Categories
AI Today in 5

AI Today in 5: July 16, 2026 the Simplify the Stack Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. Texas AI law: a business guide. (Hackernoon)
  2. AI resistance as a matter of faith. (CCI)
  3. AI deepfakes compromise hiring compliance. (SIA)
  4. AI fueling start up boom. (Bloomberg)
  5. Healthcare needs to simplify its AI stack. (HealthCareITNews)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com. To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
Daily Compliance News

Daily Compliance News: July 16, 2026 the A Big Misunderstanding Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • Goldman GC says her emails with Epstein were taken ‘out of context’.  (WSJ)
  • A Goldilocks approach to FCPA enforcement. (Bloomberg)
  • Elon Must ‘likely’ violated WI election law through bribery.(WPR)
  • Surprise Surprise. Supreme Court sayd the 4th Amendment still exists. (Reuters)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com

Categories
Everything Compliance

Everything Compliance: the Around the World and Close to Home Edition

Welcome to a revamped Everything Compliance. We have a new host, Adam Turteltaub, a new panelist, Rebecca Walker who joins returning regulars Matt Kelly, Jonathan Armstrong and Karen Moore for the next iteration of Everything Compliance.

  • Matt Kelly analyzes Bosch’s export controls violations involving Huawei under the foreign direct product rule, resulting in a $36 million BIS penalty, DOJ declination after self-disclosure, and major remediation hiring.
  • Karen Moore covers the UK Commercial Payments Bill aimed at protecting SMEs via a 60-day payment cap, mandatory late-payment interest, dispute timing rules, stronger Small Business Commissioner and “name and shame” disclosures, with potential ESG/fraud implications for supplier-treatment claims. Rebecca Walker shares NAVEX 2026 survey findings linking leadership “say vs. do” gaps to higher violations.
  • Jonathan Armstrong covers recent speech by the Director of the Serious Fraud Office, Graeme McNulty who said the SFO intends to be a more active enforcer and to use the new failure-to-prevent-fraud offense with practical tips on policies, role-based training, fast tip-off response, properly resourced investigations, self-reporting, tone from the top, and third-party due diligence..
  • Rebecca Walker focuses on speak-up culture, emphasizing post-report communications, lessons from KPMG Australia, and Navex data showing higher report volumes and longer investigation closure times.

The members of the Everything Compliance are:

The award-winning Everything Compliance is a part of the Compliance Podcast Network.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 46 – Compliance Across Cultures: “A Piece of the Action” as a Guide for Global Ethics

Any compliance professional who has ever led a team into a new country, or even a new region, knows that the journey is never as simple as applying the same playbook. Corporate values may be universal, but their application, reception, and risk profile shift dramatically with local context. Cross-cultural compliance isn’t just about checking legal boxes; it’s about building trust, ensuring fairness, and embedding institutional justice in systems often shaped by histories and norms foreign to headquarters. No pop culture episode illustrates this challenge better than Star Trek: The Original Series’ classic, “A Piece of the Action.”

For the compliance professional, this episode serves as a mirror to our modern experience of entering new regulatory territories. It forces us to ask: How do you enforce ethical standards in a place where the “rules of the game” are so different? How do you model institutional justice when even the definitions of “fairness” and “justice” seem up for grabs?

 

Lesson 1: Don’t Assume Your Ethics Are Universal

Illustrated By: Kirk, Spock, and McCoy are bewildered as they realize the entire Iotian society is based on a book about Earth’s 1920s gangsters.

Compliance Lesson: The first mistake many organizations make is assuming their ethical and compliance frameworks are immediately translatable.

Lesson 2: Institutional Justice Depends on Transparent Processes

Illustrated By: Kirk tries to “play the game,” cutting a deal with mob boss Bela Okmyx for the greater good, but quickly learns that without clear rules, every agreement is subject to double-cross and confusion.

Compliance Lesson: The absence of a transparent and impartial system leads to chaos. Each boss claims to enforce their version of “justice,” but it’s arbitrary and self-serving.

Lesson 3: The Dangers of Imposed Systems and the Need for Adaptation

Illustrated By: Kirk realizes that simply imposing Federation law will not work. The Iotians are not ready for those systems, and the crew’s heavy-handed attempts nearly spark more violence and instability.

Compliance Lesson: When entering new markets, resist the temptation to impose home-country rules without considering the local context.

Lesson 4: Speak the Local Language—Literally and Culturally

Illustrated By: Spock tries to explain Federation rules logically, but it’s Kirk’s willingness to “talk the talk,” even using gangster slang, that opens doors and earns a modicum of respect.

Compliance Lesson: Effective compliance communications must be locally relevant. This is more than translation; it’s cultural adaptation. What resonates in Houston might be meaningless (or counterproductive) in Hanoi.

Lesson 5: Leave a Positive Legacy—Don’t Repeat “Book Mistakes”

Illustrated By: In the final act, McCoy discovers he’s left his communicator behind, prompting a worried Kirk and Spock to realize the Iotians might reverse-engineer the technology and reshape their society once again.

Compliance Takeaway: Every compliance professional leaves a legacy. When you introduce policies, training, or reporting mechanisms, they will be interpreted and possibly misused by future leaders.

Final ComplianceLog Reflections

Cross-cultural compliance is ultimately about humility, adaptability, and respect for institutional justice as it’s lived and experienced on the ground. “A Piece of the Action” teaches us that leadership is not about enforcing rules by fiat, but about fostering a culture where fairness and justice are owned locally, embedded in hearts, not just in handbooks.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Odyssey and Compliance, Part 4 – The Cattle of Helios: Non-Negotiables and Control Breaches

We continue our consider of the intersection of The Odyssey and compliance by reviewing the tale of the Cattle of Helios.

Odysseus’s crew had been warned. Not casually warned. Not “check the policy when you get a minute” warned. Not “Legal would prefer we avoid this” warned. They were told clearly: do not touch the cattle of Helios. The cattle were sacred. The instruction was simple. The consequences were severe. Then hunger arrived.

Odysseus’s men were stranded. Supplies ran low. Pressure built. Rationalizations followed. The crew looked at the sacred cattle and began doing what employees, managers, and executives have done in companies since the dawn of internal controls: they explained why the rule should not apply this time. They were desperate. The situation was unusual. The risk was theoretical. Surely the gods would understand. Surely survival mattered more than procedure. So they slaughtered the cattle. It did not end well.

For corporate compliance, the Cattle of Helios is a story about red-line rules: the things an organization says are non-negotiable. Do not falsify records. Do not retaliate. Do not bypass sanctions screening. Do not misuse customer data. Do not make unapproved payments. Do not obstruct an investigation. Do not conceal a conflict. Do not alter documents. Do not ignore a legal hold. Do not approve what you do not understand. Every company has sacred cattle. The real question is whether employees believe they are actually sacred.

The Corporate Translation

The Cattle of Helios are the company’s non-negotiables. They are not ordinary preferences. They are not “best practices.” They are not aspirational values printed on lobby walls next to a tasteful photograph of diverse employees pointing at a laptop. They are the rules that protect the organization’s license to operate.

In a strong compliance culture, employees know these rules. Managers reinforce them. Controls support them. Violations are escalated. Discipline is consistent. Pressure is acknowledged but does not excuse misconduct. In a weak compliance culture, everyone knows the words, but no one believes the consequences. That is how red-line rules become folklore. A rule everyone knows but no one enforces is not a rule. It is a campfire story.

Pressure Does Not Create Character. It Reveals Controls.

Odysseus’s crew did not break the rule while comfortable, rested, and well-fed. They broke it under pressure. Most compliance breaches do not occur in calm conference rooms where everyone has read the policy, reviewed the risk matrix, and enjoyed a sensible lunch. They occur when the quarter is closing, the shipment is stuck, the customer is angry, the regulator is asking questions, the system is down, the executive is impatient, or the team is exhausted.

Pressure is the great compliance stress test. It reveals whether policies are operational or decorative. It reveals whether managers know how to supervise. It reveals whether employees believe escalation is safe. It reveals whether the organization has built controls that work when humans are hungry, tired, ambitious, afraid, or behind target.

The DOJ’s Evaluation of Corporate Compliance Programs (ECCP) asks whether a company’s compliance program is not only well designed, but also applied earnestly and working in practice. It also notes that prosecutors look at whether policies, reporting lines, training, incentives, and discipline are integrated into operations and the workforce. That is the key point. A red-line rule cannot live only in the Code of Conduct. It must live in approvals, workflows, monitoring, supervision, training, investigations, and consequences. Otherwise, when hunger comes, the cattle are on the menu.

Supervision Is Not a Ceremonial Role

There is another uncomfortable part of the myth. Odysseus is absent when the crew crosses the line. Depending on the telling, he is asleep or away praying. Either way, the leader is not effectively supervising when the critical decision is made. That should make every business leader shift slightly in their chair.

Many control breaches happen in the gap between policy and supervision. Senior leadership announces the rule. Compliance writes the policy. Legal reviews the language. Training pushes the module. Then the real decision is made by a frontline team under pressure, with a manager who either does not know, does not ask, or does not want to know. That is not a paperwork problem. That is an accountability problem.

Managers are the first line of ethical translation. They turn corporate expectations into daily behavior. If they treat compliance as an administrative burden, so will employees. If they reward results without asking how those results were achieved, employees will notice. If they punish bad news, problems will go underground. If they look away from “small” violations, they teach the business that red lines are negotiable.

Supervision is not hovering. It is not micromanagement. It is the disciplined act of knowing where the real risks sit and ensuring that employees have guidance, resources, and accountability before the breach occurs. Odysseus’s men knew the rule. What they lacked was effective control at the decisive moment.

Reporting Before the Cattle Are Slaughtered

A mature compliance program wants to hear about pressure before it becomes misconduct. That means employees need trusted ways to raise concerns, ask questions, and report violations. The  ECCP identifies confidential reporting and investigation processes as hallmarks of a well-designed program, including mechanisms for reporting suspected misconduct, protection against retaliation, proper routing of complaints, timely investigations, and appropriate follow-up and discipline.

The reporting question is not simply, “Do we have a hotline?” The better question is, “Would the crew have used it before dinner?” Would an employee say, “We are being asked to ship without required approval”? Would a finance analyst say, “This invoice looks wrong”? Would a sales manager say, “The customer is pushing us to use an unapproved intermediary”? Would an IT employee say, “Someone wants access they should not have”? Would anyone say, “We are about to cross a line”? If the answer is no, the reporting mechanism may exist, but trust does not.

That is where anti-retaliation becomes central. Employees will not report sacred cattle violations if the organization quietly punishes the person who notices the knife. A speak-up culture is not built by posters. It is built by what happens to the first person who speaks up when the business does not want to hear it.

Discipline Must Be Consistent, Not Theatrical

After a breach, companies often want to show seriousness. That is understandable. But discipline must be more than corporate thunderbolts. It must be fair. It must be consistent. It must be documented. It must address supervisors as well as direct actors. It must consider incentives and pressure. It must ask whether the rule was clear, whether training was adequate, whether controls failed, and whether leaders tolerated or encouraged the behavior.

The ECCP specifically focuses on consequence management, including procedures to identify, investigate, discipline, and remediate violations, consistent enforcement across the organization, and consequences regardless of position or title. It also asks whether companies track disciplinary outcomes and measure consistency across levels, geographies, units, and departments. That is where many companies stumble.

They discipline the employee who touched the cattle but ignore the manager who set impossible targets. They terminate the junior person but coach the rainmaker. They punish the region that got caught but ignore similar conduct elsewhere. They announce “zero tolerance” and then create exceptions for people with large books of business.

Employees are excellent readers of organizational reality. They know whether discipline is consistent. They know whether some people are protected. They know whether “non-negotiable” means non-negotiable or merely “please do not embarrass us.” A compliance program loses credibility when consequences depend on rank, revenue, geography, or internal politics.

Incentives: Who Made the Crew Hungry?

The crew was hungry. That does not excuse what they did, but it helps explain why the rule failed. Corporate compliance must ask similar questions. Were employees under unrealistic sales targets? Were bonuses tied only to revenue? Were managers rewarded for speed without regard to control quality? Were teams understaffed? Were approvals too slow? Was the policy clear but operationally impossible? Did leadership create pressure and then act shocked when employees cut corners?

The ECCP asks whether companies have considered the impact of financial rewards and other incentives on compliance, including whether commercial targets are achievable while operating in a compliant and ethical manner. That question should be posted in every executive compensation meeting. If the business model requires employees to choose between meeting targets and following the rules, do not be surprised when the cattle start disappearing.

What a Better Program Does

A better program defines its non-negotiables clearly and repeats them often. It trains employees on real pressure moments, not abstract policy language. It gives managers supplemental guidance. It builds controls around red-line rules. It monitors for breaches and near misses. It makes escalation easy. It investigates fairly. It disciplines consistently. It addresses root causes. It tests whether employees actually understand which rules cannot be bent. Most importantly, it refuses to let pressure become a universal solvent.

Pressure may explain why misconduct occurred. It should not erase accountability. When a red-line rule is breached, the organization should ask four questions.

First, did the employee know the rule?

Second, did the controls make compliance practical?

Third, did supervision reinforce the rule?

Fourth, did incentives or leadership pressure make violation more likely?

Those questions move the company beyond blame and toward remediation.

The Compliance Takeaway

The Cattle of Helios remind us that non-negotiable rules are only real when they survive pressure. It is easy to honor sacred cattle when the pantry is full. The test comes when the team is hungry, the deadline is looming, and someone says, “We have no choice.” That is when compliance has to mean something.

A company’s most important rules must be known, operationalized, monitored, and enforced. They must apply to senior leaders and junior employees. They must survive business urgency. They must be supported by reporting channels, investigations, discipline, and incentives that tell the same story.

Do not falsify records.

Do not retaliate.

Do not bypass screening.

Do not misuse data.

Do not make unapproved payments.

Do not conceal misconduct.

Do not touch the cattle.

Because if the organization says a rule is sacred but treats violations as negotiable, employees will learn the real policy soon enough. And by then, dinner may already be served.

Join us tomorrow as we conclude our series with a homecoming in Ithaca.

Categories
Blog

Lessons in Cross-Cultural Compliance: Star Trek’s “A Piece of the Action” and the Challenge of New Frontiers

Any compliance professional who has ever led a team into a new country, or even a new region, knows that the journey is never as simple as applying the same playbook. Corporate values may be universal, but their application, reception, and risk profile shift dramatically with local context. Cross-cultural compliance isn’t just about checking legal boxes; it’s about building trust, ensuring fairness, and embedding institutional justice in systems often shaped by histories and norms foreign to headquarters.

No pop culture episode illustrates this challenge better than Star Trek: The Original Series’ classic, “A Piece of the Action.” In this memorable hour, Captain Kirk and crew beam down to Sigma Iotia II, a planet whose entire society has been shaped by a 1920s Chicago gangster book accidentally left behind by an earlier Earth expedition. The result? A world where the “rules” are alien, an uneasy blend of familiar legality, foreign morality, and institutional chaos.

For the compliance professional, this episode serves as a mirror to our modern experience of entering new regulatory territories. It forces us to ask: How do you enforce ethical standards in a place where the “rules of the game” are so different? How do you model institutional justice when even the definitions of “fairness” and “justice” seem up for grabs?

Today, we boldly go where few compliance professionals have gone before: into the heart of cross-cultural lessons inspired by Kirk, Spock, and McCoy’s misadventures on the planet Vulcan.

Lesson 1: Don’t Assume Your Ethics Are Universal

Illustrated By: Kirk, Spock, and McCoy are bewildered as they realize the entire Iotian society is based on a book about Earth’s 1920s gangsters. What is “normal” here is extortion, double-crossing, and violence.

Compliance Lesson: The first mistake many organizations make is assuming their ethical and compliance frameworks are immediately translatable. On Sigma Iotia II, Kirk’s appeals to law, order, and morality fall flat. Here, the “institutional justice system” is a patchwork of mob bosses, each enforcing their version of fairness.

For Compliance Pros:

  • Start by listening and observing. Before launching training or rolling out policies, invest in local cultural assessments.
  • Engage local stakeholders. They can provide insights into what “justice” and “fairness” mean in practice.
  • Translate—not just language, but values. If your hotline program, reporting mechanisms, or disciplinary systems rely on local trust, learn what earns (or erodes) that trust.

Lesson 2: Institutional Justice Depends on Transparent Processes

Illustrated By: Kirk tries to “play the game,” cutting a deal with mob boss Bela Okmyx for the greater good, but quickly learns that without clear rules, every agreement is subject to double-cross and confusion.

Compliance Lesson: The absence of a transparent and impartial system leads to chaos. Each boss claims to enforce their version of “justice,” but it’s arbitrary and self-serving. For compliance professionals, this is a cautionary tale: if your processes aren’t transparent and predictable, your program risks devolving into selective enforcement or, worse, simply window dressing.

For Compliance Pros:

  • Ensure transparency in policies and procedures. Local teams should understand not only what is expected but also why and what will happen if expectations aren’t met.
  • Communicate the process for raising and resolving concerns. Is there an appeal? Who reviews the case? How are outcomes explained?
  • Build in fairness at every step. Avoid any appearance of “playing favorites” or tailoring decisions to the powerful.

Lesson 3: The Dangers of Imposed Systems and the Need for Adaptation

Illustrated By: Kirk realizes that simply imposing Federation law will not be effective. The Iotians are not ready for those systems, and the crew’s heavy-handed attempts nearly spark more violence and instability.

Compliance Lesson: When entering new markets, resist the temptation to impose home-country rules without considering the local context. This is not just ineffective. It can backfire, causing resentment or noncompliance.

For Compliance Pros:

  • Adapt, don’t transplant. Find ways to harmonize your code of conduct with local customs while upholding core values.
  • Use a risk-based approach. Focus first on the highest-risk behaviors that truly endanger your organization or people.
  • Empower local leaders. Give them ownership over adapting processes and communications so that they are effective and resonate with their audience.

Lesson 4: Speak the Local Language—Literally and Culturally

Illustrated By: Spock tries to explain Federation rules logically, but it’s Kirk’s willingness to “talk the talk,” even using gangster slang, that opens doors and earns a modicum of respect.

Compliance Lesson: Effective compliance communications must be locally relevant. This is more than translation; it’s cultural adaptation. What resonates in Houston might be meaningless (or counterproductive) in Hanoi.

For Compliance Pros:

  • Leverage local stories and examples. Bring policies to life through scenarios that employees recognize.
  • Use local champions. The right messenger can make or break your training or reporting program.
  • Culturally tailor your hotline and reporting mechanisms. In some cultures, direct reporting is perceived as a form of betrayal; consider finding culturally sensitive alternatives (e.g., mediation, ombuds channels).

Lesson 5: Leave a Positive Legacy—Don’t Repeat “Book Mistakes”

Illustrated By: In the final act, McCoy discovers he’s left his communicator behind, prompting a worried Kirk and Spock to realize the Iotians might reverse-engineer the technology and reshape their society once again.

Compliance Takeaway: Every compliance professional leaves a legacy. When you introduce policies, training, or reporting mechanisms, they will be interpreted and possibly misused by future leaders. Are you leaving behind tools for justice or weapons for the next “mob boss” to exploit?

For Compliance Pros:

  • Train for sustainability. Do not just deliver training; build local capacity for ongoing education and oversight.
  • Monitor unintended consequences. Regularly review your program’s impact on local dynamics.
  • Commit to continuous improvement. Don’t just “set it and forget it.” Be prepared to revisit, revise, and reinforce your approach as conditions change.

Final ComplianceLog Reflections

Cross-cultural compliance is ultimately about humility, adaptability, and respect for institutional justice as it’s lived and experienced on the ground. “A Piece of the Action” teaches us that leadership is not about enforcing rules by fiat, but about fostering a culture where fairness and justice are owned locally, embedded in hearts, not just in handbooks.

When we boldly enter new markets, we do so not as conquerors, but as collaborators. Listen, learn, adapt, and, above all, build compliance programs that leave a legacy of justice, fairness, and integrity. Only then will our actions, however small, become a positive piece of the action for years to come.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha