Categories
Blog

When Leaders Get Permission to Be Worse: Why Compliance Must Stop Fear-Based Leadership from Becoming Culture

Brené Brown’s blunt warning about toxic leadership is really a compliance warning: when fear, cruelty, and intimidation become normalized management tools, misconduct risk rises, speak-up culture collapses, and the compliance function must move from observer to guardian of organizational integrity.

There are moments when an outside voice captures a problem with more clarity than a stack of internal reports ever could. Brené Brown did exactly that when she warned that some leaders now feel a “sense of relief and permission from the current political climate to be the assholes that they are and have always been”. She paired that with an equally important observation: truly courageous leaders do not need permission from the political climate to be good people. For compliance professionals, that is not simply a leadership critique. It is a flashing red warning light.

Whenever a political or social environment legitimizes bullying, anti-empathy, macho posturing, humiliation, or domination, some corporate leaders will inevitably import that behavior into the workplace. They will call it toughness. They will call it candor. They will call it performance culture. They will call it accountability. But often it is something much simpler and much uglier. It is abuse wrapped in executive language. Compliance needs to be said so clearly.

The central challenge is not that every hard-driving executive is a bully. Some leaders are demanding, exacting, and high-performing without being abusive. They set clear expectations. They make hard calls. They hold people accountable. But they do not create fear as a management system. They do not humiliate subordinates. They do not retaliate against dissent. They do not turn uncertainty into control theater. That is the line compliance must help an organization define.

Brown also offers a useful lens for understanding how toxic leadership takes root. She notes that when people feel vulnerable or afraid, they “put on armor,” and for her, that armor often looks like “micromanagement” and “perfectionism”. That is a profound compliance insight. Toxic leadership is often not random. It is fear operationalized. It is insecurity translated into control. It is anxiety turned outward as cruelty. And once that fear-based conduct gets normalized, the compliance consequences follow quickly.

Employees stop raising concerns. Managers shade facts upward. Internal reporting channels become performative. Investigations lose witnesses because no one wants to be the next target. Small control failures become larger ethical failures because people learn that silence is safer than truth. In that kind of environment, the company does not merely have a culture problem; it has a systemic problem. It has a misconduct incubation problem.

This is where the Department of Justice’s Evaluation of Corporate Compliance Programs (ECCP) becomes highly relevant. The ECCP asks whether compliance is empowered, whether misconduct is investigated, whether reporting mechanisms are trusted, whether middle managers reinforce the right values, and whether the company’s culture actually supports ethical behavior. Those questions are not abstractions. They are designed to uncover exactly this sort of rot. If leadership behavior teaches employees that power matters more than principle, your code of conduct is not your culture. Your leaders are.

Prevention

That is why the compliance function must own this issue as a core mandate for prevention, detection, and response. Compliance should work with HR, internal audit, legal, and business leadership to define abusive leadership conduct in operational terms. Not vague values language. Not posters. Not generic civility commitments. Real examples. Public humiliation. Retaliation against dissent. Weaponized performance reviews—threat-based management. Selective enforcement. Meetings where people are punished for raising risks. Impossible deadlines are designed to force corner-cutting—leaders who demand loyalty over truth.

Just as importantly, compliance should distinguish this from legitimate performance management. Strong leaders can push hard. They can demand rigor. They can insist on deadlines and quality. But they do so transparently, consistently, and without degrading people. That distinction matters because toxic leaders love to hide behind the claim that others are too soft. Compliance must not allow that defense to go unchallenged.

Training is part of the answer, but only if it is targeted. Senior leader and middle manager training should include fear-based leadership scenarios, anti-retaliation obligations, how abusive conduct suppresses reporting, and how a breakdown in culture creates legal and regulatory exposure. This is not “soft skills” programming. Brown herself makes the point that leaders must know themselves, regulate their emotions, and think strategically, rejecting the dismissive label of ‘soft skills’ while linking that work directly to performance and growth. Compliance should embrace that insight. Emotional self-regulation is not cosmetic. It is a control.

Promotion and compensation systems must also be brought into the conversation. Companies create exactly what they reward. If a leader hits numbers while leaving a trail of fear, attrition, broken teams, retaliation complaints, and suppressed escalation, that person is not a high performer. That person is a risk event with a bonus target. So compensation committees, HR, and compliance should align on consequences and incentives. Promotion criteria should include team health, substantiated conduct findings, speak-up metrics, turnover patterns, and responsiveness to internal controls. A toxic rainmaker is still toxic.

Detection

Most companies already have more data on toxic leadership than they think. Hotline reports. Ombuds trends. HR complaints. exit interviews. internal mobility data. regrettable attrition. pulse surveys. investigation outcomes. audit interviews. skip-level feedback. even the language patterns that recur in misconduct reports. The failure is rarely a lack of information. The failure is the refusal to connect the dots when the accused is powerful.

Compliance should build a dashboard to monitor toxic leadership. Not for public circulation, but for disciplined internal review. Which functions have repeated retaliation allegations? Which leaders generate unusual turnover after promotion? Where do substantiated complaints cluster? Which business units show low reporting and high pressure simultaneously? Low hotline volume is not always a sign of health. Sometimes it is a sign that employees have already learned the rules of silence.

Here, the political and social climate matters. Brown describes the current atmosphere as “anti-empathy” and “sinister”. Whether one agrees with every aspect of that characterization is almost beside the point. Compliance professionals should understand that external discourse does seep into internal culture. When public life celebrates cruelty, belittles inclusion, mocks empathy, and treats domination as authenticity, some executives will feel culturally validated in bringing those behaviors to work. The company cannot control the external environment, but it can harden its internal norms to counter it. That means reinforcing that empathy is not weakness, accountability is not abuse, and candor is not humiliation.

Remediation

When a toxic leader crosses the line, the organization has to act in ways employees can see and believe, even if they do not see every fact. This is where many compliance programs fail. They investigate the conduct, document the issues, perhaps quietly coach the leader, and then move on. Employees notice. They conclude that there are two systems: one for everyone else and one for top performers.

The ECCP is skeptical of exactly that sort of inconsistency. Regulators want to know whether discipline is applied fairly across the organization and whether managers are held accountable for misconduct and for supervisory failures. A company that protects abusive executives because they deliver revenue is sending a very loud message about what it truly values.

The response toolkit should include substantiated findings, documented remediation plans, compensation impact, leadership coaching where appropriate, enhanced oversight, demotion when necessary, and termination when warranted. Not every toxic leader needs to be fired. But every confirmed pattern of abusive conduct needs a real consequence. Otherwise, the company is not remediating. It is subsidizing misconduct.

There is another subtle but important point in Brown’s remarks. She warns that emotionally resonant language can be weaponized and that vulnerability does not mean oversharing or abandoning responsibility. Compliance should take that seriously as well. Culture language can be gamed. Toxic leaders are often very good at learning the vocabulary of belonging, authenticity, or purpose without changing their behavior. So the compliance function should evaluate culture not by slogans, but by lived experience. Are people willing to raise concerns? Are bad facts welcome? Can managers be challenged without retaliation? That is the test.

In the end, the compliance function cannot prevent every executive from being a jerk. But it can and must prevent jerk behavior from becoming the unofficial operating system of the company.

That is the real issue. Not bad manners. Not personality conflicts. Not style differences. The real issue is whether fear becomes normalized as a management tool and whether the company, through inaction, grants silent permission for it to continue. When that happens, misconduct is never far behind.

Conclusion

In the final analysis, the compliance function has a duty far beyond policing policies or checking boxes. It must help set the boundaries of acceptable power inside an organization. When leaders use fear, intimidation, humiliation, or retaliation as management tools, they do more than damage morale. They corrode trust, silence speak-up culture, and create the precise conditions in which misconduct can flourish. That is why compliance professionals must be willing to call toxic leadership what it is: a cultural risk, a governance failure, and a business threat.

The larger lesson is straightforward. Culture is not shaped by what an organization says in its values statement. It is shaped by the behavior leaders model, the conduct that gets rewarded, and the misconduct that gets tolerated. If compliance leaders want to prevent corporate executives from turning into bullies with titles, they must insist on accountability before fear becomes normalized. In today’s environment, that is not optional. It is one of the clearest tests of whether a company truly has an effective compliance program.

Categories
Sunday Book Review

Sunday Book Review: April 5, 2026, The Top Books for Export Controls/Sanctions Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. In this episode, we look at 4 top books that every export control and sanctions professional should read, as curated by Mike Huneke.

  1. Confessions of an Economic Hitman by John Perkins
  2. Red Notice by Bill Browder
  3. Principles for Dealing with the Changing World Order by Ray Dalio
  4. No Free Trade by Robert Lighthizer

Resources:

Mike Huneke

Categories
Daily Compliance News

Daily Compliance News: April 3, 2026, The Pam Bondi Fired Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

Categories
From the Editor's Desk

From the Editor’s Desk: Aaron Nicodemus Reflections on March and April in Compliance Week

In this episode of From the Editor’s Desk, Tom Fox sits down with Aaron Nicodemus for a lively and insightful look back at the biggest compliance stories from March, while also previewing the trends, enforcement issues, and events set to shape April. They also begin the countdown to the 2026 Compliance Week National Conference in May.

Tom and Aaron break down the fast-moving, policy-driven shifts in U.S. sanctions on Venezuela, Iran, and Russia, and explore how companies are balancing business opportunities with escalating geopolitical and compliance risks amid a volatile oil market. They spotlight Compliance Week’s feature on illegal mining, unpacking its deep connections to financial crime, corruption, and supply chain exposure. The conversation also examines a notable March FCPA declination under the DOJ’s new Corporate Enforcement Policy, focusing on what it signals about voluntary self-disclosure, remediation, cooperation credit, and the Department’s continued emphasis on prosecuting individuals. Along the way, they consider possible aggravating factors, including payments tied to designated criminal or terrorist groups, and what these developments may mean for the future of cross-border enforcement cooperation.

Looking ahead, Tom and Aaron preview the 2026 Compliance Week National Conference, taking place May 6–8 in Washington, DC, including awards finalists, anticipated remarks from DOJ and SEC officials, and timely sessions on AI, whistleblowers, and emerging compliance challenges. They also highlight the conference’s expanded commitment to new voices and share an early look at the Third Party Risk Management & Supply Chain Summit, coming October 26–28 in Chicago.

 

 Resources:

Aaron Nicodemus on LinkedIn

Compliance Week

Categories
Hill Country Artists Podcast

Hill Country Artists Podcast: Hill Country Trails and Tails at KACC

Delve into the heart of the Texas Hill Country with the award-winning “Hill Country Artists Podcast,” which illustrates and illuminates the vibrant tapestry of art rooted in this iconic region. From the sun-drenched limestone cliffs to the serene Guadalupe River, the Hill Country has been a muse for countless artists, providing a unique backdrop for creativity to flourish. In each episode, we uncover the stories behind the area’s most captivating artworks, converse with local artists about their inspirations, and explore the fusion of Texan traditions with contemporary artistic expressions.

In this episode of the Hill Country Artist Podcast, host Tom Fox welcomes Sherrie Castillo, Cindy Peyton, and Sonja Miley to discuss their upcoming show at the KACC, Hill Country Trails and Tails. Hill Country Trails and Tails: Kerrville Artists Preview Upcoming KACC Exhibition.

The Show will run through about May 4, with an artist reception on April 18 from 2–4 pm. They discuss how the show originated, each artist’s path into painting (including starting later in life, retiring, and taking lessons), and their creative processes, using photos, nature walks, and reference gathering. The conversation highlights specific works (wildlife, sunflowers, a farmhouse, trees, and a donkey from a local miniature donkey ranch) and emphasizes KACC’s role as a community hub for exhibits, the Kerrville Art Club, programs, networking, and support for artists and patrons.

Resources:

KACC

Trails and Tails Exhibit at KACC

Texas Hill Country Podcast Network

The Hill Country Artists Facebook Page

Cover art courtesy Deanna Eixman Fine Art

Categories
AI Today in 5

AI Today in 5: April 3, 2026, The Good Friday Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. AI-driven identity and compliance. (ComputerWeekly)
  2. AI and compliance. (ChannelPro)
  3. The Enterprise AI readiness gap. (PYMNTS)
  4. AI’s healthcare test. (Inc42)
  5. BoA is replacing meetings with AI. (FinTechMagazine)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
AI in Healthcare

AI in Healthcare: Five Healthcare AI Stories You Need to Know This Week – April 3, 2026

Welcome to AI in Healthcare in 5 Stories. This podcast is a Weekly Briefing of the five most important AI developments shaping healthcare, medicine, and life sciences. Each week, Tom Fox breaks down the latest stories in clinical innovation, regulation, privacy, compliance, patient safety, and operational transformation through a practical, business-focused lens. Designed for healthcare compliance professionals, executives, legal teams, clinicians, and industry leaders, the podcast moves beyond headlines to explain what each development means in the real world.

The top five stories for the week ending April 3, 2026, include:

  1. Writing prescriptions over the phone using AI. (WSBT)
  2. Patients with medical mysteries are headed to AI for research. (NYT)
  3. How well does AI tech work in healthcare? (Technology Review)
  4. Where is AI in healthcare headed? (Futurism)
  5. AI’s healthcare test. (Inc42)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
AI in Financial Services in 5 Stories

AI in Financial Services in 5 Stories – Week Ending April 3, 2026

Welcome to AI in Financial Services in 5 Stories. A practical weekly roundup of the five most important AI developments affecting banking, insurance, payments, asset management, and fintech. Each Friday, Tom Fox will break down the top stories that matter most through the lenses of compliance, risk management, governance, and business strategy. Designed for compliance professionals, executives, legal teams, and financial services leaders, it goes beyond headlines to explain why each development matters in a highly regulated industry. The result is a concise weekly briefing that helps listeners stay current on AI innovation while asking sharper questions about oversight, accountability, and trust.

This week’s stories include:

  1. Thinking about AI from the bottom up. (FintechFutures)
  2. The AI fintech market in 2033. (Futurism)
  3. Learning to say no for AI. (FinTech Global)
  4. AI is changing how Saas products for tech are designed. (FinTech Global)
  5. SoftBank is betting everything on AI. What could go wrong? (FinTech Weekly)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

The Game Is Afoot in Compliance: Why Sherlock Holmes Still Matters to the Modern Compliance Professional

It is with no small amount of pride that I am pleased to announce the publication of my latest book, The Game Is Afoot in Compliance. The book was sponsored by Gan Integrity. There is a reason Sherlock Holmes still resonates with compliance professionals. It is not nostalgia. It is not literary charm. It is not Victorian fog and deerstalker hats. It is a method.

That is what makes The Game Is Afoot in Compliance such a compelling contribution to the compliance profession. The book’s central insight is that Holmes gives us more than a detective story. He gives us a way to think. He gives us a discipline of observation, skepticism, rigor, and moral clarity that aligns remarkably well with the Department of Justice’s expectations for a modern compliance program.

For Chief Compliance Officers, compliance practitioners, boards, internal audit, and legal, that is the real message. Holmes is not a gimmick. Holmes is a framework. In the book, each of the four Holmes novels maps onto a core compliance discipline. Taken together, they form a coherent approach to designing, testing, and leading a best-practices compliance program.

We start with A Study in Scarlet. The lesson here is investigation. Holmes insists on evidence before theory. He refuses to let assumptions drive conclusions. He follows facts, not narratives. That is as close as one can get to the DOJ’s current expectations. Under the 2024 Evaluation of Corporate Compliance Programs, the DOJ is not interested in whether a company can identify a problem. It wants to know whether the company can investigate thoroughly, understand what happened, determine why it happened, and use that knowledge to improve going forward. The FCPA Resource Guide makes the same point differently. A compliance program must work in practice, and a credible investigative function is a large part of proving that.

Holmes would understand that immediately. He would also understand root cause analysis. The novel A Study in Scarlet is not simply about solving a crime. It is about going deeper than the surface event and uncovering the human, structural, and historical causes beneath it. That is precisely what compliance officers must do. Misconduct rarely appears out of nowhere. It is usually the product of pressure, weak controls, cultural tolerance, or a failure to act on warning signs.

Then comes The Sign of Four. Here, the lesson is signals, data, and decision-making. Holmes’ genius was not that he had more information than everyone else. It was that he knew how to distinguish signal from noise. That may be the most important compliance lesson of all in 2026. Every company today is awash in data. The issue is not access. The issue is architecture, judgment, and discipline.

This is where The Game Is Afoot in Compliance becomes particularly timely. Fox connects Holmes to data analytics, pattern recognition, communication, and ongoing monitoring. That is exactly where the compliance profession has moved. The best programs use data to identify anomalies, test controls, and surface risks before they become enforcement matters. But data alone is not enough. Holmes reminds us that human judgment still matters. Someone has to ask the right question. Someone has to notice the odd payment, the missing approval, the relationship that makes no sense, or the policy exception that keeps repeating.

Boards should take note here as well. Board oversight in compliance is not passive. Directors should be asking whether the company has information flows that produce timely, useful, and actionable insights. They should ask whether the compliance function can convert data into decisions. They should ask whether management can explain what it is monitoring, why it is monitoring it, and what it has learned from that work. A dashboard without analysis is decoration. Holmes would have no patience for decorative oversight.

In The Hound of the Baskervilles, I turn to third-party risk and accountability. This may be the most direct compliance analogy in the entire book. The great danger in The Hound is not simply the hound itself. It is the myth surrounding it. People accept the legend. They stop asking hard questions. They allow fear and assumption to take the place of inquiry. How often does that happen in business? “That distributor has been with us forever.” “That agent knows the local market.” “That is how business gets done there.” Those are the modern legends of the Baskerville moor. In compliance, they are red flags wrapped in habit.

The FCPA Resource Guide is crystal clear that risk-based due diligence on third parties is essential. The DOJ has repeatedly emphasized that onboarding due diligence is not enough. Companies must monitor. They must test. They must revisit. Fox makes exactly that point through Holmes: trust without verification is not trust. It is negligence

This is also where independence comes in. Holmes often solved the problem because he was willing to step back from accepted narratives and popular opinion. The compliance function must have that same independence. It must be empowered, adequately resourced, and able to challenge business assumptions. If compliance is too close to the business to question it, then the program is already standing in the Grimpen Mire.

Finally, The Valley of Fear gives us the lessons of a speak-up culture, whistleblower protection, and controls on retaliation. This is perhaps the most urgent message in the book. Fear kills truth. It silences witnesses. It protects wrongdoers. It allows misconduct to metastasize. I use The Valley of Fear to show that a hotline alone is never enough. Regulators now expect proof that employees can raise concerns safely, that those concerns are investigated fairly, and that retaliation is prevented and punished. The ECCP makes this explicit. Companies must demonstrate that their reporting system is trusted and that appropriate controls are in place to prevent retaliation.

This is where leadership and board oversight become inseparable from culture. Tone at the top still matters, but so does conduct in the middle and response at the bottom. Employees watch what happens when someone raises a concern. They watch whether the reporter is protected. They watch whether the issue disappears. Every response is a cultural signal. That is one reason I wanted to write The Game Is Afoot in Compliance, and why I believe it is valuable for the compliance professional. It reminds us that compliance is not only about structure. It is about posture. Holmes teaches posture. He teaches curiosity over complacency. Evidence over assumption. Courage over convenience. Truth over comfort. Those are not literary flourishes. They are operational requirements for an effective compliance program.

The larger point is this: Holmes gives compliance professionals a mindset that fits modern enforcement expectations. The DOJ wants programs that work in practice. The FCPA Resource Guide calls for risk-based, dynamic, and grounded programs. Boards are increasingly expected to oversee not merely whether a program exists, but whether it is effective. In that environment, The Game Is Afoot in Compliance lands at exactly the right time.

It is a book launch with a larger purpose. It does not simply promote Sherlock Holmes as an entertaining analogy. It positions Holmes as a serious guide for the modern compliance professional. Fox gets that exactly right. Because at the end of the day, the best compliance officers are detectives of culture, analysts of systems, skeptics of easy answers, and guardians of institutional integrity. In other words, they are Holmesian.

And that is why this book matters.

5 Key Takeaways

  1. The Game Is Afoot in Compliance shows that Holmes provides a practical framework for modern compliance, not just a literary metaphor.
  2. A Study in Scarlet teaches the value of evidence before theory, rigorous investigation, and root cause analysis.
  3. The Sign of Four demonstrates that data only becomes useful when it is translated into disciplined monitoring, sound judgment, and defensible decisions.
  4. The Hound of the Baskervilles is a powerful lesson in third-party risk, independence, and the danger of letting myth or business custom replace due diligence.
  5. The Valley of Fear reminds us that fear and retaliation destroy speak-up culture, and that regulators now expect companies to prove their systems protect those who raise concerns.

You can purchase a copy of The Game Is Afoot in Compliance from Amazon.com. The book is sponsored by Gan Integrity and features a foreword by Karen Moore. Gan Integrity is sponsoring a road show, The Integrity Road, highlighting the book and each novel as a launching point for a larger discussion of compliance in 2026. The schedule is

Tuesday, April 21, in NYC, where we will discuss A Study in Scarlet and Investigations.

Tuesday, April 28, in San Francisco, where we will discuss the Sign of Four and AI in Compliance.

Tuesday, May 19, in London, where we will discuss The Hound of the Baskervilles and 3rd Party Risk.

You can register and find out more information here.

Categories
Hill Country Authors

Hill Country Authors Podcast: Dark Texas: A Worst-Case Look at the Texas Power Grid – Through Fiction

Welcome to a new season of the award-winning Hill Country Authors Podcast, sponsored by Stoney Creek Publishing. In this podcast, Hill Country resident Tom Fox visits with authors who live in and write about the Texas Hill Country. In this episode, host Tom Fox interviews fellow UT grad Charles J. Petrie about his novel Dark Texas, inspired by his frustration with articles claiming the Texas power grid failure during the ‘Snowpocolips’ “could have been worse.”

Petrie, a PhD in computer science with research experience, explains he dug into grid resilience and found deeper risks, including reliance on gas-fired generation even though gas pipeline pressure depends on electricity via compressors, and the vulnerability of black start capability: he says 82% of Texas black start generators were inoperable during the event, with some unable to run without electricity or stored fuel oil, and others not maintained in a competitive market. Petrie chose fiction because a technical treatment became too complex and a novel could make people care; he describes characters taking over the writing, cites influences and craft lessons from various authors, shares he’s drafted a sequel prompted by a dark epilogue, and recounts publishing with Stoney Creek Publishing after 50 agent rejections.

Key highlights:

  • Why Write Dark Texas
  • Texas Grid Risks Explained
  • Black Start Breakdown
  • Turning Research Into Fiction
  • Characters Take Over
  • Authors and Writing Lessons
  • Finding a Publisher

Resources:

Dark Texas on Stoney Creek Publishing

Connect with Charles on Facebook

Learn more about Stoney Creek Publishing

Podcast Cover Art

Nancy Huffman Fine Art

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn