Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 13 – Policies and Procedures

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In this Day 13 episode, we review the importance of having well-crafted compliance policies and procedures as the foundation of a robust compliance program.

Key highlights:

  • Importance of Compliance Policies
  • Key Elements of Compliance Policies
  • Assessment and Evolution of Policies

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

Greek Philosophers Week: Part 2 – Plato and Building Ethical Governance Systems

In Part 2, we continue our exploration of the origins of the modern corporate compliance organization, tracing them back to the ancient Greek philosophers, including Plato. Socrates teaches the compliance professional how to ask the right questions. But questions alone do not protect an organization. They must be translated into governance, structure, and systems that endure. That is where Plato becomes indispensable to the modern compliance conversation.

Plato’s great concern was not whether people could articulate values, but whether societies could be structured to sustain them. His work, particularly The Republic, focuses on justice, leadership, and the design of institutions that align individual behavior with the collective good. For corporate compliance professionals, this is familiar terrain. The DOJ Evaluation of Corporate Compliance Programs (ECCP) is fundamentally a governance document. It asks whether companies have built systems that make ethical behavior the default rather than the exception.

If Socrates is the conscience of the compliance function, Plato is its architect. Think Joe Murphy and his weekly compliance newsletter, Compliance & Ethics: Ideas and Answers.

From Ethical Inquiry to Institutional Design

Plato understood a core truth: that good intentions fail without structure. In the Allegory of the Cave, Plato describes people mistaking shadows for reality because the system around them reinforces illusion. In corporate compliance, the same dynamic occurs when incentives, reporting lines, and performance metrics reward behavior that quietly contradicts stated values.

The ECCP repeatedly asks whether a company’s compliance program is “well designed.” That phrase is not accidental. Prosecutors examine reporting structures, escalation pathways, authority, and resources because ethics without governance is aspirational theater. Plato would recognize this immediately. Justice, in his view, emerges when each part of a system performs its proper role in harmony with the whole.

Daily compliance operations live or die by this design. A hotline without investigation authority, training without consequence management, or policies without ownership all create shadows on the wall. Plato teaches that governance must align form and function.

Justice as Consistency, Not Sentiment

Plato’s conception of justice is not emotional. It is structural. Justice exists when rules are applied consistently, and roles are respected. That lesson maps directly onto compliance enforcement and discipline. The ECCP places heavy emphasis on consistent discipline across the organization, including senior management, and asks the following question: Have disciplinary actions and incentives been fairly and consistently applied across the organization? Does the compliance function monitor its investigations and resulting discipline to ensure consistency? Are there similar instances of misconduct that were treated disparately, and if so, why? What metrics does the company apply to ensure consistency of disciplinary measures across all geographies, operating units, and levels of the organization?

This is Organizational Justice. Regulators know that selective enforcement erodes credibility faster than almost any policy failure. Employees watch how decisions are made. They see who is protected and who is expendable. In daily operations, this requires compliance professionals to insist on fairness even when outcomes are uncomfortable. Investigations must follow evidence, not hierarchy. Remediation must address systemic failures, not just individual misconduct. Plato reminds us that justice perceived as arbitrary is, by another name, injustice.

Governance Structures Are Ethical Decisions

Plato believed that leadership structure determined ethical outcomes. His concept of philosopher-kings was not an elitist fantasy. It was an argument that power should rest with those who possess both knowledge and virtue. Modern compliance programs face a parallel challenge. Who owns compliance? To whom does it report? Does compliance have direct access to the board? Can it act independently of revenue pressure? These are not administrative questions. They are ethical ones.

The ECCP explicitly evaluates whether compliance has sufficient autonomy, stature, and authority. Does a corporate compliance function have (1) sufficient qualifications, seniority, and stature (both actual and perceived) within the organization; (2) sufficient resources, namely, staff to undertake the requisite auditing, documentation, and analysis effectively; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.

A compliance program buried several layers below decision-makers may exist on paper, but it cannot function effectively. Plato would argue that such a structure inevitably leads to injustice, regardless of intent. In practice, this means compliance leaders must engage in governance conversations, not just operational tasks. Reporting lines, committee charters, and escalation protocols shape behavior long before a policy is breached.

Education, Culture, and Ethical Formation

Plato placed enormous emphasis on education as the foundation of a just society. He understood that laws and punishments alone do not produce ethical citizens. Formation matters. The ECCP reflects this insight by focusing on training effectiveness, communication, and culture. The key is effectiveness. In training, the DOJ asks the following question: Has the training been offered in a format and language appropriate for the audience? Are the company’s training and communications tailored to the particular needs, interests, and values of relevant employees? Is the training provided online or in-person (or both), and what is the company’s rationale for its choice? This means prosecutors will ask whether training is tailored, interactive, and aligned with real-world risk. Checkbox training produces compliance in name only.

Daily compliance work must therefore treat education as formation rather than instruction. Training should reinforce ethical reasoning, not just rules. Communications should explain why standards exist, not merely what they prohibit. Plato teaches that culture is cultivated deliberately, not imposed.

The Cave and Ethical Blindness in Organizations

Perhaps Plato’s most powerful contribution to compliance thinking is the Allegory of the Cave. It explains how intelligent people can remain blind to obvious risk when systems reinforce false narratives.

In corporate settings, ethical blindness often arises from success. When revenue grows and deals close, warning signs are rationalized. Compliance concerns become shadows, dismissed as theoretical or pessimistic. The ECCP’s focus on continuous improvement and periodic testing is a direct response to this risk. Compliance professionals must act as those who have seen the light and returned to the cave, even when their message is unwelcome. Plato warns that truth-tellers are rarely celebrated. Yet without them, organizations mistake comfort for compliance.

5 Key Takeaways for the Compliance Professional

1. Ethical inquiry must be translated into governance.

Asking the right questions is essential, but compliance programs fail when inquiry does not result in structural change. Plato teaches that ethics must be embedded in systems, reporting lines, and decision-making authority. The ECCP reinforces this by evaluating program design, autonomy, and oversight. Compliance professionals must ensure that insights from risk assessments and investigations lead to governance adjustments. Without that translation, ethical awareness fades, and misconduct reemerges under familiar pressures.

2. Justice in compliance is consistency, not discretion.

Plato’s concept of justice demands consistent application of rules regardless of status or performance. The ECCP mirrors this expectation by scrutinizing discipline across seniority levels. Daily compliance operations must reinforce fairness through objective investigations, documented decisions, and transparent remediation. Selective enforcement undermines trust, weakens culture, and signals that ethics are negotiable. Justice must be structural, not situational.

3. Reporting lines and authority are ethical decisions.

Where compliance sits in the organization determines whether it can function effectively. Plato understood that leadership structure shapes outcomes. The ECCP evaluates compliance independence because authority enables ethical action. Compliance professionals must engage in governance discussions to ensure direct access to decision-makers and the board. Without structural authority, even well-intentioned programs become symbolic.

4. Training is ethical formation, not information delivery.

Plato emphasized education as the foundation of justice. Compliance training should shape ethical reasoning, not merely convey rules. The ECCP expects tailored, risk-based training connected to real-world scenarios. Daily operations should reinforce values through ongoing communication and leadership modeling. Culture forms through repetition and example, not annual courses.

5. Ethical blindness thrives in poorly designed systems.

The Allegory of the Cave explains how organizations normalize risk when systems reward illusion. Compliance professionals must challenge comfortable narratives and continuously test assumptions. The ECCP’s focus on monitoring and improvement reflects this need. Plato reminds us that ethical failure often begins with structural blindness, not bad intent.

From Plato to Aristotle: From Structure to Execution

Plato gives compliance professionals the blueprint. He shows how governance structures, justice systems, and educational frameworks translate ethical ideals into organizational reality. But even the best-designed systems fail if they are not used daily.

That is where Aristotle enters the conversation. Aristotle shifts the focus from ideal structures to practical execution, from governance to habit, judgment, and decision-making at the operational level. If Plato teaches us how to design ethical systems, Aristotle teaches us how people actually behave within them. That transition mirrors the next stage in compliance maturity, where structure meets reality and ethics become a matter of daily choice.

Join us tomorrow in Part 3 to find out how.

Categories
PodFest Expo 2026 Speaker Series Preview

Podfest Expo 2026 Speaker Preview Series: Simona Costantini on Keeping your Podcast Going

In this episode of the Podfest Expo 2026 Speaker Preview Podcasts series, Tom Fox visits with Simona Costantini, founder and CEO of VOLT Productions and Executive Producer and Host of Happiness Happens and As It Relates to Podcasting. They discuss her panel at Podfest Expo 2026 titled “Going Beyond the Mic.” Some of the highlights in this podcast are:

  • Her role in the world of podcasting.
  • Her panel at PodFest Expo will discuss the systems and processes to keep your production going.
  • What she hopes to get out of PodFest Expo 2026 and why you should attend.

I hope you can join us at Podfest Expo 2026, hosted by Podfest Global. This year’s event will be the 12th anniversary and will be held January 15-18, at the RENAISSANCE ORLANDO AT SEAWORLD® in Orlando, Florida. The lineup of this year’s event is simply first-rate, with some of the top names in podcasting.

Podfest Expo is a community of people interested in and passionate about sharing their voices and messages with the world through powerful audio and video mediums. We’re proud to unite as many people as possible to learn, get inspired, and grow better together.

Podfest Expo is so much more than just a conference. While we pride ourselves on featuring the most engaging speakers, exciting topics, and in-depth content, what sets the Podfest Expo event apart from all others is the tight-knit community we’ve been building since 2013. You don’t just attend a Podfest event—you become part of the Podfest family.

Whether you’re new to podcasting or a veteran podcaster looking to innovate and improve your podcast, our easy-to-understand Conference Topics allow you to customize a daily agenda based on what you’re most interested in learning. No matter your skill level or experience, Podfest Expo 2026 has plenty to offer!

Please join us at the event. For information on the event, click here. As an extra benefit for listeners of this podcast, Podfest Expo is offering 10% off any ticket level. Enter the discount code Fox2026 or visit this link.

Podfest Expo 2026 is a production of Podfest Global, which is the sponsor of this podcast series.

Categories
All Things Investigations

All Things Investigations – Navigating Compliance Challenges in Venezuela’s Energy Sector

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox welcomes back Mike DeBernardis to discuss the implications of entering Venezuela for energy companies and the historical precedents.

They explore the return of US energy companies to the Venezuelan market and historical precedents, such as the Iraq Oil-for-Food Program, post-2003 Iraq, and the 1990s Russian market opening, to identify the risks and the necessary compliance measures. Key insights include the importance of stringent third-party controls, understanding the nuances of dealing with state-owned entities such as PdVSA, and having a robust risk management strategy. The conversation underscores the critical need for compliance professionals to thoroughly understand business operations to build effective compliance programs in high-risk environments.

Key highlights:

  • Challenges and Opportunities in Venezuela
  • Historical Parallels: Iraq Oil for Food Program
  • Lessons from Post-2003 Iraq
  • Comparing Venezuela to 1990s Russia
  • Counseling Clients on High-Risk Opportunities

Resources:

Hughes Hubbard & Reed website

Mike DeBernardis

Categories
AI Today in 5

AI Today in 5: January 12, 2026, The Turning Comms into Compliance Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Google takes the lead in the AI race. (WSJ))
  2. Healthcare is the next big market for AI. (Bloomberg)
  3. Google removes certain AI reviews. (Yahoo!Finance)
  4. Turning comms into AI value compliance. (FinTech Global)
  5. AI is helping to fight written check fraud. (FinTech Global)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available.  You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: January 12, 2026, The Corruption is Free Speech Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • FirstEnergy defendants in Ohio say corruption is simply ‘free speech’. (Ohio Capitol Journal)
  • Corruption allegations rock Cyprus. (Politico)
  • Venezuelans say Trump ‘too corrupt’. (Fortune)
  • Florida MAGA ‘queasy’ over Trump corruption. (AlterNet)
Categories
FCPA Compliance Report

FCPA Compliance Report: Going into Venezuela, Navigating the Corruption Risks, a Conversation with Matt Ellis

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. We take a short break from our 2-part series with Mike Volkov to review the issues arising from the Trump Administration’s invasion of Venezuela. Matt Ellis joins Tom Fox to look at what all this means for companies looking to do business in Venezuela.

They discuss the complex landscape of doing business in Venezuela, focusing on the rampant corruption, security challenges, and the implications of U.S. sanctions. They explore the risks associated with engaging with the national oil company, PdVSA, and the broader implications for U.S. companies considering re-entry into the Venezuelan market. The conversation also touches on Cuba’s role, international organizations, and the potential for infrastructure rebuilding in Venezuela, emphasizing the need for long-term strategies and careful risk management.

Key highlights:

  • Navigating Corruption and Security Risks in Business
  • Banking and Money Laundering Concerns
  • Cuba’s Role and Sanctions Implications
  • International Organizations and Corruption Regulations
  • Infrastructure Rebuilding in Venezuela
  • Long-term Strategies for Companies

Resources:

Matt Ellis on LinkedIn

Miller & Chevalier LLC

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 12 – The Importance and Construction of a Corporate Code of Conduct

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. This Day 12 episode explores the critical value and construction of a corporate Code of Conduct, explaining its evolution from a legalistic document to a cornerstone of compliance programs.

Key highlights:

  • Introduction to Code of Conduct
  • Regulatory Expectations and Guidelines
  • Crafting an Effective Code of Conduct

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

Greek Philosophers Week: Part 1 – Socrates and the Asking Questions

I have long wanted to trace the origins of the modern corporate compliance organization back to the ancient Greek philosophers, drawing lessons for compliance and ethics in 2026 and beyond. Today, I begin a five-part series where I do just that. In this series, we will consider Socrates, Plato, Aristotle, Pythagoras, and Euclid. We start with Socrates.

Socrates left no writings of his own. What he left was a method. He believed wisdom began with recognizing what one did not know and then relentlessly testing assumptions through disciplined questioning. That approach maps directly onto the daily work of the compliance professional. Risk assessments, investigations, root cause analysis, culture reviews, and even board reporting all rise or fall based on the quality of the questions asked.

Every effective compliance program begins with a question. Not a policy. Not a control. Not a dashboard. A question. That insight alone makes Socrates the right place to start any serious discussion about the influence of ancient Greek philosophy on modern corporate compliance and ethics programs.

The Department of Justice’s Evaluation of Corporate Compliance Programs (ECCP) does not use the word “Socratic,” but its expectations are unmistakably aligned with Socratic inquiry. Prosecutors repeatedly ask whether a company understands its risks, tests its assumptions, challenges its controls, and adapts when reality changes. A compliance program that does not ask hard questions is not mature. It is merely quiet. Indeed, Hui Chen, the author of the original ECCP, has said that a key purpose of the ECCP was to get compliance professionals to ‘ask questions’.

Ethical Inquiry as a Compliance Obligation

Socrates believed that unexamined beliefs were dangerous. He challenged Athenian leaders not because he enjoyed disruption, but because false confidence creates harm. In a corporate setting, the same risk exists when executives assume that a policy equals compliance or that training completion equals ethical behavior.

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

These questions are fundamentally Socratic. It demands inquiry into how the business actually operates, where pressure points exist, and how misconduct could realistically occur. A compliance function that accepts management narratives at face value fails this test.

Daily compliance operations depend on this discipline. When reviewing third-party relationships, a Socratic compliance officer does not ask whether due diligence was performed. They ask whether it was sufficient, whether red flags were rationalized, and whether business incentives distorted judgment. That is inquiry, not administration.

Challenging Assumptions Without Becoming the Enemy

Socrates was executed because his questioning made powerful people uncomfortable. Compliance professionals face a less dramatic, but no less real, version of that tension. The role requires challenging assumptions, even when doing so slows deals, complicates reporting lines, or disrupts revenue projections.

The ECCP specifically evaluates whether a corporate compliance function has sufficient staff to audit, document, analyze, and utilize the results of the corporation’s compliance efforts. Prosecutors should also determine “whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it. Does the company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated.”

Those structural questions exist because DOJ understands that inquiry without protection is performative. If compliance professionals cannot safely ask uncomfortable questions, the program is cosmetic.

In daily operations, this plays out in subtle ways. Does compliance have the authority to pause a transaction? Can investigators follow evidence wherever it leads? Are audit findings welcomed or explained away? A Socratic approach demands that compliance leaders test these realities rather than assume the answer.

The Socratic Method in Investigations and Root Cause Analysis

Socrates did not accept the first answer offered. He pushed deeper, often exposing contradictions or incomplete reasoning. That approach is directly applicable to investigations and root cause analysis. The ECCP places significant emphasis on whether companies understand why misconduct occurred and whether remediation addresses underlying causes. Too many investigations stop at identifying who violated a policy. Echoing Jonathan Marks, Socratic investigation asks why the violation made sense to the individual at the time. What pressures existed? What incentives misaligned behavior? What controls failed or were bypassed?

This type of inquiry requires patience and courage. It also involves trust from leadership. Findings may implicate management decisions, cultural signals, or compensation structures. Socrates reminds us that truth-seeking is rarely comfortable, but it is essential to ethical improvement.

Culture Is Revealed by the Questions You Allow

Socrates believed that a society’s health could be measured by its openness to questioning. The same is true for corporate culture. The questions employees feel safe asking reveal more than any values statement. The ECCP now explicitly asks companies to explain how they measure and address culture. The ECCP states, “Prosecutors should also assess how the company has leveraged its data to gain insights into the effectiveness of its compliance program and otherwise sought to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Surveys, hotline data, and exit interviews are tools, but they are meaningless without inquiry. Key questions include: Are employees encouraged to speak up? Are concerns investigated thoroughly? Are outcomes communicated? Is retaliation punished?

In daily compliance practice, this means listening as much as enforcing. A Socratic compliance program does not treat employee concerns as noise to be managed. It treats them as data points to be explored. The quality of questions asked in response to a report often determines whether trust is strengthened or destroyed.

5 Key Takeaways for the Compliance Professional

1. Effective compliance begins with inquiry, not documentation.

A compliance program does not become effective simply because policies exist or training is completed. Effectiveness begins when compliance professionals consistently ask how misconduct could realistically occur within their organization. This requires challenging business assumptions, pressure points, and incentive structures. The ECCP repeatedly emphasizes the importance of understanding risk in context, which is impossible without disciplined questioning. A Socratic approach positions inquiry as an operational obligation, not an intellectual exercise, ensuring the program remains dynamic, responsive, and grounded in reality rather than formalism.

2. Risk assessments are living Socratic exercises, not static reports.

Too many organizations treat risk assessments as periodic documentation rather than ongoing inquiry. A Socratic risk assessment tests assumptions continuously as business models, geographies, and incentives evolve. Compliance professionals should revisit risk hypotheses, ask whether controls still function as intended, and challenge comfort-driven conclusions. Under the ECCP, regulators expect risk assessments to inform program design and resource allocation. Socratic inquiry ensures risk assessments remain relevant, credible, and capable of identifying emerging threats before they mature into enforcement issues.

3. Investigations must pursue understanding, not merely attribution.

Identifying who violated a policy is rarely sufficient to prevent recurrence. A Socratic investigation asks why the misconduct occurred, what pressures or incentives influenced behavior, and how organizational systems failed. This aligns directly with the ECCP’s focus on root cause analysis and remediation. When compliance professionals ask deeper questions, investigations become tools for program improvement rather than disciplinary endpoints. This approach strengthens controls, enhances credibility with regulators, and reduces the likelihood of repeat misconduct driven by unresolved systemic weaknesses.

4. Speak-up culture is defined by response quality, not hotline volume.

Organizations often measure speak-up culture by the number of reports received, but Socrates teaches that the real measure lies in how questions are received and addressed. Employees quickly learn whether raising concerns leads to thoughtful inquiry or defensive dismissal. The ECCP evaluates whether companies encourage reporting, protect against retaliation, and communicate outcomes appropriately. A Socratic compliance function listens carefully, asks clarifying questions, and treats concerns as signals worth examining. That discipline builds trust and reinforces ethical accountability across the organization.

5. Socratic questioning requires independence, authority, and protection.

Inquiry without authority is performative. Socrates paid the ultimate price for challenging power, but modern compliance professionals should not. The ECCP explicitly assesses whether compliance functions have sufficient independence, resources, and access to leadership. Without these safeguards, difficult questions go unasked or unanswered. A Socratic compliance program empowers professionals to challenge decisions, pause transactions, and escalate concerns without fear of retaliation. That structural support transforms ethical inquiry from individual courage into institutional practice.

From Socrates to Plato: From Inquiry to Structure

Socrates gives us the starting point. He teaches the compliance professional how to think, question, and resist complacency. But inquiry alone is not enough. Questions must eventually lead to structure, governance, and systems that translate insight into action.

That transition sets the stage for Plato. Where Socrates focuses on method, Plato focuses on design. The movement from Socrates to Plato mirrors the evolution of a compliance program itself, from asking whether risks exist to building governance structures capable of addressing them. In that sense, Socrates is the conscience of the compliance function. He reminds us that effectiveness begins with intellectual honesty and ethical curiosity. Without those traits, even the most sophisticated compliance architecture will rest on shaky ground.

Join us tomorrow for Part 2 and learn about Plato’s role in today’s compliance and ethics programs.

Categories
Sunday Book Review

Sunday Book Review: January 11, 2026, The Classic Crime Novel Homage Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom.  In this episode, we look at 4 recent books on the Golden Age of British Crime fiction.

  1. The Murder Game by John Curran
  2. V is for Venom by Kathryn Harkup
  3. Not to be Taken by Anthony Berkeley 
  4. The Golden Age of Murder by Martin Edwards

Resources:

Murder, they wrote by Nicola Upson in the Times Literary Supplement