Categories
Compliance Into the Weeds

Compliance into the Weeds: 5 Top Compliance Stories to Watch in 2025

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In the first episode 2025, Tom and Matt dive into the top compliance stories that could shape the upcoming year.

They begin with the politically charged corruption case involving Gautam Adani, discussing its implications under the Trump administration and the potential for the Justice Department to alter its course on this high-profile prosecution. They also explore the possibility of personal liability in the TD Bank compliance scandal, the anticipated policy shifts under SEC nominee Paul Atkins, and the future of the Consumer Financial Protection Bureau (CFPB) under a Republican administration. Additionally, they address the challenges and potential impact of the DOJ Committee’s deregulation efforts and the unresolved Boeing Deferred Prosecution Agreement case’s monitorship issues. Tune in to understand what compliance officers should be watching for in 2025, as these stories could have significant ramifications for corporate compliance and enforcement practices.

Key highlights:

  • Top Compliance Stories of 2025
  • Gautam Adani Corruption Case
  • TD Bank Compliance Scandal
  • Paul Atkins and the SEC
  • Future of the CFPB
  • DOGE Committee and Deregulation
  • Boeing Monitorship Controversy

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Caremark Claims: A Compliance Professional’s Guide to the Shifting Landscape

For decades, Delaware courts famously described Caremark claims alleging breaches of the duty of oversight as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” Yet recent legal developments have shown that while Caremark claims remain challenging, they are no longer insurmountable. Cases like Marchand v. Barnhill) and the Boeing 737 Max shareholder derivative lawsuit have demonstrated that boards of directors are not immune from liability when they fail to fulfill their oversight responsibilities.

As we head into 2025, compliance professionals must stay attuned to the evolving dynamics of oversight duty claims. Today, we consider the current state of Caremark litigation, the implications of recent case law, and emerging areas such as cybersecurity, ESG, and AI that could generate oversight liability in the future.

A Historical Shift: From Rare Wins to Increased Viability

Historically, Caremark claims were long shots for plaintiffs. Courts typically set an extremely high bar, requiring claimants to demonstrate that directors acted in bad faith by consciously ignoring red flags or failing to implement compliance systems. However, recent decisions have opened the door for such claims, particularly in cases involving egregious governance failures.

The Boeing case was one of the most striking examples of a Caremark claim. It involved the two Boeing 737 Max plane crashes, which were catastrophic crashes tied to governance and oversight failures. The case survived a motion to dismiss and eventually settled for $237.5 million, funded entirely by D&O insurance. Next was Walmart’s Opioid case, which was also resolved in 2024. In this matter, Walmart’s Board of Directors faced a shareholder derivative claim, alleging breaches of the duty of oversight about the opioid crisis. The case settled for $123 million, showing that courts will entertain Caremark claims when systemic failures result in significant harm. These high-profile cases have emboldened plaintiffs and raised alarms in Delaware courts, leading to a noticeable backlash in recent decisions.

A Backlash Emerges: Delaware Courts Reassert a High Bar 

The Delaware Chancery Court, which has long been a guardian of corporate governance law, has recently pushed back against what it views as an overextension of Caremark claims. Since 2023, we have seen three notable cases that highlight this skepticism. The first was the Segway case from 2023. In this decision, the Court dismissed claims against the board, emphasizing that liability requires a “red line” of bad faith—an extremely high standard that most claims fail to meet.

Next was the Walgreens Boots Alliance matter from 2024. In this decision, the Court criticized the “proliferation” of oversight lawsuits, warning that every time a company experiences an adverse event, reflexive filings could do more harm than good. Finally, there was the Centene matter, also from 2024: In Bricklayers Pension Fund v. Brinkley, Vice Chancellor Morgan Zurn dismissed oversight claims, finding no evidence that the board consciously disregarded compliance risks. Zurn underscored that “a bad outcome, without more, does not equate to bad faith.” These decisions signal a clear message from Delaware courts: that Caremark claims must meet an exacting standard and that not every adverse outcome shows a breach of oversight duties.

The Federal Courts Enter the Fray  

While Delaware courts tighten their standards, federal courts applying Delaware law have shown a greater willingness to let Caremark claims proceed. Two notable cases from 2024 illustrated this trend. The first was a piece of the long-running Wells Fargo litigation for various actions. In this matter, a federal district court in California allowed claims against Wells Fargo’s board to move forward, citing allegations that directors failed to address discriminatory lending practices. Similarly, a federal court in Illinois sustained claims against Abbott Labs’ Board of Directors for failing to oversee the safety of its infant formula products.

These rulings suggest federal courts may be more receptive to Caremark claims, particularly in cases involving systemic misconduct or significant public harm. While these cases do not have precedential value in Delaware, they can be seen as a roadmap for successful Caremark claims outside the jurisdiction of these two district courts.

The Compliance Implications of Recent Trends

What do all these decisions mean for compliance professionals? In the ever-evolving landscape of oversight liability, the compliance professional has challenges and opportunities. Compliance professionals should proactively identify and address these risks at the board level. There are five areas compliance professionals should focus on.

  1. Active Oversight. The common thread in successful Caremark claims is the board’s failure to actively monitor compliance risks. Compliance officers should ensure that boards are regularly informed about key risks through detailed reports and actively engaged in oversight of high-risk areas, such as product safety, regulatory compliance, and ethical conduct.
  2. Document Document Document. Your Board’s efforts to oversee compliance systems and address red flags that rise to the Board level. Boeing shows that the absence of documented board actions can be devastating in litigation. Compliance teams should work with corporate secretaries to: a.) Ensure board minutes reflect meaningful discussions about compliance risks. b.) Record follow-ups on identified issues to demonstrate a proactive approach.
  3. Emerging Risks. There are a variety of areas that are ripe for future Caremark claims. These areas include cybersecurity, as Boards that fail to oversee cyber risk management could face liability after a data breach. ESG is still a business imperative, even if the incoming Administration is antithetical to it. Environmental and social failures, such as ignoring climate risks or fostering discriminatory practices, may trigger oversight claims. Finally, AI governance will be at the forefront of many compliance professionals’ minds. As AI adoption accelerates, Boards must ensure compliance with developing regulations and ethical standards.
  4. Federal Courts. The divergence between Delaware and federal courts applying Delaware law complicates the oversight liability landscape. Compliance teams should monitor cases in both jurisdictions and adapt their strategies accordingly.
  5. Insurance and Indemnification. Given the financial stakes in Caremark litigation, robust Directors and Officers (D&O) insurance is essential. Compliance teams should work on reviewing D&O policies to ensure they provide adequate coverage for oversight claims. You should also collaborate with legal and risk management teams to understand policy exclusions and coverage limits.

A Call to Action for Compliance Professionals  

The shifting dynamics of Caremark claims underscore the critical role compliance professionals play in supporting board oversight. To strengthen your organization’s oversight framework:

  1. Educate the Board by providing regular training on directors’ fiduciary duties, focusing on their oversight obligations.
  2. Enhance reporting by developing dashboards and reports that give the board a clear view of compliance risks and mitigation efforts.
  3. Promote a culture of accountability by working with senior leadership to embed compliance into the organization’s culture and ensure that issues are addressed at every level.

While recent Delaware decisions have reaffirmed the difficulty prevailing in Caremark cases, high-profile settlements and federal court rulings indicate that oversight liability remains a growing risk. Compliance professionals must stay vigilant, ensuring their boards are well-equipped to meet their oversight responsibilities.

By focusing on proactive risk management, thorough documentation, and emerging risks like cybersecurity and AI, compliance teams can help their organizations navigate the complex oversight landscape. The stakes are high, but so are the opportunities to build stronger, more resilient governance frameworks.

As Kevin LaCroix has noted, “The bottom line is that notwithstanding recent Delaware Chancery Court skepticism toward a breach of the duty of oversight claims, there is life for these kinds of suits, at least in some cases—including in cases filed outside of the Delaware state courts.”

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 7 – Argentieri on Clawbacks and Holdbacks

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

In this episode, we explore the critical insights from the DOJ Clawback Program for compliance professionals. It emphasizes integrating compliance into the compensation structure as an effective strategy to promote ethical behavior and prevent misconduct. We also delve into the significance of financial accountability, noting the DOJ’s practice of reducing fines for firms that reclaim compensation from responsible employees. Finally, the episode highlights the necessity of continuously evaluating and enhancing compliance-linked compensation systems, urging companies to regularly assess their effectiveness, gather feedback, and make necessary adjustments. This iterative process reinforces the idea that compliance programs must be dynamic and proactive rather than static operational checklists.

Key highlights:

  • Integrating Compliance into Compensation
  • Financial Accountability Emphasis
  • DOJ’s Commitment to Individual Accountability
  • Continuous Evaluation and Improvement

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
Daily Compliance News

Daily Compliance News: January 7, 2025 – The GenZ Problem Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The GenZ problem for audit firms. (FT)
  • AI agents and compliance. (WSJ)
  • Razak can seek house arrest for 1MDB crimes. (Bloomberg)
  • Corruption is the biggest threat to the Chinese Communist Party. (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Innovation in Compliance

Innovation in Compliance – Navigating Leadership and Talent Retention with Pat McNeil

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits Pat McNeil, founder and principal of Chart House Solutions, to delve into his extensive experience in the Navy and his journey into leadership development and organizational coaching.

Pat discusses his transition from the military to civilian life, the creation of Chart House Solutions, and his role in guiding clients through professional and personal challenges. He introduces the EC3 principle for talent retention—expectations, communication, commitment, and consistency, drawing parallels from his military service to corporate environments. He also highlights the importance of structured training and the concept of ‘falling forward’ in professional development. He discusses the Lego Serious Play method, emphasizing the role of serious play in improving corporate settings and engagement. Pat stresses that coaching at all organizational levels fosters effective leadership and a sustainable company culture.

Key highlights:

  • Pat McNeil’s Professional Background
  • The EC3 Principle for Talent Retention
  • Lego Serious Play Method in Corporate Training
  • Falling Forward: Embracing Failure in Professional Development
  • Training with Purpose: Driving Culture and Engagement
  • The Importance of Coaching in Professional Development

Resources:

Pat McNeil on LinkedIn

Chart House Solutions

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.

Categories
Adventures in Compliance

The Case-Book of Sherlock Holmes – Compliance Lessons from The Adventure of the Three Gables

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider one of the lesser-known of all the Holmes stories, The Adventure of the Three Gables.

In this episode, we investigate the Sherlock Holmes short story ‘The Three Gables’ to uncover crucial compliance lessons. As part of ‘The Casebook of Sherlock Holmes,’ this episode examines ethical leadership, transparency, third-party risk management, whistleblower protections, reputation management, and root cause analysis through the lens of this lesser-known tale. The story of crime and manipulation serves as a reminder of the importance of integrity and accountability in business ethics. Check out the parallels between Sherlock Holmes’ investigative techniques and modern compliance practices and learn how these timeless lessons can strengthen organizational culture and mitigate risks.

Highlights include:

  • Introduction to The Three Gables
  • Unpacking Compliance Lessons
  • Ethical Leadership and Transparency
  • Third-Party Risk Management
  • Whistleblower Protections and Reputation Management
  • Root Cause Analysis and Final Thoughts

Resources

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
The Ethics Experts

Episode 189 – Kerri Salata

In this episode of The Ethics Experts, Nick welcomes Kerri Salata.

Kerri Salata is a lawyer, ethics, and compliance professional who advises companies on how to meet their legal and regulatory requirements using creative, design-driven strategies. She is the founder of Kerri A. Salata, a legal professional corporation, and holds the CEO position at Comply With Me, a compliance consultancy firm known for its innovative approach to regulator-accredited compliance education.

http://www.linkedin.com/in/kerrisalata

Categories
Corruption, Crime and Compliance

McKinsey & Company Pays $122 Million to Resolve FCPA Violations in South Africa

What went wrong when McKinsey paid bribes to secure consulting contracts with South Africa’s state-owned enterprises? In this episode, Michael Volkov dives into the December 2024 DOJ settlement with McKinsey & Company, which paid $122 million after being found guilty of paying bribes to officials at Transnet and Eskom to secure valuable consulting contracts. The case involved significant violations of the Foreign Corrupt Practices Act (FCPA) and highlights the risks companies face when failing to implement effective compliance programs.

You’ll hear him discuss:

  • The details of McKinsey’s settlement with the DOJ for $122 million, including the 35% discount and the cooperation credits granted by the government.
  • The role of Vikas Sagar, McKinsey’s former senior partner, and his guilty plea in 2022 for orchestrating bribery payments.
  • How McKinsey Africa used sensitive, non-public information obtained through bribes to secure multi-million dollar contracts with Transnet and Eskom.
  • The ongoing issue of engaging third-party intermediaries and the importance of conducting thorough due diligence before entering into business relationships.
  • The lessons learned from McKinsey’s lack of proper oversight and controls allowed a small group of corrupt executives to facilitate bribery schemes.
  • The broader impact of local content requirements in international business and the associated risks of partnering with unqualified entities with ties to corrupt government officials.

Resources:

Michael Volkov on  LinkedIn |Twitter

The Volkov Law Group

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 6 – M&A Safe Harbor Policy

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

This episode delves into the Department of Justice’s mergers and acquisitions (M&A) Safe Harbor Policy, as Deputy Attorney General Lisa Monaco explained. This policy encourages companies to voluntarily self-disclose criminal conduct discovered during acquisition. If a company promptly discloses such misconduct, cooperates with the ensuing investigation, and engages in appropriate remediation, restitution, and disgorgement, it can receive a presumption of a criminal declination. Key deadlines include disclosing misconduct within six months of the closing date and fully remediating within one year. The DOJ aims to incentivize acquiring companies to perform robust pre- and post-acquisition due diligence and self-disclosure to mitigate risks and de-risk transactions effectively.

Key highlights:

  • New DOJ Mergers and Acquisitions Safe Harbor Policy
  • Key Requirements and Deadlines
  • Historical Context and Clarifications

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.