Day: July 11, 2025

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Design-Centric Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at design-centric controls that lay the groundwork for effective internal controls.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 40 – Prime Directive Decisions: Ethics in Action from Star Trek’s “Friday’s Child”

Star Trek has always been about more than adventure. It is often a mirror for our ethical challenges, especially for those tasked with steering organizations through the tricky space of corporate compliance. The original series episode “Friday’s Child” offers a compelling look at negotiation, trust, and ethics under fire. While set on the distant planet Capella IV, the dilemmas faced by Captain Kirk and his crew echo those in today’s boardrooms and compliance departments. Today, we set our phasers to “learn” and beam down five ethical lessons for compliance professionals, each tied to a defining scene from this classic episode.

Lesson 1: Respect Local Customs—Even When They Conflict With Your Own Values

Illustrated By: Upon arrival on Capella IV, Kirk and his landing party encounter the fiercely traditional Capellan society. The Capellans’ customs, particularly their views on leadership and the role of women, are in stark contrast to those of the Federation. Kirk and Dr. McCoy are forced to tread carefully, knowing that any misstep could lead to violence or destroy negotiations.

Compliance Lesson: Operating globally means working in environments where local laws and customs may clash with your organization’s values or home-country regulations. Compliance professionals must develop cultural intelligence and adapt without compromising core ethical standards. Kirk’s diplomacy demonstrates the importance of engaging with local practices respectfully, seeking understanding before judgment.

Provide training for teams working abroad, focusing on cultural sensitivity and practical ways to address conflicts between local customs and organizational policies. Create protocols for escalating issues when legal or ethical lines are at risk of being crossed.

Lesson 2: Integrity in Negotiation Is Non-Negotiable

Illustrated By: As the Federation seeks mining rights on Capella IV, the Klingons arrive to negotiate with the Capellans, bringing duplicity and manipulation. The Klingon emissary, Kras, offers bribes and deceit, but Kirk insists on transparency—even when it puts the mission at risk.

Compliance Lesson: Negotiations, whether with third parties or regulators, test ethical boundaries. While competitors may take shortcuts or resort to unethical tactics, a compliance-driven organization must prioritize integrity. Kirk’s refusal to engage in deception sets a tone of ethical leadership that earns the grudging respect of the Capellans.

Embed ethics in your negotiation strategy. Establish clear boundaries and a code of conduct for employees and third parties, making it clear that winning at any cost is not acceptable. Regularly audit negotiations for compliance with both law and company values.

Lesson 3: Protect the Vulnerable—Even When It’s Not Easy

Illustrated By: After the assassination of Akaar, the Capellan leader, his pregnant widow, Eleen, becomes the target of violence. Federation protocol would have Kirk and his team withdraw, but McCoy and Kirk insist on protecting Eleen and her unborn child, risking their safety and the mission.

Compliance Lesson: Organizations must safeguard those in vulnerable positions—whether whistleblowers, employees facing retaliation, or communities impacted by business decisions. The true ethical test is what you do when protecting the vulnerable is inconvenient, costly, or unpopular.

Establish robust whistleblower protection programs, anti-retaliation measures, and processes for identifying at-risk individuals or groups. Make it clear that ethical obligations to protect the vulnerable are not optional, but a core part of your compliance mission.

Lesson 4: Ethical Courage Means Making Unpopular Decisions

Illustrated By: When Eleen, following Capellan law, insists that she does not want her child, McCoy faces a stark ethical dilemma. He risks offending her and violating local tradition by insisting on the child’s birth, believing it to be in her and the child’s best interests. Ultimately, his actions save both Eleen and her child, who becomes the new heir.

Compliance Lesson: There are moments when ethical behavior demands standing alone, challenging consensus, or confronting deeply ingrained practices. McCoy’s “tough love” illustrates the courage required to make the right decision, even when it’s not the popular one.

Lesson 5: Transparency and Communication Build Trust in Crisis

Illustrated By: As Kirk, Spock, McCoy, and Eleen flee from the Capellans and Klingons, success depends on clear, honest communication. Kirk keeps his crew and even Eleen informed at every stage, which allows them to adapt quickly and survive the dangers they face together.

Compliance Lesson: During crises, be it a compliance investigation, regulatory challenge, or public scandal, transparency and timely communication are critical. Hiding information, even with good intentions, breeds suspicion and undermines trust. Kirk’s example shows that open communication is not a luxury but a necessity, especially under pressure.

Prepare crisis communication protocols in advance. Train leaders to communicate openly, honestly, and quickly during emergencies. Ensure employees know how, when, and where to report issues, and how updates will be provided as matters evolve.

Final ComplianceLog Reflections

“Friday’s Child” may be set on a planet of warriors, but its ethical lessons are universal. For compliance professionals, the episode is a case study in what it means to lead ethically when stakes are high, the rules are unclear, and the path is fraught with danger.

From respecting local customs to standing up for the vulnerable, even at great personal or professional cost, the crew of the Enterprise demonstrates that ethics is not a luxury, but the core of mission success. The compliance officer’s role is not unlike Kirk’s: to navigate complexity, negotiate with integrity, protect those at risk, summon courage in the face of unpopularity, and build trust through transparency.

In a world where every new market brings new challenges and every crisis tests our character, “Friday’s Child” offers this timeless guidance: set your course by your values, and let ethical leadership be your prime directive.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: July 11, 2025, The What is a COI Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News, all from the Compliance Podcast Network. Every day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top compliance stories:

  • NFLPA head works for private equity. (ESPN)
  • UK to ban NDAs. (Bloomberg)
  • Turkey uses corruption claims to arrest opponents. (Reuters)
  • Bid-rigging in stadium development. (WSJ)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

Negotiating Ethics at Warp Speed: Five E&C Lessons from Star Trek’s “Friday’s Child”

Star Trek has always been about more than adventure. It is often a mirror for our ethical challenges, especially for those tasked with steering organizations through the tricky space of corporate compliance. The original series episode “Friday’s Child” offers a compelling look at negotiation, trust, and ethics under fire. While set on the distant planet Capella IV, the dilemmas faced by Captain Kirk and his crew echo those in today’s boardrooms and compliance departments. Today, we set our phasers to “learn” and beam down five ethical lessons for compliance professionals, each tied to a defining scene from this classic episode.

Lesson 1: Respect Local Customs—Even When They Conflict With Your Own Values

Illustrated By: Upon arrival on Capella IV, Kirk and his landing party encounter the fiercely traditional Capellan society. The Capellans’ customs, particularly their views on leadership and the role of women, are in stark contrast to those of the Federation. Kirk and Dr. McCoy are forced to tread carefully, knowing that any misstep could lead to violence or destroy negotiations.

Compliance Lesson: Operating globally means working in environments where local laws and customs may clash with your organization’s values or home-country regulations. Compliance professionals must develop cultural intelligence and adapt without compromising core ethical standards. Kirk’s diplomacy demonstrates the importance of engaging with local practices respectfully, seeking understanding before judgment.

Provide training for teams working abroad, focusing on cultural sensitivity and practical ways to address conflicts between local customs and organizational policies. Create protocols for escalating issues when legal or ethical lines are at risk of being crossed.

Lesson 2: Integrity in Negotiation Is Non-Negotiable

Illustrated By: As the Federation seeks mining rights on Capella IV, the Klingons arrive to negotiate with the Capellans, bringing duplicity and manipulation. The Klingon emissary, Kras, offers bribes and deceit, but Kirk insists on transparency—even when it puts the mission at risk.

Compliance Lesson: Negotiations, whether with third parties or regulators, test ethical boundaries. While competitors may take shortcuts or resort to unethical tactics, a compliance-driven organization must prioritize integrity. Kirk’s refusal to engage in deception sets a tone of ethical leadership that earns the grudging respect of the Capellans.

Embed ethics in your negotiation strategy. Establish clear boundaries and a code of conduct for employees and third parties, making it clear that winning at any cost is not acceptable. Regularly audit negotiations for compliance with both law and company values.

Lesson 3: Protect the Vulnerable—Even When It’s Not Easy

Illustrated By: After the assassination of Akaar, the Capellan leader, his pregnant widow, Eleen, becomes the target of violence. Federation protocol would have Kirk and his team withdraw, but McCoy and Kirk insist on protecting Eleen and her unborn child, risking their safety and the mission.

Compliance Lesson: Organizations must safeguard those in vulnerable positions—whether whistleblowers, employees facing retaliation, or communities impacted by business decisions. The true ethical test is what you do when protecting the vulnerable is inconvenient, costly, or unpopular.

Establish robust whistleblower protection programs, anti-retaliation measures, and processes for identifying at-risk individuals or groups. Make it clear that ethical obligations to protect the vulnerable are not optional, but a core part of your compliance mission.

Lesson 4: Ethical Courage Means Making Unpopular Decisions

Illustrated By: When Eleen, following Capellan law, insists that she does not want her child, McCoy faces a stark ethical dilemma. He risks offending her and violating local tradition by insisting on the child’s birth, believing it to be in her and the child’s best interests. Ultimately, his actions save both Eleen and her child, who becomes the new heir.

Compliance Lesson: There are moments when ethical behavior demands standing alone, challenging consensus, or confronting deeply ingrained practices. McCoy’s “tough love” illustrates the courage required to make the right decision, even when it’s not the popular one.

Lesson 5: Transparency and Communication Build Trust in Crisis

Illustrated By: As Kirk, Spock, McCoy, and Eleen flee from the Capellans and Klingons, success depends on clear, honest communication. Kirk keeps his crew and even Eleen informed at every stage, which allows them to adapt quickly and survive the dangers they face together.

Compliance Lesson: During crises, be it a compliance investigation, regulatory challenge, or public scandal, transparency and timely communication are critical. Hiding information, even with good intentions, breeds suspicion and undermines trust. Kirk’s example shows that open communication is not a luxury but a necessity, especially under pressure.

Prepare crisis communication protocols in advance. Train leaders to communicate openly, honestly, and quickly during emergencies. Ensure employees know how, when, and where to report issues, and how updates will be provided as matters evolve.

Final ComplianceLog Reflections

“Friday’s Child” may be set on a planet of warriors, but its ethical lessons are universal. For compliance professionals, the episode is a case study in what it means to lead ethically when stakes are high, the rules are unclear, and the path is fraught with danger.

From respecting local customs to standing up for the vulnerable, even at great personal or professional cost, the crew of the Enterprise demonstrates that ethics is not a luxury, but the core of mission success. The compliance officer’s role is not unlike Kirk’s: to navigate complexity, negotiate with integrity, protect those at risk, summon courage in the face of unpopularity, and build trust through transparency.

In a world where every new market brings new challenges and every crisis tests our character, “Friday’s Child” offers this timeless guidance: set your course by your values, and let ethical leadership be your prime directive.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Regulatory Ramblings

Regulatory Ramblings: Episode 73 – Geopolitical Risk: Thai Tensions / Sanctions, Tariffs & FCPA Enforcement in Asia

This episode focuses on geopolitical risk. In the initial spotlight segment, we speak with veteran journalist and Asia-watcher Christopher Cottrell about the military tensions in Thailand and their implications for the viability of the country’s newly proposed gaming law.

Following that, we chat with AML veteran Richard Butler of Dow Jones and data scientist Haider Mannan of BigTXN about the enforcement of the US Foreign Corrupt Practices Act, sanctions, and tariffs in the wake of recent actions by the Trump administration and the recent airstrikes on Iran.

Christopher Cottrell 

Christopher Cottrell resides in Thailand and has been covering the Indo-Pacific region since 1997, contributing to publications such as The Boston GlobeChristian Science MonitorCNNThe GuardianMacau BusinessThe New York Times, and the South China Morning Post.

He spent 18 years in China and has been reporting on geopolitics in the Pacific Islands and Southeast Asia for the past four years, having edited UK-based Winna Media’s white papers on the Thai Entertainment Complex bill since 2024.

 

 

 

Richard Butler

Richard Butler is the vice president and APAC head of risk and research for Dow Jones & Co. Based in Sydney, Australia, he is responsible for helping businesses with risk and compliance strategies offsetting various forms of regulatory and commercial risk – such as the provision of high-quality, accurate and comprehensive data for identifying, evaluating and monitoring varying types of risk.

Before joining Dow Jones, Richard was the AVP for Treasury Services for Australia and New Zealand at JPMorgan Chase, where he was responsible for ensuring that JPMorgan’s financial institutional and non-bank financial institution clients in Australia and New Zealand adhered to JPMorgan’s best-in-class Know-Your-Customer, compliance, due diligence, and counter-terrorist financing standards. He began his career at ABN AMRO Bank, where he served as both the CAAML (Client Awareness and Anti-Money Laundering) officer and sales manager for the ABN AMRO Treasury Solutions Group in Dublin, Ireland.

Richard is skilled in governance, risk management, and compliance (GRC), as well as team management, direct sales, relationship building, and financial analysis, particularly in the APAC region.

Haider Mannan

Haider Mannan is the CEO and founder of BigTXN, a risk intelligence data provider. He is a data scientist and subject matter expert in investment screening, specializing in ESG controversies, global sanctions, and investment restrictions. He sits on the UK board of the Association of Certified Sanctions Specialists and the membership committee of the UK Sustainable Investment and Finance Association. Haider is also a member of PRMIA‘s advisory expert group on investment risk.

Discussion:

The conversation begins with Chris recounting the threats to Thailand’s security and stability, including the ongoing land border closure and standoff with Cambodia. He recounts with Regulatory Ramblings host Ajay Shamdasani that, notwithstanding its 22 prior coups, military rule, and reputation as a fragile democracy, Thailand has long been the darling of the global investment community, which has long touted its positive long-term economic fundamentals.

He adds the country has curried favor with the West by opening up in ways that many would regard as progressive, such as permitting the sale of cannabis products and paraphernalia, permitting same-sex unions, and seeking to liberalize its gaming sector by tendering a recent bill.

Yet, given the July 1 suspension by the country’s Constitutional Court of Prime Minister Paetongtarn Shinawatra over ethics violations and the weekslong border spat with Cambodia, which has been roiling fears of Thailand’s 23rd coup d’état, the implementation of the new gaming law has been scuttled.

The discussion then shifts to Haider, who shares his thoughts on how data can help investment screening. He and Richard comment on how recent changes in the sanctions landscape, given the current geopolitical climate under the second Trump administration, pose a challenge for compliance and legal staff at banking and financial institutions, as well as multinational corporations.

Related to this are concerns about the implications for Asia regarding the extraterritorial enforcement of the much-dreaded US Foreign Corrupt Practices Act (FCPA) and the prospect of tariff imposition by the White House, as well as the potential for regulatory retaliation by other countries.

It’s worth noting that on June 9, Matthew Galeotti, head of the US Department of Justice’s (DOJ) criminal division, said that under new FCPA guidelines now in place, it would enforce the Act Firmly but fairly.” The comments followed President Trump’s announcement earlier this year that the DOJ would hold off on FCPA enforcement following a review of current standards, as it was believed the existing regulatory regime put US businesses at a disadvantage when competing abroad.

Haider and Richard also discuss why geopolitics matter and the need for lawyers and risk managers to go beyond merely tracking financial news. The conversation concludes with a discussion of a recent case in which the US DOJ’s Office of Foreign Asset Control (OFAC) sanctioned entities/companies in Hong Kong and mainland China that were involved in transferring Iranian oil to China.

Regulatory Ramblings podcasts is brought to you by The University of Hong Kong – Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech, with support from the HKU Faculty of Law.

Useful links in this episode:

You might also be interested in:

Connect with RR Podcast at:

LinkedIn: https://hk.linkedin.com/company/hkufintech 
Facebook: https://www.facebook.com/hkufintech.fb/
Instagram: https://www.instagram.com/hkufintech/ 
Twitter: https://twitter.com/HKUFinTech 
Threads: https://www.threads.net/@hkufintech
Website: https://www.hkufintech.com/regulatoryramblings 

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net

Categories
The I-Team Podcast

The I-Team Podcast – Episode 1 – International Aspects of Data Law

In the first edition of the I-Team podcast, the I-Team discusses international aspects of data law.

The I-Team is a spin-out of the ever-popular Relativity Fest International Panel. The podcast was recorded at the ILTA meeting during Relativity Fest London on June 9, 2025.

Topics include:

  • The use of AI in legal proceedings
  • The dangers of GenAI & hallucination
  • Recent cases in South Africa, the US & UK
  • American Bar Association (ABA) Formal Opinion 512 on Generative AI
  • Judicial guidance in England & Wales on AI use
  • ILTA best practice guidance on the use of AI
  • The latest developments in Technology Assisted Review (TAR)
  • The need for law firm leadership to educate lawyers on AI
  • Literacy requirements under the EU AI Act
  • The role of avatars in court proceedings
  • Guidelines on the use of AI in arbitration
  • How trampolines have influenced the development of tech use in courts

The I-Team are:

Jonathan Armstrong of Punter Southall Law

Fiona Campbell of Field Fisher

David Horrigan of Relativity

Linda Sheehan of intelligENS

Categories
Blog

COSO’s Corporate Governance Framework: Component 6 – Resilience

We continue our exploration of the recently released COSO  Corporate Governance Framework (the Framework) as a Public Exposure Draft.  Today, we begin a deep dive into the six individual components with a discussion of Component 6—Resilience. In today’s volatile business climate, one thing is sure: disruption is no longer the exception; it has become the norm. Whether it’s a cybersecurity incident, regulatory upheaval, geopolitical instability, or reputational crisis, the organizations that thrive are those that can bend without breaking. That’s why Component 6 – Resilience in the COSO Corporate Governance Framework (CGF) is more than timely; it may well be foundational.

For the compliance professional, resilience isn’t just about bouncing back—it’s about designing governance systems that withstand, anticipate, and even leverage disruption. The CGF reframes resilience as an integrated model that weaves together risk management, compliance, internal control, and continuous monitoring. This final Component of the framework is where compliance moves from policy enforcement to value creation. It is where compliance becomes a partner in operational continuity, strategic foresight, and cultural durability.

What Is the Resilience Component?

COSO defines resilience as the ability to withstand disruption, adapt to change, seize opportunity, and sustain long-term value. It is not reactive firefighting but rather about proactive design. This Component is structured around four principles:

  1. Manage and Oversee Risks and Opportunities
  2. Manage Compliance Responsibilities
  3. Establish and Evaluate Internal Control
  4. Monitor Governance Effectiveness

These principles span strategic, operational, and cultural dimensions of governance, reinforcing that a single function doesn’t own resilience. It’s built collaboratively across the board, executive leadership, internal audit, risk, and yes, compliance.

Why Resilience Belongs to Compliance

Compliance has continuously operated at the intersection of policy, people, and process. But in the Framework view, compliance is a key architect of resilience. Why? Because of the following:

  • Compliance sees how risks evolve across geographies, regulations, and business lines.
  • Compliance manages escalation, remediation, and accountability processes.
  • Compliance helps define the thresholds for risk acceptance and control failure.
  • Compliance monitors ethics and behavior—early indicators of cultural cracks.
  • Compliance is a trusted communicator in times of crisis.

The Resilience Component is our invitation to lead not just to prevent harm, but to build strength.

Five Key Lessons for Compliance Professionals

Lesson 1: Governance Without Risk Integration Is Incomplete

Principle 21: Manage and Oversee Risks and Opportunities

Executive management, with board oversight, must establish a structured, dynamic risk management process that aligns strategy, performance, and risk appetite. The board must allocate oversight of risk areas across committees while maintaining integrated ownership of enterprise-level risks.

Compliance Tip: Engage with your risk management function to ensure your compliance risks, such as regulatory enforcement, third-party integrity, and misconduct, are embedded in enterprise risk registers and heatmaps. Use scenario planning to show how legal and compliance risks could disrupt strategic objectives. Partner with the CRO to lead cross-functional risk workshops that consider both downside risk and upside opportunity (e.g., entering new markets with strong compliance advantages).

Lesson 2: Compliance Is Not a Silo—It’s a System

Principle 22: Manage Compliance Responsibilities

Compliance must be embedded across the enterprise, with clear ownership, independent oversight, robust policies, and responsive change management. The CCO must have the authority, access, and independence to lead an effective compliance program that evolves with risk.

Compliance Tip: Ensure your program includes both centralized compliance (for policy and strategy) and decentralized compliance partners (within functions or geographies). Consistency is key, but so is contextualization. Build a compliance change management protocol that activates when laws shift or operations expand. This should include regulatory horizon scanning, impact assessments, stakeholder training, and updated controls. Resilience depends on staying current, not compliant with yesterday’s standards.

Lesson 3: Internal Control Is Not Just Finance—It’s Enterprise Resilience

Principle 23: Establish and Evaluate Internal Control

Internal controls must support the achievement of operational, reporting, and compliance objectives. Executive management must align controls with ethics, legal obligations, and the entity’s risk profile, and boards must oversee their design and effectiveness.

Compliance Tip: Expand your oversight of controls beyond SOX and financial reporting. Review controls around conflicts of interest, data protection, anti-corruption, and third-party oversight. Collaborate with internal audit and risk to integrate compliance controls into enterprise-wide control frameworks and control testing cycles. Use this alignment to identify duplication, streamline assurance, and enhance board visibility.

Lesson 4: Monitoring Isn’t About Activity—It’s About Insight

Principle 24: Monitor Governance Effectiveness

Governance must be continuously monitored, not just audited periodically. This includes reviewing trends, stakeholder expectations, and gaps in policy or performance. Both the board and management should receive real-time insights on culture, compliance, and risk exposure.

Compliance Tip: Build dashboards that combine hard compliance metrics (e.g., training rates, hotline activity) with qualitative indicators (e.g., engagement survey results, tone-at-the-top assessments). Present these to executive leadership as part of quarterly reporting. Lead a governance “lookback” exercise after key incidents, such as investigations, regulatory inquiries, or market shifts. What worked? What broke down? What signals were missed? This practice turns mistakes into muscle.

Lesson 5: Technology Is a Force Multiplier—Use It to Scale Resilience

COSO highlights the power of technology, like GRC systems, data analytics, and artificial intelligence, to drive smarter, faster governance. Resilience requires visibility and agility, which technology can deliver when thoughtfully deployed.

Compliance Tip: Leverage tech to automate monitoring of high-risk processes, such as gifts & hospitality, vendor onboarding, or export controls. Use exception alerts to flag potential issues before they escalate—pilot predictive analytics for culture and ethics risk. Combine internal data (e.g., survey responses, exit interviews, training patterns) with external signals (e.g., Glassdoor, whistleblower trends) to identify emerging hotspots. That’s how resilient organizations get ahead of reputation-damaging crises.

Building a Resilience-Driven Compliance Program

Use COSO’s Resilience Component as the blueprint for a more integrated, forward-looking compliance program. Here’s how to begin:

  • Risk Integration: Map compliance risks to strategic objectives and ensure alignment with ERM.
  • Compliance Ownership: Assign roles and responsibilities at all levels, with a clear reporting line to the board.
  • Controls Framework: Ensure compliance controls are part of your internal control evaluation process, not isolated.
  • Technology Enablement: Deploy automation and analytics to monitor, report, and adapt.
  • Monitoring Infrastructure: Create a system for real-time visibility and feedback across all six COSO governance components.

This is not simply about regulatory defense. It’s about strategic readiness and stakeholder trust.

What Boards Need to Hear from Compliance

Bring these messages to your next governance, audit, or risk committee meeting:

  • Resilience is the outcome of integrated governance, compliance, risk, internal control, and culture that must work together.
  • Compliance is a strategic partner in managing disruption, not just avoiding penalties.
  • The board should regularly review compliance monitoring dashboards alongside risk and financial data.
  • The compliance function must be properly resourced and independent to support resilience.
  • Resilience is not just bouncing back; it is about designing systems that do not fold under pressure.

When boards see compliance as an enabler of value, not just a cost center, they make better decisions and support stronger programs.

Final Thoughts: Resilience Is the Future of Compliance

The COSO Resilience Component confirms what many of us have been saying for years: compliance must evolve from a reactive function to a proactive pillar of enterprise stability.

Do not simply write the policy. Build the process. Don’t just monitor conduct. Predict behavior. Don’t just advise in hindsight. Prepare with foresight. Because in governance, resilience isn’t a buzzword; it is a business model. And compliance is right at the center of making it real.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.