Tag: compliance

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 19 – Evaluating the Risk Management Process

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 19 episode, we review the critical process of evaluating and translating risk assessments into actionable risk profiles.

Key highlights:

  • Understanding Risk Profiles
  • Evaluating Risk Management Processes
  • Risk Matrix and Heat Maps

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Sunday Book Review

Sunday Book Review: January 18, 2026, The Top Books on Innovation ’26 Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. In this episode, we look at some of the top books on innovation, both those already published and those scheduled for 2026.

  1. Twin Transformation: A Gripping Tale of How AI and Sustainability Converge, and the Race to Get It Right by Michael Wade & Konstantinos Trantopoulos 
  2. The Innovation Approach: Overcoming the Limitations of Design Thinking and the Lean Startup by David C. Roach
  3. The Shortest History of AI: The Six Essential Ideas That Animate It by Toby Walsh
  4. The Coming Wave: AI, Power, and Our Future by Mustafa Suleyman & Michael Bhaskar
Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 18 – Risk Assessments

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 18 episode, we discuss the essential role of risk assessments in anti-corruption compliance programs.

Key highlights:

  • The Importance of Regular Risk Assessments
  • Methodologies for Risk Assessment
  • Steps in Conducting a Risk Assessment

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days for a More Effective Compliance Program: Day 17 – Podcasting for Compliance

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance.  In this Day 17 episode, we explore the transformative potential of podcasting in compliance training and fostering corporate culture.

Key highlights:

  • Podcast Storytelling: A New Approach
  • Branded Podcast Series for Compliance
  • The Benefits of Podcasting for Compliance

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Blog

Greek Philosophers Week: Part 5 – Euclid and Proving Your Program Is Effective

We conclude our exploration of how ancient Greek philosophers influence compliance and ethics in 2026 and beyond. In this series, we have considered Socrates, Plato, Aristotle, and Pythagoras. Today, we conclude with Euclid.

Pythagoras teaches compliance professionals how to measure, analyze, and detect ethical risk through data, proportion, and pattern recognition. But measurement alone never closes the loop. At some point, regulators, boards, and senior leadership ask a harder question: Can you prove your compliance program actually works? That is where Euclid becomes the natural capstone of this philosophical journey.

Euclid was not concerned with numbers in isolation. He was concerned with structure, logic, definition, and proof. His Elements did not merely describe geometry. It demonstrated how a coherent system is built from first principles, how each part follows logically from the last, and how conclusions are proven rather than asserted. That methodology aligns almost perfectly with modern expectations for compliance program effectiveness under the DOJ Evaluation of Corporate Compliance Programs (ECCP).

If Pythagoras gives compliance professionals the tools to see risk, Euclid shows them how to organize those insights into a defensible, durable system. We also circle back to Hui Chen, the original Corporate Compliance Counsel to the DOJ, who would challenge Chief Compliance Officers (CCOs) and their counsel when they came before the DOJ in settlement negotiations, demonstrating the effectiveness of their compliance programs through data rather than anecdote.

First Principles Are the Foundation of Compliance Credibility

Euclid begins with definitions, axioms, and postulates. He does not assume shared understanding. He defines it. Everything that follows depends on clarity at the start. Many compliance programs struggle precisely because they skip this step. Policies proliferate. Controls multiply. Training expands. Yet foundational questions remain vague. What does ethical behavior actually mean in this organization? What risks are intolerable regardless of business pressure? What decisions require escalation without exception?

The ECCP begins with 3 fundamental questions:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

Throughout the ECCP, the DOJ repeatedly asks whether a compliance program is well designed. That evaluation begins with clarity of purpose and scope. A Euclidean compliance program explicitly defines its terms, principles, and boundaries. Without that clarity, enforcement becomes inconsistent, and explanations to regulators become fragile. In daily operations, this means compliance professionals must insist on precision. Ambiguity is not flexibility. It is a risk.

Logical Structure Is a Compliance Control

Euclid’s brilliance lies in sequencing. Each proposition follows logically from what came before. Nothing is random. Nothing is decorative. The system works because it is internally consistent. Compliance programs often fail this test. Risk assessments do not inform training. Training does not influence monitoring. Investigations do not drive remediation. Each function operates competently, but not coherently.

The ECCP explicitly evaluates whether compliance programs operate as integrated systems rather than as disconnected components, stating, “Ensure the compliance program is well-integrated into the company’s operations and workforce.” Prosecutors want to see feedback loops, escalation pathways, and continuous improvement mechanisms. That is Euclidean thinking applied to compliance. In practice, compliance leaders should be able to explain how a risk moves through the system from identification to mitigation. If that explanation requires hand-waving, the system is not structurally sound.

Proof, Not Assertion, Is the Regulatory Standard

Euclid never asks the reader to trust him. He proves every claim. That lesson may be his most important contribution to modern compliance. Companies often assert that their programs are effective because training is delivered, policies are updated, or hotlines exist. Hui Chen led the charge on this concept when she was the DOJ Compliance Counsel. The ECCP has reiterated Chen’s requirement for evidence, as prosecutors now routinely request proof of effectiveness. How quickly are issues identified? How consistently is discipline applied? How does remediation prevent recurrence?

A Euclidean compliance program is designed to generate proof. Controls are documented. Decisions are recorded. Metrics are reviewed and refined. Effectiveness is demonstrated through data and outcomes, not narrative assurances. This is not about bureaucracy. It is about credibility. When regulators ask how you know your program works, Euclid provides the answer: because the proof is built into the structure.

Precision Enables Fairness and Trust

Euclid’s definitions leave little room for interpretation. In compliance, precision serves a similar function. Clear definitions reduce bias, inconsistency, and resentment. Vague policies create uneven enforcement. Uneven enforcement destroys trust. Employees quickly learn whether rules are real or elastic. The ECCP’s emphasis on consistent discipline reflects this reality. The ECCP states, “Have disciplinary actions and incentives been fairly and consistently applied across the organization?”

Daily compliance operations should therefore prioritize clarity. What constitutes a conflict of interest? What thresholds trigger approval? What timelines govern investigations? Who owns decisions at each stage? Precision protects both the organization and the compliance function. It allows fairness to be demonstrated, not merely claimed.

Systems Must Be Built to Endure

Euclid’s work has endured for more than two millennia because it was built as a system, not a response to a crisis. Compliance programs should aspire to similar durability. Programs that rely on personalities, informal influence, or unwritten norms collapse when leadership changes. The ECCP evaluates whether compliance programs are institutionalized, supported by governance structures, and able to withstand turnover. A Euclidean compliance program embeds ethics into processes, charters, reporting lines, and documentation. Knowledge is transferred. Decisions are repeatable. Improvements are systematic. This durability is not accidental. It is designed.

Why Euclid Completes the Series

Socrates teaches compliance professionals to ask uncomfortable questions. Plato teaches them to design ethical governance structures. Aristotle shows how ethics are lived through habit and judgment. Pythagoras introduces measurement, analytics, and AI. Euclid brings all of it together. He shows how inquiry, governance, behavior, and data become a coherent system that can be explained, defended, and proven. In modern compliance, that is the difference between aspiration and effectiveness.

5 Key Takeaways for the Compliance Professional

1. Compliance programs must be grounded in clear first principles.

Euclid reminds us that systems fail when foundations are vague. Compliance programs should clearly define ethical expectations, risk boundaries, and escalation triggers. The ECCP evaluates whether programs are thoughtfully designed, not merely comprehensive. Clear first principles guide daily decisions, reduce ambiguity, and support consistent enforcement. Without them, controls become reactive, and credibility erodes under scrutiny.

2. Logical integration is a core element of effectiveness.

Disconnected compliance components create blind spots. Euclid teaches that a system works when each part follows logically from the previous one. Risk assessments should drive policies. Policies should inform training. Training should influence monitoring. Investigations should lead to remediation. The ECCP rewards programs that demonstrate this internal logic. Integration is not administrative elegance. It is risk management.

3. Proof of effectiveness must be built into the program.

Assertions no longer satisfy regulators. Euclid’s insistence on proof mirrors the ECCP’s demand for evidence. Compliance programs should be designed to generate data demonstrating timely detection, consistent discipline, and meaningful remediation. When proof is embedded in the system, credibility follows naturally.

4. Precision enables fairness and protects trust.

Clear definitions and thresholds reduce inconsistency and perceived bias. Euclid’s precision offers a model for compliance policies and procedures. The ECCP scrutinizes the fairness of disciplinary proceedings and investigations because trust depends on it. Precision protects employees, managers, and the compliance function alike.

5. Durable compliance programs are designed, not improvised.

Euclid’s work endures because it was built as a coherent system. Compliance programs should aim for the same longevity. Institutionalized governance, documented processes, and structured improvement allow programs to survive leadership changes and regulatory shifts. Durability is a marker of maturity and a signal of seriousness to regulators.

Euclid teaches compliance professionals the final lesson in this series: effectiveness is not claimed. It is demonstrated.

Conclusion

The enduring relevance of the ancient Greek philosophers to modern compliance and ethics lies in their not theorizing in the abstract. They were grappling with the same human pressures that drive misconduct today: power, incentives, rationalization, fear, and convenience. Socrates teaches compliance professionals the discipline of ethical inquiry and the courage to ask uncomfortable questions. Plato shows that values without governance structures are fragile, while Aristotle grounds ethics in habit, judgment, and daily behavior rather than aspiration. Together, they mirror the DOJ’s insistence that effective compliance programs begin with understanding risk, designing systems to manage it, and ensuring those systems operate in practice.

What makes these philosophers especially relevant today is how naturally their ideas align with modern regulatory expectations. Pythagoras anticipates the role of data, analytics, and AI in measuring compliance effectiveness, while Euclid provides the blueprint for structure, precision, and proof that regulators now demand. In an era of complex global operations and heightened enforcement scrutiny, compliance programs succeed or fail based on inquiry, governance, behavior, measurement, and demonstrable effectiveness. The ancient Greeks understood those dynamics long before corporate compliance existed, which is why their lessons remain not only relevant but essential for modern compliance and ethics professionals.

Categories
Compliance and AI

Compliance and AI – Transforming Cloud Investments: The Role of AI Governance

What is the intersection of AI and compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. Today, Tom looks at AI and governance with 3 guests, Bill Sanders, Olivia Storelli, and Andrew Stevens.

Bill Sanders, Olivia Storelli, and Andrew Stevens are leading voices in the discourse on AI governance and guardrails, each bringing a unique perspective. Bill, a leader in brand management and consulting, views AI governance as essential for leveraging AI’s potential, emphasizing the need for decentralized decision-making and strategic oversight to ensure safety and strategic foresight. Olivia, CEO of Sakura Sky, underscores the importance of aligning strategy with practical technology execution, advocating for governance as a means to achieve rapid value while maintaining safety and innovation. Andrew, an expert in cloud technology, highlights the need for governance to manage AI’s risks and liabilities, calling for executive leadership to define permissible data use and decision-making to foster a robust, accountable AI implementation. Together, they stress the importance of clear guidelines, organizational readiness, and leadership involvement in navigating the complexities of AI adoption and ensuring its safe and effective integration into business operations.

Key highlights:

  • AI governance is crucial for safe and efficient deployment of artificial intelligence systems in organizations.
  • Collaboration and a mindset shift towards compliance professionals as enablers are essential for safe AI adoption.
  • AI compliance impacts trust, fairness, and security within organizations.
  • Leadership, accountability, and culture are key to success in AI projects.
  • A phased approach with executive sponsorship is crucial for implementing the AI roadmap.

Resources:

Download the AI Executive Whitepaper:

Text the word PLAYBOOK to 415.960.1161. 

or

Visit https://whitepaper.download/

  • Websites

https://roeblingstrauss.com/

https://www.sakurasky.com/

LinkedIn 

LinkedIn: Bill Sanders

LinkedIn: Olivia Storelli

LinkedIn: Andrew Stevens

Books

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 16 – Effective and Tailored Compliance Training

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 16 episode, we delve into the evolution and importance of employee compliance training, focusing on fostering a culture of compliance within organizations.

Key highlights:

  • Evolution of Compliance Training Standards
  • Measuring Training Effectiveness
  • Tailoring Training to Audience Needs

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 15 – Monitoring and Improving Internal Controls

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In this Day 15 episode, we look at the ongoing process of monitoring and improving internal controls within companies.

Key highlights:

  • Understanding Control Overrides
  • Continuous Monitoring and Improvement
  • Assessing and Updating Controls

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Daily Compliance News

Daily Compliance News: January 15, 2026, The Do You Need a Second CCO Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Another Eric Adams associate was charged in another corruption scandal. (Politico)
  • Blocking and tackling in compliance. (Bloomberg)
  • Hightower goes with a dual CCO structure. (InvestmentNews)
  • Panama SCt to decide who can run the Panama Canal. (WSJ)
Categories
Blog

Greek Philosophers Week: Part 4 – Pythagoras and the Rise of Data Analytics and AI in Compliance

We continue our exploration of the origins of the modern corporate compliance organization in Part 4, looking at Pythagoras. Aristotle teaches compliance professionals how ethics are lived through judgment, habit, and daily decision-making. But modern organizations operate at a scale Aristotle could never have imagined. Thousands of transactions, third parties, employees, and decisions occur simultaneously across jurisdictions. At that scale, judgment alone is not enough. Measurement becomes essential. That is where Pythagoras enters the compliance conversation.

Pythagoras believed that reality could be understood through number, proportion, and harmony. He did not see numbers as cold abstractions but as tools to reveal the underlying truth. That belief sits squarely at the heart of modern compliance analytics, continuous monitoring, and artificial intelligence. The DOJ Evaluation of Corporate Compliance Programs (ECCP) increasingly reflects this Pythagorean turn, asking not only whether programs exist, but whether companies use data to test effectiveness, identify patterns, and evolve.

If Aristotle teaches us how people should behave, Pythagoras teaches us how to observe whether they actually do. Or as Vince Walden might say, it’s always about the numbers.

“All Is Number” and the Measurement of Compliance Effectiveness

Pythagoras’ famous assertion that “all is number” resonates strongly in today’s compliance environment. Modern programs rely on metrics to understand risk exposure, detect anomalies, and allocate resources. Hotline data, transaction monitoring, third-party risk scores, training completion rates, and investigation timelines are all numerical expressions of ethical behavior.

The ECCP explicitly asks whether companies track and analyze data to assess program effectiveness and, equally important, whether the compliance function has access to this data. The ECCP states, “Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? ” This is not a technological preference. It is a governance expectation. Regulators understand that unmanaged data obscures risk, while well-designed analytics reveal it.

In daily operations, compliance professionals must decide what to measure and why. Pythagoras reminds us that numbers should illuminate reality, not replace it. Metrics must be chosen deliberately, tied to risk, and interpreted with care. Counting activity is easy. Measuring insight requires discipline. The ECCP goes on to ask the following questions: Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs?

Proportion and the Danger of Over-Engineered Analytics

Pythagoras placed enormous importance on proportion and balance. Harmony emerged when relationships were mathematically sound. This lesson is critical for compliance programs rushing to adopt advanced analytics and AI. The ECCP expects data-driven compliance, but it does not reward excess, stating, “Is the company appropriately leveraging data analytics tools to create efficiencies in compliance operations and measure the effectiveness of components of compliance programs? ” Overly complex monitoring systems often generate false positives that overwhelm teams and erode trust with the business. Employees begin to see compliance as noise rather than guidance. Investigators drown in alerts rather than insights.

A Pythagorean approach demands proportionality. Analytics should scale to risk. High-risk transactions deserve deeper scrutiny. Low-risk activity should not consume disproportionate resources. AI models must be tuned to business reality, not theoretical perfection. Balance, not volume, produces effectiveness.

Harmony of Systems and Breaking Down Data Silos

Pythagoras believed that harmony arises when individual elements work together according to rational relationships. In compliance, this translates into integration. One of the most common failures in compliance analytics is fragmentation. Compliance data lives in one system. HR data in another. Finance and audit data elsewhere. Each tells a partial story. None reveals the whole picture.

The ECCP increasingly expects companies to connect these dots. Patterns of misconduct often emerge only when data sets are viewed together. For example, high sales pressure combined with weak supervision and delayed training may more accurately predict risk than any single metric. Daily compliance operations should therefore focus on integration. Data governance, cross-functional collaboration, and shared dashboards are not IT luxuries. They are an ethical infrastructure. Pythagoras teaches that truth emerges through harmony, not isolation.

AI in Compliance: Augmentation, Not Abdication

Pythagoras revered numbers, but he did not confuse measurement with wisdom. That distinction is critical as compliance programs adopt AI. Artificial intelligence can identify patterns humans miss. It can process a scale impossible for manual review. But it cannot understand intent, fairness, or ethical nuance. The ECCP implicitly acknowledges this by emphasizing human oversight, explainability, and accountability.

A Pythagorean compliance program treats AI as an instrument, not an authority. Algorithms inform decisions. Humans make them. Compliance professionals must understand how models work, what data they rely on, and where bias may emerge. Black-box systems that cannot be explained to regulators or boards undermine trust and increase risk. The lesson is clear. AI should strengthen judgment, not replace it.

Ethical Design of Metrics and Models

Pythagoras viewed mathematical relationships as expressions of order. In the context of compliance, this means that metrics and models must reflect ethical intent. What a company chooses to measure sends a signal. Measuring speed over quality encourages shortcuts. Measuring volume over impact encourages superficial activity. The ECCP asks whether metrics drive meaningful improvement or merely create the appearance of control, stating, “How is the company measuring the accuracy, precision, or recall of any data analytics models it is using? ”

In daily practice, compliance professionals must evaluate whether dashboards reflect what truly matters. Are metrics aligned with values? Do they incentivize the right behavior? Are they reviewed and refined as risks evolve? Pythagoras teaches that poorly designed numbers distort reality rather than reveal it.

5 Key Takeaways for the Compliance Professional

1. Data is foundational to modern compliance effectiveness.

Pythagoras teaches that numbers reveal truth when used correctly. The ECCP expects compliance programs to use data to assess risk and effectiveness. Daily operations should rely on metrics that illuminate behavior, not merely document activity. Thoughtful measurement enables early detection, targeted remediation, and informed decision-making across the organization.

2. Proportion is critical in analytics and AI deployment.

More data is not better data. Over-engineered systems overwhelm teams and erode credibility. A Pythagorean approach emphasizes balance. Analytics and AI should be scaled to risk and organizational maturity. Proportional systems produce insight without fatigue, supporting both effectiveness and trust.

3. Integrated data reveals systemic risk.

Isolated metrics tell incomplete stories. Pythagoras’ concept of harmony applies directly to compliance data integration. The ECCP increasingly expects cross-functional insight. Compliance professionals should work to connect data across compliance, HR, finance, and audit to identify patterns that go unnoticed in silos.

4. AI must augment, not replace, human judgment.

Numbers do not equal wisdom. AI tools support scale and pattern recognition, but ethical decisions require human oversight. The ECCP emphasizes accountability and explainability. Compliance professionals must understand, govern, and challenge AI outputs rather than defer to them.

5. Metrics are ethical choices.

What gets measured shapes behavior. Poorly designed metrics distort incentives and undermine values. Pythagoras reminds us that numbers carry moral weight. Compliance leaders must ensure metrics align with ethical goals and drive meaningful improvement, not superficial compliance.

From Pythagoras to Euclid: From Measurement to Proof

Pythagoras introduces compliance professionals to the power and peril of numbers. He shows how data, analytics, and AI can reveal patterns, test assumptions, and bring harmony to complex systems. But measurement alone is not enough. At some point, regulators, boards, and stakeholders will ask a harder question. Can you prove your program works?

That is where Euclid completes the journey. If Pythagoras teaches us how to measure compliance, Euclid teaches us how to structure it logically, define it precisely, and demonstrate effectiveness through proof rather than assertion. The Euclid post you have already written stands as the natural capstone to this series, translating philosophical insight into a compliance system that is coherent, defensible, and built to endure.

Pythagoras shows us how to see compliance through numbers. Euclid will show us how to organize those insights into a system that proves its own effectiveness. Join us tomorrow in our concluding blog post to find out how.