Day: July 14, 2025

Categories
All Things Investigations

All Things Investigation – Due Diligence and Drama: A Deep Dive into Art World with Daniel Weiner

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox is joined by Daniel Weiner to discuss a complex legal case involving a valuable Picasso painting.

Weiner is the Chair of Hughes Hubbard & Reed’s Litigation Department, Chair of the Complex Business Disputes practice, and a partner in the International & Domestic Arbitration and Intellectual Property Disputes groups. Daniel and Tom take a deep dive into the intricate details of how a series of fraudulent transactions led to a multimillion-dollar dispute over Picasso’s ‘Le Peintre. The podcast highlights the importance of thorough due diligence in the art world and examines the legal complexities involved in resolving such cases. As they unravel the story, they highlight the crucial role of investigations in preventing art fraud and safeguarding ownership rights.

Key highlights:

  • The Fascinating Picasso Case
  • The Fraud Unveiled
  • Legal Issues and Investigations
  • Discovery Disputes and Court Proceedings
  • Consulting and Due Diligence in Art Law

Resources:

Daniel Weiner

Hughes Hubbard & Reed website

HHR Client Alert: Firm Obtains Discovery Win in Dispute Over Sale of Pablo Picasso Painting

Categories
The Ethics Experts

Episode 222 – Pat Poitevin

In this episode of The Ethics Experts, Nick welcomes Pat Poitevin.

Mr. Pat Poitevin is an internationally recognized expert in anti-corruption, corporate ethics, and compliance. He is the co-founder and executive director of the Canadian Centre of Excellence for Anti-Corruption (CCEAC). He is also co-founder & CEO of the boutique advisory firm Active Compliance and Ethics Group (ACEG). Mr. Poitevin is a 35-year veteran of the Royal Canadian Mounted Police and retired in October 2017, where he was the RCMP’s anti-corruption and compliance expert. He has also been an investigator and expert on drugs, organized crime, and financial crime. He is in demand as a speaker, university lecturer, and trainer at the international level and has extensive experience in program development and capacity building. Mr. Poitevin has been advising and helping public and private organizations to improve their ethics, compliance, and anti-corruption measures. Mr. Poitevin has also worked on research, consultative, and advisory projects with the G20, UNODC, and the IMF. He was a member of the Canadian Project Committee (PC278) involved in the development of the ISO 37001 Anti-bribery and ISO 37002 Whistleblowing Management systems standard, as well as ISO 42001 AI Management systems. He is a member of the Transparency International Expert Network, ACFE, IAFCI, AACI, and several other professional associations. He also has the CACM and TASA professional designations. He is a member of Transparency International Canada and a Certified Anti-Corruption Manager (CMAC-USA).

Connect with Pat on LinkedIn

Categories
Corruption, Crime and Compliance

Refocusing Due Diligence on Cartel and TCOs

Could your supply chain be funding cartels without you realizing it? In today’s complex global economy, companies are grappling with a dual challenge – the urgent need to unravel their supply chains and the immediate recalibration of due diligence systems to detect links to cartel and transnational criminal organizations (TCOs). With the Department of Justice sharpening its focus on both direct prosecutions and financial facilitators, global companies must prepare for heightened scrutiny. Michael breaks down the mounting risks, enforcement priorities, and practical steps companies must take to protect themselves from becoming unwitting participants in criminal operations.

You’ll hear him discuss:

  • How DOJ’s new two-pronged enforcement strategy is bringing corporate facilitators of cartels and TCOs into the crosshairs
  • Why traditional due diligence no longer goes far enough, especially with “Nth Party” risks buried deep in supply chains
  • How cartels and TCOs exploit legitimate businesses in sectors like logistics, agriculture, mining, and construction
  • The importance of identifying beneficial ownership and tracing complex corporate structures across jurisdictions
  • Red flags to watch for, from nominee arrangements and shell companies to unexplained wealth and layered financial flows
  • How cartels are adapting with fake websites, fake bios, and cryptocurrency to mask illicit activities
  • What companies must do to modernize their compliance systems with open-source tools and workflow automation
  • Why trade-based money laundering, remittance services, and decentralized platforms are growing areas of concern

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Compliance Tip of the Day

Compliance Tip of the Day – COSO Governance Framework: Part 1, Introduction

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we introduce a multi-part review of the new COSO Governance Framework (CGF). 

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles: Uncovering Compliance – Lessons from The Hound of the Baskervilles

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Over this season Tom will take a deep dive into each novel over a four part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles and The Valley of Fear. For the month of July we are considering lessons from The Hound of the Baskervilles.

Fiona and Timothy are back to extract five key compliance lessons from the story, including combating complacency, effective data use, maintaining objectivity, transparent communication, and ethical culture. These principles, drawn from a Victorian mystery, prove profoundly relevant for modern corporate compliance.

Highlights include:

  • Overview of Compliance Lessons from Sherlock Holmes
  • Lesson 1: Avoiding Complacency
  • Lesson 2: Power of Effective Data and Evidence
  • Lesson 3: Independence and Objectivity
  • Lesson 4: Transparent Communication and Reporting
  • Lesson 5: Importance of Culture and Ethics

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels, with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Ethical Challenges in AI, Data Protection, and Sports with André Paris

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, Tom Fox welcomes back André Paris for an insightful discussion on various ethical challenges in today’s world. André revisits his role in compliance and ethics and provides updates on his work since the pandemic and delves into the issues of algorithmic bias, transparency, and the ethical ramifications of AI systems, particularly in surveillance and privacy. André also shares his experience as a PhD candidate researching AI’s impact on civil liberties. The episode further explores the ethical challenges in the sports industry, including corruption, doping, and harassment. Lastly, André talks about his book ETHICS & TRANSPARENCY: A Path To Compliance on Amazon and its practical applications in fostering an ethical corporate culture.

Key highlights include:

  • André‘s Role in Compliance and Ethics
  • Ethics and Transparency: André’s Book
  • The Rise of AI and Ethical Challenges
  • AI in Business and Research Applications
  • Data Protection as a Civil Liberty
  • Ethical Challenges in Sports

Resources:

André Paris on LinkedIn

ETHICS & TRANSPARENCY: A Path To Compliance on Amazon

André Paris Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 43 – In the Shadow of Doubt: Lessons from Star Trek’s “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization. Today, we explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

In the Shadow of Doubt: Institutional Fairness and Institutional Justice Lessons from Star Trek’s “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization.

The episode places Chief Engineer Montgomery Scott (“Scotty”) in the center of a series of brutal murders on Argelius II. Despite the mounting evidence against him, the real story is about how Captain Kirk, Mr. Spock, Dr. McCoy, and the Argelian authorities pursue the truth—and how easily institutional justice can go astray.

Let’s explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: July 14, 2025, The Secret Business Sauce-Reading Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top compliance stories:

  • BCG paid approximately $1MM for its moving out Gazans project. (FT)
  • Indonesia detains former Trafigura employees in corruption probe. (Bloomberg)
  • Dubai and the offshoring of corruption. (The Conversation)
  • Amazon uses reading as its secret business tool. (Business Insider)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

COSO’s Corporate Governance Framework: What It Means for Compliance

For decades, COSO has been the gold standard in internal controls and enterprise risk management. But with the release of its new Corporate Governance Framework (CGF), now open as a Public Exposure Draft, COSO has thrown down the gauntlet to the compliance profession. This isn’t just a governance checklist. It is a call to action: step up, shape governance, and lead your organization into the future.

After exploring each of the six CGF Components in depth, I wanted to conclude this series by bringing it all together. What does the new COSO framework mean for compliance professionals? How should you adjust your strategy, your conversations with the board, and your daily work? Here are the big lessons and the practical next steps.

1. The Big Picture: A New Era for Governance and Compliance

The COSO CGF is a principles-based, integrated system designed to make governance everyone’s business, not just the sole responsibility of a Board of Directors. The six Components—Oversight, Strategy, Culture, People, Communication, and Resilience, each include key Principles with practical Points of Focus and leading-edge considerations. This is not a compliance framework by name, but it is a governance framework that places compliance at the heart of value creation, accountability, and enterprise resilience.

Compliance Takeaway: The CGF is arriving at a moment of regulatory complexity, stakeholder activism, and reputational volatility. Boards and management face evolving risks from AI, cyber, and ESG while being held to standards of transparency and trust by investors, employees, and society itself. If you’re a compliance leader, COSO just handed you the blueprint for embedding compliance deeper than ever before.

2. Oversight: Compliance’s Seat at the Table

Effective governance starts with the board, but it extends through management to every level of the organization. Oversight is about structure, independence, and accountability across board composition, executive delegation, and shareholder engagement. Do not be a bystander in governance; be a builder. Propose committee enhancements, brief leadership on independence and risk, and ensure compliance is on the board’s standing agenda. Your role is to clarify escalation protocols, support board effectiveness, and ensure oversight extends beyond mere numbers to encompass culture and ethical tone.

Compliance Takeaway: Start benchmarking your BOD structure and practices against COSO’s principles. Bring data to governance discussions and push for compliance metrics and risk topics to be regular board agenda items.

3. Strategy: From Afterthought to Co-Pilot

Strategy is no longer a C-suite sandbox. COSO makes clear: the board must oversee strategy, management must align it with purpose, and compliance must be at the table from planning to performance review. Step into the strategic conversation early. Embed compliance considerations into scenario planning, risk assessment, and incentive design. Move beyond being a “fixer” after decisions are made. You are now a co-pilot in shaping resilient, risk-aware, and stakeholder-driven strategy.

Compliance Takeaway: Map your organization’s strategic plan to the four COSO strategy principles: purpose, development, execution, and measurement. Create or enhance compliance dashboards with ethical and cultural KPIs, and ensure the board is briefed on them.

4. Culture: From Soft Topic to Measurable Mandate

Culture is not simply a poster on the wall; rather, it is how people behave when nobody is watching. The CGF calls for boards to own culture oversight, with management embedding values in every business process, from hiring to crisis response. Culture is now measurable, manageable, and mission-critical. Create culture dashboards, integrate ethics into leadership assessments, and bring employee sentiment to the board. Remember, misaligned culture leads to misconduct, and compliance has the data to prove it.

Compliance Takeaway: Launch a culture governance program with clear metrics (hotline use, training engagement, exit interview themes). Schedule regular board updates and recommend third-party culture assessments every few years.

5. People: Talent Is Governance in Action

People make or break both strategy and culture. COSO’s People Component focuses on workforce planning, succession, compensation, and development, with the board responsible for oversight of the front line—partner with HR on leadership development, succession planning, and ethics in incentives. Review onboarding and offboarding for compliance moments of truth, and advocate for ethics questions in performance reviews. Do not simply check the HR box; bring a compliance risk lens to every talent conversation.

Compliance Takeaway: Review how people-related risks (succession gaps, compensation misalignment) are addressed in board and committee agendas. Propose ethics- and compliance-driven enhancements to talent processes, and pilot 360-degree reviews for key leaders.

6. Communication: Governance’s Nervous System

Communication is not simply about reporting; rather, it is the way governance breathes. The CGF emphasizes trustworthy data, technology enablement, escalation protocols, and stakeholder engagement. Ensure your GRC systems provide real-time, accurate insights. If your compliance program runs on spreadsheets, it’s time for an upgrade. Push for integrated platforms, streamlined reporting, and regular “lookback” exercises after incidents.

Compliance Takeaway: Lead a review of your communication tools and escalation pathways. Bring technology-enabled dashboards to executive and board meetings, combining compliance, risk, and culture indicators for holistic governance oversight.

7. Resilience: From Compliance Cost Center to Value Enabler

Resilience is the ability to anticipate, withstand, and adapt to disruption. The Resilience Component weaves together risk, compliance, internal control, and continuous monitoring and positions compliance as a pillar of enterprise stability. Expand your oversight of internal controls beyond financials—leverage technology to automate high-risk monitoring. Lead post-incident reviews that turn mistakes into governance muscle. Compliance is not just about “bouncing back” from crisis; it is about building systems that don’t break in the first place.

Compliance Takeaway: Map compliance risks to strategic objectives and ensure alignment with enterprise risk management (ERM). Use predictive analytics to flag emerging cultural or ethical risks and brief the board on how compliance is driving not just compliance but resilience.

What Makes COSO’s CGF Different—and What You Should Do Now

Cross-functional by design. Each Component connects with others—culture shapes strategy, people enable resilience, and communication powers oversight.

Principle-based, not prescriptive. The framework is adaptable across industries and geographies. It is not about ticking boxes but building a system that fits your organization.

Tech-forward and future-focused. AI, data, and technology are built in from the start, not an afterthought.

Final Takeaways for Compliance Professionals:

  • Engage early and often: Do not wait for the board to call you. Proactively map your program to the CGF’s Components.
  • Benchmark and build: Use the framework as a lens to spot gaps, propose improvements, and advocate for compliance in new domains (talent, tech, ESG).
  • Educate and evangelize: Socialize the CGF across the C-suite, HR, IT, and risk. Make compliance the bridge that connects governance with value creation.

Closing Thoughts: A Call to Action

The new COSO Corporate Governance Framework is a leadership manual for the modern compliance professional. It challenges us to see compliance as more than defense; it is the engine of long-term value, trust, and resilience.

If you are ready to move from risk mitigator to governance architect, COSO just handed you the playbook. Now’s the time to roll up your sleeves, engage with the board, and help build a governance system that will stand the test of disruption, scrutiny, and change.