Categories
Compliance and AI

Compliance and AI: Navigating the Challenges and Opportunities of Agentic AI in Compliance

What is the intersection of AI and compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. Today, the Everything Compliance gang, led by Dr. Hemma Lomax, is considering how to navigate the challenges and opportunities of agentic AI in compliance.

In this episode, we explore the rapidly evolving landscape of Agentic AI and its implications for compliance professionals. Agentic AI, defined as AI that acts autonomously rather than just responding to prompts, presents both significant opportunities and challenges. The technology can optimize risk management and compliance workflows, but it also introduces complexities around accountability, transparency, and oversight. We discuss recent real-world examples of Agentic AI in use, such as in banks and tax agencies, and highlight potential risks, including autonomous collusion and AI agents making unethical decisions. The episode emphasizes the need for compliance teams to shift from monitoring human activities to overseeing intelligent systems, ensuring the establishment of proper guardrails. We also delve into new roles emerging in this landscape, such as AI ethics coaches and agent supervisors, and the importance of human intervention to verify AI decisions. Join the discussion to understand how to navigate this transformative technology responsibly and effectively.

Key highlights:

  • Defining Agent AI
  • Implications for Compliance and Ethics
  • Challenges and Risks of Agent AI
  • Real-Time Compliance and Risk Management
  • Human Oversight and AI Governance

Resources:

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: December 5, 2025, The White Collar Criminal Enterprise Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • The US lost over $29bn to fraud, waste, and abuse in Afghanistan. (USAToday)
  • The FTC orders Boeing to divest an asset as part of the merger. (WSJ)
  • EU considers interim measures against Meta. (Reuters)
  • How far from Earth has executive comp gone? (FT)

The Daily Compliance News has been honored as No. 2 in the Best Regulatory Compliance Podcasts category.

Categories
AI Today in 5

AI Today in 5: December 5, 2025, The AI Doesn’t Know How to Learn Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Ex-CTO of Yahoo says AI doesn’t know how to learn. (YouTube)
  2. CEOs making a business case for AI (and not a bubble). (Fortune)
  3. The EU is looking at Meta and its WhatsApp AI program. (CNBC)
  4. AI for marketing compliance. (FinTechFinanceNews)
  5. AI-generated comms and compliance risks. (Thomson Reuters)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

It’s Always About the Data: Lessons in Data from the AI Today In Five

Today I want to shift gears from the serious business of SFO guidance to the serious business of measuring impact. Whether we are talking about avoiding a Deferred Prosecution Agreement (DPA) or dominating the Apple Podcast charts, the core lesson is the same: if you cannot measure it, you cannot manage it. And if you are not measuring its effectiveness, you are wasting your time.

I have reviewed the ranking data for my AI Today Podcast, from Podgagement, and while some might see this as simple content success, I see a powerful case study in operational excellence that every compliance professional needs to internalize. This data provides the clearest metrics on global impact and sustained quality, the very things we should be striving for in our ethics and compliance programs.

The Global Audit of Excellence

When the SFO or the DOJ comes knocking, they are not looking at the size of your policy binder; they are looking at impact and coverage. The AI Today Podcast provides a clear metric for this: global dominance.

The data shows that this podcast has reached #1 in the Technology category across multiple critical global markets. Think about that. Achieving the top rank in a major competitive market means winning the global audit of content quality. It proves the program is not just adequate; it is best-in-class. A truly effective compliance program should aim for the same status: it must be globally recognized, universally applicable across jurisdictions, and resilient enough to rank at the top against any competitor. If your program only works in one country, you have a regional policy, not a global compliance culture. 

Consistency is Compliance

In compliance, a single “win” is meaningless. You do not get credit for a good policy written five years ago if your training is out of date and your due diligence system is circumvented. Excellence requires sustained, consistent effort. The AI Today Podcast data beautifully illustrates this principle of sustained effectiveness. Beyond the top spot, the network consistently achieves high rankings across a broad geographical and cultural spectrum:

  • Portugal at #2
  • Indonesia at #3
  • Hong Kong at #10
  • Canada at #12

This is not simply a flash in the pan. This is evidence that the procedures behind the content, research, production, consistent release schedule, and listener engagement are working day in and day out. Furthermore, the “All chart rankings” table shows the podcast hitting the #1 rank across multiple specific dates in 2023 and 2025. This momentum is the metric we should pursue in compliance: proof that our controls are embedded, actively monitored, and working effectively over time.

If you are seeing consistent, high scores on internal compliance metrics, if your training completion rates are always high, and if your internal investigations are identifying and addressing risk proactively, that is your #1 ranking.

The Power of the Niche

All of the observed top rankings are categorized under Technology. This specialization is not a limitation; it is a strategic advantage that leads to market dominance. The podcast knows its audience and serves it flawlessly. In compliance, this directly translates into risk assessment and proportionality. We must focus our limited resources on the specific risks we face, whether that is bribery in third-party channels, fraud under the new ECCTA, or sanctions risk in volatile markets. A program that tries to be everything to everyone ends up being nothing to anyone. A sharp, well-defined risk focus is what allows you to reach the top of your organizational niche and prove your effectiveness.

The Challenge: Measure Your Impact, Not Just Your Effort

The success of the “AI Today Podcast” is a stark reminder to every compliance professional: Stop counting the number of policies you’ve written or the hours you’ve spent in meetings. That is effort. Start focusing on the metrics of impact.

  • What are your global #1 rankings in compliance?
  • Is it the rate of substantiated misconduct reports?
  • Is it the demonstrable improvement in employee perception of ethical culture?
  • Is it a perfect pass on a third-party audit?

If your compliance program is not producing measurable, consistent, globally relevant results, you do not have an effective program; rather, you have a “paper exercise.” The SFO and the DOJ have told you they care about effectiveness; the podcast charts show you what effectiveness looks like in the real world.

Take this lesson, audit your metrics, and ensure your program is not just running but dominating the corporate integrity chart. You should settle for nothing less than a #1 rank.

 

Categories
Hill Country Hustlers

Hill Country Hustlers – Excavating Success: How Stephen Day Pioneers Mid-Market Solutions in Central Texas

In this episode of Hill Country Hustlers, host Zachary Green interviews Stephen Day, founder of Armour Excavating in Center Point, Texas.

Stephen shares his journey from Indiana to Texas, detailing his extensive background in accounting and investment banking. He discusses the transition to his excavating business, addresses a critical gap in the mid-market segment, and highlights the company’s multifaceted operations, including technology investment banking and a luxury candle business. Steven also describes Armour Excavating’s significant community contributions, particularly post-flood efforts, and the challenges and rewards of managing a high-growth company grounded in technology, quality, and relationship-based work culture. Tune in to learn about Steven’s entrepreneurial tips and the core values that drive Armour Excavating’s success.

Key highlights:

  • Stephen Day’s Background and Journey to Texas
  • Transition to Armor Excavating
  • Armour Excavating’s Market and Operations
  • Impact of the Hill Country Culture
  • Flood Response and Community Involvement
  • Challenges in Managing Armor Excavating
  • Leadership Philosophy and Team Culture
  • Advice for Aspiring Entrepreneurs

Resources:

Visit Armour Excavating on:

Website

Facebook

LinkedIn

Instagram

Categories
Compliance Tip of the Day

Compliance Tip of the Day – M&A-Pre-Acquisition: Reviewing Financial and Operational Data

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our look at the role of compliance in the pre-acquisition phase of a merger and acquisition. Today, we consider how to look for red flags in financial and operational data.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
AI Today in 5

AI Today in 5: December 4, 2025, The Microsoft Blips Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Does AI portend the end of the law/consulting firm pyramid? (FT)
  2. Strengthening AI strategies with proactive compliance. (WSJ)
  3. Microsoft stock dips on the news. (CNBC)
  4. Salesforce touts AI adoption. (Bloomberg)
  5. Strong AI governance can foster innovation. (Bloomberg)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Everything Compliance

Everything Compliance: Episode 162, The Numbers, Numbers, Numbers Edition

Welcome to this Edition of award-winning Everything Compliance. In this episode, we have the quartet of Matt Kelly, Jonathan Marks, and special guests Lisa Fine and Dr. Hemma Lomax with Tom Fox, the Compliance Evangelist, as host.

1. Matt Kelly looks at the recent Millicom Cellular FCPA enforcement action.  He shouts out to the ChatGPT em-dash and rants about the federal government’s attempts to ban all state regulation of AI.  

2. Jonathan Marks reviews the failures of internal controls in the NBA and MLB around the ongoing betting scandals. He shouts out MacKenzie Scott for her $70 million donation to Historically Black Colleges and Universities (HBCUs) in 2025, continuing her support after a $560 million donation to 27 HBCUs in 2020. 

3. Special Guest Panelist Dr. Hemma Lomax considers where Agentic AI in compliance is heading. She rants about ChatGPT em dashes and shouts out recent legal tech conferences.  

4. Special Guest Panelist Lisa Fine looks at three key issues on her mind about compliance for 2026. She shouts out to the Compliance Week survey, Inside the Mind of the CCO, and encourages all listeners to participate.  

5. Tom Fox shouts out to Gen Z and their play with the numbers 6 and 7 and traces the use of numerology in texts back to the Book of Genesis and the ancient text of Gilgamesh.  

The members of Everything Compliance are:

The host, producer, and sometimes panelist of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com.  The award-winning Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

Daily Compliance News: December 4, 2025, The End of the Pyramid Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Does AI portend the end of the law/consulting firm pyramid? (FT)
  • SF sues over ultra-processed food. (WSJ)
  • Will a Civility Oath make lawyers more civil? (Reuters)
  • What is the environmental cost of corruption? (BBC)

The Daily Compliance News has been honored as No. 2 in the Best Regulatory Compliance Podcasts category.

Categories
Blog

Millicom Cellular, Part 2: Lessons Learned on Cartels, Cash, and Control Failures

The Millicom Cellular FCPA enforcement action is not just another FCPA case. It is a case that signals a new frontier for compliance risk. It blends classic corrupt-payment schemes with organized crime, narcotrafficking proceeds, obstructed governance, and aggressive legislative capture. It is a wake-up call for compliance officers that the threat landscape is expanding in ways that require deeper operational controls, broader due diligence frameworks, and more sophisticated cross-functional collaboration.

In Part 1, we considered the underlying facts and FCPA violations of this matter. In Part 2, we examine what compliance professionals must take away from the case.

Lesson 1: Joint-Venture Governance Failures Are Not a Defense

Millicom Cellular held a 55 percent ownership stake in TIGO Guatemala, but the local partner exercised operational control and blocked Millicom Cellular from information and cooperation. The DOJ notes that Millicom Cellular voluntarily disclosed early concerns in 2015 but was unable to compel cooperation from local executives or obtain complete data. The result is a clear message:

Ownership without operational control equals enormous FCPA exposure.

Compliance professionals must:

  • Implement JV governance protocols that require access rights, audit rights, and cooperation language in shareholder agreements. Try to place your company’s representative as the CFO of the joint venture.
  • Establish escalation pathways if a partner obstructs investigations.
  • Treat “majority ownership without control” as a high-risk structure in compliance risk assessments.

Yet notwithstanding the foregoing, DOJ has made clear it will not accept a lack of control as an excuse for failing to detect corruption, especially when red flags are visible.

Lesson 2: Cash-Based Bribery Ecosystems Require a Different Kind of Monitoring

The bribery scheme ran almost entirely on cash: cash in duffel bags delivered by helicopter, cash laundered through drug traffickers, cash moved through shell companies, and cash withdrawn from banks in plastic bags. Traditional financial controls are almost useless in the face of an off-books cash economy. Compliance must be enhanced:

  • Controls around cash withdrawals
  • Monitoring of cash-intensive vendors
  • Patterns of invoicing irregularities
  • Real-time analytics on deviations in expense and procurement behavior

This is not a theoretical exercise. It is an operational reality for companies in high-risk jurisdictions.

Lesson 3: Cartel Exposure Is Emerging as a Corporate Compliance Obligation

This case represents one of the most explicit linkages between FCPA violations and narco-trafficking cash flows. The scheme not only involved bribes; it also involved bribes financed by organized crime. Compliance officers must now assume that criminal networks may view legitimate multinationals as conduits for illicit financial flows. This demands:

  • Enhanced beneficial-ownership checks
  • Screening for cartel-linked financial intermediaries
  • Deeper diligence on bankers, lawyers, and consultants
  • Country-level threat mapping that includes cartel and organized crime indicators

The DOJ has increasingly emphasized convergence risk between corruption, money laundering, and organized crime. The Millicom Cellular enforcement action is a prime example.

Lesson 4: “Influencing Legislation” Is a Red Flag, Not a Business Strategy

TIGO Guatemala sought legislative outcomes that would alter the national telecom law. That in itself is not illegal. What is unlawful is tying legislative outcomes to cash bribes, helicopter deliveries, and cartel-funded transactions. Compliance teams must scrutinize:

  • Payments to lobbyists, political consultants, and intermediaries
  • Relationships with legislators and political parties
  • Sponsorships, charitable donations, and community programs with political beneficiaries

Any effort to “shape legislation” must come with strict controls.

Lesson 5: Data Gaps Are Compliance Gaps

Millicom’s inability to obtain information access within its own joint venture delayed detection and undermined the credibility of its initial self-disclosure. Compliance professionals must demand:

  • Rights to data
  • Rights to conduct investigations
  • Rights to interview employees
  • The right to require cooperation from partners

A partner who denies access creates liability.

Lesson 6: Remediation Must Be Conducted Like a Corporate Transformation

Millicom’s remediation was extensive. It included:

  • Replacing senior personnel
  • Centralizing compliance oversight
  • Enhancing third-party onboarding and continuous monitoring
  • Adding data analytics
  • Conducting control testing across more than 250 transactions
  • Creating an ephemeral-messaging retention policy
  • Increasing compliance headcount by 800 percent (pages 5–6)

The DOJ’s description reads less like remediation and more like organizational reinvention. That is the expectation now. Compliance must treat remediation as a fully integrated operational overhaul.

Lesson 7: The DOJ Will Reopen Cases When New Evidence Emerges

The DOJ initially closed the investigation in 2018. It reopened the case in 2020 after uncovering new evidence from outside sources, including cartel-linked transactions. The message is clear:

  • Self-disclosure is not a shield when the company lacks visibility into misconduct.
  • Failure to detect ongoing wrongdoing can undermine trust and credit for cooperation.
  • Compliance must ensure continuous monitoring even after perceived risk has been reduced.

Conclusion: The New Compliance Mandate

The Millicom Cellular enforcement action demonstrates that compliance risk is no longer confined to corrupt payments. It now involves organized crime, cash-based bribery systems, cross-border laundering, political capture, and governance obstructions. Compliance professionals must operate with a broader risk lens, encompassing cartel risk, cash-economy vulnerabilities, high-risk political interactions, and joint-venture control structures. This is a key enforcement effort of the Trump Administration.

The future of compliance is not about preventing bribery alone. It is about defending the corporation from becoming an unwitting partner in a criminal enterprise.