Categories
Sunday Book Review

Sunday Book Review: March 8, 2026, The Top Books on the End of the World Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. In this episode, we look at 4 top books about the end of the world.

  1. Apocalypse by Lizzie Wade
  2. Goliath’s Curse by Luke Kemp
  3. A Brief History of the End of the F*cking World by Tom Phillips
  4. End of the World 2026-The Burning World by Sumit Yadav
Categories
Creativity and Compliance

Creativity and Compliance: Captain Compliance: Humor, Characters, and Creative Training at Premera Blue Cross

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection all require creativity. Join Tom Fox and Ronnie Feldman on the award-winning Creativity and Compliance. Ronnie’s company, Learning and Entertainment, uses the entertainment devices people use to consume information in their everyday, non-work lives and applies them to important topics in compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

Tom and Ronnie are back with their first episode for 2026. They visit with Sven Peterson, VP of Compliance, Ethics, and Regulatory Services at Premera Blue Cross, to discuss using creativity and humor to make compliance more approachable and strengthen the speak-up culture in a highly regulated industry. Peterson explains why his team created “Captain Compliance,” a superhero-style character he plays, in both live and animated versions, to deliver ethical guidance through short skits, training sessions, meetings, and employee events; the program also includes an “Ethics League” and a contrasting character, Professor Pitfall. He emphasizes that ethics is a team sport supported by compliance champions across the company, and advises establishing credibility, gaining leadership buy-in, involving others as co-authors, and aligning with company culture. Reported results include strong employee awareness survey feedback and Ethisphere’s Compliance Leader Verification.

Key highlights:

  • Why Creativity Matters
  • Meet Captain Compliance
  • How the Skits Work
  • Approachability and Speak Up
  • Building Community and Champions
  • Handling Skeptics and Buy-In
  • Results and Measuring Impact

 Resources: 

Sven Peterson on LinkedIn

Premera Blue Cross

Captain Compliance

Ronnie

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets,” these 90-second commercials address misconceptions and excuses to promote a speak up culture and the E&C team as positive and helpful.
  • E&C Training Jams: a soulful singer banters with ethics & compliance, explaining policies, sharing examples, and debunking excuses. 
  • Tales from the Hotline – Real, speak-up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update, explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up, and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance is a multiple podcast award-winning show and was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
AI Today in 5

AI Today in 5: March 6, 2026, The Captain Nemo Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Financial crimes, compliance, and AI. (FundsEurope)
  2. AI is making a difference in finance. (FinTechWeekly)
  3. AI agents as financial intermediaries. (FinTechWeekly)
  4. How AI is changing pharma. (BioSpace)
  5. Floating wind turbines to power AI data centers located at sea. (Electrek)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: March 6, 2026, The Does ChatGPT Practice Law Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Wells Fargo is free from the Consent Order. (WSJ)
  • Senator flags White House corruption for betting markets. (Decrypt)
  • OpenAI sued for practicing law. (Reuters)
  • The Trump Administration ordered a refund of illegal tariffs. (WSJ)
Categories
Blog

The Fall of the Alamo and Empowerment of the Compliance Professional

Today is the anniversary of the most historic day of many in the history of the great state of Texas, the date of the fall of the Alamo. While March 2, Texas Independence Day, is when Texas declared its independence from Mexico, and April 21, San Jacinto Day, is when Texas won its independence from Mexico, both probably have more long-lasting significance. If there is one word that Texas is known for worldwide, it is the Alamo. The Alamo was a crumbling Catholic mission in San Antonio where 189 men were held out for 13 days by the Mexican Army of General Santa Anna, which numbered approximately 5,000. But in 1836, Santa Anna unleashed his forces, which overran the mission and killed all the fighting men. Those who did not die in the attack were executed, and all the deceased bodies were unceremoniously burned. Proving he was not without chivalry, Santa Anna spared the lives of the Alamo’s women, children, and slaves. But for Texans across the globe, this is our day.

While Thermopylae will always go down as the greatest ‘Last Stand’ battle in history, the Alamo is in contention for Number 2. Like all such battles, sometimes the myth becomes the legend, and the legend becomes the reality. In Thermopylae, the myth is that 300 Spartans stood against the entire 10,000-man Persian Army. However, there was also a force of 700 Thespians (not actors, but citizens from the City-State of Thespi) and a contingent of 400 Thebans fighting alongside the 300 Spartans. Somehow, their sacrifices have been lost to history.

Likewise, the legend that elevates the Alamo battle to myth is the line in the sand. The story goes that William Barrett Travis, on March 5, the day before the final attack, when it was clear that no reinforcements would arrive in time and everyone who stayed would perish, called all his men into the plaza of the compound. He then pulled out his saber and drew a line in the ground. He said that they were surrounded and would all likely die if they stayed. Any man who wanted to stay and die for Texas should cross the line and stand with him. Only one man, Moses Rose, declined to cross the line. The immediate survivors of the battle did not relate this story after they were rescued, and the line-in-the-sand tale did not appear until the 1880s.

But the thing about ‘last stand’ battles is that they generally turn out badly for the losers. Very badly. I thought about this when Chuck Duross, back when he was head of the Department of Justice’s (DOJ) Foreign Corrupt Practices Act (FCPA) unit, said at a conference that he viewed anti-corruption compliance practitioners as “The Alamo” in terms of the last line of defense in the prevention of compliance violations. I gingerly raised my hand and acknowledged his tribute to the great state of Texas, but pointed out that all the defenders were slaughtered, so perhaps another analogy was appropriate. Everyone had a good laugh at the conference back then. But in reflecting on the history of my state and what the Alamo means to us all, I have wondered if my initial response was too facile.

What happens to a Chief Compliance Officer (CCO) or compliance practitioner when they have to make a stand? Do they make the ultimate corporate sacrifice? Will they receive the equivalent of a corporate execution as the defenders of the Alamo received? This worrisome issue occurred even if the person had resigned to pursue other opportunities.’ Michael Scher has been a leading voice in protecting compliance officers. In a post entitled Michael Scher Talks to the Feds, he said, “A compliance officer (CO) working in Asia asked for recognition and protection: “A CO will not stand up against the huge pressure to maintain compliance standards if he does not get sufficient protection under the law. Most COs working in the overseas operations of U.S. companies are not U.S. citizens, but they are usually the first to identify violations. Since the FCPA deals with foreign corruption, how could the DOJ and SEC not protect these COs? “

The DOJ is now looking at the quality of your CCO and compliance function and how they are perceived, treated, and received in the corporate setting. In the 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the DOJ expanded its inquiry to evaluate the “sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”

Further, there were four specific areas of inquiry and evaluation: (1) Structure, (2) Experience and Qualifications, (3) Funding and Resources, and (4) Autonomy.

In the section entitled “Structure,” the evaluation made the following inquiries:

  • How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers?
  • What has been the turnover rate for compliance and relevant control function personnel?
  • What role has compliance played in the company’s strategic and operational decisions? How has the company responded to specific instances where compliance raised concerns?
  • Have any transactions or deals been stopped, modified, or further scrutinized due to compliance concerns?

In the section entitled “Experience and Qualifications,” the 2024 ECCP made the following inquiries:

  • Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities?
  • Has the level of experience and qualifications in these roles changed over time?
  • Who reviews the compliance function’s performance, and what is the review process?

In the area of “Funding and Resources,” the 2024 ECCP asked:

  • Has there been sufficient staffing for compliance personnel to effectively audit, document, analyze, and act on the results of the compliance efforts?
  • Has the company allocated sufficient funds for this?
  • Have there been times when requests for resources by compliance and control functions have been denied, and if so, on what grounds?

Finally, in the area of “Autonomy,” the 2024 ECCP asked:

  • Do the compliance and relevant control functions have direct reporting lines to any member of the board of directors and/or the audit committee?
  • How often do they meet with directors?
  • Are members of the senior management present for these meetings?
  • How does the company ensure the independence of the compliance and control personnel?

These were all deeper and more robust, focusing on the CCO and the DOJ compliance team. If your compliance team is run on a shoestring, you will likely be downgraded for your overall commitment to FCPA compliance. The same is true for promotions and other advancement opportunities within an organization. Not many organizations have a compliance function so mature that a CCO is appointed to another senior-level position.

Upon further reflection, Duross was correct, and the Alamo reference was appropriate for compliance officers. Sometimes we must draw a line in the sand with management. And when we do, we have to cross that line to get on the right side of the issue, and the consequences be damned. The DOJ has clarified that it expects CCOs and compliance professionals to draw that line when necessary, and that when they do, companies must heed their warnings.

Categories
Blog

AI Compliance as a Competitive Advantage: Turning Governance Into ROI

In too many organizations, “AI compliance” is treated like a speed bump. Something to route around, manage after launch, or outsource to a vendor deck and a policy that nobody reads. That mindset is not only outdated but also expensive. In 2026, mature AI governance is becoming a commercial differentiator because customers, regulators, employees, and business partners increasingly ask the same question: Can you prove your system is trustworthy?

The most underappreciated truth is that AI risk is not “an AI team problem.” It is a business-process problem, expressed through data, decisions, third parties, and change control. The Department of Justice Evaluation of Corporate Compliance Programs (ECCP) has never been about perfect paperwork; it has been about whether a program is designed, implemented, resourced, tested, and improved. If you can translate that posture into AI, you can convert “compliance cost” into “credibility capital.”

A cautionary backdrop shows why. The EEOC’s 2023 settlement with iTutorGroup serves as a cautionary tale: automated hiring screening that disadvantages older workers can lead to legal exposure, remediation costs, and reputational damage. The details matter less than the pattern; when algorithmic decisions are not governed, the business eventually pays the bill. The compliance professional should see the pivot clearly; governance is the mechanism that lets you move fast without becoming reckless.

From a build-from-scratch, low-to-medium maturity posture, the win is not sophistication. The win is repeatability. If you build an AI governance framework aligned to NIST AI RMF (govern, map, measure, manage), structured through ISO/IEC 42001’s management-system discipline, and cognizant of EU AI Act risk tiering, you get something the business loves: a predictable path from idea to deployment. Today, I will explore five ways mature AI compliance can become a competitive advantage, each with a practical view of how a compliance-focused GenAI assistant can support business processes.

1) Sales and Customer Trust

Trust is a sales feature now, even when marketing refuses to call it that. Customers increasingly ask about data use, model behavior, security controls, and human oversight, and they are doing it in procurement questionnaires and contract negotiations. A mature governance framework lets you answer quickly, consistently, and with evidence, thereby shortening sales cycles and reducing late-stage deal friction. A compliance GenAI can support this by drafting standardized responses from approved trust artifacts such as policies, model cards, DPIAs, and audit summaries; flagging gaps, and routing exceptions to Legal and Compliance before the business overpromises.

For compliance professionals, this lesson is even more stark, as the ‘customers’ of a corporate compliance program are your employees. Some key KPIs you can track are average time to complete AI security and compliance questionnaires; percentage of deals requiring AI-related contractual concessions; number of customer-facing AI disclosures issued with approved templates; and percentage of AI systems with current model documentation and ownership attestations.

2) Regulatory Credibility

Regulators are not impressed by ambition; controls persuade them. NIST AI RMF provides a common language to demonstrate that you mapped use cases, measured risks, and managed them over time, while ISO/IEC 42001 imposes discipline on accountability, documentation, and continual improvement. The EU AI Act’s risk-based approach adds an organizing principle: classify systems, apply controls proportionate to risk, and prove that you did it. A compliance GenAI can help by maintaining a living inventory, prompting owners to complete quarterly attestations, drafting control narratives aligned with the frameworks, and assembling regulator-ready “evidence packs” that demonstrate governance in operation rather than on paper.

For compliance professionals, this lesson is about your gap analysis. You have not aligned your current internal controls with GenAI, governance, or other controls. You should do so. Some key KPIs you can track are percentage of AI systems risk-tiered and documented; time to produce an evidence pack for a high-impact system; number of material control exceptions and time-to-remediation; and frequency of risk reviews for high-impact systems.

3) Faster Product Approvals and Safer Deployment

Speed comes from clarity, not from cutting corners. When decision rights, review thresholds, and required artifacts are defined up front, product teams stop guessing what Compliance will require at the end. That is the management-system advantage: ISO/IEC 42001 treats AI governance like a repeatable operational process with gates, owners, and records, rather than a series of one-off debates. A compliance GenAI can support the workflow by pre-screening new use-case intake forms, recommending the correct risk tier under EU AI Act concepts, suggesting required testing (bias, privacy, safety), and generating the first draft of a launch checklist that the product team can execute.

For compliance professionals, this lesson is that you must run compliance at the speed of your business operations. Some key KPIs you can track are: cycle time from AI intake to approval; percent of launches that pass on first review; number of post-launch “surprise” issues tied to missing pre-launch controls; and percentage of models with human-in-the-loop controls when required.

4) Talent, Recruiting, and Internal Confidence

Top performers do not want to work in a company that treats AI like a toy and compliance like a nuisance. Mature governance creates psychological safety inside the organization: employees know what is permitted, what is prohibited, and how to raise concerns. It also improves recruiting because candidates, especially in technical roles, ask about responsible AI practices, data governance, and ethical guardrails. A compliance GenAI can support internal confidence by serving as the first-line “policy concierge,” answering questions with approved guidance, directing employees to the correct procedures, and logging common questions so Compliance can improve training and communications.

For compliance professionals, this fits squarely within the DOJ mandate for compliance to lead efforts in institutional justice and fairness. Some key KPIs you can track include training completion and comprehension metrics for AI use; the number of AI-related helpline inquiries and their resolution times; employee survey results on comfort raising AI concerns; and the percentage of AI use cases with documented business-owner accountability.

5) Lower Cost of Incidents and More Resilient Operations

AI incidents are rarely just “bad outputs.” They are process failures: poor data lineage, uncontrolled model changes, vendor opacity, missing logs, weak access controls, or no escalation path when harm appears. NIST AI RMF’s “measure” and “manage” functions emphasize monitoring, drift detection, incident response, and continuous improvement, which is precisely how you reduce the frequency and severity of failures. A compliance GenAI can support incident resilience by guiding teams through an AI incident response playbook, helping triage severity, ensuring evidence is preserved (audit logs, prompts, outputs, approvals), and generating lessons-learned reports that connect root cause to control enhancements.

For compliance professionals, this lesson is even more stark, as the ‘customers’ of a corporate compliance program are your employees. Some key KPIs you can track include the number of AI incidents by severity tier; mean time to detect and mean time to remediate; the percentage of high-impact models with drift-monitoring and alert thresholds; and the percentage of third-party AI providers subject to change-control notification requirements.

What “Mature Governance” Looks Like When You Are Building From Scratch

Do not start with a 60-page policy. Start with a few non-negotiables that scale:

  • Inventory and classification: Create a single inventory of GenAI assistants, ML models, and automated decision systems. Classify them by impact using EU AI Act concepts (high-impact versus low-impact) and your own business context.
  • Accountability and decision rights: Assign an owner for each system and require periodic attestations for the highest-risk categories.
  • Standard artifacts: Use lightweight model documentation, data lineage notes, and disclosure templates. If it is not documented, it does not exist for governance.
  • Human oversight and logging: Define when human-in-the-loop is mandatory and ensure logs capture who approved what, when, and why.
  • Third-party AI controls: Contract for transparency, audit support, change notification, and security requirements. Vendor opacity is not a strategy.

This is where ECCP thinking helps. The question is not whether you have a policy. The question is whether the policy is operationalized, tested, and improved. That is the bridge from compliance to competitive advantage.

If you want AI compliance to be a competitive advantage, treat it like a management system that produces evidence, not like a policy library that produces comfort. When governance becomes repeatable, the business can move faster, regulators become more confident, and customers see the difference. That is not a cost center. That is credibility you can take to the bank.

Categories
AI Today in 5

AI Today in 5: March 5, 2026, The AI ‘s Biggest Test Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Ending compliance bottlenecks with AI. (FinTechGlobal)
  2. AI surge will reshape compliance. (FinTechGlobal)
  3. Compliance first AI. (Cyberscoop)
  4. Trump, AI Data Centers, and the midterms. (CNBC)
  5. Healthcare is AI’s biggest test. (Time)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: March 5, 2026, The DOJ and State Bars Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Regulators need to catch up on private credit risk. (WSJ)
  • DOJ wants authority over state bar discipline. (NYT)
  • Head of UK police union arrested for corruption. (TheGuardian)
  • When part of compliance moves to protection. (FT)
Categories
Red Flags Rising

Red Flags Rising: S01 E38: “Fallen Chips” – GIR’s Estelle Atkinson on her Three-Part Report

Mike Huneke and Brent Carlson welcome Estelle Atkinson, a reporter with Global Investigations Review (GIR), to speak about her recent three-part series, “Fallen Chips,” published on January 26, 27, and 28, 2026 (linked in the show notes). They discuss how Estelle learned of the U.S. government investigation of Zenith Semiconductor in Chandler, Arizona (01:14); that company’s background (06:03); when employees started to realize that things were not quite right at the company and how that led to employees going to the FBI (08:19); how Estelle got to know the employees and why they were willing to help her with her story (10:30); how her experience illustrates more broadly the challenge companies have in responding to whistleblower reports or allegations (11:48); how diversion starts close to home, and is not always in some exotic “offshore” location (15:31); how U.S. administration policies to promote the export of the U.S. AI “stack” are not without controls or national security considerations (15:58); why success under America’s AI Action Plan and the American AI Export initiative will depend on effective, risk-based export controls compliance programs (16:21); the role of media in American life (19:14); why the standard PR or IR “playbook” of asserting “full compliance with the law” creates risks if companies aren’t expressly incorporating the full definition of “knowledge,” to include “an awareness of a high probability,” into export controls compliance (20:14); and what GIR readers can expect to see (or read) next from Estelle (20:49). Mike and Brent conclude with yet another installment of Brent Carlson’s “Managing Up” (22:39).

Resources:

GIR 

Fallen Chips Part I: Inside the FBI Raid that Rocked an Arizona Chip Start-Up (Jan. 26, 2026)

Fallen Chips Part II: Silicon Secrets and the Risks Hiding in Plain Sight (Jan. 27, 2026)

Fallen Chips Part III: The Fault Lines of the US-China Tech War (Jan. 28, 2026)

More about:

Estelle: https://globalinvestigationsreview.com/authors/estelle-atkinson

Contact Estelle: estelle.atkinson@globalinvestigationsreview.com

Contact Brent: brent@redflagsrising.com

Contact Mike: michael.huneke@morganlewis.com

Categories
Daily Compliance News

Daily Compliance News: March 4, 2026, The Knickers in a Twist Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The Trump Administration reverses itself on law firm attacks. (WSJ)
  • Top aides to the Secretary of Labor were forced out amid misconduct allegations. (NYT)
  • Fintech sanctions compliance and Iran. (AmericanBanker)
  • The Live Nation Anti-Trust trial. (Reuters)