Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest, all relevant to the compliance professional.
Top compliance stories:
We’re back with another GWIC x EC crossover episode. Today, we have the quartet of Great Women in Compliance of Kristy Grant-Hart, Karen Moore, Lisa Fine, and Hemma Lomax.
The GWIC quartet discusses various intriguing topics related to compliance. Lisa Fine kicks off the conversation by discussing the new ‘failure to prevent fraud’ guidance in the UK, which places greater responsibility on companies to avoid engaging in fraud. The group delves into the implications of this law and its extraterritorial elements. Hemma Lomax shifts the conversation to changes in the False Claims Act in the US, highlighting its expanded use beyond fraudulent billing to areas like cybersecurity and diversity obligations. Karen Moore introduces the innovative ‘Karma’ rewards system by Revolut Bank in the UK, which incentivizes compliance behaviors through team performance multipliers. Kristy Grant-Hart wraps up with a fascinating discussion on AI, touching on AI’s potential as a whistleblower and whether AI could attain employment rights if it becomes sentient. They conclude by sharing their rants and raves, offering insights on topics ranging from the importance of local theaters to women’s leadership in compliance.
Join the Great Women in Compliance community on LinkedIn here.
Show Summary
Star Trek has consistently excelled at blending imaginative storytelling with deeply reflective, ethical, and compliance lessons. In the episode “This Side of Paradise,” Captain Kirk and the crew of the USS Enterprise visit a colony thought to be lost, only to discover colonists who appear unnaturally happy and content due to the influence of strange alien spores. These spores eliminate negative emotions and ambition, creating an illusion of paradise. However, beneath the serene surface lies an unsettling truth, one that reveals significant lessons for corporate compliance professionals. Here are five key lessons.
Lesson 1: The Danger of Complacency
Illustrated By: Upon their arrival, Captain Kirk and his crew are astonished at how content and relaxed the colonists appear, lacking any sense of urgency or purpose beyond their immediate happiness. The spores create an environment devoid of ambition or challenge.
Compliance Lesson: Complacency is a significant risk in corporate compliance. When companies become too comfortable, essential controls can slip, leaving vulnerabilities unnoticed. Regularly scheduled compliance audits and continual education programs keep organizations vigilant, proactive, and adaptable to regulatory shifts and evolving risks. Compliance professionals must foster an environment that constantly challenges complacency, encouraging active questioning and continual improvement.
Lesson 2: Understanding the Real Nature of Risks
Illustrated by Spock, affected by the spores, embracing an emotional side long repressed, initially finding joy and peace. Yet, Kirk soon realizes that beneath the artificial happiness lies a dangerous stagnation and lack of progress.
Compliance Lesson: Not all risks are immediately apparent. Compliance officers must develop comprehensive risk assessment processes that look beneath surface-level compliance indicators. In-depth analyses should consider potential indirect impacts and hidden dangers within seemingly benign situations. Organizations benefit significantly from continuously evolving their risk management strategies, remaining alert to subtler, systemic issues that can be more damaging than obvious violations.
Lesson 3: The Critical Importance of Culture
Illustrated By: Despite being seduced by the spores’ false paradise, Captain Kirk resists their influence due to his strong commitment to duty and mission, illustrating his deeply embedded professional and personal integrity.
Compliance Lesson: A robust compliance culture is vital in resisting unethical temptations. Organizations that foster strong ethical values and clearly defined principles are better equipped to withstand pressures and challenges. Compliance officers should promote integrity as a foundational corporate value, embedding it deeply within organizational practices. Culture-building initiatives, training programs, and leadership modeling are instrumental in cultivating resilient and ethical business environments.
Lesson 4: The Necessity of Clear and Effective Communication
Illustrated by: Kirk ultimately defeats the spores by broadcasting an emotionally charged message that disrupts their tranquilizing effects, restoring awareness and rational thinking to the affected crew.
Compliance Lesson: Effective communication is fundamental to a successful compliance program. Compliance officers must clearly articulate expectations, rules, and regulations through targeted and impactful messaging. Open, transparent, and frequent communication helps ensure that all team members clearly understand their roles and responsibilities. Regular updates, engaging training materials, and accessible compliance resources enhance the effectiveness of compliance communication, reducing misunderstandings and promoting transparency.
Lesson 5: Resilience in the Face of Adversity
Illustrated By: After breaking the spores’ influence, the crew members realize the illusory nature of their paradise and recommit themselves to their mission and responsibilities, emerging stronger and more focused.
Compliance Lesson: Organizations must develop resilience to respond effectively to compliance setbacks and regulatory challenges. Encouraging resilience involves preparing for potential compliance breaches with robust response plans, clear accountability structures, and lessons-learned reviews. Compliance officers play a pivotal role in guiding organizations through crises, ensuring that lessons are integrated into future operations, and strengthening the company’s overall compliance posture.
Final ComplianceLog Reflections
Star Trek’s “This Side of Paradise” offers a vivid metaphor for corporate compliance professionals, illustrating the dangers lurking within complacency, the hidden nature of certain risks, and the powerful influence of a well-embedded compliance culture. By emphasizing proactive vigilance, thorough risk assessments, robust communication, and organizational resilience, compliance leaders can steer their companies clear of deceptively comfortable but ultimately harmful situations. Like Captain Kirk, compliance professionals must boldly confront challenges, keeping the integrity and commitment central to their mission and ensuring sustainable and ethical organizational success.
Resources:
In recent weeks, the spotlight has again intensified on The Boeing Company, following a provocative motion filed by families of victims from the tragic 737 Max crashes. They have petitioned a Texas federal judge to appoint a special prosecutor in Boeing’s criminal conspiracy case, arguing fervently against the Department of Justice’s recent Non-Prosecution Agreement (NPA) with Boeing. At stake is not merely corporate accountability but, fundamentally, the integrity of our justice system itself. If all a company is required to do under the Department of Justice (DOJ) is throw money at a series of problems, there will never be true reform.
Yesterday, I began a two-part look at the current set of issues raised in the DOJ capitulation to Boeing, its ignoring of the families of the crash victims, and its complete lack of holding Boeing accountable beyond financial penalties. Today, I want to conclude this short series by proposing a path forward that helps to ameliorate the rights of the parties as well as all the other stakeholders involved in this Boeing imbroglio.
For reasons that are not articulated, the DOJ has dropped its requirement for an Independent Corporate Monitor to oversee the overhaul of culture at Boeing, instead allowing a Boeing-hired compliance consultant to be part of the process. This is wholly insufficient as it requires zero transparency for any of the key parties to the litigation: the families of the victims of the 737 MAX crashes, the Court, and even the DOJ itself. Indeed, the DOJ did not even consult with the families of the victims, as it was reported that the DOJ gave them one day’s notice that it was going to provide Boeing with a Non-Prosecution Agreement (NPA) with no Independent Compliance Monitor.
The significance of an Independent Compliance Monitor tasked with overseeing Boeing’s adherence to compliance and safety protocols over the next three years cannot be overstated. The role of an Independent Compliance Monitor in this case should be expansive. Beyond traditional compliance responsibilities, such as policies, procedures, internal controls, and training, the Independent Compliance Monitor should also address anti-fraud measures, safety, and quality assurance/control (QA/QC) issues. This broader remit is essential, given the systemic failures at Boeing that contributed to the 737 MAX disasters. (Looming, of course, is the 787 Dreamliner crash in India.)
The DOJ previously found disturbing lapses in Boeing’s safety and quality records. It is unclear whether the DOJ has revised these findings in light of its proposed NPA. Boeing employees reported feeling pressured to prioritize productivity and financial performance over safety and quality, a cultural flaw that contributed to the compliance breaches. This pressure led to out-of-sequence work, poor record-keeping, and inadequate safety audits, all of which are indicative of a deeper systemic problem.
Addressing these issues requires a comprehensive culture-focused approach. An Independent Compliance Monitor must not only enforce existing standards but also foster a culture of integrity and transparency within Boeing. This involves ensuring that employees can report concerns without fear of retaliation and that safety protocols are rigorously followed and documented.
The families of the crash victims are not mere bystanders in this process. They have voiced strong objections to this NPA, particularly its leniency and the lack of accountability for senior executives, as well as for any future actions by Boeing. They argue that the NPA exonerates those responsible for the safety lapses. This concern resonates with many compliance professionals who advocate for robust accountability at all levels of an organization.
In light of the unique facts and procedural history of this matter, judicial oversight will be crucial in ensuring that an Independent Compliance Monitor leads to genuine remediation. Transparency is a cornerstone of effective compliance and accountability, and its absence could undermine the entire process.
This is where the District Court should step in and appoint a Special Master to act as an Independent Compliance Monitor. Under the Federal Rules of Procedure, a District Court can appoint a Special Master to monitor compliance with court orders or settlement agreements. This can be especially useful in cases where the parties have a history of noncompliance or need ongoing oversight. The appointment of a Special Master is a powerful option for this specific fact pattern.
For Boeing to restore its reputation and regain public trust, it must go beyond the minimum requirements of the NPA. This involves a commitment to comprehensive remediation, encompassing cultural change, structural reforms, and rigorous enforcement of safety and compliance standards. All done with transparency.
A Special Master’s remit would be a step in the right direction, but it must be accompanied by genuine transparency and accountability. This includes involving the victims’ families in meaningful ways, such as through regular updates and consultations, and ensuring that their concerns are addressed substantively. In other words, transparency.
The Boeing case serves as a stark reminder of the critical importance of compliance, transparency, and accountability in the corporate world. It highlights the devastating consequences of systemic failures and the urgent need for robust oversight mechanisms. As compliance professionals, we must advocate for comprehensive and transparent processes that ensure not only compliance with legal standards but also the fostering of a culture of integrity and responsibility.
Ultimately, true remediation and accountability are in the best interests of all stakeholders, from the victims’ families seeking justice to the company itself, which strives to rebuild its reputation and restore public trust. The DOJ has completely abrogated its role in this moving forward. However, the District Court can facilitate this process by appointing a Special Master who can act as an Independent Compliance Monitor.
The path forward is clear: there must be a firm commitment to rigorous compliance, transparent practices, and a culture that prioritizes safety and integrity above all else. However, this must be accompanied by independent oversight. If the DOJ does not wish to assume this role, the District Court should consider appointing a Special Master. Only then can it hope to move beyond the shadows of the 737 MAX scandal and emerge as a leader in the aviation industry once again.
In recent weeks, the spotlight has again intensified on The Boeing Company, following a provocative motion filed by families of victims from the tragic 737 Max crashes. They have petitioned a Texas federal judge to appoint a special prosecutor in Boeing’s criminal conspiracy case, arguing fervently against the Department of Justice’s recent Non-Prosecution Agreement (NPA) with Boeing. At stake is not merely corporate accountability but, fundamentally, the integrity of our justice system itself. Today, I begin a two-part look at the current set of issues raised in the DOJ capitulation to Boeing, its ignoring of the families of the crash victims, and its complete lack of holding Boeing accountable beyond financial penalties.
The victims’ families and the general flying public represent crucial stakeholders who deserve answers, accountability, and assurances of safety. Disturbingly, the DOJ’s actions appear dismissive of these stakeholders. This lack of consideration significantly undermines public confidence in Boeing and the effectiveness of regulatory enforcement.
The victims’ families seek accountability, including criminal charges for executives, strict compliance oversight, and transparency to prevent future disasters. Instead, they have received a diminished settlement and an opaque independent consultant, leaving them rightly skeptical and outraged, all of which occurred without any meaningful consultation with the DOJ. At its core, the families argue, the DOJ’s latest move sets a hazardous precedent, allowing corporations essentially to circumvent accountability through financial settlements and carefully crafted agreements.
The current controversy revolves around the DOJ’s decision to dismiss a conspiracy charge under the conditions outlined in the $1.1 billion NPA. This agreement, critics assert, permits Boeing to effectively “buy its way out of a criminal conviction,” marking a disturbing shift in how corporate criminal cases might be handled going forward.
The families’ legal representatives have raised compelling arguments about why the NPA represents a perilous deviation from standard judicial procedures. Specifically, their motion asserts that the NPA dangerously erodes the separation of powers by attempting to bypass the judicial review requirement mandated by the Federal Rule of Criminal Procedure 48(a). Such maneuvering, the families contend, could become a worrying precedent that effectively creates a new branch of governmental power, immune to the checks and balances essential to American governance.
Moreover, this case highlights critical issues surrounding the Crime Victims’ Rights Act (CVRA), legislation designed to ensure victims and their families are treated fairly throughout judicial proceedings. The families argue passionately that the NPA, in its current form, diminishes their statutory rights and sidesteps meaningful accountability, thus undermining the broader principles of justice.
Equally concerning is Boeing’s historical engagement with DOJ agreements. Initially, under a Deferred Prosecution Agreement (DPA) brokered in 2021, Boeing pledged reforms and accepted specific responsibilities. However, a disturbing mid-air incident involving a Boeing 737 Max 9 jet in January 2024 revealed serious safety oversights and compliance deficiencies, prompting the DOJ to reexamine Boeing’s commitments. Boeing’s readiness to plead guilty evaporated swiftly when the political landscape appeared favorable, a clear indication, families argue, that the aerospace giant’s commitments were strategic rather than genuine.
This raises fundamental questions about corporate culture, accountability, and oversight. Compliance professionals everywhere must consider: What mechanisms truly ensure meaningful corporate reform? Can performative contrition substitute for authentic, monitored change?
Under the revised NPA, Boeing has agreed to pay significant fines and allocate funds to victim compensation and program enhancements for compliance. Yet notably absent from this agreement is any oversight mechanism akin to the independent compliance monitor stipulated in previous arrangements. Instead, Boeing must merely retain an independent compliance consultant, a far softer requirement and one that has rightly alarmed observers concerned with genuine reform.
From a compliance standpoint, the removal of the independent monitor provision is a clear red flag. Monitors are essential to verifying that changes implemented within a corporation are genuine, sustained, and effective. By settling for a consultant rather than an empowered, independent monitor, the DOJ is creating an environment that is ripe for surface-level reforms that fail to address deeply rooted, systemic issues.
This scenario underscores a crucial lesson for corporate compliance professionals: genuine compliance reforms cannot rely solely on internal assurances or perfunctory oversight. Rigorous external verification mechanisms are essential to ensuring that compliance efforts are meaningful, impactful, and sustained over the long term. The bottom line is that transparency is the key, and this DOJ has completely deleted any Boeing requirement for transparency in its remediation process.
Furthermore, this case illustrates the importance of judicial independence and the robust application of oversight principles. Without vigilant oversight, corporations could increasingly perceive settlements as mere financial calculations rather than genuine opportunities to recalibrate organizational ethics and compliance cultures. Compliance professionals must advocate for and implement frameworks that prioritize meaningful oversight and genuine reform.
As compliance leaders, we must recognize the far-reaching implications of the Boeing case. This case serves as a stark reminder that true corporate reform cannot be bought—it must be earned through demonstrable, monitored change. Regulators and justice departments globally must hold corporations accountable not just financially but also operationally and culturally.
The demand by the victims’ families for a special prosecutor highlights a crucial juncture. Will we endorse a system where accountability is negotiable and oversight diluted? Or will we reaffirm the essential tenets of justice, ensuring robust judicial review, stringent oversight of compliance, and genuine corporate reform?
Boeing’s future actions, closely scrutinized, will reflect its genuine commitment to change. Compliance professionals, corporate leaders, and regulators alike must take heed—reform without rigorous oversight is merely an empty promise. The integrity of corporate compliance demands far more.
Ultimately, the Boeing case offers a powerful lesson: the pursuit of meaningful corporate compliance and ethical integrity requires more than financial penalties; it demands transparency, accountability, and true oversight. For corporations, anything less risks not only reputational harm but also the profound erosion of public trust, which is essential to long-term sustainability.
Tomorrow, we will explore a court-imposed solution to this imbroglio.
Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
Today, we continue our look at the 5 COSO Objectives. Today, Number II—Risk Assessments.
For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration.
At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country’s top #Risk management professionals.
In this episode of the Risk GRC speaker series, Tom Fox talks with Vince Walden, CEO of Kona AI, about his career in compliance, fraud, and risk management. Vince discusses his passion for data analytics and details the development of a new Compliance and Transaction Monitoring platform. They explore the use of AI, particularly predictive modeling and compliance language models, to enhance risk management. Vince also shares his excitement about the recent acquisition of his company by Covasant and the future of AI-driven compliance technology. The discussion ends with anticipation for the upcoming Risk NYC conference, where Vince looks forward to networking and exchanging insights on current risk challenges.
Resources:
#RiskNYC—Tickets and Information
Vince Walden on LinkedIn
In February, the Trump Administration suspended investigations under and enforcement of the FCPA. Many compliance professionals have since wondered what this will mean for corporate compliance programs going forward. Hui Chen challenged compliance professionals with the statement, “It’s time to up your game.”
This podcast series, sponsored by Ethico and co-hosted with Ethico co-CEO Nick Gallo, hopes to meet Hui Chen’s challenge. We will discuss how compliance professionals can ‘Up Their Game’ by utilizing currently existing Generative AI (GenAI) tools to significantly enhance their compliance programs. As compliance professionals, it is critical to recognize that this moment is not merely about incremental improvements but about elevating our profession to an entirely new level of effectiveness, efficiency, and organizational value.
In this episode, hosts Tom Fox and Nick Gallo explore the revolutionary potential of AI for Speak Up Cultures by introducing risk intelligence directly into business operations. They discuss the intricacies of whistleblowing, speak-up culture, and the integral role of AI and machine learning in enhancing compliance programs. They highlight deficiencies in current systems and propose how AI can crowdsource risk intelligence at scale, improve case triage, and facilitate a collaborative environment. Key points include the importance of anonymity, efficient triage, and how AI facilitates communication with employees in their preferred settings. The discussion also explores transforming the culture of compliance into proactive risk management, ultimately driving efficiency, effectiveness, and a better corporate culture.
Key highlights:
Resources:
Upping Your Game-How Compliance and Risk Management Move to 2030 and Beyond on Amazon.com
Nick Gallo on LinkedIn
Tom Fox
Welcome to this edition of Everything Compliance, Shout-Outs, and Rants. In this episode, we have the quintet of Matt Kelly, Jonathan Marks, Jonathan Armstrong, Karen Woody, and Karen Moore. It’s all hosted by Tom Fox.
The members of Everything Compliance are:
Tom Fox, the Voice of Compliance, is the host, producer, and sometimes panelist of Everything Compliance. He can be reached at tfox@tfoxlaw.com. The award-winning Everything Compliance is part of the Compliance Podcast Network.
The episode “A Taste of Armageddon” offers a gripping narrative about two planets waging a computerized war, where casualties are “virtual” until real people are targeted for destruction by assassination teams. Beyond its science fiction thrills, this episode offers a rich canvas for compliance investigators to glean valuable insights into corporate investigations, risk management, and ethical decision-making. Today, we explore five investigative lessons drawn from “A Taste of Armageddon” that every compliance professional can apply in today’s complex corporate environment.
Lesson 1: Don’t Accept the Surface Narrative—Dig Deeper
Illustrated By: Captain Kirk and the Enterprise crew arrive at the planet Eminiar VII and are briefed on a bizarre ongoing “war” with their neighboring planet, Vendikar. They’re told the conflict is conducted entirely through computer simulations, with casualties happening only because of computer-generated attack orders. The officials claim that this system prevents physical destruction and loss of infrastructure.
Compliance Lesson: Compliance must have robust evidence-gathering protocols, document reviews, interviews, digital forensics, and whistleblower input that go beyond the polished explanations offered by senior management or external parties.
Lesson 2: Recognize When Systems Are Manipulated to Conceal Real Harm
Illustrated By: As Kirk digs deeper, he discovers that the “war” computer directs citizens of Eminiar VII to “self-destruct” (die) to simulate casualties, a brutal reality masked by the sanitized computer war facade. The computerized system is essentially a tool to hide the true human cost of conflict under the guise of civility.
Compliance Lesson: Investigators must be vigilant in identifying situations where systems, reports, or data are manipulated to conceal wrongdoing or minimize apparent risk.
Lesson 3: Challenge Institutionalized Norms When They Violate Ethics
Illustrated by: The people of Eminiar VII believe their system is rational and ethical because it avoids the destruction of infrastructure and reduces collateral damage. Yet, the human toll is real and horrific. Kirk challenges this “civilized” war system, calling out the moral bankruptcy of a process that sanctions systematic killing under bureaucratic rules.
Compliance Lesson: Investigators should be empowered to raise red flags about practices that may be “business as usual” internally but are fundamentally unethical or illegal.
Lesson 4: Collaborate Across Teams to Confront Complex Issues
Illustrated By: To expose the truth and disrupt the false war, Kirk and his crew collaborate with disillusioned Eminian officials and civilians. This cooperation allows them to understand the deeper reality and develop strategies to end the deceptive conflict.
Compliance Lesson: Investigative collaboration fosters comprehensive fact-finding, more accurate risk assessments, and the development of effective remediation strategies.
Lesson 5: Be Prepared to Disrupt Business as Usual for the Sake of Ethics
Illustrated By: Kirk’s ultimate act is to disable Eminiar VII’s computer war system, forcing the planet’s leaders to face the harsh realities of war without the illusion of sanitized casualty reports. This disrupts their entire way of life, but is necessary to restore true peace and ethical accountability.
Compliance Lesson: Compliance leaders must be prepared to recommend and implement significant changes, even if they are disruptive, to address systemic issues.
Final ComplianceLog Reflections
Star Trek’s “A Taste of Armageddon” is a compelling allegory about the dangers of complacency, obfuscation, and ethical compromise. For corporate compliance professionals, the episode provides a blueprint for rigorous, courageous, and collaborative investigations that delve beyond polished narratives to uncover uncomfortable truths.
In a business universe full of hidden risks and “virtual wars,” compliance investigations serve as a beacon guiding companies toward ethical and sustainable success. Like the crew of the Enterprise, compliance professionals must be prepared to boldly go where few dare to look and make a tangible difference in their organizations.
Resources:
