Risk and Compliance Introduction Inspired to Innovate, Passion to Protect

Doculabs Global Risk and Compliance

Agenda

1. Introduction

2. Industry Compliance Demands and Priorities

3. Global Risk and Compliance Practice Areas: • Program Development

• Risk Assessments

• Investigations, Forensics, and Analysis

• Insights and Planning

• Compliance Coverage Reviews

© 2014 3

Introductions: About Doculabs

Doculabs is a strategy consulting firm; our clients rely on us to help them improve the way they mitigate risk, address regulations, and manage information. We provide services such as creating strategic roadmaps and business cases, risk assessments, compliance health-checks, enhanced due diligence and investigations, and program development. Our Global Risk and Compliance consultants are experts in helping clients address the right issues to improve operations, lower costs, increase revenue, and reduce risk.

Differentiators • Big 4 experience with small consulting approach • Viewing risks from the lens of protector,

prosecutor, and penetrator • Expertise with global high-risk assessments • Objective recommendations • Niche provider of information management and

governance guidance in a combined approach

Quick Facts • Founded in 1993, with a history of over 20

years of strategic innovation • Headquartered in Chicago • Privately held • Delivered more than 1,000 engagements to

more than 550 customers

© 2014 4

Introductions: About Me

• Vice President and Practice Leader, Global Risk and Compliance

• Practice Expertise includes Fraud, Money Laundering, Sanctions, Supply Chain and Third-Party Due Diligence, Risk Resiliency, Investigations and Forensics.

• Professional Experience includes Crowe Horwath, Deloitte Consulting, Oracle, Ernst & Young executive experience, and United States Intelligence and Special Operations community.

• Served in roles supporting policy and regulators, risk functions, and

alternate viewpoint doctrine specialist for a full 360⁰ perspective.

• Additional Details: • Certified Fraud Examiner (CFE), Certified Financial Crime Investigator

(CFCI), Association of Certified Anti-Money Laundering Specialists (ACAMS)

• Certified Mobile Device Forensics Examiner • Secret Service Electronic Crimes Task Force • FBI Infragard • International Association of Chiefs of Police • Member of Association of Former Intelligence Officers

© 2014 5

• Blind Spots- Companies can make poor decisions based on biased, flawed or incomplete information that aligns with conventional wisdom, which may or may not hold true.

• Emerging Risks and Future Trends- Issues that are perceived to be potentially significant, which may not be fully understood or that are familiar but manifesting in unfamiliar situations can cause companies to freeze in paralysis of analysis or fear.

• Black Swan Events- Unprecedented random and unexpected events can wreck havoc with a company’s business continuity and resilience if scenarios and indicators are not considered for contingencies.

Risk Demands

“Intelligence failures” occur when a lack of contextual information,

collaboration and urgency-driven risk management and controls are not properly aligned to threats and vulnerabilities.

© 2014 6

• Pressure: U.S. companies are subject to ever-increasing regulatory burdens, penalties, and compliance fatigue. Regulators are increasing pressure and moving down-stream in areas such as Foreign Corrupt Practices Act (FCPA), AML/BSA and Fraud, HIPAA, to name a few, while companies struggle to keep up with effective measures to mitigate risks through governance and controls.

• Penalties: Regulators are committed to penalize companies that lag in the fight to stay current with ever-changing regulations. This hard-line tactic is apparent in numerous recent high-profile enforcement actions, fines, and penalties assessed against organizations with negligent regulatory-guidance controls.

• Revenue Loss: Similarly, fraud and security breaches are on the rise, resulting in significant annual revenue loss, while international threats make market expansion a risky endeavor for growth and expansion.

Compliance Demands

Success in regulatory compliance is achieved through nimble responses and insights, enabled by recalling the past,

understanding the present, and expecting the future for continuous improvement .

© 2014 7

FDIC

DOJ

OFAC

FRB

NCUA

SEC

FinCEN

OCC

Penalty Imposing Regulatory Risks

• Compliance with Domestic and Foreign Regulation

• Compliance Training and Communication

• Code of Conduct and Reporting

• Compliance Strategy & Program Mgmt.

• Complaints and Whistleblowers

• Third-party Relationships

© 2014 8

Risk and Compliance executives and management consultants can miss the fissures of regulatory programs without having experience as an “adversary”. The Doculabs’ Global Risk and Compliance team has unique experience in: • Corporate Risk and Compliance • Regulatory Enforcement and Investigations • AND Penetration, Circumvention, and Exploitation of controls

An Inconvenient Truth: Compliance lacks niche expertise

Companies can benefit from advisors who have not only served in a regulatory and functional capacity, but who can view programs from the perspective of the penetrators and exploiters to fill the void within the overlooked seams and gaps of a compliance program.

© 2014 9

Doculabs can address a wide range of risk and regulatory compliance issues to help clients discover exposure within the seams and gaps of their programs:

– Anti-corruption and Foreign Corrupt Practices Act (FCPA) – Health Insurance Portability and Accountability Act (HIPAA and HITECH) – Data Protection and Intellectual Property and Trade Secret Information Theft – Anti-Fraud – Anti-Money Laundering / OFAC Sanctions / Model Risk – Supplier and Third-Party Enhanced Due Diligence – Global Trade Compliance and Risk Review – Human Trafficking – Conflict Minerals

Global Risk and Compliance Services

© 2014 10

• Design and Implementation of Ethics and Compliance Programs (AML, Fraud, Sanction, FCPA, etc)

• Program Improvement and Optimization from Current to Future State

• Program best-practices modeling • Internal, Agent, and Third Party Training

Development and Delivery • Financial Intelligence Unit, Analysis, and

Investigation department development • Fr/AML Convergence (with enhanced Fraud

capabilities) • Fraud “Health Check” Reviews • Fraud Risk Governance • Fraud Risk Assessment • Fraud Risk Awareness Programs • Fraud Detection and Prevention Controls • Investigation and Response Protocols • Fraud Risk Monitoring • Anti-bribery / corruption and FCPA Risk Evaluation

Program Development and Enhancement

FrAML Converging Fraud and AML Regulations covering illicit economic activity typically focus on Anti-Money Laundering and Fraud. To mitigate risks, a convergence of both disciplines has emerged to address threats and vulnerabilities leveraging shared resources, improved collaboration, controls, and oversight. The Doculabs FrAML approach is an innovative framework to converge Financial Crime efforts in Fraud and AML.

© 2014 11

The Doculabs Comprehensive Risk Assessment Framework Tool (CRAFT) leverages our experience in roles of protection, penetration, and regulation. Our framework follows GRC and COSO activities with enhanced coverage by understanding how illicit activities are perpetrated, as well as by knowing how to identify emerging issues and insulate against them. Risk Assessment development and evaluations: • Compliance program assessment • Global Supply Chain Mapping • Social Media Risk Assessments • Physical and Cyber Penetration Testing • Internal controls evaluation • Business process and transactional reviews • Integrity investigations of acquisition targets, agents, resellers and other third-parties, including

politically-exposed-persons (PEPs) • Examination of subsidiaries, joint ventures and controlled entities • Review of existing compliance policies and controls • Pre-transactional analysis of books and records for potential bribery or corruption irregularities • Political risk and corruption index investigations

Risk Assessments

© 2014 12

Corporate and Litigation Support Investigations

– White Collar Defense Investigations – Complex Commercial and Financial Investigations – Pre-litigation Intelligence and specialized Fact-

finding – Internal Investigations – Audit Committee and Special Committee

Investigations (Fraud, FCPA, Malfeasance, etc) – Regulatory Inquiries – Fraud Investigations and Forensic Accounting – U.S. Foreign Corrupt Practices Act (FCPA)/UK

Bribery Act Investigations – Intellectual Property Theft – Fraud – Third Party – Background Check and Screening – Know Your Customer – Enhanced Due Diligence – Hidden Asset Search – Black and Grey Market – Counterfeiting

Investigations, Forensics, and Analysis

Forensics – Accounting / Financial – Data – Mobile Device

Analysis

– Risk – Vulnerability – Threat – Red Team – Scenario (Indicators and Warning) – Linchpin – Competing Hypothesis

© 2014 13

Doculabs’ experts have helped collect, detect and act upon intelligence for a wide range of matters. Our expertise in intelligence is taking information and converting it into contextually actionable insights for planning beyond day-to-day tactical “blocking and tackling”. We assist leadership with uncertainty, mirror imaging, and common biases through: • Big picture bottom line impact • Competitive intelligence • Emerging regulatory issues • Market trends • Global risks • Scenario and “What if” planning • Next big thing war gaming • Predictive planning • Financial crimes typologies

��

Insights and Planning

© 2014 14

GRC Information at its core

Doculabs’ approach to Risk and Regulatory Compliance leverages Information Management as a cornerstone to strategic Governance, Risk, and Compliance (GRC) and COSO frameworks and leverages industry and regulatory research for best practices in compliance coverage.

Compliance Coverage Reviews

ICE “ICE it”

Doculabs’ closed-loop COSO-based Integrated Compliance Execution (ICE™) prescriptive framework helps mitigate risk, improve compliance, and enhance governance, with a focus on information management that companies must consider should an adverse incident occur—or to prevent one from happening.

© 2014 15

Combined Capabilities: Risk Intelligence Services (RIS)

GLOBAL RISK AND DUE DILIGENCE INVESTIGATIVE SUPPORT PLANNING AND INSIGHTS

• High risk jurisdictions • Third-party vendor screening • KYC / CDD checks • Anti-bribery / corruption • AML / Fraud / Sanction • Social media

• Litigation • Financial Crimes • Commercial disputes • False claims • Independent background

investigations • Regulatory investigations

• New markets • Regulatory shifts • Supply chain planning • Resiliency and Business

Continuity • Early warning adaptive strategy • Competitive threats • Emerging risks

INDUSTRY PROGRAMS TARGET COVERAGE ISSUE Financial Services AML FIU- CDD, KYC, Fraud, Sanctions

Manufacturing Supply Chain Due Diligence- Vendors, Partners, Logistics, Theft, Fraud, ITARS, C-TPAT, Dual use, Black and Grey market, Counterfeit

Health Care Fraud, Medicare, Medicaid, OSHA, HIPPA, Information Breach

Insurance Fraud, Supply Chain D.D., Resiliency (Premium reduction)

Government False claims, Corruption, Bribery, Transnational / Transcontinental threats

Global Risk & Compliance solutions are stand alone capabilities. When combined, they create a high-functioning risk intelligence function.

© 2014 16

• Building a forward-looking strategy. From assessing the current state to delivering actionable roadmaps to reach an optimal, agile future state, we’ve helped hundreds of organizations chart a course to successful risk mitigation and compliance.

• Making the business case. Move beyond generic benefits and soft gains to

tangible, business-relevant impacts of enhanced risk and compliance that can cut costs and increase revenue.

• Defining and operationalizing a risk or compliance program.

Get all the stakeholders at the table and working together to make your risk or compliance programs successful, sustainable, and resilient with effective governance oversight .

How Doculabs Can Help

© 2014 17

Risk Reduction Delivery Model Developing the program strategy to leverage risk mitigation program evolution effectively

Key

Activ

ities

Phased Delivery Approach

• Understand objectives

• Interview stakeholders for insights

• Assess all current program documents

• Review governance, ethics, and compliance docs

• Review business functions

• Examine internal constraints

• Examine external constraints

• Review regulatory compliance expectations

• Know the threats • Understand the risks • Develop the objectives

• Near • Short • Long-term

• Develop capability framework

• Review the controls • Identify the gaps • Assess the

vulnerabilities • Evaluate risk appetite

and tolerance thresholds

• Plan and Strategy • Cultural review • Governance review • Information flow and

integration • Tagging and updates • Reporting structures • Develop user testing

and exploration environment consistent with mission objectives and internal guidelines

• Develop protocols to enable agile resiliency and adaptive change

• Develop operational plan consistent with findings and mandates

• Develop strategic plan funding requirements

• Develop training and plan

• Develop communications

• Implement policy and procedures for evaluation, reporting, and enhancement

• Delivery • Hand-off • Set date for periodic

health checks and ongoing review

Time Period 1 Time Period 2 Time Period 3 Time Period 4

Step 1: Current State Assessment

Step 2: Conduct Risk Analysis

Step 3: Frame Future Strategy

Step 4: Deliver Future State

Thank You Doculabs, Inc.

(312) 433-7793 info@doculabs.com www.doculabs.com

Scott Swanson, CFE, CFCI Practice Leader, Global Risk

and Compliance (312)-659-3000 (Direct)

sswanson@doculabs.com

Appendix

© 2014 20

Inspired to Innovate, Passion to Protect

• Doculabs’ Risk and Compliance Practice is driven to improve our clients’ operating risk posture and to continuously innovate the way we look at regulatory snares and protection.

• Our strategic frameworks provide insights for our clients as they assess their global risks, develop enhanced compliance capabilities, and implement governance policies that are aligned to their industry, organization, and risk tolerance.

• Built upon Doculabs’ foundation of content management, our solutions emphasize the organizational importance of the ability to efficiently collect, organize, evaluate, report, and produce information pertinent to risk, compliance, and governance, in order to satisfy regulatory requirements or internal policies and procedures.

Introductions: About Global Risk and Compliance Practice

© 2014 21

Risk Assessments The Doculabs’ CRAFT model provides clarity without complexity

© 2014 22

Growth, Resiliency, and Business Continuity • Doculabs utilizes additional methodologies in tandem with its risk models to assist clients with

improved understanding of unproven markets, potential adverse events, dynamic inherent risks, and ever-shifting global outliers.

• Supply chains, third-party involvement, unintended events, and emerging markets are among the focus of Doculabs’ Early Warning and Strategic Intelligence services to reduce risks to an acceptable level.

Insights and Planning

Strategic Risk Mapping Supply Chain Vulnerability Mapping Supply Chain Security