Day: July 7, 2025

Categories
#RiskNYC Speaker Series

#Risk New York Speaker Series – Exploring Future Regulatory Trends and Compliance Strategies with Rory McGrath

Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration.

At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country’s top #Risk management professionals.

In this episode of the Risk New York City speaker preview series, host Tom Fox interviews Rory McGrath, leader of the global pre-sales team at Corlytics. Rory discusses his role in helping financial institutions transform and operationalize compliance through the use of AI and smart automation. He also provides a teaser for his upcoming panel on the future of US regulation and the impact of deregulation at the #RiskNYC event. Highlighting key themes such as the evolving nature of compliance governance and the importance of cross-functional conversations, Rory shares insights on addressing fragmented regulations and fostering data-driven compliance strategies.

Resources:

#Risk Conference Series

#RiskNYC—Tickets and Information

Rory McGrath on LinkedIn

Categories
The Hill Country Podcast

The Hill Country Podcast – Tribute to Jane Ragsdale

It is with great sadness that I post this podcast. It is a recording I did with Jane Ragsdale back in 2023. Jane was the owner of the Heart O’the Hill Camp near Hunt, TX. She died as a result of the massive flood that roared down the Guadalupe River in the early morning hours of July 4. As of the posting of this podcast, there are over 80 confirmed dead, 11 known still missing, and an unknown number of missing. One of the worst hit was a girls’ camp, Camp Mystic, which lost 27 dead.

Jane was from a summer camping family, as her parents, Si and Kathy Ragsdale, ran a boys’ camp, Camp Stewart, also in Hunt, TX, from the mid-1960s until 2015, when Jane’s nephew, Jeepers Ragsdale, took over the camp’s operation. Jane was beloved in both the camping community and the greater Hill Country community. She was a leader and did annual mission work in Guatemala. This podcast focused on her mission work.

I hope you will consider donating to support the rebuilding efforts that will be necessary following this tragic event. You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
The Ethics Experts

Episode 221 – Elizabeth Wilks-Wood

In this episode of The Ethics Experts, Nick welcomes Elizabeth Wilks-Wood.

Elizabeth is a barrister by training who started her legal career as a regulator in the Office of Telecommunications and the European Commission. She has over 20 years of in-house experience advising companies in the UK and internationally, including at Digicel, du, and Royal Mail. Elizabeth is passionate about making compliance simple and empowering all to make ethical decisions every day. In 2017, her team at Royal Mail was awarded “In-House Compliance Team of the Year” by Women in Compliance. In 2018, as the compliance lead for the Ritz Hotel Casino, the company was awarded “Socially Responsible Operator of the Year” for its innovative work with a clinician and economist to identify individuals who may develop problematic play proactively. She joined Carlsberg in 2019, and during her tenure, her team worked to embed and enhance compliance in over 100 markets, many of which are high risk. Elizabeth is a lifelong learner. She holds a master’s degree in international business law and economics and has achieved a distinction in the psychology of behaviour change.

Connect with Elizabeth on LinkedIn

Categories
Corruption, Crime and Compliance

DOJ’s UNICAT Settlement for Trade Violations

What happens when a company inherits a sanctions violation through acquisition, and acts fast to fix it? Can a robust post-acquisition response really save a parent company from prosecution? In this episode, Michael Volkov unpacks the fascinating DOJ-led global enforcement action against UNICAT Catalyst Technologies – a case that reflects the U.S. government’s intensifying focus on trade enforcement across sanctions, export controls, and customs. This resolution marks the first declination under DOJ’s National Security Division M&A policy, showcasing the power of voluntary disclosure, cooperation, and remediation in today’s enforcement environment.

You’ll hear him discuss:

  • How DOJ, OFAC, BIS, and CBP coordinated parallel resolutions against UNICAT
  • The $3.3 million forfeiture and additional penalties tied to underpaid duties and unlawful exports
  • Why DOJ declined prosecution of UNICAT’s parent company, White Deer, under its M&A policy
  • The former CEO’s role in orchestrating 23 unlawful sales to Iran, Venezuela, and Cuba
  • The importance of identifying willful intent in sanctions violations — and when DOJ disclosure is required
  • The risks of failed pre-acquisition due diligence and the value of strong post-acquisition integration
  • How concealment tactics like falsified invoices and coded emails were used to hide dealings with sanctioned entities
  • Key lessons for global companies navigating the new era of trade compliance and enforcement

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Daily Compliance News

Daily Compliance News: July 7, 2025, The Disaster on the River Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest that are relevant to the compliance professional.

Top compliance stories:

  • Where does BRIC go? (NYT)
  • BCG modeled a plan to settle Palestinians. (FT)
  • Tony Blair, BCG, and the Palestinians. (FT)
  • SEC and SolarWinds settle. (Reuters)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Assessing Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how to assess your internal controls under COSO.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 36 – Crisis Management in Compliance: Lessons from Star Trek’s “Catspaw”

Today, we boldly journey into the Star Trek: TOS episode “Catspaw,” an engaging yet somewhat eerie tale, to uncover practical crisis management insights that can benefit corporate compliance practitioners. In “Catspaw,” Captain Kirk and his stalwart crew encounter alien beings who utilize illusions, fear tactics, and psychological manipulation to control the Enterprise. Today, Tom Fox outlines five specific lessons derived from key scenes in the episode and explains their relevance to the compliance profession.

Lesson 1: Understand and Define the Nature of the Crisis Clearly (Scene: Initial Loss of Crew Members)

Illustrated By: At the outset of the episode, Kirk and the Enterprise crew become concerned when an away team led by Chief Engineer Scott fails to respond. Kirk quickly recognizes the absence of communication as a genuine crisis, one that warrants immediate investigation.

Compliance Lesson: For compliance officers, clarity in defining a crisis is paramount.

Lesson 2: Avoid Being Misled by Surface Appearances or Initial Assumptions (Scene: Spooky Castle and Illusions)

Illustrated By: Kirk, Spock, and Dr. McCoy find themselves faced with a mysterious castle, complete with witches and haunting illusions, which is deliberately designed to mislead and manipulate their perceptions.

Compliance Lesson: Compliance crises similarly often come cloaked in misleading appearances. Fraud, bribery, corruption, or regulatory violations may initially seem improbable or manifest subtly, disguised by legitimate-seeming transactions or credible rationalizations.

Lesson 3: Maintain Clear, Consistent Communication Under Pressure (Scene: Communication Between the Enterprise and Kirk’s Away Team)

Illustrated By: Throughout “Catspaw,” Spock and Kirk rely heavily upon continuous, clear, and precise communications with the Enterprise.

Compliance Lesson: Clear communication is the compliance professional’s most potent tool during crises. Timely, transparent information flows across teams, departments, senior management, and external stakeholders are crucial.

Lesson 4: Foster Team Cohesion and Trust to Overcome Crisis (Scene: Crew Unity and Reliance Under Alien Manipulation)

Illustrated By: When confronted by their alien adversaries, Sylvia and Korob, who create illusions to sow division and confusion, the Enterprise crew remains steadfast, unified, and supportive.

Compliance Lesson: In compliance crises, organizational cohesion and trust are indispensable. Fear, blame, and suspicion often arise naturally during high-stress situations.

Lesson 5: Innovate and Adapt Rapidly in Response to Changing Situations (Scene: Kirk’s Recognition and Exploitation of Alien Weakness)

Illustrated By: Ultimately, Kirk identifies that the aliens, Sylvia and Korob, utilize advanced technology to create their illusions but lack practical experience with human reality.

Compliance Lesson: Compliance professionals frequently encounter novel crises that challenge standard procedures and existing playbooks. The capability to innovate and adapt quickly becomes critical.

Final ComplianceLog Reflections

Star Trek’s “Catspaw reveals, beneath its fantastical veneer, the powerfully demonstrated fundamental principles of crisis management: rapid identification and clear definition of crises, disciplined investigative rigor, effective communication, team cohesion, and strategic innovation. Compliance professionals are regularly challenged by uncertainty, disruption, and confusion, much like those faced by the Enterprise crew. Adopting and embedding these five core lessons into your compliance strategy ensures your organization is equipped to withstand and even thrive in challenging, unpredictable environments.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Throughout this season, Tom will delve into each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear.

In this episode (and for the entire month of July), we focus on the most famous Holmes novel, ‘The Hound of the Baskervilles.’ Timothy and Fiona are back to explore the key elements of the novel, connecting them with compliance themes and investigative techniques. They dissect the storyline, reveal insights, and discuss timeless lessons in rational thinking, the perils of unquestioned beliefs, and the power of meticulous observation and teamwork. Additionally, Tom invites listeners to provide feedback on the use of AI voices and offers to help those interested in starting their podcasts.

Highlights include:

  • Deep Dive into The Hound of the Baskervilles
  • The Mysterious Case Unfolds
  • Holmes’ Investigation and Revelations
  • Lessons from The Hound of the Baskervilles

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels, with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, Tom Fox welcomes Ellen Lafferty, a well-known figure in the compliance community with a distinguished career in both financial and educational institutions.

Ellen discusses her new book, ‘Anti-Bribery and Corruption Law and Compliance In a Nutshell,’ detailing what inspired her to write it and how it can serve as a comprehensive reference for both legal and compliance professionals. They explore Ellen’s transition from litigator to in-house compliance officer, emphasizing the importance of understanding the ultimate audience in legal advice. They also discuss the implications of recent changes in FCPA enforcement priorities by the U.S. government as of 2025 and how compliance professionals should adapt. Ellen emphasizes the importance of maintaining rigorous compliance programs and provides practical guidance on conducting self-assessments and gap analyses to ensure robust anti-bribery and corruption measures.

Key highlights:

  • Ellen Lafferty’s Career and Book Inspiration
  • Transition from Litigator to Compliance Officer
  • Scope and Audience of the Book
  • Current Compliance Landscape in 2025
  • Advice for Compliance Professionals

Resources:

Ellen Lafferty on LinkedIn

West Academic Publishing

Anti-Bribery and Corruption Law and Compliance in a Nutshell on Amazon

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Blog

COSO’s Corporate Governance Framework: Component 2-Strategy

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 2—Strategy. This component prioritizes compliance at the forefront of value creation. This is not just about watching for missteps. It’s about enabling the entity to pursue bold goals while staying grounded in ethics, purpose, and accountability.

For compliance professionals, this is a welcome and long overdue shift. Strategy is no longer just a business conversation; it’s a strategic imperative. COSO makes it clear: strategy is governance, and governance must include compliance at every stage—from definition to execution to performance monitoring. Today, we extract five key lessons for compliance professionals ready to step into a new leadership role.

I. Strategy in the COSO CGF: What It Covers

The Strategy Component of COSO’s CGF focuses on aligning the entity’s strategic direction with its purpose, values, and long-term objectives. It’s made up of four core principles:

  1. Define Purpose and Core Values
  2. Develop and Communicate the Strategy
  3. Execute the Strategy
  4. Measure Performance Against Strategy and Adjust

These principles provide a governance framework that not only connects the board and executive management but cascades responsibility throughout the entity, from strategy rooms to front-line decision-making.

Why Strategy Matters to Compliance

For years, strategy has been seen as the exclusive domain of the CEO, CFO, and business development leaders. Compliance was invited in after the fact, to clean up, audit, or assess risks. But COSO’s framework changes the conversation.

As compliance professionals, we bring a risk-aware, ethics-focused, stakeholder-sensitive perspective to the table. In an era of ESG mandates, AI disruption, global volatility, and regulatory scrutiny, strategy without compliance is incomplete. If your compliance function is not integrated into the strategy process, you are not practicing governance; you are essentially doing damage control.

II. Five Key Lessons for Compliance Professionals

Lesson 1: Start with Purpose—Not Just Policy

Principle 7: Define Purpose and Core Values

Boards and management must define the entity’s fundamental purpose, the “why” behind the business, and articulate the core values that guide decision-making, behavior, and stakeholder relationships. These values must be embedded into operations, strategic priorities, and performance incentives.

Compliance Tip: Tie your compliance policies, training, and reporting to the entity’s purpose and values. Do not discuss rules; instead, focus on alignment. Offer to help HR and communications integrate purpose into onboarding, annual certifications, and code of conduct messaging. When purpose becomes the language of the enterprise, compliance becomes a strategic partner.

Lesson 2: Compliance Must Be at the Strategy Table

Principle 8: Develop and Communicate the Strategy

Executive management, in consultation with the board, is responsible for developing the strategic plan, which encompasses competitive positioning, market risks, stakeholder expectations, and capital allocation. Strategy development must consist of scenario planning and risk alignment to maximize long-term value.

Compliance Tip: Join strategic planning conversations early. Provide insight on regulatory trends, reputational risks, geopolitical shifts, and stakeholder concerns that could derail strategy if not addressed upfront. Offer to run a pre-mortem exercise: If this strategy fails, why will it fail? Use compliance-led facilitation to identify blind spots in the business model.

Lesson 3: Execution Is Where Ethics Live or Die

Principle 9: Execute the Strategy

Executing the strategy requires a well-defined operating model, clear accountability, aligned incentives, and integrated reporting. Middle management translates strategic goals into action, and it’s here that ethical risk often emerges.

Compliance Tip: Get involved in operational risk reviews. Ask how incentives are aligned with values. Review whether performance metrics encourage long-term thinking or shortcut-taking. Collaborate with the COO or HR to incorporate ethical conduct and risk awareness into performance evaluations and team KPIs. This helps you drive a values-based strategy from the ground up.

Lesson 4: Metrics Matter—And So Does What You Measure

Principle 10: Measure Performance Against Strategy and Adjust

Management must develop and track both financial and non-financial KPIs to assess progress against strategic goals. The board oversees these metrics and ensures that adjustments are made when results or risks shift.

Compliance Tip: Contribute to KPI development. Suggest ethical culture indicators, hotline trends, third-party risk metrics, or audit closure rates as part of strategy dashboards. Push for the inclusion of lagging and leading indicators. It’s not enough to track what went wrong. Compliance needs metrics that alert us to potential issues before they occur. Compliance analytics is your secret weapon.

Lesson 5: Agility Requires Structure—Be the Change Advisor

COSO’s Strategy Component emphasizes the need for strategic agility. This is the ability to pivot in the face of market disruptions, new risks, or regulatory change. But agility does not mean chaos. It requires disciplined change management, escalation procedures, and decision-making protocols.

Compliance Tip: Be a Governance Resource During Change. Whether it’s a reorg, a product launch, a merger, or a crisis response, help ensure that the right people are consulted, documented, and accountable. Offer a compliance impact assessment for major strategic shifts. Show how culture, third-party relationships, data privacy, or anti-bribery obligations will be affected and what the plan is to stay in control.

III. Strategy Is a Compliance Priority—Not Just a Business One

COSO’s Framework makes something crystal clear: strategy is no longer “off-limits” to compliance. The board must oversee it. Executive management must align it with the purpose. And the compliance function must embed integrity, risk foresight, and stakeholder accountability into every strategic decision. We should break the old model that treated compliance as a back-end reviewer. We are now co-pilots. COSO has provided compliance with the governance language to claim its seat at the strategy table. Now it is up to us to use it.

How to Put This Into Practice

Here are five actionable steps for compliance teams:

  1. Review your company’s strategic plan through the lens of COSO’s four strategy principles. Start by mapping your organization’s current strategic plan against the four COSO Strategy principles: defining purpose and core values, developing the strategy, executing it, and measuring performance. Ask critical questions—Does the plan reflect your core values? Are ethical risks explicitly considered? Do compliance concerns inform strategic KPIs? This exercise helps compliance professionals identify gaps where compliance can bring additional value, ensuring the organization’s long-term strategy is rooted in accountability, integrity, and transparency. It also positions compliance as a proactive contributor to governance, not a reactive afterthought.
  2. Schedule a briefing with strategy or finance leaders to explore how risk and ethics are being integrated into the process. Establish a strategic dialogue with your CFO, head of strategy, or business development leadership to understand how ethical considerations and compliance risks are being integrated into planning. Bring COSO’s Strategy principles to the table as a common framework and ask how the company’s strategic models account for reputational risk, regulatory change, and stakeholder expectations. Use this time to identify areas where compliance can provide valuable insights, such as in ESG, M&A due diligence, or geopolitical risk assessment. These conversations open doors for cross-functional collaboration and foster trust with executives as they manage high-impact decisions.
  3. Develop compliance metrics that align with strategic objectives, such as trust, resilience, and stakeholder engagement, to ensure effective management and oversight. Move beyond traditional compliance outputs (e.g., number of training sessions or hotline reports closed) and align your metrics with enterprise-level strategic outcomes. Consider how to measure ethical culture, employee trust, third-party integrity, and the entity’s overall resilience to misconduct. Develop dashboards that can be integrated into strategic performance reviews or presented to executive management and the board of directors. Metrics might include culture survey participation, average investigation time, or third-party onboarding risk ratings. When compliance shows it can measure what matters to business leaders, it becomes a strategic asset, not a regulatory cost center.
  4. Pilot a strategic compliance review for a major initiative (product launch, M&A, market expansion). Choose a significant upcoming business initiative, perhaps a new product launch, geographic expansion, or merger, and embed compliance into the project team from the start. Conduct a compliance risk assessment tailored to the initiative’s strategy, market, and operating model. Ask how data privacy, third-party risk, anti-bribery compliance, and ethical culture will be protected during execution. Create an action plan that includes clear governance checkpoints, escalation triggers, and controls. This pilot not only demonstrates the value of compliance in driving strategic success, but it also establishes a replicable model for integrating compliance into future enterprise initiatives.
  5. Educate your board on the compliance implications of COSO’s Strategy Component—especially in strategy execution and performance monitoring. Prepare a board-level briefing or an audit committee presentation that focuses on how the compliance function supports strategic execution and long-term value creation. Use COSO’s Strategy principles to show how compliance intersects with business model design, culture, risk oversight, and scenario planning. Discuss how your function contributes to measuring non-financial performance indicators and adjusting strategy considering regulatory shifts or reputational risks. Reinforce the message that compliance is a governance tool, not just a defensive mechanism. By educating the board on these dynamics, you elevate the role of compliance in strategy and support a culture of forward-looking governance.

Final Thoughts: The Future of Strategy Is Compliance-Infused

We often say that strategy sets the tone for the business. However, as compliance professionals, we now have the tools and the COSO framework to ensure that our tone is ethical, risk-aware, stakeholder-conscious, and purpose-driven. Compliance should not simply review strategy; we should all move to shape it. Bring your questions, our insights, and our integrity to the table where the most important business decisions are made. That is what governance leadership looks like. COSO just gave compliance the playbook.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.