling Security is accredited to assess/audit and designs, builds, automates, and implements those architectures, systems, and applications. As a strategic, end-to-end Cloud Computing, IT Security and Secure DevOps solutions company with extensive experience, our focus is to provide tailored and strategic business solutions to support and optimize the business mission of our valued clients. As a leading provider of both auditing services and ready-made compliant business environments, Earthling Security enables our clients to certify and trust their vendors.
For more information about us, please visit our website: www.earthlingsecurity.com
Contact: Michael McPherson VP Business Process Development michael.mcpherson@earthlingsecurity.com
Source: Earthling Security, LLC
[ad_2]
[ad_1]
Interisle’s annual study finds the cybercrime technique expanding to more brands and surging in the cryptocurrency field.
Press Release
–
Jul 26, 2022
NEW YORK, July 26, 2022 (Newswire.com)
–
The cybercrime commonly called “phishing” soared 61% in the past year to more than 1 million attacks and continues to pose a significant threat to most Internet users, according to an annual study from Interisle Consulting Group, specialists in business and technology strategy and authors of a long-running series of reports on phishing activity.
Phishing attacks lure victims, typically via email or text message, to a fraudulent website that appears to be run by a trusted entity, often a bank or retailer. The site is designed to persuade a victim to provide sensitive information like a bank account number.
For its study, entitled Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing, Interisle assembled and analyzed a deep and reliable dataset by collecting more than three million phishing reports from 1 May 2021 through 30 April 2022 from four respected threat intelligence providers: the AntiPhishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus, and examined data from 2020 for a longer-term examination of certain issues. The report also includes Interisle’s recommendations on measures to stop the practice.
Interisle’s study has drawn praise from experts on the topic. “This thoroughly researched report is essential reading for anyone concerned about the growing threat of online phishing,” said John Levine, president of the Coalition Against Unsolicited Commercial Email (CAUCE). “It has detailed analyses and advice on what and where the threats are, and how we can and must deal with them.”
Interisle’s study found the 3 million reports represented 1,122,579 unique phishing attacks during that time frame, with 853,987 domain names reported for phishing, a 72% increase over the previous year’s study.
One notable finding: Phishing attempts related to cryptocurrency increased 257% year to year. Nearly 80% of the generic top-level domains (gTLD) reported for phishing were maliciously registered, and crypto wallets were the most targeted brands.
“Cryptocurrency phishing has skyrocketed, especially attacks involving wallets and exchanges,” said Interisle partner and co-author Dave Piscitello. “Phishers are applying attack techniques that they’ve used against other financials to virtual currencies with great effect.”
In other findings:
Interisle’s report also includes observations and recommendations to counter phishing attempts, including:
For more about Interisle, please visit: https://www.interisle.net.
About Interisle
Interisle’s principal consultants are experienced practitioners with extensive track records in industry and academia and world-class expertise in business and technology strategy, Internet technologies and governance, financial industry applications, and software design. Every Interisle client benefits from the direct hands-on management of this core team, augmented by the specialized expertise of an extensive network of associates—a coherent, team approach with the low overhead of a lean, virtual organization.
Contact Information
Dave Piscitello
dave@interisle.net
Source: Interisle Consulting Group
[ad_2]
[ad_1]
The new ELD-compliant (Electronic Logging Device) software is optimized to work with the Cradlepoint NetCloud service and select wireless edge routers.
Press Release
–
updated: May 8, 2019
JERICHO, N.Y., May 8, 2019 (Newswire.com)
–
Forward Thinking Systems (FTS) has released the first ELD-compliant, FMCSA-registered software program that is compatible with and optimized for the Cradlepoint NetCloud service and select wireless edge router devices.
Cradlepoint is a market leader in advanced cellular router solutions for the transportation and public sector markets. The new FTS ELD software is compatible with Cradlepoint’s IBR1700, IBR900, and IBR1100 series of mobile routers using an add-on dongle that plugs into the vehicle’s Electronic Control Unit (ECU) to read the J1939 and OBD2 parameters. The ELD data is stored and transmitted over Wi-Fi to ensure that all logs are up-to-date and ready for review. The information is also displayed in real time on the driver’s smart phone or tablet.
Users can see the ELD logs and the ECU readings using Forward Thinking’s browser-based command center IntelliHub® and the mobile workforce management app Field Warrior®, which is compatible with devices using Android version 4.2 or newer.
“The Cradlepoint NetCloud service and mobile routers are capable of utilizing dual modems that support any combination of cellular providers, and is even FirstNet-ready to meet the needs of first responder agencies,” said Forward Thinking System CEO David Isler. “This is an enterprise-class solution that requires minimal investment in additional hardware to be ELD-compliant.”
“We designed our NetCloud service to be open and easily integrated with leading industry solutions that span branch, mobile, and IoT use cases,” said Eric Purcell, a Senior Vice President at Cradlepoint. “We are excited to have Forward Thinking Systems leverage this capability to develop an integrated solution that helps our customers stay compliant with the ELD mandate without having to make expensive upgrades to their current equipment.”
Cradlepoint customers with compatible IBR-series mobile routers can take advantage Forward Thinking’s new solution to comply with the ELD mandate before the December 16, 2019 deadline. The solution meets FMCSA’s required parameters, collecting information on the vehicle’s VIN, odometer reading, engine hours, speed, and a list of other critical data points.
Forward Thinking Systems is an international provider of innovative fleet tracking and management solutions that improve safety and productivity. FTS products include Route Matrix®, which streamlines dispatch services and creates the most efficient routes; Road Angel®, which provides 24/7 roadside assistance to fleet vehicles; and FleetCam® AI, one of the most advanced collision prevention systems on the market that helps drivers avoid crashes and distractions while providing a real-time streaming view of everything in and around the vehicle.
###
About Forward Thinking Systems: Forward Thinking Systems is an innovative leader in fleet management and tracking solutions that help make daily fleet operations safer and more efficient. Founded in 2005, Forward Thinking Systems is headquartered in Jericho, New York, with satellite offices in Ohio, Florida, and Central Europe. Forward Thinking customers can track vehicle activity, driver performance, fuel, maintenance and more using these solutions while reducing their overall cost-per-mile and complying with FMCSA regulations.
For more information, please visit ftsgps.com.
About Cradlepoint: Cradlepoint is the global leader in cloud-delivered wireless edge solutions for branch, mobile and IoT networks. Cradlepoint’s Elastic Edge™ vision—powered by NetCloud services—provides a blueprint for agile, pervasive and software-driven wireless WANs that leverage 4G and 5G services to connect people, places and things everywhere with reliability, security, and control. More than 27,000 enterprise and government organizations around the world, including 75 percent of the world’s top retailers, 50 percent of the Fortune 100, and first responders in 10 of the largest U.S. cities, rely on Cradlepoint to keep critical branches, points of commerce, field forces, vehicles, and IoT devices always connected and protected. Major service providers use Cradlepoint wireless solutions as the foundation for innovative managed network services. Founded in 2006, Cradlepoint is a privately held company headquartered in Boise, Idaho, with a development center in Silicon Valley and international offices across EMEA and Australia.
Learn more at cradlepoint.com or follow us on Twitter @cradlepoint.
Media Contact: Ashley Benjamin – ashley.benjamin@ftsgps.com or (518) 366-8022
Source: Forward Thinking Systems
[ad_2]
[ad_1]
Courses are 30-45 minutes long and updated annually with fresh content and practice activities
Press Release
–
updated: Aug 1, 2018
GREENVILLE, S.C., August 1, 2018 (Newswire.com)
–
In another industry first, today Grace Hill introduced short booster versions of key compliance courses that learners can take to ensure they stay ahead of the curve on compliance issues. The first in the series is the Fair Housing Refresher, available to professionals in the multifamily industry now and may be previewed at GraceHill.com. Refreshers are also available in Spanish-language versions to ensure comprehension among all employees.
Grace Hill is the leading provider of online training courseware, administration and mystery shopping for the multifamily property management industry. The introduction of Compliance Refresher courses emphasizes Grace Hill’s evolution from offering compliance training to providing a complete Compliance Plus program for clients. Grace Hill’s compliance courseware covers all use cases and stages of the learner life cycle, including onboarding, annual refreshers that include recent legal updates and quarterly mini-courses on emerging compliance topics. Additionally, Grace Hill’s Compliance Plus program includes monthly newsletters on important compliance updates and quarterly webinars with a fair housing attorney.
The introduction of Compliance Refresher courses emphasizes Grace Hill’s evolution from offering compliance training to providing a complete Compliance Plus program for clients. Grace Hill’s compliance courseware covers all use cases and stages of the learner life cycle, including onboarding, annual refreshers that include recent legal updates, and quarterly mini-courses on emerging compliance topics. Additionally, Grace Hill’s Compliance Plus program includes monthly newsletters on important compliance updates and quarterly webinars with a fair housing attorney.
Dru Armstrong, Grace Hill CEO
“Refresher courses make it easy for learners who have already completed the full Essentials courses to keep their knowledge current,” explained Ellen Clark, Grace Hill Director of Assessment. “In just 30 – 45 minutes, they’ll review the fundamentals and be informed of changes in the law and recent guidance issued by regulatory agencies. The Fair Housing Refresher course can be completed in just 40 minutes. It’s no longer necessary for anyone to repeat the three-hour Fair Housing series every year!”
Clark continued, “Delivering succinct courses to learners while covering all of the critical topics to ensure your organization is protected from exposing areas of risk and providing fair and equal housing to all is the big challenge. Grace Hill is delivering the perfect balance of complete information presented in short and engaging courses.”
“Compliance training is a company’s primary defense against Fair Housing, harassment, diversity and drug-free workplace violations. Compliance training is only as strong as it is current. Grace Hill Refresher courses will be updated annually to reflect the latest legal developments. It’s part of our Compliance Plus program, and one of the many benefits that Grace Hill clients receive from the $150,000 a year investment that Grace Hill makes in monitoring legal and compliance updates,” said Dru Armstrong, CEO of Grace Hill. “In the world of compliance, laws change and interpretations of those laws by government agencies and the courts are always evolving. The path to true competency in compliance is through continuously training employees on how to apply core concepts and skills to new situations and providing fresh opportunities to practice applying those skills in a low-stakes training environment.”
“That’s where Compliance Refreshers come in,” Clark explained. “Refresher courses make it easy for learners to keep their knowledge current. In just 30 to 45 minutes, Compliance Refreshers build on the knowledge and skills learned in the full Essentials course and inform learners of critical updates in the law and how it is being interpreted. The refresher courses are updated annually with new content, videos and practice to keep learners engaged.”
When Grace Hill introduced the new Compliance Refresher courses, it also rolled out a new auto assignment feature that training administrators quickly embraced. The feature allows for assignments to be automatically updated that were previously created for positions, locations and groups. Administrators of Grace Hill’s LMS who are interested in learning more about the new feature are encouraged to join our webinar on August 9 at 2 PM EST. Sign up for the webinar here.
Compliance Refreshers will be available to all Grace Hill clients, regardless of tier level. To find out how you can partner with Grace Hill to offer Compliance Refreshers to your organization and learners, contact Grace Hill at 866.472.2344 or visit gracehill.com/demo.
Refresher Courses Coming Soon:
• Fair Housing – avail. 7/31
• Drug-Free Workplace
• Drug-Free Workplace Supervisor
• Sexual Harassment
• Sexual Harassment Supervisor
• Workplace Diversity
• Workplace Diversity Supervisor
• Workplace Harassment
• Workplace Harassment Supervisor
Grace Hill’s training suite is available immediately online, allowing property managers to train employees quickly to ensure compliance with extensive rules and regulations on topics such as Fair Housing, OSHA, sexual harassment and more.
– ### –
Grace Hill media contact: Kimberly Cadena, 202.669.0802 or kcadena@gracehill.com
About Grace Hill
Grace Hill develops best-in-class online training courseware and administration for the Property Management Industry. For more than 20 years, Grace Hill has helped people, teams and companies in the multifamily industry improve performance and reduce risk. The company offers the highest level performance-based online training courseware and administration with Vision, its industry-leading learning management system, and through strategic partnerships with best-in-class service providers. Vision combines the latest in Learning Science and digital technologies, with white-glove customer service and support.
Source: Grace Hill
[ad_2]