Categories
Adventures in Compliance

Adventures in Compliance – Institutional Justice and Institutional Fairness Lessons from The Adventure of the Veiled Lodger

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case-Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider the story The Adventure of the Veiled Lodger.

Tom emphasizes the importance of fairness and transparency in compliance investigations, accountability without retaliation, encouraging whistleblowers, and addressing systemic failures. The episode also highlights how ethics and compliance must be ingrained in corporate culture, reflecting principles from the Department of Justice’s 2020 and 2024 updates to the Evaluation of Corporate Compliance Programs. Through Holmes’ empathetic approach, compliance professionals can learn the importance of contextual investigations and the pursuit of institutional justice. Tom invites Sherlock Holmes enthusiasts to engage in discussions about the stories and underscores the role of compliance in fostering a fair and ethical workplace.

Highlights include:

  • The Story of the Veiled Lodger
  • Lessons on Institutional Justice and Fairness
  • Lessons for CCOs

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

 Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Right is Right/Wrong is Wrong: Trump, The FCPA and Effective Compliance

In a surprise to no one, President Trump said he was suspending Foreign Corrupt Practices Act (FCPA) enforcement. Why is it no surprise? Because the FCPA commits illegal bribery and corruption against foreign officials and employees of state-owned enterprises outside the US. Trump wants to make such business tactics legal for US companies, as he thinks US companies cannot compete with other international actors without engaging in such illegal conduct. But the reality is that Mark Twain was correct; ‘right is right and wrong is wrong,’ and Trump’s pronouncement of non-enforcement did not make bribery and corruption of foreign officials and employees of state-owned enterprises outside the US legal. This announcement also puts more US companies at risk for shakedowns by corrupt foreign officials.

For the compliance professional, this suspension of FCPA enforcement will make having an effective corporate compliance program even more important for the upcoming 3+ years of Trump’s final term. I want to break down the reasons for continued effective compliance into legal and business.

Criminal Reasons

A. 5-Year Statute

The FCPA is still the law of the US. Any company or person who now engages in bribery and corruption of foreign officials and employees of state-owned enterprises outside the US will violate the FCPA. There is a five-year statute of limitation on FCPA enforcement, so even if your organization decided to start bribing today, there would be a five-year window of potential liability. Moreover, it is five years from the discovery of the illegal conduct, so unless your organization affirmatively states via its books and records that it has engaged in illegal activities and violated the FCPA, there will be an even longer tail for investigation and prosecution.

B. SEC and Books and Records

Remember, the FCPA has two basic provisions. One, thou shalt not bribe foreign officials and employees of state-owned enterprises outside the US. Second, thou shalt have accurate books and records. The Securities and Exchange Commission (SEC) enforces this second component of the FCPA. It has two parts: (a) financial books and records that accurately reflect the financial condition of the organization and (b) effective internal controls that prevent bribery and corruption. Is the SEC now going to turn its back by allowing companies that engage in illegal actions to puff up their profits to defraud the American public?

C. Individual Prosecutions Outside the US

The stakes are even higher for the individual corporate employee doing business outside the US. NO country in the world says that bribing our government officials is legal. That makes any such bribe illegal. This is not about an extra-territorial law such as the FCPA, where China or Nigeria would come to the US and arrest a US citizen for actions in China or Nigeria. Instead, it is about China or Nigeria enforcing their domestic laws. Remember the GlaxoSmithKline PLC (GSK) bribery conviction in China in 2014. A Chinese court fined the company nearly $500 million dollars. Equally significant was the criminal conviction of the Country Manager and several of his direct reports. With the Trump Administration aiming more tariffs and other trade sanctions at China, does anyone not think the Chinese government may well open investigations, warranted or not, at US corporations doing business in China and US individuals working in China? (For a full discussion of the entire sordid affair of GSK in China, read my book on it, available on Amazon.com)

What about detaining US businesspersons on more trumped-up charges? Just look at what purported US ally Nigeria did to Binance compliance officer Tigran Gambaryan in 2024. According to the New York Times (NYT), the “Nigerian government charged Mr. Gambaryan and Binance itself with tax evasion and money laundering — effectively accusing the company and a midlevel employee of the same crimes.” He was held in custody for eight months in a Nigerian prison in Abuja. Both the GSK matter and Gambaryan’s case point to the real risks that US businesspersons may now well face if they engage in bribery and corruption outside the US. Wherever you want to be, a prison in China or Nigeria is not one of those places.

Business Reasons

A. The Bribery Tax

Paying bribes is a cost. Once you pay a bribe, corrupt officials have you in their collective back pockets. Multiple FCPA enforcement actions over the years have demonstrated that corruption officials are never shy about demanding more illegal payments during the life of a business relationship. Does an organization think a one-time bribe payment will secure your contract? Once corrupt government officials eat at the trough of a corrupt company, they always come back for more. Churchill said, ‘One, we have established your morals; now it’s just a question of the amount.’

Bribery can be a one-time payment or much more ongoing. Bribes are a percentage of the overall contract value and can go up or down. Who is going to keep those records, and how does an organization engage in such negotiations? It sounds like trying to negotiate with organized crime. The bottom line is that bribes are a tax that any organization subjects itself to when it engages in corruption.

B. Negative Impact on Revenue

Not only does paying bribes put an individual and organizations at criminal risk, but it can also be more costly and a less effective business strategy in the long run. A CFO.com article reported that George Serafeim and Paul Healy of Harvard Business School released a paper in the American Accounting Association journal The Accounting Review that the business impact of paying bribes “overall effect on a company’s finances is nil—a poor result, given that the practice could trigger damaging media. Yet bribes are costly. The low returns on equity on incremental sales in high-corruption markets for firms [that commit bribery] imply that the costs are not fully recovered through higher prices on corrupt contracts or through scale economies from increased sales.”

Statistically, the authors reviewed some “480 large multinational companies from 32 countries; those with strong anticorruption programs had average sales growth over three years of 2.6% in high-bribery countries or regions, far below the 14.1% achieved by anticorruption laggards. Yet, that didn’t translate to a greater gain in return on equity for the latter group compared with the former. “On average, the sales growth and ROE effects are offsetting.”

C. Department of Bribery and Corruption

Now, think about the business impact of how bribes might be paid. Will your organization go full Siemens or Odebrecht and create an entire department dedicated to bribery and corruption? Will your organization change its Code of Conduct to say that now that the Trump Administration has suspended FCPA enforcement, your company will engage in illegal acts? Are you going to try to hide your newfound business strategy? If so, what is the cost of announcing that your organization believes in unlawful acts to gain business? What business executive will lead this organization and put their head on the chopping block for directing illegal activity?

Your organization would be skewered in the court of public opinion. Just as consumers have no interest in purchasing clothing or other products created by slaves or forced labor, they would have zero interest in companies that pay bribes to garner business. Such actions could also lead to more civil actions for anti-competitive behavior brought by private parties.

But here, the greater risk is internal for companies. After 20 years of training on not paying bribes, how to spot a bribe, and who not to do business with, the Trump Administration expects US companies to change course. What will this do to a culture of doing business ethically and in compliance? If corporate execs set up a Department of Bribery and Corruption or try to hide it, what message does that send to employees? It sends the message that engaging in bribery, corruption, and fraud is acceptable in our organization.

This fraud component may be the most important business reason for robust compliance. Every ACFE Report to the Nations makes clear that corruption is a subset of fraud. Any company that supports bribery and corruption will be more susceptible to employees engaging in fraud. After all, if a company is willing to violate the law to make money, why shouldn’t employees do so as well?

III. Compliance is the Key

I have set out all of these scenarios to explain why compliance will become even more important during this second Trump administration. If doing ethics is doing the right thing when no one is looking, then compliance should be seen as the business process that follows up to ensure it is all happening. Going forward, the need for effective compliance will only increase, and the pressure on compliance professionals will intensify. An effective compliance program will make your business run more efficiently and more profitably. It will protect your organization from various woes brought on by the current administration.

Categories
Blog

The Rising Tide of CCO and CISO Liability

The issue of personal liability for Chief Compliance Officers (CCOs) and Chief Information Security Officers (CISOs) is not new, but as we move into 2025, it is becoming an increasingly pressing concern. The regulatory environment is evolving, and enforcement trends indicate a growing willingness among prosecutors to target individual executives. The cases of Joe Sullivan, Carlos Abarca, and Tim Brown highlight critical lessons for compliance professionals. These cases—and the broader regulatory framework—underscore the importance of proactive risk management, clear governance structures, and a strong compliance culture. Jonathan Armstrong and I explored these cases, their issues, and the lessons learned from them in a recent episode of the award-winning podcast Life with GDPR.

Personal Liability: A Trend That’s Here to Stay

The SEC has long embraced the idea of holding individuals accountable for corporate misconduct. The rationale is simple: corporations may treat fines as a cost of doing business, while individual prosecutions create a stronger deterrent effect. This approach is particularly evident in cybersecurity failures, data breaches, and financial misrepresentation. Indeed, former SEC Director of Enforcement Gurbir Grewal, in a speech to the New York City Association Compliance Institute in 2023, said that there were “three situations where the Commission typically brings enforcement actions against compliance personnel.” These three are:

  1. Where compliance personnel affirmatively participated in misconduct unrelated to the compliance function;
  2. Where they misled regulators, and
  3. They had a wholesale failure to carry out their compliance responsibilities.

The question facing compliance professionals is no longer whether they could be held personally liable but how to mitigate that risk. We then turned to three key individual cases to see what lessons might be drawn.

Case Studies in Individual Accountability

  • Joe Sullivan and the Uber Case

Joe Sullivan, a former federal prosecutor and Uber’s CISO, was convicted for his role in covering up a data breach. When hackers exploited Uber’s system, Sullivan arranged a $100,000 payment through Uber’s bug bounty program, framing it as a legitimate transaction rather than a ransom payment. The prosecutors argued that he misled regulators and obstructed justice. Though Sullivan avoided prison and received a sentence of three years probation, the judge clarified that future cases might not be met with such leniency. The lesson here? Transparency is non-negotiable. Attempting to manage a breach in secret, even with good intentions, can result in severe personal consequences.

  • Carlos Abarca and the TSB Bank Migration Failure

Carlos Abarca, former CIO of TSB Bank, oversaw an IT migration project that ultimately failed, leading to widespread customer service outages. During board meetings, Abarca assured directors that the project was on track. However, regulators scrutinized his statements when the migration went awry due to supplier failures. He was fined nearly $100,000, with investigators even citing his LinkedIn profile, where he described himself as an expert in change management. The key takeaway? CCOs and CISOs must ensure that their public and internal statements accurately reflect organizational realities. Overstating capabilities—or underreporting risks—can become evidence of liability.

  • Tim Brown and the SolarWinds SEC Action

Tim Brown, SolarWinds’ CISO, faced SEC charges for allegedly misleading investors about the company’s cybersecurity posture. The SEC contended that Brown downplayed known security risks, making generic statements such as “we could be attacked” while failing to disclose specific vulnerabilities that were internally documented. Though these charges were eventually dismissed, it highlighted the increasing role of securities regulators in policing cybersecurity disclosures. For compliance professionals, this underscores the importance of precise, fact-based reporting. Vague assurances will not suffice when regulators uncover internal evidence of known risks.

Regulatory and Legislative Trends: A Tougher Landscape Ahead

The move toward personal liability is not just a U.S. phenomenon. The EU’s Digital Operational Resilience Act (DORA), the Cyber Resilience Act, and similar regulations introduce new accountability mechanisms for compliance and security professionals. These laws emphasize:

  1. Personal responsibility for cybersecurity and compliance failures
  2. Heightened reporting obligations for executives
  3. Potential fines and bans from holding future positions

Furthermore, changes in corporate listing rules, especially regarding cybersecurity disclosures, suggest that more CCOs and CISOs will be in the regulatory crosshairs. With shareholder lawsuits also on the rise, particularly in the U.S., individuals may face government enforcement and private litigation.

Mitigating Personal Risk: What Compliance Officers Can Do

Given these trends, compliance professionals must take proactive steps to protect themselves. We reviewed the following steps a CCO/CISO could take.

  • Due Diligence Before Accepting a Role

If you are considering a new compliance or security leadership position, conduct thorough due diligence on the organization:

  1. Investigate past compliance failures or regulatory issues.
  2. Assess the board’s composition and governance practices.
  3. Evaluate the company’s historical commitment to compliance and cybersecurity.

A company with a poor compliance track record or a weak board structure may pose significant personal risks.

  • Clarify Your Role and Responsibilities

Clearly define your job responsibilities, ensuring that you supervise compliance rather than solely being responsible for it. A well-drafted job description should:

  1. Specify oversight responsibilities rather than direct operational duties.
  2. Ensure a direct reporting line to senior leadership or the board.
  3. Include indemnification clauses in cases of legal action.
  • Secure Adequate D&O Insurance

Directors and Officers (D&O) insurance is a critical safeguard. Compliance professionals should:

  1. Confirm that D&O insurance covers regulatory and enforcement actions.
  2. Negotiate for personal indemnification clauses in employment contracts.
  3. Ensure coverage is broad enough to include cybersecurity incidents and regulatory fines.
  • Strengthen Internal Reporting and Documentation

Proper documentation is one of the best defenses against liability.

  1. Ensure board minutes accurately reflect discussions about compliance and risk.
  2. Maintain records of risk assessments and mitigation efforts.
  3. Encourage formal reporting mechanisms rather than informal communications.
  • Be Cautious with Communications

Emails and internal memos can become evidence in investigations. Best practices include:

  1. Avoid speculative discussions about compliance risks.
  2. Stick to factual reporting and avoid overly optimistic statements.
  3. Encourage employees to use formal reporting channels rather than casual email exchanges.

Looking Ahead: What to Expect in 2025

As regulatory scrutiny increases, compliance and security professionals must remain vigilant. We can expect:

  1. More enforcement actions targeting individuals rather than just corporations.
  2. Greater regulatory focus on cybersecurity disclosures in public filings.
  3. Stronger whistleblower protections increase the likelihood of internal reports leading to investigations.
  4. Continued expansion of liability under new European and U.S. regulations.

The era of heightened personal liability for compliance and security executives stays here. The best defense is a strong offense: conducting due diligence before taking a role, clearly defining responsibilities, securing proper insurance, maintaining meticulous documentation, and ensuring precise internal and external reporting. In this new environment, compliance professionals must not only safeguard their companies but also themselves.

Categories
Blog

Building Trust in AI with Blockchain: A Compliance Perspective

Artificial Intelligence (AI) has rapidly become a key driver of business decision-making across industries, from financial services to healthcare. Yet, despite its enormous potential, AI remains a “black box” that raises serious concerns about transparency, accountability, and fairness. According to Pew Research, 52% of Americans are more concerned than excited about AI, while only 10% express enthusiasm. This trust deficit presents a critical challenge for compliance professionals: how can organizations demonstrate responsible AI use and ensure compliance with evolving regulatory expectations?

I was therefore intrigued to read a recent article in the Harvard Business Review by Scott Zoldi and Jordan T. Levine entitled, Using Blockchain to Build Customer Trust in AI. Their response to this quandary was to look at FICO, a leader in financial analysis and ratings, which developed a private blockchain that automated documentation and standards in model development. FICO’s approach leaned directly into a series of strategies used by compliance professionals.

The Compliance Challenge of AI

AI’s ability to analyze vast amounts of data and generate predictions is its greatest strength and its most significant liability. Machine learning models can reinforce biases, lack interpretability, and operate without clear accountability. Compliance professionals must address these challenges head-on by ensuring that AI models are:

  • Interpretable: Customers and regulators need to understand how AI models make decisions.
  • Auditable: Organizations must maintain detailed records of AI development and deployment.
  • Enforceable: Compliance teams need mechanisms to ensure adherence to ethical AI standards.

Without these three pillars, AI risks becoming a compliance nightmare that could lead to regulatory penalties, reputational damage, and loss of customer trust.

Blockchain ensures that AI models are developed following internal guidelines and regulatory requirements. Every modification to the model, from data selection to algorithmic tuning, is permanently recorded, making it easier for compliance officers to track decisions and pinpoint the cause of any discrepancies. This immutable nature benefits industries with strict regulations, such as finance and healthcare, where audits and regulatory reviews are routine.

Additionally, blockchain helps prevent unauthorized alterations by requiring cryptographic verification before changes are accepted into the system. Any attempt to introduce bias, manipulate datasets, or adjust algorithms must be documented and approved transparently. This enhances accountability and strengthens organizational trust in AI.

Blockchain’s integration into AI governance fosters cross-functional collaboration between compliance, legal, and data science teams. Using a single, tamper-proof source of truth, organizations can streamline communication and ensure that AI-related decisions align with corporate policies and industry standards. This collaborative approach mitigates risks and reduces inefficiencies, allowing businesses to innovate responsibly while maintaining regulatory compliance.

For compliance professionals, blockchain provides an operational framework supporting continuous AI model monitoring and improvement. It facilitates real-time oversight, allowing organizations to identify potential compliance risks before they escalate into regulatory violations or reputational damage. As AI technology evolves, blockchain’s role in governance will likely expand, offering even greater opportunities for secure, transparent, and ethical AI development.

Blockchain: A Path to AI Accountability

Blockchain technology offers a potential solution by providing an immutable, transparent record of AI model development and decision-making. The authors reviewed FICO’s adoption of blockchain. They learned, “Making this system work was less a tech challenge than a people one. They learned it was important to start with standards, then develop the tech; that making the system user-friendly was non-negotiable; that it was essential to iterate on quick wins; that they had to build repositories to hold large AI assets in alternate storage; and that they needed capable IT teams to handle the maintenance demands of this system.”

By moving from traditional documentation methods (such as Word documents) to a private blockchain, FICO:

  • Reduced model support issues and recalls by over 90%.
  • Created a single source of truth for AI model development.
  • Ensured absolute adherence to AI governance standards.

Blockchain’s ability to create an auditable trail of every change, test, and decision made during AI model development provides a powerful compliance tool. Unlike conventional documentation, blockchain prevents unauthorized changes and ensures compliance teams can verify AI decisions long after they are made.

Beyond compliance, blockchain enhances the efficiency of AI governance by automating tracking mechanisms that reduce administrative burdens. Traditionally, managing AI development required extensive oversight, documentation, and verification processes, often prone to human error or oversight. By leveraging blockchain, organizations can automate this oversight, ensuring that model updates, training datasets, and algorithmic adjustments are securely recorded in a tamper-proof ledger. This improves compliance and accelerates AI innovation by reducing bottlenecks in model validation.

Additionally, blockchain’s transparency enables better cross-functional collaboration between compliance officers, data scientists, and IT security teams. Instead of relying on disparate documentation and periodic audits, stakeholders can access a real-time, immutable ledger of AI development activities. This fosters greater accountability and ensures that AI models align with ethical guidelines, regulatory requirements, and corporate governance policies from inception to deployment.

Blockchain can mitigate risks associated with AI bias and ethical concerns by providing a structured framework for tracking model modifications and testing processes. Any deviation from approved methodologies is recorded, allowing organizations to detect and address potential issues before they impact decision-making. This proactive approach strengthens AI reliability and fosters trust among regulators, customers, and stakeholders who demand greater transparency in automated decision-making processes.

By integrating blockchain into AI governance, organizations gain a robust compliance tool that ensures models are developed responsibly, deployed ethically, and maintained transparently. As regulatory scrutiny around AI continues to grow, adopting blockchain-based governance is not just an operational advantage; it can provide both a strategy and mechanism for maintaining trust and regulatory compliance in the evolving AI landscape.

Key Compliance Lessons from FICO’s Blockchain Approach

1. Standards Must Come First

Before implementing blockchain, organizations must establish clear AI development standards. This includes defining acceptable algorithms, ethical testing methodologies, and regulatory compliance requirements. Without these guardrails, blockchain is just another technology without purpose.

2. User Adoption Requires a Seamless Experience

One of the biggest hurdles in AI governance is ensuring that data scientists comply with established processes. At FICO, blockchain-based AI governance became non-negotiable—developers could not release models without following the blockchain-tracked workflow. Making compliance seamless rather than burdensome is key to adoption.

3. AI Governance Must Be Iterative

FICO’s blockchain approach evolved, starting with small proofs of concept before scaling across its AI development teams. Compliance professionals should take a similar approach, testing blockchain governance in high-risk areas before expanding its use across the organization.

4. Immutable Records Are Key for Regulatory Defense

Regulators are increasingly scrutinizing AI-driven decisions, especially in highly regulated industries such as finance and healthcare. An immutable AI development, testing, and deployment record provides a powerful defense against regulatory inquiries. It also enables organizations to demonstrate compliance rather than scrambling to justify decisions afterward proactively.

5. Blockchain Is a Tool, Not a Silver Bullet

While blockchain enhances AI governance, it is not a substitute for a strong compliance program. Organizations must still conduct rigorous ethical testing, monitor AI performance, and engage with regulators to ensure ongoing compliance. Blockchain should be viewed as an enabler of trust, not a cure-all.

Final Thoughts: The Future of Compliance in AI Governance

As AI becomes more embedded in business operations, compliance professionals must evolve their oversight strategies to keep pace. Blockchain offers a compelling approach to ensuring AI accountability, but it requires careful implementation, clear governance standards, and buy-in from business leaders.

FICO’s success demonstrates that trust follows when AI governance is built on transparency, auditability, and enforceability. Compliance professionals who embrace blockchain’s potential can help bridge the trust gap in AI, ensuring that these powerful technologies are used responsibly, ethically, and in full compliance with regulatory expectations.

For compliance teams, the question is no longer whether AI governance needs to evolve but how quickly organizations can implement solutions that keep AI accountable. Blockchain is one step in the right direction.

Categories
Blog

The Compliance Sabbatical

The world of corporate compliance is demanding. It requires constant vigilance, deep ethical reasoning, and navigating ever-evolving regulatory landscapes. Compliance professionals are often the last defense against misconduct, ensuring companies adhere to laws and ethical standards. But with great responsibility comes great stress, and burnout is an all-too-common reality in our field. I was intrigued when I came across a recent article in the Havard Business Review by DJ DiDonna, entitled The Case for Sabbaticals — and How to Take a Successful One.

A sabbatical, defined by DiDonna as an intentionally extended leave from your job-related work, may seem out of reach for many workers. But if you can swing it, the potential payoff is enormous. Taking one could be transformational for your life and career. Research and interviews with more than 250 sabbatical-takers reveal the key attributes that define these breaks, the three distinct sabbatical types, and the hurdles one must overcome to persuade bosses, colleagues, and yourself that it is a good idea. DiDonna makes a compelling argument that stepping away from work for a meaningful period is not simply beneficial; it can be transformative. A sabbatical can be essential for maintaining long-term effectiveness and well-being for compliance professionals who operate under high-pressure conditions.

The Compliance Burnout

Compliance officers work in an environment of constant scrutiny. The stakes are high, and the margin for error is razor-thin. Between managing regulatory risks, conducting investigations, and ensuring ethical corporate behavior, the stress can take a cumulative toll. Research shows that burnout leads to reduced effectiveness, poor decision-making, and even ethical lapses, precisely what compliance professionals are hired to prevent. A sabbatical offers a structured way to step back before burnout reaches critical levels. It allows professionals to reset mentally and physically, returning to work with renewed energy and sharper focus.

Benefits of a Sabbatical

1. Reconnecting with Purpose

One of the most significant benefits of a sabbatical is reassessing professional and personal priorities. Many compliance professionals enter the field driven by a strong ethical compass and a desire to make a difference. However, the daily grind, dealing with corporate bureaucracy, managing regulatory challenges, and sometimes confronting internal resistance can wear down that initial sense of purpose.

A sabbatical provides space to reflect on career goals and reconnect with the motivations that drew one to compliance in the first place. DiDonna’s research highlights that many sabbatical-takers return with a clearer sense of direction, often making strategic career shifts or doubling down on their professional mission.

2. Enhancing Strategic Thinking

Regulatory compliance is a dynamic field. Laws change, enforcement priorities shift, and new risks emerge. Staying ahead requires strategic thinking and adaptability. Yet, when professionals are caught up in the day-to-day pressures of compliance, it can be not easy to see the bigger picture.

A sabbatical can foster deep thinking and learning that compliance professionals rarely have time for. Whether through travel, study, or personal projects, time away from routine responsibilities can lead to fresh insights that improve compliance strategy and risk management upon return.

3. Cultivating Resilience and Creativity

Innovation isn’t a word often associated with compliance, but the best compliance programs thrive on creative problem solving. How do you foster a speak-up culture? How do you implement effective training that resonates with employees? How do you navigate gray areas where the law is ambiguous?

Time away from work stimulates creativity, especially when spent in new environments or pursuing new experiences. Compliance officers who take sabbaticals often return with novel approaches to training, policy implementation, and risk assessment.

Practical Steps to Make a Sabbatical Work

Despite the benefits, many compliance professionals hesitate to take a sabbatical. They worry about job security, financial implications, and how their absence might impact their organization. However, with careful planning, a sabbatical is more feasible than most professionals realize.

  1. Plan Ahead: A sabbatical does not have to mean quitting your job. Many organizations offer formal sabbatical programs, even those that do not may accommodate unpaid leave for valued employees. The key is to plan early and present a business case for how your time away will ultimately benefit the organization.
  2. Set Clear Boundaries: A true sabbatical means fully disconnecting from work. That means no checking emails or staying involved in projects remotely. The point is to create distance, both physically and mentally.
  3. Structure Your Time: A sabbatical should be intentional, whether traveling, volunteering, studying, or simply spending time with family. The goal is not simply to take time off but to recharge through engaging in experiences that provide renewal and perspective.

A Strategic Investment in Longevity

Corporate compliance isn’t a sprint; it’s a marathon. To be effective over the long haul, professionals need to pace themselves. Taking a sabbatical is not a luxury; instead, it is an investment in the longevity of individuals and the organizations they serve. Companies benefit when their compliance teams are engaged, refreshed, and thinking strategically.

If compliance professionals want to avoid burnout, enhance their strategic thinking, and return to work with renewed purpose, they should seriously consider taking a sabbatical. The research is clear: stepping away can make all the difference, even temporarily.

Categories
Blog

Using GenAI to Make Small Transformations

A recent article entitled Generate Value From GenAI With ‘Small t’ Transformations by Melissa Webster and George Westerman caught my attention. The authors posited that business leaders get real value from large language models by working their way up the risk slope and building the foundation for larger future transformations. However, they came up with an interesting strategy to test their question. They wrote, “As business strategists, we wanted to see what generative AI could add to our work. We explored this question through experiments on different aspects of the strategy creation process. In each experiment, we put a realistic strategy question to ChatGPT, followed by a lengthy back-and-forth to refine the initial responses. The intention was to understand how the tool can support ideation, experimentation, evaluation, and the building of stories—and where it falls.”

Basically, they used ChatGPT and generative AI (GenAI) to create and refine the strategy. I found this approach very interesting for the compliance professional. From this approach, they learned lessons in three uses applicable to the compliance professional.

  1. GenAI in Tasks That Are Common to Individuals in Many Roles
  2. Specialized GenAI for Compliance Professionals
  3. Enhancing the UX

Common Tasks. Compliance professionals can use large language models (LLMs) in ways that are useful to many compliance roles, such as writing, synthesizing information, generating imagery, and documenting meetings. GenAI’s near-ubiquitous nature can have a real impact on your compliance function. You can buy or create integrated tool sets that link generative AI to other functions that compliance professionals typically perform. Benefits vary by use and user, with individual initiative-taking and prompting skills influencing the value they derive.

Consider adding compliance-specific intelligence by training models on terminology and information that are proprietary to the company. For example, the authors point to the “Global consulting firm McKinsey built Lilli, [which built] a platform that links generative AI to its intellectual property from over 40 internal sources. The effort involved significant technical hurdles; for example, the tool needed to be changed to read PowerPoint slides, one of the company’s main ways of communicating project information, but the platform is providing value. For instance, if a consultant has a question about green energy business models in less-developed economies, Lilli can quickly find and synthesize information from projects that have already studied the problem somewhere in the world. McKinsey has reported that the platform’s capabilities and robust employee education led to about 75% of employees actively using Lilli in less than a year, time savings of up to 30%, and substantially improved quality.”

McKinsey is not alone in developing these specialized models for the general workforce. The same approach would work for a compliance function.

Specialized GenAI for Compliance. In this category, the authors say that “companies working their way up the risk slope are developing generative AI capabilities to improve productivity and quality in specific job roles or business processes. There is less tolerance for unacceptable output here.” These GenAI resolutions “typically maintain a human in the loop, where employees interact with the tools and review the outputs rather than allowing the GenAI tools to make decisions or produce outputs automatically.” Moreover, such outputs would seem directly suited for the compliance function.

In the space adjacent to compliance, the world of corporate finance, the authors found that “finance teams are relatively late adopters of new technologies, with CFOs citing technology gaps, data concerns, and competing priorities as reasons for that lag.” What does that sound like? Many legally trained corporate compliance officers.

The authors cited, “One international energy company we studied created a tool using a mix of GenAI, traditional AI, and other algorithms to suggest mitigations or help rewrite an audit report. Other companies use generative AI to assist in drafting reports for audits or regulatory compliance. At Amazon, the finance function uses rules-based AI, machine learning, and LLMs to address tasks in fraud detection, contract review, financial forecasting, personal productivity, interpretation of rules and regulations, and tax-related work.” Such a tool could move compliance professionals from repetitive tasks to focus more on work involving critical thinking.

Enhancing the UX. The next step for GenAI in compliance is with its customers, i.e., corporate employees. Just as GenAI is transforming traditional customer service and retail engagement, it can do so for interactions by compliance and employees. Unlike traditional phone menus or robotic process automation (RPA) chatbots, GenAI enables dynamic, multilingual responses, enhancing customer experience while optimizing operational efficiency. Take the example of John Hancock, which has implemented AI-driven chatbots to manage routine inquiries, allowing human agents to focus on more complex customer needs. This shift improves response times, reduces costs, and increases employee efficiency. Now, apply that strategy to your employees.

Beyond text-based interactions, GenAI is expanding into voice-based customer engagement. Companies like Starbucks, Domino’s, CVS, and major banks are integrating AI-driven voice assistants with future applications that will likely include video-based interactions. Compliance can also use all of these strategies.

By pursuing small-t transformation, often with a human in the loop, as they build capabilities, your compliance team can enable the development of applications with higher value and risk. The authors list several actions a Chief Compliance Officer (CC) can take to generate transformation with generative AI.

  1. Identify key pioneers in your organization and develop your messaging. With generative AI, innovation often comes from “cyborgs”—early adopters who integrate the technology into their work and are motivated to use it to solve a problem for themselves or their customers. Use them to communicate your innovation vision.
  2. Assess your company’s current position on the risk slope. What are you already doing, and what would be the next level of complexity and reward? Look at opportunities in individual productivity, role-specific enhancements, and innovations in product or customer engagement.
  3. Consider scalability. The authors noted, “According to the head of AI at a large bank we spoke with, “the more stuff you do, the more stuff you find to do.”
  4. Secure management buy-in. Small-t innovations can help to make the value story real and make the case for investments that can reduce the perceived risk of larger opportunities.
  5. Investigate foundational investments. Some of the boldest use cases will require extensive investment in data cleansing, model training, and integration before they can be ready for a real-world test.
  6. Maintain a long-term perspective. “The transformative cases take longer to build the business case, test the models, change behaviors, etc.,” said Chris Bedi, chief customer officer at software company ServiceNow. “The challenge is not only technical but also leaders taking time to reimagine their future with big ideas.”

The bottom line is that while productivity gains are the expected and common benefits of applying GenAI to specialized roles and tasks in compliance, the technology’s true impact extends further. GenAI is fundamentally transforming what compliance professionals can achieve. GenAI is enabling innovations and reshaping traditional compliance processes by enhancing efficiency and expanding the realm of possibilities within various functions.

Categories
Blog

Building a Data-Driven Culture: A Compliance Imperative in the Age of AI

I recently read an article in the Sloan Management Review entitled “Building a Data-Driven Culture: Four Key Elements” by Ganes Kasari, founder and CEO at Tensor Planet. He posits that a data-driven culture is vital to success with AI projects, but shaping one involves many challenges. He suggests that learning how to build one from organizations that have made the journey engaging for employees is one approach to take. For compliance professionals, this is a critical issue. Compliance, risk management, and governance efforts may be ineffective if a company’s workforce does not instinctively turn to data when making decisions.

The Department of Justice’s (DOJ) 2024 Update on the Evaluation of Corporate Compliance Programs (2024 ECCP) has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But if an organization has not built a culture of data-driven decision-making, compliance will always be playing catch-up.

So, how do companies foster a data-driven compliance culture? Kasari says the answer lies in four key areas:

  1. Leadership Intervention
  2. Data Empowerment
  3. Collaboration
  4. Value Realization

Leadership Intervention: Setting the Tone from the Top

For a compliance program to be truly effective, proactive, and data-driven, leadership must take an active role in championing the importance of data in decision-making. Too often, executives fund compliance initiatives but delegate execution entirely to compliance and IT teams. The result? Employees still see compliance as someone else’s job rather than an integral part of business operations.

The DOJ has emphasized that compliance programs must have engaged leadership. That means:

  • Executives must communicate why data and AI are essential for compliance.
  • Leaders must use data themselves, modeling the behavior they expect from their employees.
  • Regular check-ins and accountability measures should ensure compliance is not just an IT issue but an enterprise-wide priority.

Concept in Action: Rewarding Compliance Innovation at DBS Bank

When DBS Bank launched its digital transformation initiative, CEO Piyush Gupta prioritized creating a culture that rewarded data-driven decision-making and innovation. In one case, an employee made a data-driven compliance decision, ultimately leading to a failed experiment. There was regulatory pressure to penalize the employee, but Gupta stepped in and awarded them instead—for trying, learning, and embracing the new compliance culture.

This kind of visible leadership support sends a powerful message: compliance isn’t just about avoiding penalties but also about building a smarter, more resilient organization.

Data Empowerment: Making Compliance Everyone’s Job

For compliance to be truly embedded in company culture, every employee, not just compliance officers, must be able to access, understand, and act on data.

This means focusing on three levels of readiness:

  1. Data Readiness – Ensuring high-quality data is available at the right time to the right people.
  2. Analytical Readiness – Training employees to interpret compliance data and make informed decisions.
  3. Infrastructure Readiness – Investing in AI-driven compliance tools, automation, and real-time risk monitoring systems.

Concept in Action: JPMorgan Chase and the DeepRacer Challenge

JPMorgan Chase wanted to upskill employees in AI and data analytics. Instead of boring compliance training sessions, the company introduced a global challenge using AWS DeepRacer, a competitive coding event where employees programmed autonomous vehicles to race.

Employees learned data analytics, AI programming, and machine learning principles while having fun. The result? Thousands of employees became data-literate, able to apply AI-driven insights to compliance, risk management, and fraud detection.

Collaboration: Breaking Down Compliance Silos

Too often, compliance sits in its bubble, siloed from business operations. However, in an AI-driven world, compliance must be embedded in every department, from finance and HR to product development and supply chain management.

A major barrier to compliance collaboration is language. Compliance teams often use technical jargon, while business teams use operational language. The result? Miscommunication, resistance, and confusion.

To fix this, compliance functions must invest in:

  • Cross-functional compliance training so business leaders understand compliance risks.
  • Compliance “translators”—employees who bridge the gap between compliance and business operations.
  • AI-powered compliance dashboards that translate risk into actionable business insights.

Concept in Action: Gulf Bank’s Data Ambassador Program

Gulf Bank wanted to embed data-driven compliance across its 1,800 employees. Instead of relying solely on compliance officers, the bank created a network of data ambassadors—employees across departments trained to champion compliance best practices.

The results were impressive: employees felt more ownership over compliance decisions, and the company saw a significant reduction in compliance violations.

Value Realization: Measuring and Celebrating Compliance Success

One of the companies’ biggest mistakes is treating compliance as a cost center rather than a value driver. Compliance isn’t just about avoiding fines—it’s about driving better business decisions.

To ensure compliance is seen as a competitive advantage, companies must:

  • Define clear KPIs to measure compliance impact.
  • Track and communicate compliance success stories internally and externally.
  • Tie compliance initiatives to tangible business outcomes (e.g., revenue growth, cost savings, enhanced brand reputation).

Concept in Action: AI-Powered Warehouse Compliance at a Logistics Firm

A cold chain logistics company struggled with inefficient warehouse scheduling, leading to regulatory fines and supply chain bottlenecks. The compliance team introduced an AI-driven scheduling system, analyzing weather data, shipment history, and supplier reliability to optimize deliveries.

The results?

  • 16% reduction in turnaround time
  • $1.2 million saved annually in avoided fines
  • Increased customer satisfaction

To celebrate this success, the company shared the story through internal newsletters, town halls, and webinars, ensuring that employees saw compliance as a strategic enabler rather than just a legal requirement.

Compliance in the Age of AI

The DOJ’s 2024 guidance has made it clear that compliance programs must be data-driven, proactive, and continuously monitored. But simply investing in AI tools isn’t enough. Companies must build a truly data-driven culture where compliance is instinctive, embedded, and embraced across all levels of the organization.

The key takeaways?

  1. Leadership must champion compliance—not just fund it.
  2. Compliance must be accessible, understandable, and actionable for all employees.
  3. Cross-functional collaboration is essential to break down compliance silos.
  4. Compliance success must be measured, celebrated, and tied to business impact.

In 2025 and beyond, companies that embed AI-driven compliance into their culture will not only avoid regulatory fines and penalties or even FCPA violations, but they will also gain a competitive edge in an increasingly complex business world.

Categories
Daily Compliance News

Daily Compliance News: February 3, 2025, The Division of Engagement and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Congress says Nvidia chip flow to China should be stopped. (WSJ)
  • The CCO Departure Bonus. (Cosmos)
  • WVU replaces DEI with “Dept. of Engagement and Compliance”. (12WBOY)
  • Will Trump DOJ drop corruption charges against NYC Mayor? (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
Blog

What Are Agentic AI Systems, Part 1

We live in an era where artificial intelligence (AI) is no longer just a tool for answering questions or providing recommendations; it has strengthened into a partner capable of acting on our behalf. In a recent article in Bloomberg entitled Using AI Agents Requires a Balance of Trust, Privacy, Compliance, Sabastian Niles, President and Chief Legal Officer of Salesforce, discussed the role of AI agents. Today, we, therefore, enter the world of agentic AI systems. Understanding this new breed of AI is essential for compliance professionals to harness its power responsibly while safeguarding trust, privacy, and compliance. Over this three-part blog series, I will explore what Agentic AI systems are, how they can be used in compliance, and how to use Agentic AI going forward.

Defining Agentic AI Systems

In simple terms, Agentic AI does not simply inform; it acts. For compliance professionals, this opens up many possibilities for automating tasks, improving efficiency, and enhancing decision-making. However, with greater autonomy comes greater responsibility, particularly in ensuring these systems operate ethically and within regulatory boundaries.

Agentic AI systems differ significantly from traditional AI tools like chatbots or standalone large language models. While the latter is primarily reactive, responding to queries or prompts, Agentic AI systems operate with a higher degree of autonomy. These systems can analyze data, adapt to new information, and act within pre-defined parameters without requiring constant human oversight. Some of the key differences include the following.

  1. Autonomy. Unlike traditional AI, which often requires human input to execute tasks, agentic AI can take the initiative within established guidelines.
  2. Adaptability. Agentic AI learns and develops based on new data or changing conditions, making it highly dynamic.
  3. Action-Oriented. These systems can analyze data and decide and execute tasks in real time.

For example, imagine a compliance chatbot that answers employees’ questions about corporate policies. While useful, this chatbot cannot take further steps, such as generating a personalized policy report or flagging potential compliance risks. On the other hand, an Agentic AI system could handle these additional tasks autonomously, freeing compliance teams to focus on more strategic priorities.

Agentic AI in Action for Compliance

What does agentic AI mean for the compliance function? Essentially, it represents an opportunity to reimagine how compliance teams operate, enabling them to do more with less. Here are a few ways agentic AI systems can be used effectively in corporate compliance.

  1. Automating Repetitive Tasks. Compliance professionals often find themselves bogged down by routine, resource-intensive tasks. Agentic AI can take over many of these responsibilities, such as in policy management automation, by reviewing and updating compliance policies based on regulatory changes. You can provide employee support by responding to frequently asked compliance questions and escalating complex issues to the appropriate team members. You can move it outside your organization by continuously assessing third-party risks and analyzing real-time data, such as media reports or transaction histories.
  2. Enhancing Risk Assessment. Agentic AI systems can analyze vast amounts of data quickly and accurately, making them invaluable for identifying and mitigating risks. They can assist in transaction monitoring by detecting anomalies in financial transactions that may show potential fraud or corruption. You can move to more proactive risk screening by monitoring news and regulatory updates to identify emerging risks that could impact the organization. Most excitingly, they can provide predictive analytics. They could allow you to expect compliance challenges based on historical trends and current data.
  3. Supporting Decision-Making. With their ability to analyze complex data and generate actionable insights, agentic AI systems can help compliance teams make better-informed decisions. This can include scenario planning and forecasting by modeling the impact of potential regulatory changes on the organization. As the Department of Justice reminded us in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update), you can move to true data-driven recommendations to provide documented guidance on addressing identified risks or improving compliance processes. Finally, in the never-ending battle for resource allocation, Agentic AI can identify areas where compliance efforts should be prioritized for maximum impact.

The Risks and Responsibilities of Agentic AI

While the benefits of agentic AI are clear, compliance professionals must approach its adoption cautiously. The autonomy of these systems introduces new risks. First and foremost is data integrity and Garbage In, Garbage Out (GIGO), which tells us that AI systems are only as good as the data they process. The system’s outputs could be flawed if the data is incomplete, biased, or outdated. Accountability and transparency are critical, as the question will be asked, “When AI systems make decisions or take actions, who is ultimately responsible?” Compliance teams must establish clear guidelines to ensure accountability and transparency. Finally, there are the ethical concerns involved. The ability of agentic AI to act autonomously raises questions about transparency, fairness, and privacy. These concerns must be addressed through robust governance and ethical guidelines.

Why Compliance Professionals Should Care

Agentic AI systems are not just another tech innovation—they are a significant change that will shape the future of compliance. By understanding these systems, compliance professionals can position themselves as strategic enablers, helping their organizations harness the power of AI responsibly. Compliance teams are uniquely positioned to ensure that AI systems operate transparently and ethically, fostering stakeholder trust.

As AI-specific regulations emerge, compliance professionals will play a critical role in ensuring adherence to new legal standards, as echoed in the 2024 Update.

By integrating agentic AI into their workflows, compliance teams can improve efficiency, reduce costs, and drive profitability in the company. It will certainly demonstrate an increased ROI for compliance.

The Path Forward

The rise of agentic AI systems represents a transformative opportunity for compliance professionals, but only if implemented thoughtfully and responsibly. By embracing this technology, compliance teams can move from being seen as cost centers to becoming innovation partners, driving compliance and business success.

The key is striking the right balance: leveraging the autonomy of agentic AI to achieve efficiencies while maintaining the trust, privacy, and ethical standards foundational to compliance. As compliance professionals, we can lead this transformation, ensuring that agentic AI serves as a tool for good, not a source of risk. The bottom line is that the future of compliance is not simply about saying no to innovation; it is about guiding it responsibly. Let Agentic AI be your ally in this journey.

Join us tomorrow in Part 2, to discuss how to use Agentic AI systems.