Categories
Compliance Into the Weeds

Compliance into the Weeds: The Slaughter Ruling, Regulatory Volatility and a Healthcare Compliance Fraud Case

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss the June 29 Supreme Court decision in Trump v. Slaughter.

This decision upheld the president’s power to fire independent agency commissioners at will (with a carve-out for the Federal Reserve), overturning long-standing protections from Humphrey’s Executor. Kelly argues the ruling will politicize and degrade regulatory agencies, deter qualified minority-party commissioners, increase rulemaking volatility, and shift power away from Congress toward courts as rules are challenged. As an example, they cite the SEC’s proposal to allow semi-annual instead of quarterly reporting, drawing about 80,000 comments with roughly 99% opposed, yet they predict it may proceed and later be reversed, creating compliance burdens. They then cover Georgia author Jean Wilson, sentenced to 10 years for a $66 million Medicare fraud scheme while writing healthcare compliance books.

Key Highlights

  • The Slaughter Ruling
  • Regulatory Volatility Ahead
  • Who Will Serve as Commissioners
  • Fed Carveout and Court Power
  • Compliance Impact and No Easy Answers
  • Healthcare Compliance Fraud Story (Or is it from The Onion?)

 Resources

Matt in Radical Compliance

 

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence.

Categories
Daily Compliance News

Daily Compliance News: July 15, 2026 the That Backfired Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • Meta alleged to have used AI to target workers with medical conditions for layoffs.  (Reuters)
  • Top Politburo member ousted for corruption. (NYT)
  • US workers more productive. It’s not AI its WFH.(NYT)
  • Employees pushed to use AI. What was the result? (FT)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 45 – Beyond the Arena: Compliance Hotlines, Speak-Up Culture Lessons from “The Gamesters of Triskelion”

For compliance professionals, building a culture where employees feel empowered to speak up, whether as victims or as bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” It is an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated By: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers.

Compliance Lesson: A true speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the Providers, insisting on open communication, transparency, and fair treatment for himself and the others.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives.

Compliance Lesson: Effective reporting systems require not only intake but meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up, and that their concerns will be heard and acted upon.

Live long, prosper, and always encourage your crew to speak up.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Timothy and Fiona are AI generated voices.

Categories
AI Today in 5

AI Today in 5: July 15, 2026 the Banning Data Centers Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. From reactive to proactive in revenue performance mgmt. (FinTechGlobal)
  2. AI and the coming compliance crisis for insurance. (InsuranceEdge)
  3. NY state set to ban big data centers for one year. (WSJ)
  4. AI could create new divides in financial services. (Bloomberg)
  5. Mark Cuban says AI making healthcare worse. (BusinessInsider)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com. To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
Blog

Beyond the Arena: Compliance Hotlines, Speak-Up Culture, and Lessons from Star Trek’s “The Gamesters of Triskelion”

For compliance professionals, building a culture in which employees feel empowered to speak up, whether as victims or bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” In this memorable installment, Captain Kirk, Lieutenant Uhura, and Chekov are kidnapped and forced to fight as gladiators for the amusement of alien “Providers.” While the spectacle is one of brute force, the true victory comes not from physical strength but from challenging the system, refusing to remain silent, and advocating for oneself and others.

Today, we beam down and explore the key compliance lessons, literally scene by scene, from this classic episode and see how it can help us reimagine our approach to hotlines, internal reporting, and speak-up culture in today’s organizations.

The Gamesters of Triskelion” places our heroes in an alien arena, stripped of their autonomy and pitted against each other. Their every move is watched, wagered upon, and manipulated by unseen masters. It’s an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated by: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system. When Captain Kirk is abducted, his first instinct is to seek information, challenge authority, and demand a platform for his concerns. But the providers initially deny him any means to voice his objections. Reflecting a system where grievances are suppressed, and channels for reporting are inaccessible.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it. Too often, organizations install a hotline as a check-the-box exercise, but if employees don’t trust the process or fear retaliation, it becomes as useless as shouting into the void. Build trust by ensuring anonymity, robust anti-retaliation protections, and transparent follow-up processes. Empower all employees, not just those harmed directly but also those who witness wrongdoing, to report concerns with confidence.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers. Uhura’s actions exemplify the power of the bystander. Though she is a victim of abduction, she does not remain passive when she witnesses Chekov in danger or Shahna being mistreated. She steps forward, speaks up, and supports those around her, even putting herself at risk.

Compliance Lesson: An authentic speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior. Compliance professionals should provide training on bystander intervention, communicate that speaking up is a shared responsibility, and recognize those who do. This not only prevents harm but also signals to all employees that silence is not neutrality; it is complicity.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the providers, insisting on open communication, transparency, and fair treatment for himself and the others. Throughout the episode, Kirk persistently challenges the opaque rules of the Triskelion arena. He demands not just a voice, but a fair and understandable process—something the providers grudgingly grant after repeated confrontation.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward. Normalize reporting by making it a routine, non-threatening part of workplace culture, much like regular safety drills or team meetings. Remind employees frequently, in plain language, of how and why to report concerns, and ensure that doing so is free from bureaucratic or emotional hurdles.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance. Kirk’s leadership in the arena is marked by his refusal to comply quietly with unjust commands. He models courage and vocal opposition, inspiring those around him, especially Shahna, a bystander-turned-ally, to question the status quo and ultimately join his cause.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same. Encourage managers and executives to share stories of when they reported concerns or acted as ethical bystanders. Celebrate transparency and moral courage, not just technical compliance. When leaders set the example, the entire organization takes notice.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives. The climax of the episode comes when the Providers, confronted with Kirk’s unwavering demands and the support of his crew, capitulate. They not only allow complaints to be aired, but they also listen, act, and restore justice.

Compliance Lesson: Effective reporting systems require not only intake but also meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately. This includes timely investigation, resolution, and, where possible, communication back to the reporter (even if only in general terms). When employees see real action and outcomes, trust grows, and participation in the system increases. Closing the loop is essential to sustaining a robust speak-up culture.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up and that their concerns will be heard and acted upon.

As you assess your organization’s internal reporting and speak-up culture, ask yourself:

  • Are your hotlines and reporting channels truly accessible and trusted?
  • Have you equipped and empowered bystanders, not just victims, to act?
  • Are you constantly removing barriers to speaking up and normalizing the process?
  • Does your leadership model champion the values you expect from everyone?
  • Do you always close the loop by providing feedback and taking visible action?

True compliance is not measured by silence but by the willingness of all to speak, intervene, and challenge injustice. Like Kirk and his crew, our mission is not just to survive the arena but to change it for the better.

Live long, prosper, and always encourage your crew to speak up.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Great Women in Compliance

Great Women in Compliance: Culture is What Happens When No One is Watching

Culture is one of those topics in ethics and compliance that everyone talks about—but it’s also one of the hardest things to define and even harder to build. At Compliance Week, Lisa Fine discussed this with Amy Schuh, partner at Morgan Lewis; Kilby McFadden, Managing Director and Head of Investigations at KPMG; and Michael Ortwein, Chief Compliance Officer and Assistant General Counsel at GM. Today, Amy and Kilby continue the discussion with Lisa Fine and Sarah Hadden.

They start by discussing what they see as a strong compliance culture. As Kilby says, it’s what happens when no one is watching. The conversation focuses on how organizations move beyond policies and training to build trust, encourage employees to speak up, and empower leaders to make ethical decisions—even when those decisions are difficult.

Amy and Kilby share practical insights from years of experience leading investigations and advising organizations, discussing who really owns culture, how companies can create trust in the reporting process, and why relationships with the business matter just as much as policies and procedures. They also explore the challenges of building a consistent culture across global organizations and offer ideas for strengthening culture even when resources are limited.

They also include key takeaways for compliance professionals, such as the importance of listening, staying curious about the business, and building relationships before issues arise, and each shares one “myth” about Ethics & Compliance they think should be debunked.

Categories
Blog

The Odyssey and Compliance, Part 3 – Circe’s Island: Third-Party Influence and Culture Capture

We continue our on our series of compliance lessons from The Odyssey. Today we consider the tale of Circe’s Island and how third parties can not simply influence but also capture organizations.

Odysseus had seen danger before. He had survived war, storms, and the occasional poor travel decision that would have caused any modern risk committee to request an immediate meeting. But then he came to Circe’s island, where the threat did not begin with open violence. It began with hospitality. Circe welcomed Odysseus’s men. She offered food. She offered drink. She offered comfort. Then, in one of the more memorable compliance-adjacent transformations in Greek mythology, she turned them into swine.

Subtle? Not especially. Useful for corporate compliance? Absolutely. In the corporate world, third parties rarely transform employees into literal pigs. That would at least make the investigation easier. The modern version is quieter. A consultant becomes indispensable. A reseller knows “how things work here.” A lobbyist explains that the official process is for amateurs. A distributor normalizes side payments. A strategic partner starts shaping internal decisions. A vendor’s gifts, favors, travel, and access slowly change what employees consider acceptable.

No one wakes up and says, “Today I shall surrender my professional judgment.” Instead, judgment gets softened. Then stretched. Then outsourced. That is Circe’s island.

The Corporate Translation

Circe is the consultant, agent, lobbyist, reseller, distributor, broker, introducer, or strategic partner who makes questionable conduct feel sophisticated. She does not have to say, “Break the rules.” That would be too obvious. She says something more dangerous:

“This is how business is done.”

“Everyone uses this structure.”

“You are being too rigid.”

“The policy was not written for this situation.”

“You can trust me.”

“We have relationships you do not have.”

That is the language of culture capture. The third party does not merely provide a service. The third party begins to influence the organization’s standards. This is why third-party risk is not just a procurement issue. It is not just an anti-bribery issue. It is not just a contracting issue. It is a culture issue. The most dangerous third parties do not always demand a bribe. Sometimes they simply change what your people think is normal.

The Paperwork Trap

Most companies have a third-party process. There is a questionnaire. There is a risk rating. There is a certification. There is a contract clause. Somewhere, there may even be a spreadsheet with conditional formatting, because nothing says “control environment” like a cell turning amber. These tools matter. But paperwork alone does not manage influence.

A company can collect every form and still miss the real risk. Who is this third party influencing? Who inside the company is advocating for them? Why are they needed? What access do they have? What discretion do they exercise? Are they interacting with government officials, customers, healthcare professionals, regulators, state-owned entities, procurement teams, or other sensitive stakeholders? Are they being paid in a way that makes sense? Are they actually doing the work? Are they unusually close to the decision-maker?

The DOJ’s Evaluation of Corporate Compliance Programs (ECCP) asks whether companies apply risk-based due diligence to third-party relationships and understand the qualifications, associations, business rationale, reputation, compensation, and actual services performed by third parties. It also asks whether companies engage in ongoing monitoring through refreshed due diligence, training, audits, or certifications.

That is the point. Third-party compliance is not a one-time onboarding ritual. It is a relationship management discipline. Circe’s danger was not that she existed. The danger was that Odysseus’s men entered her house without understanding the risk.

Gifts, Hospitality, and the Slow Erosion of Judgment

Gifts and hospitality are often discussed as if the only question is whether the amount is above or below a policy threshold. That is too narrow. A meal may be permissible and still influential. A conference invitation may be properly approved and still create pressure. A vendor-sponsored trip may be documented and still tilt the relationship. A series of small favors may do more damage to independence than one obviously improper gift.

Compliance officers understand this. Business leaders sometimes resist it because influence is uncomfortable to discuss. No one wants to admit that lunch, access, flattery, or convenience can affect judgment. We prefer to believe we are all rational actors, floating above human weakness like minor gods with expense reports. We are not.

Behavioral ethics teaches a humbler lesson: people are influenced by relationships, reciprocity, loyalty, fatigue, social norms, and self-interest. A third party who becomes a friend, fixer, sponsor, or “trusted guide” can reshape decisions without issuing a single improper instruction.

That is why gifts and hospitality controls should look beyond monetary value. They should examine frequency, timing, recipient role, pending decisions, public-sector touchpoints, tender activity, regulatory matters, and cumulative patterns. The better question is not only, “Was this gift allowed?” The better question is, “What might this gift be trying to make feel normal?”

Conflicts of Interest: Circe with a Business Card

Conflicts of interest are another form of enchantment. The employee recommends a vendor owned by a family member. A manager hires a consultant who previously employed him. A procurement lead has a side investment in a supplier. A sales executive pushes a reseller because the reseller has promised future employment. A board member has ties to a strategic partner.

Often, the conflicted person does not experience the conflict as corruption. They experience it as trust.

“I know them.”

“They are good people.”

“They understand our business.”

“This will move faster.”

That may all be true. It may also be irrelevant. Conflicts do not require proof that someone acted dishonestly. A conflict means personal interest may interfere, or appear to interfere, with professional judgment. In compliance, appearance matters because trust matters. Circe did not need to tell the crew they were compromised. They simply became something other than what they had been. That is what unmanaged conflicts do. They transform decision-makers into advocates for interests they may not even fully recognize.

Risk-Based Due Diligence Means Asking Better Questions

A strong third-party program should be risk-based. That does not mean treating every vendor like a potential international crime syndicate. It means applying the right level of scrutiny to the right relationship. The office coffee supplier probably does not need the same review as a customs broker, government-facing consultant, high-commission sales agent, data processor, clinical partner, reseller, lobbyist, or distributor in a high-risk market.

Risk-based due diligence should ask direct questions:

What will this third party do for us?

Why do we need them?

Who selected them?

What relationships do they bring?

How will they be paid?

What access will they receive?

What decisions can they influence?

What laws, regulations, or policy areas do they touch?

What red flags appeared, and how were they resolved?

The ECCP also emphasizes risk assessment across factors such as business partners, use of third parties, gifts, travel, entertainment, and other areas that may shape misconduct risk. That is a useful reminder: third-party risk rarely travels alone. It often brings friends. Gifts risk. Conflicts risk. Books-and-records risk. Data risk. Sanctions risk. Cyber risk. Antitrust risk. Fraud risk. Reputational risk. Circe’s island is crowded.

Training the People Who Meet Circe

Third-party policies are necessary, but people need training before they are sitting across the table from Circe. Sales teams need to understand reseller and agent red flags. Procurement teams need to spot conflicts and unusual payment terms. Finance needs to recognize vague invoices, round-dollar payments, split payments, and services that cannot be verified. Legal needs to ensure contracts describe real services and include audit, termination, compliance, and cooperation rights. Business sponsors need to understand that “I trust them” is not due diligence.

The ECCP asks whether training and communications are tailored to the audience and whether companies provide practical guidance, case studies, and ways for employees to get ethics advice as issues arise. It also contemplates training for appropriate agents and business partners. That is exactly right.

Do not train employees only on the policy. Train them on the moment. The moment when the consultant says the invoice needs to be vague. The moment when the distributor asks for payment to an offshore account. The moment when the lobbyist says no one can know about the meeting. The moment when the vendor offers to fly the team to a “strategy session” at a resort suspiciously light on strategy. The moment when the business sponsor says, “Compliance is slowing this down.” That is where the program either works or becomes decorative.

What a Better Program Does

A better third-party program examines influence, not just paperwork. It connects due diligence, contracting, training, payment controls, gifts and hospitality, conflicts disclosures, monitoring, audits, and termination rights. It reviews third-party activity after onboarding. It checks whether services were actually performed. It compares compensation to market value. It looks for unusual payment structures. It refreshes diligence when risk changes. It trains business sponsors, not just compliance staff. It monitors the internal champions who may become too close to the third party they manage.

Most importantly, it gives employees permission to be skeptical. Not cynical. Skeptical. There is a difference. Cynicism says everyone is corrupt. Skepticism says trust should be supported by facts, controls, and accountability. Odysseus survived Circe because he received warning, protection, and guidance before walking into the risk. Your employees need the same. Preferably without needing Hermes to appear with magical herbs.

The Compliance Takeaway

Circe’s island is not just a story about transformation. It is a story about influence. Third parties can help companies grow, enter new markets, solve complex problems, and operate more effectively. Many are essential. Many are ethical. Many know things the company genuinely needs to know. But a third party should never become a substitute for the company’s judgment. When a consultant, agent, reseller, lobbyist, vendor, or strategic partner begins to redefine what is acceptable, the company has moved from third-party management to third-party capture.

That is the lesson for compliance officers and business leaders. Do not ask only whether the forms are complete. Ask whether the relationship is changing behavior. Ask whether gifts, conflicts, access, dependence, or pressure are making questionable conduct feel normal. Ask whether employees still know where the company’s standards end and Circe’s influence begins. Because in business, as in mythology, transformation rarely announces itself. One day your people are professionals exercising independent judgment. The next day they are defending the island.

Join us on Thursday for Post 4 where we consider The Cattle of Helios: Non-Negotiables and Control Breaches.