Day: July 16, 2025

Categories
Compliance Into the Weeds

Compliance into the Weeds: Agentic Misalignment and AI Ethics: Analyzing AI Behavior Under Pressure

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss a recent Anthropic report that highlights “agentic misalignment in AI systems.”

The discussion addresses the unsettling, independent, and unethical behaviors exhibited by AI systems in extreme scenarios. The conversation explores the implications for corporate risk management, AI governance, and compliance, drawing parallels between AI behavior and human behavior using concepts such as the fraud triangle. The episode also explores how traditional anti-fraud mechanisms may be adapted for monitoring AI agents while reflecting on lessons from science fiction portrayals of AI ethics and risks.

Key highlights:

  • AI’s Unethical Behaviors
  • Comparing AI to Human Behavior
  • Fraud Triangle, the Anti-Fraud Triangle, and AI
  • Science Fiction Parallels

Resources:

Matt Kelly in Radical Compliance 

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred the Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – COSO Governance Framework: Part 3, Strategy

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our multi-part review of the new COSO Governance Framework (CGF). Today, we look at Component 3-Strategy.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 45 – Beyond the Arena: Compliance Hotlines, Speak-Up Culture, and Lessons from “The Gamesters of Triskelion”

For compliance professionals, building a culture where employees feel empowered to speak up, whether as victims or as bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” It is an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated By: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers.

Compliance Lesson: A true speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the Providers, insisting on open communication, transparency, and fair treatment for himself and the others.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives.

Compliance Lesson: Effective reporting systems require not only intake but meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up, and that their concerns will be heard and acted upon.

Live long, prosper, and always encourage your crew to speak up.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: July 16, 2025, The Corruption Comes to Cannes’ Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top compliance stories:

  • Corruption comes to the Cannes Film Festival. (Ad Age)
  • New risks in mining. (FT)
  • He who forgets the past… (WSJ)
  • SEC drops case against former Cognizant execs. (SEC Press Release)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

Beyond the Arena: Compliance Hotlines, Speak-Up Culture, and Lessons from Star Trek’s “The Gamesters of Triskelion”

For compliance professionals, building a culture where employees feel empowered to speak up, whether as victims or as bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” In this memorable installment, Captain Kirk, Lieutenant Uhura, and Chekov are kidnapped and forced to fight as gladiators for the amusement of alien “Providers.” While the spectacle is one of brute force, the true victory comes not from physical strength but from challenging the system, refusing to remain silent, and advocating for oneself and others.

Today, we beam down and explore the key compliance lessons, literally scene by scene, from this classic episode, and see how it can help us reimagine our approach to hotlines, internal reporting, and speak-up culture in today’s organizations.

The Gamesters of Triskelion” places our heroes in an alien arena, stripped of their autonomy and pitted against each other. Their every move is watched, wagered upon, and manipulated by unseen masters. It’s an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated By: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system. When Captain Kirk is abducted, his first instinct is to seek information, challenge authority, and demand a platform for his concerns. But the providers initially deny him any means to voice his objections. Reflecting a system where grievances are suppressed and channels for reporting are inaccessible.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it. Too often, organizations install a hotline as a check-the-box exercise, but if employees don’t trust the process or fear retaliation, it becomes as useless as shouting into the void. Build trust by ensuring anonymity, robust anti-retaliation protections, and transparent processes for follow-up. Empower all employees, not just those harmed directly but also those who witness wrongdoing, to report concerns with confidence.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers. Uhura’s actions exemplify the power of the bystander. Though she is a victim of abduction, she does not remain passive when she witnesses Chekov in danger or Shahna being mistreated. She steps forward, speaks up, and supports those around her, even putting herself at risk.

Compliance Lesson: An authentic speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior. Compliance professionals should provide training on bystander intervention, communicate that speaking up is a shared responsibility, and recognize those who do. This not only prevents harm but also signals to all employees that silence is not neutrality; it is complicity.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the providers, insisting on open communication, transparency, and fair treatment for himself and the others. Throughout the episode, Kirk persistently challenges the opaque rules of the Triskelion arena. He demands not just a voice, but a fair and understandable process—something the providers grudgingly grant after repeated confrontation.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward. Normalize reporting by making it a routine, non-threatening part of workplace culture, much like regular safety drills or team meetings. Remind employees frequently, in plain language, of how and why to report concerns, and ensure that doing so is free from bureaucratic or emotional hurdles.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance. Kirk’s leadership in the arena is marked by his refusal to comply quietly with unjust commands. He models courage and vocal opposition, inspiring those around him, especially Shahna, a bystander-turned-ally, to question the status quo and ultimately join his cause.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same. Encourage managers and executives to share stories of when they reported concerns or acted as ethical bystanders. Celebrate transparency and moral courage, not just technical compliance. When leaders set the example, the entire organization takes notice.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives. The climax of the episode comes when the Providers, confronted with Kirk’s unwavering demands and the support of his crew, capitulate. They not only allow complaints to be aired, but they also listen, act, and restore justice.

Compliance Lesson: Effective reporting systems require not only intake but meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately. This includes timely investigation, resolution, and, where possible, communication back to the reporter (even if only in general terms). When employees see real action and outcomes, trust grows and participation in the system increases. Closing the loop is essential to sustaining a robust speak-up culture.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up, and that their concerns will be heard and acted upon.

As you assess your organization’s internal reporting and speak-up culture, ask yourself:

  • Are your hotlines and reporting channels truly accessible and trusted?
  • Have you equipped and empowered bystanders, not just victims, to act?
  • Are you constantly removing barriers to speaking up and normalizing the process?
  • Does your leadership model champion the values you expect from everyone?
  • Do you always close the loop by providing feedback and taking visible action?

True compliance is not measured by silence, but by the willingness of all to speak, intervene, and challenge injustice. Like Kirk and his crew, our mission is not just to survive the arena but to change it for the better.

Live long, prosper, and always encourage your crew to speak up.

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Operationalizing AI for Compliance: Turning Potential into Practice

If you have spent any time around corporate compliance in the past several months, you have undoubtedly heard a great deal about artificial intelligence (AI). It is promised as a game changer, touted as the next big thing, and often presented with buzzwords that sound more like science fiction than practical business tools. Indeed, I wrote a book about its promise, Upping Your Game. However, compliance professionals consistently face one crucial question: How can we operationalize AI effectively within our compliance functions?

I used this title, as I have long advocated Operationalizing Compliance. Indeed, in 2016, I published a book with just that title. Therefore, in today’s blog, we will explore precisely that: how compliance leaders can strategically integrate AI solutions into existing compliance frameworks, drive effectiveness, and transform potential into sustainable value.

Understanding AI’s Value Proposition for Compliance

Operationalizing AI begins with recognizing why AI matters in the context of compliance. Fundamentally, compliance is about managing risk through monitoring, detection, investigation, and remediation. AI excels in these core compliance activities due to its ability to process massive volumes of data rapidly, identify patterns that humans may miss, and provide predictive insights.

AI, in short, enhances your compliance team’s ability to stay ahead of risk, transforming reactive processes into proactive strategies. Consider the traditional compliance approach to monitoring. Usually reliant on sampling and periodic audits, it can leave gaps for misconduct to slip through. AI-driven continuous monitoring solutions eliminate these gaps, spotting anomalies in real-time and flagging them immediately for action.

Yet, for all its promise, AI is not a “plug and play” solution. To operationalize AI, compliance teams must approach it methodically, intentionally, and with transparent governance in place.

Step 1: Define Your Objectives Clearly

The first step in operationalizing AI for compliance is clarity of purpose. Compliance leaders must define the specific outcomes they hope to achieve through AI. Ask yourself, “What problem are we trying to solve, and why is AI a suitable solution?”

Objectives may include:

  • Real-time detection of suspicious financial transactions.
  • Automated due diligence on third-party vendors.
  • Predictive analytics to flag high-risk regions or business units.
  • Enhanced hotline management through AI-powered triage.

Articulated objectives become the roadmap guiding your AI initiative, helping you select appropriate tools and measure success effectively.

Step 2: Data Readiness and Integration

Next, compliance professionals must tackle a critical operational requirement: data readiness. AI thrives on data; thus, operationalizing AI depends on ensuring your data is accessible, reliable, secure, and comprehensive.

Data silos present a significant challenge. Compliance functions often manage fragmented data from HR systems, financial databases, third-party diligence platforms, and internal reporting channels. Integrating these data streams into a unified compliance data lake or repository is a foundational step.

A successful integration strategy includes:

  • Conducting a data inventory and assessing data quality.
  • Standardizing data formats across various systems.
  • Implementing robust data governance practices ensures the accuracy and integrity of data.

Addressing these integration challenges upfront ensures your AI compliance solutions have high-quality fuel to drive accurate and valuable insights.

Step 3: Choose the Right AI Technology Partners and Tools

There’s no shortage of AI vendors promising solutions tailored for compliance needs. But choosing the right partner requires thorough due diligence, evaluating both technological capability and ethical alignment.

Compliance leaders should look for partners with:

  • Demonstrable experience in corporate compliance and regulatory environments.
  • Transparent and auditable AI algorithms to ensure explainability.
  • Robust data privacy and cybersecurity frameworks.
  • Scalable solutions that evolve with regulatory demands and business needs.

Furthermore, compliance professionals should carefully pilot and test AI solutions before implementing them on a full scale. Start small by piloting the solution within a specific compliance area, such as third-party due diligence or fraud detection, and expand gradually based on proven outcomes and clear metrics.

Step 4: Build AI Ethics into Your Compliance Framework

Operationalizing AI comes with significant ethical implications, particularly regarding bias, transparency, and accountability. Compliance officers play a pivotal role in ensuring that AI systems align with a company’s values, ethics, and regulatory expectations.

An ethical AI framework includes:

  • Regular algorithmic auditing to detect and mitigate bias.
  • Transparent processes that allow for the explainability of AI-driven decisions.
  • Mechanisms to oversee and correct AI systems continuously.

AI ethics isn’t an add-on; rather, it is integral to operationalizing AI responsibly. Compliance teams should be at the forefront of this conversation, partnering with data scientists and technology leaders to integrate ethical oversight into AI deployment from the outset.

Step 5: Training, Culture, and Change Management

Operationalizing AI also means preparing your team and organization to adapt to new ways of working. AI is not a replacement for compliance professionals; it’s a tool to augment their expertise. However, integrating AI successfully demands a culture receptive to technology-driven change.

Compliance leaders must focus on:

  • Continuous AI literacy training to ensure that compliance teams understand how to interact effectively with AI tools.
  • Establishing clear communication channels explaining AI’s role, scope, and limitations.
  • Encouraging a culture of curiosity and innovation within compliance teams, reinforcing that AI enables them to perform their roles more effectively, not replace them.

Managing organizational change proactively reduces resistance, fosters engagement, and ensures your compliance team leverages AI’s full potential.

Step 6: Establish Metrics and Measure Impact

Operationalizing AI requires rigorous performance monitoring. Compliance professionals must establish clear benchmarks and metrics to assess the effectiveness of AI continually. Typical metrics could include:

  • Reduction in false positives during transaction monitoring.
  • Improvements in detection accuracy and timeliness.
  • Reduction in compliance breaches and associated remediation costs.
  • Increased efficiency in compliance investigation processes.

These metrics provide tangible evidence of AI’s impact, allowing compliance leaders to make data-driven decisions about expanding or adjusting their AI initiatives.

Step 7: Continuous Improvement and Adaptation

Finally, operationalizing AI is not a one-time event but an ongoing cycle of continuous improvement. AI models and technologies evolve rapidly, as do regulatory environments and compliance risks. Regularly revisiting your AI strategy ensures continued alignment with organizational needs and compliance objectives.

Embrace a feedback loop approach:

  • Regularly solicit feedback from users about the AI tool’s effectiveness.
  • Stay informed about regulatory changes that may impact AI compliance practices.
  • Update algorithms and recalibrate models to maintain accuracy and relevance.

A compliance function committed to continuous learning, adaptation, and iteration is best positioned to reap long-term benefits from AI.

Turning AI from Concept to Compliance Reality (Operationalizing AI)

Operationalizing AI for compliance is not merely about adopting cutting-edge technology; it is about strategic integration, ethical oversight, proactive training, and continuous improvement. When compliance leaders approach AI thoughtfully, methodically, and responsibly, the result is transformative, turning AI’s promise into a practical reality that enhances compliance effectiveness, risk mitigation, and organizational integrity.

As compliance professionals, we stand at an exciting crossroads. AI has moved beyond theoretical potential; it is a tangible, operational reality. By clearly defining objectives, managing data effectively, choosing the right partners, embedding ethics, preparing our teams, and committing to continuous improvement, compliance can lead the way in responsibly harnessing AI’s power.

The AI revolution in compliance is here. The question is not whether compliance teams can operationalize AI but how effectively and ethically they can do so. The answer lies in the strategic, thoughtful, and deliberate steps we take today.