Author: Admin

Categories
Innovation in Compliance

Innovation in Compliance: 10+1 Commandments: A Moral Code for AI Ethics in Business

Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom welcomes Cristina DiGiacomo, founder of 10P1 Inc.

Cristina has an extensive background in communications, business, and practical philosophy. Cristina introduces her ’10+1 Commandments,’ a set of ethical guidelines for human interaction with artificial intelligence. They discuss the compelling need to integrate these principles into business compliance and governance frameworks. The commandments aim to provide a high-level, universal, and perpetual moral code that addresses the risks and ethical considerations of AI in the corporate world. Cristina emphasizes the importance of maintaining ethical AI practices amidst the evolving regulatory landscape.

Key highlights:

  • Philosophy in Everyday Life
  • Ancient Wisdom and Modern Application
  • The 10+1 Commandments Explained
  • Applying the Commandments in Business
  • Governance and Ethical AI

Resources:

Cristina DiGiacomo on LinkedIn

Website-10+1 

Categories
PodFest Expo 2026 Speaker Series Preview

Podfest Expo 2026 Speaker Preview Series: Chad Parizman on AI Hacks for Solo and Small-Pod Teams

In this episode of the PodfestExpo 2026 Speaker Preview Podcasts series, Tom Fox visits with Chad Parizman, founder of Ader Communications, and discusses his presentation at PodfestExpo 2026 on AI Hacks for Solo and Small-Pod Teams. Some of the highlights in this podcast are:

  • Chad’s role in the world of podcasting.
  • His presentations at PodFest Expo.
  • What he hopes to get out of PodFest Expo 2026 and why you should attend.

I hope you can join us at Podfest Expo 2026, hosted by Podfest Global. This year’s event will be the 12th anniversary and will be held January 15-18, at the RENAISSANCE ORLANDO AT SEAWORLD® in Orlando, Florida. The lineup of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voices and messages with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

Podfest Expo is so much more than just a conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, what sets the Podfest Expo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event—you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, Podfest Expo 2026 has plenty to offer!

Please join us at the event. For information on the event, click here. As an extra benefit for listeners of this podcast, Podfest Expo is offering 10% off any ticket level. Enter the discount code Fox2026 or visit this link.

Podfest Expo 2026 is a production of Podfest Global, which is the sponsor of this podcast series.

Categories
Blog

Texas Steps Into the AI Ring: What a “Responsible AI Governance Act” Means for Companies

Contrary to the standard belief and even Governor Abbott’s pronouncements, there is some regulation in the great state of Texas. With the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), Texas made a clear statement: artificial intelligence is no longer just a product feature or a data science experiment. It is a regulated business risk. If your organization builds, buys, deploys, or relies on AI to make decisions about people, Texas is signaling that you should be able to explain what the system does, prove you are not using it in harmful ways, and demonstrate governance over it.

Based on your summary, the Texas Responsible Artificial Intelligence Governance Act creates a statewide framework with four big pillars: (1) prohibitions on certain harmful or discriminatory uses, (2) limits on biometric surveillance, (3) disclosure requirements in defined contexts, (4) oversight infrastructure, including a regulatory sandbox, and (5) enforcement with noted safe harbors. That is not “innovation-killing.” It is Texas doing what Texas does: setting boundaries on unacceptable conduct while leaving room for businesses to move fast within guardrails.

Today, we begin a two-part look at state regulation of AI. Today in Part 1, we consider the Texas approach. Tomorrow in Part 2, we review the federal attempt to eviscerate all state AI regulation, claiming federal preemption through the Trump Administration’s sweeping Executive Order titled “Ensuring a National Policy Framework for Artificial Intelligence.”

1. Prohibited Uses: Drawing Hard Lines Around Harm and Discrimination

The most important practical takeaway for a corporate audience is this: Texas is moving toward outcome-focused restrictions, not just paperwork. When a law prohibits “harmful or discriminatory uses,” the question becomes: harmful to whom, and in what context? For most companies, the risk zones are predictable:

  • Employment: recruiting, resume screening, interview scoring, promotion, performance evaluation, and workforce reduction.
  • Credit and financial decisions: underwriting, pricing, and fraud flags that drive adverse decisions.
  • Housing and insurance: eligibility, pricing, and claims triage.
  • Customer access: KYC onboarding, account shutdowns, and refund decisions.
  • Public-facing services: education, health-related triage, and benefits navigation.

From a compliance program perspective, this pushes you toward two controls you should already want:

• A documented AI use-case inventory, categorized by impact level.

• A discrimination and fairness control, meaning pre-deployment testing plus monitoring, and a mechanism to remediate.

If you are thinking, “We do not use AI for those decisions,” the next question is whether the vendor tool uses AI under the hood. Texas-style statutes tend to treat “deployment” broadly, and regulators are rarely impressed by “the vendor did it” as a defense.

2. Biometric Surveillance: The Texas Red Line

You mentioned restrictions on “unauthorized biometric surveillance.” In plain English, that means the law is likely concerned with face recognition, voiceprints, gait recognition, and other identifiers used to track or identify people.

Corporate implications typically fall into three areas:

  • Physical security: access control systems, visitor management, and camera analytics.
  • Retail and venues: loss prevention, “known offender” lists, and customer behavior analytics.
  • Workplace monitoring: time clocks using facial recognition and productivity monitoring that drifts into biometrics.

If you use biometric tools, your governance should address:

  • Lawful basis and authorization—consent, notice, contractual, and policy controls.
  • Purpose limitation—what it is used for and what it is not used for.
  • Retention and deletion—biometric data cannot be a forever asset.
  • Vendor constraints—no secondary use, no model training on your biometric data unless explicitly approved.

Even if Texas is not your primary market, this is the type of requirement that quickly becomes “lowest common denominator” compliance across a multi-state footprint.

3. Disclosure: The Practical “Tell the Truth” Requirement

You flagged “clear AI disclosures in some contexts.” For corporate teams, disclosure obligations usually arise when AI materially interacts with a person or influences a decision that affects them.

Think of disclosure as a three-part discipline:

  • When you disclose: at the point of interaction or decision.
  • What you disclose: that AI is used, what it is used for, and how a person can seek assistance or appeal.
  • How you disclose: clear, conspicuous, and not buried in terms and conditions.

The compliance opportunity here is that disclosure forces operational clarity. If you cannot describe the system in plain language, you almost certainly do not have adequate control over it.

4. Oversight and a Regulatory Sandbox: “Governance With a Business On-Ramp”

A state oversight body, along with a “sandbox” approach, signals that Texas wants responsible experimentation. Done right, a sandbox creates a controlled pathway to test higher-risk systems with agreed guardrails, transparency, and reporting.

For companies, the sandbox concept maps to an internal capability you should build anyway:

  • Pilot governance: criteria for what can be tested, where, with whom, and with what monitoring.
  • Kill switches: the ability to stop or roll back quickly.
  • Post-pilot review: documented lessons learned before scaling.

This is compliance that enables innovation, not blocks it.

5. Enforcement: Centralized, Cure-Oriented, and Compliance-Friendly

Enforcement authority under the Texas Responsible Artificial Intelligence Governance Act is deliberately centralized in the Texas Attorney General’s office. That decision matters. By excluding a private right of action, the statute avoids the litigation-driven compliance chaos that has plagued other regulatory regimes. Instead of trial lawyers driving outcomes, Texas has opted for a single, accountable enforcement authority with discretion, consistency, and an institutional understanding of regulatory tradeoffs.

Equally important is the statute’s 60-day cure period. This provision reflects a mature regulatory philosophy: most compliance failures in emerging technologies are not rooted in bad intent but in complexity, novelty, and rapid innovation cycles. The law gives companies the opportunity to remediate, document corrective action, and improve governance before penalties attach. That is precisely how effective compliance programs are built.

The explicit safe harbor for organizations aligned with recognized frameworks such as the NIST AI Risk Management Framework or ISO/IEC 42001 further reinforces this approach. Texas is not inventing bespoke standards in isolation. It is rewarding companies that invest in globally recognized, risk-based governance systems.

This is not a punitive regulation designed to extract fines or score political points. It is a regulatory governance intended to incentivize foresight, structure, and accountability. For compliance professionals, that is the right signal at exactly the right moment.

Join us tomorrow as we consider what the attempted federal preemption via Executive Order might mean for Texas and other states.

Categories
PodFest Expo 2026 Speaker Series Preview

Podfest Expo 2026 Speaker Preview Series: Rob Kirkpatrick on The Podcast Formula to Grow Your Audience

In this episode of the Podfest Expo 2026 Speaker Preview Podcasts series, Tom Fox visits with Rob Kirkpatrick, Executive Director of Audio Content of the Focus on the Family podcast. He discusses his presentation at Podfest Expo 2026 on Heart, Mind, Action: The Podcast Formula that Works. Some of the highlights in this podcast are:

  • Rob’s role in the world of podcasting.
  • His presentation on the formula for growing your audience.
  • What he hopes to get out of PodFest Expo 2026 and why you should attend.

I hope you can join us at Podfest Expo 2026, hosted by Podfest Global. This year’s event will be the 12th anniversary and will be held January 15-18, at the RENAISSANCE ORLANDO AT SEAWORLD® in Orlando, Florida. The lineup of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voices and messages with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

Podfest Expo is so much more than just a conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, what sets the Podfest Expo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event—you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, Podfest Expo 2026 has plenty to offer!

Please join us at the event. For information on the event, click here. As an extra benefit for listeners of this podcast, Podfest Expo is offering 10% off any ticket level. Enter the discount code Fox2026 or visit this link.

Podfest Expo 2026 is a production of Podfest Global, which is the sponsor of this podcast series.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 5 – Enhancing Compliance Through Automation

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, on Day 5, we explore how automation can revolutionize traditional compliance reporting, which is often manual, time-consuming, and error-prone. By leveraging data-driven solutions, compliance professionals can achieve near real-time reporting, improving decision-making and efficiency across their organizations.

Key highlights:

  • Challenges in Traditional Compliance Reporting
  • Integrating Tools for Real-Time Compliance
  • Balancing Real-Time Reporting with Data Security

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
AI Today in 5

AI Today in 5: January 5, 2026, The Does The World Have Time Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Does the world have time to prepare for AI? (The Guardian)
  2. Colombia adopts an international standard for AI. (Global Compliance News)
  3. Client enablement with AI. (FinTechWeekly)
  4. Agentic AI rewriting rules for compliance. (Dallas Business Journal)
  5. Why AI Compliance needs to build operating systems. (Forbes)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report: Navigating Corporate Ethics and Compliance Trends in 2026 with Mike Volkov

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this inaugural episode of 2026, Tom Fox welcomes back his good friend and colleague, Mike Volkov, to reflect on the tumultuous year of 2025 and discuss the new trends for the upcoming year. This is Part 1 of a two-part series.

Highlighting the resilience of corporate ethics amid the suspension of the FCPA, the conversation underscores the necessity for businesses to uphold ethical values, despite regulatory changes. Discussions delve into the importance of demonstrating ethical behavior as a fundamental business value and the growing significance of organizational justice and trust within corporations. Moreover, they address evolving enforcement in areas such as export controls, trade sanctions, and tariff regulations, suggesting a shift toward rigorous compliance in national security matters. This episode provides a comprehensive outlook on the compliance challenges and opportunities for 2026.

Key highlights:

  • Welcome to 2026: A New Beginning
  • The Importance of Ethics in Business
  • Organizational Justice and Trust
  • Generational Perspectives on Ethics
  • Emerging Trends in Trade and Compliance

Resources:

Mike Volkov on LinkedIn

Volkov Law Group

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 5, 2026, The Cocaine, Corruption, and Maduro Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Coke and corruption (and maybe oil) got Maduro in the end. (AP News)
  • Board games for CEO training. (WSJ)
  • Translations as a compliance issue. (BBNTimes)
  • You are an oil company. Want to drill in Venezuela. (WSJ)
Categories
PodFest Expo 2026 Speaker Series Preview

Podfest Expo 2026 Speaker Preview Series: JJ Flizanes on Repurposing Your Content

In this episode of the PodfestExpo 2026 Speaker Preview Podcasts series, Tom Fox visits with JJ Flizanes, founder of the Empowering Minds Network, and discusses her presentation at PodfestExpo 2026 on From Podcast to Profit—Repurposing Your Content Into Courses, Books & Marketing That Lasts. Some of the highlights in this podcast are:

  • JJ’s role in the world of podcasting.
  • Her presentation on Repurposing Your Content.
  • What JJ hopes to get out of PodFest Expo 2026 and why you should attend.

I hope you can join us at Podfest Expo 2026, hosted by Podfest Global. This year’s event will be the 12th anniversary and will be held January 15-18, at the RENAISSANCE ORLANDO AT SEAWORLD® in Orlando, Florida. The lineup of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voices and messages with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

Podfest Expo is so much more than just a conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, what sets the Podfest Expo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event—you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, Podfest Expo 2026 has plenty to offer!

Please join us at the event. For information on the event, click here. As an extra benefit for listeners of this podcast, Podfest Expo is offering 10% off any ticket level. Enter the discount code Fox2026 or visit this link.

Podfest Expo 2026 is a production of Podfest Global, which is the sponsor of this podcast series.

Categories
Blog

Why Every Company Needs a Corporate Relationships Policy

The Coldplay Concert and University of Michigan-Sherrone Moore imbroglios about consensual relationships introduced multiple issues for the compliance professional. While many saw them as romantic issues, others viewed them as corporate governance issues. Corporate compliance professionals spend a great deal of time talking about tone at the top, culture, and ethical leadership. Yet many organizations continue to ignore one of the most predictable sources of ethical failure, litigation exposure, and cultural rot: unmanaged workplace relationships.

Let me be clear at the outset. A corporate relationships policy is not about policing romance, friendship, or personal lives. It is about managing power, influence, and risk. If your organization has people, hierarchies, incentives, and decision-making authority, then you already have relationship risk. The only real question is whether you are managing it or pretending it does not exist.

The DOJ has been consistent on one point in the ECCP. Risks must be identified, assessed, and addressed in a way that reflects how the company actually operates. Relationships are part of how companies operate. Ignoring them is not cultural sensitivity. It is a governance failure.

Relationships Create Risk When Power Is Involved

Not all workplace relationships are problematic. The risk arises when one person can influence another’s pay, promotion, performance evaluation, assignments, or career trajectory. That is where favoritism, coercion, retaliation, and conflicts of interest live.

In enforcement actions, civil litigation, and internal investigations, I have seen the same fact pattern repeated again and again. A relationship is known. No controls are put in place. A complaint is made months or years after the incident. Suddenly, the organization is explaining to regulators, plaintiffs’ lawyers, and the board why it failed to act despite having notice. A corporate relationships policy forces the organization to confront a simple but uncomfortable truth: disclosure alone is meaningless unless it triggers action.

Disclosure Without Structure Is Theater

Many companies comfort themselves with a disclosure requirement that sounds reasonable on paper. Employees are told to disclose relationships, conflicts, or personal connections. After that, very little happens. From a compliance perspective, this is theater, not control.

A mature corporate relationships policy answers several follow-up questions, including “Then what?” and “Who reviews the disclosure?” ” How quickly must influence be removed? What interim controls apply? How is compliance documented and monitored?

Without these answers, disclosure becomes a liability. It creates notice without mitigation. Regulators do not reward that. Courts do not forgive it.

Culture Is Permanently Damaged When Employees Believe the System Is Rigged

One of the most corrosive effects of unmanaged relationships is the cultural one. Employees notice who gets promoted, who gets protected, and who gets opportunities. When relationships appear to trump merit, trust collapses.

This is where a corporate relationships policy becomes a culture document, not merely a legal one. A clear, consistently applied policy sends a powerful message: decisions will be made fairly, transparently, and without hidden influence. When employees believe the system is fair, they report concerns earlier, cooperate with investigations, and remain engaged. When they do not, they disengage or go external. Neither outcome is good for the organization.

Boards and Regulators Expect Speed, Not Intentions

Modern compliance is measured by response time and effectiveness, not good intentions. When a relationship presents a risk, the organization must act quickly to separate influence. That means changing reporting lines, removing decision authority, or imposing interim controls while structural changes are made.

A corporate relationships policy establishes clear timelines, ownership, and accountability. It gives managers a clock, not discretion. It provides a measurable compliance metric to report to the board. It gives the organization defensibility when regulators ask what happened and when it happened. The absence of such a policy almost guarantees inconsistent handling. Inconsistent handling almost guarantees enforcement risk.

This Is Not an HR Policy; instead, it’s a Governance Control

One of the most common mistakes companies make is treating relationships as purely an HR issue. That framing is outdated and dangerous. Relationships intersect with bribery risk, conflicts of interest, retaliation, and abuse of authority. Those are compliance and governance issues. A corporate relationships policy should be owned jointly by compliance, legal, and human resources, with board-level visibility. It should be integrated into investigations, promotions, succession planning, and risk assessments. Anything less is siloed thinking.

The Bottom Line

A corporate relationships policy does three things that every effective compliance program must do. They are:

  1. Identifies a risk that everyone knows exists but few want to name.
  2. Forces timely action instead of passive disclosure.
  3. Protects culture by reinforcing fairness and accountability.

If your organization does not have a clear, enforceable corporate relationships policy, you do not have a blind spot. You have a known vulnerability. And known vulnerabilities are exactly what regulators expect compliance professionals to address. That is not about being intrusive. It is about being responsible.