Tag: compliance

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 16 – Effective and Tailored Compliance Training

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 16 episode, we delve into the evolution and importance of employee compliance training, focusing on fostering a culture of compliance within organizations.

Key highlights:

  • Evolution of Compliance Training Standards
  • Measuring Training Effectiveness
  • Tailoring Training to Audience Needs

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 15 – Monitoring and Improving Internal Controls

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In this Day 15 episode, we look at the ongoing process of monitoring and improving internal controls within companies.

Key highlights:

  • Understanding Control Overrides
  • Continuous Monitoring and Improvement
  • Assessing and Updating Controls

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Daily Compliance News

Daily Compliance News: January 15, 2026, The Do You Need a Second CCO Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Another Eric Adams associate was charged in another corruption scandal. (Politico)
  • Blocking and tackling in compliance. (Bloomberg)
  • Hightower goes with a dual CCO structure. (InvestmentNews)
  • Panama SCt to decide who can run the Panama Canal. (WSJ)
Categories
Blog

Greek Philosophers Week: Part 4 – Pythagoras and the Rise of Data Analytics and AI in Compliance

We continue our exploration of the origins of the modern corporate compliance organization in Part 4, looking at Pythagoras. Aristotle teaches compliance professionals how ethics are lived through judgment, habit, and daily decision-making. But modern organizations operate at a scale Aristotle could never have imagined. Thousands of transactions, third parties, employees, and decisions occur simultaneously across jurisdictions. At that scale, judgment alone is not enough. Measurement becomes essential. That is where Pythagoras enters the compliance conversation.

Pythagoras believed that reality could be understood through number, proportion, and harmony. He did not see numbers as cold abstractions but as tools to reveal the underlying truth. That belief sits squarely at the heart of modern compliance analytics, continuous monitoring, and artificial intelligence. The DOJ Evaluation of Corporate Compliance Programs (ECCP) increasingly reflects this Pythagorean turn, asking not only whether programs exist, but whether companies use data to test effectiveness, identify patterns, and evolve.

If Aristotle teaches us how people should behave, Pythagoras teaches us how to observe whether they actually do. Or as Vince Walden might say, it’s always about the numbers.

“All Is Number” and the Measurement of Compliance Effectiveness

Pythagoras’ famous assertion that “all is number” resonates strongly in today’s compliance environment. Modern programs rely on metrics to understand risk exposure, detect anomalies, and allocate resources. Hotline data, transaction monitoring, third-party risk scores, training completion rates, and investigation timelines are all numerical expressions of ethical behavior.

The ECCP explicitly asks whether companies track and analyze data to assess program effectiveness and, equally important, whether the compliance function has access to this data. The ECCP states, “Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? ” This is not a technological preference. It is a governance expectation. Regulators understand that unmanaged data obscures risk, while well-designed analytics reveal it.

In daily operations, compliance professionals must decide what to measure and why. Pythagoras reminds us that numbers should illuminate reality, not replace it. Metrics must be chosen deliberately, tied to risk, and interpreted with care. Counting activity is easy. Measuring insight requires discipline. The ECCP goes on to ask the following questions: Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs?

Proportion and the Danger of Over-Engineered Analytics

Pythagoras placed enormous importance on proportion and balance. Harmony emerged when relationships were mathematically sound. This lesson is critical for compliance programs rushing to adopt advanced analytics and AI. The ECCP expects data-driven compliance, but it does not reward excess, stating, “Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs? ” Overly complex monitoring systems often generate false positives that overwhelm teams and erode trust with the business. Employees begin to see compliance as noise rather than guidance. Investigators drown in alerts rather than insights.

A Pythagorean approach demands proportionality. Analytics should scale to risk. High-risk transactions deserve deeper scrutiny. Low-risk activity should not consume disproportionate resources. AI models must be tuned to business reality, not theoretical perfection. Balance, not volume, produces effectiveness.

Harmony of Systems and Breaking Down Data Silos

Pythagoras believed that harmony arises when individual elements work together according to rational relationships. In compliance, this translates into integration. One of the most common failures in compliance analytics is fragmentation. Compliance data lives in one system. HR data in another. Finance and audit data elsewhere. Each tells a partial story. None reveals the whole picture.

The ECCP increasingly expects companies to connect these dots. Patterns of misconduct often emerge only when data sets are viewed together. For example, high sales pressure combined with weak supervision and delayed training may more accurately predict risk than any single metric. Daily compliance operations should therefore focus on integration. Data governance, cross-functional collaboration, and shared dashboards are not IT luxuries. They are an ethical infrastructure. Pythagoras teaches that truth emerges through harmony, not isolation.

AI in Compliance: Augmentation, Not Abdication

Pythagoras revered numbers, but he did not confuse measurement with wisdom. That distinction is critical as compliance programs adopt AI. Artificial intelligence can identify patterns humans miss. It can process a scale impossible for manual review. But it cannot understand intent, fairness, or ethical nuance. The ECCP implicitly acknowledges this by emphasizing human oversight, explainability, and accountability.

A Pythagorean compliance program treats AI as an instrument, not an authority. Algorithms inform decisions. Humans make them. Compliance professionals must understand how models work, what data they rely on, and where bias may emerge. Black-box systems that cannot be explained to regulators or boards undermine trust and increase risk. The lesson is clear. AI should strengthen judgment, not replace it.

Ethical Design of Metrics and Models

Pythagoras viewed mathematical relationships as expressions of order. In the context of compliance, this means that metrics and models must reflect ethical intent. What a company chooses to measure sends a signal. Measuring speed over quality encourages shortcuts. Measuring volume over impact encourages superficial activity. The ECCP asks whether metrics drive meaningful improvement or merely create the appearance of control, stating, “How is the company measuring the accuracy, precision, or recall of any data analytics models it is using? ”

In daily practice, compliance professionals must evaluate whether dashboards reflect what truly matters. Are metrics aligned with values? Do they incentivize the right behavior? Are they reviewed and refined as risks evolve? Pythagoras teaches that poorly designed numbers distort reality rather than reveal it.

5 Key Takeaways for the Compliance Professional

1. Data is foundational to modern compliance effectiveness.

Pythagoras teaches that numbers reveal truth when used correctly. The ECCP expects compliance programs to use data to assess risk and effectiveness. Daily operations should rely on metrics that illuminate behavior, not merely document activity. Thoughtful measurement enables early detection, targeted remediation, and informed decision-making across the organization.

2. Proportion is critical in analytics and AI deployment.

More data is not better data. Over-engineered systems overwhelm teams and erode credibility. A Pythagorean approach emphasizes balance. Analytics and AI should be scaled to risk and organizational maturity. Proportional systems produce insight without fatigue, supporting both effectiveness and trust.

3. Integrated data reveals systemic risk.

Isolated metrics tell incomplete stories. Pythagoras’ concept of harmony applies directly to compliance data integration. The ECCP increasingly expects cross-functional insight. Compliance professionals should work to connect data across compliance, HR, finance, and audit to identify patterns that go unnoticed in silos.

4. AI must augment, not replace, human judgment.

Numbers do not equal wisdom. AI tools support scale and pattern recognition, but ethical decisions require human oversight. The ECCP emphasizes accountability and explainability. Compliance professionals must understand, govern, and challenge AI outputs rather than defer to them.

5. Metrics are ethical choices.

What gets measured shapes behavior. Poorly designed metrics distort incentives and undermine values. Pythagoras reminds us that numbers carry moral weight. Compliance leaders must ensure metrics align with ethical goals and drive meaningful improvement, not superficial compliance.

From Pythagoras to Euclid: From Measurement to Proof

Pythagoras introduces compliance professionals to the power and peril of numbers. He shows how data, analytics, and AI can reveal patterns, test assumptions, and bring harmony to complex systems. But measurement alone is not enough. At some point, regulators, boards, and stakeholders will ask a harder question. Can you prove your program works?

That is where Euclid completes the journey. If Pythagoras teaches us how to measure compliance, Euclid teaches us how to structure it logically, define it precisely, and demonstrate effectiveness through proof rather than assertion. The Euclid post you have already written stands as the natural capstone to this series, translating philosophical insight into a compliance system that is coherent, defensible, and built to endure.

Pythagoras shows us how to see compliance through numbers. Euclid will show us how to organize those insights into a system that proves its own effectiveness. Join us tomorrow in our concluding blog post to find out how.

Categories
Great Women in Compliance

Great Women in Compliance – When Women Speak Up: Gender, Whistleblowing and Retaliation

In this roundtable episode of the Great Women in Compliance Podcast, Lisa Fine and Ellen Hunt are joined by whistleblower attorney Mary Inman and Professor Kate Kenny from the University of Galway to explore what really happens when women speak up. Drawing on Professor Kenny’s decade-long research on whistleblowing—including recent work with Transparency International—the conversation examines why women whistleblowers often face greater challenges, which deter them from raising concerns or from deciding to leave a job, rather than speaking up.

The discussion unpacks how gender stereotypes, gaslighting, and organizational culture shape how concerns are received and why women are more likely to speak up when strong protections, anonymity, and collective reporting options are in place. Mary Inman adds a practitioner’s perspective, sharing what she sees in real cases and why many women choose to report together rather than go it alone.

As Ethics and Compliance practitioners consider how to help people speak up, this episode challenges us to review our programs and make improvements to support anyone raising concerns.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 14 – Internal Controls

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, on Day 14, the focus is on internal controls and their critical role in compliance frameworks.

Key highlights:

  • Defining Internal Controls
  • Key Components of Internal Controls
  • Internal Controls in Compliance Programs

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

Greek Philosophers Week: Part 3 – Aristotle and the Daily Practice of Ethics & Compliance

In Part 3, we continue our exploration of the origins of the modern corporate compliance organization, tracing them back to the ancient Greek philosophers, including Aristotle. Plato teaches compliance professionals how to design ethical governance systems. But anyone who has ever operated a compliance program knows that structure alone does not guarantee ethical behavior. Policies exist. Committees meet. Reporting lines are drawn. And yet misconduct still occurs. That is where Aristotle becomes essential to the modern compliance conversation.

Aristotle was not interested in ideal societies. He was interested in how people actually behave. His philosophy focuses on habit, judgment, incentives, and purpose, all of which are central to daily compliance operations. The DOJ Evaluation of Corporate Compliance Programs (ECCP) reflects this Aristotelian realism. It asks not only whether a program is well designed, but also whether it is implemented in practice and works in reality.

If Plato is the architect of compliance, Aristotle is its operator.

Virtue as Habit, Not Aspiration

Aristotle rejected the idea that ethics is a matter of knowing the right thing. He argued that virtue is formed through repeated action. People become ethical by practicing ethical behavior until it becomes a habit. This insight aligns directly with the ECCP’s focus on implementation and effectiveness. Prosecutors do not evaluate what a company claims to value. They assess how employees actually behave under pressure. Training, policies, and controls matter only to the extent they shape habits.

In daily compliance work, this means moving beyond episodic interventions. Annual training does not create virtue. Consistent reinforcement does. Indeed, the DOJ specifically called out companies that “have invested in shorter, more targeted training sessions to enable employees to timely identify and raise issues to appropriate compliance, internal audit, or other risk management functions.”

Managers who model ethical decision-making, align incentives with values, and apply consequences fairly all shape behavior over time. Aristotle reminds us that culture is built one decision at a time.

Practical Wisdom and Gray-Area Decision Making

Aristotle distinguished between technical knowledge and phronesis, or practical wisdom. Rules cannot anticipate every situation. Judgment fills the gap. The ECCP implicitly recognizes this by emphasizing risk-based decision-making. A compliance program that relies solely on rigid rules will fail in complex environments. Investigations, third-party reviews, and transaction approvals all require judgment informed by experience and context.

For compliance professionals, this means embracing their role as ethical decision-makers rather than just rule enforcers. It also means documenting judgment. Regulators understand discretion, but they expect it to be principled, consistent, and explainable. Aristotle teaches that wisdom is demonstrated through action guided by reason.

The Golden Mean and Proportional Compliance

One of Aristotle’s most enduring ideas is the Golden Mean. Virtue lies between extremes. Courage sits between recklessness and cowardice. The same principle applies to compliance design and operations. The ECCP expects programs to be appropriately tailored to risk. Over-engineered compliance systems create fatigue, false positives, and cynicism. Under-resourced programs invite misconduct. Both extremes are failures.

Daily compliance operations must strike a balance. Monitoring should be robust but targeted. Controls should be strong but workable. Reporting requirements should capture risk without overwhelming employees. Aristotle reminds us that effectiveness lives in proportion, not excess.

Incentives Reveal Character

Aristotle believed character is revealed by what people pursue and what they are rewarded for achieving. This lesson is painfully relevant to compliance failures. This is also the basis for modern due diligence. The ECCP repeatedly asks how companies incentivize compliance and discipline amid misconduct. The ECCP states, “Another hallmark of effective implementation of a compliance program is the establishment of incentives for compliance and disincentives for non-compliance.” Compensation structures that reward results regardless of method undermine every policy on the books. Employees respond to what is rewarded, not what is written.

In practice, compliance professionals must engage with compensation, promotion, and performance management. Ethics cannot be siloed. When high performers are excused from consequences, the organization sends the message that virtue is optional. Aristotle would argue that such systems inevitably produce unethical outcomes, regardless of stated values.

Purpose and the Role of Compliance

Aristotle believed everything has a telos, an ultimate purpose. Understanding purpose guides action and gives coherence to effort. Compliance programs often struggle when their purpose is framed narrowly as avoiding fines or enforcement. The ECCP encourages companies to adopt a broader perspective, emphasizing risk management, trust, and sustainable operations.

In daily work, purpose shapes priorities. Is compliance positioned as a business partner or a policing function? Is it involved early in decision-making or consulted after damage is done? Aristotle teaches that clarity of purpose aligns behavior. When compliance understands and articulates its role as protecting the organization’s long-term health, its influence grows.

5 Key Takeaways for the Compliance Professional

1. Ethical behavior is formed through habit, not intention.

Aristotle teaches that virtue develops through repeated action. Compliance programs must therefore consistently reinforce ethical behavior, not just episodically. The ECCP emphasizes implementation because policies alone do not shape conduct. Daily reinforcement through leadership behavior, aligned incentives, and consistent consequences builds habits that endure. Compliance professionals should evaluate whether their programs influence how employees actually act under pressure, not just what they acknowledge in training.

2. Judgment is a core compliance competency.

Rules cannot anticipate every scenario. Aristotle’s concept of practical wisdom aligns with the ECCP’s expectation of risk-based decision-making. Compliance professionals must exercise and document judgment in investigations, approvals, and remediation. This requires experience, training, and independence. Ethical compliance is not mechanical. It is reasoned, contextual, and defensible when challenged by regulators or boards.

3. Proportion matters in compliance design.

The Golden Mean teaches that extremes undermine effectiveness. Overly burdensome controls create fatigue and workarounds. Weak controls invite abuse. The ECCP expects tailoring based on risk, geography, and business model. Compliance leaders must design right-sized programs that employees can follow and that management can support. Balance is not compromise. It is effective.

4. Incentives define culture more than policies.

Aristotle understood that character is shaped by what is rewarded. Compliance failures often stem from misaligned incentives. The ECCP scrutinizes compensation and discipline for this reason. Daily compliance operations must engage with HR and leadership to ensure ethics are embedded in performance evaluations, promotions, and bonuses. Culture follows incentives, not slogans.

5. Compliance must have a clear purpose.

Aristotle’s concept of telos reminds us that purpose guides action—compliance programs framed solely as legal defense lose credibility. The ECCP encourages a broader view of compliance as a risk-management and trust-building approach. When compliance professionals articulate their purpose clearly, they gain influence, resources, and early involvement in decisions that matter.

From Aristotle to Pythagoras: From Judgment to Measurement

Aristotle grounds compliance in habit, judgment, and proportion. But judgment alone is not enough in modern organizations operating at scale. As programs mature, leaders ask how to measure effectiveness, detect patterns, and anticipate risk.

That transition leads naturally to Pythagoras. Where Aristotle focuses on ethical action, Pythagoras focuses on number, proportion, and harmony. In compliance terms, this is the shift toward data analytics, metrics, and AI. If Aristotle teaches us how people should behave within ethical systems, Pythagoras teaches us how to observe, measure, and test whether they actually do.

Aristotle teaches us how ethical compliance is lived day to day. Pythagoras will push the conversation further, asking how data, analytics, and AI can measure, test, and strengthen those ethical systems without losing proportion or judgment. Join us tomorrow in Part 4 to find out how.

 

Categories
Innovation in Compliance

Innovation in Compliance – The Strategic Evolution of Compliance: Insights from Angie McPhail

Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Angie McPhail to discuss the transformation of compliance from a regulatory function to a strategic business imperative.

Angie shares her professional background, having led the Integrity and Compliance group for the Americas at Juniper Networks before its acquisition by HPE. Key discussions include the evolving role of compliance as a strategic influencer within organizations, the intersection of ethics and integrity with ESG, and the importance of trust in building effective compliance programs. Angie emphasizes the need for compliance professionals to understand business strategy, leverage technology, and build trust to drive sustainable growth. The talk also covers the future outlook for compliance leaders and provides advice on preparing the next generation of compliance professionals.

Key highlights:

  • Compliance as a Strategic Business Function
  • Influence and Trust in Compliance
  • Compliance as a Driver of Business Success
  • Managing Reputational Risk
  • Future of Compliance Leadership

Resources:

Angie McPhail on LinkedIn

Innovation in Compliance was recently ranked 4th among Risk Management podcasts by 1,000,000 Podcasts.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 13 – Policies and Procedures

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In this Day 13 episode, we review the importance of having well-crafted compliance policies and procedures as the foundation of a robust compliance program.

Key highlights:

  • Importance of Compliance Policies
  • Key Elements of Compliance Policies
  • Assessment and Evolution of Policies

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 12 – The Importance and Construction of a Corporate Code of Conduct

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. This Day 12 episode explores the critical value and construction of a corporate Code of Conduct, explaining its evolution from a legalistic document to a cornerstone of compliance programs.

Key highlights:

  • Introduction to Code of Conduct
  • Regulatory Expectations and Guidelines
  • Crafting an Effective Code of Conduct

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.