Author: Admin

Categories
Blog

Risk Management and the Board: Why Oversight is Now a Strategic Imperative

In today’s business landscape, boards of directors are navigating a storm of risks that would test even the most resilient organizations. This topic was explored in a recent article titled “Risk Management and the Board of Directors.” Geopolitical uncertainty, economic volatility, cybersecurity threats, climate change, and the uncharted waters of generative AI are no longer background noise. They have moved to the front and center in boardrooms. Against this backdrop, risk management has emerged not just as an operational necessity but as a governance and strategic imperative. For compliance professionals, this raises a critical question: what role should the board play in risk management, and how can compliance officers support them in fulfilling that role effectively?

Oversight, Not Management

A crucial distinction must be made: boards are not responsible for managing risk on a day-to-day basis. That responsibility belongs to management. But boards do carry the weight of oversight. This oversight includes monitoring the most significant corporate risk factors, ensuring that appropriate risk systems are in place, and verifying that those systems function in practice.

Think about the Boeing case. Regulators and auditors identified multiple failures in Boeing’s manufacturing controls and safety processes, resulting in devastating reputational and financial consequences that continue to unfold. The lesson is clear. It is not enough for a board to approve a risk framework and then step away. Boards must oversee, probe, and confirm that those frameworks are embedded in operations across the enterprise.

Compliance officers can support this by providing boards with accurate, timely, and actionable reporting. Minutes, board packets, and oversight documentation are not administrative afterthoughts. They are evidence of diligence that courts, regulators, and investors increasingly scrutinize.

Tone at the Top: Culture as the Foundation

If oversight is the board’s mandate, then culture is the foundation that determines whether risk management succeeds or fails. Boards set the “tone at the top,” and that tone resonates throughout the organization.

Transparency, consistency, and communication are essential. A board that prioritizes ethics, compliance, and stakeholder safety sends a clear message: compliance failures and corner-cutting will not be tolerated. Conversely, when boards tolerate delay or indecision in addressing risks, such as safety lapses, misconduct, or harassment, they erode employee trust, tarnish their reputation, and invite regulatory scrutiny.

Board Readiness in a Dynamic Environment

Boards must prepare not only for the risks they know but for those that are emerging. This means ongoing director training, scenario planning, and recruitment strategies that close knowledge gaps. While no board can house every kind of subject matter expertise, they must know when to bring in advisors, leverage external resources, and engage with stakeholders directly.

A readiness mindset also means anticipating the unexpected. Crisis response plans, covering a range of scenarios from cyberattacks to workplace misconduct, should be in place and regularly tested to ensure their effectiveness. Compliance leaders should be part of these conversations, ensuring that prevention, detection, and remediation are embedded into strategy, not bolted on as afterthoughts.

Investors, regulators, and even the courts of Delaware are sharpening their focus on board-level risk oversight. The Caremark line of cases continues to set a high bar, but boards that fail to engage in good faith with core risks run the risk of liability. Compliance officers can help directors demonstrate that their oversight is active, engaged, and documented.

Practical Recommendations for Compliance Professionals

What does this mean for compliance officers working with boards? Here are four takeaways:

1. Provide Clear, Actionable Risk Reporting

Boards cannot oversee what they cannot see, and too often, directors are presented with overwhelming data that obscures the real risks. Compliance should deliver reporting that distills information into clear, concise insights, showing not just what happened but why it matters. The most effective reports highlight trends, identify root causes, and directly connect risks to business strategy, enabling the board to act with confidence.

2. Integrate Oversight into Strategy

Compliance risk management should never be treated as an afterthought, bolted onto the business after decisions are made. Instead, compliance officers must help boards see how compliance oversight is deeply intertwined with growth, innovation, and operational resilience. By linking compliance considerations to strategy, compliance becomes a driver of sustainable success rather than a box-checking obligation.

3. Focus on Emerging Risks

Generative AI, biodiversity loss, and geopolitical fragmentation are no longer distant or theoretical; instead, they are reshaping risk landscapes as we speak. Boards need compliance officers to translate these complex issues into practical implications before they escalate into crises that erode value and reputation. A forward-looking compliance function enables directors to anticipate threats, allocate resources effectively, and avoid being blindsided.

4. Reinforce Culture and Ethics

Tone at the top must resonate throughout the organization, and compliance is the bridge that connects board-level values to everyday business practices. Compliance officers can help embed cultural expectations by weaving red flags, lessons learned, and behavioral standards into training, communications, and accountability structures. When done well, this alignment ensures that ethical behavior is not aspirational but operational, lived out across all levels of the enterprise.

Why It Matters Now

The expectations for board-level risk oversight are higher than ever. Regulators want evidence that boards are engaged. Courts are scrutinizing oversight failures with fresh vigor. Investors are pressing for transparency on ESG, cyber, and DEI risks. And employees, your most important stakeholders, expect boards to prioritize safety, inclusion, and integrity.

For compliance professionals, this creates both a challenge and an opportunity. The challenge is to help boards stay ahead of complex risks in an environment of constant change. The opportunity is to elevate the compliance function as a strategic partner in governance, resilience, and corporate integrity.

Final Thoughts

Risk management is no longer just an operational function; it has become a strategic imperative. It is a governance issue that sits squarely in the boardroom. Boards do not need to manage risk, but they must actively oversee it, document their oversight, and ensure that culture and strategy align with risk management systems.

As compliance professionals, we are uniquely positioned to support this mandate. We provide the frameworks, reporting, and insights that help boards meet their obligations and protect the enterprise. In doing so, we not only maintain compliance but also enhance resilience, protect reputation, and foster trust with stakeholders.

The message is clear: oversight is not optional, culture is not cosmetic, and preparation is not a luxury. For today’s boards and for the compliance professionals who advise them, risk management is a strategic imperative that can no longer be ignored.

Categories
AI Today in 5

AI Today in 5: September 29, 2025, The AI and Blue Collar Jobs Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: September 29, 2025, The Full Corruption Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top stories include:

  • Trump demands Microsoft fire former DAG Lisa Monaco. (Law360)
  • Comey Indictment: Corruption is the point. (MSNBC)
  • Trump is changing the definition of corruption. (The Guardian)
  • Is South African corruption a threat to the world financial system? (The Hill)
Categories
Compliance Tip of the Day

Compliance Tip of the Day – Compliance Lessons from Frankenstein

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with concise, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we have a 5-part series on compliance lessons from the Classic Universal Movie Monsters. Today, in Part 1, we begin with the greatest of all time, Frankenstein.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
All Things Investigations

All Things Investigations – Navigating Tariff Compliance with Sean Reilly

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox welcomes back Sean Reilly to discuss the complexities of tariffs under the current administration.

Their conversation highlights the dynamic nature of tariff regimes, the importance of maintaining compliance, and the risks of tariff evasion. Sean provides insights into creating effective tariff compliance programs, the potential for False Claims Act liabilities, and the critical role of commercial sense in assessing tariff changes. The episode also touches on enforcement priorities and the strategic importance for boards of directors to remain vigilant about tariff-related risks. As the discussion moves towards the evolving landscape leading into 2026, Sean emphasizes the importance of staying informed and prepared for ongoing tariff regulations.

 

Highlights include:

  • Compliance and Enforcement in Tariff Management
  • Commercial Sense in Tariff Decisions
  • Board Oversight and Tariff Compliance
  • Future of Tariffs and Compliance Going Forward

Resources:

Hughes Hubbard & Reed Website

Sean Reilly

Categories
FCPA Compliance Report

FCPA Compliance Report – Middle Managers Are the Key – Evie Wentink’s Evolution in Compliance

Join Tom Fox as he welcomes back Evie Wentink back to the FCPA Compliance Report. Evie shares her journey from a compliance professional to an innovator in the field, discussing her unique approach to compliance training and the role of middle managers. With nearly two decades of experience, Evie has transformed her career by leveraging social media to create engaging content that inspires compliance professionals worldwide. Discover how Evie’s innovative strategies are reshaping the compliance landscape and learn about her new venture, Ethical Edge Experts LLC.

Key takeaways:

– 🌍 Embrace change and see the world beyond your keyboard.

– 💡 Innovation in compliance through social media and engaging content.

– 🏢 The critical role of middle managers in compliance programs.

– 📚 The importance of continuous learning and professional growth.

– 🎯 Selling compliance by making it personal and relatable.

Key highlights:

  • Embracing Change and Innovation
  • Training and the Role of Middle Managers
  • Bridging the Gap in Compliance Perspectives
  • Utilizing Social Media for Compliance Engagement
  • The Importance of Being Coachable
  • Ethical Edge Experts LLC

Resources:

Evie Wentink

🔸 LinkedIn: Evie Wentink

🔸 Consulting Firm: Ethical Edge Experts

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
Blog

Compliance Risk Assessment vs. Fraud Risk Assessment: Why the Distinction Matters

One of the most common points of confusion I see in the compliance space is the conflation of a compliance risk assessment and a fraud risk assessment. At first glance, they may look similar as both touch on governance, controls, and organizational exposure. Yet, as Jonathan Marks emphasized in a recent episode of the Data-Driven Compliance podcast, they are not the same. They serve different purposes, employ different methodologies, and generate different impacts. And if you blur the two, you may be leaving the corporate back door wide open.

In this post, I aim to explore the distinctions, explain why they matter, and demonstrate how both assessments complement one another in building a stronger, more resilient compliance program.

Compliance Risk Assessment: Coloring Inside the Lines

A compliance risk assessment is the backbone of the compliance function. It answers the question: Are we following the laws, regulations, and internal policies to which we are required to adhere?

The methodology is structured around:

  • Identifying obligations — What laws, regulations, and internal codes apply to our business?
  • Assessing exposure — Where are we most likely to be out of compliance?
  • Evaluating controls — What policies, procedures, and safeguards exist to manage those obligations?
  • Prioritizing remediation — Which gaps carry the greatest legal, financial, or reputational risk?

The Department of Justice (DOJ) has long framed this as a “three-question test”: Is your program well designed? Is it implemented in good faith? Does it work in practice? A compliance risk assessment is the diagnostic tool that helps answer these questions.

Consider this: a compliance risk assessment ensures that the organization operates within the bounds of the law. It helps the business avoid the unintentional missteps that could land it in hot water with regulators.

Fraud Risk Assessment: Thinking Like a Fraudster

By contrast, a fraud risk assessment is not about whether you are following the rules; it is about whether someone could deliberately break them, deceive the organization, and benefit at its expense. Marks put it succinctly: compliance without fraud detection is like locking the front door while leaving the back door wide open.

A fraud risk assessment is built around three key elements:

  1. The Act – The fraud scheme itself. Examples include false vendor setups, revenue inflation, insider collusion, or misuse of restricted funds.
  2. The Concealment – How the scheme is hidden. Fraud is rarely obvious. It may involve falsifying documents, manipulating data, overriding controls, or exploiting process weaknesses.
  3. The Conversion – How the perpetrator benefits. Whether through cash, bonuses, promotions, or reputational gain, there is always a payoff.

This approach is fundamentally about mindset. A compliance risk assessment looks at processes. A fraud risk assessment forces you to think like the fraudster, the “mind behind the crime.”

Methodological Differences

Marks emphasized that while compliance risk assessments and fraud risk assessments may overlap, their methodologies diverge in several important ways:

  • Focus on Intent vs. Process
    • Compliance asks: Are we following the rules?
    • Fraud asks: Could someone intentionally subvert the rules, and would we detect it in time?
  • Scope of Risk
    • Compliance focuses on legal and regulatory exposure.
    • Fraud encompasses a broader range of threats, including financial, operational, and reputational risks—whether driven by insiders or outsiders.
  • Tools and Techniques
    • Compliance assessments often rely on surveys, documentation review, and structured interviews.
    • Fraud assessments utilize forensic tools, including analytics, behavioral red flags, and targeted scenario testing, to identify potential risks.
  • Outcomes
    • Compliance assessments typically produce policies, certifications, and gap analyses.
    • Fraud assessments deliver actionable detection and deterrence strategies.

Red Flags: The Early Warning System

One of the most practical contributions of a fraud risk assessment is its focus on red flags, the early warning signs that something is not right. Marks categorized them into four groups:

  1. Data Red Flags – Unusual transaction timing, frequency, or amounts.
  2. Document Red Flags – Missing or altered records, incomplete approvals.
  3. Control Red Flags – Inadequate segregation of duties, override of established processes.
  4. Behavioral Red Flags – Employees living beyond their means or facing personal stressors.

The key is not simply to identify these red flags, but to connect them back to your control environment. Are your controls designed to catch intentional deception or only unintentional error? Too often, organizations rely on compliance-oriented controls that were never built to stop someone determined to cheat the system.

Skills and Experience Matter

Another critical difference lies in who conducts the assessment. Compliance risk assessments often require individuals with expertise in law or regulation. Fraud risk assessments, however, require a different skill set; professionals who understand fraud schemes, internal controls, and forensic techniques are needed.

As Marks bluntly put it: certifications are nice, but experience is essential. Those leading fraud risk assessments need to have “skinned their knees” in real-world situations to understand the difference between a red flag and a false signal. Without that expertise, organizations risk a paper exercise that fails to capture the real threats.

Complementary, Not Substitutes

It is tempting for organizations to assume that a compliance risk assessment also covers fraud risk. That is a dangerous misconception. While the two assessments intersect, they are not substitutes. A compliance risk assessment confirms the rules are being followed—a fraud risk assessment tests whether someone could and would intentionally break those rules for personal gain.

Together, they create a multidimensional view of risk:

  • Compliance risk assessments keep the organization lawful.
  • Fraud risk assessments keep the organization safe.

When aligned, they reinforce one another. For example, fraud red flags can be embedded into compliance training, transforming static learning into practical, scenario-based awareness. Compliance findings can inform fraud detection by highlighting areas where processes are weakest.

Beyond Reports: Building Organizational Resilience

The ultimate value of both types of assessments lies not in the reports they generate but in the resilience they build. Marks is right to stress that neither should be treated as a “set it and forget it” project. Both are living, breathing processes that evolve in tandem with your business model, regulatory landscape, and risk environment.

A well-executed fraud risk assessment provides a strategic roadmap for preventing, deterring, and detecting fraud early. A well-executed compliance risk assessment ensures that your program is not only designed and implemented but also functioning effectively in practice. Together, they enhance oversight, foster continuous improvement, and promote a culture of integrity.

Final Thoughts

The compliance community is rightly focused on regulatory risk, ensuring that policies, procedures, and obligations are met. But stopping there creates a blind spot. Fraud is intentional, adaptive, and motivated by gain. It exploits weaknesses not only in processes but in culture.

The lesson for compliance professionals is clear:

  • Do not assume that your compliance risk assessment covers fraud risk.
  • Invest in both assessments, recognizing their differences and complementary strengths.
  • Ensure the right people, with the right experience, are conducting each.
  • Embed fraud red flags into your training and compliance processes.

At the end of the day, compliance keeps you lawful. Fraud risk management keeps you safe. Organizations that appreciate the distinction and act accordingly will be better prepared to withstand the unexpected, protect their stakeholders, and build lasting trust.

Categories
Sunday Book Review

Sunday Book Review: September 28, 2025, The Books on Compensation and Incentives for September Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious about the subject. It could be books about business, compliance, history, leadership, current events, or any other topic that might interest Tom. Today, Tom reviews four top books on compensation and incentives inside a corporation.

  • The Compensation Handbook, Sixth Edition by Lance A. Berger and Dorothy Berger
  • The WorldatWork Handbook of Total Rewards by WorldatWork
  • Pay Matters: The Art and Science of Employee Compensation by David Weaver
  • The Complete Guide to Sales Force Incentive Compensation by  Andris Zoltners, Prabhakant Sinha, and Sally Lorimer

Resources:

The Sunday Book Review was recently honored as one of the world’s Top 100 Book Podcasts.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending September 27, 2025

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • A RadioShack Ponzi scheme. (Bloomberg)
  • Former French President Sarkozy received a 5-year sentence. (BBC)
  • Healthcare compliance, the FCA, and AKS. (Reuters)
  • Do you fantasize about leaving compliance?  (EFinancialCareers25)
  • Amber Energy wins CITGO auction. (Reuters)
  • DOJ shuts down bribery investigation of Homan. (HuffPost)
  • Two former Haitian officials were designated for bribery. (DOJ Press Release)
  • Singapore execs found guilty in Wirecard fraud. (FT)
  • Air India crash victims sue Boeing, Honeywell. (BBC)
  • Vietnam jailed a Parliamentary official for corruption. (Bloomberg)

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

You can purchase a copy of my new book, Upping Your Game, on Amazon.com

Categories
Creativity and Compliance

Creativity and Compliance – Using Creativity to Market Compliance

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on the award-winning Creativity and Compliance. Ronnie’s company, Learning and Entertainment, leverages the entertainment devices people use to consume information in their everyday, non-work lives and applies them to important topics related to compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

Today, Tom and Ronnie discuss the importance of addressing the marketing and PR issues in ethics and compliance programs in this episode of ‘Creativity and Compliance.’ Ronnie introduces his new white paper titled ‘Ethics and Compliance has a Marketing and PR Problem,’ emphasizing the need to revamp compliance programs by adopting marketing strategies. Key strategies discussed include creating a positive brand identity, gaining and maintaining attention, building and nurturing relationships, leveraging influencer status, and measuring the right metrics. Examples and anecdotes illustrate these concepts and practical applications.

Key highlights:

  • Marketing and Compliance: A New Approach
  • Creating a Voice Identity and Brand
  • Gaining and Maintaining Attention
  • Building and Nurturing Relationships
  • Becoming an Influencer
  • The Importance of Measurement

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.