Author: admin

Categories
Blog

Building a Data-Driven Culture: A Compliance Imperative in the Age of AI

I recently read an article in the Sloan Management Review entitled “Building a Data-Driven Culture: Four Key Elements” by Ganes Kasari, founder and CEO at Tensor Planet. He posits that a data-driven culture is vital to success with AI projects, but shaping one involves many challenges. He suggests that learning how to build one from organizations that have made the journey engaging for employees is one approach to take. For compliance professionals, this is a critical issue. Compliance, risk management, and governance efforts may be ineffective if a company’s workforce does not instinctively turn to data when making decisions.

The Department of Justice’s (DOJ) 2024 Update on the Evaluation of Corporate Compliance Programs (2024 ECCP) has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But if an organization has not built a culture of data-driven decision-making, compliance will always be playing catch-up.

So, how do companies foster a data-driven compliance culture? Kasari says the answer lies in four key areas:

  1. Leadership Intervention
  2. Data Empowerment
  3. Collaboration
  4. Value Realization

Leadership Intervention: Setting the Tone from the Top

For a compliance program to be truly effective, proactive, and data-driven, leadership must take an active role in championing the importance of data in decision-making. Too often, executives fund compliance initiatives but delegate execution entirely to compliance and IT teams. The result? Employees still see compliance as someone else’s job rather than an integral part of business operations.

The DOJ has emphasized that compliance programs must have engaged leadership. That means:

  • Executives must communicate why data and AI are essential for compliance.
  • Leaders must use data themselves, modeling the behavior they expect from their employees.
  • Regular check-ins and accountability measures should ensure compliance is not just an IT issue but an enterprise-wide priority.

Concept in Action: Rewarding Compliance Innovation at DBS Bank

When DBS Bank launched its digital transformation initiative, CEO Piyush Gupta prioritized creating a culture that rewarded data-driven decision-making and innovation. In one case, an employee made a data-driven compliance decision, ultimately leading to a failed experiment. There was regulatory pressure to penalize the employee, but Gupta stepped in and awarded them instead—for trying, learning, and embracing the new compliance culture.

This kind of visible leadership support sends a powerful message: compliance isn’t just about avoiding penalties but also about building a smarter, more resilient organization.

Data Empowerment: Making Compliance Everyone’s Job

For compliance to be truly embedded in company culture, every employee, not just compliance officers, must be able to access, understand, and act on data.

This means focusing on three levels of readiness:

  1. Data Readiness – Ensuring high-quality data is available at the right time to the right people.
  2. Analytical Readiness – Training employees to interpret compliance data and make informed decisions.
  3. Infrastructure Readiness – Investing in AI-driven compliance tools, automation, and real-time risk monitoring systems.

Concept in Action: JPMorgan Chase and the DeepRacer Challenge

JPMorgan Chase wanted to upskill employees in AI and data analytics. Instead of boring compliance training sessions, the company introduced a global challenge using AWS DeepRacer, a competitive coding event where employees programmed autonomous vehicles to race.

Employees learned data analytics, AI programming, and machine learning principles while having fun. The result? Thousands of employees became data-literate, able to apply AI-driven insights to compliance, risk management, and fraud detection.

Collaboration: Breaking Down Compliance Silos

Too often, compliance sits in its bubble, siloed from business operations. However, in an AI-driven world, compliance must be embedded in every department, from finance and HR to product development and supply chain management.

A major barrier to compliance collaboration is language. Compliance teams often use technical jargon, while business teams use operational language. The result? Miscommunication, resistance, and confusion.

To fix this, compliance functions must invest in:

  • Cross-functional compliance training so business leaders understand compliance risks.
  • Compliance “translators”—employees who bridge the gap between compliance and business operations.
  • AI-powered compliance dashboards that translate risk into actionable business insights.

Concept in Action: Gulf Bank’s Data Ambassador Program

Gulf Bank wanted to embed data-driven compliance across its 1,800 employees. Instead of relying solely on compliance officers, the bank created a network of data ambassadors—employees across departments trained to champion compliance best practices.

The results were impressive: employees felt more ownership over compliance decisions, and the company saw a significant reduction in compliance violations.

Value Realization: Measuring and Celebrating Compliance Success

One of the companies’ biggest mistakes is treating compliance as a cost center rather than a value driver. Compliance isn’t just about avoiding fines—it’s about driving better business decisions.

To ensure compliance is seen as a competitive advantage, companies must:

  • Define clear KPIs to measure compliance impact.
  • Track and communicate compliance success stories internally and externally.
  • Tie compliance initiatives to tangible business outcomes (e.g., revenue growth, cost savings, enhanced brand reputation).

Concept in Action: AI-Powered Warehouse Compliance at a Logistics Firm

A cold chain logistics company struggled with inefficient warehouse scheduling, leading to regulatory fines and supply chain bottlenecks. The compliance team introduced an AI-driven scheduling system, analyzing weather data, shipment history, and supplier reliability to optimize deliveries.

The results?

  • 16% reduction in turnaround time
  • $1.2 million saved annually in avoided fines
  • Increased customer satisfaction

To celebrate this success, the company shared the story through internal newsletters, town halls, and webinars, ensuring that employees saw compliance as a strategic enabler rather than just a legal requirement.

Compliance in the Age of AI

The DOJ’s 2024 guidance has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But simply investing in AI tools isn’t enough. Companies must build a truly data-driven culture where compliance is instinctive, embedded, and embraced across all levels of the organization.

The key takeaways?

  1. Leadership must champion compliance—not just fund it.
  2. Compliance must be accessible, understandable, and actionable for all employees.
  3. Cross-functional collaboration is essential to break down compliance silos.
  4. Compliance success must be measured, celebrated, and tied to business impact.

In 2025 and beyond, companies that embed AI-driven compliance into their culture will not only avoid regulatory fines and penalties or even FCPA violations, but they will also gain a competitive edge in an increasingly complex business world.

Categories
FCPA Compliance Report

FCPA Compliance Report – DeepSeek and the Recalibration of Risk with Mike Huneke and Brent Carlson

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes back Mike Huneke and Brent Carlson for a special two-part podcast series on DeepSeek’s bombshell AI advancements announced on President Trump’s inauguration day. In Part 1, they review the business and compliance implications, and in Part 2, they consider the Sputnik Moment that has occurred.

In Part 1, they consider the immediate and significant repercussions in both the business and compliance landscapes. Key topics include the economic and geopolitical ramifications of DeepSeek’s innovations, changes in export control policies, and the unique compliance challenges AI technology poses. The discussion also examines how corporations can recalibrate their risk frameworks, integrate high-probability standards, and leverage data analytics to handle millions of transactions in a global economy. Emphasizing the importance of comprehensive compliance programs, the episode provides actionable insights for compliance professionals navigating this evolving landscape.

Key highlights:

  • DeepSeek’s AI Breakthrough
  • Economic and Compliance Implications
  • Export Controls and Legal Concerns
  • Compliance Strategies and Risk Management
  • Training and Organizational Culture

Resources

Mike Huneke

Hughes Hubbard & Reed website

Brent Carlson on LinkedIn

A Fresh Look at US Export Controls and Sanctions

DeepSeek Finds US Export Controls at a New ‘Sputnik Moment’ in Bloomberg.Law

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Introduction to Agentic AI for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we begin a look at Agentic AI and how it can be used in compliance.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Daily Compliance News

Daily Compliance News: February 3, 2025, The Division of Engagement and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Congress says Nvidia chip flow to China should be stopped. (WSJ)
  • The CCO Departure Bonus. (Cosmos)
  • WVU replaces DEI with “Dept. of Engagement and Compliance”. (12WBOY)
  • Will Trump DOJ drop corruption charges against NYC Mayor? (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Corruption, Crime and Compliance

The New Era of Compliance — Generative AI, Data and Innovation

The 1990s saw the explosion of the internet, transforming the global economy and social development in ways we could have never imagined. But will AI truly have the same impact? While its potential is undeniable, the road ahead is full of risks, challenges, and ethical concerns. Will AI drive efficiency and innovation, or will it create new vulnerabilities that companies must scramble to control?

In this episode of Corruption, Crime, and Compliance, Michael Volkov dives deep into the legal, ethical, and compliance challenges surrounding AI. He explores how businesses are navigating AI adoption, the risks they face, and the safeguards they must implement to protect themselves.

You’ll hear him discuss:

  • Why AI’s economic impact, while significant, may not match the transformative power of the internet
  • Goldman Sachs’ prediction that AI could add $7 trillion to global GDP over the next decade
  • The massive investments required to scale AI, from semiconductors and data centers to energy and infrastructure
  • How generative AI is reshaping industries by creating human-like content with limitless applications
  • The hidden dangers of AI, including misinformation, deepfakes, fraud, and identity theft risks
  • Why businesses are cautiously adopting AI while grappling with privacy, copyright, and security concerns
  • The importance of AI compliance programs to mitigate legal, ethical, and reputational risks
  • Best practices for companies to ensure AI-generated content is accurate, transparent, and responsibly used

Resources

Michael Volkov on LinkedIn | X (Twitter)

The Volkov Law Group

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
Sunday Book Review

Sunday Book Review: February 2, 2025 The Business Bribery in 2025, Part 2 Edition

In the Sunday Book Review, I consider books that would interest the compliance professional, the business executive, or anyone who might be curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest me. Today we conclude a two-part series on new books about bribery and corruption.

  1. Procurement Fraud and Corruption by Stephen Tosh
  2. Anti-Corruption in International Development by Ingrida Kerusauskaite
  3. Political Corruption and Corporate Finance by Quoc Trung Tran
  4. Managing Corruption by Wright Aloba

 Resources:

The Best New Corruption Books To Read In 2025 in Bookmark Authority

For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 31 – Leveraging Root Cause Analysis for Effective Compliance

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

In this final episode of our 31-day series, we dive into the importance of using root cause analysis for remediation in compliance programs. Emphasized by the ECCP and DOJ, an effective compliance program includes thorough root cause analysis to address misconduct and implement corrective actions. The process involves understanding who should perform the remediation, emphasizing independence and objectivity, integrating the information into solutions, and addressing deficiencies in internal controls. Key takeaways include using objective root cause analysis, effectively utilizing the information gathered, and implementing data-driven, repeatable solutions to prevent future issues. This episode provides valuable insights for compliance officers aiming to enhance their programs by focusing on root causes rather than just symptoms.

Key highlights:

  • Integrating Root Cause Analysis into Solutions
  • Regulatory Expectations and Internal Controls
  • Performing Effective Root Cause Analysis
  • Developing and Implementing Solutions

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Career Can D0

Podcasting for Business with Megan Dougherty

Have you ever considered creating a podcast to achieve your goals? What if your podcast could do more than just entertain—what if it could become a powerful tool to grow your business and establish your authority in your industry? In this episode of Career Can Do, Mary Ann Faremouth welcomes Megan Dougherty, co-founder of One Stone Creative, to explore the dynamic world of podcasting and how professionals can leverage it to build authority, engage their audience, and grow their business. Megan, a podcasting expert with years of experience, shares invaluable insights on how to strategically approach podcasting for maximum impact.

Podcasting is more than just a content creation tool; it’s a powerful platform for establishing thought leadership and nurturing relationships with your audience. Megan emphasizes the importance of clarity in your podcasting goals, saying, “Understanding why you’re podcasting and what success looks like for you is crucial. Whether it’s building relationships, generating leads, or growing an engaged community, having a clear purpose helps you stay focused.”

Choosing the right podcast format and style is essential to success. Megan advises that whether you opt for interviews, solo episodes, or panel discussions, your content should align with your strengths and audience preferences.

Engagement is the lifeblood of a successful podcast. Megan discusses how repurposing podcast content across multiple platforms can maximize reach and value. “A single podcast episode can fuel your content strategy across social media, blog posts, and email newsletters, helping you connect with different segments of your audience.”

Monetization opportunities exist in many forms, from sponsorships and partnerships to premium content and courses. Megan highlights that successful monetization strategies align with the podcast’s overall goals and audience needs. “If your podcast builds trust and delivers value, monetization becomes a natural extension of your efforts.”

For those looking to start or improve their podcasting journey, Megan suggests focusing on authenticity and long-term commitment.

By following Megan’s expert advice, aspiring podcasters can create meaningful content that resonates, builds credibility, and drives business success. Tune in to this episode to discover actionable tips and strategies that will help you take your podcast to the next level!

Resources

Megan Dougherty on the Web | LinkedIn | Get ”Podcasting for Business” book | Podcasting for Business conference

Mary Ann Faremouth on the Web | X (Twitter)

Categories
Presidential Leadership Lessons for the Business Executive

Herbert Hoover’s Rise, Part 2: The Challenges of Herbert Hoover’s Presidency

Who are our greatest Presidents? What lessons can the modern-day business leader learn from our 47 Chiefs of State? Welcome to a new season of this award-winning podcast series with Tom Fox and Richard Lummis to delve into the great and not so great Presidents to mine their successes and failures for today’s business executive. In this episode, Tom Fox and Richard Lummis begin a two-part series on the life and times of Herbert Hoover. In this Part 2, we look at the Hoover Presidency and his post-Presidential career.

The discussion highlights Hoover’s election, marked by passive campaigning and his involvement with the controversial ‘lily white strategy.’ The episode provides an in-depth analysis of the unprecedented economic challenges Hoover faced, including the stock market crash of 1929 and the ensuing Great Depression. Despite his well-intentioned policies, Hoover’s leadership style and experience were inadequate for dealing with the magnitude of the crisis. The episode looks at Hoover’s later years, including his post-presidency influence and public reception.

Key highlights:

  • Hoover’s Election and Early Presidency
  • The Onset of the Great Depression
  • Hoover’s Response to the Crisis
  • Public Works and the RFC
  • The Bonus Army and Public Backlash
  • Hoover’s Post-Presidency
  • Reflections on Hoover’s Legacy

Resources:

Herbert Hoover

UVA Miller Center-overview

Life Before Presidency

Work in Europe

As Secretary of State

Presidency

First Amendment and Supreme Court

Great Depression

Top Quotes

Brainy Quotes