Day: June 12, 2026

Categories
Trekking Through Compliance

Trekking Through Compliance: The Menagerie Part 2

In this episode of Trekking Through Compliance, we consider the episode The Menagerie, Part 2, which aired on November 24, 1966, Star Date 3012.4. In this episode of Trekking Through Compliance, we conclude our two-part exploration of The Menagerie, one of Star Trek’s most profound ethical narratives. As Spock’s court-martial plays out, we watch the rest of the transmitted footage from Captain Pike’s original visit to Talos IV. The illusion-wielding Talosians attempt to enslave Pike and Vina in hopes of rebuilding their planet’s surface with human labor. But their plan backfires when they encounter humanity’s resistance to captivity.

In the present, we learn that Spock’s tribunal was a strategic façade to secure Pike’s return to Talos IV, where, with Pike’s consent, he is offered a peaceful existence through illusion. This finale provides a comprehensive framework for ethics lessons, encompassing topics such as consent and manipulation, autonomy, truthfulness, and the role of long-term care in leadership transitions.

Key highlights:

1. Ethical Use of Illusion—The Fine Line Between Comfort and Consent

🖖 Illustrated by: The Talosians offering Pike a lifetime of comfort through illusion, but only after first attempting to manipulate him.

The Talosians begin by imposing scenarios on Pike without his consent. In terms of compliance, this is a lesson in data ethics: just because a tool (such as AI or surveillance) can make someone’s life easier, it doesn’t mean it should be used without explicit, informed consent.

2. Integrity in Crisis—The Court-Martial as a Moral Strategy

🖖 Illustrated by: Spock engineering a fake court-martial to buy time for Pike’s transport to Talos IV.

This audacious act raises ethical questions about deception for a noble cause. Compliance officers may never stage a tribunal, but the principle applies: when rules obstruct just outcomes, ethics requires us to escalate, document, and—if necessary—stand firm against institutional inertia.

3. The Ethics of Autonomy—Freedom Over Control

🖖 Illustrated by: Number One setting her phaser to overload rather than submit to captivity.

Few Star Trek moments better embody ethical resolve. Facing enslavement, the crew chooses death over compliance with unjust control. Compliance professionals must be empowered to say “no” when asked to compromise core values.

4. Informed Decision-Making—Pike’s Final Choice

🖖 Illustrated by: Pike, in his current condition, choosing to return to Talos IV with full awareness of the illusion offered.

Unlike the earlier manipulation, this is an ethical decision-making process: he is fully informed, and he consents. Whether it’s employee disclosures, third-party agreements, or investigations, complete and honest disclosure must underlie all meaningful choices.

5. Ethical Leadership and Compassion—Caring for the Vulnerable

🖖 Illustrated by: Spock risking his career to ensure a dignified future for Captain Pike.

This may be the most compelling lesson of all. Leadership doesn’t end when someone is no longer “useful.” Succession planning, post-employment protections, and disability accommodation aren’t compliance afterthoughts, and they’re moral imperatives.

Final Compliance Reflections

The Menagerie, Part 2 is a layered examination of ethical leadership, personal sacrifice, and informed autonomy. For compliance professionals, it serves as a reminder that rules must serve people, not the other way around. Spock’s courtroom gambit was a calculated risk, but it was also a profoundly moral act. When policy and principle collide, ethics must lead the way.

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Timothy and Fiona are AI generated voices.

Categories
AI in Healthcare

AI in Healthcare: Five Healthcare AI Stories You Need to Know This Week-June 12

Welcome to AI in Healthcare in 5 Stories. This podcast is a Weekly Briefing of the five most important AI developments shaping healthcare, medicine, and life sciences. Each week Tom Fox breaks down the latest stories in clinical innovation, regulation, privacy, compliance, patient safety, and operational transformation, all through a practical and business-focused lens. Designed for healthcare compliance professionals, executives, legal teams, clinicians, and industry leaders, the podcast moves beyond headlines to explain what each development means in the real world.  The top five stories for the week ending June 12, 2026 include:

  1. AI is scaling healthcare costs.(MedCityNews)
  2. AI gets 76% of healthcare inquiries correct.(PennStateHealth)
  3. Transparency key for AI use in healthcare.(Ohio.edu)
  4. AI and cybersecurity risks in healthcare. (Forbes)
  5. Nvidia developing a healthcare model.(WSJ)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com. To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance-Episode 78— a Brave New World edition

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

 Stories This Week Include

  • SBF Applies for Pardon
  • Post Wells Issues for Profit Disgorgement
  • Sad Day for College Sports
  • Hungary uses AI to track Orban corruption
  • Meetings are Useless
  • Big Banks and New tokenization
  • OFAC fines FTI
  • What is MNPI
  • The compliance job market
  • Florida man writes he is not home on whiteboard outside house. Arrested nonetheless

Resources

Kristy

Kristy Grant-Hart on LinkedIn

Order Kristy’s updated, at 10-years, new edition of How to Be a Wildly Effective Compliance Officer, by clicking here.

Tom

Check out the top handbook in compliance, The Compliance Handbook, 7th edition, published by LexisNexis. Visit the LexisNexis® Store at https://lexisnexis.com/fox20

To save 20% on The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, please reference or enter promotion code: FOX20

Offer expires December 31, 2026. Offer applies to new orders only, before shipping and taxes are calculated, shipped to a U.S. address. Discount will be applied to each applicable product after code FOX20 is entered. Discount does not apply to current subscriptions, renewals or updates. Certain exclusions and other restrictions may apply. Void where prohibited. View full terms here.

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: June 12, 2026, The Everyone’s a Stakeholder Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. 3 things compliance leaders can’t ignore about AI. (FinTechGlobal)
  2. Microsoft CEO says everyone is a stakeholder in AI. (NYT)
  3. Jeff Bezos says AI will be ‘golden age’. (FT)
  4. Nvidia is developing a healthcare model. (WSJ)
  5. Bank CEOs brush off AI cash optimization. (BankingDive)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on ⁠Amazon.com⁠.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on ⁠Amazon.com⁠.

Categories
Daily Compliance News

Daily Compliance News: June 12, 2026, The What is Anti-DEI? Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Hungary unveils new ABC bill. (Bloomberg)
  • States sue over Administration’s anti-DEI push. (Reuters)
  • South Korea fines company $410MM over data breaches. (WSJ)
  • Investors targeting Spanish assets in the US. (FT)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
AI in Financial Services in 5 Stories

AI in Financial Services in 5 Stories – Week Ending June 12, 2026

Welcome to AI in Financial Services in 5 Stories. A practical weekly roundup of the five most important AI developments affecting banking, insurance, payments, asset management, and fintech. Each Friday, Tom Fox will break down the top stories that matter most through the lenses of compliance, risk management, governance, and business strategy. Designed for compliance professionals, executives, legal teams, and financial services leaders, it goes beyond headlines to explain why each development matters in a highly regulated industry. The result is a concise weekly briefing that helps listeners stay current on AI innovation while asking sharper questions about oversight, accountability, and trust.

This week’s stories include the following:

  1. AMLA as a single financial crimes tool in the EU.(FinTechGlobal)
  2. Is your bank ready for Agentic AI? (OpenTextBlog)
  3. Will AI help women in financial services? (FinTechMagazine)
  4. The next changes in banking will not be about tech. (TheFinancialBrand)
  5. Bank CEOs brush off AI cash optimization. (BankingDive)

For more information on the use of AI in Compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Blog

The Menagerie, Part 2 – Consent, Compassion and the Ethics of Exceptional Compliance

Show Summary

Today, we conclude the two-part saga of The Menagerie, a story that redefined ethical decision-making in leadership. When we left off in Part 1, Spock had surrendered himself for court-martial after hijacking the Enterprise and transporting his former captain, the severely disabled Christopher Pike, to the forbidden world of Talos IV. As Part 2 unfolds, we learn the true motivation behind Spock’s defiance and the profound ethical reasoning that underpins it.

This episode is not simply a continuation of a trial. Instead, it can be seen as a meditation on autonomy, empathy, and what it means to act ethically in a rigid system. For compliance professionals, The Menagerie, Part 2, is rich with insights into the complex choices we must make when policy, principle, and human dignity are at odds. In today’s blog post, we examine five major ethical themes from this story and illustrate how each one is grounded in a specific scene from the episode, providing compliance leaders with a framework for navigating real-world dilemmas within their organizations.

1. Autonomy and Informed Consent—Giving Voice to the Voiceless

Illustrated by: At the heart of this episode is Pike—a former starship captain, now paralyzed and confined to a life-support chair, capable only of answering “yes” or “no” via a blinking light. When the Talosians offer him the chance to live in a world of illusion, he is asked if he wants to stay. He says, “Yes.”

Ethical Lesson:

This moment underscores a foundational principle of ethics: the right to self-determination. Pike is not coerced. He is not manipulated. He is fully informed of what Talos IV offers—freedom through illusion—and he consents. In terms of compliance, this is the gold standard of ethical choice: voluntary, informed, and communicated.

For compliance professionals, it serves as a reminder that we must go beyond the checkbox approach to obtaining consent. Whether the issue is data privacy, workplace investigations, or employee monitoring programs, “informed consent” means more than legal formality. It means the individual understands the choice, has time to consider it, and is free to say no without fear of retaliation. Pike’s “yes” only matters because he has the freedom to say no.

2. Compassion as Compliance—Bending the Rules to Uphold Human Dignity

Illustrated by: Spock’s entire plan is illegal. He falsifies orders, hijacks a starship, and brings Pike to a planet that is off-limits under the most severe Federation regulation. Why? Because it’s the only place where Pike can live a meaningful, peaceful life.

Ethical Lesson:

This is perhaps the most potent lesson of The Menagerie, Part 2: sometimes, strict adherence to policy can result in cruelty. And in those moments, compliance must yield to compassion. Spock’s decision to act outside the rules was not made lightly; instead, it was made because no other pathway would preserve Pike’s dignity.

In real-world corporate ethics, this translates into the idea that rules should serve people, not the other way around. A zero-tolerance policy without exceptions is often a warning sign of a compliance culture that lacks empathy and understanding. Compliance leaders must ask, is the rule doing what it was meant to do, or has it become a barrier to doing what’s right?

3. Leadership, Legacy, and Ethical Loyalty

Illustrated by: The entire reason Spock risks his career and his freedom is because of Pike’s legacy. Pike once led with integrity, courage, and fairness—and now, Spock is repaying that leadership with a courageous act of his own. It’s a profoundly emotional portrayal of ethical loyalty.

Ethical Lesson:

This theme touches on a more profound truth for compliance professionals: how you lead today shapes how others will behave tomorrow. If you foster a culture of fairness, transparency, and ethical behavior, your team will carry those values forward, even when you’re no longer in charge. Pike’s silent presence throughout the episode reminds us that leadership never truly ends. Compliance officers who mentor, guide, and uphold ethical values may not see the immediate benefits of their work. Still, they build organizations that continue to act ethically, even in times of crisis. Spock is evidence of that.

4. Ethics and Illusion – When Appearance Isn’t Reality

Illustrated by: On Talos IV, Pike appears whole again, walking beside Vina in a paradise shaped entirely by illusion. The Talosians, with their extraordinary mental abilities, create an environment that allows Pike to escape his physical limitations. And yet, they ask for his consent. They do not impose.

Ethical Lesson:

This plot element speaks to the fine ethical line between influence and manipulation. Illusions are not inherently unethical, provided the subject is aware of and agrees to them. In corporate settings, this theme is reflected in marketing ethics, internal communications, and the deployment of AI or surveillance tools. Are you presenting employees or customers with reality or a version curated to control behavior? The Talosians’ decision to inform Pike and let him choose demonstrates the ethical use of influence. Compliance professionals must ensure the same: transparency about tools and methods, respect for personal agency, and a refusal to exploit trust.

5. Strategic Deception and Transparency in Purpose

Illustrated by: The court-martial is revealed to be a ruse, a diversion designed to buy time to reach Talos IV. Commodore Mendez himself turns out to be an illusion projected by the Talosians, orchestrated to ensure Pike’s safe arrival. Yet, once the objective is achieved, the Talosians shut off the illusion and reveal everything.

Ethical Lesson:

Here, we see a nuanced, almost paradoxical ethical lesson: strategic deception, when used to advance truth and dignity, can be morally justifiable only if it ultimately leads to complete transparency. The court believed Spock’s actions to be treason. In the end, they see them as mercy. But that re-evaluation is only possible because Spock allows the process to run its course and discloses all.

In compliance work, this is akin to delaying disclosure of a suspected fraud to complete an internal investigation, but only if the delay is justified, temporary, and ultimately resolved through complete transparency. Ethical leadership means not only making the right call but also being willing to explain it afterward.

Final ComplianceLog Reflections

The Menagerie, Part 2, brings to a close one of the most deeply ethical stories in the entire Star Trek franchise. It’s a courtroom drama, but more importantly, it is a test of values. Spock breaks the law not to defy it but to defend a higher truth. Pike chooses not to escape reality but to find peace. And the Federation, to its credit, sees that sometimes rules must serve people, not imprison them.

For compliance professionals, the takeaway is this: never forget the humans behind the policies. Whether you’re writing a code of conduct, leading an investigation, or implementing controls, ask yourself: Does this uphold dignity and respect? Does it protect the agency? Does it serve the truth?

Ultimately, compliance isn’t solely about preventing risk. It’s about protecting people just as Spock protected Pike, not by obeying policy but by honoring his legacy, his dignity, and his will.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The CCO as AI Trust Architect

The most important AI risk inside many companies may not be that employees are using AI. It may be that employees are using AI and hiding what they are learning. That is the central compliance lesson from Eric Anicich and Jeslyn Brouwers’ HBR article, Why Employees Aren’t Transparent About Their AI Usage. The authors open with a physician who had built a highly effective prompting template inside an approved, HIPAA-compliant AI tool. His colleagues were struggling with the same tool. He believed his template could help them. Yet he did not share it.

The article reports that a study by KPMG and the University of Melbourne, involving more than 48,000 respondents, found that 57% of employees admitted to hiding their AI use at work. More importantly, the authors argue that concealed use is only part of the issue. What employees are learning privately through prompt sequences, chained tools, and successful workflows may matter even more. AI introduces what the authors call the suppression of solutions: employees may be withholding productivity breakthroughs that could help the entire organization.

For the CCO, this creates a new mandate. The compliance function must help bring AI use into the open without becoming the AI police. The CCO must build a governance system that encourages employees to disclose, share, and improve AI-enabled work while still protecting the company from real risks around confidentiality, privacy, IP, bias, inaccurate outputs, cybersecurity, records retention, regulatory representations, and misuse. That is the function the CCO can fulfill: the AI trust function.

Why Hidden AI Use Is a Compliance Problem

Most compliance professionals instinctively focus on the obvious AI risks. Employees may paste confidential data into public tools. They may use AI to draft customer-facing claims without verification. They may generate code, contracts, marketing copy, investigation summaries, due diligence reports, or regulatory submissions without appropriate review. They may rely on AI outputs that are inaccurate, biased, incomplete, or unsupported. Those risks are real.

But the authors point to a second problem: the company may also be losing the benefits of compliant AI experimentation. Productivity gains are once scaled through shared systems and standardized processes. With AI, many gains begin as individual discoveries: a better prompt, a workflow shortcut, a way to summarize information, a way to identify anomalies, or a method that reduces a multi-hour task to minutes. That knowledge is portable, private, and easy to conceal.

This means the CCO must avoid a one-dimensional response. A punitive AI governance program may reduce some visible misuse, but it may also drive experimentation underground. Employees who fear being judged, punished, overworked, or replaced will not share what they are doing. They will protect themselves. That creates the worst of both worlds: risk remains hidden, and useful innovation remains trapped inside individual workflows.

The CCO’s New Role: Govern for Trust, Not Just Control

The author’s core finding is highly relevant to compliance. They surveyed 604 U.S.-based employees who used AI at work daily or multiple times per day. Nearly one in three said they had intentionally withheld AI-related knowledge, workflows, or techniques. Employees in the lowest quartile of organizational trust were nearly four times as likely to withhold AI knowledge as those in the highest quartile (47% versus 14%). A similar pattern appeared for psychological safety, 45% versus 17%.

That finding should feel familiar to compliance professionals. Speak-up culture works the same way. Employees report misconduct when they believe the company will listen, protect them, and act fairly. Employees hide misconduct when they believe the company will punish the messenger, ignore the issue, or retaliate indirectly. AI transparency is now a speak-up issue.

The CCO should therefore treat AI disclosure as part of the company’s broader culture of integrity. The question is not merely, “Are employees using approved AI tools? ”The better question is, ‘Do employees trust us enough to tell us how they are using AI, what they have learned, where they are uncertain, and what risks they see? ”

That is where the compliance function can add unique value. Compliance already understands reporting channels, non-retaliation, policy clarity, training, investigation triage, escalation, monitoring, remediation, third-party risk, and board reporting. Those capabilities can be applied to AI governance if the CCO frames the issue correctly.

Distinguish Experimentation from Misconduct

A major insight in the article is that companies often confuse two very different categories of behavior. One is blameworthy deviance: ignoring rules or cutting corners in ways that harm the organization. The other is exploratory testing: experimenting at the edge of what is known in ways that can generate valuable learning. When companies confuse the second with the first, they punish the behavior they need to encourage. This is directly applicable to the CCO.

An employee who uploads customer personal data into an unapproved public AI tool may have created a serious compliance issue. An employee who uses an approved internal AI tool to create a better first draft of a due diligence memo may have created a learning opportunity. An employee who uses AI to fabricate supporting documentation has engaged in misconduct. An employee who uses AI to test a workflow and then asks compliance whether the use is permissible has done exactly what the company should want. The CCO’s job is to build a framework that makes those distinctions clear.

That means creating red lines, green lanes, and gray zones. Red lines are prohibited uses: confidential data in unapproved tools, AI-generated false records, unreviewed regulatory filings, discriminatory automated decision-making, or any use that circumvents required approvals. Green lanes are encouraged for use: approved tools for summarization, first drafts, brainstorming, translation support, policy search, training development, or internal productivity tasks, where appropriate safeguards are in place. Gray zones are uses that require consultation: HR decisions, customer communications, legal analysis, investigation outputs, high-risk third-party reviews, or regulated submissions.

A compliance program that treats every use of AI as suspicious will teach employees to hide. A compliance program that treats every use of AI as harmless will fail in its duty. The CCO must create the middle path: clear, risk-based, practical, and trusted.

Earn the Disclosure You Want

The article advises leaders to “earn the disclosure” they want. Employees need clear guidance on what AI use is encouraged, what is off-limits, and how to handle gray areas. The authors also warn that companies should not force employees to convert a useful prompt into a long process memo. Lightweight templates, short demos, and practical “show me how you built this” sessions are better ways to turn private methods into reusable knowledge.

That is a practical blueprint for the CCO. A CCO should create an AI disclosure process that is easy to use. It should not feel like an investigation request. It should not require a ten-page form. It should not punish employees for asking questions. The goal is to make disclosure normal.

That is enough to begin. The CCO can then partner with IT, Legal, Privacy, Cybersecurity, HR, Internal Audit, and business leaders to determine whether the workflow should be approved, modified, shared, restricted, or escalated. The key is tone. The message should be: “Show us what you are learning so we can help you use AI safely and scale what works.”

Reward Multiplier Behavior

The article warns against rewarding only individual AI productivity. If employees believe that sharing makes them less distinctive while others benefit, they will hide. Instead, companies should reward reusable workflows, peer adoption, quality improvements, and contributions that help others. The authors recommend giving credit in performance reviews, protecting time for continued experimentation, and closing the loop by telling employees where their contribution was used and what improved. This is where a CCO can help turn AI transparency into culture.

Compliance should not run a generic AI leaderboard that encourages unhealthy competition. Instead, the CCO should help build recognition for responsible AI multipliers: employees who find a better way to do their work, disclose it, help validate it, and enable the company to scale it safely. This turns AI governance from a prohibition system into an integrity system. Employees are not just being told what not to do. They are being recognized for helping the company do better.

In compliance terms, that means rewarding employees who:

  • Identify a safe AI workflow that improves the effectiveness of control.
  • Flag a risky AI use before harm occurs.
  • Develop a prompt that improves due diligence quality.
  • Create a monitoring workflow that identifies anomalies faster.
  • Help colleagues use approved tools properly.
  • Document limitations and human review requirements.
  • Share lessons learned from AI experimentation.

Treat Disclosure as a Contribution

One of the article’s most powerful points is that the manager’s reaction in the first thirty seconds after an employee discloses an AI workflow may be the decisive trust signal. If the employee is treated as though they cut corners, they learn to hide. If the disclosure is treated as something worth understanding, they learn that disclosure pays. The authors also warn that disclosure should not amount to unpaid labor; the employee should demonstrate the method once, and the company should then own the documentation, distribution, and support, while the discoverer keeps the credit. This is a direct instruction to compliance professionals.

A CCO should train managers to respond the same way. Most AI disclosures will not go to compliance first. They will happen in team meetings, performance conversations, project reviews, and manager check-ins. If local managers shame employees for using AI, employees will hide. If local managers automatically add more work to anyone who discloses a productivity gain, employees will hide. If local managers give credit and bring compliance in as a partner, employees will share.

The CCO’s AI Trust Playbook

A CCO who wants to fulfill this function should take five practical steps.

  1. Create a risk-based AI use framework. Define prohibited uses, encouraged uses, and uses requiring consultation. Make the guidance short, practical, and example-driven.
  2. Build a safe AI disclosure channel. This should be separate from the hotline in tone, even if connected administratively. Employees need a place to ask, “Can I use AI this way? ”without feeling as if they are self-reporting misconduct.
  3. Launch structured AI learning sessions. Invite employees to demonstrate useful workflows created with approved tools. Keep documentation light. Capture the use case, data inputs, review controls, risks, and adoption potential.
  4. Partner with HR on incentives. Ensure responsible AI sharing is recognized in performance reviews, promotion discussions, and leadership communications. Reward employees who become AI multipliers, not only those who quietly produce more.
  5. Report AI transparency metrics to leadership and the board. Do not only report policy completion or tool adoption. Report the number of disclosed workflows, number approved for broader use, number modified for risk reasons, number rejected, key risk themes, training gaps, and examples where disclosure improved both productivity and control.

Conclusion

The CCO should not try to own every aspect of AI. IT must own infrastructure. Cybersecurity must own security controls. Legal must advise on legal risks.  Privacy must address data protection. HR must address workforce impacts. Business leaders must own operational use cases. Internal audit must test the program. But the CCO can own the trust architecture.

The bottom line is straightforward. AI governance cannot be built only on restriction, monitoring, and fear. That approach may make the company look controlled while driving the most important AI activity underground.

The CCO has a different opportunity: to build an AI trust function that brings use cases, risks, questions, and innovations into the open. The compliance function should not be the department that says, “Do not use AI.” It should be the function that says, “Use it responsibly, show us what you are learning, and let us help the company scale it safely.” That is how compliance fulfills this function. It turns hidden AI use into visible learning, visible learning into governed practice, and governed practice into ethical business value.