Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Today, let’s take a journey to one of Star Trek: The Original Series’ most intense psychological dramas: “Whom Gods Destroy.” On its surface, this episode is a tale of madness, manipulation, and peril. But for the vigilant compliance professional, it’s a trove of investigative lessons on dealing with deception, managing risk, and safeguarding your organization in an unpredictable world.
In “Whom Gods Destroy,” Captain Kirk and Mr. Spock arrive at the maximum-security facility on Elba II to deliver a new medicine. They quickly fall prey to the cunning Garth of Izar, a former starship fleet captain now criminally insane. Garth seizes control of the asylum using his shapeshifting ability and manipulates everyone around him with a series of deceptions, impersonations, and psychological games. For Kirk and Spock, survival means uncovering the truth in a maze of misdirection.
Let’s beam down to Elba II, a remote asylum for the galaxy’s most dangerous criminally insane, to examine what this wild ride can teach us about effective corporate investigations.
1. Never Accept Surface Appearances—Verify, Then Trust
Illustrated By: Kirk and Spock are greeted by what appears to be the asylum’s director, Governor Cory. He acts normally and reassures them that all is well. Only later do they discover that Garth, using his ability to alter his appearance, is impersonating Cory and is, in fact, in control of the facility.
Compliance Lesson. In investigations, never accept things at face value. Documents can be forged, credentials fabricated, and even trusted individuals may act under duress or with hidden motives. Just as Garth’s impersonation deceived Kirk, compliance investigators must independently verify facts, corroborate stories, and challenge what seems obvious. Assume nothing—always test the evidence.
What should you do now? Establish robust protocols for evidence verification. Don’t simply trust, but verify, using multiple sources, forensic tools, and independent witness interviews. Always be alert to the possibility that someone may be playing a role.
2. Psychological Manipulation: Beware the Power of Charisma
Illustrated By: Garth, in his guise as both himself and others, uses his charisma and manipulation to sow confusion and loyalty among the other inmates. He persuades them to join his rebellion through promises, threats, and appeals to their egos.
Compliance Lesson. In many investigations, the most dangerous individuals are those who wield psychological influence. Charismatic leaders, managers, or employees can persuade others to cover up wrongdoing, falsify records, or sabotage investigative efforts. Investigators must be wary of undue influence and remember that even the most likable or persuasive people may have something to hide.
What should you do now?Train your investigative team to recognize and resist psychological manipulation. Always seek independent corroboration and never let charm or status cloud your objectivity.
3. The Importance of Access Controls and Segregation of Duties
Illustrated By: Garth gains control over the asylum’s security systems, disabling communications and trapping Kirk and Spock. By centralizing control, he can manipulate everyone in the facility and thwart any rescue attempt.
Compliance Lesson: A key safeguard against fraud and misconduct is the principle of segregation of duties and strict access controls. If one individual or a small group can manipulate systems without oversight, your organization is vulnerable to abuse. Garth’s control of Elba II mirrors what can happen in a business when there are weak internal controls: a single rogue actor can wreak havoc before anyone notices.
What should you do now? Regularly review and test your access controls and segregation of duties. Ensure that no single person has unchecked power and regularly audit system logs to detect unusual activity. Prevent the “Garth scenario” by building multiple layers of oversight.
4. Recognize Red Flags and Act on Them Swiftly
Illustrated By: Despite several warning signs, unusual behavior from the “director,” cryptic comments from the staff, and security lapses, Kirk and Spock hesitate before taking decisive action. Only after the deception becomes undeniable do they shift into crisis mode.
Compliance Lesson. Every investigation reveals red flags. The question is: will your team recognize them early and act decisively? All too often, subtle signals, changes in behavior, delayed responses, or gaps in documentation are ignored until the situation escalates. In “Whom Gods Destroy,” the cost of delay is nearly fatal.
What should you do now? Create a culture where red flags are escalated and investigated immediately. Encourage open reporting and ensure investigators are empowered to follow up on their instincts. Quick action can prevent a minor issue from becoming a crisis.
5. Collaboration Is the Key to Outwitting Deception
Illustrated By: Ultimately, Kirk and Spock overcome Garth’s deceptions through close teamwork, communication, and the use of a prearranged security code that only the honest Kirk would know. Spock’s skepticism and methodical approach are essential to cutting through the confusion and revealing the truth.
Compliance Lesson. Investigations should never be a solo endeavor. Collaboration, clear communication, and checks and balances are essential to unmasking sophisticated schemes. Like Spock and Kirk, compliance teams must establish protocols—such as “safe words,” confirmation codes, or independent review processes—to prevent impersonation, collusion, or false confessions.
What should you do now? Build cross-functional investigative teams with diverse skill sets. Foster a culture of transparency, and ensure all findings are independently reviewed and validated. Teamwork and process discipline are your best defenses against deception.
Final ComplianceLog Reflections
“Whom Gods Destroy” may be set in a galaxy far away, but its lessons are as relevant to the compliance investigator as they are to any starship captain. In a world where deception can take many forms, such ascharisma, forged documents, technological manipulation, or even trusted colleagues, your best defense is disciplined skepticism, rigorous process, and a commitment to the truth above all else.
In corporate investigations, the price of being deceived is high, but the rewards of vigilance, skepticism, and teamwork are higher. So, as you face your own “Elba II,” remember the lessons of Kirk and Spock: Trust the process, trust your team, and always keep your eyes open for the masks that others might wear.
Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection—they all take creativity. Join Tom Fox and Ronnie Feldman on the award-winning Creativity and Compliance. Ronnie’s company, Learning and Entertainment, leverages the entertainment devices people use to consume information in their daily lives and applies this approach to important topics such as compliance and ethics. It is not only about being funny. It involves adjusting the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.
Today, Ronnie takes a solo turn as host to Diana Whitney and Jason Blue, both from Acteon, to discuss their innovative approach to revamping their compliance program. With a new ownership structure emphasizing compliance, they created the I-Care Code. Through a creative rebranding effort featuring mascots Connie Compliance and Easy Breezy, the I-Care Code encompasses key values of integrity, compliance, accountability, respect, and ethics. By leveraging videos, interactive sessions, and a global roadshow, they successfully boosted employee engagement and speak-up cases, demonstrating the power of creativity in compliance.
Key highlights:
The Need for a New Compliance Approach
Introducing the I-Care Code
Creating Engaging Compliance Characters
Launching the I-Care Code: Roadshow and Global Engagement
Compliance Confessions – inspired by “Mean Tweets,” these 90-second commercials address misconceptions and excuses to promote a speak up culture and the E&C team as positive and helpful.
E&C Training Jams – a soulful singer banters with ethics & compliance, explaining policies, sharing examples, and debunking excuses.
Tales from the Hotline– Real speak-up-themed stories about workplace behavior gone wrong.
Workplace Tonight Show!– E&C meets SNL Weekend Update, explaining corporate risk topics and why employees should care.
60-Second Communication & Awareness Shorts– A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up, and the E&C team as helpful advisors and coaches.
Custom Live & Digital Programming– Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.
Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.
Real-time security for an AI code generator. (CheckMarx)
For more information on the use of AI in Compliance programs, Tom Fox’s new book is Upping Your Game. You can purchase a copy of the book on Amazon.com.
Today, we take a journey to one of Star Trek: The Original Series’ most intense psychological dramas: “Whom Gods Destroy.” On its surface, this episode is a tale of madness, manipulation, and peril. But for the vigilant compliance professional, it’s a trove of investigative lessons on dealing with deception, managing risk, and safeguarding your organization in an unpredictable world. Let’s beam down to Elba II, a remote asylum for the galaxy’s most dangerous criminally insane, to examine what this wild ride can teach us about effective corporate investigations.
1. Never Accept Surface Appearances—Verify, Then Trust
Illustrated By: Kirk and Spock are greeted by what appears to be the asylum’s director. Only later do they discover that Garth, using his ability to alter his appearance, is impersonating Cory and is, in fact, in control of the facility.
Compliance Lesson. In investigations, never accept things at face value.
2. Psychological Manipulation: Beware the Power of Charisma
Illustrated By: Garth, in his guise as both himself and others, uses his charisma and manipulation to sow confusion and loyalty among the other inmates.
Compliance Lesson. In many investigations, the most dangerous individuals are those who wield psychological influence. Charismatic leaders, managers, or employees can persuade others to cover up wrongdoing, falsify records, or sabotage investigative efforts.
3. The Importance of Access Controls and Segregation of Duties
Illustrated By: By centralizing control, Garth can manipulate everyone in the facility and thwart any rescue attempt.
Compliance Lesson: A key safeguard against fraud and misconduct is the principle of segregation of duties and strict access controls. If one individual or a small group can manipulate systems without oversight, your organization is vulnerable to abuse.
4. Recognize Red Flags and Act on Them Swiftly
Illustrated By: Despite several warning signs, unusual behavior from the “director,” cryptic comments from the staff, and security lapses, Kirk and Spock hesitate before taking decisive action.
Compliance Lesson. Every investigation reveals red flags. The question is, will your team recognize them early and act decisively?
5. Collaboration Is the Key to Outwitting Deception
Illustrated By: Spock’s skepticism and methodical approach are essential to cutting through the confusion and revealing the truth.
Compliance Lesson. Investigations should never be a solo endeavor. Collaboration, clear communication, and checks and balances are essential to unmasking sophisticated schemes.
Final ComplianceLog Reflections
“Whom Gods Destroy” may be set in a galaxy far away, but its lessons are as relevant to the compliance investigator as they are to any starship captain. In a world where deception can take many forms, such ascharisma, forged documents, technological manipulation, or even trusted colleagues, your best defense is disciplined skepticism, rigorous process, and a commitment to the truth above all else.
In corporate investigations, the price of being deceived is high, but the rewards of vigilance, skepticism, and teamwork are higher. So, as you face your own “Elba II,” remember the lessons of Kirk and Spock: Trust the process, trust your team, and always keep your eyes open for the masks that others might wear.
Welcome to Season 2 of the award-winning Data Driven Compliance. In this new season, we will look at the new Failure to Prevent Fraud offense. Join host Tom Fox as we explore this new law and how to comply with it through the lens of data-driven compliance. This podcast is sponsored by konaAI. In this episode of Season 2, Tom Fox is joined by Jonathan Armstrong.
Tom and Jonathan explore the historical context of fraud laws in the UK, the specifics and implications of the new legislation, the role of the Serious Fraud Office under the new rules, and its impact on corporations, especially those with international operations. Jonathan also outlines necessary steps corporations need to take to comply with the Act and prevent fraud within their organizations, including the importance of thorough risk assessments, top-level commitment, and effective communication and training programs.
Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
Today, we conclude our week-long series on pre-acquisition due diligence in M&A from the anti-bribery/anti-corruption perspective.
For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.
What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom Fox interviews Robert Meyers, a cybersecurity and privacy expert with over 30 years of experience.
Meyers shares his professional journey, emphasizing the evolution of IT and cybersecurity practices. He discusses significant privacy challenges, including data breaches and the philosophical divide between US and European privacy laws. The conversation also covers the integration of privacy principles and cybersecurity tools, the importance of cross-functional collaboration, and the role of agentic AI in reshaping security models. Additionally, Meyers highlights his ongoing work, including his book ‘Privacy Snippets for the Cybersecurity Professional,’ and his dedication to volunteer work at San Diego Comic-Con.
Key highlights:
Robert Meyers’ Professional Background
Early Cybersecurity Challenges
Evolution of Privacy and Security
Privacy Perspectives: US vs Europe
Role of Executives in Cybersecurity
Cross-Functional Collaboration
Innovative Cybersecurity Tools
Agentic AI and Privacy
Comic-Con and Professional Insights
Career Advice for Aspiring Professionals
Resources:
Privacy Snippets for the Cybersecurity Professional on Amazon
In this episode, we feature two conversations exploring different frontiers of finance and technology.
This episode focuses on Hong Kong’s startup company environment. Specifically, how conducive is the city’s ecosystem for their inception, growth, and scaling up—legally, commercially, and policy-wise?
In the initial spotlight segment, we speak with David Cameron, a veteran American lawyer based in the territory who advises startups on the challenges and pitfalls startups face in their earlier stages. Obtaining affordable and sound legal advice is a key part of their quandary.
Following that, we discuss how to establish a body that provides genuine support and mentoring to emerging HK businesses, featuring Syed Musheer Ahmed, managing director of FinStep Asia and a former regulator with the Virtual Asset Regulatory Authority in Dubai, alongside local lawyer Joshua Chu. Simply put, it’s going to revolve around a public-private partnership.
David Cameron is managing partner and founder of the David Cameron Law Office, or DCLO—an independent, HK-based law firm offering international legal services. Founded in 2021, the firm is qualified to act on matters of Hong Kong and New York law. He has 16 years of experience in the Hong Kong market—including time spent at some of the largest law firms in the world, such as Linklaters and Allen & Overy.
DCLO is a corporate law firm, offering advice and solutions on general corporate matters, capital raising, M&A, fund formation, and contract law. DCLO also has specialized areas in family law, employment law, immigration, and litigation. In addition, DCLO has the unique offering of acting as external general counsel for growing companies that do not yet have their own in-house legal counsel.
DCLO is also deeply involved in Hong Kong initiatives, such as family offices, Hong Kong limited partnership funds (LPFs), Hong Kong open-ended fund companies (OFCs), and the Hong Kong Capital Investment Entrant Scheme.
Joshua Chu is a prominent Hong Kong lawyer in all matters fintech and crypto, and a prolific writer. His opinion and insights are much sought after by the local press and correspondents of major foreign news organizations operating in the city. You can often hear him at his most candid on the radio at RTHK. He is also co-chair of the Hong Kong Web 3 Association and legal advisor to the Hong Kong Blockchain Association.
Syed Musheer Ahmed is the managing director of FinStep Asia—a firm he founded six years ago. With over 18 years of extensive experience as an ecosystem builder in the realms of capital markets, fintech, and virtual assets, including a decade as a global markets trader, before coming to Hong Kong to attain his MBA from the University of Hong Kong and London Business School’s joint program.
A self-described “fintech ballerina,” since 2016, Musheer has contributed extensively to building the region’s fintech and virtual assets ecosystem, particularly as the co-founder and as a concurrent board member and the inaugural general manager of the Fintech Association of Hong Kong (FTAHK).
He has also done a stint as a regulator. Beyond his many contributions to the territory’s fintech regulatory policy during his tenure with the FTAHK, from October 2022 to January 2024, he served as a financial markets risk assurance lead with the Virtual Assets Regulatory Authority in Dubai.
Discussion:
The conversation begins with a recent article published in the South China Morning Post, written by Petty Sito and Julie Zhang, which discusses how InvestHK, a quasi-governmental body, is now supporting local companies in expanding their overseas operations, a shift from its previous focus on attracting investment to the city over the past 25 years.
The article mentions that the Evident Group, operator of a digital investment platform for alternative assets and licensed by the Securities and Futures Commission, formed a partnership with Zand Bank, the UAE’s first fully licensed digital bank. The collaboration will provide the Dubai-based bank’s clients with investment opportunities through Evident’s tokenization technology and infrastructure.
Yet, is that enough when places like Singapore, Taiwan, and Israel long ago seemed to have learned how to nurture and scale up startups to go global? Our guests today believe that an empowered, well-resourced startup-centric body would be a good idea, and it will require a public-private partnership to make it happen.
The crux of the discussion is what can be done to improve Hong Kong’s startup ecosystem? More pointedly, what can be done to help up-and-coming companies reach their potential and become the juggernauts of tomorrow? Indications are that it will require a separate entity offering genuine startup support, something beyond InvestHK, Cyberport, Science Park, or the Hong Kong Trade Development Council.
David kicks things off, sharing his thoughts on the legal and compliance challenges that startups face in the Special Administrative Region with Regulatory Ramblings host Ajay Shamdasani. They discuss how to effectively serve as a lawyer for a startup when they don’t have much of a legal budget. In such instances, fractional or part-time in-house counsel might be more suited to a firm’s means and needs.
Yet, beyond legal considerations, other mistakes do startups make, such as running out of money too soon, seem like a cliché at this point. David shares his perspective on what can be done to improve the city’s ecosystem for startups and stresses that legal expenses should be seen as an investment in a firm’s future rather than costly, burdensome drudgery.
The discussion then shifts to Musheer and Joshua in the second segment. They stress that looking objectively at the SAR’s existing structure of InvestHK, Cyberport, and Science Park, and without being overly critical of what has come before, though past government actions – mistakes have been made and, hopefully, lessons have been learned. Even still, they ask, what would need to be done to create a proper startup support entity?
As Musheer notes, something distinct from either Cyberport or HKSTP is needed: “more of an internal InvestHK with a main [key performance indicator] of building and sustaining [a] local ecosystem.”
They both emphasize that the hallmark of a strong startup ecosystem is the strength of its community. “They need bank account access, government subsidies, and both local and international business ties,” Musheer said.
In a similar vein, Joshua added: “Is the community open to it [startups]? Hong Kong can be very myopic, with everyone doing their own thing. Early-stage funding in here is weak. How do we fix that?”
Both men cited examples from around the world that have been successful, including private-public partnerships, incubators like Hong Kong’s WHub, and university grants for startups – all of which Hong Kong has.
“The pain points in Hong Kong are that it is rich in tech and ideas, but you need many people for startups to thrive; a critical mass of consumers. They need a pool of consumers ready to be excited about product launches. Then look at how incubators can pitch to select committees,” Joshua said.
Both experts conclude that the city needs not only investors, but also mentors and a nurturing, open-minded community with support systems. That includes non-financial operational support for local startups in Hong Kong, with adequate communication and partnerships, and angel investors who can help with coordinating matters.
Culture and mindset are a key part of the equation. The local startup scene needs local angel advisers because, as Joshua observes, “the Hong Kong business environment is too Asian, too formulaic and math-based. We need some element of [creative] strategy.”
Infrastructure issues are also a concern. For example, the city’s Cyberport and Science Park could use better transportation, they say, because both locations are far away from the core business districts of Central, Admiralty, and Wanchai. Beyond that, both say the city has great facilities that can help bring innovative companies together.
“What’s needed is more facilitation of commercialization,” Musheer said.
The ultimate question is whether private enterprises can collaborate with the government to develop more effective business strategies.
Regulatory Ramblings podcasts is brought to you by The University of Hong Kong – Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech, with support from the HKU Faculty of Law.
In this film, Punter Southall Law’s Jonathan Armstrong discusses different approaches to AI legislation with Eric Sinrod, California professor and attorney at Duane Morris LLP. This is episode 294 in the popular TechLaw10 series. You can listen to earlier podcasts here.
Jonathan & Eric start by talking about America’s AI Action Plan and the hands-off approach to AI regulation promoted by the Trump administration. Jonathan contrasts that approach with the approach in the EU under the EU AI Act. Jonathan talks about the elements of the EU AI Act that are already in force:
1. bans on prohibited AI
2. mandatory AI literacy programs
3. provisions relating to GPAI. There are FAQs on the EU AI Act here.
David Cameron is managing partner and founder of the David Cameron Law Office, or DCLO—an independent, HK-based law firm offering international legal services. Founded in 2021, the firm is qualified to act on matters of Hong Kong and New York law. He has 16 years of experience in the Hong Kong market—including time spent at some of the largest law firms in the world, such as Linklaters and Allen & Overy.
Joshua Chu is a prominent Hong Kong lawyer in all matters fintech and crypto, and a prolific writer. His opinion and insights are much sought after by the local press and correspondents of major foreign news organizations operating in the city. You can often hear him at his most candid on the radio at RTHK. He is also co-chair of the Hong Kong Web 3 Association and legal advisor to the Hong Kong Blockchain Association.
Syed Musheer Ahmed
