Author: Admin

Categories
Blog

Culture, Controls, and Consequences: Why Compliance Should Address Abuse Before It Escalates

When we discuss “fraud, waste, and abuse” in the corporate compliance world, fraud often takes center stage. Fraud is the deliberate deception of knowingly submitting false information for personal or corporate gain. Waste is easier to define: the careless or inefficient use of resources. But abuse? Abuse sits in that murky middle ground. It may not rise to the level of criminal fraud. Still, it represents conduct that undermines the ethical framework of the organization and erodes trust in systems designed to manage risk.

In many ways, abuse is the most insidious of the three. It thrives in the shadows, often justified by employees as “harmless” or “making up for what the company owes me.” Yet left unchecked, abuse not only costs organizations real money but also paves the way for outright fraud. One of the clearest examples of abuse today lies in employee expense reimbursement, a process now under siege by the rise of AI-generated fake receipts.

Today, we continue our week-long exploration of the role of a Chief Compliance Officer (CC) and corporate compliance function in fighting fraud, waste, and abuse. Today, we explore what abuse means, how expense reimbursement schemes illustrate the problem, why weak controls allow abuse to metastasize into fraud, and what compliance professionals can do to address it. We use a real-world example of AI creating fraudulent expense reimbursements to demonstrate how the task has become more difficult and why a corporate compliance function must be even more vigilant.

Defining Abuse in the Compliance Framework

Abuse is often defined as the use of authority, processes, or resources in a manner that is inconsistent with accepted business practices, resulting in unnecessary costs or unfair advantages. Unlike fraud, abuse does not always involve intent to deceive. Instead, it often reflects opportunistic behavior, such as stretching policies to personal advantage, exploiting loopholes, or rationalizing misconduct.

In the context of compliance, abuse is the “gateway drug” to fraud. An employee who casually exploits the expense system, rounding up mileage, submitting duplicate claims, or fabricating receipts for lost expenses, may start with small infractions. But over time, the lack of consequences emboldens greater misconduct.

One only needs to look back at the sordid story of GSK in China to recall that employee expense reimbursement can lead to catastrophic consequences for an organization.

Expense Reimbursement Abuse: The AI-Receipt Problem

As the New York Times (NYT) recently reported, employees are increasingly turning to generative AI tools to create realistic fake receipts. This is abuse in action. It often begins innocently enough: an employee loses a legitimate receipt and turns to an AI chatbot to recreate it. They may even rationalize the act as necessary to be reimbursed for actual money spent.

But the abuse does not stop there. Once the employee realizes the system can be gamed and that compliance or finance fails to detect the fraud, they repeat the behavior. In one case, an employee submitted AI-generated receipts for hotels and airfare in Bangkok, despite never traveling there.

The ACFE in its most recent Report to the Nations confirms the scale of the issue:

  • 13% of occupational fraud cases involve inflated or invented expenses.
  • Median loss per case: $50,000.
  • 30% of fraudulent receipts detected by one major auditing tool are now AI-generated.

What makes this a prime example of abuse is not just the false documentation. It is the culture of permissiveness that allows employees to cross the line between mistake, abuse, and eventually fraud.

How Lack of Controls Fuels Greater Fraud

The absence of strong internal controls around expense reimbursement is fertile ground for abuse. Companies that rely on manual review or outdated systems may not be equipped to detect sophisticated fakes. AI has supercharged this risk. Where once an employee might need Photoshop skills to doctor a receipt, now anyone with a chatbot can generate a convincing fake in seconds.

Weak controls create three distinct risks for compliance:

1. Normalization of Misconduct

Employees who “get away” with small abuses normalize this behavior, eroding ethical culture. “Everyone does it” becomes the rallying cry.

2. Escalation to Fraud

Abuse begets fraud. What begins as recreating a lost taxi receipt morphs into fabricating entire trips, complete with hotels, meals, and airfare never taken.

3. Regulatory and Legal Exposure

Inflated or fabricated expense claims, especially involving government contracts or international operations, can trigger False Claims Act liability, FCPA scrutiny, or other regulatory action.

Ultimately, compliance officers should view expense reimbursement abuse as more than an administrative nuisance. It is a leading indicator of deeper cultural weakness and a flashing red light for greater fraud risk.

Building a Compliance Response

How should compliance professionals address abuse in expense reimbursement systems? Three principles stand out:

  • Leverage Data and Technology: Just as employees use AI to fabricate receipts, compliance teams must deploy AI to detect them. Expense auditing platforms now compare metadata, font spacing, and behavioral patterns to identify suspicious submissions.
  • Strengthen Policy and Training: Clear guidance is essential. Employees should know that even “recreating” a lost receipt is prohibited, and repeated violations will trigger disciplinary action. Training should emphasize that abuse is not a victimless act; it drains resources and undermines trust.
  • Promote a Speak-Up Culture: Abuse thrives in silence. Anonymous hotlines, visible accountability, and consistent follow-through on reports send the message that integrity matters.

Five Key Takeaways for Compliance Professionals

1. Abuse Is the Gateway to Fraud

Abuse often sits in the gray space between negligence and intentional misconduct. An employee may rationalize using a fake receipt as a harmless way to recover legitimate expenses, but once this behavior is accepted, it erodes the organization’s integrity. Abuse teaches employees that rules can be bent without consequence. Over time, this rationalization escalates, leading to outright fraud. Compliance professionals must recognize abuse not as minor misconduct but as the earliest sign of a deeper cultural problem. Treating abuse seriously, through policy, training, and accountability, prevents small acts of dishonesty from snowballing into systemic fraud that damages the enterprise.

2. Expense Reimbursement Abuse Is Rising

Expense abuse has always been a problem, but the introduction of generative AI has made it easier and more scalable. Employees no longer need technical expertise in Photoshop to fabricate documents. Today, they can generate convincing receipts in seconds, often indistinguishable to the human eye. Cases of employees submitting AI-generated receipts for trips never taken highlight just how quickly this abuse can escalate. For compliance teams, this shift means that traditional manual review is no longer enough. Organizations must anticipate that abuse in expense systems is increasing both in volume and sophistication, and they must respond accordingly.

3. Weak Controls Enable Misconduct

Compliance professionals recognize that robust internal controls are the foundation of effective fraud prevention. When expense systems lack proper oversight, they create opportunities for abuse to thrive. Employees quickly learn where controls are lax, whether through inconsistent auditing, inadequate documentation requirements, or poor segregation of duties. Without strong controls, small abuses go unchecked, and employees feel emboldened to escalate their misconduct. Worse still, regulators may interpret weak controls as evidence of willful blindness or negligence, thereby exposing companies to additional liability. Compliance officers must ensure expense reimbursement processes are fortified with modern controls that prevent, detect, and remediate abuse at every level.

4. Technology Must Match the Threat

The same tools employees use to commit expense abuse can be harnessed by compliance to stop it. AI-generated receipts may look convincing, but advanced auditing tools can detect subtle inconsistencies in formatting, metadata, and behavioral patterns. Expense management platforms now deploy machine learning to flag unusual submissions, such as repeating server names or meals in fabricated restaurant receipts. Compliance professionals must advocate for investment in these technologies to stay ahead of evolving threats. Without matching technology to the risk, organizations remain vulnerable. Ultimately, AI must be part of the compliance toolbox to counteract the AI-enabled abuse already occurring.

5. Culture Is the Ultimate Control

No amount of technology or policy will succeed without a culture that values accountability. Abuse thrives in environments where misconduct is ignored, rationalized, or dismissed as “just the cost of doing business.” By contrast, cultures where leadership models ethical behavior, encourages reporting, and rewards integrity create natural barriers to abuse. Compliance must work hand in hand with leadership to embed accountability into daily operations. When employees see that even small abuses are addressed, they understand the seriousness of compliance expectations. A healthy culture sends the clearest message: abuse will not be tolerated, and integrity is non-negotiable.

Abuse Is Fraud’s Precursor

Fraud, waste, and abuse are often discussed as a package, but compliance professionals must pay special attention to abuse. It is the gray zone where rationalizations take root, where misconduct begins small, and where organizational culture is tested. Expense reimbursement systems offer a cautionary tale: without proper controls and accountability, abuse can quickly evolve into systemic fraud.

Compliance officers who ignore abuse risk far more than inflated receipts. They risk cultivating an environment that fosters fraud. The lesson is clear: treat abuse as seriously as fraud, because in practice, one leads inexorably to the other.

Categories
Word of the Week

Word of the Week: Composure

Each week, Kenneth O’Neal discusses a word that describes a principle or value of the Qualities of Success. We suggest that you use the Word of the Week in your thoughts, deeds, and actions. You might currently possess the quality and desire to develop it to a higher level.  You could replace a bad habit with a good habit. Write an action step and use it daily to develop the Quality in your life. In this episode, Kenneth discusses the word – Composure.

Rick and Kenneth explore the meaning and importance of composure. They discuss how composure is defined, its roots, and why it’s a vital quality in leadership and daily life. Through historical and modern examples, from Abraham Lincoln to Sully Sullenberger, they illustrate how composure under pressure can inspire trust and lead to better outcomes. The hosts also share practical tips for cultivating composure and self-control, and reflect on people in their own lives who embody this trait.

Highlights:

  • The Meaning and Roots of Composure
  • Qualities of Composed People
  • Emotional Balance & Conflict Resolution
  • How to Develop Composure
  • Personal Reflections

Resources:

KRONEAL Consulting

Categories
Daily Compliance News

Daily Compliance News: September 9, 2025, The End of Enforcement Sprint Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top stories include:

  • Abramovich is under investigation in the Isle of Jersey. (The Guardian)
  • Former Head of Security for WhatsApp Sues Meta. (NYT)
  • CFTC ends Enforcement Sprint. (Compliance Week)
  • Brazil cracks down on fraud in fuel and fintech. (Bloomberg)
Categories
Compliance Tip of the Day

Compliance Tip of the Day – Tackling Corporate Waste with Data-Driven Solutions

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our look at fighting fraud, waste, and abuse. Today, we take a deep dive into waste and how compliance can help to fight it.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
AI Today in 5

AI Today in 5: September 9, 2025, The Investor Frenzy Continues Episode

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Innovation in Compliance

Innovation in Compliance: Navigating Cybersecurity Compliance: From Physical Audits to AI Frameworks with Lori Crooks

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox visits with Lori Crooks, a seasoned professional in the field of cybersecurity and audit assessments, to discuss the evolution of auditing practices from physical infrastructure to cloud and AI.

Lori shares insights from her extensive career, highlighting key federal compliance frameworks like NIST 800-53, FedRAMP, and NIST 800-171. Lori stresses the importance of proactive compliance strategies and scalable GRC programs. As AI integration accelerates, she also addresses the challenges of adapting compliance frameworks to keep pace with technological advancements and the need to foster collaboration within organizations to effectively meet regulatory requirements.

Key highlights:

  • Federal Auditing Frameworks
  • Proactive Compliance Strategies
  • Scalable GRC Programs
  • AI and Compliance Landscape
  • Future of Auditing in the Age of AI

Resources:

Lori Crooks on LinkedIn

Cadra

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Check out my latest book, Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Blog

Culture, Costs, and Compliance: Tackling Corporate Waste with Data-Driven Solutions

When compliance professionals hear the phrase “fraud, waste, and abuse,” their attention almost always gravitates toward the concept of fraud. Fraud makes headlines, triggers DOJ enforcement actions, and carries obvious reputational risk. But waste, the second component in that trio, costs corporations millions of dollars annually and often goes unnoticed. Waste is not always the result of intentional misconduct. Instead, it is the unnecessary, careless, or inefficient use of resources.

Left unchecked, waste can sap profits, drain morale, and erode organizational culture. Worse, it creates vulnerabilities that open the door to fraud and abuse. As compliance officers, we have a role to play in combating waste, not just as a financial drain, but also as a risk factor that undermines long-term business sustainability.

We continue our review of the role of compliance in combating fraud, waste, and abuse. Today, we consider the role of compliance in the fight against waste. One of the most promising tools in this fight is predictive analytics. We review how Shell used predictive analytics to transform its maintenance programs and discuss how compliance officers can harness these same principles to anticipate, identify, and prevent waste before it spirals into a major liability.

What Is Waste?

Waste is the misuse of corporate resources without necessarily crossing the line into fraud. It may include:

  1. Excessive travel or entertainment expenses.
  2. Over-maintenance of equipment that does not need servicing.
  3. Duplication of tasks due to poor communication.
  4. Paying for unused licenses, subscriptions, or services.
  5. Poorly designed processes that consume time and labor unnecessarily.

Unlike fraud, waste is not always intentional. An employee may not realize that expensing unnecessary upgrades or double-booking a supplier constitutes waste. Yet the cumulative impact is enormous. According to industry surveys, corporate waste can cost companies millions annually, and much of it is preventable through better monitoring and smarter resource allocation.

The Cost of Waste

Waste rarely grabs headlines, but its financial impact is staggering. Consider how often corporations schedule routine maintenance on equipment, even when it is not actually needed. The expense of replacing parts “on schedule” rather than based on actual performance data runs into the billions across industries. Similarly, compliance functions themselves can generate waste by deploying broad, unfocused training or redundant audits instead of targeting resources where they matter most.

Waste also undermines culture. Employees who see inefficiencies tolerated may conclude that the company does not take stewardship seriously. This normalization can spread: if no one cares about wasted money, why should they care about ethical gray zones? In this way, waste weakens the very cultural foundation compliance programs are designed to strengthen.

Lessons from Shell: Predictive Analytics and Maintenance

Shell provides a vivid example of how predictive analytics can transform waste into efficiency. Historically, Shell relied on calendar-based maintenance schedules, servicing equipment at predetermined intervals regardless of actual wear and tear. While effective in preventing breakdowns, this method was wasteful, resulting in unnecessary part replacements, downtime, and inefficient resource allocation.

By adopting predictive analytics, Shell embedded sensors across its global assets, collecting real-time data on vibration, temperature, and pressure. Machine learning models analyzed this data to detect anomalies, allowing Shell to service equipment only when necessary—the result: reduced downtime, lower costs, and improved reliability.

The compliance parallel is clear. Just as Shell transitioned from reactive repairs to predictive maintenance, compliance must also shift from reactive investigations to proactive monitoring. Waste in compliance, whether in resources, training, or oversight, can be dramatically reduced when programs are data-driven and predictive rather than static and calendar-based.

The Compliance Angle: Why Waste Matters

Waste is not just an operational issue. It is a compliance issue for three reasons:

  1. Regulatory scrutiny: Regulators are increasingly expecting companies to utilize data-driven tools to ensure efficiency and accountability. Wasteful practices, particularly in government contracting, can lead to legal exposure.
  2. Fraud adjacency: Waste creates gray areas that fraudsters exploit. If duplicate payments or unused services go unnoticed, bad actors can hide fraudulent charges within the noise.
  3. Cultural risk: Tolerating waste sends a signal to employees that accountability is negotiable. This undermines compliance culture and makes it harder to enforce policies consistently.

How Compliance Can Fight Waste

1. Leveraging Predictive Analytics

Compliance officers can use predictive analytics to spot wasteful spending patterns, such as duplicate vendor payments, recurring unused subscriptions, or expense anomalies. By analyzing large datasets in real-time, predictive analytics reveals inefficiencies that traditional audits often miss.

2. Targeting Resources

Much like Shell’s predictive maintenance conserved resources, compliance can use analytics to deploy training, audits, and investigations where they are most needed. This prevents the waste of blanket initiatives that consume time and budget without addressing real risk.

3. Building Proactivity into Culture

Predictive analytics fosters a culture of proactivity rather than reactivity. Employees learn to anticipate risks and inefficiencies before they escalate, creating a compliance culture that values stewardship of resources alongside ethical conduct.

4. Enhancing Decision-Making

Predictive models provide compliance leaders with actionable insights that sharpen their decision-making. Instead of guessing where to allocate limited resources, compliance officers can point to data-driven evidence, increasing credibility with leadership.

5. Continuous Improvement

Just as Shell recalibrates its predictive models with real-world data, compliance must treat waste reduction as a continuous improvement process. Predictive models should evolve in tandem with business practices, regulatory shifts, and emerging risks.

Five Key Takeaways for the Compliance Professional

1. Waste Is More Than Inefficiency

Waste is the misuse of resources, whether intentional or not, and it costs corporations millions annually. Beyond financial impact, tolerating waste erodes culture and creates openings for fraud.

2. Predictive Analytics Reduces Waste

Just as Shell cut costs and improved reliability through predictive maintenance, compliance programs can use predictive analytics to identify inefficiencies, anticipate risks, and allocate resources effectively.

3. Compliance Has a Role in Fighting Waste

Waste may appear to be an operational issue, but it is also a compliance issue. Regulators expect efficient use of resources, and unchecked waste can conceal fraud or abuse.

4. Proactivity Strengthens Culture

Predictive analytics fosters a proactive compliance culture that anticipates risks and addresses them before they escalate, reinforcing accountability and resource stewardship.

5. Continuous Improvement Is Key

Predictive analytics and waste reduction are not one-off projects. Compliance must continuously reassess data, refine models, and adapt to evolving risks to remain effective and credible.

Conclusion

Waste may not carry the same drama as fraud or abuse, but it represents a critical vulnerability for corporations. The financial cost is real, the cultural cost is corrosive, and the compliance implications are significant.

By taking a page from Shell’s predictive analytics playbook, compliance officers can transform their programs from passive monitors to proactive risk managers. Predictive analytics enables compliance to identify inefficiencies before they escalate, conserve resources, and enhance credibility with leadership. Most importantly, it positions compliance as a strategic partner in building a culture of accountability and efficiency.

In today’s environment, where regulators demand real-time monitoring and organizations face constant pressure to do more with less, fighting waste is not optional. It should be a compliance imperative.

Categories
Corruption, Crime and Compliance

[Replay] Five Strategies to Mitigate a New Risk Environment

What do you do when the headlines shift faster than your risk matrix can keep up? In this episode, Michael Volkov dives into the challenge of adapting compliance programs in the face of volatile and fast-changing global risks—from tariffs and trade controls to supply chain disruptions and third-party exposures. While the pressure to react is constant, the real key is staying anchored in your company’s values while making smart, timely adjustments.

Legal and compliance officers are used to adjustments and continuous improvement of their compliance programs. Building and maintaining an effective ethics and compliance program never ends — it is a continuous process. In a climate of rapid change, the strategies may feel familiar, but the risks themselves are taking new shape. To that end, Michael outlines five specific strategies for evolving your compliance program without losing your footing.

You’ll hear him discuss:

  • Why culture isn’t just a buzzword—it’s the first and most critical line of defense in volatile times
  • How to run a quick-turn, focused risk assessment to identify new hotspots like sanctions, tariffs, and supply chain gaps
  • The rising danger of indirect exposure to foreign terrorist organizations and cartels through third parties
  • What companies need to know about tariff classification, scope, and enforcement to avoid legal and economic penalties
  • Why sanctions and export controls enforcement is heating up—and what that means for your global operations
  • How to recalibrate third-party risk management to account for trade-based threats and hidden ownership structures

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Daily Compliance News

Daily Compliance News: September 8, 2025, The Using AI to Detect AI Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest that are relevant to the compliance professional.

Top stories include:

  • Clawing back illegal tariffs. (WSJ)
  • Using AI to detect AI-generated fake receipts. (NYT)
  • China launches corruption probe into top securities regulator. (FT)
  • Corrupt country leader, the US welcomes you. (PBS)
Categories
FCPA Compliance Report

FCPA Compliance Report – Exploring Compliance, in the US and Nigeria with Adeyinka Adejugbe

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, join Tom as he interviews Adeyinka Adejugbe, a seasoned business lawyer and compliance expert, to discuss his professional journey and insights into compliance frameworks across various industries and countries.

Adeyinka is a business lawyer, HR specialist, and certified chief compliance officer with an MBA. He has extensive experience across various industries and is passionate about creating systems of fairness and accountability. Adeyinka shares his experiences and the importance of tailoring compliance strategies to specific sectors, as well as the role of leadership in fostering a culture of ethical conduct and psychological safety.

Key takeaways highlights:

– 🌍 The importance of aligning compliance strategies with industry-specific needs.

– 📚 Insights into the differences and similarities between Nigerian and US compliance frameworks.

– 🚀 The role of AI and technology in the future of compliance.

– 🛡️ The significance of whistleblower protection in fostering a safe work environment.

– 🤝 How US and Nigerian compliance programs can learn from each other.

Resources:

Adeyinka Adejugbe on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.