Author: Admin

Categories
Innovation in Compliance

Innovation in Compliance: From MVP to MVF: Governing AI Agents with Guardrails, Policy-as-Code, and Board Oversight with Aravind Parthasarathy

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Aravind Parthasarathy, Vice President, Client Partner for Telco & Tech at NewRocket, a ServiceNow implementation company focused on helping large enterprises adopt agentic AI.

They discuss the shift from viewing AI as a tool to treating it as an operator with humans as mentors handling exceptions, and what this means for compliance, GRC, and risk management. Aravind contrasts minimum viable product (MVP) with minimum viable function (MVF), emphasizing end-to-end autonomous business functions, probabilistic performance, and continuous learning. They cover governance needs, including guardrails, policy-as-code, auditability of agent decisions, model drift monitoring, and automated “trust but verify.” Aravind provides a telecom outage-troubleshooting example with compliance notification obligations, addresses board-level AI governance using emerging standards like ISO 42001, suggests KPIs (accuracy, autonomy), recalibrates operational metrics, and introduces “context graphs” to capture decision data over time.

Key highlights:

  • AI From Tool to Operator
  • Compliance in the MVF Era
  • Trust but Verify at Scale
  • Scaling to Multi-Agent Systems
  • Board Level AI Governance
  • Misconceptions and Practical Next Steps

Resources:

Aravind Parthasarathy on LinkedIn

NewRocket Website

Innovation in Compliance is a multi-award-winning podcast that was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Categories
Daily Compliance News

Daily Compliance News: March 31, 2026, The Why Did She Leave Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • HR leaders say we are misusing the term ‘Agentic AI.’ (WSJ)
  • Senator wants to know why the SEC Director of Enforcement left. (Reuters)
  • UK fines Apple sub for breaching Russia sanctions. (FT)
  • Better get your culture right. (NYT)
Categories
AI Today in 5

AI Today in 5: March 31, 2026, The AI and False Arrest Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. AI for API security. (GovInfoSecurity)
  2. Using AI for SEC filings research. (BusinessWire)
  3. AI-based facial recognition leads to false arrests. (CNN)
  4. Visa prepares for AI-initiated transactions. (AINews)
  5. Can AI help with financial literacy? (FinTechMagazine)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

The Balt Individuals Indictment: How Corruption Actually Works

The corporate resolution in Balt received the headlines. The individual Indictment tells the deeper compliance story. In the charges against David Ferrera and Marc Tilman, prosecutors laid out a familiar but highly instructive playbook: business pressure, personal financial incentives, sham consulting arrangements, coded language, off-channel communications, false invoices, and cross-border wire transfers. For compliance professionals, this is the anatomy of misconduct in real time.

One of the most important lessons in any FCPA matter is that companies do not commit crimes. People do. Systems may be weak, controls may be poorly designed, and incentives may be misaligned. But in the end, individuals make decisions. That is why the indictment of David Ferrera and Marc Tilman in the Balt matter deserves careful study.

The indictment alleges that Ferrera, a United States citizen, was a senior executive of Balt’s U.S. subsidiary and an owner of the predecessor company. In contrast, Tilman, a Belgian citizen, owned and operated the consulting company used in the scheme and was also an owner of the predecessor company. Prosecutors further alleged that both men stood to gain millions in milestone payments tied to future sales of the company’s products. Their alleged conduct was directed toward a physician employed by CHU Reims, a French state-owned and state-controlled public university hospital, which the indictment treats as an instrumentality of a foreign government, making the physician a foreign official for FCPA purposes.

That framing matters because it puts this case squarely in the mainstream of modern FCPA enforcement. This is not a suitcase full of cash, slipped across a hotel room table. It is a sales-driven bribery scheme allegedly dressed up as legitimate business activity.

The Charges Brought Against Ferrera and Tilman

The indictment charges both Ferrera and Tilman with six criminal counts and forfeiture allegations.

Count One charges conspiracy to violate the FCPA under 18 U.S.C. § 371. Prosecutors allege that from 2017 through September 2023, the two men conspired to offer, promise, authorize, and route money and things of value to a foreign official to influence decisions, secure an improper advantage, and obtain or retain business.

Counts Two and Three are substantive FCPA charges under 15 U.S.C. § 78dd-2 and aiding and abetting under 18 U.S.C. § 2. These counts are tied to two specific wire transfers: approximately €20,000 on July 30, 2019, and approximately €25,000 on October 28, 2019, each sent from Balt USA’s bank account in the United States to the consulting company’s bank account in Belgium. Prosecutors allege that these payments were made corruptly and in furtherance of bribes to the foreign official.

Count Four charges conspiracy to commit money laundering under 18 U.S.C. § 1956(h). The indictment alleges that Ferrera and Tilman agreed to move funds from the United States to Belgium to promote specified unlawful activity, namely FCPA violations and bribery-related offenses under French law.

Counts Five and Six are substantive international promotional money laundering charges under 18 U.S.C. § 1956(a)(2)(A), again tied to specific wire transfers: approximately €25,000 on January 31, 2020, and approximately €38,500 on April 21, 2020, sent from Balt USA in the United States to the consulting company in Belgium. Prosecutors allege that these transfers were intended to promote the ongoing bribery scheme.

Finally, the indictment includes forfeiture allegations. Upon conviction, prosecutors seek forfeiture of property traceable to FCPA offenses and to money laundering offenses, including a forfeiture money judgment representing the proceeds obtained from the alleged misconduct. That is the charge sheet. But the compliance lessons come from how the scheme allegedly worked.

How the Conduct Was Allegedly Carried Out

The indictment alleges that Ferrera and Tilman used a classic intermediary structure. Balt USA allegedly paid Tilman’s Belgian consulting company through sham consulting agreements, fake invoices, and purported bonus payments, and Tilman then routed the funds onward to the foreign official’s accounts in France. The French order adds that the consultant’s company was used to conceal the relationship with the physician, that the physician’s invoices lacked meaningful detail, and that two false invoices were issued in 2017 and 2018, the second of which was blocked by finance due to irregularities.

The overt acts alleged in the indictment are especially revealing. Prosecutors quote messages about “€€ for our friend,” private email use, and a proposed fake invoice for a “2-day sales and marketing session.” They also quote Tilman, suggesting, “No more fake ‘training courses’” and referring to a new “bonus” as “a CAMOUFLAGE.” The indictment also alleges that Ferrerra approved the arrangement, replying to one email, “That’s acceptable. Please send this to me.”

This is why I always tell compliance professionals that misconduct rarely hides in one dramatic act. It hides in language, process, and paperwork. It hides in euphemisms. It hides in rushed approvals. It hides in consultants whose compensation structure makes no business sense. It hides in payments that look close enough to ordinary commerce to escape attention unless someone asks one more question.

The indictment also alleges direct business leverage. One message attributed to Tilman said that if a Balt finance employee did not wire €25,000 that day, he would tell the foreign official “to stop everything.” If that allegation is true, it is a flashing red light from a compliance perspective. It suggests the payment stream was not peripheral to the sales effort. It was the mechanism by which the business was being maintained.

What Ferrera and Tilman Allegedly Did Wrong

From a compliance standpoint, their alleged actions fall into five familiar categories.

First, they allegedly used an intermediary as a conduit. The consulting company was not merely a vendor risk issue. It was allegedly the vehicle used to transfer funds from the company to the foreign official.

Second, they allegedly papered over bribery with false business justifications. Sham consulting agreements, fake invoices, and disguised bonuses are not accounting defects. They are corruption mechanics.

Third, they allegedly moved communications off-channel. Personal email accounts and encrypted messaging applications appear in the indictment for a reason. Prosecutors routinely treat off-channel communications as evidence of concealment when the surrounding facts support that inference.

Fourth, they allegedly used coded language. “Our friend,” “training,” “bonus,” and “camouflage” are the kinds of words that should prompt any investigator to ask whether business language is being used as cover.

Fifth, they allegedly exploited pressure points in the business model. Because both men allegedly had financial upside tied to future sales, the case also highlights the risk of incentives. The indictment expressly alleges that Ferrerra and Tillman stood to gain millions in milestone payments based on future product sales. That does not prove guilt, but it does tell every CCO where to look when incentives, sales growth, and third-party payments start to overlap.

Five Lessons for Chief Compliance Officers

1. Third-party management must go beyond onboarding.

A consultant with vague deliverables, success-linked compensation, and unusual ties to public hospital physicians is not a low-risk intermediary. CCOs need lifecycle monitoring, not just entry-point due diligence.

2. Controls must test the substance, not the paperwork.

A signed contract and an invoice are not evidence that legitimate services occurred. Finance and compliance need procedures to test whether the service actually occurred, whether the deliverable exists, and whether the compensation aligns with market reality.

3. Off-channel communications are a corruption risk indicator.

If business with public officials or healthcare professionals is being discussed on private email or encrypted apps, that should trigger escalation. The issue is not simply records retention. The issue is concealment risk.

4. Incentive compensation needs a compliance review.

When executives or consultants stand to earn substantial milestone payments tied to sales growth, compliance should assess whether that pressure could distort behavior. Sales incentives and corruption risk are often joined at the hip.

5. Finance needs the authority to stop the line.

The French order notes that one false invoice was blocked due to irregularities identified by finance. That is a reminder that finance can be one of the strongest anti-corruption controls in the company if it is trained, empowered, and protected.

Conclusion

The Balt Declination showed what a company can earn through disclosure, cooperation, and remediation. The Ferrera and Tilman Indictment shows the other side of the equation: how the alleged misconduct was actually executed. Prosecutors describe a bribery scheme hidden behind consultants, invoices, coded language, and wire transfers. For compliance professionals, that is the real value of this case. It reminds us that corruption often looks less like a dramatic criminal enterprise and more like ordinary business processes quietly bent out of shape.

Categories
The PfBCon Podcast

The PFBCon Podcast: Podcasting as a Law Firm Growth Engine: How Hughes Hubbard & Reed Uses Branded Audio

Mike DeBernardis, Partner at Hughes Hubbard & Reed LLP, and Jess Weliwitigoda, Director of Marketing and Business Development at Hughes Hubbard & Reed LLP, discuss how the firm leverages its branded podcast, All Things Investigations, as a marketing and business development tool.

They describe how the podcast originated from Mike’s appearances on Tom’s FCPA Compliance Report and evolved into a platform to showcase firm expertise, introduce new lawyers to clients and prospects, spotlight niche practices, and repurpose content for broader branding impact. Key benefits discussed include faster production than writing articles, the ability to respond to current events with less lead time, and a more human, relationship-building voice behind the firm’s brand. They also note the podcast’s value in building both personal and internal brands by connecting with colleagues across practices, and highlight the challenge of maintaining a consistent publishing cadence.

Key highlights:

  • Mike and Jess Backgrounds
  • Origin of the Podcast
  • Why Podcasting Works
  • Efficiency and Prep Time
  • Brand Building and Consistency

Resources:

Follow All Things Investigation on:

Hughes Hubbard & Reed LLP

Apple Podcast

Spotify

YouTube

Compliance Podcast Network

Mike DeBernardis LinkedIn

Jess Weliwitigoda LinkedIn

Categories
Daily Compliance News

Daily Compliance News: March 30, 2026, The Breaking Up is Heard to Do Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • KS executed under Noem is now under investigation. (WSJ)
  • Corruption allegations dent Milei’s popularity. (Reuters)
  • Mexican President’s approval drops amid corruption allegations. (Bloomberg)
  • Heinz and Kraft will not break up. (NYT)
Categories
FCPA Compliance Report

FCPA Compliance Report: Buying Blind: AI Procurement Risks Ethics with Jessica Tillipman

In this episode, Tom Fox welcomes Jessica Tillipman, Associate Dean for Government Procurement Law Studies; Government Contracts Advisory Council Distinguished Professorial Lecturer in Government Contracts Law, Practice & Policy. We take a deep dive into federal procurement and compliance.

We begin with Tillipman’s recent article “Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement.” Tillipman explains how her initial focus on AI as a tool to reduce procurement risk shifted after finding instances of AI exploitation and U.S. regulatory changes, raising concerns that contracting practices (commercial terms, limited audit rights, reduced testing and documentation) worsen AI’s inherent opacity. She contrasts government contracting’s “superpower” rights with transparency and competition mandates tied to taxpayer funds and discusses procurement tradeoffs between speed and oversight. Tillipman distinguishes fraud from waste and abuse, warning against conflating categories. She analyzes GSA’s proposed AI clause as overdue, overly broad, and potentially unworkable, and stresses the importance of explainability, human oversight, and due process for consequential AI use. The conversation highlights procurement as a major corruption and compliance risk area and the need to invest in people and integrated teams.

Key highlights:

  • Government vs Private Contracting
  • Procurement Blind Spots
  • AI Procurement Black Box
  • Fraud, Waste, and Abuse
  • GSA AI Clause Debate
  • Training Future Leaders

Resources:

Jessica Tillipman at GW Law

Jessica Tillipman at LinkedIn

Jessica Tillipman Website

Jessica Tillipman Publication

Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
AI Today in 5

AI Today in 5: March 30, 2026, The Delay in the EU on AI Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Governing AI without slowing down. (FinTechGlobal)
  2. AI governance and compliance for security. (Blockchain Council)
  3. EU to delay compliance requirements for AI. (CIO)
  4. Scaling AI in healthcare. (MedCity News)
  5. AI-powered finance. (FinTech Magazine)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

The Balt Comparison: The U.S. Declination and French AFA Order

The Balt matter is one of the clearest recent examples of coordinated cross-border anti-corruption enforcement. When you compare the U.S. Department of Justice (DOJ) Declination with the French resolution overseen by the Agence Française Anticorruption (AFA), you see the same facts, the same corporate conduct, and the same core remediation story. Yet you also see two different enforcement philosophies at work.

For compliance professionals, the Balt matter is worth close study because it demonstrates both the benefits and the limits of voluntary self-disclosure. In the United States, Balt received a declination. In France, Balt received a negotiated resolution with a financial penalty and three years of compliance oversight. Put simply, the company received credit in both jurisdictions, but not in the same form. That is the starting point for any serious comparison.

At the highest level, the similarities between the U.S. declination and the French AFA order are striking. Both enforcement outcomes are grounded in the same basic misconduct: improper payments routed through intermediaries and disguised by false invoices, sham consulting arrangements, and other concealment mechanisms to influence a physician affiliated with a state-owned public hospital. Both authorities also credited the same core corporate behavior once the misconduct surfaced. Balt self-disclosed while its internal investigation was still ongoing. Balt cooperated. Balt remediated. Balt separated from the implicated actors. Balt accepted financial consequences. And in both systems, prosecutors made clear that the company earned meaningful leniency for its response after discovering the problem. That is not a small point. It is a very large point.

The DOJ Declination is a textbook example of how the Corporate Enforcement and Voluntary Self-Disclosure Policy is supposed to work. The DOJ credited Balt for timely self-disclosure, full and proactive cooperation, timely and appropriate remediation, disgorgement, and the absence of aggravating circumstances, such as prior misconduct or senior management involvement in the misconduct at the parent company level. In other words, the U.S. resolution focused on whether Balt checked the boxes that the DOJ has been urging companies to follow for years. Balt did so, and the reward was a declination.

The AFA resolution tells a parallel but more demanding story. The AFA likewise credited prompt voluntary disclosure, active cooperation, remedial measures, the quality of the internal investigation, and a clear acknowledgment of facts. Those are very familiar concepts to any U.S. compliance practitioner. Yet the AFA did not stop there. The AFA resolution also catalogued aggravating factors, including company size, a weak compliance program, the systemic nature of the conduct, concealment mechanisms, involvement of a public official, and serious disruption to public order. That analysis produced not only a monetary sanction but also a three-year compliance program under AFA supervision, including an initial audit, targeted audits, a final audit, annual reporting, and oversight costs up to €700,000. This is where the differences become especially instructive.

The first major difference is the form of the resolution. In the United States, Balt secured a Declination. That is the headline. In France, Balt received something much closer to what U.S. practitioners would recognize as a negotiated corporate resolution with ongoing compliance obligations. The lesson is simple: a favorable result in one jurisdiction does not guarantee a mirror-image outcome in another. A company may receive credit everywhere, but the legal expression of that credit can vary dramatically.

The second major difference is how each jurisdiction frames aggravation. The DOJ emphasized the absence of aggravating circumstances. The AFA, by contrast, expressly identified aggravating factors and still extended substantial cooperation credit. That tells us something important about enforcement culture. The U.S. Declination framework remains highly tied to formal eligibility criteria. The AFA framework appears more comfortable acknowledging serious aggravating facts while still rewarding corporate behavior that advances accountability and remediation. Compliance officers should understand that “cooperation credit” does not necessarily mean “no penalty.”

The third difference is scope. The U.S. Declination appears more tightly focused on the bribery scheme from roughly 2017 to 2023 involving a French public hospital physician and related profits. The AFA order appears to take a broader view of the surrounding conduct, including earlier misconduct and additional facts involving the French and Belgian physicians. That broader factual framing matters because it influences how a regulator assesses whether misconduct was episodic or systemic. For compliance professionals, that is a warning that one regulator may view a discrete scheme while another may see a longer-running control failure.

The fourth difference is the compliance remedy itself. The DOJ credited remediation and moved on, subject to continued cooperation and disgorgement. The AFA imposed structured compliance oversight. That distinction is increasingly important in cross-border cases. One can easily imagine the DOJ becoming more comfortable declining a case when it is satisfied that another credible enforcement authority will impose real compliance obligations on the company. From a policy perspective, that is efficient burden-sharing. From a compliance perspective, it means global companies must prepare for one enforcement resolution to be shaped by another.

The fifth difference is financial architecture. In the U.S., disgorgement was central. In France, the fine included disgorgement and a punitive component, with credit for amounts paid under the U.S. resolution. That coordination is precisely what sophisticated multinational enforcement should look like. It avoids pure duplication while still preserving accountability across multiple jurisdictions.

What are the broader lessons?

First, self-disclosure still matters, perhaps now more than ever. Balt disclosed that it had all the answers before. That took nerve. Many companies hesitate because they want a complete internal report before speaking to prosecutors. Balt shows that both U.S. and French authorities can reward early disclosure made during an active investigation, provided the company follows through with facts, cooperation, and remediation.

Second, remediation must be real, not performative. Separation from wrongdoers, tailored training, strengthened controls, and structural compliance upgrades all mattered here. Regulators on both sides of the Atlantic were clearly testing whether Balt had merely discovered misconduct or had actually learned from it.

Third, cross-border cooperation is no longer an abstract concept. It is operational. The AFA Order expressly notes shared information through mutual legal assistance. The DOJ expressly referenced the parallel French resolution. Compliance professionals need to assume that in a multinational corruption matter, regulators are not working in isolation.

Fourth, a declination is not exoneration. That may be the most important practical lesson of all. Balt avoided prosecution in the United States, but it still paid disgorgement, saw individuals indicted, and accepted substantial compliance oversight in France. No CCO should ever describe a declination as a clean escape. It is better understood as conditional mercy earned through disciplined response.

Finally, Balt reminds us that enforcement is increasingly about the credibility of the company’s post-discovery conduct. The original misconduct was serious. What separated Balt from a much harsher U.S. outcome was not the weakness of the facts. It was the strength of the response.

In the end, the Balt matter tells us that modern anti-corruption enforcement is no longer a one-country exercise. The DOJ and the AFA looked at the same core misconduct and rewarded the same basic corporate behavior: voluntary self-disclosure, cooperation, remediation, and disgorgement. Yet they expressed that credit in different ways. The DOJ used the matter to send a clear message that its declination framework can work when a company comes in early, tells the truth, and helps build the case. The French authorities sent a different but equally important message: even where cooperation is meaningful, serious misconduct can still warrant a financial penalty and years of structured compliance oversight.

For the compliance professional, that is the real lesson. A declination is not the end of the story, and cooperation credit is not a free pass. Cross-border enforcement now means that regulators may coordinate on facts, financial remedies, and compliance expectations, while still applying their own legal philosophies. Balt’s outcome shows that what matters most is not simply how a company got into trouble, but how it responds once trouble is discovered. That is where credibility is built, and increasingly, that is where enforcement outcomes are decided. 

Categories
Sunday Book Review

Sunday Book Review: March 29, 2026, The Top Books for COs Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. In this episode, we look at 4 top books that every compliance professional should read and have in their library.

  1. The Complete Works of Sherlock Holmes by AC Doyle
  2. Higher Ground by Alison Taylor
  3. The Honest Truth About Dishonesty by Dan Ariely
  4. The Power of Habit by Charles Duhigg