Categories
Creativity and Compliance

Creativity and Compliance: Compliance 6-Pack: Part 6 – Make Your Partner Look Good

Tom and Ronnie conclude their six-part series highlighting the role of improv in compliance. This series links improv lessons to corporate compliance and some of the key tools and strategies Ronnie has brought from his former world of improv to the corporate compliance communications realm. In today’s Improv & Compliance Lesson 6, Tom and Ronnie conclude their series on improv lessons for compliance with “make your partner look good, and they’ll make you look good.”

Ronnie explains that improv succeeds as an ensemble art by focusing on teammates rather than competing for attention, which reduces anxiety and increases creativity; he illustrates this with a workshop exercise where legal and compliance professionals become more willing to participate once the goal is to “help your friend” in the middle. Tom connects the concept to persuasion as a key tool for chief compliance officers: adding business value and helping colleagues succeed makes compliance influence more effective. Ronnie applies this to compliance by engaging business leaders with short, simple, entertaining training and tools that make it easy to cascade ethics messages in the flow of work, increasing adoption and visibility. The episode notes that a downloadable white paper summarizing the six lessons is available.

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance is a multiple-award-winning podcast and was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
AI in Financial Services in 5 Stories

AI in Financial Services in 5 Stories – Week Ending June 19, 2026

Welcome to AI in Financial Services in 5 Stories. A practical weekly roundup of the five most important AI developments affecting banking, insurance, payments, asset management, and fintech. Each Friday, Tom Fox will break down the top stories that matter most through the lenses of compliance, risk management, governance, and business strategy. Designed for compliance professionals, executives, legal teams, and financial services leaders, it goes beyond headlines to explain why each development matters in a highly regulated industry. The result is a concise weekly briefing that helps listeners stay current on AI innovation while asking sharper questions about oversight, accountability, and trust.

This week’s stories include the following:

  1. Next era of AI-enabled banking. (FinTechGlobal)
  2. AI-first banks rewriting the rules. (BCG)
  3. AI can’t be a rainmaker. (WSJ)
  4. AI is transforming the financial services trade. (International Banker)
  5. Agentic AI transforming finance. (EY)

For more information on the use of AI in Compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Blog

The Bosch Declination: Part 1 – The DOJ’s New National Security Enforcement Playbook

The Bosch Declination is an important early marker in the Department of Justice’s new corporate enforcement architecture. It is also a practical case study in how export controls, national security compliance, voluntary self-disclosure, and remediation now intersect under the Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy. Over the next two blog posts, we will consider this Declination. Today we look at the Declination itself. In the next blog post (on Monday), we will consider the lessons for compliance professionals.

On June 17, 2026, the DOJ announced that the National Security Division had declined prosecution of Robert Bosch GmbH, resolving an investigation into an alleged scheme involving the export of products and software to an Entity-listed company in the People’s Republic of China. The Declination was reached under Part I of DOJ’s Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy, after DOJ considered the Principles of Federal Prosecution of Business Organizations. DOJ stated that Bosch promptly disclosed the misconduct to NSD, fully cooperated, and timely and appropriately remediated, with no aggravating circumstances present.

The facts are significant. The DOJ’s Declination letter states that from approximately September 2020 to September 2024, Bosch, through two non-U.S. subsidiaries, re-exported more than $70 million in foreign-produced Micro-Electro-Mechanical Systems sensor products and foreign-produced software to Huawei Technologies Co., Ltd. and its affiliates on the Entity List, including Huawei Tech. Investment Co., Ltd., Hong Kong. DOJ identified the two Bosch subsidiaries as Bosch Sensortec GmbH and ETAS GmbH. According to the DOJ, the products were provided without the required license or authorization from the Department of Commerce’s Bureau of Industry and Security, in violation of the Export Administration Regulations.

The central export control issue was the Entity List Foreign Direct Product Rule, or FDPR. The DOJ stated that BST and ETAS provided Huawei with foreign-produced items subject to the EAR under the Entity List FDPR for designated entities, without obtaining the required authorization from BIS. DOJ further found that Bosch’s trade compliance personnel were “ill-equipped” to provide accurate guidance on the FDPR. The investigation also identified ongoing sales despite several missed opportunities in which third-party companies had identified potential FDPR applications for Bosch products or equipment used in providing services. DOJ calculated that Bosch made approximately $11,430,098 in pre-tax profits from the conduct.

That fact pattern is important for compliance professionals because this was not described as a simple denied-party screening failure. It involved the intersection of foreign-produced products, U.S.-origin technology or software, non-U.S. subsidiaries, Entity List restrictions, and a rule that requires sophisticated technical, legal, and operational judgment. This is precisely the type of export control risk that can sit outside traditional compliance comfort zones. It may involve engineering data, manufacturing equipment, software lineage, product classification, third-party technical inputs, and commercial teams operating far from the United States.

The DOJ letter also makes clear that Bosch’s response mattered. DOJ stated that, after discovering the issues, Bosch conducted an internal investigation and voluntarily self-disclosed the matter to both the National Security Division’s Counterintelligence and Export Control Section and BIS. In contrast, the internal investigation was still ongoing. Bosch also remediated promptly and appropriately. The Declination letter notes that Bosch’s internal investigation uncovered numerous mistakes in applying the FDPR to Huawei sales. However, Bosch did not believe those mistakes rose to the level of willfulness required for criminal violations under the Export Control Reform Act.

The DOJ’s decision rested on four factors. First, Bosch made a timely and voluntary self-disclosure. Second, Bosch cooperated, including by disclosing relevant facts, preserving, collecting, and producing documents and information, and promptly responding to NSD requests. Third, Bosch remediated, including through organizational changes, adding 66 employees to its trade compliance organization, expanding U.S. trade compliance resources, and updating policies and procedures to provide clearer guidance on U.S. export control jurisdiction and licensing requirements. Fourth, DOJ found that regulatory remedies were adequate, specifically the approximately $36 million penalty imposed by BIS for civil violations under the ECRA and EAR.

The financial terms are also instructive. The DOJ conditioned the Declination on Bosch’s agreement to disgorge $11,430,098 within thirty days. That amount represented the pre-tax profits from sales to Huawei through BST and ETAS for products for which Bosch had not obtained the required EAR authorization. DOJ agreed to credit $7,829,069 paid by Bosch to BIS in the parallel resolution against the disgorgement amount.

Law360 reported that Bosch agreed to pay $36 million to resolve allegations that it improperly exported technology products to Huawei, with the payment amount including profit disgorgement under the DOJ Declination and a penalty under the parallel BIS agreement. Law360 also reported that Bosch said the civil violations were unintentional. That, upon discovering the potential export control violations, it conducted an extensive investigation, voluntarily self-disclosed to U.S. authorities, and cooperated throughout the process.

The timing matters. The DOJ released its first Department-wide Corporate Enforcement Policy for criminal matters on March 10, 2026. That policy was designed to provide uniformity, predictability, and fairness across DOJ corporate criminal enforcement. DOJ stated that, absent certain limited aggravating circumstances, companies that voluntarily disclose discovered misconduct, cooperate, and timely and appropriately remediate may receive a declination.

The Bosch matter is also tied directly to NSD’s export control and sanctions enforcement priorities. DOJ’s March 30, 2026, NSD guidance stated that enforcing export control and sanctions laws is a top priority for NSD and that companies and employees are at the forefront of protecting U.S. national security by preventing unlawful exports of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated parties.

In that context, Bosch is not merely an export controls case. It is the first public example of how NSD will apply the new Department-wide CEP to a national security matter. DOJ stated that this was the first time NSD had declined to prosecute a company under the CEP.

For trade compliance professionals, the facts underscore several enforcement realities. Export control jurisdiction can attach to foreign-produced items. Non-U.S. subsidiaries can create U.S. enforcement exposure. Entity List designations require more than customer screening. FDPR analysis must be integrated into product classification, sales review, engineering support, and third-party risk management. A compliance program that lacks the technical competency to interpret the rule can fail even when employees are trying to comply.

This is where the facts become the enforcement message. DOJ did not say Bosch had no compliance program. The DOJ said the relevant personnel were ill-equipped on a critical rule and that third-party warning signs were missed. In other words, the issue was not simply whether the company had a trade compliance function. The issue was whether that function had the expertise, authority, resources, and escalation mechanisms to identify and stop sales governed by complex national security controls.

The Bosch Declination also shows that voluntary self-disclosure continues to have real value, but only when paired with cooperation and remediation. DOJ did not reward disclosure alone. It credited Bosch for preserving and producing facts, responding promptly, making organizational changes, expanding resources, adding personnel, strengthening policies, accepting disgorgement, and resolving the civil matter with BIS.

That is the factual landscape. On Monday, we will turn from the facts to the lessons. For CCOs, Bosch is not simply a trade compliance resolution. It is a case study in what DOJ expects from compliance governance, internal controls, resources, remediation, and board oversight when national security risk moves from theoretical to real.

Categories
Blog

Compliance in a Time Warp: Compliance Lessons from Star Trek’s Tomorrow Is Yesterday

Show Summary

In the ever-expanding universe of Star Trek: The Original Series, the episode “Tomorrow Is Yesterday” offers an unexpected bounty of insights into compliance. On its surface, the story is a classic time-travel romp: the USS Enterprise is accidentally flung back to 1960s Earth, intercepted by a U.S. Air Force jet, and must find a way to return to the 23rd century without altering the course of history. But below the sci-fi action lies a deeper commentary on responsibility, decision-making, and the unforeseen consequences of even well-intentioned actions, making it a surprising compliance masterclass in disguise.

As compliance professionals, we often deal with risks not just of what is known but of what could happen: the unknown impact of an overlooked third-party relationship, a lack of controls in an emerging market, or a cultural blind spot that results in reputational fallout. In “Tomorrow Is Yesterday,” the crew must tread carefully to avoid disrupting the timeline, and in doing so, they offer lessons on ethics, documentation, information handling, and more. Let’s break it down: each lesson begins with a scene from the episode, followed by a compliance insight that today’s professionals can apply.

Lesson 1: Every Action Has Ripple Effects

Illustrated By: When the Enterprise accidentally ends up in the Earth’s atmosphere in the 1960s, it is detected by U.S. military radar. An Air Force pilot, Captain Christopher, is scrambled to intercept. The crew beams him aboard to save his life when his aircraft is destroyed—but now, they’ve interfered with the timeline.

Compliance Lesson:

This scene serves as a powerful reminder that even minor actions can have significant consequences when not carefully considered. In compliance, well-meaning decisions made under pressure, such as rushing a vendor through onboarding or bypassing standard procedures to hit a deadline, can trigger cascading problems. A missing due diligence step today might become tomorrow’s enforcement action.

The key takeaway is that compliance must always be mindful of unintended consequences. Strong controls and decision-making frameworks help teams slow down just enough to assess risks before acting. Preventing compliance failures often comes down to building in that pause, the moment of reflection before action.

Lesson 2: Do not Underestimate the Importance of Containment

Illustrated by Captain Christopher, who now knows too much. He’s seen a starship, spoken with its crew, and witnessed 23rd-century technology. Spock warns that releasing him could change the course of Earth’s future. The crew must now decide whether to detain him, erase his memory, or seek an alternative solution.

Compliance Lesson:

When sensitive information is accidentally exposed, whether it is confidential business data, personal employee details, or insider information, containment becomes the first and most crucial response step. Like the Enterprise crew managing the fallout of their accidental encounter, compliance professionals must act quickly and decisively to limit exposure.

This lesson is especially critical in the era of data privacy regulations such as the GDPR and the CCPA. Companies must have protocols in place to isolate breaches, report them within the required timeframes, and prevent further spread. Your compliance team should conduct tabletop exercises that simulate this kind of scenario, in which exposure has already occurred, and the focus is on mitigating the damage.

Lesson 3: Documentation and Traceability Are Critical

Illustrated by: As the crew works to reverse their time jump, they must carefully reconstruct a plan to erase all evidence of their presence in the past. They go so far as to recover physical recordings and tamper with computer logs to restore the timeline to its original state.

Compliance Lesson:

This scene underscores the importance of meticulous recordkeeping. While the Enterprise crew is in a rare situation of removing data for the good of the universe, in the corporate world, proper documentation is essential to ensure traceability, accountability, and auditability. Without documentation, there is no proof of process, no evidence of decisions, and no way to defend against accusations or demonstrate compliance.

Whether you are conducting due diligence, implementing a policy, or investigating a report, thorough documentation serves as the foundation of defensible compliance. Ensure that every step is captured, from the decision to engage a third party to the delivery and recording of employee training.

Lesson 4: Ethics Must Guide Decision-Making Under Uncertainty

Illustrated By: Faced with conflicting outcomes, if they return Captain Christopher to Earth, he may reveal classified knowledge; if they don’t, they alter his family line. Kirk and Spock must weigh ethical considerations against practical risks. Ultimately, they learn that Christopher’s unborn son will become pivotal to Earth’s future space exploration, so they must return him.

Compliance Lesson:

When policies do not offer a clear answer, ethical judgment must guide your decision-making. In many situations, especially those involving gray areas or new technologies, compliance teams are left to interpret principles rather than rules. That’s where a well-structured code of ethics becomes essential.

Training should teach employees not only what the law says but also how to apply ethical reasoning when no single option is perfect. Ethical leadership, modeled by those at the top, also reinforces that it’s not just about staying within bounds but rather about doing the right thing even when the stakes are high.

Lesson 5: Cross-Functional Collaboration Enhances Compliance Outcomes

Illustrated By: To return to their time and restore the timeline, the crew must coordinate multiple systems across engineering, science, navigation, and command. Mr. Scott recalibrates the engines, Spock calculates gravitational trajectories, and Sulu pilots the ship at precisely the right moment.

Compliance Lesson:

Compliance cannot operate in a silo. Like the crew of the Enterprise, compliance teams must work across various departments—such as legal, IT, HR, operations, and more—to execute effective risk mitigation. Whether you’re launching a third-party review process, addressing a whistleblower complaint, or updating privacy policies, your success depends on collaboration.

This involves building trust, facilitating effective communication, and aligning incentives across various functions. Consider forming cross-functional compliance working groups to stay informed about emerging risks and ensure shared ownership of compliance outcomes.

Lesson 6: Time Is of the Essence

Illustrated By: As the Earth’s gravitational pull begins to reassert itself, the Enterprise must execute its time-warp escape with split-second precision. A single delay could strand them in the 20th century or, worse, destroy the ship.

Compliance Lesson:

Timing can be the difference between a manageable issue and a full-blown crisis. Regulatory deadlines, investigation windows, and breach notification requirements all operate on strict timelines. Compliance professionals must be equipped to respond swiftly and decisively, particularly in crises.

Establishing a rapid-response protocol with clearly defined roles and pre-approved escalation paths is critical. Regularly review these protocols through simulated drills and update them based on lessons learned from real-world experiences. Like the crew navigating their return through time, your team must be prepared to act quickly when risk strikes.

Conclusion: Compliance for the Future—Rooted in Responsibility

“Tomorrow Is Yesterday” reminds us that ethical conduct isn’t just about navigating today’s rules but also about understanding the impact of our actions on tomorrow. For the crew of the Enterprise, that meant carefully extracting themselves from history without doing damage. For compliance professionals, it means building systems and cultures that consider not only legal obligations but also ethical consequences, unintended impacts, and the interconnectedness of our global environment.

In an era of accelerating technology, geopolitical shifts, and complex regulatory changes, these lessons are more relevant than ever. Whether it’s responding to a data breach, managing an FCPA risk, or updating your training protocols, ask yourself, “What ripple effects could this create? Are we prepared? Are we acting with integrity? ”

To boldly go where no compliance program has gone before, we must learn from the past, act responsibly in the present, and remain ever-mindful of the future. So, let’s not just manage compliance—let’s lead it ethically, collaboratively, and with a focus on the future.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: June 18, 2026, For Whom Tolls the Bell Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Ex-Nigerian oil minister acquitted of corruption. (Reuters)
  • Prediction markets to take company bets. (NYT)
  • A picture of cigars. Does the penalty fit the crime? (WSJ)
  • Who will toll the Straits of Hormuz? (Reuters)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
It's art

It’s Art, Let’s Talk About It: Darrell Beauchamp on Cliff Cavin Landscapes, Emerging Artists, and Upcoming Exhibits

The Museum of Western Art is dedicated to excellence in the collection, preservation, and promotion of Western Heritage and the education and cultural enrichment of our diverse audiences. The Museum serves as a bridge between the past and the present, ensuring that the legacy of the American West will be preserved for the future. Western Art is as engaging and important as ever. In this award-winning podcast series, Museum Executive Director Darrell Beauchamp is interviewed by Tom Fox to discuss the Museum’s current exhibit featuring well-known landscape artist Cliff Caven.

Beauchamp discusses the Museum’s current exhibit, “Cliff Cavin: Journeys of a Lifetime,” featuring 54 new landscape paintings by Seguin-based artist Cliff Cavin, displayed across two galleries, and launched with a reception attended by nearly 100 people. Beecham also reflects on the Museum’s April Roundup, highlighting 19-year-old award winners Eliza Hoffman (Patron’s Choice) and Nathaniel Garza (Director’s Choice), including Garza’s donated painting “The Witness,” inspired by the July 4 flooding, now in the permanent collection. They discuss how digital platforms expand market access for younger artists, why sales announcements are emotional for artists, and Kevin MacPherson’s influence as a teacher. Beauchamp previews upcoming exhibits by Adrienne Stein, Bill Kalwick, and Eric Slocombe, and notes the community impact of the museum’s remembrance garden. Visitor details and website are provided.

Resources

Museum of Western Art

Darrell Beauchamp on LinkedIn

Categories
Kerr250 Podcast

The Kerr250 Podcast: The MOWA Kerr 250 Flag Display: Sponsorship, Operations, and Community Engagement

Kerr250 is a community-focused podcast dedicated to celebrating America’s 250th birthday through the people, businesses, traditions, and events of Kerr County. As our nation marks this historic anniversary on July 4, 2026, Kerr250 will highlight the local celebrations and community efforts that bring this milestone to life. Each episode will feature conversations with local leaders, business owners, organizers, volunteers, and proud citizens who are helping make Kerr County a vibrant part of this national moment. The podcast will explore how history, patriotism, service, and community pride come together in one county that believes America’s strength has always come from its people. Kerr250 is where Kerr County honors the past, celebrates the present, and helps inspire the future.

In this episode, Tom Fox visits with the Museum of Western Art Executive Director, Darrell Beauchamp, on the Museum’s trip to America’s birthday with its flag display.

Beauchamp describes a flag display launched in late April and scheduled to run through September 13 as a contribution to the Kerr 250/America 250 effort led locally by Nancy Foster. The installation includes all 50 state flags plus an additional Minnesota flag to accommodate differing preferences; 27 historical versions of the U.S. flag through the 50th; several Texas flags; two 50-star flags flown over the state and U.S. capitols; and Kerr 250 flags, creating a patriotic driveway experience. Community members sponsor flags for personal reasons such as honoring family, home states, where they met a spouse, or past duty stations; most state flags and about 20 U.S. history flags have been sponsored. The project involves material and installation costs, uses solar lighting for nighttime illumination, requires periodic maintenance after high winds, and has experienced no theft or damage.

Highlights include:

  • Why There Are 51 State Flags
  • Historic US Flags Lineup
  • Personal Flag Sponsorships
  • Solar Lighting At Night

Resources:

Kerr250 website

MOWA

Categories
AI Today in 5

AI Today in 5: June 18, 2026, The Top 100 Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Top 100 firms in AI and fintech. (FinTechGlobal)
  2. Bernie wants to give the public ownership of AI. (AP News)
  3. Compliance lessons for AI and debt collection. (ACA International)
  4. On the need for civil rights audit rights in federal AI programs. (PA Times)
  5. State Farm bets on AI. (PYMNTS)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on ⁠Amazon.com⁠.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on ⁠Amazon.com⁠.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 18 – Arena and Lessons in Cross-Cultural Compliance

Show Summary

One of the most potent aspects of compliance leadership is its profound connection with broader lessons drawn from seemingly unrelated sources. Few are as richly instructive as the original Star Trek series. Today, let’s boldly explore an insightful compliance case study from the iconic episode “Arena.” This episode illustrates the immense value of cross-cultural understanding and effective intercultural compliance strategies. Here are the cross-cultural compliance lessons that corporate compliance professionals can derive from this gripping tale.

Key highlights:

1. Avoiding Misinterpretation through Cultural Empathy Scene from “Arena”

Illustrated by Captain Kirk, consumed by the destruction of the Federation outpost at Cestus III, immediately assumes malevolent intent.

Compliance professionals must recognize their inherent biases and strive for deeper cultural understanding, particularly when operating internationally. Rather than jumping to conclusions, compliance leaders should rigorously question their assumptions, investigate thoroughly, and engage in respectful dialogues with international counterparts.

2. Communication and Mutual Understanding

Illustrated By: Initially driven by anger and mistrust, Kirk ultimately realizes—through observing and assessing the Gorn’s motivations and behavior—that the Gorn believed they were acting in legitimate self-defense, perceiving the Federation outpost as a threat.

This realization highlights the vital importance of clear and transparent communication in fostering mutual understanding. Compliance officers navigating multinational operations must ensure effective communication channels and clear articulation of company values, expectations, and regulatory requirements across cultural divides.

3. Respectful Negotiation as a Foundation for Resolution

Illustrated By: In the episode’s finale, rather than taking advantage of a vulnerable and incapacitated Gorn captain, Kirk refuses to deliver a lethal blow.

Compliance leaders should employ collaborative negotiation techniques, prioritize understanding diverse perspectives, and demonstrate respect for local customs and regulatory norms. Such respectful negotiation not only resolves immediate issues but also establishes lasting trust and collaborative relationships that strengthen global compliance initiatives.

4. Continuous Learning and Adaptability in Cultural Contexts

Illustrated By: Throughout the battle, Kirk learns from his environment, adapting his strategies to the unique circumstances imposed by the Metrons’ forced confrontation. His ability to adapt and learn continuously becomes his greatest asset.

Compliance professionals must also embrace continuous learning and adaptability, particularly in diverse cultural contexts. Successful compliance officers cultivate adaptability by actively engaging with local teams to gain nuanced insights.

5. Leveraging Cultural Differences as Opportunities

Illustrated by the fact that, although initially viewed as monstrous and hostile, the Gorn prove to be strategic, thoughtful, and capable.

Compliance officers who leverage cultural differences constructively build stronger, more resilient, and truly global compliance frameworks.

6. Cross-Cultural Leadership Drives Ethical Behavior

Illustrated by Kirk’s ultimate refusal to kill the defenseless Gorn, ethical leadership inspires respect even among the observing Metrons.

Visible ethical leadership encourages teams worldwide to consistently adopt and maintain compliance and moral behavior.

Final ComplianceLog Reflections

The cross-cultural lessons from Star Trek’s “Arena” vividly illustrate essential compliance principles for the contemporary global organization. Compliance leaders must cultivate cultural empathy, maintain clear communication, negotiate respectfully, demonstrate adaptability, positively capitalize on cultural diversity, and exemplify ethical cross-cultural leadership. Just as Captain Kirk learned to move beyond initial assumptions toward a more profound understanding, compliance professionals can significantly enhance their effectiveness by applying these timeless lessons.

By adopting these culturally intelligent compliance practices, organizations not only ensure regulatory adherence but also significantly enrich their internal culture and ethical stature. Let us commit to boldly going forward, embracing cross-cultural intelligence and empathy as the cornerstones of effective global compliance strategies.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Timothy and Fiona are AI-generated voices.

Categories
Blog

When Employees Are Drowning in Compliance Change

Compliance professionals know the drill. A new policy is issued. A new training module goes live. A new third-party platform is rolled out. A new AI use standard is announced. A new M&A integration plan hits the field. A new sanctions update requires immediate attention. Each initiative may be defensible on its own. Taken together, they can overwhelm the very employees the compliance program depends upon.

That is the central compliance lesson from David Grossman’s MIT Sloan Management Review article, “When Employees Are Drowning in Change.” Grossman argues that effective leaders do not simply manage change; they manage how people experience change. His article identifies three disciplines that matter: make dialogue nonnegotiable, align leaders around a shared change narrative, and sequence change with employee capacity in mind. For compliance professionals, this is not merely a communications issue. It is a program effectiveness issue.

The DOJ’s Evaluation of Corporate Compliance Programs (ECCP) asks three core questions: Is the program well designed? Is it adequately resourced and empowered? Does it work in practice? The DOJ also makes clear that prosecutors look at whether compliance policies, training, reporting lines, incentives, discipline, and controls are integrated into the company’s operations and workforce. That means a compliance change that employees cannot absorb is not fully implemented. It may exist in a slide deck, an LMS platform, a policy portal, or a board report. But if it does not change behavior, it is not yet operating as a control.

Compliance Fatigue Is a Real Risk

Compliance professionals often think about risk in categories: anti-corruption, sanctions, fraud, conflicts, privacy, cybersecurity, antitrust, money laundering, books and records, and now AI governance. Employees do not experience risk in neat categories. They experience messages, requirements, approvals, certifications, controls, deadlines, and consequences.

That distinction matters. A sales manager may receive anti-bribery training, a gifts-and-hospitality update, a new distributor due diligence process, a revised approval matrix, an AI acceptable use notice, and a speak-up campaign in the same quarter. Compliance may see six separate risk-based initiatives. The employee sees a wall of instructions.

When that happens, the program creates noise. Employees may technically complete training but not internalize it. They may certify to policies but not understand how to apply them. They may attend a town hall but not know what has changed in their daily work. Worse, they may stop asking questions because the system feels too heavy to navigate. That is where Grossman’s change management lessons become directly relevant to the Chief Compliance Officer and the compliance team.

Make Dialogue a Compliance Control

The first discipline is dialogue. In compliance, dialogue should not be treated as a courtesy or a soft engagement tool. It is a control input.

The ECCP asks whether training and communications are tailored to the audience’s size, sophistication, subject matter expertise, needs, interests, and values. It also asks whether employees can ask questions arising out of training and whether the company measures training effectiveness, engagement, learning, and behavioral impact. This is a direct invitation for compliance teams to move beyond “push” communications. A one-way compliance rollout looks like this: publish the policy, assign the training, send three reminder emails, track completion, and report 98% completion to leadership.

A better model looks like this: identify the affected employee groups, ask where the new requirement will create friction, test the message with managers, build scenarios from real operational issues, provide a practical decision tool, hold short Q&A sessions, track questions and exceptions, and adjust the rollout based on what employees tell you.

Dialogue also requires closing the loop. When employees raise concerns about a new control, compliance does not have to accept every suggestion. But it should explain what it heard, what it changed, and what it could not change. Silence breeds skepticism. In compliance, skepticism becomes a workaround.

Build One Compliance Change Narrative

Grossman’s second discipline is alignment around a shared change narrative. This may be the most underused tool in the compliance function. Compliance teams frequently communicate in fragments. Legal explains the law. Compliance explains the policy. Internal audit explains control gaps. HR explains discipline. IT explains system access. Procurement explains third-party onboarding. Finance explains approval requirements. Each message may be accurate. Together, they may feel disconnected.

A compliance change narrative answers four practical questions:

  • Where have we been?
  • Where are we today?
  • Where are we going?
  • What must employees do differently?

For example, an AI governance rollout should not begin with a policy citation. It should begin with the business reality: employees are already using AI tools; the company wants innovation; customer and confidential information must be protected; decisions must remain accountable; and the company needs a consistent control framework. Then the compliance team can explain the required behavior: approved tools, prohibited uses, human review, data restrictions, escalation points, and monitoring.

This is also where middle management becomes essential. The DOJ expects senior leaders to communicate ethical standards clearly and demonstrate adherence by example. It also asks how middle management reinforces those standards and encourages employees to abide by them. In practice, employees often take their cues not from the CCO but from their direct supervisor. If the supervisor treats a new compliance requirement as administrative noise, the employee will do the same. Before any significant program change, compliance should align leaders on the story. Not a script. A shared narrative. What risk are we addressing? Why now? What will be easier? What will be harder? What support will employees receive? What does good look like?

Sequence Change With Capacity in Mind

The third discipline is sequencing. This is where compliance teams can create immediate business value. Grossman’s article notes that organizations often fail not because they are doing too much, but because they are doing too much at the same time without discipline. Compliance is vulnerable to this problem because every risk owner believes their initiative is urgent. The answer is not to do less compliance. The answer is to sequence compliance change with the same rigor applied to capital projects, technology rollouts, or major business transformations.

A mature compliance function should maintain a compliance change calendar. It should show what is hitting which employee population, when, and why. It should identify collision points. It should distinguish regulatory deadlines from preferred deadlines. It should flag high-risk groups that are already carrying heavy control burdens, such as sales, procurement, finance, logistics, government affairs, and third-party management teams.

The ECCP supports this risk-based discipline. Prosecutors ask whether the company deploys compliance resources in a risk-based manner, whether risk assessments are current, and whether updates to policies, procedures, and controls reflect lessons learned and evolving risks. Sequencing is part of that risk-based resource allocation. It is how compliance protects both the business and the control environment.

This is especially important in M&A integration. After closing, compliance must integrate codes, policies, hotline access, third-party controls, financial controls, training, investigation protocols, and audit plans. The DOJ specifically asks about the post-transaction compliance program, compliance oversight of the new business, incorporation into risk assessments, and post-acquisition audits. If compliance imposes all requirements on the acquired business at once, it may create both formal coverage and practical confusion. A sequenced plan gives employees a path from old expectations to new standards.

Measure Whether the Change Landed

Completion rates are not enough. Certifications are not enough. Attendance is not enough. The ECCP asks whether the program works in practice, whether it evolves, whether the company uses data to assess the program’s effectiveness, and whether it measures culture and seeks input from all levels of the organization. That means compliance change management must be measurable.

For training and communication, useful measures include questions asked, policy search data, guidance requests, hotline and speak-up trends, control exceptions, approval delays, audit findings, investigation themes, manager feedback, and pulse survey results. The issue is not simply whether employees received the message. The issue is whether they understood it, trusted it, and used it.

This is the practical bridge between Grossman’s article and the ECCP. Change management is not separate from the effectiveness of the compliance program. It is how effectiveness is achieved.

Practical Takeaways

  1. Create a compliance change inventory. List every major policy, training, system, control, campaign, certification, and reporting change scheduled for the next two quarters.
  2. Map the impact by employee group. Identify who is being asked to absorb the most change and whether those employees sit in high-risk roles.
  3. Require a change narrative for every significant rollout. The narrative should explain the risk, the business rationale, the required behavior, and the available support.
  4. Build dialogue into the process. Use listening sessions, manager huddles, Q&A channels, post-training feedback, and office hours. Then close the loop.
  5. Sequence based on risk and capacity. Not every compliance initiative can be first. Prioritize what is legally required, what addresses the highest risk, and what enables other controls to work.
  6. Measure behavior, not just delivery. Report to leadership on whether the change landed in the business, not merely whether the email was sent or the training was completed.

The compliance lesson is clear. Employees do not fail to follow compliance programs only because they lack information. Sometimes they fail because the organization has given them too much change, too little context, and no practical path to execution. A better compliance program does not simply say more. It listens better, aligns better, sequences better, and measures whether the business can actually do what compliance has asked.