Tag: AI

Categories
AI Today in 5

AI Today in 5: November 20, 2025, The Gemini 3 Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. AI and real-world real estate compliance. (HousingWire)
  2. Replacing manual cyber compliance with AI. (JerusalemPost)
  3. Gemini 3 was released. (Google)
  4. Will AI deepen inequality and hasten war? (NBC)
  5. AI and governance overhauling AML. (FinTechGlobal)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
AI Today in 5

AI Today in 5: November 19, 2025, The Turning No into Flow Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Of APIs and AI. (Forbes)
  2. Will 2026 redefine GenAI and compliance risk? (PR Newswire)
  3. Energy is key for AI’s next chapter. (Trading View)
  4. New report on the CEO’s Guide to AI Transformation. (AINews)
  5. Teaching students to shape AI. (BusinessInsiderAfrica)

For more information on the use of AI in Compliance programs, see my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
Great Women in Compliance

Great Women in Compliance – Building Trust at the Speed of Technology

In this episode of Great Women in Compliance, co-host Dr. Hemma Lomax welcomes Shannon Ralich, Vice President of Compliance and Chief Privacy Officer at Machinify, to discuss the evolving landscape of data privacy, cybersecurity, and responsible AI.

Shannon shares her remarkable journey from a curious child taking apart electronics to a seasoned leader blending technology, law, and strategy. She offers insight into how curiosity and creativity can fuel governance excellence and explains what it means to design systems that anticipate risk and enable responsible innovation.

Together, Hemma and Shannon explore:

  • How privacy and cybersecurity intersect in today’s fast-evolving AI environment
  • The most pressing compliance challenges around data governance and global regulation
  • Lessons from the SolarWinds and Uber cases and the growing conversation around individual accountability for CISOs and compliance leaders
  • Practical steps for staying agile—through reliable news sources, cross-functional camaraderie, and professional networks
  • How to translate corporate compliance skills into meaningful community impact through nonprofit leadership and animal rescue advocacy

Shannon’s message is a powerful reminder that the best leaders bring their full selves to the work: technical precision, ethical clarity, and human compassion.

Biography:

Shannon Ralich is the Vice President of Compliance and Chief Privacy Officer at Machinify, a healthcare intelligence company applying AI to improve the efficiency and integrity of healthcare payments. With more than 20 years of experience across legal, compliance, privacy, and cybersecurity roles, Shannon specializes in aligning governance frameworks with business innovation.

She also serves on the Advisory Board of the Privacy Bar Section of the IAPP (International Association of Privacy Professionals). She is widely respected for her strategic, forward-thinking approach to data protection and responsible AI governance.

Beyond her professional expertise, Shannon is a passionate advocate for animal welfare. She sits on the Board of Directors for the Neuse River Golden Retriever Rescue, where she leverages her operational and technological skills to strengthen fundraising, improve systems, and support global rescue missions.

A lifelong learner and self-described “builder,” Shannon finds creativity and grounding through woodworking, outdoor adventures with her family, and contributing to causes that make both workplaces and communities more humane.

Note: The views expressed in this podcast are our own and do not represent the views of our employers, nor should they be taken as legal advice in any circumstances. 

Categories
AI Today in 5

AI Today in 5: November 18, 2025, The Project Prometheus Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Transparency and AI compliance. (FinTechGlobal)
  2. AI can deliver smarter, safer reg compliance. (FinTechGlobal)
  3. Should you keep AI away from teachers? (WSJ)
  4. Bezos joins the AI crowd with Project Prometheus. (NYT)
  5. AI can’t do therapy, but can it help therapists? (USNews)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com

Categories
Blog

Embedding Ethics in the AI Lifecycle

Embedding ethics into the AI lifecycle is not an abstract exercise. It is a practical, repeatable discipline that mirrors the work of corporate compliance. It requires a structured approach, clear accountability, and documented evidence of good governance. Most importantly, it requires compliance professionals to be at the table from the very beginning. Ethics in AI cannot be retrofitted at the end of a development cycle. It must be built in from step one.

Today, I want to examine the ethical checkpoints at each stage of the AI lifecycle and highlight where corporate compliance functions must lead. The goal is to help you build a stronger, more resilient program while demonstrating to regulators and stakeholders that your AI governance is real and operational.

Ethics in Data Sourcing

All ethical AI begins with ethical data. You cannot build a responsible model on a flawed or contaminated foundation. Data sourcing is the earliest point at which compliance becomes critical. First, ensure that the lawful basis, ownership, and rights of use are fully documented for every dataset. This is both an ethical issue and a regulatory one. Next, require a structured review for Personal Identifiable Information (PII) and Protected Health Information (PHI). If the dataset contains sensitive personal information, ensure minimization and purpose limitation principles are applied.

Ethical review also requires looking beyond legality. You must ask a deeper question: does this data reflect the populations on whom the model will act? If certain groups are underrepresented or misrepresented, there is a direct ethical and operational risk. This is where compliance can partner with data teams to conduct bias hotspot reviews and remediation before training begins.

Ethics in Model Training

Once data enters the training process, the focus shifts to how the model is built. Ethical model training emphasizes transparency, reproducibility, and clear accountability. For compliance professionals, this is a familiar structure. At the beginning of training, require a Model Card version zero. This document describes the model’s intended purpose, its users, and its limitations. Think of it as the model’s job description and risk profile. Without this baseline documentation, the organization has no ethical framework for evaluating the model later.

Compliance should also ensure the organization maintains a training bill of materials. Regulators and external auditors will expect clarity on what data, tools, seeds, configurations, and models fed the system. Ethical governance means that if something goes wrong, the organization can retrace its steps and identify the source. Finally, ensure that risks identified during training are assigned owners in the risk register. Ethical accountability requires clear signatures, not vague acknowledgment.

Ethics in Validation and Testing

No model should progress to deployment without a rigorous validation and ethical safety review. At this stage, you are no longer asking whether the model works. You are asking whether the model works in a way that is fair, safe, compliant, and aligned with corporate values. Compliance professionals should insist on structured red teaming for safety, privacy leakage, and discriminatory outputs. Ethical governance requires testing for misuse and unintended consequences, not simply functional performance.

Equally important is the articulation of pass/fail thresholds aligned with the organization’s risk tolerance. If a model shows drift toward unethical outcomes during testing, the organization must be prepared to pause or rework it. Ethics without enforcement is merely a suggestion. Legal review is also essential at this stage. Intellectual property rights, export controls, sector regulations, and customer contract obligations must all be considered. The organization’s ethical responsibility extends to ensuring its models do not inadvertently violate the law or expose users to regulatory scrutiny.

Ethics in Deployment

Deployment is the point at which AI moves from the laboratory to real-world use. Ethical deployment requires safeguards that prevent inappropriate access, misuse, confusion, or misinterpretation. Role-based and environment-based access controls are essential. No one should have access to modify or use a model unless there is a documented business justification. Ethical governance also requires that user disclosures clearly explain the model’s capabilities, limitations, and data use practices. Users should never be misled into believing a system can do something it cannot.

Canary rollouts and automated rollback mechanisms are additional ethical guardrails. They allow organizations to detect unintended consequences early and reverse course before harm spreads widely. Compliance should also ensure that third-party vendors and service providers follow equivalent ethical and governance controls. You are ultimately responsible for the ethical risks you outsource.

Ethics in Monitoring

Ethical oversight does not end when a model goes live. Ongoing monitoring is essential. Models drift. Data shifts. User populations change. A model that was ethical yesterday can become problematic tomorrow. Ethical monitoring means tracking for bias, accuracy degradation, safety issues, and misuse. It also implies routing alerts not only to engineering, but directly to compliance and risk. Ethics is not solely a technical matter. It is a governance responsibility.

Incident response is another ethical requirement. Organizations must maintain a defined, repeatable process for identifying, containing, and resolving AI-related harms. If something goes wrong, you must be prepared to act quickly and transparently.

Ethics in Governance

Finally, ethics must be embedded in the organization’s AI governance structure. Ethical AI cannot depend solely on goodwill or ad hoc decision-making. Clear role definitions, evidence documentation, and leadership engagement must support it. A formal Responsible, Accountable, Consulted, and Informed (RACI) structure for each lifecycle stage ensures accountability. Board-level reporting ensures visibility. Annual independent audits ensure credibility. Ethical AI requires not only doing the right thing but also demonstrating it.

As with all compliance disciplines, documentation is your first line of defense. Maintain Model Cards, testing evidence, monitoring logs, and decision memos. Ethical governance cannot be proven without records. The work is ongoing and iterative. Ethical AI is not a destination. It is a continuous commitment woven into every operational step. Compliance professionals are uniquely suited to lead this work because we understand systems, controls, and organizational behavior. Ethical AI is compliance by another name.

Five Key Takeaways for the Compliance Professional

1. Ethical AI begins with ethical data. Ethical governance always starts with the quality, origin, and integrity of the data used to train and inform an AI system. Inaccurate, incomplete, unlawfully sourced, or unrepresentative data introduces bias and distortion before a single line of code is written. Compliance professionals must ensure that lawful bases, consent, ownership, and use rights are fully documented, and that sensitive information is minimized and properly protected. Ethical data sourcing also requires evaluating demographic representation and identifying potential bias hotspots early. When data is handled ethically, the entire lifecycle is strengthened, reducing long-term operational, regulatory, and reputational risks.

2. Documentation is an ethical control. Good documentation is not busywork. It is the backbone of ethical AI and a critical indicator of organizational seriousness. Model Cards provide transparency regarding purpose, intended users, limitations, and performance boundaries. Risk registers assign ownership and ensure accountability throughout development, deployment, and monitoring. Audit trails create the evidentiary record that regulators and external stakeholders expect when evaluating whether decisions were responsible, compliant, and well-governed. Without documentation, an organization cannot show that it understood the risks of a model or acted responsibly in response to them. Ethical AI requires a traceable, repeatable set of records that tells a clear story of control and oversight.

3. Ethical validation requires testing. Validation is often treated as a technical gate, but ethical AI requires a far broader examination of how a model behaves under real-world stress. Compliance teams must ensure models are exposed to adversarial testing, red-team challenges, privacy leak assessments, and discrimination checks. A model that performs with high accuracy in ideal conditions may fail ethically when confronted with edge cases or bad actors. Ethical validation demands looking not only at what the model is designed to do, but at what it might inadvertently do. Only by testing for harm, misuse, and unanticipated outcomes can organizations prevent downstream risks and protect users.

4. Deployment must include safeguards. Ethical deployment is the bridge between controlled development environments and unpredictable real-world use. Safeguards such as role-based access controls, environment segregation, and capability restrictions ensure the model is used appropriately. User disclosures prevent misunderstanding by making limitations, risks, and data practices clear. Deployment controls must also account for third parties. If a vendor, integrator, or partner interacts with the model, they must uphold equivalent governance standards. Ethical responsibility does not end at the organizational boundary. Compliance oversees these safeguards to ensure that the model behaves as expected, users are not misled, and vulnerabilities are not introduced through poor operational controls.

5. Ethical monitoring is continuous. Ethics in AI is not solved at launch. Models evolve as data, user behavior, and external conditions shift. Continuous monitoring detects drift, reintroduction of bias, system degradation, and misuse patterns before harm spreads. Compliance plays a central role by ensuring real-time alerts flow to appropriate stakeholders, not solely to engineering teams. Incident response frameworks allow the organization to act quickly, document remedial action, and learn from failures. Regular reporting to senior leadership and the board reinforces accountability and aligns AI behavior with organizational values. Ethical monitoring is the mechanism that keeps AI trustworthy long after deployment.

If compliance does not lead to ethical AI governance, someone else will. It is time for the compliance to step forward.

If you would like a checklist for Embedding Ethics into the AI Lifecycle, leave us a Voice Mail.

Categories
AI Today in 5

AI Today in 5: November 17, 2025, The Using AI for Cyber Attacks Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  1. AI law tracker. (Orrick)
  2. Risks with AI in privacy compliance. (BloombergLaw)
  3. Is AI making Big Tech weaker? (WSJ)
  4. AI Sandbox in the UK. (CW)
  5. AI with boundaries. (JDSupra)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com

Categories
Blog

20 Questions Every Board Should Ask About AI

In boardrooms around the world, one theme now appears with more regularity than cyber risk, M&A uncertainty, or even financial performance. That topic is artificial intelligence. Not the lofty philosophical debate about whether machines will overtake human judgment, but the immediate, pragmatic question every director is trying to solve: How do we oversee AI in a way that protects the enterprise, unlocks value, and keeps regulators out of the boardroom?

For compliance professionals, this is a defining moment. AI risk has become the newest frontier where the board relies heavily on the compliance function to guide them. Sometimes with clarity, sometimes with guardrails, and occasionally with a well-timed reality check. This is the type of risk that exposes governance gaps quickly, and the questions the board asks, or fails to ask, will determine whether the company thrives in the age of AI or becomes the following cautionary tale.

Today, I outline 20 critical questions that every board should ask about AI. Think of them not simply as oversight prompts but as governance accelerators. Each one creates visibility, accountability, and structure. Those three elements are the foundation of every effective compliance program.

1. What are our highest-impact AI use cases, and who owns them?

Boards cannot oversee what they cannot see. The first and arguably most crucial step is obtaining a clear inventory of where AI is embedded in operations, not at a conceptual level, but with owners, systems, and risk ratings attached. When accountability is vague, risk grows quietly in the background.

2. How does AI support our strategic objectives and create measurable value?

AI is not a magic wand. It must support strategy, not distract from it. Boards should ask whether AI materially improves revenue, reduces cost, enhances safety, increases accuracy, or strengthens customer outcomes. If the answer is ambiguous, the company may be deploying AI for the wrong reasons.

3. What data powers these systems, and do we have the legal and ethical rights to use it?

Data is the fuel for AI, but not all data is created or sourced equally. Boards should expect clarity on licensing rights, privacy implications, and any limitations on the use and reuse of data. If data lineage is unclear, the company’s regulatory exposure may be far greater than it realizes.

4. How are we assessing and mitigating bias in both data and outcomes?

Bias is not only a fairness issue. It poses operational, legal, and reputational risks. Boards should see a methodology, not simply an aspiration. That includes periodic testing, remediation procedures, and documentation that can withstand scrutiny from regulators, auditors, or litigators.

5. What guardrails prevent employees from entering sensitive information into generative AI tools?

Most AI failures begin with human error. Boards should understand which safeguards are currently in place, including policies, training programs, and technical restrictions, and how the company tests their effectiveness.

6. What is our model validation process before deployment?

Deploying unvalidated models, or worse, models validated exclusively by developers, invites significant risk. Boards should confirm that model validation includes accuracy testing, robustness checks, and cross-functional review involving compliance, legal, risk, and data science.

7. How do we monitor for model drift or degraded performance over time?

AI is not static. Models evolve, environments shift, and accuracy degrades. Ongoing monitoring is essential. Boards should request a drift detection plan that includes clear thresholds, well-defined triggers, designated responsible owners, and documented response actions.

8. What is our incident response plan for AI failures, hallucinations, or data leakage?

AI failures rarely resemble traditional IT outages. They can be subtle, gradual, or hidden until significant damage occurs. A strong incident response plan clarifies roles, timelines, escalation paths, and expectations for communication with customers and regulators. Boards should insist on a rehearsal, not merely a promise.

9. How are we documenting AI-related decisions?

When regulators come calling, documentation becomes destiny. Boards should ensure that decisions tied to high-impact AI models are recorded in a manner that demonstrates thoughtful oversight, rather than blind reliance on automation.

10. Which AI regulatory regimes apply to us across global markets?

The regulatory landscape is evolving rapidly. The EU AI Act, sector-specific guidance from the United States, China’s AI regulations, and new frameworks emerging in Australia, Brazil, Singapore, and the United Kingdom are just a few examples. Boards should expect a regulatory heat map that outlines exposure, obligations, and enforcement priorities.

11. How do we manage the risk associated with third-party AI vendors and model providers?

Vendors introduce significant risk, particularly when foundation models or APIs change without notice. Contracts must include audit rights, IP protections, confidentiality provisions, and mechanisms for monitoring downstream risk. Boards should look for a vendor governance framework, not a spreadsheet with logos.

12. What training have employees received on the responsible use of AI?

Employees cannot follow principles they do not understand. Boards should expect role-based training with regular refreshers, testing, and usage monitoring, rather than one-time videos or superficial check-the-box modules.

13. How do we ensure human oversight for high-impact or high-risk decisions?

This is where compliance delivers real value. “Human in the loop” cannot simply mean that a person glanced at a dashboard. It means the right individuals reviewed the right decisions with clarity on when they are obligated to intervene.

14. What KPIs tell us whether our AI systems are performing safely and as intended?

Boards should expect dashboards containing more than accuracy scores. KPIs should include incident counts, time-to-remediation, drift flags, bias findings, and operational impacts. What the company measures reveals what the company values.

15. What controls protect AI models and proprietary data from cyber threats?

AI significantly expands the attack surface. Models can be stolen, manipulated, or poisoned. Boards should see evidence of hardened access controls, encryption, logging, and monitoring, along with procedures for handling prompt-injection attacks and adversarial inputs.

16. How do we ensure transparency with customers, employees, and regulators when AI is used?

Transparency is becoming a regulatory expectation in many jurisdictions. Boards should verify whether AI disclosures are clear, accurate, and accessible to users, rather than being hidden in dense terms of service.

17. Are we over-relying on AI in any mission-critical processes?

AI concentration risk is real. When too many decisions or functions depend on a single model or vendor, the entire enterprise becomes fragile. Boards should evaluate whether redundancies exist and whether a single point of AI failure could create systemic risk.

18. What ethical principles guide our AI development and deployment?

Ethical frameworks only matter when they are embedded in daily processes and decision-making. Boards should expect evidence that ethical considerations influenced model selection, data sourcing, vendor evaluation, and deployment controls.

19. How is Internal Audit providing independent assurance over AI?

Internal Audit must play a role. AI risk touches processes, data, controls, vendors, and governance. These are areas Internal Audit already understands well. Boards should expect AI to be included in the annual audit plan, supported by a structured methodology.

20. What investments are required to manage AI risk in the next 12 months?

Boards appreciate transparency, not surprises. AI governance necessitates ongoing investment in personnel, skills, monitoring tools, testing environments, and data management capabilities. If AI grows without proportional governance funding, the company creates risk rather than value.

Why These Questions Matter Now

We are entering an era in which regulators expect boards to demonstrate active oversight of AI, just as they do for cybersecurity, financial controls, and data privacy. Gone are the days when AI could be treated as an IT experiment or a futuristic curiosity. Today, it sits squarely in the center of corporate governance. This means compliance oversight is required. For compliance professionals, this is an opportunity to step forward and provide structure. We can shape the conversation, establish frameworks, and guide leadership toward responsible adoption and implementation. These 20 questions give the boards the clarity they need and ensure compliance with the influence it deserves.

AI presents extraordinary potential, but potential without oversight becomes risk. Compliance professionals can ensure that the board asks the right questions, receives the necessary information, and establishes the appropriate controls to ensure effective oversight. In the age of AI, strong governance is not simply a competitive advantage. It is a survival strategy.

If you would like the whole 20 Question list, please leave us a Voicemail.

Categories
AI Today in 5

AI Today in 5: November 14, 2025, The AI for Cyber Attacks Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. Pitching AI as Mission Critical in wealth management. (FinTechGlobal)
  2. Chinese hackers reportedly used Anthropic for cyberattacks. (WSJ)
  3. Are BODs ready for AI? (WSJ)
  4. Fraud in AI data center planning. (FT)
  5. BODs seek AI experts. (CCI)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
AI Today in 5

AI Today in 5: November 13, 2025, The AI as Chart Topper Edition

Welcome to #AITodayin5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  1. AI breakthrough in finance. (FinTechGlobal)
  2. No surprise, as Tech leads in AI adoption. (Business Wire)
  3. Where does AI do the best in compliance? (CCI)
  4. Remember when things were a ‘cool $1 million’; now they’re $50 billion. (Bloomberg)
  5. The AI song is topping the chart in C&W. (ABCNews)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
ACI FCPA Conference 2025

ACI-FCPA Conference Speaker Preview Series – Bryan Judice on Next Gen Tools for Next Gen Risks

In this episode of the ACI-FCPA and Global Anti-Corruption Conference Speaker Podcasts series, Bryan Judice discusses his presentation at ACI’s Forum on AI and Data Analytics for Anti-Corruption Compliance, which will be held on Tuesday, December 2.

Some of the issues the panel will discuss are:

  • Agentic AI tools for fraud risk management;
  • The increased importance of data analytics in fraud prevention.
  • Cutting-edge AI strategies for fraud risk management into 2026 and beyond.

I hope you can join me at the ACI–FCPA Conference. This year’s event will take place on December 3-4 at the Gaylord National Resort & Convention Center in National Harbor, Maryland, near Washington, D.C. The lineup of this year’s event is simply first-rate, featuring some of the top FCPA professionals, white-collar attorneys, and compliance practitioners in the field.

The 2025 program is being completely redesigned to help your organization stay agile, responsive, and ahead of the curve. Expect a dynamic agenda shaped by real-world priorities, practical takeaways, and the most cutting-edge thinking in compliance—led by a faculty of global practitioners with boots on the ground, encountering the very risks that come across your desk.

Please join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount by using the code D10-999-CPN26.