Author: admin

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Implementing Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to implement an internal controls regime in your organization.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Great Women in Compliance

Great Women in Compliance – From Hotline to Headline: The DOJ’s Whistleblower Awards Reboot with Mary Inman and Liz Soltan

In this timely roundtable, Lisa and Hemma sit down with Mary Inman and Liz Soltan, two powerhouse advocates in the whistleblower legal space, to unpack the DOJ’s newly revised Corporate Whistleblower Awards (CWA) Pilot Program and its implications for the compliance community.

We also explore what makes whistleblowing work, how to support internal and external reporters, and why this moment may mark a turning point for global whistleblower engagement.

Highlights:

  • Mary and Liz break down the newly added DOJ priority areas
  • How the CWA Pilot Program could evolve into a DOJ equivalent of the SEC whistleblower program
  • Why organizational justice and psychological safety must be embedded into internal reporting systems.
  • How tips must result in asset forfeiture to trigger awards
  • Why do we need a speak-up culture, not just a hotline

Resources:

Biographies

Mary Inman

Partner, Whistleblower Partners LLP

Mary Inman is a seasoned attorney with over 30 years of experience representing whistleblowers under various U.S. programs, including the False Claims Act, SEC, CFTC, IRS, FinCEN, and NHTSA/DOT. After spending three years in London, she now focuses on international whistleblowers exposing misconduct with ties to the U.S. She assists clients in bringing claims to foreign regulators such as the Ontario Securities Commission and the Canada Revenue Agency.

Mary is renowned for her expertise in healthcare, tech, and financial services fraud. She has represented high-profile whistleblowers like Frances Haugen (Facebook) and Tyler Shultz (Theranos) and co-authored The Tech Workers’ Handbook, a guide for tech industry whistleblowers. Her advocacy extends to testifying before global governmental bodies, including the European Commission and UK Parliament, championing the effectiveness of U.S. whistleblower programs.

Mary holds a J.D. from the University of Pennsylvania Law School and has clerked for judges in both the U.S. District Court and the U.S. Court of Appeals for the Third Circuit. Outside of her legal work, she enjoys participating in her husband’s YouTube channel and spending time in northern Maine.

Liz Soltan

Associate, Whistleblower Partners LLP

Liz Soltan is an associate at Whistleblower Partners LLP, focusing on cases involving financial fraud, anti-money laundering, and sanctions evasion. Her notable work includes representing a foreign whistleblower in a FinCEN sanctions violation case concerning illegal sales to Russia. Liz also contributed to the landmark Medicare Advantage risk adjustment fraud case, United States ex rel. Poehling v. UnitedHealth Group, Inc.

Before joining Whistleblower Partners, Liz served as a Skadden Fellow at Community Legal Services of Philadelphia, where she was part of a team that secured $712 million in emergency food stamp benefits for 650,000 households during the COVID-19 pandemic. She earned her J.D. cum laude from Harvard Law School, where she led the Wage and Hour Practice Group at the Harvard Legal Aid Bureau and successfully argued a workers’ rights case before the Massachusetts Supreme Judicial Court. Liz completed her undergraduate studies at Cornell University, graduating summa cum laude with majors in history and Spanish.

Residing in Brooklyn, Liz maintains strong ties to her roots in Philadelphia. She enjoys participating in a fiction-only book club, exploring historical sites, and spending time with her husband, son, and their two cats, Alex Trebek and Vanna White.

Categories
Daily Compliance News

Daily Compliance News: June 4, 2025, The Climate Disaster Management Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, and general interest, all of which are relevant to the compliance professional.

Top stories include:

  • Tesla tells employees that poor culture is their responsibility. (WSJ)
  • More spy claims in HR SaaS battle. (FT)
  • AI and Thought Leadership. (FT)
  • What is climate disaster management?  (Bloomberg)
Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 3 – The Ethics of Control: Lessons from Where No Man Has Gone Before

In this episode of Trekking Through Compliance, we consider Where No Man Had Gone Before, which aired on September 22, 1966, Star Date 1312.4

Story

This is the first Star Trek episode produced (not counting the pilot episode, “The Cage“), although it was not the first to air. It differs from subsequent episodes in that there is no “Space, the final frontier” voice-over during the theme song at the beginning.

The Enterprise discovers a 200-year-old ship recorder from the SS Valiant near the galaxy’s edge. Shortly after, the Enterprise passes through an unknown phenomenon that causes major damage and knocks out navigators Gary Mitchell and Dr. Elizabeth Dehner (both of whom have high ESP ratings). When Gary recovers, he begins to acquire telepathic and telekinetic powers. Kirk, alarmed at the prospect of having his ship taken over by an increasingly powerful and tyrannical Mitchell, is convinced by Spock to maroon Mitchell at the lithium cracking plant of Delta Vega. Dr. Piper has no explanation for what is happening. Gary kills Lee Kelso and escapes from his imprisonment. Kirk follows him and can destroy him with the help of Dr. Dehner, who is also beginning to acquire the power, but she kills herself in the process.

Commentary

We take a deep dive into compliance lessons drawn from the episode’s plot, emphasizing the importance of root cause analysis, risk management, adaptability, ethical leadership, monitoring and controls, balancing innovation with safety, effective team communication, and understanding human behavior in the context of compliance. These lessons are crucial for building and maintaining effective organizational compliance programs.

Key highlights:

1. Emerging Risks—Early Signs Should Trigger Action, Not Complacency

🖖 Illustrated by: Gary Mitchell’s glowing eyes and ESP abilities appear shortly after the Enterprise crosses the galactic barrier.

The moment Mitchell begins reading faster, manipulating objects, and demonstrating control over the ship’s systems, it becomes clear that something is wrong. However, initial responses are muted, much like in many corporate environments where emerging risks are often downplayed. Compliance teams must be trained to take anomalies seriously, regardless of the individual’s charisma or seniority.

2. Leadership and Ethical Courage—Friendship vs. Responsibility

🖖 Illustrated by: Kirk’s emotional struggle to deal with Mitchell, his long-time friend.

Kirk hesitates—understandably so—because of his relationship with Mitchell. But ultimately, he chooses duty over sentiment. Compliance officers are often put in a similar position: when someone close to leadership violates ethical norms, will the organization take action? Ethical courage means prioritizing institutional integrity over personal comfort.

3. Power Without Accountability—Why Guardrails Matter

🖖 Illustrated by: Mitchell’s growing powers and his assertion of superiority over the crew.

With no checks on his abilities, Mitchell quickly develops a god complex. This is a chilling representation of what happens when key employees, such as CFOs, procurement officers, or engineers, operate without oversight. Just because someone is brilliant or “indispensable” doesn’t mean they’re beyond the reach of your compliance program.

4. Escalation Protocols and the Role of Outside Advisers

🖖 Illustrated by: Spock’s insistence that Mitchell be isolated and marooned.

Spock plays the role of outside counsel, offering unemotional advice grounded in logic. Every company needs this voice. Internal politics often cloud judgment; a good compliance officer, like Spock, keeps the focus on what must be done to protect the enterprise. His advice to act decisively is what ultimately saves the crew.

5. Shared Risk and Collective Action—The Role of Allies in Enforcement

🖖 Illustrated by: Dr. Dehner’s decision to sacrifice herself to stop Mitchell.

Dehner, who initially defends Mitchell, comes to see the threat he poses and joins Kirk in neutralizing him. Her journey mirrors that of employees who shift from enabling bad behavior to becoming whistleblowers or allies in enforcement. Compliance success depends on empowering people like Dehner to act before it’s too late.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The AI Revolution in Regulatory Change Management

Recently, I had the opportunity to visit with John Byrne, the CEO at Corlytics. You can listen to the podcast here. Every compliance professional understands that regulatory change management is one of the most complex, labor-intensive, and time-consuming tasks within any organization. Regulations emerge continuously, each bringing extensive new obligations that ripple across multiple business units, policies, and control frameworks. Compliance teams historically faced daunting timelines, sometimes taking an entire year to fully analyze, interpret, and implement changes in business operations. However, innovations in technology are dramatically reshaping this landscape. Imagine compressing twelve months of arduous regulatory adjustments into mere moments. This is no longer just aspirational thinking; it is reality.

In today’s post, we’ll examine the traditional complexities around regulatory change management, how cutting-edge technology is radically streamlining this process, and highlight five critical lessons compliance professionals can leverage to optimize their organization’s responsiveness to regulatory developments.

Lesson 1: Understand the Traditional Challenges of Regulatory Change

Before appreciating modern solutions, it’s crucial to acknowledge historical complexities. Significant regulatory initiatives, such as MiFID II and Dodd-Frank, have dramatically reshaped the compliance landscape, demanding extensive recalibration. For example, MiFID II significantly impacted the Financial Conduct Authority’s (FCA) handbook, altering roughly 40% of its content. Such sweeping regulatory changes ripple throughout an organization, affecting various business functions, including operations, risk management, and compliance.

Traditionally, each of these changes required meticulous manual analysis, dissemination across multiple departments, and comprehensive impact assessments. Compliance teams had to painstakingly map how regulatory shifts affected their business model, risk frameworks, internal controls, and policies, typically involving months of collaboration, interpretation, and documentation.

Lesson 2: The Importance of Cross-Functional Collaboration

Managing significant regulatory changes is not a solitary compliance exercise. It demands deep cross-functional collaboration between compliance, risk, legal, operations, and business leaders. Historically, compliance teams coordinated painstakingly with each business unit to understand regulatory impacts and necessary adjustments.

This cross-functional coordination ensured a comprehensive understanding of the business and a successful implementation. Yet, manually driven communication meant the process was slow and prone to misunderstandings. A robust, streamlined mechanism to align diverse departments swiftly is now not only beneficial but essential. Compliance professionals must embrace strategies and technologies that facilitate rapid, precise, and accurate cross-departmental collaboration.

Lesson 3: Assessing Risk—Beyond Just Understanding Changes

It is not sufficient merely to understand regulatory changes; one must also apply them effectively. Compliance teams must rigorously assess how these changes influence organizational risk profiles. Each regulatory adjustment brings new risks or modifies existing ones. Historically, comprehensive risk assessments involved extensive discussions and manual reviews, taking months to identify, classify, and appropriately mitigate emerging threats.

Advanced technology can dramatically accelerate and automate this critical phase. Modern systems enable compliance professionals to model potential regulatory impacts instantaneously, revealing dynamic insights into evolving risk landscapes. Adopting such real-time analytical capabilities significantly enhances compliance teams’ ability to manage emerging threats proactively.

Lesson 4: Implementing and Updating Controls and Policies Efficiently

Once compliance professionals understand the regulatory implications and associated risks, the next challenge is to adjust internal controls and policy frameworks accordingly. Typically, senior executives across risk, compliance, and legal functions painstakingly review, adjust, and approve these critical documents. Implementation, followed by extensive training and communication, added significantly to the process time.

The transition from manual to automated processes is transformative here. Imagine a scenario where changes to policies, procedures, and controls are instantly drafted, reviewed, and documented, allowing senior compliance and risk leaders to validate adjustments swiftly. Such automation dramatically reduces operational disruption, enhances accuracy, and enables compliance professionals to focus strategically rather than getting bogged down in administrative minutiae.

Lesson 5: Leveraging Technology for Real-Time Regulatory Compliance

Perhaps the most groundbreaking shift in regulatory change management is transitioning from manual, slow-moving processes to leveraging AI and automation tools capable of real-time responses. The technology described, for instance, compresses extensive manual processes, such as marking up regulatory documents and determining future obligations, into seconds, thereby enabling rapid adjustments to controls and procedures.

Imagine: within moments of identifying a new regulatory requirement, compliance teams instantly understand the implications across obligations, policies, and internal controls. The immediate efficiency, traceability, and accuracy this provides are profound. It represents a paradigm shift in compliance effectiveness and agility, transforming compliance from a reactive, slow-moving department into a nimble, strategic powerhouse capable of proactively safeguarding organizational integrity and regulatory adherence.

Conclusion: Embracing the Future of Compliance

For compliance professionals, the transformative potential of real-time regulatory change management is immense. The era of manual, drawn-out compliance adjustments is rapidly fading, replaced by swift, technology-driven processes offering unprecedented accuracy, responsiveness, and strategic value.

To remain competitive and compelling, compliance teams must proactively adopt and leverage these technological advancements to stay ahead of the curve. Real-time analytics, dynamic traceability, and instantaneous updates to controls and policies allow compliance professionals to move from reactive gatekeepers to proactive business enablers. Ultimately, organizations adopting these innovative approaches will experience significantly reduced compliance risks, greater operational efficiencies, and enhanced strategic decision-making capabilities.

Compliance leaders must act now by exploring, testing, and deploying technologies that enable rapid and accurate responses to regulatory shifts. Those who succeed will not only dramatically enhance their compliance effectiveness but will solidify their role as indispensable strategic partners within their organizations, capable of guiding businesses confidently through the ever-changing regulatory landscape.

Categories
Blog

Where No Compliance Has Gone Before: Power, Ego, and the Ethics of Control

Show Summary

Here, we board the Enterprise as it breaches the edge of the galaxy and the boundaries of its ethical power. When a mysterious force transforms navigator Gary Mitchell into a godlike being with unchecked telepathic abilities, his rapid descent into tyranny presents a sobering metaphor for the compliance professional. With rising powers come rising risks, and Kirk must choose between loyalty to a friend and duty to his crew. We break down the five key compliance takeaways from ‘Where No Man Has Gone Before,’ showing how early-stage risk, power imbalances, and ethical hesitation can transform even trusted employees into existential threats to your organization.

Key Highlights and Star Trek Case Studies

1. Emerging Risks—Early Signs Should Trigger Action, Not Complacency

🖖 Illustrated by: Gary Mitchell’s glowing eyes and ESP abilities appear shortly after the Enterprise crosses the galactic barrier.

The moment Mitchell begins reading faster, manipulating objects, and demonstrating control over the ship’s systems, it becomes clear that something is wrong. However, initial responses are muted, much like in many corporate environments where emerging risks are often downplayed. Compliance teams must be trained to take anomalies seriously, regardless of the individual’s charisma or seniority.

2. Leadership and Ethical Courage—Friendship vs. Responsibility

🖖 Illustrated by: Kirk’s emotional struggle to deal with Mitchell, his long-time friend.

Kirk hesitates because of his relationship with Mitchell. But ultimately, he chooses duty over sentiment. Compliance officers are often put in a similar position: when someone close to leadership violates ethical norms, will the organization take action? Ethical courage means prioritizing institutional integrity over personal comfort.

3. Power Without Accountability—Why Guardrails Matter

🖖 Illustrated by: Mitchell’s growing powers and his assertion of superiority over the crew.

With no checks on his abilities, Mitchell quickly develops a god complex. This is a chilling representation of what happens when key employees, such as CFOs, procurement officers, or engineers, operate without oversight. Just because someone is brilliant or “indispensable” doesn’t mean they’re beyond the reach of your compliance program.

4. Escalation Protocols and the Role of Outside Advisers

🖖 Illustrated by: Spock’s insistence that Mitchell be isolated and marooned.

Spock plays the role of outside counsel, offering unemotional advice grounded in logic. Every company needs this voice. Internal politics often cloud judgment; a good compliance officer, like Spock, keeps the focus on what must be done to protect the enterprise. His advice to act decisively is what ultimately saves the crew

5. Shared Risk and Collective Action—The Role of Allies in Enforcement

🖖 Illustrated by: Dr. Dehner’s decision to sacrifice herself to stop Mitchell.

Dehner, who initially defends Mitchell, comes to see the threat he poses and joins Kirk in neutralizing him. Her journey mirrors that of employees who shift from enabling bad behavior to becoming whistleblowers or allies in enforcement. Compliance success depends on empowering people like Dehner to act before it’s too late.

Final ComplianceLog Reflections

Where No Man Has Gone Before gives us a blueprint for compliance at the edge of the unknown. It reminds us that rapid change, whether driven by new technology, new hires, or new business environments, demands rapid and courageous compliance responses. Waiting too long to act can mean the difference between course correction and catastrophe.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Upping Your Game

Upping Your Game – Harnessing AI to Revolutionize Third-Party Risk Management

In February, the Trump Administration suspended investigations under and enforcement of the FCPA. Many compliance professionals have since wondered what this will mean for corporate compliance programs going forward. Hui Chen challenged compliance professionals with the statement, “It’s time to up your game.”

This podcast series, sponsored by Ethico and co-hosted by Ethico co-CEO Nick Gallo, aims to meet Hui Chen’s challenge for compliance professionals. We will discuss how compliance professionals can ‘Up Their Game’ by utilizing currently existing Generative AI (GenAI) tools to significantly enhance their compliance programs. As compliance professionals, it is crucial to recognize that this moment is not merely about incremental improvements but about elevating our profession to an entirely new level of effectiveness, efficiency, and organizational value.

In this episode, Tom and Nick delve into the transformative potential of AI in mitigating third-party compliance risks. They discuss the inherent limitations of traditional compliance methods, which are often reactive and manual. The conversation highlights how AI can streamline processes, minimize false positives, and boost efficiency by offering real-time monitoring and data analysis. They also highlight the broader business value of AI, which can expedite onboarding, enhance risk identification, and ultimately drive greater return on investment (ROI). They conclude that the importance of investing in AI training for compliance teams lies in staying ahead of the curve and maximizing the benefits of these emerging technologies.

Key highlights:

  • Challenges in Third-Party Risk Management
  • AI as a Game Changer
  • Types of Third-Party Risks
  • Business Value of AI in Compliance
  • Innovations and Tools in AI
  • Practical Applications and Examples

Resources:

Upping Your Game-How Compliance and Risk Management Move to 2030 and Beyond on Amazon.com

Nick Gallo on LinkedIn

Ethico

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 3, 2025, The $500MM for Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, and general interest, all of which are relevant to the compliance professional.

Top stories include:

  • Google to invest $ 500 million in compliance. (Reuters)
  • An alternative to the Compliment Sandwich. (BI)
  • Visa, Mastercard probe in EU widens. (Reuters)
  • Adani to face new scrutiny over Iranian shipments.  (Bloomberg)
Categories
Innovation in Compliance

Innovation in Compliance: Integrating AI in Compliance and Risk Management with Jana Brost

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Jana Brost, COO at myCOI, the sponsor of this podcast.

They chat about the intersection of compliance, risk management, and AI. Jana discusses her background in high-growth business process outsourcing and data analysis, as well as her journey to joining my company. She explains the concept of Certificates of Insurance (COIs) and their importance in managing risk for companies. The conversation examines how myCOI empowers vendors and owners to manage their insurance requirements more efficiently through the use of AI, highlighting key industry trends and the impact of AI on speed, accuracy, and user experience. Jana also discusses the future of AI in risk management and its potential to enhance employee engagement and foster a positive company culture.

Key highlights:

  • Understanding COIs in Construction
  • Risk Management and Insurance
  • Evolution of COI Management with AI
  • AI’s Impact on Vendors and Owners
  • Customer Expectations and AI
  • Future of AI and Company Culture

Resources:

Jana Brost on LinkedIn

myCOI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Risk Assessments and Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to use a risk assessment to provide a structured approach to establishing effective internal controls.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.