Categories
Daily Compliance News

Daily Compliance News: July 13, 2026 the Profoundly Corrupt Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • EU critic says FIFA is “profoundly corrupt.”.  (Politico)
  • Indonesia ABC prosecutor found with $20MM in cash. (Al Jazeera)
  • Atlassian illegally fired worker who questioned policy changes.(NYT)
  • Apple sues OpenAT for information theft. (FT)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
AI Today in 5

AI Today in 5: July 13, 2026 the AI as Sludge Buster Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. Blueprint for successful AI AML implementation. (FinTechGlobal)
  2. Can corporations survey the Age of AI. (MinnesotaLawyer)
  3. AI changing build v. buy Q. (BankingDive)
  4. AI can be financial sludge buster. (FT)
  5. Apple alleges OpenAI stole confidential information. (Bloomberg)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com. To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 43 – In the Shadow of Doubt: Lessons from “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization. Today, we explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Timothy and Fiona are AI generated voice.

Categories
Blog

In the Shadow of Doubt: Institutional Fairness and Institutional Justice Lessons from Star Trek’s “Wolf in the Fold”

Every compliance professional, sooner or later, must confront the uncomfortable truth that sometimes the system gets it wrong. Whether due to circumstantial evidence, unconscious bias, or institutional inertia, there are moments when the innocent stand accused and the integrity of the investigative process itself is on trial. Star Trek: The Original Series’ “Wolf in the Fold” is a cautionary tale about just such a scenario, offering invaluable insights for anyone who cares about justice, fairness, and the reputation of their organization.

The episode places Chief Engineer Montgomery Scott (“Scotty”) in the center of a series of brutal murders on Argelius II. Despite the mounting evidence against him, the real story is about how Captain Kirk, Mr. Spock, Dr. McCoy, and the Argelian authorities pursue the truth—and how easily institutional justice can go astray.

Let’s explore the investigative and fairness lessons compliance professionals can glean from this classic Star Trek whodunit.

Lesson 1: Presume Innocence—Don’t Rush to Judgment

Illustrated By: After the first murder, all evidence seems to point to Scotty. He’s found with the victim, holding a knife, but claims to have no memory of the incident. The local authorities and some Enterprise personnel are quick to suspect him due to the seemingly damning circumstances.

Compliance Lesson: A foundational principle of any fair investigative process is the presumption of innocence. It’s easy to rush to judgment when circumstantial evidence piles up, especially under pressure from leadership or regulators. But professionalism and institutional integrity require that we suspend bias and keep our minds open until the facts are thoroughly explored.

Bake the presumption of innocence into your investigative policies and training. Remind every team member and stakeholder that even the most “obvious” cases demand impartial investigation. Document early assumptions and check for bias throughout the inquiry.

Lesson 2: Avoid Tunnel Vision—Expand the Investigative Lens

Illustrated By: As more murders occur and Scotty continues to be in the wrong place at the wrong time, suspicion remains fixed on him. However, Spock and Kirk resist the urge to focus solely on their friend. They consider alternate explanations, explore technical anomalies, and even question the possibility of non-human involvement.

Compliance Lesson: Tunnel vision is a persistent risk in any investigation, especially when a plausible suspect fits the facts. True institutional fairness demands that compliance professionals look beyond the immediate and obvious, systematically considering alternative scenarios and other suspects.

Develop “red team” protocols or assign a “devil’s advocate” role in major investigations to challenge prevailing theories deliberately. Require documentation of all hypotheses considered and make alternate scenario analysis part of your standard investigative checklist.

Lesson 3: Leverage Expertise and Technology—But Don’t Abdicate Human Judgment

Illustrated By: Kirk and Spock seek help from Sybo, the Argelian empath, and use the Enterprise computer to analyze the evidence, eventually exposing the supernatural entity Redjac as the true culprit. However, they do not blindly trust the results. Kirk and Spock synthesize the technological findings with their reasoning, refusing to let the investigation be dictated by technology alone.

Compliance Lesson: While data analytics, forensics, and investigative technology are powerful tools, they are not infallible. Technology should augment, not replace, the judgment of experienced investigators. Relying solely on computer output or external expertise without human analysis can lead to catastrophic mistakes, especially in nuanced, high-stakes cases.

Balance the use of forensic technology with critical thinking and seasoned judgment. Always validate technological findings with multiple sources, and require human review before making conclusions. Foster a culture where “computer says so” is never an excuse for poor process.

Lesson 4: Champion Institutional Justice—Even When It’s Uncomfortable

Illustrated By: The Argelian prefect, Jaris, is pressured to resolve the case swiftly due to local customs and a desire to preserve order. Kirk, however, insists that the process be fair and thorough, even at the risk of offending local sensibilities or extending the investigation. He appeals to both Argelian law and Federation principles, ensuring that institutional justice, not expediency, prevails.

Compliance Lesson: Institutional justice means doing what’s right, not just what’s easy or convenient. The pressure to resolve allegations quickly to satisfy regulators, shareholders, or media can be immense. But caving to expediency undermines fairness, risks wrongful discipline, and erodes long-term trust in the compliance function.

Institute explicit policies prioritizing fairness over speed in investigations. Communicate to leadership that thoroughness is a core compliance value. Protect investigators from undue pressure to deliver quick “results” at the expense of real justice.

Lesson 5: Transparent Communication Restores Trust

Illustrated By:

When Redjac is finally exposed and Scotty’s innocence is proven, Kirk doesn’t just close the case and move on. He explains the whole sequence of events to both the Argelian authorities and his crew, restoring Scotty’s reputation and demonstrating that the investigative process, however difficult, was ultimately fair and transparent.

Compliance Lesson: When someone is wrongfully accused, it isn’t enough to quietly correct the record. Institutional fairness requires public restoration and clear communication about what happened, how the mistake was identified, and what steps will be taken to prevent recurrence. Transparency is about accountability, but it’s also about healing wounds and rebuilding organizational trust.

Develop protocols for communicating exonerations and corrective actions to all relevant stakeholders. Where privacy allows, share lessons learned broadly, emphasizing the organization’s commitment to justice and fairness. Make it clear that the compliance function values both truth and reputation.

Final ComplianceLog Reflections

“Wolf in the Fold” reminds us that even the most rigorous institutions are vulnerable to error, especially under stress, bias, or pressure. For compliance professionals, the episode is a touchstone for the values that must guide every investigation: presumption of innocence, investigative rigor, openness to alternative theories, balanced use of technology, commitment to institutional justice, and, above all, transparent communication.

Wrongful accusations are more than a risk; they are a litmus test for the soul of an organization’s compliance program. The real victory isn’t just exonerating the innocent, but demonstrating to every employee, stakeholder, and regulator that fairness and justice are not negotiable.

So, the next time you face a difficult case or feel the pressure to resolve an issue quickly, remember the lesson of Scotty and the Argelians. Take the time, expand your lens, leverage every resource, and communicate your findings with integrity. In doing so, you’ll ensure that your compliance program isn’t just a set of rules but a living embodiment of the principles of justice and fairness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Odyssey and Compliance, Part 1 – The Trojan Horse: When Cleverness Becomes a Control Failure

There are few works in Western Literature more read than The Odyssey. While a cadre of passionate specialists prefer The Iliad, it is The Odyssey which is most generally taught in US high schools. Part travelogue, part adventure yarn, part social commentary and part treatise on Greek morals and morality; it is still a rising tale well worth the time to read. Now Christopher Nolan is out with another movie version of The Odyssey. I have not yet seen the movie as of the writing of this blog post series.

I wanted to tackle The Odyssey from the compliance perspective. There are many things we can mine from this story. Over this week, I will discuss five of them. Today we consider where the story begins, The Trojan Horse as a control failure. On Tuesday, we look at The Lotus-Eaters: Culture Drift and the Comfort of Forgetting. On Wednesday, Circe’s Island: Third-Party Influence and Culture Capture. On Thursday we look at The Cattle of Helios: Non-Negotiables and Control Breaches. On Friday we conclude as Odysseus makes his way home to Ithaca and his wife Penelope and their son Telemachus in the tale of Peace in Ithaca: Building the Program After the Crisis.

Today we begin at the start of  The Odyssey which directly follows the end of The Iliad. here are few business strategies more celebrated than the Trojan Horse. After ten long years of war,  looked at the walls of Troy and realized brute force had failed. The Greeks could not smash their way in. They could not negotiate their way in. They could not outlast their way in. So Odysseus did what clever leaders often do when conventional methods fail: he found a workaround. Build a great wooden horse. Hide soldiers inside it. Leave it outside the gates as a supposed gift. Sail away, or at least appear to. Let the Trojans make the fatal decision themselves.

While from a strategic perspective, it was brilliant from a compliance perspective, an absolute nightmare. The Trojan Horse is usually remembered as a triumph of strategy. It should also be remembered as the original “trusted vendor attachment.” It arrived looking valuable, symbolic, and harmless. It came wrapped in a compelling story. It appealed to ego, fatigue, and optimism. And someone, somewhere inside Troy, approved bringing it through the gates.

The Gift That Bypassed Governance

Every organization has gates. Some are literal: firewalls, access controls, locked doors, badge readers, vendor onboarding systems. Others are procedural: approval matrices, procurement rules, due diligence reviews, cybersecurity assessments, conflict checks, and escalation protocols. The problem is that business opportunities rarely arrive wearing a sign that says, “Hello, I am a control failure.”

They arrive as partnerships. Strategic investments. Technology platforms. Emergency exceptions. Pilot programs. Customer demands. Board-level priorities. Innovation initiatives. “Just this once” requests. Special access for a trusted consultant. A new AI tool someone found useful. A supplier who can solve the problem quickly. A deal too good to slow down.

In other words, they arrive as gifts. The Trojans did not lose because they lacked walls. They lost because they made a poor risk decision at the gate. The control existed. The wall worked. The problem was judgment, governance, and process. A control environment is not only about having policies. It is about whether people use them when the pressure is on and the opportunity looks attractive.

When Cleverness Becomes the Risk

Odysseus was not a fool. He was a strategist. That is what makes this story so useful for compliance professionals and business leaders. Many compliance failures are not born from stupidity. They are born from intelligence used without discipline. A clever workaround can be useful. A clever workaround can also become a bypass around governance. The distinction matters.

Think about the employee who finds a faster way to onboard a vendor by skipping required due diligence. The sales executive who routes a discount through an unusual approval path to close the quarter. The business unit that adopts an unsanctioned software tool because IT is “too slow.” The senior leader who asks for an exception because “this is strategically important.” The team that shares sensitive information with a partner before the agreement is fully papered because “we trust them.”

Each decision may have a business rationale. Each may feel practical. Each may even produce a short-term win. But the compliance question is not simply, “Did it work?” The better question is, “What did it bypass?”

That is the Trojan Horse problem. The horse worked because it bypassed the normal defenses. In a modern company, that may mean bypassing cyber review, procurement checks, legal review, data protection analysis, sanctions screening, financial controls, conflict review, or code-of-conduct expectations. When leadership celebrates only the result, the organization learns the wrong lesson. It learns that controls are for ordinary days, not important ones. That is how culture begins to drift.

The Cybersecurity Lesson Inside the Horse

The Trojan Horse is one of the oldest stories in Western literature, but it feels remarkably current in an age of cyber risk and social engineering. A malicious file. A fake vendor invoice. A compromised supplier account. A phishing email that appears to come from a trusted executive. A third-party platform with excessive access. A contractor credential that is never disabled. A software update from a source no one properly vetted. These are modern Trojan Horses.

They do not always break the wall. They persuade someone to open the gate. This is why cybersecurity is not merely an IT function. It is a governance issue. NIST’s Cybersecurity Framework 2.0 places significant emphasis on the Govern function, which addresses how an organization establishes, communicates, and monitors its cybersecurity risk management strategy, expectations, and policy.

That is compliance language as much as cyber language. Who owns the risk? Who approves exceptions? Who monitors access? Who understands the business context? Who has authority to say no? Who makes sure the organization learns from near misses? If no one can answer those questions clearly, the horse is already inside the gate.

The Control Environment Is Tested by Attractive Risks

It is easy to say no to obviously bad ideas. The real test comes when the risk is attached to something the business wants. A lucrative customer. A prestigious partner. A promising technology. A powerful executive sponsor. A deadline. A crisis. A competitor moving faster. A board presentation next week. That is when the control environment reveals itself.

In a strong control environment, the organization can move quickly without becoming careless. It can evaluate risk without killing innovation. It can escalate concerns without making people feel disloyal. It can approve exceptions, but only with transparency, documentation, and accountability.

In a weak control environment, speed becomes the excuse for opacity. Trust becomes the substitute for diligence. Seniority becomes the override control. Documentation comes later, which usually means never. Compliance is invited after the decision has already been made. That is not innovation. That is improvisation with a budget.

The code of conduct should matter most when the business case is compelling. Internal controls should matter most when the pressure is real. Cybersecurity should matter most when the new tool looks exciting. Risk assessment should matter most when everyone is tired of waiting. Troy did not need a better wall. Troy needed a better approval process.

The Insider Threat Dimension

There is another uncomfortable lesson in the Trojan Horse. The Greeks got inside Troy because the Trojans cooperated with the plan. Not intentionally, perhaps. Not corruptly, necessarily. But they cooperated all the same. That is the nature of many insider threats.

The insider is not always a villain. Sometimes the insider is rushed, flattered, distracted, pressured, or insufficiently trained. Sometimes the insider believes they are helping. Sometimes they trust the wrong person. Sometimes they assume someone else has checked. That is why compliance programs cannot rely solely on good intentions.

Good people need good systems. They need clear policies, practical training, escalation paths, and a culture that rewards thoughtful skepticism. They need permission to ask: “Why are we bringing this inside the walls?”

This is especially important in organizations where questioning a business opportunity is seen as negativity. Compliance should not be the Department of No, but neither should the business become the Department of Please Do Not Ask Too Many Questions. Healthy skepticism is not cynicism. It is stewardship.

What a Better Program Does

A better compliance program does not ban wooden horses. It asks better questions before opening the gate. Who sent it? Why now? What access does it require? What data will it touch? What assumptions are we making? Has the vendor been reviewed? Has the technology been tested? Is there a conflict? Is there a regulatory issue? What is the worst-case scenario? Who approved the exception? How will we monitor it after approval?

The point is not to slow every decision. The point is to prevent charm, urgency, and executive enthusiasm from replacing governance. A strong program also makes risk ownership visible. If the business wants to accept a risk, that decision should be documented. If a control is bypassed, there should be a reason, an approver, a time limit, and compensating controls. If a new tool, vendor, or relationship is brought inside the organization, someone should be accountable for monitoring it. The Trojan Horse teaches that the most dangerous risks are not always the ones attacking from outside. Sometimes they are the ones we invite in because they look like success.

The Compliance Takeaway

Odysseus won because he understood human nature. He knew the Trojans would see what they wanted to see: victory, tribute, closure, and a symbol of their own endurance. That is the uncomfortable lesson for corporate compliance. Risk often enters through desire. The desire to win. To move fast. To close the deal. To trust the familiar. To avoid friction. To believe the story that makes the opportunity easier to approve.

Not every gift is a threat. Not every workaround is misconduct. Not every clever idea is a control failure. But every organization needs the discipline to ask whether cleverness is serving governance or bypassing it. The horse may be beautiful. The story may be compelling. The business sponsor may be persuasive. Open the gate only after the controls have done their work.

Join us tomorrow where we consider The Lotus-Eaters: Culture Drift and the Comfort of Forgetting.