Categories
Blog

The Hardest Command: Ethical Transitions and “The Deadly Years” for Compliance Professionals

Suppose you have spent any time in leadership, especially in compliance or corporate governance. In that case, you know that one of the most gut-wrenching duties is addressing a colleague who can no longer fulfill their responsibilities. Loyalty, empathy, and organizational needs collide in these moments. Few pop culture stories tackle this theme with more clarity and drama than Star Trek: The Original Series episode “The Deadly Years.” Here, the Enterprise crew confronts rapid aging, physical decline, and, most significantly, the consequences when a leader cannot perform.

Today, we step onto the bridge and examine five ethical lessons for compliance professionals faced with these hard but necessary transitions. Each lesson is illustrated by a specific scene from “The Deadly Years.”

Lesson 1: Recognize the Signs—Objectivity Must Trump Sentiment

Illustrated By:  Early in the episode, the landing party is exposed to a form of radiation that accelerates aging. Captain Kirk, Spock, Scotty, and others quickly show signs of physical and cognitive decline. Kirk, in particular, becomes forgetful and indecisive, missing important details and even failing to recall security procedures.

Compliance Lessons: The first ethical responsibility is to recognize, without sentiment or denial, when a colleague can no longer perform. Whether due to age, health, burnout, or changing business demands, the signs must be identified early, not ignored out of deference to history or personal loyalty.

Implement regular, objective performance reviews and peer assessments. Train managers to look for early indicators of declining performance, especially in high-stress or high-responsibility roles, and provide pathways for safe, supportive reporting.

Lesson 2: Prioritize Mission and Stakeholders—Not Individual Status

Illustrated By:  As Kirk’s abilities deteriorate, the safety of the Enterprise is jeopardized. He hesitates during a Romulan encounter and issues conflicting orders, putting the crew at risk. Spock and Dr. McCoy discuss his decline, acknowledging their concern for their friend but focusing on the danger to the mission.

Compliance Lesson: An organization’s purpose, stakeholders, and people must come before individual egos or career legacies. Ethical leadership means putting the mission first, even when that requires difficult conversations or unpopular actions. This is especially critical in compliance, where risks can have enterprise-wide impacts.

Make mission-driven decision-making a core value in your compliance program. Regularly communicate that the integrity of the enterprise outweighs personal status. Ensure that all leaders, from the C-suite to middle management, understand that their primary obligation is to the organization and its stakeholders.

Lesson 3: Fair, Transparent Processes Protect All Involved

Illustrated By: When the decline in Kirk’s performance can no longer be denied, Spock and Dr. McCoy convene a competency hearing. The tribunal includes multiple voices and follows Starfleet protocol, providing Kirk with a chance to respond and present evidence on his behalf.

Compliance Lesson: No transition or removal, no matter how justified, should be handled arbitrarily or in secret. Transparent, fair, and standardized processes ensure that all parties are treated with dignity and the organization’s decisions are defensible. Above all is dignity. This approach also protects against accusations of favoritism, discrimination, or retaliation.

Document and publish clear protocols for performance-related transitions. Involve impartial parties in any review. Make sure employees understand their rights, the procedures, and the grounds on which decisions are made.

Lesson 4: Compassion Matters—Even When Delivering Hard News

Illustrated By: After the tribunal, Kirk is relieved of command. The process is formal, but the crew treats Kirk with respect and compassion, recognizing his service and the pain of the moment. No one revels in the transition or diminishes Kirk’s contributions.

Compliance Lesson: Delivering tough messages, especially about the need to move on, can be done with empathy and grace. Recognizing the individual’s service, offering support, and helping with a dignified transition isn’t just “nice”; rather, it should be seen as an ethically necessary. How you handle these moments sets the tone for your organization’s values and can even inspire long-term loyalty and goodwill.

Train managers and HR in compassionate communication. Offer support such as career counseling, retirement planning, or mental health resources to those transitioning. Celebrate achievements and acknowledge contributions, even as you move forward.

Lesson 5: The Right Transition Can Save the Mission

Illustrated By:  With Kirk relieved, Commodore Stocker takes command but quickly demonstrates a lack of field experience, putting the ship in further jeopardy. Meanwhile, Dr. McCoy and Spock race against time to find a cure for the aging disease. Once Kirk is restored to health, he returns to command, draws on his experience and instincts, and saves the Enterprise from destruction.

Compliance Lesson: Transitioning a colleague should never be punitive or personal; it’s about restoring the organization to its highest level of functioning. Sometimes, this means moving a leader aside temporarily until they can return or helping someone find a better fit for their abilities. The right person, in the proper role, at the right time, is critical for compliance and organizational health.

Build flexibility into your transition policies. Consider temporary reassignments, sabbaticals, or other options before a final separation. Always keep the focus on what’s best for the mission, the team, and the individual.

Final ComplianceLog Reflections

No compliance professional relishes the moment when a valued colleague must be asked to step aside. But “The Deadly Years” reminds us that the greatest danger lies not in transition, but in denial, sentimentality, or failure to act. As Kirk, Spock, and McCoy demonstrate, the hard path, handled with fairness, transparency, dignity, and compassion, is always the ethical path.

For compliance professionals, this means being vigilant for declining performance, putting mission first, insisting on fair and transparent processes, and consistently delivering hard news with empathy. It also means recognizing that transition is sometimes temporary and, with the proper support, colleagues can return, renewed and ready for new challenges.

As organizations face the “deadly years” of rapid change, new risks, and mounting expectations, may we all steer our ships with courage, wisdom, and integrity, ensuring that the right people are at the helm, for the good of all.

 Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
AI Today in 5

AI Today in 5: May 13, 2026, The AI and Getting Fired Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Not trained on AI, just fired. (⁠PYMNTS)⁠
  2. IMF warns of AI threat to cybersecurity. (⁠FinTech Magazine)⁠
  3. Norm Ai launches a compliance agent for Co-Pilot. (⁠PR PressWire)⁠
  4. Preparing for the EU AI Act. (⁠Security Boulevard)⁠
  5. Use AI at work, then get fired. (⁠CNBC)⁠

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on ⁠Amazon.com⁠.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on ⁠Amazon.com⁠.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The DOJ Trainwreck and the Rising Risk Calculus for Compliance and Self-Disclosure

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss how internal dysfunction at the U.S. Department of Justice is creating uncertainty for corporate compliance teams and corporations more generally.

Focusing on a reported turf battle between the long-standing Fraud Section in the Criminal Division, established in 1955 and central to FCPA enforcement and compliance guidance, and a newly created national Fraud Division, which was initially framed as targeting government benefits fraud. They argue the reorganization could drain expertise, reduce future DOJ guidance, and distort enforcement into politically selective actions, citing IBM’s $17 million settlement and an EEOC case involving The New York Times and Smartmatic’s experience. They also highlight DOJ staffing losses with a net 20% fewer lawyers, loss of experienced attorneys, reliance on inexperienced hires and bonuses, and warn that the volatility may chill voluntary self-disclosure despite DOJ messaging encouraging it.

Key highlights:

  • DOJ Train Wreck Overview
  • Fraud Section vs Fraud Division
  • Political Enforcement Reality
  • Self-Disclosure Gets Riskier
  • What Companies Should Do Now

Resources:

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.

Categories
Daily Compliance News

Daily Compliance News: May 13, 2026, The Hair Raising Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Musk made ‘hair-raising demands’ for control of OpenAI.  (FT)
  • Microsoft and OpenAI. (NYT)
  • Ship operators in the Key Bridge collision are charged. (NBC)
  • PayPal pays a $30MM fine for minority funding. (WSJ)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Blog

The Culture Builder’s Trilogy: Part 2 – The Art of Implementation: Where Compliance Culture Lives or Dies

Ed. Note: We are in the midst of a three-part blog post series on three recent books by Hemma Lomax and Ashley Dubriwny. There are The Art of Ideation, The Art of Celebration, and The Art of Implementation.

If The Art of Ideation is about imagining better compliance, The Art of Implementation is about making it real. Hemma Lomax and Ashley Dubriwny write that implementation is where culture lives or dies. That single sentence could serve as a mission statement for every Chief Compliance Officer.

Compliance professionals know this problem well. A program can include a strong code of conduct, a comprehensive policy inventory, a well-designed training calendar, a hotline, third-party procedures, and investigation protocols. Yet the DOJ does not ask whether a company has merely created compliance artifacts. It asks whether the program works in practice. It goes directly to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP). The ECCP continues to ask whether a program is well-designed, adequately resourced, empowered to function effectively, and working in practice. That is why The Art of Implementation matters. It moves from aspiration to action. It asks how values become systems, how ideas become habits, and how culture becomes durable.

Lesson One: Mindset Before Method

The book begins with a critical insight: implementation begins with how you think. Lomax and Dubriwny identify four commitments of the culture builder’s mindset: empathy before enforcement, curiosity over control, influence rather than insistence, and legacy as a lens. For compliance professionals, this is not a rejection of enforcement. It is a recognition that enforcement without trust creates fear, not culture. A CCO must enforce standards, discipline misconduct, and protect the company. But a CCO must also understand why employees resist, where controls create friction, and how people make decisions under pressure.

This is the difference between a compliance function that says “no” and one that helps the business get to “yes, with controls.” The former may be respected in moments of crisis. The latter is trusted before the crisis arrives.

Lesson Two: Think, Build, Ship, Adopt, Tweak

One of the strongest frameworks in the book is the five forces of implementation: think, build, ship, see it adopted, and tweak. The model is practical and deeply consistent with the ECCP. “Think” means design the change with empathy. “Build” means operationalize the intention. A ship means starting before every detail is perfect. Adoption means embedding the practice into the culture. “Tweak” means to learn, adjust, and improve.

This is what compliance program effectiveness should look like. A CCO should not wait three years to discover that annual training did not change behavior. A third-party control should not remain unchanged after repeated red flags. An AI acceptable use policy should not sit static while employees quietly adopt new tools. A speak-up program should not wait for a scandal before testing whether employees trust it. The compliance application is straightforward. Build compliance like a product. Test. Measure. Listen. Improve.

Lesson Three: Alignment Accelerates Implementation

The book’s discussion of alignment is essential for compliance. Lomax and Dubriwny use Ocean’s Eleven as a cultural reference point. The plan works not because one person is brilliant, but because purpose, people, and process are aligned. Implementation fails when a good idea lacks the right coalition, operational fit, or timing.

This is a core challenge for the CCO. Compliance cannot implement an effective third-party program without the support of procurement, finance, legal, sales, audit, and business leadership. Compliance cannot govern AI without IT, data science, privacy, cybersecurity, HR, legal, and business users. Compliance cannot build a speak-up culture without managers. Stakeholder mapping is therefore not an administrative exercise. It is a governance control. It identifies who can accelerate the initiative, who can block it, who must own it, and who must maintain it after launch.

Lesson Four: Find Failure First

The pre-mortem section of The Art of Implementation is one of the most useful tools for compliance professionals. The authors ask teams to imagine that an initiative has failed and then work backward to identify why. This is precisely how CCOs should approach major program changes. Before launching a new hotline platform, ask why employees might still avoid reporting. Before deploying AI-assisted monitoring, ask about potential privacy, bias, transparency, and explainability concerns. Before rolling out a third-party due diligence platform, ask why business teams might work around it. Before redesigning incentives, ask what unintended behaviors the new metrics could create.

Pre-mortems are internal controls in action. They force the organization to identify failure modes before the market, the regulator, the whistleblower, or the plaintiff does. They can be and are a powerful tool at your disposal as a CCO or compliance professional.

Lesson Five: Movements Beat Mandates

A particularly powerful theme in the book is the distinction between mandates and movements. Mandates may produce obedience. Movements produce ownership. For compliance professionals, this is a critical distinction.

The Wells Fargo fake sale scandal remains a cautionary tale about mandates, metrics, and fear-based performance pressure. Employees may comply with the apparent demand for results while violating the organization’s deeper values. That is why incentives matter. The DOJ has emphasized that companies should use both incentives and consequences to promote compliance. Its compensation and clawback pilot report states that affirmative metrics and benchmarks can reward compliance-promoting behavior and that financial penalties can deter risky behavior.

This is where compliance culture becomes real. Employees need to see that ethical leadership, controlled discipline, speaking up, and responsible business performance are recognized, promoted, and rewarded. They also need to see that misconduct, retaliation, and willful blindness have consequences.

Compliance Application

The CCO’s implementation challenge is to convert program design into operational evidence. That evidence includes adoption data, control testing, investigation metrics, remediation tracking, third-party monitoring, AI use inventories, exception reporting, and incentive alignment. Implementation also requires courage. A CCO must be willing to ship pilots, gather feedback, and make changes. The compliance function must stop equating launch with success. Launch is the beginning. Adoption, evidence, and improvement are the proof.

CCO Questions

  • Which compliance initiatives have been launched but not adopted?
  • Do we have stakeholder maps for our most important compliance priorities?
  • Are we running pre-mortems before major program changes, including AI governance, third-party risk, speak-up enhancements, and incentive redesign?
  • Do our incentives reward ethical behavior, promote control over ownership, and ensure transparency?
  • What compliance practices would continue if the current CCO left tomorrow?

Practical Takeaways

  1. Identify one compliance initiative that stalled and run a pre-mortem on why it failed.
  2. Build a stakeholder map for AI governance or third-party risk.
  3. Convert one compliance aspiration into a measurable operating practice.
  4. Review incentives and promotion criteria for compliance signals.
  5. Treat implementation as the evidence layer of the compliance program. Regulators do not reward intentions. They evaluate what works.

Implementation is where compliance culture is tested. It is where the organization discovers whether its ideas can survive business pressure, competing priorities, operational friction, and human resistance. Yet even the best-implemented program must still be sustained. Controls must be reinforced. Speak-ups must be protected. Ethical behavior must be recognized. Employees should see that integrity, not just performance, is valued by the organization. That is the work of the third book in the trilogy, The Art of Celebration.

Join us tomorrow for Part 3, where we will turn to celebration as a compliance discipline and explore how recognition, incentives, rituals, morale metrics, and cultural memory shape what employees believe the company truly values.

Categories
The PfBCon Podcast

The PFBCon Podcast: AI Audio Enhancement Without the Robotic Mess: Keep Your Podcast Warm, Clear, and Human with Audra Casino

The PFBCon episode focuses on how podcast audio quality is being compromised by overreliance on one-click AI enhancements and transcript-based editing, and on how to use these tools without losing warmth, emotion, and clarity.

Audra demonstrates how AI voice enhancement can create distorted, unnatural voices, clip or change words, and even misinterpret background noises as speech, stressing “garbage in, garbage out.” Foundational best practices are emphasized, including choosing a quiet room, adding acoustic treatment, managing reflections from floors, windows, walls, and corners, and using creative DIY solutions like blankets, rugs, reflection filters, and furnished spaces. Microphone technique tips are shared (sweet spot, distance, pop filters, hydration, test recordings). The transcript editing demo in Riverside shows how to delete/restore sections, tune pause removal, handle filler-word removal, fix jump cuts, and always do a final listen-through.

Key highlights:

  • AI Audio Gone Wrong
  • Why Enhancement Fails
  • AI Tool Shootout
  • Garbage In Garbage Out
  • Acoustic Treatment Basics
  • DIY Mobile Studio Hacks
  • Hybrid Studio Setup
  • Mic Technique Tips
  • Transcript Editing Rules
  • Riverside Editing Tour
  • AI Tools Pauses Fillers

Resources:

Follow Audra Casino on

One Stone Creative

LinkedIn

Categories
AI Today in 5

AI Today in 5: May 12, 2026, The RegTech as Infrastructure Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: May 12, 2026, The TACO Don Goes to China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • State of Texas sues Netflix for ‘spying on children.’ (Reuters)
  • TACO goes down to China. Wonder what he will cave on this trip. (NYT)
  • As Mayor of London, you have to achieve things quickly. (FT)
  • Zelenskiy’s former CoS embroiled in corruption probe. (Reuters)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Innovation in Compliance

Innovation in Compliance: Data Defensibility: The Compliance Foundation for AI Governance with George Tziahanas

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with George Tziahanas, VP of Compliance and Associate General Counsel at Archive360.

Tom interviews George Tziahanas on why organizations must move beyond data storage to providing data integrity, lineage, and accountability as a foundation for AI readiness. George defines “data defensibility” as the ability to defend how AI systems were trained and operate when AI decisions are not easily explainable, such as in rules-based automation, emphasizing upstream data provenance, monitoring, and audit trails. They discuss increasing regulator and stakeholder focus on authority and accountability and how litigation can shape compliance, citing early e-discovery practices influenced by the Zubulake v. UBS Warburg decision and enforcement context involving former New York AG Elliot Spitzer. George uses the Mercor breach to show supply-chain and confidentiality risks in AI training data and notes that regulators and plaintiffs may rely on existing laws. He highlights risks from weak data governance, dark data, and legacy archives. He recommends asset/data inventories, migrating data off insecure legacy systems, risk-tiering AI use cases, extending ISO/NIST frameworks, and building observability to enable faster, responsible AI adoption.

Key highlights:

  • What Data Defensibility Means
  • Litigation Shapes Compliance
  • Weak Data Governance Risks
  • Managing Legacy Archive Data
  • Governance Accelerates AI
  • Dark Data Explained
  • What Success Looks Like

Resources:

George Tziahanas on LinkedIn

Archive360

Articles by George Tziahanas

Beyond Retention: Why AI Governance in 2026 is a Defensibility Problem

Keeping Data in Check: The Importance of Data Defensibility

Categories
Red Flags Rising

Red Flags Rising: S01 E39: Pull, Push, Tap, Aim, Fire – What Recent Settlements and Indictments Teach about Clearing Compliance Jams

Mike and Brent return to discuss lessons from Brent’s Aikido instructor and Marine Corps combat veteran Frank Doran and how those lessons can help trade compliance professionals work through compliance jams. Mike and Brent discuss the enforcement wave that unfolded in March 2026 (01:28); their March 10, 2026, National Security Law & Enforcement event in New York City (01:51); how that event was designed to get to practical solutions (02:30); the need today to have a broader “compliance aperture” (03:59); the importance of effective communication up to management and boards, especially around “central compliance risks” (the standard under Delaware law) (04:37); Carole Basri’s prediction that soon many companies will have Chief National Security Officers (05:31); two significant enforcement actions from Q1 2026 (07:42); the DOJ National Security Division’s March 30, 2026, announcement regarding voluntary disclosures (11:37); two significant indictments from Q1 2026 (12:06); boards of directors’ duty of oversight when it comes to national security (13:39); and the relevance of increased agitation from the U.S. Congress for more enforcement (18:39); the status of the proposed Remote Access Security Act (19:35); and what is the compliance path forward, including Brent’s Fraud Four Circle Framework (21:57). Mike and Brent then conclude with a special edition of Brent Carlson’s “Managing Up” about Frank Doran and the meaning and importance—to not only infantrymen but also compliance professionals—of “Pull, Push, Tap, Aim, Fire” (24:40).

Resources:

BIS enforcement actions

DOJ NSD Voluntary Disclosure Policy (Mar. 30, 2026)

More about Frank Doran: https://aikido-west.org/frank-doran

Frank Doran, “Pull, Push, Tap, Aim, Fire” (1995)

Boards of Directors and the Duty of Oversight: “Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement,” NYU PCCE Blog (Jan. 12, 2024)

Brent’s Fraud Four Circle Framework article: “A Light Shines Through the Darkness in Disputes, Investigations, and Trade Compliance: A Fresh Look at the Classic Fraud Triangle with the Fraud Four-Circle Framework℠,” NYU PCCE Blog (Jan. 8, 2026)

Categories
Blog

The Culture Builder’s Trilogy: Part 1 – The Art of Ideation: Compliance Begins with Better Questions

Ed. Note: over the next three blog posts, I will be running a short series on three recent books by Hemma Lomax and Ashley Dubriwny. There are The Art of Ideation, The Art of Celebration, and The Art of Implementation.

Hemma Lomax and Ashley Dubriwny’s The Art of Ideation is, on one level, a practical guide for culture builders. On another level, it is a challenge to compliance professionals: stop treating compliance as a function that merely publishes rules, delivers training, and waits for reports. Start treating compliance as a discipline of curiosity, engagement, design, and shared intelligence.

The book begins with a simple but powerful premise. Culture builders need ideas, but more importantly, they need the skill to generate better ideas through peer ideation, storytelling, and crowdsourcing intelligence. Lomax and Dubriwny describe the spark that came from compliance professionals exchanging creative approaches at a conference table and then ask why that energy should be limited to a once-a-year event. Their answer is to make ideation intentional, repeatable, and community-based.

For compliance professionals, this is not a soft concept. It goes directly to the DOJ’s Evaluation of Corporate Compliance Programs (ECCP). The ECCP continues to ask whether a program is well-designed, adequately resourced, empowered to function effectively, and working in practice. The compliance lesson from The Art of Ideation is clear: a program that does not ask better questions will not get better answers.

Lesson One: Know Your Audience Before You Design the Control

One of the book’s strongest lessons comes from the São Paulo story. Hemma arrives in Brazil to speak to more than 200 sales executives. Rather than deliver a generic compliance presentation, she uses images and experiences from the city itself to connect with the local audience. The lesson is not simply that visuals work. The deeper lesson is that compliance must demonstrate cultural awareness before it asks for behavioral change.

Too many compliance programs are still designed from the top down. Policies are written in legal language. Training is translated late, if at all. Hotline posters are posted in areas where employees do not work. Codes of Conduct speak to an imagined employee rather than the actual workforce.

The ECCP lens is unforgiving here. A risk-based program must be tailored to the company’s risk profile, business model, workforce, geography, and operations. If field employees, sales teams, or third-party-facing personnel cannot access guidance in the moment of need, the control may exist on paper but fail in practice.

Lesson Two: Storytelling Is a Control Enhancement

Dubriwny’s discussion of training emphasizes that facts alone rarely change behavior. Stories create context, emotion, and recall. In compliance, that matters because most misconduct does not arise from someone misunderstanding a policy title. It arises in moments of pressure, ambiguity, fear, loyalty, or perceived business necessity. A good compliance story can show what a conflict of interest feels like. It can show why a facilitation payment creates risk. It can show how retaliation begins quietly. It can show a manager what it means to receive a concern well.

This is especially important for a culture of speaking up. Employees do not speak up because a poster says they can. They speak up because they believe the organization will listen, protect them, and act. The Art of Ideation repeatedly returns to the need to meet people where they are, involve them, and design engagement pathways that feel safe. That maps directly onto the ECCP’s focus on confidential reporting, anti-retaliation, and investigation processes, as well as employees’ trust in those systems.

Lesson Three: The Code of Conduct Should Be Designed to Work

The book’s chapter on Codes of Conduct is especially useful for CCOs. It asks whether the Code is an external artifact, a regulatory box-checking document, or a decision-making tool for employees. The answer should be all the above, but the priority must be the employee user. That is a powerful compliance point. A code should not merely state values. It should operationalize them. It should be accessible, visually clear, mobile-friendly, translated appropriately, and supported by examples that reflect real roles, geographies, and pressures. The authors argue that a Code should be co-created, tested, and designed so people can see themselves in it.

This has implications for internal controls. A policy no one reads is not a meaningful control. A code no one uses is not a cultural anchor. A decision tree that helps an employee escalate a third-party red flag is more valuable than a beautifully written paragraph no one remembers.

Lesson Four: Crowdsourcing Risk Intelligence Is Compliance Modernization

Perhaps the most compliance-relevant section of the book is the discussion of crowdsourcing intelligence. Lomax and Dubriwny argue that leadership does not have a monopoly on the perspectives needed to identify risk. Employees across functions, geographies, and levels see vulnerabilities long before they appear in formal reporting channels. This is exactly where modern compliance must go. Annual risk assessments remain useful, but they are not enough on their own. A CCO needs real-time, near-real-time, and frontline input. This includes surveys, focus groups, collaboration tools, investigation themes, hotline trends, third-party feedback, and data analytics.

AI governance fits here as well. The book encourages responsible experimentation with AI, including using AI to make policies more accessible, generate first drafts, synthesize information, and provide decision-useful guidance. In compliance terms, AI should not be a gimmick. It should be governed, risk-assessed, monitored, and used to improve the employee experience.

Compliance Application

For the compliance professional, ideation is not brainstorming for its own sake. It is how the CCO identifies gaps, improves controls, tests training, strengthens speak-up systems, modernizes the Code, and uses AI responsibly. It is how compliance moves from headquarters’ assumptions to operational intelligence.

The lesson is also relevant to investigations. The book’s discussion of investigations emphasizes empathy, transparency, gratitude toward participants, and learning from the process. That is an important reminder that investigations are not simply fact-finding exercises. There are moments when employees decide whether the compliance function is credible.

CCO Questions

  • Does our compliance function know how employees actually experience our Code, training, reporting channels, investigation process, and third-party controls?
  • Are we using peer ideation, frontline feedback, and cross-functional input to improve the program?
  • Where are we still relying on headquarters assumptions rather than operational evidence?
  • How are we using AI to improve accessibility, consistency, risk sensing, and employee guidance without weakening confidentiality, privacy, or human judgment?

Practical Takeaways

  1. Redesign one compliance communication from the user’s perspective. Make it shorter, clearer, more accessible, and easier to act on.
  2. Create an ideation circle around one major compliance risk, such as third-party due diligence, gifts and entertainment, speaking up, or AI use.
  3. Test your Code of Conduct with employees from different geographies and functions before the next refresh.
  4. Add crowdsourced risk intelligence to your risk assessment process.
  5. Treat ideation as a compliance control. Better questions produce better evidence, and better evidence produces a more effective program.

Ideation is where the compliance professional begins to see what is possible. It gives the CCO better questions, stronger engagement, richer risk intelligence, and a more human understanding of how employees experience the program. But ideas alone do not create culture. A redesigned code, a better speak-up message, a sharper AI policy, or a new third-party risk insight only matters if it moves from concept to practice. That is where the second book in the trilogy, The Art of Implementation, takes us next.

Join us tomorrow in Part 2, where we will examine how compliance professionals turn good ideas into operating discipline through alignment, stakeholder ownership, pre-mortems, adoption, incentives, and the hard work of making values real inside the business.