Tag: 2024 ECCP

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 27 – The Compliance Function in an Organization

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 27 episode, we explore the growing importance and responsibilities of the compliance function within corporations, emphasizing the need for adequate staffing, resources, and independence.

Key highlights:

  • DOJ’s Expectations for Compliance Programs
  • Funding and Resources for Compliance
  • Compliance Program Structure and Authority

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

Greek Philosophers Week: Part 5 – Euclid and Proving Your Program Is Effective

We conclude our exploration of how ancient Greek philosophers influence compliance and ethics in 2026 and beyond. In this series, we have considered Socrates, Plato, Aristotle, and Pythagoras. Today, we conclude with Euclid.

Pythagoras teaches compliance professionals how to measure, analyze, and detect ethical risk through data, proportion, and pattern recognition. But measurement alone never closes the loop. At some point, regulators, boards, and senior leadership ask a harder question: Can you prove your compliance program actually works? That is where Euclid becomes the natural capstone of this philosophical journey.

Euclid was not concerned with numbers in isolation. He was concerned with structure, logic, definition, and proof. His Elements did not merely describe geometry. It demonstrated how a coherent system is built from first principles, how each part follows logically from the last, and how conclusions are proven rather than asserted. That methodology aligns almost perfectly with modern expectations for compliance program effectiveness under the DOJ Evaluation of Corporate Compliance Programs (ECCP).

If Pythagoras gives compliance professionals the tools to see risk, Euclid shows them how to organize those insights into a defensible, durable system. We also circle back to Hui Chen, the original Corporate Compliance Counsel to the DOJ, who would challenge Chief Compliance Officers (CCOs) and their counsel when they came before the DOJ in settlement negotiations, demonstrating the effectiveness of their compliance programs through data rather than anecdote.

First Principles Are the Foundation of Compliance Credibility

Euclid begins with definitions, axioms, and postulates. He does not assume shared understanding. He defines it. Everything that follows depends on clarity at the start. Many compliance programs struggle precisely because they skip this step. Policies proliferate. Controls multiply. Training expands. Yet foundational questions remain vague. What does ethical behavior actually mean in this organization? What risks are intolerable regardless of business pressure? What decisions require escalation without exception?

The ECCP begins with 3 fundamental questions:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

Throughout the ECCP, the DOJ repeatedly asks whether a compliance program is well designed. That evaluation begins with clarity of purpose and scope. A Euclidean compliance program explicitly defines its terms, principles, and boundaries. Without that clarity, enforcement becomes inconsistent, and explanations to regulators become fragile. In daily operations, this means compliance professionals must insist on precision. Ambiguity is not flexibility. It is a risk.

Logical Structure Is a Compliance Control

Euclid’s brilliance lies in sequencing. Each proposition follows logically from what came before. Nothing is random. Nothing is decorative. The system works because it is internally consistent. Compliance programs often fail this test. Risk assessments do not inform training. Training does not influence monitoring. Investigations do not drive remediation. Each function operates competently, but not coherently.

The ECCP explicitly evaluates whether compliance programs operate as integrated systems rather than as disconnected components, stating, “Ensure the compliance program is well-integrated into the company’s operations and workforce.” Prosecutors want to see feedback loops, escalation pathways, and continuous improvement mechanisms. That is Euclidean thinking applied to compliance. In practice, compliance leaders should be able to explain how a risk moves through the system from identification to mitigation. If that explanation requires hand-waving, the system is not structurally sound.

Proof, Not Assertion, Is the Regulatory Standard

Euclid never asks the reader to trust him. He proves every claim. That lesson may be his most important contribution to modern compliance. Companies often assert that their programs are effective because training is delivered, policies are updated, or hotlines exist. Hui Chen led the charge on this concept when she was the DOJ Compliance Counsel. The ECCP has reiterated Chen’s requirement for evidence, as prosecutors now routinely request proof of effectiveness. How quickly are issues identified? How consistently is discipline applied? How does remediation prevent recurrence?

A Euclidean compliance program is designed to generate proof. Controls are documented. Decisions are recorded. Metrics are reviewed and refined. Effectiveness is demonstrated through data and outcomes, not narrative assurances. This is not about bureaucracy. It is about credibility. When regulators ask how you know your program works, Euclid provides the answer: because the proof is built into the structure.

Precision Enables Fairness and Trust

Euclid’s definitions leave little room for interpretation. In compliance, precision serves a similar function. Clear definitions reduce bias, inconsistency, and resentment. Vague policies create uneven enforcement. Uneven enforcement destroys trust. Employees quickly learn whether rules are real or elastic. The ECCP’s emphasis on consistent discipline reflects this reality. The ECCP states, “Have disciplinary actions and incentives been fairly and consistently applied across the organization?”

Daily compliance operations should therefore prioritize clarity. What constitutes a conflict of interest? What thresholds trigger approval? What timelines govern investigations? Who owns decisions at each stage? Precision protects both the organization and the compliance function. It allows fairness to be demonstrated, not merely claimed.

Systems Must Be Built to Endure

Euclid’s work has endured for more than two millennia because it was built as a system, not a response to a crisis. Compliance programs should aspire to similar durability. Programs that rely on personalities, informal influence, or unwritten norms collapse when leadership changes. The ECCP evaluates whether compliance programs are institutionalized, supported by governance structures, and able to withstand turnover. A Euclidean compliance program embeds ethics into processes, charters, reporting lines, and documentation. Knowledge is transferred. Decisions are repeatable. Improvements are systematic. This durability is not accidental. It is designed.

Why Euclid Completes the Series

Socrates teaches compliance professionals to ask uncomfortable questions. Plato teaches them to design ethical governance structures. Aristotle shows how ethics are lived through habit and judgment. Pythagoras introduces measurement, analytics, and AI. Euclid brings all of it together. He shows how inquiry, governance, behavior, and data become a coherent system that can be explained, defended, and proven. In modern compliance, that is the difference between aspiration and effectiveness.

5 Key Takeaways for the Compliance Professional

1. Compliance programs must be grounded in clear first principles.

Euclid reminds us that systems fail when foundations are vague. Compliance programs should clearly define ethical expectations, risk boundaries, and escalation triggers. The ECCP evaluates whether programs are thoughtfully designed, not merely comprehensive. Clear first principles guide daily decisions, reduce ambiguity, and support consistent enforcement. Without them, controls become reactive, and credibility erodes under scrutiny.

2. Logical integration is a core element of effectiveness.

Disconnected compliance components create blind spots. Euclid teaches that a system works when each part follows logically from the previous one. Risk assessments should drive policies. Policies should inform training. Training should influence monitoring. Investigations should lead to remediation. The ECCP rewards programs that demonstrate this internal logic. Integration is not administrative elegance. It is risk management.

3. Proof of effectiveness must be built into the program.

Assertions no longer satisfy regulators. Euclid’s insistence on proof mirrors the ECCP’s demand for evidence. Compliance programs should be designed to generate data demonstrating timely detection, consistent discipline, and meaningful remediation. When proof is embedded in the system, credibility follows naturally.

4. Precision enables fairness and protects trust.

Clear definitions and thresholds reduce inconsistency and perceived bias. Euclid’s precision offers a model for compliance policies and procedures. The ECCP scrutinizes the fairness of disciplinary proceedings and investigations because trust depends on it. Precision protects employees, managers, and the compliance function alike.

5. Durable compliance programs are designed, not improvised.

Euclid’s work endures because it was built as a coherent system. Compliance programs should aim for the same longevity. Institutionalized governance, documented processes, and structured improvement allow programs to survive leadership changes and regulatory shifts. Durability is a marker of maturity and a signal of seriousness to regulators.

Euclid teaches compliance professionals the final lesson in this series: effectiveness is not claimed. It is demonstrated.

Conclusion

The enduring relevance of the ancient Greek philosophers to modern compliance and ethics lies in their not theorizing in the abstract. They were grappling with the same human pressures that drive misconduct today: power, incentives, rationalization, fear, and convenience. Socrates teaches compliance professionals the discipline of ethical inquiry and the courage to ask uncomfortable questions. Plato shows that values without governance structures are fragile, while Aristotle grounds ethics in habit, judgment, and daily behavior rather than aspiration. Together, they mirror the DOJ’s insistence that effective compliance programs begin with understanding risk, designing systems to manage it, and ensuring those systems operate in practice.

What makes these philosophers especially relevant today is how naturally their ideas align with modern regulatory expectations. Pythagoras anticipates the role of data, analytics, and AI in measuring compliance effectiveness, while Euclid provides the blueprint for structure, precision, and proof that regulators now demand. In an era of complex global operations and heightened enforcement scrutiny, compliance programs succeed or fail based on inquiry, governance, behavior, measurement, and demonstrable effectiveness. The ancient Greeks understood those dynamics long before corporate compliance existed, which is why their lessons remain not only relevant but essential for modern compliance and ethics professionals.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 3 – Key Updates in the ECCP: Messaging Apps, Internal Controls, and Compensation

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s episode, Day 3, we delve into the significant updates in the evaluation of corporate compliance programs, focusing on messaging apps, internal controls, and adequate compensation.

Key highlights:

  • Messaging Apps and Compliance
  • Internal Controls and Risk Management
  • Adequate Compensation for Compliance Teams

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 2 – The ECCP on Incentives, Consequences, and Clawbacks

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, we look at what the ECCP has to say on incentives, consequences, and clawbacks.

Key highlights:

  • Starting with Incentives and Consequences
  • Incentive Program Breakdown
  • Consequence Management Deep Dive

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

House of Atreus Week: Part 5 – Orestes and Electra – Breaking the Cycle Through Accountability

Every compliance journey must eventually reach its reckoning —the point at which wrongdoing, however deeply embedded, must give way to accountability. In Greek tragedy, that moment comes with Orestes and Electra, the final heirs of the cursed House of Atreus.

Their story marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It’s not just the end of a tragic dynasty; it’s the beginning of governance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo, moving from reactive crisis management to mature, transparent, and accountable systems of justice.

Today, we conclude our look at lessons from the House of Atreus for the 21st-century compliance profession through a review of my personal favorite, the tragedy of Orestes and Electra. Their tale was memorialized as the final play in Aeschylus’s trilogy The Oresteia, written in the 5th century BC. The Oresteia trilogy consists of three plays: Agamemnon, The Libation Bearers, and The Eumenides. They all discuss the murder of Agamemnon by Clytemnestra, the murder of Clytemnestra by Orestes, the trial of Orestes, the end of the curse on the House of Atreus, and the pacification of the Furies.

The tale of Orestes and Electra marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It is not just the end of a tragic dynasty; it is the beginning of governance and compliance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo —from reactive crisis management to mature, transparent, and accountable systems of justice.

In today’s Part 5, we discuss what every compliance practitioner and compliance regime must eventually face. Their journey reaches its reckoning,  the point where wrongdoing, however deeply embedded, must give way to accountability.

The Last Act of the Curse

After Clytemnestra murders Agamemnon, she takes power alongside her lover, Aegisthus. Their rule, built on deceit and blood, becomes yet another chapter in the family’s curse. Orestes and his sister Electra, exiled and grieving, grow up in a world where justice has been replaced by fear and silence.

Years later, Orestes returns to Mycenae with Electra’s encouragement. Together, they plot vengeance, the killing of their mother and her consort, to avenge their father’s murder. The act fulfills the family’s grim legacy: the son kills the mother as the mother killed the father. But Orestes doesn’t find peace. Instead, he’s haunted by the Furies, ancient goddesses who punish those who shed family blood. Tormented and desperate, he seeks sanctuary in Athens, where the goddess Athena establishes the first trial by jury. The Furies prosecute, Apollo defends, and Athena casts the deciding vote. The verdict is acquittal, but not because Orestes was blameless, but because justice must evolve from vengeance to law. And just like that, the curse ends,  not through violence, but through accountability.

From Retribution to Governance

What Athena did for Orestes is what modern compliance programs do for organizations: they replace personal retribution with institutional justice and institutional fairness. Before that trial, every wrong in the House of Atreus was met with revenge. Each generation avenged the last until there was no one left to save. Athena’s tribunal introduced a revolutionary idea: that justice must be impartial, procedural, and transparent.

That’s precisely the evolution every organization must undertake when it faces a scandal. At first, the instinct is vengeance: fire the bad actors, issue a statement, move on. But sustainable integrity requires something deeper: process, documentation, fairness, and continuous improvement. Orestes’ trial marks the shift from chaos to compliance.

Accountability: The End of the Curse

The word “accountability” is often misunderstood. It does not mean punishment. It means answerability, the willingness to stand before a system greater than oneself and be judged fairly. That is what Orestes did. He did not flee the Furies forever; he submitted to judgment. He participated in the process. And in doing so, he transformed justice from a personal to an institutional matter. For modern compliance officers, this is a powerful metaphor. Accountability is not about creating fear. It is about building trust. It ensures that wrongdoing is addressed through a fair, transparent process that restores, rather than destroys, culture.

The Furies as Internal Audit

The Furies are terrifying, but in the compliance world, they’re familiar. They represent the internal mechanisms of conscience and oversight, the investigations, audits, and regulators that chase wrongdoing wherever it hides. Like Orestes, many leaders try to outrun them, hoping the past won’t catch up. But true integrity doesn’t come from evasion; it comes from engagement. The companies that emerge strongest from scandal are those that face their Furies head-on, invite scrutiny, and cooperate transparently.

Think of how Siemens rebuilt its compliance function after its massive bribery scandal by embracing rigorous internal controls, external oversight, and a commitment to ethical reform. Indeed, we saw similar results based upon similar actions by both Wells Fargo and ABB. That was Orestes’ trial in corporate form, judgment accepted, redemption earned.

Electra: The Voice of Culture Renewal

Electra plays a quieter but equally vital role. She represents the voice of moral conscience, the employee who still believes in right and wrong even when everyone else has gone silent. She is the whistleblower who says, “This isn’t who we are.” The compliance champion who refuses to normalize misconduct. Without Electra’s courage, Orestes would never have acted.

Modern organizations need their Electras: employees empowered to speak, question, and persist. That’s why building a speak-up culture is the cornerstone of the 2024 DOJ Evaluation of Corporate Compliance Programs (ECCP). A company’s ability to surface issues early depends on whether it protects, informs, and celebrates those who come forward. If Orestes symbolizes accountability, Electra symbolizes cultural integrity, the belief that justice is worth pursuing even when it is dangerous.

The Birth of the Rule of Law

The trial of Orestes is one of the most significant moments in Western moral thought because it replaces vengeance with the rule of law. It is also the mythological birth of compliance, where emotion gives way to ethics, and chaos yields to process. Athena’s message is timeless: “No one person may decide justice alone. We must build systems that outlast individuals.”

That is the essence of compliance governance. Codes of conduct, reporting channels, disciplinary processes, and training all exist for one reason: to ensure that justice does not depend on personalities. Orestes’ acquittal didn’t erase his crime. It institutionalized accountability so the next generation wouldn’t repeat his curse. For corporate culture, that’s exactly what post-crisis reform does: it replaces vengeance with systems and outrage with order.

Compliance as Redemption

Orestes’ story ends not in punishment, but in purification. Athena orders the Furies to become the Eumenides,  “the Kindly Ones.” Their role shifts from persecutors to protectors, guarding the moral order they once avenged. That transformation is the perfect metaphor for what a compliance function can become after a crisis. At first, compliance feels punitive,  investigators, auditors, monitors. But over time, as systems mature and transparency grows, compliance evolves into something restorative: a protector of trust, reputation, and ethical resilience. The same forces that once punished now preserve. That is redemption for organizations and for people.

Lessons in Modern Compliance Transformation

What can compliance professionals learn from Orestes’ journey? The parallels are striking.

  1. Justice Must Be Systemic, Not Personal. Vengeance satisfies emotion but destroys culture. Justice through process restores legitimacy. For the compliance professional, the ECCP demands institutional fairness, which builds procedural fairness into investigations. Transparency and due process protect both the company and its people.
  2. Accountability Ends the Cycle. Denial perpetuates dysfunction. Facing wrongdoing directly, even publicly, is the first step to rebuilding credibility. You should conduct root cause analyses after every violation. Use findings to strengthen systems, not just assign blame.
  3. Protect the Electras. Ethical renewal begins with those who dare to speak truth.
  4. As a compliance professional, you must empower whistleblowers by providing visible protections, feedback loops, and cultural recognition.
  5. Embrace Your Furies. Auditors, regulators, and monitors are not enemies; instead, they should be seen as accountability partners. As counterintuitive as it may seem, you should treat oversight as an opportunity. Transparency with regulators builds long-term trust.
  6. Transform Enforcement into Ethics. The end goal of compliance is not punishment, it is not even detection; it is prevention. Every compliance professional should use disciplinary outcomes as learning opportunities. Celebrate integrity as publicly as you punish misconduct.

From Tragedy to Transformation

The House of Atreus began with arrogance, deception, and retaliation. It ended with something extraordinary, the birth of justice as a system. Each generation’s failure taught a lesson:

  • Tantalus showed that leadership without humility corrupts.
  • Pelops revealed the dangers of winning through corruption.
  • Atreus and Thyestes exposed the poison of internal retaliation.
  • Agamemnon and Clytemnestra warned of power without accountability.
  • Orestes and Electra finally demonstrated how accountability, due process, and transparency can cleanse even the deepest cultural stain.

That arc is the same one every mature compliance program follows from reaction to reflection, from punishment to prevention, from crisis to culture.

From Curse to Compliance

The story of Orestes is not about vengeance; rather, it is about evolution. He did not end the curse by denying it. He ended it by confronting it, submitting to judgment, and accepting that systems, not individuals, define justice. That is the ultimate compliance insight. You can’t train your way out of a cultural problem. You can’t manage ethics through charisma. You must build structures that embed accountability into every decision, every leader, and every process.

Orestes reminds us that compliance is not just about preventing misconduct; it is about healing organizations. It is about helping companies move from the chaos of reaction to the clarity of governance, from fear to fairness, from silence to transparency, from vengeance to virtue. Because in the end, every organization has its own House of Atreus somewhere in its history. The question is not whether the curse exists. The question is whether we, like Orestes, will have the courage to face it and the wisdom to replace it with justice that lasts.

Categories
Blog

House of Atreus Week: Part 4 – Agamemnon and Clytemnestra – When Power Breeds Entitlement

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on key stories and mining them for compliance lessons. In today’s Part 4, we take up the Agamemnon Problem: a leader so focused on results, so convinced of their indispensability, that ethics become negotiable. It is the mindset that says, “We’ll fix the compliance later—after we win.”

In Greek tragedy, that rationalization cost Agamemnon his life. In corporate life, it costs organizations their culture, credibility, and sometimes their license to operate. The story of Agamemnon and Clytemnestra is not only one of betrayal and revenge, it is a powerful parable about what happens when leaders mistake power for permission and performance for purpose.

The King’s Fatal Trade-Off

As the legend goes, Agamemnon, king of Mycenae and commander of the Greek forces at Troy, faced a crisis before the war even began. The goddess Artemis, angered by his arrogance, becalmed the winds and trapped his fleet in port. The only way to appease her, a seer declared, was to sacrifice his daughter, Iphigenia.

Agamemnon’s dilemma was stark: abandon his military ambitions or sacrifice his own child. He chose the latter. The winds rose, the ships sailed, and the war began. Years later, when Agamemnon returned triumphant, his wife Clytemnestra murdered him in his bath as revenge for their daughter’s death. This was not just a family tragedy; it was a leadership failure of the highest order. Agamemnon traded ethics for expedience, and the cost was everything he loved.

The Corporate Iphigenia

Every organization has its Iphigenia(s); the values, people, or principles that get sacrificed for “strategic goals.” It may be:

  • Cutting compliance budgets to hit quarterly numbers.
  • Overriding safety protocols to meet production quotas.
  • Ignoring harassment complaints to keep a star performer happy.

Like Agamemnon, leaders rationalize these sacrifices as necessary or temporary. But every compromise chips away at the moral capital that sustains the enterprise. Once the organization learns that “winning” matters more than doing right, the line between ambition and arrogance disappears.

The Entitlement of Success

When Agamemnon returned from Troy, he arrived not as a humbled survivor but as an entitled conqueror. He paraded Cassandra, a captive prophetess, before his wife and walked proudly across a purple carpet, a gesture the Greeks saw as blasphemous arrogance. It’s the same pattern we see in modern compliance disasters: success breeding entitlement. Executives who deliver profits begin to believe they’ve earned the right to bend the rules. Performance metrics replace principles as the measure of worth.

Consider a few familiar examples:

  • The Wells Fargo sales scandal: Pressure to perform led employees to create millions of fake accounts. It also involved senior management lying to its own Board of Directors.
  • Volkswagen’s emissions fraud: Engineers rationalized deception as necessary to stay competitive. But this rationalization went all the way to the CEO.
  • Boeing’s safety crisis: Leadership prioritized schedules and cost over engineering integrity. Then they blamed the airline’s pilots for operational failures.

In each case, strong organizations were undone not by ignorance of ethics but by entitlement —the belief that achievement excused misconduct.

The Compliance Cost of Entitlement

Entitlement corrodes three pillars of compliance: accountability, transparency, and humility.

1. Accountability: When leaders feel untouchable, rules become optional. Internal controls are ignored, and ethical review is seen as bureaucracy rather than protection.

2. Transparency: Entitled leaders hoard information and discourage challenge. “Bad news doesn’t travel up” becomes the cultural norm.

3. Humility: Ethical reflection gives way to moral blindness. If success is proof of righteousness, who needs oversight?

Agamemnon’s decision to sacrifice Iphigenia was not just moral cowardice; it was a governance failure. He believed his power justified his actions, and no one around him could say otherwise. That is precisely how modern compliance collapses begin.

Clytemnestra: The Whistleblower Turned Avenger

Clytemnestra’s revenge may seem extreme, but, symbolically, she represents the voice of accountability that has been ignored for too long. She warned, questioned, and grieved, yet was silenced by hierarchy and hubris. When the system denied her justice, she took justice into her own hands.

Modern organizations often create their own Clytemnestras when they suppress legitimate dissent. Whistleblowers who feel unheard can become external leakers, litigants, or catalysts for regulatory scrutiny. Every retaliation case begins as an unheeded complaint. The DOJ’s 2024 ECCP emphasizes this point. Organizations must protect, inform, and empower those who speak up. When internal channels fail, external consequences follow, just as Clytemnestra’s knife followed Agamemnon’s silence.

Ethical Decision-Making Under Pressure

Agamemnon’s fateful choice came under immense pressure, a condition every executive recognizes. But pressure is where compliance either proves its worth or disappears. Strong organizations prepare for ethical stress tests long before a crisis strikes. They establish frameworks that turn moral instinct into a structured process:

1. Define Core Non-Negotiables – The “values that will not be sacrificed.” If integrity, safety, or human dignity are ever negotiable, they soon become expendable.

2. Create Decision Pathways – Require escalation when choices have ethical or reputational risk. Ethical red flags should automatically trigger review, not after-action regret.

3. Model Accountability at the Top – Leaders must demonstrate that difficult ethical decisions are shared, not borne alone. Agamemnon acted in isolation; modern governance demands collaboration.

The Tyranny of Performance Metrics

Much of Agamemnon’s arrogance stemmed from performance obsession, the need to deliver victory at any cost. That same tyranny drives unethical behavior in today’s boardrooms. Metrics matter, but when they become idols, they demand sacrifices. Compliance programs should therefore measure how results are achieved, not just whether they are achieved.

The 2024 Evaluation of Corporate Compliance Programs (ECCP) specifically instructs prosecutors to ask whether companies’ incentives reward ethical behavior. A compliant organization aligns compensation with conduct; an entitled one rewards outcomes regardless of means. A key question for leaders: Would I still consider this a “win” if it were public tomorrow?

From Power to Stewardship

The entitlement cure is stewardship, the recognition that power is not owned, but entrusted. Great leaders see themselves as guardians of values, not exploiters of privilege. This mindset shift transforms compliance from constraint to compass:

  • Stewards ask how their choices affect stakeholders beyond themselves.
  • Stewards invite transparency because they understand accountability strengthens credibility.
  • Stewards use compliance as a mirror, not a muzzle.

Agamemnon ruled as an owner; a steward would have ruled as a custodian. The difference is the difference between arrogance and integrity.

The Compliance Evangelist’s Reflection: The Scarlet Carpet of Arrogance

When Agamemnon strode across that purple carpet, he symbolically walked across the values he was sworn to protect. Every leader who dismisses compliance as “red tape” does the same. Each step says, “The rules are for others.” But history and enforcement teach a consistent lesson: when leaders trample ethics, the organization soon trips over the fabric they have soiled. Clytemnestra’s dagger was not random vengeance; it was the return of consequence. In today’s language, it was enforcement action, indeed a reckoning deferred until accountability could no longer be ignored.

Breaking the Cycle: From Arrogance to Accountability

The tragedy of Agamemnon and Clytemnestra is that both were right and both were wrong. He betrayed his values for ambition; she destroyed justice in the name of vengeance. Their story ends in blood because neither trusted process, transparency, or accountability. Modern organizations don’t have to share that fate. Compliance offers a third path: structured accountability through systems, not swords. It ensures that no one, no matter how powerful, stands above the moral order that sustains the enterprise.

When companies embrace that mindset, they turn tragedy into transformation. They move from the purple carpet of arrogance to the solid ground of integrity. Because, as every compliance professional knows, the true test of leadership is not what you achieve when you are powerful, it is what you refuse to sacrifice to stay that way.

I hope you will join us for our concluding Part 5 — Orestes and Electra: Breaking the Cycle Through Accountability. This is my favorite story from the House of Atreus. With this myth, we will see how justice, rule of law, and redemption finally end the curse of the House of Atreus and what that means for the modern compliance function striving to build ethical resilience and renewal.

Categories
Blog

House of Atreus Week: Part 3 – Atreus and Thyestes – Internal Rivalry and the Dangers of Retaliation

We continue to look at the lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for insights. In today’s Part 3, we take up the feud between Atreus and Thyestes, sons of Pelops and heirs to his poisoned legacy. Their myth is not just about murder and betrayal; it is about what happens when leaders weaponize authority for vengeance rather than stewardship.

Every organization eventually faces conflict within its own ranks. Disagreements over power, vision, and credit are inevitable. But when rivalry turns to revenge, governance collapses, trust erodes, and compliance becomes collateral damage. Today, we take a deep dive into this issue from the 21st-century compliance perspective.

The Feast of Vengeance

After Pelops’ death, his sons Atreus and Thyestes fought over the throne of Mycenae. They began like many corporate siblings, ambitious, capable, and determined to lead. But soon ambition turned into envy. Thyestes seduced Atreus’ wife and stole a prized golden lamb that symbolized kingship.

Atreus, humiliated, plotted revenge. Pretending reconciliation, he invited Thyestes and his sons to a grand banquet. During the feast, Atreus served them a meal of Thyestes’s own children. (Shakespeare used this story much later.) When the truth was revealed, horror swept the hall. Thyestes cursed his brother, and the curse carried through the next generation, consuming Atreus’ son Agamemnon and his grandson Orestes. It is a horrifying tale, but beneath the gore lies a familiar truth: internal retaliation destroys organizations from the inside out.

When Leadership Turns on Itself

Atreus’ banquet is not simply a mythic horror story fit for my classic monster movie month; rather, it is a 21st-century metaphor for every leadership team that devours its own. In terms of compliance, Atreus and Thyestes represent toxic internal politics. They illustrate how leadership rivalries, unchecked ego, and personal vendettas can dismantle governance systems faster than any external scandal.

Modern organizations suffer the same fate when:

  • Executives undermine each other publicly.
  • Managers retaliate against whistleblowers or rivals.
  • Compliance officers are punished for doing their jobs.

When leaders use their authority to punish rather than protect, culture collapses into fear. Employees stop reporting misconduct, colleagues turn on one another, and the compliance function becomes an instrument of control instead of accountability. Atreus’ feast might look extreme, but we have all seen versions of it in the workplace.

The Corporate Equivalent of the Cannibal Feast

Let’s translate the myth into modern terms.

  • Atreus’ “banquet” = a retaliatory campaign designed to humiliate a rival or critic.
  • Thyestes’ seduction = internal manipulation, gossip, or theft of credit.
  • The curse = the lingering culture of distrust that infects every successor.

Retaliation rarely ends with the original act. Once one leader weaponizes power, everyone learns the same lesson: “You’re safe only when you’re silent.” That’s how once-strong organizations become silos of fear. Compliance reports decline not because misconduct has ended, but because employees no longer believe reporting is safe. Like the House of Atreus, the company devours itself while pretending to feast.

The Dangers of Internal Retaliation

From the compliance perspective, retaliation is one of the clearest indicators of cultural rot. It’s also one of the DOJ’s most serious red flags. The 2024 Evaluation of Corporate Compliance Programs (ECCP) explicitly asks prosecutors to evaluate:

  • Whether employees are protected from retaliation.
  • Whether complaints lead to timely investigations.
  • Whether leadership promotes a speak-up culture.

If your organization punishes dissent, even quietly, you may well find yourself already on the DOJ’s radar. Atreus’ actions were the ultimate act of retaliation: gruesome, personal, and destructive. But the underlying pattern is timeless, leadership vengeance disguised as discipline. The lesson is as modern as it is mythic: a compliance program without psychological safety is a compliance program in name only.

Case Study Parallels: When Modern Leaders Feast on Their Own

  • Uber (2017): Retaliation against employees who raised harassment claims led to executive resignations and a cultural overhaul.
  • Wells Fargo: Whistleblowers reported retaliation after flagging fraudulent account practices, compounding reputational damage.
  • Boeing (737 MAX): Internal dissent on safety concerns was suppressed, leading to tragedies that reshaped regulatory scrutiny.

Each of these companies faced its own version of Atreus’ banquet, consuming credibility and trust in the process.

The Role of Compliance in Preventing Organizational Cannibalism

The compliance function exists not just to catch misconduct, but to defend integrity against internal retaliation. A strong compliance culture ensures that ethical leadership trumps personal rivalry. Here’s how to do it:

1. Build governance that transcends personalities. Authority should rest on process, not proximity to power.

2. Separate investigative authority from reporting lines. Compliance officers must have autonomy to act without interference.

3. Educate leadership on the cost of retaliation. Retaliation isn’t just a legal risk — it’s a culture killer.

When leaders understand that internal war erodes value faster than external threats, they start behaving more like guardians than gladiators.

Creating a Culture of Trust After Betrayal

Atreus’ kingdom fell because no one could trust anyone. In business terms, that’s what happens when transparency dies. To rebuild trust, companies must do three things:

1. Acknowledge Harm. Pretending internal feuds never happened only deepens cynicism. Compliance leaders must publicly reinforce that retaliation and toxicity are violations of corporate values. Acknowledgment is the first step toward cultural repair.

2. Reinforce Transparency. Regular reporting on investigations, outcomes, and disciplinary measures builds credibility. Employees must see that misconduct is addressed fairly, not selectively.

3. Model Ethical Reconciliation. Where conflict exists, leaders must model resolution through dialogue, not vengeance. A modern compliance culture is one where accountability coexists with forgiveness, where mistakes are corrected, not avenged.

Leadership Ego and the Compliance Cost

The rivalry between Atreus and Thyestes began with ego, the same ego that drives many corporate meltdowns. Ego tells leaders that compliance is optional, that their moral compass is self-calibrated. It convinces them that retaliation is justified, that “he started it,” or that removing a critic will restore order.

But as every compliance professional knows, ego is expensive. It costs credibility, cooperation, and often millions in remediation and fines. The only sustainable leadership model values humility over hubris. In compliance terms: replace ego with ethics, and rivalry with responsibility.

The Compliance Evangelist’s Reflection: The Curse of the Retaliator

Atreus believed vengeance would bring closure. Instead, it ensured endless conflict. In organizations, retaliation operates the same way. It may silence the critic today, but it guarantees more fear and more silence tomorrow.

The DOJ, SEC, and whistleblower programs worldwide have made one thing clear: protecting those who speak up is not just the right thing to do; it is the smart business approach. The companies that thrive in the modern regulatory landscape are those that treat every internal voice as an asset, not a threat. Atreus’ downfall shows what happens when leaders fail to learn that lesson. His house became a case study in the cost of ignoring culture. For compliance professionals, that’s the real moral: you cannot achieve ethical stability through punishment alone.

From Retaliation to Redemption

The saga of Atreus and Thyestes teaches us that retaliation is never a solution; it is a multiplier of risk. The only way to end the cycle is through structural and cultural change: transparency, accountability, and empathy in leadership. For compliance professionals, that means moving from enforcement to enlightenment, helping leaders understand that the true power of compliance is not control, but trust. Because when leaders stop feeding on their own and start feeding their culture with integrity, the curse finally breaks.

I hope you will join me tomorrow for Part 4 — Agamemnon and Clytemnestra: When Power Breeds Entitlement. In it, we will explore how Agamemnon’s moral compromises and Clytemnestra’s revenge illuminate the modern dangers of performance pressure, ethical trade-offs, and the corruption of power at the top.

Categories
Blog

House of Atreus Week: Part 2 – Pelops and Myrtilus – Corruption in the Bidding Process

The curse of the House of Atreus did not begin and end with Tantalus. Like many toxic corporate cultures, it passed from one generation to the next a legacy of moral shortcuts disguised as clever strategy.

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for valuable insights. In today’s Part 2, we consider the myth of Pelops and Myrtilus, an ancient fable about corruption, betrayal, and the fatal cost of winning the wrong way. In this story, we look at Pelops, who was Tantalus’s son. Having been literally restored to life by the gods, he had the chance to rebuild his house on a foundation of integrity. Instead, he reached for the easy win, and in doing so, repeated his father’s error: he traded ethics for expedience.

For modern compliance professionals, it is a reminder that bribery and ethical compromise never end where you think they will. They will always come back to haunt you.

The Chariot Race for a Kingdom

According to Greek legend, King Oenomaus of Pisa received a prophecy that he would die at the hands of his son-in-law. To prevent this, he devised a deadly test for any man seeking to marry his daughter, Hippodamia, a chariot race from Pisa to Corinth. If the suitor won, he gained Hippodamia’s hand. If he lost, he died. Pelops, ambitious and determined, entered the race. But he knew Oenomaus’ horses were divine and unbeatable. So he sought an advantage, not through skill or preparation, but through corruption.

He approached the king’s charioteer, Myrtilus, and offered a bribe: riches, favor, and a promise of reward. Myrtilus agreed to sabotage Oenomaus’ chariot by replacing the bronze linchpins with wax. During the race, the wax melted, the chariot crashed, and the king was killed.

But when Myrtilus came to claim his reward, Pelops betrayed him, either pushing him off a cliff or ordering his death. As he fell, Myrtilus cursed Pelops and his descendants, ensuring the family’s cycle of corruption and vengeance would continue.

The First Procurement Fraud

Strip away the mythic trappings, and Pelops’ race looks remarkably modern.

This was a procurement process, a competition for something of value (in this case, marriage and a kingdom), corrupted by bribery and fraud. Pelops did not win on merit; he won by manipulating a key insider in the process.

That’s the same dynamic at play in so many real-world scandals:

  • A contractor bribing a government official for an unfair advantage.
  • A vendor is rigging bids through inside information.
  • A company turning a blind eye to its agents’ actions abroad, so long as they deliver results.

In each case, the underlying temptation is the same as Pelops’: the belief that “winning is what matters.”

The Illusion of a “Victimless” Bribe

Pelops might have rationalized his actions. He could have told himself that everyone cheats in such races or that Oenomaus’ divine horses made the contest unfair to begin with, that the ends justified the means.

Modern compliance officers hear versions of this rationalization every day:

  • “It’s just a facilitation payment.”
  • “That’s how business is done in this region.”
  • “We’re not bribing; we’re just showing appreciation.”

But as Pelops learned, there is no such thing as a victimless bribe. His corruption did not end with a single race; unfortunately, it defined generations. Myrtilus’ curse became symbolic of the reputational and ethical taint that lingers long after the bribe is paid.

Third-Party Risk: Myrtilus as the First “Agent”

In compliance terms, Myrtilus represents the classic third-party intermediary, the local fixer, the consultant, the distributor. He was not a direct employee, but his actions became Pelops’ liability. When Pelops bribed Myrtilus, he created not just moral exposure, but third-party risk. Once you involve a third party in your scheme, you lose control over the outcome. Myrtilus could expose him, blackmail him, or turn witness.

Modern compliance programs have learned this lesson the hard way. Nearly every major FCPA enforcement action, from Siemens to Petrobras to Deere, involves third-party intermediaries. These individuals promise results, grease local wheels, and leave the company holding the bag when the investigation begins. Pelops thought he could control Myrtilus. He could not. No one ever can.

The Cost of Betrayal: When Corruption Destroys Trust

After the race, Pelops killed Myrtilus to eliminate a liability. But in doing so, he destroyed something even more valuable: trust.

Once an organization uses deception as a tool, it cannot sustain authentic relationships with employees, partners, regulators, or the public. Each act of concealment breeds another, until deception becomes standard operating procedure.

We’ve seen this pattern again and again:

  • A company that falsifies quality reports must falsify safety audits next.
  • A firm that manipulates bid data must suppress whistleblowers who question it.
  • A leader who lies externally must eventually lie internally.

In the end, Pelops did not just kill a man; he killed his organization’s capacity for integrity. That’s the same fate that awaits companies that treat compliance as expendable.

Culture Eats Compliance for Breakfast

The myth of Pelops is not about one race or one bribe; it is about the cultural rot that follows. Once Pelops normalized deceit, his descendants followed suit.

In corporate life, this manifests as a culture of winning at any cost, the most dangerous culture there is. It’s what drives salespeople to falsify data, procurement officers to overlook red flags, and executives to manipulate books.

Culture eats compliance for breakfast because if the unspoken rule of your organization is “get the deal,” no policy manual will save you. Pelops’ court would have had a Code of Ethics printed in gold, and it still wouldn’t have mattered. The only antidote is integrity built into incentives, recognition, and leadership behavior.

Lessons for Modern Compliance Professionals

What can we learn from Pelops’ fall? Quite a lot. His story offers five timeless lessons for those charged with safeguarding ethics and integrity in complex organizations.

1. Corruption Always Starts Small

The first step down the wrong path rarely looks like a scandal. It seems like a shortcut. A “favor.” A small gift. Pelops’ race was just one event, yet it came to define an entire dynasty. The concept of broken windows has demonstrated that you should treat every minor ethical compromise as a potential precedent. Small acts of misconduct become cultural habits faster than anyone realizes.

2. Third-Party Due Diligence Is Non-Negotiable

Myrtilus’ betrayal highlights why vetting, monitoring, and auditing third parties is critical. Companies must know who they’re partnering with and what incentives drive their actions. This means that compliance must have a robust third-party risk management process in place. You should require a business justification, a questionnaire, documented due diligence, risk-based screening, compliance terms and conditions in your contract, and ongoing monitoring for all third parties after the contract is signed.  Finally, transparency is not optional; it is mandatory.

3. Ethical Procurement Builds Long-Term Value

In the rush to “win” contracts, companies often forget that ethical procurement protects more than reputation; it protects relationships. A tainted bid can lead to debarment, litigation, and loss of trust from clients and governments alike. For the compliance professional, you must embed integrity in procurement policy. Make ethics a competitive advantage, not a compliance burden.

4. Retaliation Destroys Cultures

Pelops’ murder of Myrtilus was the ancient equivalent of whistleblower retaliation. Myrtilus knew too much, and instead of managing the risk ethically, Pelops eliminated the witness. The result? A curse or, in modern terms, a scandal that never dies. Every compliance professional must work diligently to protect those who speak up. Encourage reporting. Make it clear that retaliation is a firing offense, not a survival tactic.

5. Integrity Outlasts Every Shortcut

Pelops won his race but lost his legacy. The true measure of success for individuals and organizations alike is sustainability. Ethical wins last; corrupt ones collapse. This requires corporate cultures where ethical behavior and business success are aligned. When values drive results, not the other way around, compliance becomes self-sustaining.

The Curse of the Easy Win

Every compliance professional has faced their “Pelops moment”; that pressure to deliver results faster, cheaper, or more impressively than the rules allow. The temptation is powerful because it is wrapped in the language of success. But as Pelops shows, every unethical win carries a hidden invoice. The ancient Greeks would call it nemesis, the inescapable reckoning that follows hubris. We call it enforcement. Whether through regulators, prosecutors, or public outrage, the bill always comes due.

The challenge for modern compliance leaders is to help their organizations see beyond the race. Winning today is not worth cursing tomorrow.

Join us tomorrow for Part 3 — Atreus and Thyestes: Internal Rivalry and the Dangers of Retaliation. We will explore how infighting, revenge, and the weaponization of leadership destroyed the next generation and how modern organizations can prevent internal culture wars from becoming compliance catastrophes.

 

Categories
Blog

House of Atreus Week: Part 1 – Tantalus’ Transgression – The Birth of a Toxic Culture

I have long been fascinated by the Greek myths around the House of Atreus. It is the most cursed House in all Greek myth. I have also long wanted to blog post series on the compliance lessons for the modern-day compliance professional. This week, I am going to take a deep dive into the most doomed House and explore some of the key stories to mine them for lessons learned for the 21st-century compliance professional. We begin our series with the founder of the House of Atreus, Tantalus, and how one leader’s moral failure can poison the entire culture of an organization. His story is a cautionary tale about hubris, accountability, and the long shadow of tone from the top.

Every great compliance failure begins somewhere. Sometimes it is a single decision, a moment of arrogance, or the quiet belief that the rules apply to everyone else but not to you. In the myths of ancient Greece, that moment came with Tantalus, patriarch of the cursed House of Atreus. His name lives on in infamy, not because of power lost, but because of ethics abandoned.

The Feast of Deception

Tantalus was a favorite of the gods. He dined with them on Mount Olympus, enjoying privileges no mortal ever had. But instead of gratitude, he showed contempt. To test their omniscience, Tantalus served the gods a horrific meal, the cooked flesh of his own son, Pelops. The gods recoiled in horror, restored Pelops to life, and condemned Tantalus to eternal punishment: forever hungry and thirsty, standing in a pool of water beneath fruit-laden branches that receded whenever he reached for them.

This is where we get the word tantalize to tempt with what is always just out of reach. But for compliance professionals, the story isn’t about temptation; it’s about transgression.

Tantalus’ sin was not merely moral or criminal. It was cultural. It revealed a belief that he was above consequence, that his proximity to power made him immune to accountability. Sound familiar? It’s the same psychology that drives corporate misconduct today: the executive who hides risk, manipulates reporting lines, or treats compliance as a box to check rather than a value to live.

Hubris at the Top: When Leaders Believe They Are Untouchable

The core of Tantalus’ failure is hubris, excessive pride that blinds leaders to ethical limits. He thought himself equal to the gods, just as modern executives sometimes see themselves as beyond internal controls, policies, or oversight.

We have seen it in corporate scandals from Enron to Theranos: charismatic leaders who create cultures where questioning authority is punished, transparency is discouraged, and the pursuit of results justifies every means. These leaders often start with good intentions —innovation, performance, growth — but end in disaster because no one dares to tell them “no.” When a CEO, department head, or even a team manager sends the message that rules are flexible for those who produce, that’s the modern equivalent of dining at Olympus. It’s the moment when culture begins to rot from the inside.

Tone from the Top: What Tantalus Forgot

In compliance, we often say “tone from the top” sets the ethical compass of the organization. Tantalus was the top, and his tone was deceitful. Instead of modeling integrity, he modeled arrogance and disrespect. His actions communicated that power excused anything.

Modern organizations are no different. Employees don’t take their ethical cues from the code of conduct on the intranet. They take them from leadership behavior, from what’s rewarded, ignored, or punished.

If Tantalus had shown humility or accountability, his descendants might have inherited a culture of honor. Instead, they inherited corruption, vengeance, and betrayal. It’s no coincidence that every generation of the House of Atreus, including Pelops, Atreus, Thyestes, Agamemnon, Clytemnestra, Orestes, repeats the cycle of wrongdoing and retaliation. The family’s downfall wasn’t fate; it was culture. A toxic tone from the top doesn’t just corrupt a moment; it defines a legacy.

Culture of Consequences: What Happens When Misconduct Goes Unpunished

One of the most striking aspects of the Tantalus myth is how long the effects last. His descendants commit crimes generations later, yet all trace back to his original transgression.

That’s what happens in modern corporations when ethical breaches are not addressed. Once misconduct is tolerated, it becomes precedent. Once precedent hardens, it becomes culture. Think of organizations where sexual harassment was covered up “to protect the company,” or where accounting irregularities were ignored “to meet quarterly targets.” Each decision not to act creates a silent permission structure. And before long, you have what we see in so many enforcement cases: a pattern of misconduct spanning years, sometimes decades.

Tantalus’ punishment, forever reaching but never attaining satisfaction, mirrors what happens in these companies. They chase success endlessly, but integrity is always out of reach because they’ve traded ethics for expedience. A culture of consequences, by contrast, does the opposite. It makes accountability tangible. It shows employees that integrity is the expectation, not the exception.

The Modern Mirror: When Hubris Meets Compliance Failure

The story of Tantalus echoes across modern boardrooms and compliance case studies. Consider:

  • The FCPA case against Siemens (2008): A culture of “business at any cost” led to systematic bribery across divisions, because leadership prioritized results over integrity.
  • The Wells Fargo scandal: Unrealistic sales goals, driven by executives insulated from consequence, encouraged widespread fraud at the branch level.
  • Theranos: A founder’s belief in her infallibility silenced dissent, distorted reporting, and destroyed trust both internally and externally.

Each of these stories began like Tantalus’ dinner with one decision to deceive, rationalized as necessary, even brilliant. Each became a legend of ethical collapse.

The compliance lesson is simple: arrogance without accountability creates catastrophe.

Rebuilding What is Broken: Lessons from Tantalus’ Fall

So how do we avoid the curse of Tantalus in modern organizations? Three principles stand out:

1. Make Ethics the Core of Leadership Identity

Ethical leadership isn’t a function of compliance checklists. It’s the lived demonstration of integrity. Leaders must see compliance not as a constraint but as an enabler of trust and sustainability. When executives model ethical decision-making, it cascades downward.

Compliance Lesson: Integrate ethical leadership into performance reviews and succession planning. Reward transparency as much as performance.

2. Institutionalize Accountability

Accountability must be structured, not situational. That means ensuring robust internal investigations, consistent discipline, and a compliance function with real independence. The moment compliance must “ask permission” to act, the organization has lost its compass.

Compliance Lesson: Empower compliance officers with direct access to the board and audit committee. Build transparency into reporting lines.

3. Preserve Psychological Safety

Tantalus’ court, like many modern workplaces, thrived on fear. When employees can’t question leaders or raise concerns, misconduct flourishes. Psychological safety is the soil in which ethical cultures grow.

Compliance Lesson: Implement anonymous reporting, protect whistleblowers, and make public examples of non-retaliation.

Breaking the Curse: The Compliance Evangelist’s View

The curse of Tantalus was not divine punishment; instead, it was a predictable outcome of leadership failure. Every compliance professional knows that culture is destiny. If leaders are deceitful, employees will be cynical. If leaders are accountable, employees will be engaged.

Tantalus’ name survives as a warning to those who confuse privilege with power, and authority with exemption. His eternal hunger reflects what happens when organizations try to feed success on a diet of deception; they are never satisfied because trust, once lost, cannot nourish growth.

The modern compliance officer stands at the intersection of myth and management, tasked with ensuring that our organizations don’t repeat Tantalus’ mistake. We cannot test the gods of regulation or ethics without consequence. Instead, we must build cultures where doing right isn’t exceptional; it is expected.

Because in the end, every compliance program has a mythic choice: become Olympus or become Tantalus.

Join us tomorrow for Part 2 — Pelops and Myrtilus: Corruption in the Bidding Process. We will explore how bribery, betrayal, and broken promises tainted Pelops’ victory and what it teaches us about third-party risk and ethical procurement.

Categories
Blog

Using AI to Embed Compliance into Business Operations

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

Compliance programs have long wrestled with a central challenge: how to move from “bolt-on” to “built-in.” Too often, compliance has been perceived as an overlay, a set of policies and reviews that operate parallel to business activity. The Department of Justice has repeatedly emphasized that compliance should be integrated directly into operations, not treated as an afterthought.

Generative AI offers compliance professionals a new tool to achieve this, as Elisa Farri and Gabriele Rosani argue in an HBR article How AI Can Help Managers Think Through Problems, that AI is not just a productivity enhancer but a thought partner. Instead, it is capable of helping leaders frame problems, test assumptions, and engage in structured dialogues that improve decision-making.

I aim to utilize their article to support compliance officers in leveraging AI to enhance our ability to embed compliance into business processes more effectively. Today, I conclude my five-part blog post series on using GenAI in compliance to explore how AI can assist in building compliance into the business and what it means for the future of compliance programs. I also provide five key takeaways for compliance professionals on how to do so.

1. AI as a Co-Thinking Partner for Embedding Compliance into Workflows

One of the article’s most powerful insights is the concept of “co-thinking”; AI as a partner in structured dialogue rather than just a tool for quick answers. For compliance, this is transformative. Imagine using AI not simply to draft a policy, but to help you think through how that policy should be embedded in day-to-day operations.

For instance, when designing a gifts-and-entertainment approval process, AI can walk compliance through stakeholder perspectives: What does sales need? What would regulators expect? What friction will finance raise? By simulating these perspectives, AI helps compliance professionals design workflows that are practical and embedded, rather than abstract and detached.

This approach also makes compliance more proactive. Instead of reacting to risks after violations occur, AI-enabled co-thinking allows compliance to anticipate where policies may clash with business objectives and design operational solutions upfront. The compliance lesson is to treat AI as a structured dialogue partner to design compliance that lives inside the workflow, policies, and processes that are not just documented but operationalized.

2. Enhancing Stakeholder Engagement Through AI Simulations

Embedding compliance into business operations requires more than rules; it requires buy-in. The article highlights how AI can role-play different stakeholders, challenging managers to anticipate reactions. Compliance can use this capability to stress-test initiatives before rollout.

Suppose compliance is introducing a new due diligence system for third-party onboarding. AI can simulate how procurement might respond (“slows down vendor onboarding”), how business development might object (“hurts competitiveness”), and how regulators might evaluate (“strong demonstration of risk-based management”). This multi-stakeholder dialogue allows compliance teams to refine both process design and messaging before rollout.

The implication for compliance programs is clear: embedding compliance requires deep cultural alignment. AI makes it possible to test and rehearse that alignment at scale, reducing resistance and building smoother adoption. The compliance lesson is to use AI simulations to bring stakeholder voices into the design process, ensuring compliance is not bolted on but built with empathy for business realities.

3. AI-Assisted Root Cause Analysis Strengthens Business Integration

Compliance programs are expected to conduct root cause analysis after misconduct, but too often these reviews remain siloed. AI-enabled co-thinking helps expand root cause analysis into an exercise that strengthens business operations.

For example, when analyzing repeated travel and expense violations, AI can guide compliance through structured questions: Were training gaps to blame? Were approval workflows too weak? Were sales incentives misaligned? Then, critically, AI can help map remediation back into operations—tightening finance approvals, adjusting incentive structures, and embedding compliance flags directly into expense systems.

This is not about AI making the decision. It is about AI helping compliance think through operational integration of lessons learned. Instead of merely complying with regulations by writing a report that sits on a shelf, the outcome becomes operational adjustments inside business processes. The compliance lesson (or rather, perhaps implication) is that the DOJ expects compliance programs to prevent recurrence through systemic fixes. AI co-thinking can ensure those fixes are operational, not theoretical.

4. Scaling Compliance Culture and Mindset Shifts Across the Organization

The article notes how AI can be used to coach managers through mindset shifts, helping them reflect on new behaviors and practices. Compliance can use the same approach to embed cultural expectations directly into business teams. For example, AI can be configured as a compliance coach embedded in daily tools, guiding managers through ethical dilemmas, prompting reflection during approval requests, or reinforcing company values during project planning. Instead of compliance being external and episodic, it becomes internal and continuous.

This democratizes compliance development. A frontline manager in Asia can interact with AI that reinforces compliance culture in real time, rather than waiting for annual training or sporadic compliance visits. It also gives compliance leaders data on where employees are struggling, revealing cultural gaps that can be addressed systemically.

The implication is that embedding compliance is not just about systems but about mindset. AI can make culture-building a daily, distributed activity rather than a centralized, one-time effort.

5. Ensuring Human Judgment Remains Central in AI-Enabled Compliance

Finally, while AI can enhance problem-solving and integration, the article underscores that co-thinking only works when humans stay actively engaged. Compliance cannot abdicate responsibility to machines. This has profound implications for compliance programs. AI can help frame problems, simulate stakeholders, and propose operational fixes, but it cannot weigh reputational risk, interpret regulatory expectations, or balance competing global obligations. Those decisions require human judgment.

The key is balance: AI accelerates and deepens thinking, but compliance leaders must build governance frameworks to ensure outputs are reviewed, validated, and contextualized. Embedding compliance into business operations does not mean letting AI run the show; it means letting AI augment human reasoning so that compliance becomes more practical, strategic, and defensible.

The compliance lesson, based on both the DOJ’s FCPA Resource Guide and the 2024 ECCP, is clear that compliance must be risk-based, well-resourced, and continuously improved. AI helps compliance think through integration, but humans remain accountable for ensuring it meets regulatory standards and ethical expectations.

AI as a Pathway to Embedded Compliance

The future of compliance is embedded, not bolted on. DOJ expects it. Boards demand it. Employees need it. The challenge is figuring out how to make it real. AI offers compliance professionals a powerful new tool: not as an oracle, but as a co-thinker. By helping compliance frame problems, simulate stakeholders, strengthen root cause analysis, scale cultural coaching, and reinforce human judgment, AI can accelerate the shift from compliance as oversight to compliance as an integrated business practice.

The call to action is simple: use AI not just to make compliance faster, but to make compliance inseparable from business. That is how compliance earns trust, drives culture, and meets regulatory expectations in the age of AI.