Author: Admin

Categories
Daily Compliance News

Daily Compliance News: July 8, 2025, The Learning on the Job Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top compliance stories:

  • Learning on the job is getting harder. (FT)
  • FT Ed Board weighs in on BCG scandal. (FT)
  • Leaders need to get behind AI, or else. (Business Insider)
  • The Netherlands is behind in ABC efforts. (NL Times)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

Governing Wisely: Five Corporate Governance Lessons from Star Trek’s “I, Mudd”

Who could have imagined that “I, Mudd,” a quirky, comedic episode from Star Trek: The Original Series, would offer valuable lessons in corporate governance? Yet, here we are, boldly going where no compliance blogger has gone before, using the misadventures of Captain Kirk and the enigmatic Harry Mudd to distill governance wisdom for modern compliance practitioners.

In this episode, “I, Mudd,” the Enterprise crew encounters Harry Mudd once more, stranded on a planet ruled by androids who are both obsessed with order and baffled by human irrationality. Mudd attempts to exploit the androids’ logic for his gain but soon finds himself captive to their strict interpretation of governance, leading Kirk and crew to intervene with creative tactics. Beneath the humor and hijinks lie critical corporate governance principles highly relevant to today’s compliance professionals. Let’s dive deeper.

Lesson 1: Transparency is Essential in Leadership

Illustrated By: Discovery of Harry Mudd’s True Motives and History with the Androids.

Early in the episode, Kirk and the Enterprise crew uncover that Harry Mudd has deceived both them and the androids, presenting himself falsely to hide his questionable motives. His lack of transparency ultimately erodes trust, causing tension, conflict, and misunderstandings.

In corporate governance, transparency is equally crucial. Leaders who operate without openness risk organizational distrust, inefficiency, and dysfunction. Transparent leadership is foundational in governance—it supports robust stakeholder trust, improves organizational effectiveness, and mitigates potential scandals or compliance failures.

As compliance professionals, our role includes advocating for transparent communication channels, clear decision-making processes, and openly accessible policies and procedures. Creating a corporate culture of transparency ensures that the organization remains credible and effective in meeting both regulatory requirements and stakeholder expectations.

Lesson 2: Balance Between Structure and Flexibility

Illustrated By: The Androids’ Rigid Governance Framework. The androids in “I, Mudd” operate within an inflexible, logic-driven governance structure, incapable of handling unpredictable or irrational behavior. Their strict adherence to rules, without flexibility or situational judgment, ultimately leads to their downfall, as Kirk creatively exploits their rigidity.

This episode perfectly illustrates the need for governance structures to maintain balance. Excessively rigid controls can stifle innovation, responsiveness, and organizational resilience. Conversely, too much flexibility can lead to inconsistent decision-making and compliance vulnerabilities. Compliance professionals must strive to find the optimal balance, developing corporate governance frameworks that are robust enough to ensure compliance while also being adaptable enough to meet the shifting regulatory and business environments. A well-balanced governance approach allows organizations to respond effectively to unforeseen challenges while maintaining critical controls.

Lesson 3: Importance of Ethical Leadership and Integrity

Illustrated By: Harry Mudd’s Attempts to Manipulate Android Governance. Harry Mudd’s self-serving manipulations and attempts to exploit governance structures for personal gain represent a classic example of unethical leadership. His disregard for ethical integrity generates instability and places everyone, including himself, at risk.

This scenario resonates deeply within corporate governance. Integrity and ethical behavior must underpin all governance activities. Leaders who prioritize short-term gains over ethical conduct inevitably compromise their organization’s long-term health and credibility.

Compliance professionals play a vital role in deeply embedding ethics into an organization’s culture and governance processes. Encouraging ethical leadership, providing comprehensive ethics training, and embedding ethical considerations into all governance decisions fortifies the organization’s resilience against corruption, scandals, and regulatory scrutiny.

Lesson 4: Critical Thinking and Challenging Assumptions

Illustrated By: Kirk and Crew’s Strategy to Confuse the Androids with Illogical Behavior. Perhaps the most memorable and amusing scene in “I, Mudd” occurs when Kirk and his crew use creative, illogical behaviors to disrupt the androids’ strictly logical governance system. This tactic underscores the importance of critical thinking and challenging assumptions inherent in established governance practices.

Governance Lesson. In a corporate context, governance systems sometimes become complacent, relying heavily on assumptions about internal controls, the effectiveness of risk management, and ethical conduct. Compliance leaders must encourage ongoing critical thinking, regularly challenging these assumptions to uncover vulnerabilities and weaknesses.

Regular audits, testing governance procedures through scenario planning and tabletop exercises, and encouraging critical questioning by employees help ensure governance systems remain robust, flexible, and prepared to manage emerging threats. This proactive approach safeguards organizations from complacency-induced governance failures.

Lesson 5: The Value of Diversity and Human Insight in Governance

Illustrated By: The Androids’ Failure to Comprehend Human Nuance and Individuality. In “I, Mudd,” the androids’ governance system fails primarily because they cannot appreciate human diversity, emotional intelligence, and individuality. Their failure underscores the importance of these factors in effective governance.

Governance Lesson. Corporate governance similarly benefits from diverse perspectives, experiences, and insights. Organizations overly dependent on homogeneous leadership perspectives or mechanical decision-making processes become vulnerable to blind spots, groupthink, and systemic errors.

Compliance officers must advocate vigorously for diversity across governance committees, senior management teams, and boards. Diverse perspectives, combining analytical rigor and human insight, allow governance processes to anticipate better, understand, and manage risks, regulatory requirements, and ethical considerations. Encouraging and valuing diverse voices and fostering inclusion greatly enhances organizational decision-making and governance efficacy.

Final ComplianceLog Reflections

Who could have predicted that governance wisdom would emanate so vividly from the colorful escapades aboard the Enterprise with Harry Mudd and the androids? Yet, as compliance evangelists, we learn that corporate governance principles, such as transparency, ethical leadership, balanced structures, critical thinking, and diversity, are truly timeless.

By integrating these lessons into governance practices, compliance professionals can cultivate organizations that are capable of navigating complexities, mitigating risks, and ensuring adherence to ethical and regulatory standards. As Captain Kirk and his intrepid crew demonstrate, effective governance requires clarity, adaptability, ethical strength, critical thinking, and diverse insights—qualities indispensable for addressing today’s corporate governance challenges.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

COSO’s Corporate Governance Framework: Component 3 – Culture

We continue our exploration of the recently released COSO Corporate Governance Framework (the Framework) as a Public Exposure Draft. Today, we begin a deep dive into the six individual components with a discussion of Component 3—Culture. When discussing corporate culture, we often do so in vague, inspirational terms. However, in Component 3 – Culture, the Framework culture is positioned as a measurable, manageable, and mission-critical governance function. For compliance professionals, this is not just validating; it is moving to a mandate.

In today’s risk environment, culture should not be a soft topic. Properly viewed, it is a leading indicator of whether your organization can weather disruption, comply with complex regulations, and maintain trust with stakeholders. COSO’s culture guidance transforms tone at the top into governance in action. It links behaviors to strategy, values to risk, and leadership to accountability.

What Is Culture in the COSO Framework?

COSO defines culture as “the set of shared values, attitudes, and behaviors shaped by leadership that influence how individuals act with integrity, make decisions, and respond to risk.” It is not a slogan, but how people behave when no one is watching.

The Culture Component is built around three core principles:

  1. Establish and Model Culture and Behaviors
  2. Promote Ethics, Respect, and Open Communication
  3. Assess and Adapt Culture

These principles emphasize that culture is dynamic and strategic, rather than passive or peripheral. It must be designed, led, measured, and, when necessary, corrected.

Why Culture Belongs to Compliance

Culture has long been a central component of compliance. But COSO now gives it a governance home—under the board’s oversight and executive leadership’s execution. Compliance leaders are uniquely positioned to monitor, assess, and influence culture in real time, across all levels of the organization.

Culture impacts:

  • How decisions are made.
  • Whether employees speak up;
  • How misconduct is handled.
  • Whether the strategy is executed ethically, and
  • Whether compliance programs are seen as check-the-box or mission-critical.

With COSO’s Culture Component in hand, the compliance function has the playbook, and the board has the responsibility to govern culture as seriously as they govern financial controls.

III. Five Key Lessons for Compliance Professionals

Lesson 1: Culture Starts at the Board—Help Them Set the Tone and Model the Way

Principle 11: Establish and Model Culture and Behaviors

Boards and executive management must define the desired culture and model expected behaviors in alignment with purpose, values, and strategy. They must actively reinforce ethical norms through actions, decisions, and communications.

Compliance Tip: Offer directors a quarterly culture dashboard that includes whistleblower activity, employee sentiment, training engagement, and ethics concerns. Use anonymized narratives to make the data more relatable and human. Collaborate with your board chair or lead independent director to include ethics and culture in the annual board assessment. If board behaviors contradict stated values, it’s your role to surface that constructively.

Lesson 2: Promote Ethics and Psychological Safety—So People Speak Up Before the Headlines

Principle 12: Promote Ethics, Respect, and Open Communication

Executive management, with board oversight, must foster an environment of ethical behavior, respect for diversity of thought, and open communication at all levels of the organization. This includes codes of conduct, anti-retaliation protections, and speaking-up programs.

Compliance Tip: Go beyond the hotline. Create structured opportunities for employees to raise concerns in a safe and low-friction manner, such as listening sessions, surveys, or informal feedback channels. Use data to prove psychological safety gaps. If your hotline volume is too low, if anonymous feedback is not being received, or if exit interviews reveal unspoken concerns, bring this to the board’s attention and recommend action.

Lesson 3: Culture Is Built into Systems—Integrate It into Business Processes

COSO makes it clear: culture is operational. It is not just about the value posters on the wall. It must be embedded in hiring practices, incentive structures, performance reviews, vendor relationships, and even crisis response plans.

Compliance Tip: Partner with HR and operations to integrate ethical behavior into job descriptions, bonus structures, and leadership assessments. Help managers understand how their daily decisions influence and shape the organizational culture. Audit your incentive systems. If employees are being rewarded for outcomes that conflict with your values, such as cutting corners to meet targets, that should be an evident and loud red flag. Share these insights with leadership and propose alignment strategies to enhance their effectiveness.

Lesson 4: Assess Culture with the Same Rigor as Financial Controls

Principle 13: Assess and Adapt Culture

Boards and executives must continuously monitor culture through both qualitative and quantitative means, like surveys, exit interviews, focus groups, and misconduct trends. They must use this insight to adjust behaviors, policies, and communications.

Compliance Tip: Develop a culture scorecard that blends hard metrics (e.g., hotline use, turnover, audit findings) with soft indicators (e.g., pulse survey sentiment, values alignment). Share it regularly with senior leadership and the board. Recommend a third-party cultural assessment every 2–3 years. A fresh outside perspective can validate internal findings or reveal misalignment between what leaders think the culture is and what employees experience.

Lesson 5: Culture Must Adapt in Crisis—So Plan Ahead

COSO acknowledges that culture is stress-tested in times of disruption, be it a cyber breach, executive misconduct, acquisition, or societal crisis. The Culture Component encourages entities to integrate cultural expectations into their change management and crisis response processes.

Compliance Tip: Collaborate with risk and crisis teams to develop culture-aligned responses in your business continuity or crisis management playbooks. This includes messaging protocols, decision-making principles, and escalation thresholds. After any major incident, conduct a post-crisis culture audit. Ask: Did we live our values? Were our responses timely, ethical, and transparent? Feed those insights into board reporting and future crisis planning.

Building a Culture Governance Program: Where Compliance Leads

To bring COSO’s Culture Component to life, compliance professionals should spearhead a culture governance program that includes:

  • Clear definitions of desired behaviors linked to purpose and values
  • Measurement tools (dashboards, surveys, listening posts, audits)
  • Accountability mechanisms (ownership in performance reviews, board oversight)
  • Responsive feedback loops to adjust based on data and stakeholder input
  • Ethics-based training that evolves with risk and reality

This program should be integrated into your ERM process, strategic reviews, and board governance cycle, rather than being siloed off as “compliance only.”

What Boards Need to Hear from Compliance

Bring these messages to your next board or audit committee meeting:

  • Culture is a governance issue, not just a management function.
  • Misaligned culture leads to misconduct, regulatory failure, and reputational damage.
  • Compliance has real-time data on how values are being lived or violated.
  • Boards must monitor culture as a key component of enterprise risk and strategy.
  • Tone at the top must be modeled, not just messaged.

When directors understand this, they begin to treat culture metrics with the same gravity as revenue forecasts or audit findings.

Final Thoughts: Culture Is Compliance’s Moment to Lead

In the world of governance, culture is where compliance and leadership intersect. COSO’s Framework not only endorses this idea, but it also institutionalizes it. If culture determines how strategy is executed, how risks are mitigated, and how stakeholders perceive your organization, then compliance is not merely a monitor; rather, it is a culture architect. So step up. Utilize the COSO Culture Component to foster ethical leadership, safeguard long-term value, and ensure that your organization not only talks the talk but also walks the walk.

To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.

Categories
#RiskNYC Speaker Series

#Risk New York Speaker Series – Exploring Future Regulatory Trends and Compliance Strategies with Rory McGrath

Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration.

At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country’s top #Risk management professionals.

In this episode of the Risk New York City speaker preview series, host Tom Fox interviews Rory McGrath, leader of the global pre-sales team at Corlytics. Rory discusses his role in helping financial institutions transform and operationalize compliance through the use of AI and smart automation. He also provides a teaser for his upcoming panel on the future of US regulation and the impact of deregulation at the #RiskNYC event. Highlighting key themes such as the evolving nature of compliance governance and the importance of cross-functional conversations, Rory shares insights on addressing fragmented regulations and fostering data-driven compliance strategies.

Resources:

#Risk Conference Series

#RiskNYC—Tickets and Information

Rory McGrath on LinkedIn

Categories
The Hill Country Podcast

The Hill Country Podcast – Tribute to Jane Ragsdale

It is with great sadness that I post this podcast. It is a recording I did with Jane Ragsdale back in 2023. Jane was the owner of the Heart O’the Hill Camp near Hunt, TX. She died as a result of the massive flood that roared down the Guadalupe River in the early morning hours of July 4. As of the posting of this podcast, there are over 80 confirmed dead, 11 known still missing, and an unknown number of missing. One of the worst hit was a girls’ camp, Camp Mystic, which lost 27 dead.

Jane was from a summer camping family, as her parents, Si and Kathy Ragsdale, ran a boys’ camp, Camp Stewart, also in Hunt, TX, from the mid-1960s until 2015, when Jane’s nephew, Jeepers Ragsdale, took over the camp’s operation. Jane was beloved in both the camping community and the greater Hill Country community. She was a leader and did annual mission work in Guatemala. This podcast focused on her mission work.

I hope you will consider donating to support the rebuilding efforts that will be necessary following this tragic event. You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Corruption, Crime and Compliance

DOJ’s UNICAT Settlement for Trade Violations

What happens when a company inherits a sanctions violation through acquisition, and acts fast to fix it? Can a robust post-acquisition response really save a parent company from prosecution? In this episode, Michael Volkov unpacks the fascinating DOJ-led global enforcement action against UNICAT Catalyst Technologies – a case that reflects the U.S. government’s intensifying focus on trade enforcement across sanctions, export controls, and customs. This resolution marks the first declination under DOJ’s National Security Division M&A policy, showcasing the power of voluntary disclosure, cooperation, and remediation in today’s enforcement environment.

You’ll hear him discuss:

  • How DOJ, OFAC, BIS, and CBP coordinated parallel resolutions against UNICAT
  • The $3.3 million forfeiture and additional penalties tied to underpaid duties and unlawful exports
  • Why DOJ declined prosecution of UNICAT’s parent company, White Deer, under its M&A policy
  • The former CEO’s role in orchestrating 23 unlawful sales to Iran, Venezuela, and Cuba
  • The importance of identifying willful intent in sanctions violations — and when DOJ disclosure is required
  • The risks of failed pre-acquisition due diligence and the value of strong post-acquisition integration
  • How concealment tactics like falsified invoices and coded emails were used to hide dealings with sanctioned entities
  • Key lessons for global companies navigating the new era of trade compliance and enforcement

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Daily Compliance News

Daily Compliance News: July 7, 2025, The Disaster on the River Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest that are relevant to the compliance professional.

Top compliance stories:

  • Where does BRIC go? (NYT)
  • BCG modeled a plan to settle Palestinians. (FT)
  • Tony Blair, BCG, and the Palestinians. (FT)
  • SEC and SolarWinds settle. (Reuters)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Assessing Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we look at how to assess your internal controls under COSO.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 36 – Crisis Management in Compliance: Lessons from Star Trek’s “Catspaw”

Today, we boldly journey into the Star Trek: TOS episode “Catspaw,” an engaging yet somewhat eerie tale, to uncover practical crisis management insights that can benefit corporate compliance practitioners. In “Catspaw,” Captain Kirk and his stalwart crew encounter alien beings who utilize illusions, fear tactics, and psychological manipulation to control the Enterprise. Today, Tom Fox outlines five specific lessons derived from key scenes in the episode and explains their relevance to the compliance profession.

Lesson 1: Understand and Define the Nature of the Crisis Clearly (Scene: Initial Loss of Crew Members)

Illustrated By: At the outset of the episode, Kirk and the Enterprise crew become concerned when an away team led by Chief Engineer Scott fails to respond. Kirk quickly recognizes the absence of communication as a genuine crisis, one that warrants immediate investigation.

Compliance Lesson: For compliance officers, clarity in defining a crisis is paramount.

Lesson 2: Avoid Being Misled by Surface Appearances or Initial Assumptions (Scene: Spooky Castle and Illusions)

Illustrated By: Kirk, Spock, and Dr. McCoy find themselves faced with a mysterious castle, complete with witches and haunting illusions, which is deliberately designed to mislead and manipulate their perceptions.

Compliance Lesson: Compliance crises similarly often come cloaked in misleading appearances. Fraud, bribery, corruption, or regulatory violations may initially seem improbable or manifest subtly, disguised by legitimate-seeming transactions or credible rationalizations.

Lesson 3: Maintain Clear, Consistent Communication Under Pressure (Scene: Communication Between the Enterprise and Kirk’s Away Team)

Illustrated By: Throughout “Catspaw,” Spock and Kirk rely heavily upon continuous, clear, and precise communications with the Enterprise.

Compliance Lesson: Clear communication is the compliance professional’s most potent tool during crises. Timely, transparent information flows across teams, departments, senior management, and external stakeholders are crucial.

Lesson 4: Foster Team Cohesion and Trust to Overcome Crisis (Scene: Crew Unity and Reliance Under Alien Manipulation)

Illustrated By: When confronted by their alien adversaries, Sylvia and Korob, who create illusions to sow division and confusion, the Enterprise crew remains steadfast, unified, and supportive.

Compliance Lesson: In compliance crises, organizational cohesion and trust are indispensable. Fear, blame, and suspicion often arise naturally during high-stress situations.

Lesson 5: Innovate and Adapt Rapidly in Response to Changing Situations (Scene: Kirk’s Recognition and Exploitation of Alien Weakness)

Illustrated By: Ultimately, Kirk identifies that the aliens, Sylvia and Korob, utilize advanced technology to create their illusions but lack practical experience with human reality.

Compliance Lesson: Compliance professionals frequently encounter novel crises that challenge standard procedures and existing playbooks. The capability to innovate and adapt quickly becomes critical.

Final ComplianceLog Reflections

Star Trek’s “Catspaw reveals, beneath its fantastical veneer, the powerfully demonstrated fundamental principles of crisis management: rapid identification and clear definition of crises, disciplined investigative rigor, effective communication, team cohesion, and strategic innovation. Compliance professionals are regularly challenged by uncertainty, disruption, and confusion, much like those faced by the Enterprise crew. Adopting and embedding these five core lessons into your compliance strategy ensures your organization is equipped to withstand and even thrive in challenging, unpredictable environments.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Throughout this season, Tom will delve into each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear.

In this episode (and for the entire month of July), we focus on the most famous Holmes novel, ‘The Hound of the Baskervilles.’ Timothy and Fiona are back to explore the key elements of the novel, connecting them with compliance themes and investigative techniques. They dissect the storyline, reveal insights, and discuss timeless lessons in rational thinking, the perils of unquestioned beliefs, and the power of meticulous observation and teamwork. Additionally, Tom invites listeners to provide feedback on the use of AI voices and offers to help those interested in starting their podcasts.

Highlights include:

  • Deep Dive into The Hound of the Baskervilles
  • The Mysterious Case Unfolds
  • Holmes’ Investigation and Revelations
  • Lessons from The Hound of the Baskervilles

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels, with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn