Categories
Fox on Podcasting

Fox on Podcasting – The Journey of Professor Anika Jackson: From Club Promoter to Podcasting Professor

Join Tom Fox as he explores the world of podcasting, and get ready to be inspired to start your own podcast. In this episode, Tom is joined by Professor Anika Jackson, a dynamic figure in the podcasting world and an educator at the University of Southern California.

Anika shares her journey from club promoter in Kansas City to esteemed podcast consultant and educator. She discusses her extensive background in event hosting, her transition into radio and podcasting, and the foundation of her consulting firm, Your Brand Amplified. Anika elaborates on her teaching roles at USC, where she instructs students on the business and craft of podcasting, emphasizing the importance of personal branding and building a sustainable podcasting career. She also touches on her philanthropic efforts in education, her holistic approach to life, and her collaboration with a former Zen monk on their podcast, Zen Power Hour. Join the conversation to explore the multifaceted career of Anika Jackson and gain insights into the impactful world of podcasting.

Key highlights:

  • Professor Jackson’s Journey into Podcasting
  • From Radio to Podcasting
  • Building a Podcasting Business
  • Academia and Podcasting
  • Holistic and Purpose-Driven Leadership

Resources:

 Anika Jackson on LinkedIn

Your Brand Amplified website

Your Brand Amplified podcast

Artwork

Elaine Capers

Art by Elaine

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: January 23, 2026, The Greatest AI Challenge Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  • South Korea adds new AI regulations. (Reuters)
  • Vietnam updates IP & AI law. (Rouse)
  • AI’s greatest challenge is managerial, not technical. (Bloomberg)
  • With AI, compliance data is more valuable than ever. (FinTechGlobal)
  • AI assists retailers in stopping return fraud. (CBS News)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: January 23, 2026, The Lying Liars Who Lie Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • FirstEnergy’s reputation for telling the truth is still trashed. (Cleveland.com)
  • The black box of AI hiring decisions. (NYT)
  • Supreme Court balks at Trump’s attempt to control the Fed. (WSJ)
  • What happens when the dog bites (or even eats) its tail? (FT)
Categories
Blog

Returning to Venezuela: Part 5 – AML Risk and the Final Compliance Test

In this five-part series, I have walked through the core compliance risks US energy companies will face as they consider a return to Venezuela. We began with bribery and corruption and the long shadow of PdVSA (Parts 1 & 2). We moved through export controls (Part 3), security risks (Part 4), and the broader operational and strategic challenges of working in one of the most complex risk environments in the world. But this final post is different. Money laundering risk is not simply another risk category. It is the connective tissue that binds all the others together.

If bribery is how improper value enters the system, money laundering is how it is disguised, moved, and legitimized. If export control violations create pressure to reroute goods or payments, money laundering techniques make that rerouting possible. If security risks require local intermediaries, cash payments, or opaque vendors, those same decisions create AML exposure. For the compliance professional, money laundering risk in Venezuela is the capstone test of whether the program actually works.

The Regulatory Frame: FinCEN, ECCP, and Correspondent Banking Reality

Any AML discussion must start with expectations. US regulators have been explicit. The AML program pillars articulated by the Financial Crimes Enforcement Network (FinCEN) are not optional abstractions. They are operational requirements: risk-based controls, internal policies, independent testing, training, and designated responsibility.

Overlay that with the Department of Justice Evaluation of Corporate Compliance Programs (ECCP), which asks whether controls are designed, implemented, tested, and actually effective. Then add the reality of correspondent banking risk. Even if a US energy company does not directly move funds through US banks, its banking partners will apply US standards. Banks do not absorb Venezuela’s risk on behalf of their customers. They de-risk. Compliance failures upstream become frozen accounts downstream. This is why AML must be treated as an enterprise risk, not a compliance side project.

Operating Under Licenses Does Not Reduce AML Risk

This blog assumes that operations occur under general licenses, specific licenses, or wind-down authorizations issued by the Office of Foreign Assets Control. That matters for sanctions analysis, but it does not reduce AML exposure. Licenses permit activity. They do not cleanse counterparties, validate payment flows, or excuse weak controls. In fact, licensed activity often attracts heightened scrutiny because regulators know companies will push forward aggressively once permission is granted.

In Venezuela, licensed operations still involve high-risk state actors, politically exposed persons, weak financial institutions, and a long history of financial opacity. From an AML perspective, licenses are a starting gun, not a shield.

PdVSA as a Multi-Vector AML Risk

As we have previously noted, PdVSA must be treated not as a single counterparty risk but as multiple overlapping AML risk vectors. First, there is trade-based money laundering. Oil shipments are uniquely vulnerable to pricing manipulation, volume misstatements, phantom cargoes, and circular trading. In Venezuela, these risks are amplified by distressed infrastructure, a history of sanctions, and reliance on intermediaries.

Second, there is an intermediary risk. Shipping companies, charterers, port agents, and customs facilitators often operate through layered ownership structures. The farther one moves from the wellhead, the less transparency exists. Third, there is a risk to the payment structure. Delayed payments, in-kind arrangements, and third-country settlement accounts create fertile ground for laundering illicit proceeds. When oil becomes currency, AML controls must follow the barrel, not the invoice.

Venezuelan, Crypto, and Third-Country Banking Risk

Venezuelan banks operate under severe constraints. Many lack robust AML systems, and even well-intentioned institutions face talent shortages and technology gaps. As a result, payments often move through third-country banks. These arrangements create several red flags: unusual routing, non-USD transactions, inconsistent settlement timelines, and opaque beneficiary information. Each red flag increases the likelihood of SAR filings and banking friction. Compliance professionals must understand that correspondent banks apply their own risk lens. If they are uncomfortable, they will exit. That operational disruption becomes a compliance failure.

Crypto and alternative payment mechanisms are not edge cases in Venezuela. They are practical responses to currency instability, banking limitations, and sanctions pressure. From an AML standpoint, crypto introduces wallet anonymity, cross-border velocity, and limited recourse once funds move. Any use of crypto, whether by the company or its third parties, must be explicitly prohibited or tightly controlled. Silence is not neutrality. Silence is exposure.

Third Parties: Where AML, Bribery, and Security Collide

Local agents, logistics providers, customs brokers, and security vendors represent the highest combined risk in Venezuela. These third parties often operate in cash-intensive environments, maintain close ties to government actors, and perform functions critical to business continuity. Family-owned and politically connected vendors demand enhanced due diligence. That means beneficial ownership verification, source-of-funds analysis, ongoing monitoring, and contractual audit rights. Initial diligence alone is insufficient. Relationships evolve, and risk escalates quickly.

This is where the bribery blog, the security blog, and this AML blog converge. The same third party that creates bribery risk also creates money laundering risk. Controls must be integrated, not siloed.

The Operational Reality: This Is Manageable If You Manage It

Despite these risks, this is not a counsel of despair. US companies have operated in high-risk jurisdictions before. The key is realism. AML programs in Venezuela cannot rely on annual certifications, static risk assessments, or generic policies. They require transaction-level visibility, real-time escalation, and empowered compliance personnel. Friction with the business is inevitable and necessary.

Venezuela-Specific AML Operational Checklist

Below is a practical, compliance-focused checklist for operating in Venezuela:

Risk Assessment

  • Conduct a Venezuela-specific AML risk assessment tied to operations, not geography alone
  • Map payment flows end-to-end, including third-country routing
  • Identify trade-based money laundering scenarios tied to oil shipments

Policies and Controls

  • Prohibit unauthorized crypto usage explicitly
  • Require documented economic justification for all intermediaries
  • Establish clear escalation thresholds for delayed or rerouted payments

Third-Party Due Diligence

  • Perform enhanced due diligence on all local agents, logistics providers, customs brokers, and security vendors
  • Verify beneficial ownership and political exposure
  • Assess the source of funds and expected transaction behavior

Transaction Monitoring

  • Monitor oil pricing, volumes, and delivery discrepancies
  • Flag unusual settlement patterns or changes in banking instructions
  • Integrate AML alerts with sanctions and export control monitoring

Training and Culture

  • Provide targeted AML training for operations, finance, and procurement teams
  • Reinforce speak-up mechanisms tied to payment and logistics concerns

Testing and Auditing

  • Conduct targeted audits focused on high-risk transactions
  • Test controls against realistic laundering typologies
  • Document remediation and program enhancements

AML as the Series Capstone

This series has shown that returning to Venezuela is not a single compliance decision. It is a systems test. Money laundering risk sits at the center of that test because it exposes weaknesses everywhere else. If your AML program can function effectively in Venezuela, it can function anywhere. If it cannot, no license, policy, or assurance letter will save it. This is doable. But only if compliance is brought in early, appropriately resourced, and empowered to say yes, if.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 22 – Level of Due Diligence

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 22 episode, we consider the levels of due diligence you should use when investigating third parties.

Key highlights:

  • What are the levels of Due Diligence?
  • When is each level appropriate?
  • Key Takeaways

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Daily Compliance News

Daily Compliance News: January 22, 2026, The Compliance Officers Fired Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Malaysia charges 2 top military officers with corruption. (Reuters)
  • WH backs off from controlling the new DOJ Fraud Division. (BloombergLaw)
  • CEOs say AI is working; employees are not so sure. (WSJ)
  • Compliance officers fired over trader terminations. (Bloomberg)
Categories
AI Today in 5

AI Today in 5: January 22, 2026, The AI Compliance Blindspot Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. CEOs say AI is working; employees are not so sure. (WSJ)
  2. The AI Compliance Blindspot. (UCToday)
  3. Bots are now making college acceptance decisions. (Bloomberg)
  4. AI is helping mid-market banks meet compliance obligations. (NLR)
  5. Apple is developing a wearable pin. (TheInformation)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

Returning to Venezuela: Part 4 – From Physical Security to Enterprise Risk

In this five-part series, I have walked through the core compliance risks US energy companies will face as they consider a return to Venezuela. We began with bribery and corruption and the long shadow of PDVSA (Parts 1 & 2), then moved to export controls (Part 3).

Today, we consider the security risks and the broader operational and strategic challenges of working in one of the most complex risk environments in the world. For many compliance professionals, “security” still conjures images of guards, gates, and cameras. It is treated as an operational afterthought or a line item buried somewhere between facilities and travel. The conversation I recently had with Marc Duncan, COO at Salus Solutions, should permanently disabuse compliance officers, boards, and senior executives of that narrow view. As Duncan describes it, security is not a physical function. It is an enterprise risk discipline. It is continuous monitoring at its purest. And it is inseparable from culture, governance, and decision-making authority.

For compliance professionals, especially those operating globally or in volatile environments, this conversation offers a masterclass in how risk really works when theory collides with reality.

The First Compliance Failure: Thinking You Already Know the Risk

One of the most striking observations Duncan makes is also one compliance professionals hear far too often after a failure: “We did not see that coming.” As Duncan notes, that usually means the organization was not looking. They had a preconceived notion of their threats, locked onto a narrow risk model, and failed to challenge their assumptions. This is a classic compliance failure. Risk assessments that confirm management’s beliefs instead of testing them are not risk assessments. They are comfort exercises.

True threat assessment, whether physical, cyber, financial, or reputational, begins with abstraction. You step back, examine the environment holistically, and then break it down across functions. Duncan’s approach mirrors what the DOJ expects from a mature compliance program: financial risk, personnel risk, operational risk, cyber risk, structural risk, and external conditions assessed together, not in silos. Compliance professionals should take note. If your risk assessment is static, annual, and checklist-driven, you are already behind.

An additional framework compliance professionals should consider integrating into this approach is Threat and Hazard Identification and Risk Assessment (THIRA). While THIRA originated in the public sector and homeland security context, its core discipline translates directly to corporate compliance and enterprise risk management. THIRA forces organizations to first identify credible threats and hazards, assess their likelihood and impact, and only then evaluate existing capabilities and gaps. The discipline prevents the most common compliance failure: designing controls around assumed risks rather than actual ones.

A THIRA has three key steps:

  • Identify Threats and Hazards: Identify the threats and hazards that could impact them. These can include natural disasters such as hurricanes and earthquakes, technological hazards such as power outages, and human-caused events such as terrorism.
  • Assess Impacts: Once threats and hazards are identified, assess the potential impacts of these events. This involves understanding how these threats could affect people, property, and the environment.
  • Determine Capabilities: Based on the assessed impacts, determine the capabilities they need to address these threats and hazards. This includes identifying gaps in current capabilities and planning for resource allocation and training.

Used properly, THIRA complements a compliance risk assessment by grounding it in real-world scenarios, stress-testing assumptions, and aligning resources to consequence rather than convenience. In practice, compliance teams can use THIRA-style analysis to model disruptive events, validate whether policies and response plans would function under pressure, and ensure that authority, communications, and escalation protocols actually work in dynamic conditions. Like Duncan’s threat hub, THIRA is most effective when it is iterative, cross-functional, and embedded into daily decision-making rather than treated as a one-time exercise.

Continuous Monitoring Is Not a Buzzword in a Crisis Zone

In compliance circles, we often talk about continuous monitoring and continuous improvement. In high-risk environments, Duncan explains, these are not aspirational concepts. They are daily survival requirements. Threats change by the hour. Routes become unsafe. Infrastructure fails. Information degrades. Misinformation spreads intentionally. As Duncan makes clear, relying on sanitized reports or publicly available data alone is insufficient, particularly in places like Venezuela, where reliable information can be scarce and manipulated.

For compliance professionals, the parallel is obvious. If your organization relies solely on lagging indicators, static dashboards, or once-a-year training, you are operating on yesterday’s intelligence. A mature compliance program must be dynamic, responsive, and empowered to change course quickly.

Authority Matters More Than Policy

One of the most underappreciated insights in the discussion is the emphasis on delegated authority. Duncan is blunt: security teams must be empowered to make changes on the fly. Operations teams often resist this because they have a plan for the day. But rigid plans fail in dynamic environments. Compliance professionals should see themselves clearly in this description. How often does compliance identify a risk, only to be overruled by operational convenience? How often does policy exist without authority to enforce or adapt it?

This is not merely an execution issue. It is a governance failure. If compliance, security, or risk professionals lack real authority, then the program exists in name only.

Boards Are Often the Weakest Link

Perhaps the most candid portion of the conversation is Duncan’s discussion of boards of directors. Boards understand that risk exists, but they often do not understand their lane. Worse, they sometimes overstep based on assumptions rather than expertise, thereby influencing the organization’s security and risk culture to its detriment. This should resonate deeply with compliance professionals. Many compliance failures originate at the policy level. Boards check in periodically, hear a summary, and move on. They rarely engage with the complexity of the operating environment or the second- and third-order consequences of their decisions.

Duncan advocates for an ongoing relationship with boards or policy groups, not episodic briefings. Education is continuous. Risk is dynamic. Governance must keep pace. For compliance officers, this reinforces a critical point: board engagement is not about presentations. It is about sustained dialogue, shared understanding, and clearly articulated risk tolerance.

Culture Is Defined by Accepted Loss

One of the most insightful compliance lessons emerges from Duncan’s discussion of risk acceptance, particularly in the energy sector. Every organization accepts some level of loss. The problem arises when that acceptance is implicit, unexamined, or outdated. Compliance professionals should recognize this immediately. Risk tolerance that is not written down, debated, and revisited becomes invisible policy. It shapes behavior without accountability.

Duncan’s approach is instructive. He pushes organizations to explicitly articulate acceptable loss, document it, and use it as a guideline. When conditions change, that tolerance must be reassessed at the policy level. This is exactly how compliance culture should function. Silence is not neutrality. It is permission.

Security Is Not Just Physical: Insider Threats and Human Risk

If compliance professionals think security stops at the perimeter, Duncan quickly disabuses them of that notion. Insider threats loom large. Alcoholism, substance abuse, personal stressors, and poor life choices can all create vulnerabilities. So can espionage, coercion, and cultural dysfunction.

This is compliance territory. Training that treats employees like mushrooms kept in the dark will fail. Effective programs connect behavior to consequences: personal, professional, financial, and reputational. Duncan’s emphasis on “wholesome” training aligns with modern compliance expectations. Employees must understand not just what is prohibited, but why it matters, how it affects the organization, and how it exposes them personally.

Partnering with Locals: A Lesson in Third-Party Risk

One of the most counterintuitive lessons for many executives is the need to partner with local communities, vendors, and even security forces. Cutting locals out of economic participation breeds sabotage and resentment. Compliance professionals should immediately recognize the parallel to third-party risk management. Isolation does not reduce risk. Engagement does. Oversight, contracts, inspections, and partnerships create shared incentives and stability.

Whether it is food supply, logistics, or perimeter security, Duncan emphasizes layered controls and local investment. This is not unlike building a resilient third-party ecosystem rather than relying on transactional relationships.

The Threat Hub: A Compliance Blueprint

Perhaps the most transferable concept for compliance professionals is the “threat hub.” Duncan describes a cross-functional, daily forum where representatives from legal, finance, operations, security, and other functions review threats, vulnerabilities, and operational changes. This is what an effective compliance program should look like. Not a standalone department issuing policies, but an integrated function embedded across the organization, sharing intelligence, and adapting in real time.

Finally, Duncan issues a challenge that every compliance officer should take seriously: crisis exercises will break you. They expose gaps in policy, logistics, communications, authority, and preparedness that no binder ever reveals. Compliance professionals often assume crisis plans are adequate because they exist. Duncan’s experience says otherwise. Without realistic testing, organizations are unprepared when it matters most.

Final Thoughts

This conversation makes clear that security, compliance, and risk are not separate disciplines. They are different lenses on the same problem: how organizations survive and succeed in uncertain environments.

For compliance professionals, the takeaway is simple but uncomfortable. Static programs fail. Assumptions kill preparedness—authority matters. Culture is shaped by what leaders tolerate. And boards must be educated partners, not distant overseers. In high-threat environments, failure is immediate and unforgiving. In corporate compliance, it is slower, but no less certain.

The choice, as always, is whether to learn before the crisis or after it.

Join us tomorrow for Part 5 as we conclude our series by looking at AML risks associated with returning to Venezuela.

Categories
It's art

It’s Art, Let’s Talk About It – Unveiling the Timeless Art of A.R. Mitchell: An In-Depth Conversation with Allyson Sheumaker

In this episode of ‘It’s Art. Let’s Talk About It,’ Darrell Beauchamp engages with Allyson Sheumaker, the Executive Director of the A.R. Mitchell Museum of Western Art in Trinidad, Colorado.

They dive deep into the history, legacy, and incredible body of work of Arthur Roy Mitchell, fondly known as Mitch. Known for his striking and vibrant illustrations for pulp Western magazines in the early 20th century, Mitchell’s art is celebrated for its vivid color and unique style. Allyson offers a fascinating look at Mitchell’s life, his reluctance to sell his art, and his significant contributions to the art world. The discussion explores the journey of putting together an extensive exhibition showcasing Mitchell’s works, which include illustrations, landscapes, nocturnes, and personal memorabilia. This in-depth conversation provides listeners with insights into the importance of preserving and promoting the work of lesser-known yet significant artists like A.R. Mitchell.

Key highlights:

  • The Legacy of A.R. Mitchell
  • R. Mitchell’s Early Life and Career
  • Mitchell’s Art and Illustrations
  • The A.R. Mitchell Museum: Origins and Mission
  • The Mac Cowboys and Their Connection to Trinidad
  • The Exhibition: Development, Highlights, and Visitor Experience

Resources:

Follow A.R. Mitchell Museum of Western Art

Categories
AI Today in 5

AI Today in 5: January 21, 2026, The 9 AI Risks Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. 9 AI risks you should be aware of. (The News Tribune)
  2. The US is a global FinTech hub. (FinTech Global)
  3. The memory crunch is real. (Bloomberg)
  4. Clio was hit with a countersuit. (Reuters)
  5. Healthcare, AI, and pharma. (CNBC)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.