Michael Vernick, government contracts partner with Akin Gump, discusses various aspects of the False Claims Act, including the potential for increased enforcement activity under the Biden administration, especially actions related to the CARES Act, and how companies and institutions can mitigate whistleblower and compliance related risks.
Continue Reading The Expanding Scope of False Claims Enforcement Activity
Risk Management
Cyberattacks on Cryptocurrency Assets: Risk Mitigation and Insurance Coverage
Cryptocurrency assets now top $1.5 trillion globally, attracting a wave of cyber crime.
Continue Reading Cyberattacks on Cryptocurrency Assets: Risk Mitigation and Insurance Coverage
NetApp Digs into Outside Counsel Cyber Risk
Connie Brenton, VP of Law, Technology and Operations at NetApp, recently showcased some findings from an ambitious undertaking, NetApp’s Outside Counsel Cyber Assessment Project.
Continue Reading NetApp Digs into Outside Counsel Cyber Risk
3 Challenges at the Heart of Third-Party Risk
Sarah Robinson, senior director in the FTI Technology practice, discusses the Venn diagram of enterprise risk management.
Continue Reading 3 Challenges at the Heart of Third-Party Risk
A New Era of Governance, Risk and Compliance
Bill Piwonka, chief marketing officer of Exterro, discusses the way the role of chief legal officer has expanded in recent years, as well as what organizations can do internally to stay ahead of changing regulations around data privacy and cybersecurity.Continue Reading A New Era of Governance, Risk and Compliance
Uncovering Risk in What Remains Unsaid
Software dips below the surface to mine the unconscious patterns in written communications.
CCBJ: Tell us about KeenCorp.
Andrew Fastow: KeenCorp is machine learning software that identifies risks faster than the current suite of tools by measuring internal communications, like emails and text messages, among groups of employees. It’s not looking for keywords. It’s looking for changes in tension level and connectedness. This metric is extremely highly correlated to risk, so when something risky is going on, tension levels rise, and the software picks it up.
It is based on a science called psycholinguistics and works much like voice inflection and body language. If you’re married or have a very good friend, you probably know when that person is tense even if they tell you everything’s fine. It’s because our brains have trained themselves to measure patterns. For someone you are very close to, your brain knows their speech, voice inflection and body language patterns, and your brain is able to subconsciously pick up any changes in those patterns.
This software is analogous to that. People’s writing patterns unconsciously change when the tension and connectedness levels change. When people are writing in a natural language environment, if they are more tense or if they are disconnecting from the situation, the software will pick it up because their patterns change. An annual report is an example of what’s not natural language communication. That’s very scripted. Emails are natural language communication.
One of the most frequently heard comments among directors when there’s a problem is, “Why didn’t we know about this sooner?” KeenCorp solves that problem. Using KeenCorp allows legal staff, risk managers, HR, management, and directors to find out about and resolve problems before they become government enforcement actions, lawsuits, a short-seller attack, the loss of valued employees, or a social media disaster.
Earlier risk identification leads to better outcomes for companies. Examples of risks that have been uncovered by the KeenCorp software include safety risk, harassment risks, gender and diversity issues, retention issues, financial fraud, compliance, change adoption, project management or project health, and management alignment.
What drew you to KeenCorp, and what is your role?
I am a consultant working on strategy and marketing, and I have invested in the company. I spent significant time searching for tools that companies could use to help identify risks that they were not seeing. As I spoke to more and more directors, risk managers, HR people, all of them seemed to say the same thing using slightly differ-ent words: “The thing that keeps me awake at night is the thing that I don’t know about.” This was the best new tool to identify those unknown risks.
If KeenCorp software had been available and had been used by Enron from 1999 through 2001, the Enron scandal would not have happened. Unfortunately, I cannot change the legacy of Enron. I’m ashamed and embarrassed about that. I believe what I did was wrong. What I hope to do is layer a legacy on top of it that I was part of the solution to the problem, and I see KeenCorp as a linchpin to the solution.
How does the technology work? What intelligence can it offer employers?
The software goes through several steps. First, it an-onymizes all of the emails, all of the text messages, so there’s no ability to trace back to the original authors of any particular communication. All the personal informa-tion is blanked out: names, dates, etc.
Second, it groups employees into categories that the company determines. You can group employees in differ-ent ways to get different insights. For example, let’s say sexual misconduct is an issue, so you want to know if any groups, by gender or location or function or department, are sending off a signal that something is not quite right. The software can sort the information in a variety of ways and show whether those groups are behaving differently than other groups.
Third, it measures the patterns in those emails. Again, it is important to note that the software is not reading emails for content or specific words, like “fraud” or “mon-ey launder.” It’s evaluating if changes in patterns are occurring and measures those changes as differences in the level of tension and connectedness.
What I mean by “connectedness” is when a person personally involves themselves in the way they write. If a manager were to write, “At my Monday morning staff meeting, I presented this quarter’s financial statements,” that is different than if this manager wrote, “At the staff meeting, financials were reviewed.” In one case, the man-ager is taking personal ownership but not in the other. That’s one of the thousands of signals given off by the way people write.Continue Reading Uncovering Risk in What Remains Unsaid
Navigating the Compliance Jungle
How to make sure your company doesn’t run afoul of the FCPA – and the best ways to navigate a government investigation if faced with one.Continue Reading Navigating the Compliance Jungle
The Ethical Hacker: Can Reducing Risk Be Bad for Us?
Charlie Platt, Director of Data Analytics for iDS, resumes his Ethical Hacker column with a piece on how reducing cyber risk can get in the way of your business – that is, if your rules lack flexibility. The best way to implement successful cyber risk programs without hurting your business, he says, is to design them to adapt to dynamic business requirements by providing an approved exception process.
It’s been a while since I’ve been on these pages. I’ve missed it and it’s good to be back. One big change is that I’m now also focused on data analytics in addition to cybersecurity. I will be heading up the Data Analytics practice at iDS and Robert Kirtley is heading up the Cybersecurity practice. Together we will be talking about how data analytics and cybersecurity go hand in hand, and how we can assist each other in achieving great results for our clients.
In light of that new focus, I’d like to tell you about a project I recently worked on for a client. While on the surface our work was focused on data, there were strong undercurrents of cybersecurity throughout the project. We were engaged to assist the client…
Continue Reading The Ethical Hacker: Can Reducing Risk Be Bad for Us?
Gone Phishing, Part I
In this inaugural iCyber Solutions blog post, Robert Kirtley of iDS gives a quick overview of phishing attacks and the damage they can cause, frequency of attacks, and some common types of phishing attacks. In the second installment, he’ll concentrate primarily on how to prevent and recover from a phishing attack.
Continue Reading Gone Phishing, Part I
Compliance Alone Does Not Guarantee Security
Continue Reading Compliance Alone Does Not Guarantee Security