This week we are honoring the return of The Muppets for a 2026 Special Edition. I thought it would be fun to look at business leadership teams through the lens of The Muppets. Every compliance professional has worked with a Kermit, managed a Piggy, worried about a Gonzo, or tried to contain an Animal. This series uses the Muppet executive team as a framework to explore leadership, governance, innovation, operational risk, and corporate compliance through the lens of the DOJ’s Evaluation of Corporate Compliance Programs and modern governance expectations.

Every company eventually hires a Gonzo. Not literally, of course. But every organization eventually encounters someone who believes the limits of the possible are merely suggestions waiting to be ignored. That is Gonzo. He is creative, fearless, experimental, unconventional, and absolutely convinced that launching himself out of a cannon remains a reasonable business strategy despite overwhelming evidence to the contrary. Naturally, he becomes Chief Innovation Officer.

At first glance, Gonzo appears to represent innovation at its most dangerous. He ignores procedure, embraces uncertainty, and treats risk as entertainment. But beneath the chaos sits a lesson that modern compliance professionals urgently need to understand: innovation itself is not the problem. The problem is innovation without governance.

That distinction matters enormously in today’s corporate environment, where organizations face relentless pressure to adopt:

• artificial intelligence,
• automation,
• advanced analytics,
• digital transformation,
• agentic AI, and
• and emerging technologies that often evolve faster than governance structures can respond.

In other words, many organizations are currently operating inside a large-scale Gonzo experiment.

Gonzo Represents Innovation Pressure

Gonzo is driven by one overriding instinct: pushing boundaries. That instinct exists in virtually every modern enterprise. Boards demand innovation. Investors reward disruption. Executives fear being left behind by competitors. Product teams move quickly. Technology leaders promise transformation. Vendors insist their tools are revolutionary. The result is predictable: governance often lags behind implementation.

This is exactly the environment the DOJ’s ECCP increasingly expects organizations to manage. Prosecutors now ask whether compliance programs can identify and respond to evolving risks. They also ask whether organizations adequately understand the technologies they deploy and the risks those technologies create. In practical terms, the government is asking:
“Do you know where your Gonzos are?” Many organizations do not.

The Problem Is Not Innovation. It Is Uncontrolled Innovation.

Too many compliance discussions frame governance and innovation as opposing forces. That is incorrect. Good governance should enable innovation by allowing organizations to experiment responsibly. The objective is not to stop Gonzo from inventing new things. The objective is preventing Gonzo from accidentally detonating the theater during testing. This distinction becomes critical in AI governance.

Consider what often happens inside organizations:

• business units adopt generative AI tools without approval,
• employees upload sensitive data into external systems,
• procurement bypasses security review,
• automated decision systems are deployed without testing,
• vendors market “AI-powered” solutions nobody fully understands,
• and leadership assumes innovation itself justifies the risk.

That is not transformation. That is unmanaged operational exposure. Gonzo would absolutely deploy experimental AI tools without reading the documentation. He would also enthusiastically demonstrate them during a live performance before anyone completed legal review. Many companies are doing exactly that right now.

Shadow AI Is the Modern Gonzo Problem

One of the most significant emerging governance risks is shadow AI: technology adoption occurring outside formal oversight structures. This happens because innovation pressure rarely waits for policy development. Employees want efficiency. Business units want speed. Executives want results. Vendors promise competitive advantage. Eventually someone says:
“We cannot afford to fall behind.”

At that point, governance frequently becomes reactive instead of proactive. The compliance challenge is not preventing experimentation. It is creating governance structures that allow experimentation safely. This is why mature AI governance programs increasingly rely on:

• approved use-case inventories,
• risk-tiering frameworks,
• data-governance protocols,
• human oversight requirements,
• testing standards,
• escalation procedures,
• and continuous monitoring.

Or, stated differently:
someone needs to verify whether Gonzo’s cannon is aimed at the audience.

Innovation Requires Documentation

One of Gonzo’s defining traits is enthusiasm without paperwork. That creates a governance problem. The ECCP repeatedly emphasizes documentation, testing, continuous improvement, and evidence-based compliance. Organizations must demonstrate not merely that policies exist, but that controls operate effectively in practice.

Innovation functions often struggle here because innovation culture tends to prioritize speed over documentation. This creates dangerous blind spots:

• unclear accountability,
• undocumented approvals,
• undefined ownership,
• missing testing records,
• inconsistent monitoring,
• and inadequate escalation procedures.

If the organization cannot explain:

• why a technology was adopted,
• who approved it,
• how risks were assessed,
• what controls exist,
• and how effectiveness is monitored,

then the organization does not truly govern the technology. It merely hopes for the best. Hope is not a control.

Gonzo and the Myth of the Brilliant Exception

Another important compliance lesson emerges from Gonzo’s personality itself. Organizations often tolerate elevated risk from highly creative or high-performing individuals because leadership perceives them as uniquely valuable. This is a dangerous governance instinct.

Every major corporate failure eventually contains some version of:

• “We assumed he knew what he was doing.”
• “Nobody wanted to challenge the innovation team.”
• “They moved too fast for the controls.”
• “The business results were too good to slow down.”

In many organizations, innovation teams become culturally insulated from oversight because questioning them appears anti-progress or anti-growth. That is precisely when governance becomes most necessary. The role of compliance is not to suppress innovation. It is to ensure innovation remains accountable to the enterprise.

Gonzo should absolutely continue inventing things. But somebody must still ask:

• Was the system tested?
• Is the data reliable?
• Who owns the risk?
• What happens if the model fails?
• Is there human oversight?
• Can we explain the outcome?

Those questions are not barriers to innovation. They are what keep innovation from becoming litigation.

Continuous Monitoring: The “Day Two” Problem

One of the most overlooked governance failures occurs after deployment. Organizations frequently focus intensely on implementation but pay far less attention to ongoing monitoring. Yet most technology risks emerge over time through:

• model drift,
• scope expansion,
• vendor changes,
• data degradation,
• user workarounds,
• and control fatigue.

Gonzo perfectly represents this problem because he rarely revisits prior experiments. Once the cannon fires, he is already planning the next stunt. Modern compliance programs cannot operate that way. AI governance, digital governance, and innovation oversight require “Day Two” discipline:

• continuous testing,
• ongoing review,
• updated risk assessments,
• incident reporting,
• and remediation protocols.

The question is not merely: “Did the innovation work?” The real question is:
“Does the control environment still work six months later?” That is where mature governance separates itself from performative governance.

The Board’s Role in Innovation Governance

Boards increasingly face direct oversight expectations regarding technology and innovation risk. That means directors should ask:

• Do we have formal AI governance?
• Who owns innovation risk?
• How are emerging technologies reviewed?
• What testing standards exist?
• How do we monitor ongoing performance?
• What happens when innovation conflicts with compliance requirements?
• How quickly can issues be escalated?

These questions are no longer theoretical. Regulators increasingly expect boards and senior leadership to demonstrate understanding of operational technology risk, especially where AI, automation, or sensitive data are involved. In governance terms, the age of “let the technology team handle it” is over.

5 Key Takeaways for the Compliance Professional

1. Innovation is not the enemy of compliance.
   The real risk is innovation that operates outside governance structures, documentation, and accountability.
2. Shadow AI creates significant operational exposure.
   Organizations must identify and govern unauthorized or poorly supervised technology adoption.
3. Documentation is a governance control.
   If an organization cannot explain how a technology was approved, tested, monitored, and governed, it does not truly control the risk.
4. High-performing innovators still require oversight.
   Organizations should not exempt innovation teams from compliance expectations because they generate results or move quickly.
5. Governance continues after deployment.
   Continuous monitoring, testing, escalation, and remediation are essential to managing evolving technology and innovation risk.

From Gonzo to Animal

Gonzo teaches compliance professionals that innovation creates risk when governance cannot keep pace with experimentation. But there is another danger waiting behind innovation pressure: normalization of unmanaged operational chaos. That is where Animal enters the story.

Because eventually every organization encounters a moment when high-energy operational risk stops being an exception and starts becoming part of the culture itself. In Part 4, we will examine Animal as Chief Operating Risk Officer and what he teaches compliance professionals about operational volatility, escalation failures, crisis management, and the dangers of unmanaged high performers.