Categories
FCPA Compliance Report

FCPA Compliance Report: Buying Blind: AI Procurement Risks Ethics with Jessica Tillipman

In this episode, Tom Fox welcomes Jessica Tillipman, Associate Dean for Government Procurement Law Studies; Government Contracts Advisory Council Distinguished Professorial Lecturer in Government Contracts Law, Practice & Policy. We take a deep dive into federal procurement and compliance.

We begin with Tillipman’s recent article “Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement.” Tillipman explains how her initial focus on AI as a tool to reduce procurement risk shifted after finding instances of AI exploitation and U.S. regulatory changes, raising concerns that contracting practices (commercial terms, limited audit rights, reduced testing and documentation) worsen AI’s inherent opacity. She contrasts government contracting’s “superpower” rights with transparency and competition mandates tied to taxpayer funds and discusses procurement tradeoffs between speed and oversight. Tillipman distinguishes fraud from waste and abuse, warning against conflating categories. She analyzes GSA’s proposed AI clause as overdue, overly broad, and potentially unworkable, and stresses the importance of explainability, human oversight, and due process for consequential AI use. The conversation highlights procurement as a major corruption and compliance risk area and the need to invest in people and integrated teams.

Key highlights:

  • Government vs Private Contracting
  • Procurement Blind Spots
  • AI Procurement Black Box
  • Fraud, Waste, and Abuse
  • GSA AI Clause Debate
  • Training Future Leaders

Resources:

Jessica Tillipman at GW Law

Jessica Tillipman at LinkedIn

Jessica Tillipman Website

Jessica Tillipman Publication

Buying Blind: Corruption Risk and the Erosion of Oversight in Federal AI Procurement

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
AI Today in 5

AI Today in 5: March 30, 2026, The Delay in the EU on AI Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Governing AI without slowing down. (FinTechGlobal)
  2. AI governance and compliance for security. (Blockchain Council)
  3. EU to delay compliance requirements for AI. (CIO)
  4. Scaling AI in healthcare. (MedCity News)
  5. AI-powered finance. (FinTech Magazine)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

The Balt Comparison: The U.S. Declination and French AFA Order

The Balt matter is one of the clearest recent examples of coordinated cross-border anti-corruption enforcement. When you compare the U.S. Department of Justice (DOJ) Declination with the French resolution overseen by the Agence Française Anticorruption (AFA), you see the same facts, the same corporate conduct, and the same core remediation story. Yet you also see two different enforcement philosophies at work.

For compliance professionals, the Balt matter is worth close study because it demonstrates both the benefits and the limits of voluntary self-disclosure. In the United States, Balt received a declination. In France, Balt received a negotiated resolution with a financial penalty and three years of compliance oversight. Put simply, the company received credit in both jurisdictions, but not in the same form. That is the starting point for any serious comparison.

At the highest level, the similarities between the U.S. declination and the French AFA order are striking. Both enforcement outcomes are grounded in the same basic misconduct: improper payments routed through intermediaries and disguised by false invoices, sham consulting arrangements, and other concealment mechanisms to influence a physician affiliated with a state-owned public hospital. Both authorities also credited the same core corporate behavior once the misconduct surfaced. Balt self-disclosed while its internal investigation was still ongoing. Balt cooperated. Balt remediated. Balt separated from the implicated actors. Balt accepted financial consequences. And in both systems, prosecutors made clear that the company earned meaningful leniency for its response after discovering the problem. That is not a small point. It is a very large point.

The DOJ Declination is a textbook example of how the Corporate Enforcement and Voluntary Self-Disclosure Policy is supposed to work. The DOJ credited Balt for timely self-disclosure, full and proactive cooperation, timely and appropriate remediation, disgorgement, and the absence of aggravating circumstances, such as prior misconduct or senior management involvement in the misconduct at the parent company level. In other words, the U.S. resolution focused on whether Balt checked the boxes that the DOJ has been urging companies to follow for years. Balt did so, and the reward was a declination.

The AFA resolution tells a parallel but more demanding story. The AFA likewise credited prompt voluntary disclosure, active cooperation, remedial measures, the quality of the internal investigation, and a clear acknowledgment of facts. Those are very familiar concepts to any U.S. compliance practitioner. Yet the AFA did not stop there. The AFA resolution also catalogued aggravating factors, including company size, a weak compliance program, the systemic nature of the conduct, concealment mechanisms, involvement of a public official, and serious disruption to public order. That analysis produced not only a monetary sanction but also a three-year compliance program under AFA supervision, including an initial audit, targeted audits, a final audit, annual reporting, and oversight costs up to €700,000. This is where the differences become especially instructive.

The first major difference is the form of the resolution. In the United States, Balt secured a Declination. That is the headline. In France, Balt received something much closer to what U.S. practitioners would recognize as a negotiated corporate resolution with ongoing compliance obligations. The lesson is simple: a favorable result in one jurisdiction does not guarantee a mirror-image outcome in another. A company may receive credit everywhere, but the legal expression of that credit can vary dramatically.

The second major difference is how each jurisdiction frames aggravation. The DOJ emphasized the absence of aggravating circumstances. The AFA, by contrast, expressly identified aggravating factors and still extended substantial cooperation credit. That tells us something important about enforcement culture. The U.S. Declination framework remains highly tied to formal eligibility criteria. The AFA framework appears more comfortable acknowledging serious aggravating facts while still rewarding corporate behavior that advances accountability and remediation. Compliance officers should understand that “cooperation credit” does not necessarily mean “no penalty.”

The third difference is scope. The U.S. Declination appears more tightly focused on the bribery scheme from roughly 2017 to 2023 involving a French public hospital physician and related profits. The AFA order appears to take a broader view of the surrounding conduct, including earlier misconduct and additional facts involving the French and Belgian physicians. That broader factual framing matters because it influences how a regulator assesses whether misconduct was episodic or systemic. For compliance professionals, that is a warning that one regulator may view a discrete scheme while another may see a longer-running control failure.

The fourth difference is the compliance remedy itself. The DOJ credited remediation and moved on, subject to continued cooperation and disgorgement. The AFA imposed structured compliance oversight. That distinction is increasingly important in cross-border cases. One can easily imagine the DOJ becoming more comfortable declining a case when it is satisfied that another credible enforcement authority will impose real compliance obligations on the company. From a policy perspective, that is efficient burden-sharing. From a compliance perspective, it means global companies must prepare for one enforcement resolution to be shaped by another.

The fifth difference is financial architecture. In the U.S., disgorgement was central. In France, the fine included disgorgement and a punitive component, with credit for amounts paid under the U.S. resolution. That coordination is precisely what sophisticated multinational enforcement should look like. It avoids pure duplication while still preserving accountability across multiple jurisdictions.

What are the broader lessons?

First, self-disclosure still matters, perhaps now more than ever. Balt disclosed that it had all the answers before. That took nerve. Many companies hesitate because they want a complete internal report before speaking to prosecutors. Balt shows that both U.S. and French authorities can reward early disclosure made during an active investigation, provided the company follows through with facts, cooperation, and remediation.

Second, remediation must be real, not performative. Separation from wrongdoers, tailored training, strengthened controls, and structural compliance upgrades all mattered here. Regulators on both sides of the Atlantic were clearly testing whether Balt had merely discovered misconduct or had actually learned from it.

Third, cross-border cooperation is no longer an abstract concept. It is operational. The AFA Order expressly notes shared information through mutual legal assistance. The DOJ expressly referenced the parallel French resolution. Compliance professionals need to assume that in a multinational corruption matter, regulators are not working in isolation.

Fourth, a declination is not exoneration. That may be the most important practical lesson of all. Balt avoided prosecution in the United States, but it still paid disgorgement, saw individuals indicted, and accepted substantial compliance oversight in France. No CCO should ever describe a declination as a clean escape. It is better understood as conditional mercy earned through disciplined response.

Finally, Balt reminds us that enforcement is increasingly about the credibility of the company’s post-discovery conduct. The original misconduct was serious. What separated Balt from a much harsher U.S. outcome was not the weakness of the facts. It was the strength of the response.

In the end, the Balt matter tells us that modern anti-corruption enforcement is no longer a one-country exercise. The DOJ and the AFA looked at the same core misconduct and rewarded the same basic corporate behavior: voluntary self-disclosure, cooperation, remediation, and disgorgement. Yet they expressed that credit in different ways. The DOJ used the matter to send a clear message that its declination framework can work when a company comes in early, tells the truth, and helps build the case. The French authorities sent a different but equally important message: even where cooperation is meaningful, serious misconduct can still warrant a financial penalty and years of structured compliance oversight.

For the compliance professional, that is the real lesson. A declination is not the end of the story, and cooperation credit is not a free pass. Cross-border enforcement now means that regulators may coordinate on facts, financial remedies, and compliance expectations, while still applying their own legal philosophies. Balt’s outcome shows that what matters most is not simply how a company got into trouble, but how it responds once trouble is discovered. That is where credibility is built, and increasingly, that is where enforcement outcomes are decided. 

Categories
Sunday Book Review

Sunday Book Review: March 29, 2026, The Top Books for COs Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. In this episode, we look at 4 top books that every compliance professional should read and have in their library.

  1. The Complete Works of Sherlock Holmes by AC Doyle
  2. Higher Ground by Alison Taylor
  3. The Honest Truth About Dishonesty by Dan Ariely
  4. The Power of Habit by Charles Duhigg
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 73 – The Technology Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Stories this week include:

  • Stoicism without self-examination is moral bankruptcy. (⁠FT⁠)
  • Is China more stable for companies than the US?  (⁠FT⁠)
  • JPMorgan to monitor jr. bankers’ hours. (⁠FT)⁠
  • EDNY says fighting the appeal of the FIFA corruption case is not worth the resources. (⁠Reuters)⁠
  • Judge questions DOJ’s decision to drop Halkbank AML case. (⁠Bloomberg⁠)
  • One CEP to Rule Them All (⁠CCI⁠)
  • Banning Sports Betting on Prediction Markets (⁠WSJ⁠)
  • US Regulatory Fines Plummet (⁠CCI⁠)
  • You Need an Automated Compliance Program (⁠Volkov Blog⁠)
  • Florida Man-Dress for Arrest (⁠NBC Miami⁠)

Resources:

Kristy Grant-Hart on ⁠LinkedIn⁠

⁠Prove Your Worth⁠

Tom

⁠Instagram⁠

⁠Facebook⁠

⁠YouTube⁠

⁠Twitter⁠

⁠LinkedIn

Categories
Fox on Podcasting

Fox on Podcasting: Rural Podcasts as Civic Institutions: Trust, Storytelling, and Sustainable Local Media

Join Tom Fox as he explores the world of podcasting and get ready to be inspired to start your own podcast. In this episode, Tom takes a solo turn behind the mic to advocate for rural podcasts and rural podcast networks. He says that a Rural Podcast Network can function as a civic institution in rural America. Drawing on research and his move to rural West Texas, he describes a widening gap in human-interest storytelling as NPR affiliates, public radio stations, and other local media face funding pressure, programming cuts, and retrenchment. Tom contends that rural podcasters have a competitive edge in proximity, context, and community trust, which enables credibility that outside media cannot replicate. He frames the opportunity as both mission-driven and commercial, citing local sponsor ecosystems (banks, hospitals, colleges, chambers, foundations, tourism, regional firms, agricultural suppliers, and small businesses). He emphasizes consistency over scale to build loyalty and create an archive of community memory that complements—not replaces—legacy institutions.

Key highlights:

  • A Storytelling Void Opens
  • Why Local Proximity Wins
  • Trust as Competitive Edge
  • Consistency Builds Institutions
  • Podcasts as Civic Infrastructure

 Resources:

 Artwork

Elaine Capers

Art by Elaine

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: March 27, 2026, The No to AI Data Centers Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Customer service AI improving fintech. (Global Banking & Finance)
  2. GenAI for healthcare. (The Hastings Center)
  3. Local opposition is slowing data center construction. (NYT)
  4. Corporate AI adoption outpacing compliance. (The Global Legal Post)
  5. Agentic AI transforming compliance ROI. (FinTechGlobal)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: March 27, 2026, The Meta Moment Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The jury spanked Meta and YouTube. (WSJ)
  • Former Taipei Mayor sentenced to 17 years for corruption. (Reuters)
  • A corruption prosecution to benefit Rubio? (NYT)
  • EY sets aside record £188MM for fines and penalties. (FT)
Categories
AI in Financial Services in 5 Stories

AI in Financial Services in 5 Stories – Week Ending March 27, 2026

Welcome to AI in Financial Services in 5 Stories. A practical weekly roundup of the five most important AI developments affecting banking, insurance, payments, asset management, and fintech. Each Friday, Tom Fox will break down the top stories that matter most through the lenses of compliance, risk management, governance, and business strategy. Designed for compliance professionals, executives, legal teams, and financial services leaders, it goes beyond headlines to explain why each development matters in a highly regulated industry. The result is a concise weekly briefing that helps listeners stay current on AI innovation while asking sharper questions about oversight, accountability, and trust.

This week’s stories include:

  1. Customer service AI improving fintech. (Global Banking & Finance)
  2. Solaris to become the first EU all-AI bank. (FinTech Futures)
  3. Moving from detection to prevention using AI in FinTech. (FinTechGlobal)
  4. FCA evolving on payment priorities. (FinTech Magazine)
  5. Future-proofing AI for the Agentic AI era. (FinTech Weekly)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
AI in Healthcare

AI in Healthcare: Five Healthcare AI Stories You Need to Know This Week – March 27, 2026

Welcome to AI in Healthcare in 5 Stories. This podcast is a Weekly Briefing of the five most important AI developments shaping healthcare, medicine, and life sciences. Each week, Tom Fox breaks down the latest stories in clinical innovation, regulation, privacy, compliance, patient safety, and operational transformation through a practical, business-focused lens. Designed for healthcare compliance professionals, executives, legal teams, clinicians, and industry leaders, the podcast moves beyond headlines to explain what each development means in the real world.

The top five stories for the week ending March 27, 2026, include:

  1. GenAI for healthcare. (The Hastings Center)
  2. Responsible AI in healthcare. (Cisco)
  3. How Oracle is transforming healthcare. (CloudWars)
  4. 1in 3 adults is using chatbots for healthcare. (ModernHealthcare)
  5. AI in healthcare administration. (The AI Journal)

For more information on the use of AI in Compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.