Day: August 26, 2025

Categories
AI Today in 5

AI Today in 5: August 26, 2025, The Will AI Take Your Culture Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI compliance stories:

  • AI simulates 1000 years of weather. (Phys Org)
  • Agentic AI for workflow. (FT)
  • Navigating the challenges of responsible AI. (Forbes)
  • 20 ways to design AI GRC plans that work. (Forbes)
  • Is AI coming for culture? (New Yorker)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: August 26, 2025, The Customers Last Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • BCG staff outraged by company’s work to deport Gazans. (FT)
  • What a bunch of branding clunkers. (FT)
  • Should you rent a robot for compliance? (NYT)
  • The challenges of responsible AI development. (Forbes)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Word of the Week

Word of the Week with Kenneth O’Neal – The True Meaning of Toughness

Each week, Kenneth O’Neal discusses a word that describes a principle or value of the Qualities of Success. We suggest you use the Word of The Week in your thoughts, deeds and actions. You might currently possess the quality and desire to develop it to a higher level.  You could replace a bad habit with a good habit. Write an action step and use it daily to develop the Quality in your life. In this episode, Kenneth discusses the word – Toughness.

In this episode, Rick and Kenneth are back to discuss the concept of toughness, emphasizing its importance in both physical and mental aspects. They delve into its historical roots, discussing how it has evolved from physical endurance to mental resilience, and its relevance in various fields such as sports, military, business, and personal development. Key examples include the inspiring story of Julie Moss in the 1982 Ironman Triathlon and the rigorous journey on the Camino de Santiago, illustrating the physical, mental, emotional, and spiritual challenges involved. They also highlight the importance of perseverance, self-mastery, and consistent focus in achieving long-term goals.

Key highlights:

  • Defining Toughness
  • Mental Toughness and Self-Mastery
  • Historical Examples of Toughness
  • Modern Perspectives on Toughness
  • The Camino de Santiago Experience

Resources:

KRONEAL Consulting

Categories
Red Flags Rising

Red Flags Rising: S01 E26 – Grab the Carrots, Avoid the Sticks, and Get Ready for More Transparency

Mike and Brent pick up the discussion from Episode 25 with some further thoughts on the proposed revenue-sharing arrangement between the U.S. government and certain exporters, including what should be anticipated from the U.S. government in terms of increased transparency (01:36), give their take on the Maintaining American Superiority by Improving Export Controls Transparency Act signed into law by the President, including both what it does do and what it doesn’t do (10:27), and provide their takes on the long-running media speculation about a so-called “50% rule” that would extend the Entity List maintained by the U.S. Bureau of Industry & Security (BIS) automatically to subsidiaries or affiliates owned 50% or more by a listed entity (18:53), including questions that the debate raises about what due diligence is being done now on subsidiaries and affiliates of listed entities, and important distinctions between U.S. economic sanctions—from where the 50% rule concept is being borrowed—and U.S. export controls that suggest the rule is better suited for the former than the latter.

They conclude with another installment of Brent Carlson’s “Managing Up” (26:25).

Resources:

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
Innovation in Compliance

Innovation in Compliance – Global Outsourcing and GDPR Compliance – Navigating Challenges and Opportunities with Inge Zwick

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox interviews Inge Zwick, a senior leader from Emapta Global, a global outsourcing company, who elaborates on his experience working in different international locations, including the Philippines and now Italy.

Zwick discusses the complexities and common concerns around outsourcing under GDPR, emphasizing the importance of compliance and data protection. They explain how Emapta supports clients in achieving GDPR compliance while outsourcing, including risk assessments, data flow mapping, and maintaining secure work environments. The conversation delves into the practical aspects of handling Subject Access Requests (SARs), the integration of compliance into operational workflows, and the importance of maintaining ongoing monitoring and updates. Zwick also touches upon how ESG initiatives and compliance are seamlessly woven into Emapta’s operations, providing a sustainable approach to global outsourcing. Lastly, advice is given to business leaders on how to future-proof their outsourcing strategies in light of GDPR, encouraging them not to shy away from global talent opportunities due to compliance fears.

Key highlights:

  • Company Overview and Global Operations
  • Outsourcing and GDPR Compliance
  • Risk Assessment and Data Security
  • Subject Access Requests (SAR)
  • Outsourcing Contracts and GDPR Obligations
  • Integrating Compliance into Operations
  • Future-Proofing Your Outsourcing Strategy  

Resources:

Connect with Inge Zwick

Connect with Emapta Global

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

UM Cheating Scandal Part 2: A Culture at War With Compliance

In August 2025, the NCAA released its long-awaited Report on infractions committed by and for the University of Michigan football program. For compliance professionals, this case should be viewed not merely as a college sports story but as a case study in organizational misconduct, leadership failure, and cultural breakdown. Just as an FCPA enforcement action lays bare how companies slip into non-compliance, this NCAA decision reveals how one of the country’s premier football programs allowed systemic misconduct to flourish.

In Part 1 of this series, we looked at the factual background of the University of Michigan football program’s NCAA infractions case: the impermissible scouting scheme, recruiting inducements, failures to cooperate, and the repeat violator status that ultimately sealed the program’s fate. But if the facts explain what happened, they do not explain why it happened. So today, in Part 2, we consider the lack of a culture of compliance inside Michigan football.

The “why” lies in culture. And here, the NCAA’s decision is crystal clear: Michigan’s football program did not have a culture of compliance. The compliance office existed, it was well-resourced, and a respected Chief Compliance Officer staffed it. Yet the football program treated compliance as a nuisance, an adversary, even an enemy. For compliance professionals, this is where the story gets interesting. Because in sports, as in business, culture eats policy for breakfast.

The Adversarial Relationship with Compliance

The NCAA decision describes a “contentious relationship” between Michigan football and the university’s compliance office. Staff members regularly dismissed or mocked compliance staff. One recruiting staffer went so far as to describe them in a text message as “true scum of the earth.” Others referred to compliance as “roadblocks” or even “shitty at their jobs.” Indeed, UM’s Chief Compliance Officer herself acknowledged that she was “perceived as a thorn in [Harbaugh’s] side.” Even the athletic director noted the “tension” he observed between the two offices.

For any corporate compliance officer, this picture may sound all too familiar. You have a respected compliance function, staffed by experienced professionals, but the business unit sees them as the enemy. Compliance is viewed not as a partner but as an obstacle. When that perception takes hold, it is only a matter of time before rules are ignored, controls are bypassed, and misconduct proliferates.

Willful Blindness and “Not Wanting to Know”

The culture in Michigan football was not simply adversarial; it was deliberately blind. Regarding Connor Stalions’ elaborate signal-stealing scheme, multiple staffers admitted that “no one really cared how you got it done as long as you got it done.” A student-athlete noted that the staff “went out of their way not to know” what Stalions was up to.

Even when red flags were raised, they were dismissed. One intern reported that Stalions asked him to rent a car under false pretenses. When he brought this up to an Assistant Coach, including concerns about “signal stealing,” he was told the coach “did not want to hear any more about that.” Another coach, confronted by an opponent who accused Michigan of improper sign stealing, relayed the concern internally, only to be met with a shrug and denial.

This is the corporate equivalent of sales teams ignoring whistleblowers who raise concerns about improper payments, or executives waving away red flags because they don’t want to know. It is the textbook definition of willful blindness, a concept the DOJ and SEC regularly cite in enforcement actions.

Excluding Compliance from the Room

The Chief Compliance Officer testified that she and her team were rarely, if ever, invited into football operations by the football staff. Instead, they had to push their way in: “I can’t think of a time when we scheduled a meeting at football’s request. It was pretty much always us saying, hey, we’ve got to get in there, we’ve got to do some education”.

Obviously, this matters, even if only for optics. Compliance cannot be effective if it is excluded from the business. When compliance officers are locked out of meetings, ignored in decision-making, or treated as outsiders, they cannot monitor risks or detect misconduct. In corporate settings, we often see this when compliance is not given a seat at the table in M&A due diligence, sales strategy, or third-party onboarding. The result is predictable: compliance is left to clean up violations after the fact, rather than preventing them in real time.

Interns, Education, and the Forgotten Workforce

One of the most revealing details in the NCAA’s decision involves the interns. Stalions used interns heavily in his scouting scheme. They were instructed to attend games, film sidelines, and even help analyze signals. Some were unsure whether their actions were permissible. The Chief Compliance Officer admitted that Michigan had no targeted compliance education for interns. Here, you can recall HP and its FCPA enforcement action, where a contract employee was unsure how to raise compliance concerns. Interns came and went frequently, making them difficult to track. Compliance training was focused on full-time staff, not on lower-level interns.

Sound familiar? In corporate compliance, we often see companies that train executives but neglect contractors, temporary workers, or third-party agents. Yet these “lower-level” actors usually pose the greatest risks, precisely because they are less trained, less supervised, and more vulnerable to pressure.

The lesson here is straightforward: compliance education cannot stop with senior leaders. It must cascade down to every level of the organization, including temporary staff, contractors, and anyone acting on behalf of the enterprise.

Harbaugh’s Leadership and the Tone at the Top

At the center of all of this was head coach Jim Harbaugh. The NCAA made it clear: “Harbaugh did not embrace responsibility. He and his program had a contentious relationship with compliance, leading coaches and staff members to act, at times, with disregard for the rules”.

This is the compliance officer’s nightmare. When the leader of the organization treats compliance as an adversary, that tone cascades down. Staff pick up on it. Interns internalize it. Even student-athletes understood the message: compliance was not to be welcomed.

Tone at the top is more than a catchphrase; it is the single greatest driver of compliance culture. Regulators from the DOJ to the FCA in the UK emphasize it again and again. Harbaugh’s indifference or worse, hostility, set a tone that made noncompliance not just possible but inevitable.

The Cost of Compliance as “The Enemy”

The Michigan case is a powerful example of the dangers of treating compliance as the enemy. When business units (or in this case, football staff) see compliance as an obstacle, several consequences follow:

  1. Red flags are ignored — because staff fear raising them or believe no one cares.
  2. Compliance staff are marginalized, making it harder to educate or monitor.
  3. Misconduct festers in the shadows — as employees learn that leadership values results over rules.
  4. Investigations are obstructed — because a culture that disrespects compliance has no incentive to cooperate with regulators.

For corporations, the consequences are clear: higher penalties, damaged reputations, and, in some cases, existential crises.

Corporate Parallels: Uber, Wells Fargo, and Beyond

Michigan football’s cultural breakdown is hardly unique. We’ve seen the same dynamic play out in corporate scandals:

  • At Uber, a “growth at any cost” culture led to systemic misconduct and regulatory run-ins.
  • At Wells Fargo, sales culture so dominated compliance that millions of fake accounts were created, even as compliance officers raised alarms.
  • At Odebrecht, a construction giant, compliance existed on paper but was ignored in practice, allowing a global bribery scheme to flourish.

In each case, the lesson was the same: when culture treats compliance as an obstacle, violations become not just likely but inevitable.

The Compliance Officer’s Dilemma

One striking aspect of the NCAA decision is how much it sympathized with Michigan’s Chief Compliance Officer. The panel noted that she was “a well-respected leader in the industry” and that she “did everything she could to promote compliance.” Yet her efforts “were not welcomed. Instead, they were rebuked, dismissed, and disregarded”.

This raises an important question for compliance professionals: what happens when the business refuses to engage? What happens when leadership is openly hostile to compliance?

The DOJ has been clear on this point. It is not enough to have compliance programs that look good on paper. Regulators will ask whether compliance has sufficient stature, resources, and access to management. If compliance is marginalized, companies cannot expect leniency.

Lessons for Corporate Compliance Officers

What should compliance professionals take from Michigan’s cultural breakdown?

  1. Measure culture, not just policies. Policies are necessary, but culture drives behavior. Tools like employee surveys, exit interviews, and hotline trends can help assess whether compliance is trusted or distrusted.
  2. Fight for access. Compliance must be in the room where business decisions are made. If your team is always chasing after the business, you are already behind.
  3. Train the forgotten workforce. Interns, contractors, and agents often do the risky work. Make sure they are trained, monitored, and held accountable.
  4. Escalate leadership failures. If tone at the top is toxic, escalate to the board. Regulators are increasingly holding boards accountable for failing to address cultural risks.
  5. Document resistance. If business leaders are hostile to compliance, document it. This may protect you later and show regulators that the compliance function was not complicit.

Culture Wins Every Time

The Michigan football infractions case demonstrates what happens when compliance is marginalized. The Chief Compliance Officer could not overcome a culture that treated compliance as an enemy. Harbaugh’s tone at the top, combined with willful blindness, ensured that misconduct flourished.

For corporate compliance officers, the lesson is sobering: no matter how good your compliance systems are, culture will win. If leadership sets the wrong tone, compliance will fail.

Join us tomorrow, as we continue this series with Part 3, where we will examine the penalties Michigan received, including fines, suspensions, and probation, and draw lessons on how repeat violations, obstruction, and cultural failure influence sanctioning decisions.