Tag: compliance

Categories
Innovation in Compliance

Innovation in Compliance – Exploring Fractional and Adjunct Risk Professionals with Gerry Zack

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes back Gerry Zack to discuss a novel service offering in the compliance and risk management community: fractional and adjunct risk professionals.

Zack explains how these roles can supplement companies that lack certain expertise or can’t afford full-time positions, particularly highlighting the benefits of long-term relationships. The discussion also covers the distinctions between compliance and broader risk management, the flexibility of fractional contracts, and the importance of alignment in risk management practices across different organizational departments.

Key highlights:

  • Exploring the Concept of Fractional CCO
  • Long-term Benefits of Fractional Roles
  • Risk Professional Services vs. Compliance
  • Applications and Benefits of Fractional Roles
  • Challenges and Considerations

Resources:

Gerry Zack on LinkedIn

RiskTrek website

Innovation in Compliance was recently ranked 4th among Risk Management podcasts by 1,000,000 Podcasts.

Categories
Blog

Michigan Man, Part 2 – Individual Accountability: Compliance and Ethics Violations at the Center of the Crisis

Part 1 of this series established that the Sherrone Moore story is both a human tragedy and an institutional crisis. In Part 2, we turn to a more difficult but necessary task. Compliance professionals must ask a direct question: What did Moore do that violated compliance and ethics expectations, and why do those actions matter beyond college football?

The answer is uncomfortable because it involves more than a single lapse in judgment. The facts as currently known describe a pattern of conduct that strikes at the heart of any credible compliance program: dishonesty during investigations, misuse of power, disregard for institutional policy, and an apparent belief that personal status insulated him from consequences.

Compliance Is About Truth-Telling

At the core of every compliance program is a simple, non-negotiable principle: tell the truth when the organization asks questions. That principle applies whether the inquiry involves financial controls, harassment allegations, or NCAA violations. Once an individual lies during an investigation, the issue ceases to be a narrow policy breach and becomes an integrity failure. As a friend of mine told me once, “As one of my partners said when a managing partner was having an affair, ‘if he’ll do that to his wife, imagine what he’ll do to his partners.’” Sherrone Moore crossed this line well before his dismissal as head coach.

During the Connor Stalions sign-stealing investigation, Moore deleted text messages exchanged with Stalions and later provided what the NCAA described as an implausible explanation for doing so. That conduct resulted in NCAA suspensions and remains part of the formal record of compliance violations tied to Moore personally. ESPN

From a compliance perspective, this matters far more than sign stealing itself. Deleting records during an investigation undermines document retention obligations, impedes fact-finding, and signals a willingness to prioritize personal or programmatic interests over institutional integrity. In the corporate world, the parallel would be deleting emails during a regulatory inquiry. No compliance officer would treat that as a minor infraction.

Repeated Dishonesty During Investigations

The more recent investigation into Moore’s relationship with a female staffer raises even more serious concerns. According to reporting, the University of Michigan launched an inquiry after receiving an anonymous tip alleging an inappropriate relationship. Both Moore and the staffer denied any ties, and the investigation initially stalled for lack of corroborating evidence. ESPN

That denial later proved false when the staffer disclosed corroborating evidence confirming a multi-year intimate relationship. At that moment, the issue shifted decisively from a policy violation to an ethics failure.

From a compliance standpoint, the problem is not merely the relationship itself. It is the active misrepresentation to investigators, i.e., intent. Lying to internal or external investigators destroys trust in the investigative process and forces organizations to rely on incomplete or inaccurate information when making risk decisions. It also exposes the institution to claims that it ignored or mishandled misconduct, even when the real issue was a senior leader’s deception.

Abuse of Power and Conflicts of Interest

Most university and corporate codes of conduct prohibit intimate relationships between supervisors and subordinates or require disclosure and mitigation when they do. These rules are not moral judgments. They are risk controls designed to prevent coercion, favoritism, retaliation, and exploitation.

Moore’s alleged multi-year relationship with a staffer squarely implicates these risks. As head coach and, previously, as an assistant coach, Moore held a position of significant authority within the athletic department. Even if the relationship was initially consensual, the power imbalance is unavoidable. Compliance professionals recognize that consent in such circumstances is inherently complicated and that organizations bear responsibility for preventing these situations from arising.

Failure to disclose the relationship deprived the university of the opportunity to implement safeguards, reassign reporting lines, or otherwise manage the conflict. That omission constitutes a clear ethics violation independent of any later criminal allegations.

Escalation Beyond Policy Violations

The most disturbing allegations arise from events following Moore’s termination. Prosecutors allege that after the relationship ended and Moore was fired, he went to the staffer’s residence without permission, engaged in repeated unwanted communications, and threatened self-harm while inside her home. NYT

While the criminal justice system will determine legal responsibility, compliance professionals must recognize how quickly misconduct can escalate when earlier controls fail. What began as an undisclosed relationship allegedly progressed into stalking behavior and an incident that law enforcement deemed serious enough to warrant felony charges.

This escalation underscores a core compliance truth: that early intervention matters. When organizations fail to address misconduct promptly and transparently, risks compound. Personal crises become workplace crises. Workplace crises become institutional crises.

Retaliation and Intimidation Risks

Another compliance dimension cannot be ignored. Prosecutors allege that Moore made statements to the staffer suggesting that she had “ruined his life” and that his blood would be “on her hands. From a compliance lens, such statements raise red flags around intimidation and retaliation. NYT

Whistleblower and reporting systems depend on employees feeling safe to come forward. Any conduct that could reasonably be perceived as threatening or coercive undermines that system. Whether intentional or not, such behavior chills reporting and exposes organizations to significant liability.

The Myth of the Star Performer Exception

One of the most consistent themes in compliance failures across industries is the star performer exception. High performers convince themselves, and sometimes their organizations, that rules are flexible when success is at stake. Moore’s trajectory fits this pattern uncomfortably well.

Despite prior compliance issues, including NCAA suspensions, Moore was elevated to head coach of one of college football’s most prominent programs. Each unresolved issue reinforced the perception that consequences were manageable and survivable. That perception is toxic to any ethical culture. Compliance professionals know that prior misconduct is one of the strongest predictors of future misconduct. Moore’s history should have triggered heightened scrutiny, not diminished concern.

Why Individual Accountability Matters

It is tempting to view Moore as a tragic figure overtaken by personal failure. That view is human and compassionate, but it cannot obscure the reality of compliance. Moore made choices. He chose to delete records. He decided to misrepresent facts to investigators. He chose not to disclose a prohibited relationship. He allegedly took actions that led to criminal charges.

Individual accountability is essential because without it, compliance programs lose credibility. Employees notice when leaders are treated differently. Regulators notice when organizations minimize misconduct by senior figures. Over time, the erosion of accountability becomes cultural.

Compliance Takeaways

For compliance professionals, the Moore case reinforces several hard truths:

  • Dishonesty during investigations is a red-line violation.
  • Conflicts of interest must be disclosed and managed, not hidden.
  • Power imbalances amplify ethical risk.
  • Past misconduct predicts future risk.
  • Star performers do not deserve special rules.

In Part 3 of this series, I will turn from individual accountability to institutional failure. The University of Michigan did not create Moore’s choices, but it did create the environment in which those choices were insufficiently challenged. Understanding that failure is essential for any organization that believes its compliance program is robust.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Your Investigative Protocol

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will consider issues relating to your internal investigations. Today, we begin by considering your investigative protocol.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
AI Today in 5

AI Today in 5: December 15, 2025, The Good, Bad & Ugly Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Data Sovereignty and AI compliance. (DataCentre)
  2. Trump’s EO cuts down on AI compliance. (Bitget)
  3. The Good, Bad & Ugly of AI. (WSJ)
  4. AI leaders eye breakthroughs. (Bloomberg)
  5. Swiss Re signs MoU to develop AI capabilities. (FinTechGlobal)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – Kristy Grant-Hart on the Evolution of Compliance in 2026: Navigating New Risks and Regulations

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Kristy Grant-Hart, Head of Advisory Services at Diligent’s Spark Compliance Group, to discuss where compliance has been in 2025 and where it is going into 2026.

Tom Fox and Kristy Grant-Hart explore the future of corporate compliance in 2026 and beyond. Key discussion areas include the Trump administration’s changing focus on the Foreign Corrupt Practices Act (FCPA), the designation of cartels as foreign terrorist organizations, and the implications for third-party due diligence. They also delve into modern slavery laws, the impacts of AI on compliance, and the necessity of a unified approach to compliance strategy.

Additionally, Kristy introduces the Compliance and Ethics Innovation Collective, a new program from Spark and Diligent that integrates services and software to deliver a more robust compliance solution. The session concludes with strategic advice for compliance officers on staying ahead of dynamic regulatory changes and maintaining effective risk management.

 

Resources:

Kristy Grant-Hart on LinkedIn

Diligent Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Michigan Man, Part 1 – From Winning Program to Institutional Crisis

There are moments when an organization confronts a crisis so severe that it overwhelms every narrative it once controlled. The University of Michigan now finds itself in precisely that moment. What began as a continuation of compliance issues stemming from the sign-stealing scandal has rapidly escalated into something far more serious, far more painful, and far more destabilizing. This is no longer a story about NCAA rules or institutional embarrassment. It is a story about human failure, organizational breakdown, and the real-world consequences of ignoring warning signs.

As compliance professionals, our instinct is to move quickly to frameworks, root causes, and lessons learned. That work will come later in this series. But first, it is essential to set out the facts as they are currently known and to acknowledge the human cost embedded in every paragraph of this story. This story is far beyond compliance and ethics, but it is a true human tragedy. But it will also show how such a human tragedy could have been prevented if the basic tenets of organizational compliance and ethics had been followed.

All resources cited in this four-part series are listed at the end of this blog post. Finally, this writing is personal, as I am a UM graduate.

The Rise of Sherrone Moore

Sherrone Moore’s ascent within the University of Michigan football program appeared, at least on the surface, to be a model of internal succession. Moore joined Jim Harbaugh’s staff in 2018 and rose steadily through the ranks, ultimately serving as offensive coordinator during Michigan’s 2023 national championship season. When Harbaugh departed for the NFL, Moore was promoted to head coach, a decision widely praised as ensuring continuity and stability.

Moore was not simply a coach. He was a symbol. His emotional post-game interview after a victory over Penn State, while Harbaugh was suspended, became an iconic moment for Michigan fans. He embodied loyalty, perseverance, and what many referred to as the “Michigan Man” ethos. ESPN

Yet even at the time of his promotion, Moore’s record was not unblemished. He had already been implicated in the Connor Stalions sign-stealing investigation and had received NCAA suspensions for deleting text messages during that inquiry. Those issues were treated by the university and much of the fan base as technical compliance matters rather than as indicators of deeper governance or integrity risks. Slate

That framing now appears deeply flawed.

The Inappropriate Relationship Investigation

According to reporting by The AthleticESPNSlate, and The Wall Street Journal, the University of Michigan received an anonymous tip earlier in 2025 alleging an inappropriate relationship between Moore and a female football staffer. The university retained Jenner & Block, an outside counsel, to conduct an investigation. Initially, both Moore and the staffer denied any relationship, and investigators reported that insufficient evidence existed to substantiate the claim.

That changed dramatically in December 2025. Prosecutors allege that the staffer disclosed corroborating evidence confirming a multi-year intimate relationship after she ended it earlier that week. At that point, the university determined that Moore had violated institutional policy and terminated him for cause, avoiding a reported $14 million buyout. The Athletic

This was not merely an employment decision. It was the spark that ignited a cascading crisis.

The Criminal Charges

Within hours of his dismissal, Moore’s personal situation escalated into a criminal matter. Prosecutors allege that Moore went to the staffer’s residence without permission, entered through an unlocked door, and engaged in a confrontation during which he picked up scissors and butter knives and threatened to harm himself. According to court statements, Moore allegedly made repeated statements such as “I am going to kill myself” and “My blood is on your hands. The Athletic

Moore was subsequently charged with felony third-degree home invasion and misdemeanor charges of stalking and breaking. He was taken into custody, evaluated at a hospital, and later released on bond with GPS monitoring and a requirement that he continue mental health treatment. A probable cause hearing is scheduled for January 2026.

At this point, it bears stating plainly: these are allegations, and Moore has pleaded not guilty. The legal process will determine criminal responsibility. However, from an organizational perspective, the damage has already been done.

The Expanding Institutional Investigation

What began as an inquiry into Moore’s conduct has now broadened into a comprehensive review of the University of Michigan athletic department. University leadership has confirmed that Jenner & Block’s mandate has expanded to examine how the athletic department handled the Moore matter and other recent scandals, including the sign-stealing investigation and prior misconduct by football staffers. ESPN

Interim President Domenico Grasso has publicly called for anyone with relevant information to come forward, emphasizing that “all of the facts here must be known.” Athletic Director Warde Manuel remains in his position for now, but multiple reports note that his leadership and oversight are under intense scrutiny.

This expansion matters. It signals that the university itself recognizes that Moore’s actions cannot be isolated from the environment in which they occurred.

Beyond Compliance: The Human Tragedy

It would be a profound mistake to reduce this story to a checklist of policy violations.

At the center of this crisis are people whose lives have been irreversibly altered. Moore is a married father of three whose career has collapsed in public view. His family faces humiliation, uncertainty, and emotional trauma that will not disappear with headlines. Prosecutors describe the staffer at the center of the allegations as someone who felt terrorized and unsafe, a position no employee should ever occupy. University of Michigan players have lost their head coach midseason, forcing them to process personal loyalty, public scandal, and institutional chaos simultaneously. There is also the culture of an entire university athletic department, which not only allowed such behavior but also tolerated and even celebrated it by promoting Moore to Head Coach.

The broader Michigan community, alumni, students, and fans are also stakeholders in this tragedy. For an institution that has long traded on its image of integrity and moral leadership, the reputational damage cuts deeply. Being a ‘Michigan Man’ was meant to stand for something—something positive, that you did things in the right way, and you personally held yourself to a higher standard. As The Wall Street Journal observed, this is no longer a college football story. It is “agony in Ann Arbor. I certainly echo that feeling personally.

A Pattern, Not an Anomaly

The most troubling aspect of the facts as currently known is how familiar they feel. The Moore scandal follows a series of incidents involving Michigan athletics over recent years, including the Stalions’ sign-stealing operation, multiple staff arrests, internal HR complaints, and even a federal indictment of a former assistant coach for accessing student-athletes’ private data. WSJ

The issue may not be any single actor but rather an entrenched culture that has historically insulated powerful figures from accountability. Slate: When organizations repeatedly frame misconduct as isolated events, they fail to confront systemic risk.

Why This Matters for Compliance Professionals

For compliance professionals, this case is already instructive even before we reach lessons learned. It demonstrates how compliance failures often emerge not as sudden collapses but as accumulations of ignored signals. It shows how reputational capital built over decades can evaporate in a matter of days. Most importantly, it reminds us that behind every policy failure are human beings who bear the consequences.

While there will be others who say ‘I told you so’ or want to bring the vaunted Michigan Man down a peg or two, the lessons from this scandal and human tragedy are no less important for your team, your school, and your university.

In the next installment of this series, I will turn directly to Sherrone Moore’s individual compliance and ethics violations, including his conduct during the sign-stealing investigation and his alleged misrepresentations to investigators. That analysis is necessary. But it should never obscure the reality that this story is about far more than rules. Compliance exists to protect people, institutions, and trust. When it fails, the cost is measured not only in fines or sanctions but also in lives disrupted and communities shaken.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Blog

Netflix Acquisition of Warner Brothers: Part 5 – Post-Merger Integration – Where Compliance Either Succeeds or Fails

When Netflix announced its acquisition of Warner Bros., attention quickly turned to strategic synergies, content pipelines, and market influence. These are important, but they are not where the transaction’s success or failure will ultimately be determined. Deals succeed or fail in post-merger integration. For compliance professionals, this is the crucible. It is the period where two companies attempt to unify processes, cultures, systems, and risk management frameworks while moving at operational speed. When integration falters, compliance failures follow. When integration excels, compliance becomes a stabilizing force that supports the organization during a period of high-velocity change.

Compliance sits at the center of integration because compliance touches everything: governance, culture, systems, third-party relationships, data, reporting lines, training, investigations, and internal controls. It is one of the few functions that spans the entire enterprise. That makes compliance uniquely positioned to guide integration successfully. It also makes compliance uniquely exposed when integration fails.

Today, in our concluding Part 5, we explore why integration is the moment where compliance either rises or falters and what compliance leaders must do to ensure that the post-merger period strengthens rather than destabilizes the combined enterprise.

Day One Through Day Three Hundred: The Critical Window

The first year after closing defines the trajectory of a merger. This window is where employees decide whether leadership is credible, processes are coherent, and the combined organization knows where it is going. It is also the period when the greatest number of decisions must be made quickly and often without perfect information. That is where risk seeps into the cracks.

Compliance must treat integration as an enterprise-wide transformation project. That means establishing a structured roadmap for the first 30, 60, 180, and 300 days. Without this structure, integration becomes reactive rather than strategic. Reactive integration is where compliance failures escalate.

In this period, compliance must monitor employee sentiment, decision-making patterns, escalation pathways, and early deviation from established controls. Whether an organization grows stronger or weaker during integration depends on how quickly compliance identifies deviations and reinforces accountability.

Building a Unified Compliance Architecture

One of the first imperatives of integration is building a unified compliance architecture. Netflix and Warner Bros. bring different compliance footprints. Netflix has a culture that emphasizes transparency, individual accountability, and rapid feedback cycles. Warner Bros. brings decades of risk controls shaped by studio operations, talent relationships, union agreements, and global production infrastructure.

A unified architecture requires more than merging documents or standardizing policies. It requires understanding where each legacy system is strong, where it is vulnerable, and where alignment creates new risk.

Compliance leaders must establish:

  • A consolidated Code of Conduct.
  • A harmonized policy library.
  • Unified reporting channels.
  • Shared investigative procedures.
  • Enterprise-wide risk assessment methodologies.
  • Coherent training programs.

These components cannot be written. They must be communicated, taught, operationalized, and reinforced. Employees must understand not only what the policies say but also why they matter in the new organization.

Rationalizing Reporting Lines and Escalation Pathways

Mergers create confusion. Employees do not always know whom to contact, how to escalate concerns, or whether the people they previously relied on still have authority. That ambiguity is an enormous compliance risk.

Compliance leaders must create clarity early:

  • Who receives concerns?
  • How are investigations assigned?
  • What are the escalation criteria?
  • What timelines apply to decision-making?
  • How will employees receive feedback on issues they raise?

This clarity is not a luxury. It is a control. Without defined reporting pathways, concerns go unreported or unresolved. Both outcomes expose the business to avoidable harm.

Technology Integration: Where Risk Hides in Plain Sight

Technology integration is one of the most underestimated compliance risks. During a merger, companies aim to integrate systems spanning HR and payroll, content management, production workflows, distribution platforms, data governance, and internal controls.

Compliance must ensure that:

  • Data mapping is accurate.
  • Privacy rules are harmonized.
  • Access rights reflect new reporting structures.
  • Legacy systems are retired responsibly.
  • Audit trails are preserved, and
  • System changes do not inadvertently lower control effectiveness

Technology teams often focus on functionality and speed. Compliance must focus on integrity and accountability. Without disciplined oversight, integrations can create gaps or duplications that allow misconduct, data loss, or process failures to occur undetected.

Third-Party Integration: The Often Forgotten Battlefield

Netflix and Warner Bros. maintain extensive third-party ecosystems: production companies, talent agencies, global distributors, technology vendors, marketing partners, and international subsidiaries. Each third-party relationship carries risk. During a merger, that risk is magnified because:

  • Contract ownership may be ambiguous.
  • Oversight structures may change.
  • Legacy due diligence may be incomplete.
  • Vendor performance may deteriorate, and
  • New conflicts of interest may emerge.

Compliance must therefore implement a unified third-party risk management framework that includes:

  • Centralized onboarding and risk ranking;
  • Revised due diligence standards.
  • Contract alignment with the new Code of Conduct;
  • Clear monitoring obligations; and
  • Documented remediation protocols

An ungoverned third-party ecosystem is one of the most common sources of post-merger compliance failures.

The Cultural Dimension: The Invisible Integrator or Divider

Culture is the single greatest determinant of whether integration strengthens or weakens the enterprise. Netflix’s culture of candor and Warner Bros’ culture of tradition do not naturally conflict, but they do require careful alignment. Compliance must monitor cultural friction closely:

  • Decreased willingness to speak up
  • Divergent interpretations of policies
  • Informal workarounds
  • Turnover spikes in key departments
  • Erosion of decision transparency

Culture determines whether employees trust the compliance function, adhere to policies, and promptly escalate concerns. If cultural alignment is not prioritized, controls weaken regardless of the sophistication of the compliance architecture.

Documentation: The Foundation of Regulatory Credibility

Regulators expect visibility during integration. They expect companies to demonstrate that decisions were documented, risks were assessed, concerns were escalated, and oversight was effective.

Compliance must preserve:

  • Integration plans
  • Meeting notes
  • Risk assessments
  • Policy revisions
  • Training materials
  • Incident logs
  • Decision memos

Documentation is not bureaucratic. It is evidence. It demonstrates that the company fulfilled its obligations and that compliance was central to the integration process.

The Compliance Lesson

Integration is not an administrative exercise. It is a risk multiplier. It is also the moment when compliance can demonstrate its value most clearly. The Netflix acquisition of Warner Bros. offers an unmistakable reminder: strategic ambition means nothing if integration is weak. Compliance must lead with clarity, discipline, and foresight.

Where integration is intentional, guided, and well governed, compliance becomes a competitive asset. It stabilizes the organization, protects employees, and supports leadership during a period of profound change. Where integration is fragmented, rushed, or ignored, compliance fails. It fails not because of a lack of knowledge but because of a lack of structure.

For compliance professionals, this final lesson is the most important: the acquisition may create opportunity, but integration determines destiny.

Categories
Blog

Netflix Acquisition of Warner Brothers: Part 4 – Antitrust, Competition, and the New Regulatory Perimeter

The announcement that Netflix will acquire Warner Bros has ignited debate across the entertainment, technology, and regulatory communities. Some see a natural evolution of the media landscape. Others see a consolidation that will reshape creative, economic, and competitive dynamics for years to come. Regardless of the viewpoint, one truth stands out for compliance professionals: this transaction sits squarely within the new regulatory perimeter. Antitrust and competition authorities worldwide are sharpening their focus on digital ecosystems, algorithmic influence, data concentration, and content distribution power. The Netflix–Warner Brothers combination touches each of these vectors.

Gone are the days when antitrust analysis centered solely on price impacts and market share. Today’s regulators look at ecosystems, not industries. They assess information asymmetries, data leverage, vertical integration, control of distribution channels, and the ability to shape consumer behavior through algorithms. The Netflix acquisition of Warner Bros. will therefore invite scrutiny not only from United States authorities but also from European, Latin American, and Asia-Pacific regulators. For compliance professionals, the real work begins long before the first regulator issues a request for information.

Today, in Part 4, we explore how compliance must support the enterprise in anticipating these questions, preparing robust documentation, and maintaining clarity across all aspects of competition risk.

The Modern Antitrust Landscape Has Changed

For decades, antitrust enforcement was largely predictable. Regulators assessed whether consumers would face higher prices or fewer choices. Digital transformation has rendered that approach insufficient. Several trends shape today’s enforcement environment:

  • Concerns over digital gatekeepers and platform dominance;
  • Data accumulation is viewed as a competitive barrier.
  • Algorithmic influence over consumer decision-making;
  • Transparency expectations for recommendation engines; and
  • Vertical integration across content, distribution, and technology.

Netflix already commands a massive global distribution footprint. Warner Bros. brings world-class content, deep intellectual property reserves, and historical influence. The merger unites distribution power with content scale in a way that few competitors can replicate. Regulators will see this as a significant shift in industry structure.

For compliance professionals, the question is not whether regulators will scrutinize the deal. They absolutely will. The question is how prepared the enterprise will be to demonstrate that it understands and is mitigating competition risks.

Vertical and Horizontal Consolidation Risks

This acquisition presents both vertical and horizontal integration considerations. From a horizontal perspective, Netflix expands its content portfolio by acquiring an iconic studio. From a vertical perspective, Netflix gains control over additional production pipelines, licensing pathways, and distribution relationships.

Regulators increasingly evaluate whether vertical integration enables a company to foreclose competitors. The compliance team must be prepared to articulate why the transaction does not restrict access, inflate licensing costs, or distort downstream markets. Key questions regulators will ask include:

  • Will Netflix prioritize its own platforms to the detriment of competitors?
  • Will Warner Bros. content become less accessible to independent distributors?
  • Will competitors face higher licensing fees?
  • Will Netflix’s data advantage expand in a way that harms competition?

These questions demand more than strategic talking points. They require data, analysis, and ongoing monitoring. Compliance must work hand in hand with legal, antitrust counsel, and business partners to ensure responses are consistent, well-documented, and supported by evidence.

Data Concentration and Algorithmic Reach

One of the most significant competitive issues in the digital era is data concentration. Netflix already possesses deep insights into viewer behavior, content preferences, engagement patterns, and global demand signals. Warner Bros. adds decades of production data, marketing intelligence, performance histories, and talent analytics.

Regulators understand that data is a competitive asset that can create significant barriers to entry. With more data, a company can refine its algorithms, improve personalization, and strengthen its market position in ways that rivals may find difficult to counter. Compliance must therefore help prepare a comprehensive narrative around:

  • How the combined company will safeguard data privacy.
  • How algorithmic decisions will be documented and monitored;
  • How data from both entities will be integrated ethically, and
  • How the company will prevent anti-competitive uses of combined datasets.

A robust data governance program is no longer solely a privacy requirement. It is a competition requirement. Regulators expect companies to demonstrate not only compliant data use but also responsible data stewardship that avoids market distortion.

Obligations for Document Preservation, Monitoring, and Engagement

Antitrust investigations can span years. Regulators typically issue extensive documents and information requests, conduct interviews and depositions, and request economic modeling. Compliance professionals must ensure that the company is ready for this level of scrutiny.

That preparation includes:

  • Document preservation protocols;
  • Centralized communication tracking;
  • Strict guidance on executive communications;
  • Coordination across internal and external counsel; and
  • Clear training for employees on antitrust communication risks.

Failure to preserve documents, even inadvertently, can create major regulatory problems. Compliance must be proactive rather than reactive. Regulators also reward transparency. Early engagement, clear responses, and a willingness to address concerns directly can reduce both the duration and severity of regulatory inquiries. Compliance plays a crucial role in framing the company’s narrative and ensuring consistency.

The Need for a Multijurisdictional Strategy

A single regulator will not review this deal. Netflix and Warner Bros. operate globally, and every major jurisdiction has its own competition laws, unique priorities, and investigative styles. Compliance must support a multijurisdictional engagement strategy by:

  • Mapping regulatory timelines across regions;
  • Ensuring consistency in global responses;
  • Understanding local documentation and reporting requirements;
  • Managing translation, disclosure, and data-sharing protocols; and
  • Monitoring regulatory developments in real time.

The complexity of these interactions requires disciplined internal coordination. Compliance professionals are uniquely positioned to ensure that the enterprise stays aligned, audit-ready, and clear in its messaging.

Preparing for New Regulatory Expectations

Antitrust regulators are expanding their expectations beyond traditional competition analysis. They now examine:

  • Labor market effects;
  • Creative industry concentration
  • Media plurality;
  • Platform neutrality; and
  • Long-term ecosystem impacts

For the entertainment industry, issues such as creator rights, content diversity, and access to distribution channels are becoming increasingly relevant. Compliance must guide senior leadership through these evolving expectations and ensure that integration plans demonstrate responsible stewardship of market influence.

The Compliance Lesson

The Netflix acquisition of Warner Bros. highlights a central truth of modern compliance: the regulatory perimeter expands as corporate influence grows. Antitrust and competition concerns are no longer the exclusive domain of legal or economic experts. They are multidisciplinary issues that intersect with data governance, algorithmic transparency, content distribution, and ecosystem integrity.

Compliance professionals play a critical role in shaping the company’s readiness for regulatory scrutiny, building robust documentation practices, strengthening oversight channels, and ensuring that the enterprise can defend its decisions with clarity and confidence.

The merger of these two storytelling giants is as much a regulatory story as a strategic one. For compliance leaders, this is an opportunity to elevate competition governance, anticipate risk, and demonstrate the value of compliance as both a strategic partner and a regulatory safeguard.

Join us tomorrow, where we bring it all together for Part 5.

Categories
Great Women in Compliance

Great Women in Compliance – Global Corruption Prevention: A View from France

In this episode of Great Women in Compliance, Lisa sits down with Valentina Lana, a Paris-based attorney and ethics & compliance leader who bridges industry and academia.

Valentina shares how an early-career opportunity sparked her passion for anti-corruption work and led her to where she is today.  She has helped build major compliance programs and teaches at Sciences Po.  She worked with Michael Sapin on the Sapin II law and breaks down its core elements for the GWIC audience.  She discusses the requirement for companies to prevent corruption through formal compliance programs—and highlights why risk mapping and third-party due diligence remain the biggest practical challenges for organizations.

Valentina also discusses the evolution of cross-border cooperation between France and the U.S., how trust was built after years of tension, and why she believes that the partnership remains stable despite shifting global priorities. 

She shares her view on AI’s growing role in compliance, emphasizing that AI is a powerful assistant, not a replacement for human judgment, nuance, and interpersonal insight, which remain the core of what we do.

Categories
Blog

Netflix Acquisition of Warner Brothers: Part 3 – Intellectual Property Risk, The Hidden Compliance Battlefield

The Netflix acquisition of Warner Bros brings together two of the largest content ecosystems in the world. The deal has enormous strategic implications, but for compliance professionals, the deeper story lies in the immense web of intellectual property that now shifts under a single roof. Intellectual property is often viewed through a legal or commercial lens, yet it is increasingly a core compliance risk area. When two content giants merge, the IP battlefield becomes larger, more complex, and more consequential for regulatory exposure, operational continuity, and corporate integrity.

In the entertainment industry, intellectual property is not an abstract asset. It is the core of the business model. Every film, series, character, distribution right, piece of music, and residual obligation sits on a foundation of contracts, permissions, and time-bound commitments. These rights govern who may exploit a property, where, for how long, in what format, and under which financial arrangements. A merger like this does more than combine two content catalogues. It overlays two entirely different IP architectures, each with its own legacy practices, risk profiles, and global obligations.

In Part 3, we consider intellectual property risks and compliance risks. Compliance professionals must treat IP integration as a top post-transaction priority. The risks are real. They are operational, regulatory, financial, reputational, and strategic. They are also deeply intertwined with the organization’s ability to distribute content, monetize assets, and avoid disputes that can stall growth and trigger regulatory interest. In the modern entertainment ecosystem, IP governance is compliance governance.

Why IP is a Compliance Issue, Not Just a Legal One

Intellectual property sits at the intersection of law, business strategy, ethics, and risk management. Compliance teams cannot assume that IP risk will be contained within the legal department because the greatest vulnerabilities emerge during operational execution. When teams touch content without a clear understanding of rights limitations, compliance exposure grows quickly.

Several forces make IP a compliance battlefield:

  1. Legacy contracts contain obligations that may conflict with modern distribution models.
  2. Digital rights evolve faster than contracts can be renegotiated.
  3. Cross-border distribution requires alignment with dozens of regulatory frameworks.
  4. Residuals, royalties, and talent agreements require precise reporting and transparency; and
  5. AI-generated content introduces new concerns around derivative rights and authenticity.

Compliance professionals must help bridge the gap between legal interpretation and operational execution, ensuring that content is exploited within the boundaries of contractual and regulatory obligations.

The Merger Magnifies IP Complexity

Netflix brings a vast library of digital-native content governed by modern rights frameworks. Warner Bros brings nearly a century of IP governed by old studio contracts, union agreements, guild rules, and legacy licensing arrangements. When these systems merge, friction is inevitable. For example:

  • Streaming rights for classic properties may be fragmented across multiple regions
  • Some Warner properties may have exclusivity commitments that conflict with Netflix’s global release model
  • Distribution rights may vary by medium: theatrical, linear TV, streaming, DVD, gaming, or merchandising
  • Regional licensing arrangements may prevent automatic global rollout
  • Musical compositions and soundtracks may have rights administered separately from visual content

Each of these scenarios carries compliance implications, particularly when the combined company seeks to monetize its expanded library at speed. Compliance leaders must ensure that content decisions do not inadvertently violate distribution restrictions or contractual limitations. The volume of content makes manual oversight unrealistic. IP governance must therefore become systematic, data-driven, and documented.

Legacy Contracts: The Underestimated Risk

Some Warner Bros. contracts were written in an era long before streaming existed. Terms like “broadcast,” “home video,” or “syndication” may not map cleanly to digital or global distribution.

Compliance professionals must ask:

  • Do legacy contracts implicitly or explicitly cover streaming?
  • Are residual obligations triggered differently under new business models?
  • Do union or guild agreements change with new modes of distribution?
  • Have rights expired or reverted to creators without internal teams realizing it?

Each misinterpretation carries financial and reputational risk. Lawsuits over misused IP are costly, public, and damaging to stakeholder trust. A disciplined compliance approach involves creating a unified contract repository, conducting rights audits, and establishing escalation protocols for ambiguous terms.

The Rise of AI and Deepfakes: A New IP Threat Vector

The integration of two content libraries also raises a newer frontier of IP risk: AI-generated content and deepfake technologies. Netflix and Warner Bros both operate in a world where audiences expect cutting-edge innovation. However, AI-generated content requires strict governance to ensure:

  • It does not violate publicity rights
  • It does not reproduce copyrighted elements without authorization
  • It does not misrepresent actors, characters, or brand assets
  • It does not create derivative works that violate existing licensing arrangements

Regulators are increasingly attentive to the misuse of identity, likeness, and creative assets. Compliance must therefore play a leading role in defining ethical and legal boundaries for AI-assisted content creation.

The combined enterprise will possess one of the largest libraries of visual and audio material in the world, making it a prime target for misuse. Strong controls, watermarking strategies, and documentation of content provenance will be essential.

Auditability Challenges Inside Massive Content Repositories

When content libraries expand to millions of assets, visibility becomes an operational challenge. Compliance leaders must ensure that systems exist to track:

  • Rights ownership
  • Expiration dates
  • Restrictions by territory, language, and platform
  • Licensing limitations
  • Partners and counterparties
  • Historical distribution patterns

Without centralized auditability, well-intentioned teams may release content under the mistaken belief that the company owns full rights.

IP governance systems should include:

  • Digital rights management modules;
  • Automated alerts for expiring rights;
  • A central repository for contract metadata.
  • Integration with project management and release workflows; and
  • Role-based access controls.

Compliance must work alongside legal and technology teams to build infrastructure that prevents inadvertent misuse.

The Compliance Playbook for IP Governance During Integration

To navigate the IP battlefield successfully, compliance professionals should implement a structured approach:

  1. Conduct a comprehensive rights and obligations inventory
  2. Identify gaps, inconsistencies, and high-risk obligations across both legacy portfolios.
  3. Create a unified IP governance framework
  4. Standardize how decisions are documented, escalated, and reviewed.
  5. Align cross-functional teams
  6. Legal, compliance, content development, marketing, and distribution must share a common view of rights limitations.
  7. Train operational teams on rights awareness
  8. Editors, producers, marketers, and technologists need clarity on what they can and cannot use.
  9. Integrate IP governance into strategic decision-making
  10. New productions, remasters, spinoffs, and distribution initiatives should begin with rights verification.
  11. Strengthen third-party oversight
  12. Vendors, contractors, and partners must comply with rights limitations, especially when working with sensitive IP.
  13. Document interpretation decisions
  14. Regulators expect clear evidence that the company acted in good faith and applied consistent judgment.

The Compliance Lesson

The Netflix acquisition of Warner Bros shows why intellectual property is no longer simply a legal or creative asset. It is a compliance domain that carries operational, financial, regulatory, and reputational implications. When two vast content libraries merge, the risk landscape expands dramatically. Compliance professionals must embrace a proactive, system-driven approach to IP governance.

Content becomes an asset only when ownership, permissions, and obligations are fully understood. In a deal of this magnitude, IP governance is not only a hidden battlefield. It is the battlefield that will determine whether the combined enterprise achieves its strategic goals or stumbles under the weight of unanticipated risk. For compliance professionals, this is a moment to elevate IP risk management, strengthen oversight systems, and ensure that creativity and compliance move forward together.

Join us tomorrow for Part 4 as we examine antitrust, competition, and the new regulatory perimeter.