Categories
Daily Compliance News

Daily Compliance News: June 6, 2025, The Good Punishment Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest, all relevant to the compliance professional.

Top stories include:

  • Mongolian PM ousted over corruption. (Aljazeera)
  • No ditherers, please. (FT)
  • Will there be a one-commissioner CFTC? (Bloomberg Law)
  • Why the Wells Fargo asset cap was a good punishment.  (Bloomberg)
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance: Episode 53 – The AI as a Whistleblower Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Stories this week include:

  • EY is negligent in missing $3bn fraud, court told. (Reuters)
  • Don’t tell the truth on your employee satisfaction survey. (Business Insider)
  • Trump pardons VA. Sheriff convicted of bribery.   (Bloomberg)
  • Tim Leissner sentenced.(Bloomberg)
  • Uyghurs are being moved around China. (NYT)
  • Boeing’s Internal Safety Plan: Make Problems Easier to Report – WSJ – HERE
  • Uh-Oh: AI’s New Whistleblower Impulses – Radical Compliance –HERE
  • Caught Between Conscience and Career: An E&C Leader’s Confession – Corporate Compliance Insights – HERE
  • How Is Remote Work Fueling Migration Trends? – Mortgage Point –HERE
  • You spray painted the wrong damn car’: Deputies mock teen who vandalized the wrong vehicle while trying to exact revenge on her ex – The Independent – HERE

 Resources:

Kristy Grant-Hart on LinkedIn

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Trekking Through Compliance

Trekking through Compliance – Episode 5 – The Enemy Within

In this episode of Trekking Through Compliance, we examine “The Enemy Within,” which aired on October 6, 1966, at Star Date 1672.1. In this powerful installment of Trekking Through Compliance, we examine one of the most psychologically compelling episodes of Star Trek to date: “The Enemy Within.” A transporter malfunction splits Captain Kirk into two versions of himself—one good, one evil—each representing different aspects of leadership, impulse, and integrity. As the crew struggles to respond to the fractured captain, we are given a front-row seat to the ethical breakdowns and Me Too-era lessons still resonant today. We examine five key compliance takeaways from this tale of divided identity, linking them directly to scenes aboard the Enterprise that illustrate what happens when power is unmoored from principle and when control systems, both technical and ethical, fail.

Key highlights:

1. The Dangers of Unchecked Power—When ‘Authority’ Becomes Assault🖖 Illustrated by: Evil Kirk attacking Yeoman Janice Rand in her quarters. One of the most disturbing moments in early Trek canon, this assault serves as a stark warning about the abuse of power. Evil Kirk resembles the captain and carries his authority, but lacks a conscience. It’s a Me Too moment that reveals the need for every organization to install guardrails—even around its most powerful figures. Compliance must include mechanisms to protect the vulnerable from those who misuse rank or influence.

2. Ethical Decision-Making Requires Wholeness—The Fragmented Leader Can’t Lead. 🖖 Illustrated by: Good Kirk losing decisiveness and compassion, becoming indecisive. As “good” Kirk weakens, Spock and McCoy realize that without the aggressive, assertive part of his personality, the captain cannot lead. This reinforces the idea that ethical leadership is not about being soft—it’s about balance. Compliance leaders need the courage to act and the heart to guide. Ethical strength is integrative, not binary.

3. Crisis Response and Chain of Command—When Leadership Wavers, Chaos Breeds🖖 Illustrated by: Evil Kirk taking the bridge and ordering the ship away from orbit. With no one certain which Kirk is in control, the crew becomes vulnerable to manipulation. This episode serves as a cautionary tale about the importance of clarity in the chain of command and protocols for handling leadership incapacitation. In corporate compliance, crisis scenarios must anticipate rogue actors with access to decision-making tools.

4. Investigating Allegations—Belief, Process, and Support Matter🖖 Illustrated by: Spock and McCoy interviewing Rand after her assault. Their interview is subtle but painful. The tension in believing victims, navigating hierarchical power, and confronting uncomfortable truths is deeply relevant today. A strong compliance program ensures that all allegations are taken seriously, investigated professionally, and addressed with empathy and integrity.

5. Reintegration and Remediation—Restoring What Was Broken🖖 Illustrated by: The merging of good and evil Kirk through a restored transporter. Rebuilding trust—and a unified identity—requires technology, trust, and time. Just as Kirk must reabsorb the parts of himself to lead again, organizations recovering from misconduct must integrate the lessons learned into their culture, policies, and leadership. The end goal isn’t punishment alone—it’s the restoration of ethical function.

Final Starlog Reflections

The Enemy Within is more than a science fiction tale. It’s a mirror to every compliance program, showing us how quickly things unravel when power is unrestrained, when voices are ignored, and when organizations fail to integrate strength with morality. It’s also a hopeful reminder that even fractured systems can be repaired—if we face the truth with clarity and courage.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Compliance Lessons From The Sign of Four

The master detective Sherlock Holmes continues to inspire many, including corporate compliance professionals, with his relentless pursuit of truth, meticulous attention to detail, and unyielding ethical stance. In Sir Arthur Conan Doyle’s classic tale The Sign of Four, Holmes demonstrates how systematic inquiry and rigorous ethical standards ultimately unveil truth and justice. Compliance professionals can also greatly benefit from applying these Holmesian techniques to their daily practices. This month, in the award-winning podcast series Adventures in Compliance, we will take a deep dive into the Holmes novel, The Sign of Four. Today, we consider the five key compliance lessons from The Sign of Four for the compliance professional:

1. Methodical Investigation and Attention to Detail

Sherlock Holmes famously notes, “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” This systematic approach, prominently featured in “The Sign of Four,” is crucial for compliance professionals conducting internal investigations. Holmes’s method of observation, documentation, and logical deduction underscores the importance of meticulous attention to detail in compliance audits and investigations. By systematically eliminating irrelevant or impossible scenarios, compliance professionals can pinpoint the root cause of issues, identify gaps in controls, and implement effective remedial steps.

Compliance Lesson Learned: Foster a methodical investigative process that emphasizes documentation, evidence collection, and rigorous analysis to pinpoint accurate conclusions and drive compliance effectiveness. Sherlock Holmes demonstrates through meticulous examination that every small detail can have a significant impact on a case’s resolution. Compliance professionals must similarly maintain rigorous discipline in their investigations. This involves thorough documentation, the systematic collection of evidence, and careful analysis to clearly distinguish facts from assumptions. In corporate compliance, overlooking minor details could allow critical issues to go unnoticed, escalating into larger organizational risks. By consistently applying a structured and disciplined investigative methodology, compliance officers can confidently identify root causes, validate the integrity of their findings, and implement practical solutions, thereby safeguarding their organizations against financial, reputational, and regulatory threats.

2. Clear and Open Communication

Throughout The Sign of Four, the relationship between Holmes and Watson highlights the necessity of clear communication and transparency. Watson’s careful documentation and Holmes’s candid explanations demonstrate that open communication is vital in unraveling complex situations. In corporate compliance, transparency is equally crucial. Clear, effective communication channels must be established between compliance officers, management, and employees to ensure that issues are reported promptly and accurately. Fostering a culture of transparency reduces risk, facilitates early detection of problems, and promotes trust throughout the organization.

Compliance Lesson Learned: Establish clear and effective communication channels within the organization to ensure transparency and facilitate the early detection and resolution of compliance issues. In The Sign of Four, Holmes and Watson emphasize the importance of clarity and transparency, qualities essential in unraveling complex problems. Compliance professionals must likewise advocate and foster clear communication channels within their organizations. This transparency encourages employees to voice concerns promptly, enhancing the detection and management of risks before they escalate into more serious incidents. Clear and open dialogue between compliance teams, leadership, and the broader workforce not only helps address issues swiftly but also fosters organizational trust and strengthens the culture of compliance. Ultimately, effective communication ensures that compliance objectives and expectations are understood and consistently met across all organizational levels.

3. Understanding Human Behavior

Sherlock Holmes’s success often stems from his deep understanding of human behavior and motivations, as showcased in The Sign of Four. Holmes meticulously analyzes the characters’ backgrounds, behaviors, and potential motivations to piece together the puzzle. Similarly, compliance professionals must understand the human element within their organizations. By recognizing what drives employee behavior — whether it is financial incentives, personal pressures, or corporate culture — compliance teams can more effectively identify and mitigate risks associated with unethical behavior and fraud.

Compliance Lesson Learned: Compliance professionals should invest time in understanding human motivations and organizational behavior to more effectively predict, identify, and prevent compliance issues. Holmes achieves success partly because he profoundly understands human motivations and actions, recognizing how personal incentives drive behaviors. Compliance professionals must similarly deepen their understanding of employee psychology and organizational dynamics. Recognizing motivations, whether driven by ambition, fear, greed, or a desire to conform to corporate expectations, enables compliance officers to proactively manage and mitigate risk. By cultivating this empathetic awareness, compliance professionals become better equipped to design targeted training programs, refine policies to influence behavior, and identify subtle red flags more effectively. Ultimately, understanding human behavior facilitates more effective compliance interventions, which help prevent misconduct and foster a resilient, ethical culture.

4. Vigilance Against Complacency

In The Sign of Four, Holmes repeatedly emphasizes vigilance. His awareness of even minor details and inconsistencies prevents complacency and ensures constant preparedness. Likewise, compliance professionals must maintain vigilance, avoiding the trap of complacency, even when processes seem effective and issues appear scarce. Risks evolve continuously, and compliance practices must proactively adapt to emerging threats, regulatory changes, and shifting business landscapes. Ongoing training, regular audits, and continuous improvement strategies are essential to staying ahead of compliance threats.

Compliance Lesson Learned: Maintain constant vigilance and proactively adapt compliance measures to meet evolving risks and regulatory landscapes. Holmes’s sharp vigilance throughout The Sign of Four is instrumental in solving the case, underscoring the detrimental effects of complacency. Compliance professionals, similarly, must never allow successful past outcomes or a lull in incidents to diminish their alertness. The landscape of compliance continually evolves, with new regulations, threats, and business risks emerging constantly. Compliance officers must regularly review processes, maintain ongoing training initiatives, and perform frequent, proactive audits to anticipate and effectively manage emerging challenges. Maintaining this vigilant approach protects organizations from hidden risks and ensures preparedness, thereby preserving integrity, trust, and regulatory compliance in the long term.

5. Integrity and Ethical Fortitude

Sherlock Holmes is defined by his unwavering ethical stance and commitment to justice, clearly demonstrated in The Sign of Four. Despite personal danger or pressure, Holmes remains steadfast in his pursuit of truth and fairness. For compliance professionals, integrity and ethical courage are equally critical. Ethical fortitude ensures compliance officers hold firm to their principles, advocating for transparency, accountability, and ethical practices, even when facing resistance from higher-ups or challenging organizational cultures. Upholding these ethical standards sets a powerful example and reinforces a robust ethical culture within the organization.

Compliance Lesson Learned: Cultivate and embody unwavering ethical integrity, setting clear expectations and standards for ethical behavior within the organization. Throughout “The Sign of Four,” Sherlock Holmes embodies an uncompromising ethical stance, steadfastly seeking truth and justice irrespective of personal risk or inconvenience. Compliance professionals similarly must exhibit unwavering ethical fortitude, often standing firm against organizational pressures or ethical dilemmas. Integrity serves as the foundation of effective compliance practice, enabling compliance officers to advocate strongly for transparency, accountability, and ethical decision-making within their companies. By consistently demonstrating ethical leadership, compliance professionals not only reinforce expectations but also establish a powerful model for all employees, thereby nurturing a robust organizational culture where integrity and ethical conduct are paramount values respected by all.

In conclusion, Sherlock Holmes’s The Sign of Four offers valuable lessons for today’s corporate compliance professionals. By adopting Holmes’s rigorous investigative methods, clear communication practices, deep understanding of human behavior, vigilance against complacency, and ethical fortitude, compliance teams can enhance their organizations’ resilience against misconduct and regulatory risk. Just as Holmes relentlessly pursued truth and justice, compliance professionals must continuously strive for excellence, integrity, and transparency to protect and advance their organizational values and reputation.

Lastly, Holmes emphasizes the importance of integrity and ethical fortitude, which are essential for fostering a robust ethical culture. Adopting these Holmesian principles can significantly strengthen organizational compliance frameworks, ensuring transparency, accountability, and proactive risk management, ultimately protecting and enhancing the organization’s reputation and ethical standards.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – What is a Gap Analysis

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

A gap analysis assesses the performance of internal controls to determine if business requirements are being met.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Daily Compliance News

Daily Compliance News: June 5, 2025, The Asset Cap Lifted Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, and general interest, all of which are relevant to the compliance professional.

Top stories include:

  • Wells Fargo has an asset cap lifted. (WSJ)
  • More Millennials and Gen Zers as middle managers. (Business Insider)
  • Swiss banking reforms for UBS are announced. (FT)
  • More spying and corruption at EcoPetrol. (Bloomberg)
Categories
Hill Country Authors

Hill Country Authors – A Journey from Journalism to Fiction with Paul McGrath

Welcome to a new season of the award-winning Hill Country Authors Podcast, sponsored by Stoney Creek Publishing. In this podcast, Hill Country resident Tom Fox visits with authors who live in and write about the Texas Hill Country. In this episode, Tom visits with Paul McGrath, whose journalism career spanned decades at newspapers like the Houston Chronicle.

They delve into Paul’s roots in Texas, his transition from journalism to authorship, and the inspiration behind his debut novel ‘Left,’ which draws from the tragic Uvalde school shooting. Paul discusses his writing process, his relationship with Stoney Creek Publishing, and the importance of student newspapers in the journalistic landscape. The episode also teases future books, planned as part of a trilogy, with coffee as a surprising central theme.

Key highlights:

  • Paul McGrath’s Early Life and Career
  • Transition from Journalism to Writing
  • The Spark Behind the Book ‘Left’
  • Writing Process and Routine
  • Setting and Themes of ‘Left’
  • The Role of Student Newspapers

Resources:

Paul McGrath on Stoney Creek Publishing

Left at Texas A&M University Press

 Podcast Cover Art

Nancy Huffman Fine Art

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Red Flags Rising

Red Flags Rising: S01 E14 – Getting a Grip on U.S. Export Controls Guidance

Mike and Brent unpack the May 13, 2025, due diligence guidance from the U.S. Bureau of Industry & Security. They describe what happened on May 13 (00:00), the guidance from BIS on General Prohibition 10 and Huawei Ascend chips (03:34), the related BIS policy statement (04:13), and then focus on the BIS “Industry Guidance to Prevent Diversion of Advanced Computing Integrated Circuits” (04:47), specifically the underlying U.S. national security concerns (05:50), relevant key takeaways from Episode 13’s special guest Dana W. White (06:51), the significance of the Industry Guidance’s reference to the WMD and military-intelligence catch-all provisions (08:29), the historical pre-1993 “KYC Guidance” cross-referenced by BIS in the new Industry Guidance (11:53), how the historical “KYC Guidance” is often misunderstood through selective quotation devoid of relevant context (13:34), the new “red flags” identified in the May 13, 2025 Industry Guidance (16:10), the key takeaways of the Industry Guidance (17:55), a warning about over-reliance on the Industry Guidance’s statement about existing end-use certificates (18:47), and the practical implications of the Industry Guidance for trade compliance teams (19:36). They then conclude with the next installment of Brent Carlson’s “Managing Up” (21:26).

Resources:

BIS May 15, 2025 Industry Guidance

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
Blog

From Data Poisoning to Hallucinations – Navigating AI in Corporate Compliance

Recently, I had the opportunity to visit with John Byrne, the CEO at Corlytics. You can listen to the podcast here. One of our topics was how artificial intelligence (AI) has swiftly transitioned from a cutting-edge curiosity into an indispensable cornerstone of corporate operations. From simple text generation applications on our smartphones to sophisticated enterprise solutions hosted in the cloud, AI permeates nearly every aspect of modern business infrastructure. This ubiquity highlights AI’s substantial potential to improve organizational efficiency, competitive positioning, and decision-making processes.

Yet, the swift evolution and pervasive integration of AI technology have not come without substantial risks, prompting compliance professionals to carefully reconsider their roles and responsibilities. The core concern remains security, particularly as more firms migrate critical applications and sensitive data to cloud environments. Over the past decade, organizations have significantly matured their security protocols and best practices for cloud-hosted software, establishing clear guidelines that mitigate traditional cyber vulnerabilities.

However, AI introduces unique and heightened threats beyond conventional cybersecurity, including sophisticated tactics like data poisoning, intentional misinformation, and “hallucinations,” where AI systems convincingly generate inaccurate or misleading outputs. As AI becomes mission-critical to business operations, these vulnerabilities can have severe, far-reaching consequences, posing significant challenges to compliance officers tasked with protecting their organizations. Navigating these emerging risks requires compliance teams to adopt rigorous, proactive measures. This involves implementing robust security protocols designed explicitly for AI-driven environments, continually updating risk assessment strategies, and incorporating comprehensive oversight frameworks that effectively monitor and manage AI’s evolving threats.

In this context, compliance professionals must fully embrace their expanding roles, safeguarding organizations against evolving risks, ensuring regulatory adherence, and fostering ethical practices around AI deployment. By understanding these challenges and proactively addressing them, compliance teams can ensure their organizations reap the substantial benefits AI offers without compromising security, trust, or compliance standards.

Lesson 1: Robust Security Practices Are Non-Negotiable

The foundational concern with AI integration, particularly cloud-hosted AI applications, is security. A decade of deploying software to the cloud has taught us valuable lessons that compliance professionals must rigorously apply. Robust security frameworks, stringent testing protocols, continuous monitoring, and rapid response strategies form the core pillars of effective security. Compliance officers must enforce strict dos and don’ts, ensuring not only compliance with regulatory expectations but also fortifying the company’s resilience against breaches.

The key takeaway is that rigorous cloud security standards, developed over the years, must now explicitly encompass AI applications. Firms must extend established compliance checklists, adding layers specific to AI security challenges, to ensure the integrity, availability, and confidentiality of AI-driven data remain uncompromised.

Lesson 2: Proactively Address Risks from Malicious Actors

History teaches that groundbreaking technologies, while primarily beneficial, inevitably attract malicious actors. AI is no exception. Cyber threats leveraging AI can escalate rapidly into sophisticated attacks, such as data poisoning, where attackers intentionally feed misleading information into algorithms, thereby corrupting their output. This subversion poses profound implications for the accuracy of decision-making and organizational trust.

Compliance professionals must educate themselves and their teams about evolving threats and strengthen internal controls accordingly. By embedding risk identification processes into standard compliance workflows, organizations can proactively anticipate and mitigate threats. Regularly updated training programs, AI-aware cyber defense strategies, and robust audits are crucial in preventing and managing these risks.

Lesson 3: Guard Against AI-Specific Vulnerabilities

AI technologies, while transformative, are inherently susceptible to certain unique vulnerabilities, such as “hallucinations,” where generative AI outputs erroneous or fabricated information that is convincingly presented. These errors can lead to significant operational and reputational damage. Compliance officers must recognize these vulnerabilities and mandate rigorous validation protocols.

Implementing stringent AI testing regimes, cross-verification procedures, and continuous model validation helps mitigate these risks. Maturity in AI compliance necessitates adopting specialized disciplines, notably Machine Learning Operations (ML Ops). ML Ops offers a systematic and disciplined approach for operationalizing AI models, tracking performance, and addressing vulnerabilities promptly and effectively.

Lesson 4: ML Ops—Operationalizing AI Compliance

One notable best practice is embracing MLOps, a structured discipline focused on the operations of machine learning engineering. ML Ops mirrors established IT operational practices explicitly tailored to AI applications. Compliance professionals must understand and advocate for MLOps to systematically embed governance and controls, ensuring the effective implementation of these practices.

ML Ops operationalizes model deployment through rigorous validation, structured versioning, continuous monitoring, and disciplined updates —core activities that compliance teams must oversee. Compliance leaders should champion this discipline, advocating for dedicated AI governance roles, well-defined processes, and accountability frameworks to ensure that AI operations consistently align with compliance requirements and risk management strategies.

Lesson 5: Continuous Monitoring and Validation are Essential

Continuous monitoring, validation, and improvement are critical to sustainable AI governance. Unlike traditional software, AI models evolve continuously, adapting to new data, patterns, and feedback loops. This dynamic nature mandates perpetual oversight from compliance functions. It is insufficient merely to test AI models upon deployment; organizations must maintain ongoing validation processes that adapt to emerging data and evolving threats.

Compliance teams must collaborate closely with technical and business units to ensure the integration of compliance checkpoints within the AI lifecycle. Regular performance audits, comprehensive incident response strategies, and adaptive risk assessment frameworks must be institutionalized. By proactively identifying and correcting deviations, compliance professionals will significantly mitigate operational and compliance risks associated with AI.

Conclusion

AI presents unparalleled opportunities for enhanced business performance, predictive insights, and competitive advantages. Yet, its integration demands vigilant compliance oversight, rigorous governance practices, and continuous monitoring. By applying the lessons learned from cloud security experiences, anticipating malicious misuse, mitigating AI-specific vulnerabilities, operationalizing AI through ML Ops, and maintaining rigorous, ongoing validation practices, compliance professionals can effectively manage AI-driven risks.

Corporate compliance teams must embrace their critical role as stewards of responsible AI governance. It is an opportunity to reinforce the value proposition of compliance within organizations as strategic advisors, proactive risk mitigators, and champions of ethical innovation. Ultimately, a robust compliance framework ensures that the transformative power of AI drives sustainable growth without compromising security, integrity, or regulatory compliance.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Implementing Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to implement an internal controls regime in your organization.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.