Tag: compliance

Categories
FCPA Compliance Report

FCPA Compliance Report – Exploring AI Adoption in Risk and Compliance with Richard Graham

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Richard Graham, Director – KYC / Financial Crime at Moody’s, to discuss the newly released AI Risk and Compliance Survey.

Graham shares his extensive background in financial crime and technology, emphasizing his current role, which focuses on KYC and financial crime at Moody’s. Together, they discuss the survey’s insights, which reveal that 53% of 600 senior risk professionals surveyed are currently using AI for risk management, representing a significant increase from the previous year. Graham explains the crucial role of high-quality data in maximizing AI’s potential and highlights its rapid adoption driven by its demonstrated benefits in compliance and risk management. The conversation also explores the evolving role of risk professionals in the context of AI tools, the impact of regulatory awareness, and the industry’s shift towards more proactive risk management.

Key highlights:

  • Overview of AI Risk and Compliance Survey
  • Key Findings and Industry Trends
  • Adoption of AI in Banking and Corporates
  • Early Wins and Barriers to Scale
  • Data Governance and Regulatory Expectations

Resources:

Richard Graham on LinkedIn

Moody’s

Moody’d AI Risk and Compliance Survey

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Winnie the Pooh and Compliance Week – Tigger and Sales Incentives

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We begin a week of fun in compliance by looking at how Winnie the Pooh and his friends inform your compliance program. We start by using Tigger to examine sales incentives within a best practices compliance program.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
AI Today in 5

AI Today in 5: November 10, 2025, The Use AI or Be Fired Edition

Welcome to AI Today in 5, the newest edition of the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  1. 5 Pillars for AI Compliance. (Medical Economics)
  2. Use AI or be fired. (WSJ)
  3. Is AI something more than intelligent? (NYT)
  4. Voice phishing is AI fraud. (FT)
  5. Is AI spending out of control? (Bloomberg)

For more information on the use of AI in compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com

Categories
Compliance Tip of the Day

Compliance Tip of the Day – NBA Betting Scandal – Rebuilding a Culture of Integrity

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will mine the ongoing NBA betting scandal for compliance lessons. Today, in this concluding Part 5, we conclude by looking at what the NBA itself can do to rebuild trust with its stakeholders.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Blog

Compliance and Building Resilient Boards

In today’s volatile world, the word “resilience” has become the boardroom’s rallying cry. From geopolitical risk to technological disruption, boards and C-suites are being asked to navigate what Deloitte calls a “multiverse” of parallel realities, balancing short-term shocks with long-term strategy. But BOD resilience is not just about surviving turbulence. It is about thriving through uncertainty. And that is where the corporate compliance function, often underestimated as a back-office monitor, can emerge as a strategic partner in building board-level resilience. This is the key message that resonates from a recent article in the Harvard Law School Forum on Corporate Governance, How Board and C-Suite Collaboration Can Build Organizational Resilience.

Effective collaboration between boards and executive teams strengthens organizational adaptability, foresight, and integrity. Resilience is not the absence of risk; rather, it is the ability to master a response. Today, we consider this article and mine it for lessons for compliance leaders seeking to help their boards become more resilient, responsive, and ready for the future.

1. Compliance as the Early-Warning System for the Board

The Deloitte survey highlights a growing reality: boards are increasingly overwhelmed by short-term risks, ranging from cyberattacks to economic volatility. They may overlook longer-term imperatives such as innovation and human capital development. Compliance professionals are uniquely positioned to serve as an early warning system for emerging risks. Through monitoring, testing, and continuous improvement, compliance provides data-driven insight into what is actually happening inside the business before it becomes a headline or regulatory crisis.

A resilient board depends on credible information flow. That means compliance must extend beyond reporting incidents to providing actionable intelligence. By translating risk data into actionable insight and identifying patterns in third-party due diligence, supply chain vulnerabilities, or employee reporting trends, the compliance function helps directors see around corners. As Gordon Nixon, chair of BCE Inc., put it, leadership today requires the ability to “synthesize complexity into decisive action.” Compliance gives boards the tools to do just that.

2. Turning Oversight Into Scenario Planning

According to Deloitte’s data, 86% of boards have increased their focus on risk monitoring and scenario planning, with 39% significantly stepping up their efforts. That is good news, but only if those exercises move beyond hypotheticals. This is where compliance can play a catalytic role. Scenario planning is most effective when it draws from real operational data, and no function gathers more cross-enterprise data than compliance. Every whistleblower report, transaction review, and training completion rate tells part of a story about how the organization will respond when tested.

A compliance leader should therefore help transform board discussions from abstract governance into strategic foresight. When boards examine potential crises, such as cyber breaches, sanctions violations, or ESG missteps, compliance can provide not just the risk but also the response map, including who is responsible, how escalation works, what past data reveals about reaction speed, and how remediation was measured.

3. Strengthening the Board–C-Suite Communication Loop

The Deloitte study finds that open, transparent communication between the board and CEO is the single most important factor in organizational resilience, cited by 66% of respondents. That transparency must extend beyond financial performance; it must include culture, ethics, and conduct. Compliance officers can serve as trusted interpreters between management and directors. Often, executives filter messages to the board, softening bad news or emphasizing short-term wins. A strong compliance function ensures that uncomfortable truths, emerging investigations, cultural risks, or weak control environments are brought to the board’s attention promptly and accurately.

Moreover, compliance officers can help foster “psychological safety,” a quality Deloitte found lacking on many boards. When executives and directors feel safe discussing failures and near misses, they can act more decisively and learn faster. Compliance teams, with their neutral and process-driven perspective, can facilitate those candid conversations.

4. Building the Skill Base for Resilient Oversight

One of the report’s most striking findings is a gap between board and C-suite perceptions of readiness. While 86% of directors believe they are providing the right support to management, only 73% of executives agree. The gap is even wider in terms of skill composition. Nearly half of C-suite respondents say boards lack the necessary expertise to guide them through today’s environment.

That is a call to action for compliance leaders. The modern compliance function serves as a knowledge hub, continuously monitoring global regulatory trends, AI governance frameworks, and emerging ESG risks. Boards can leverage this intelligence to refresh their own competencies. For example, compliance-led workshops on anti-corruption enforcement trends, cybersecurity reporting requirements, or AI ethics can help directors stay informed and prepared to challenge management with the right questions.

Sheila Murray, chair of Teck Resources, put it best: “If somebody’s coming to meetings and not participating, that’s on me. I’ve got to bring out the best in them.” Compliance can help by providing the content that sparks meaningful participation.

5. Embedding Agility and Integrity Into Board Culture

According to Deloitte, the most resilient organizations strike a balance between governance and agility. That’s easier said than done. Rigid board processes can impede responsiveness, while overly informal structures risk undermining accountability. Compliance can help build the right balance by institutionalizing agility without sacrificing integrity.

For instance, compliance can work with corporate secretaries to ensure that board minutes document not just decisions but also the rationale behind them. That strengthens the record for regulators and demonstrates that directors acted in good faith. Similarly, compliance can help shape board procedures to allow for rapid, ethics-aligned decisions in crisis conditions.

Roy Dunbar, an independent director at McKesson and Duke Energy, describes it this way: “What you want is to go deeper and ask more challenging questions around, ‘What are the threats? What are the opportunities? Where is growth going to come from? ” Those deeper questions about sustainability, AI, and ethical governance are exactly where compliance expertise can bring clarity.

From Reactive Oversight to Proactive Partnership

The Deloitte report concludes with a vision of co-creation between boards and management, transitioning from rigid oversight to a synergistic partnership. That’s also the next frontier for compliance. No longer confined to detection and discipline, the compliance function can become the architect of organizational resilience.

How? By helping boards connect the dots between ethics and performance. A resilient board is one that not only identifies risk but also ensures that values drive decision-making at every level. When compliance embeds those values into strategic planning, linking ethical conduct to innovation, transparency to investor trust, and governance to growth, the board’s resilience becomes systemic, not situational.

In a world where, as Anjali Bansal observed, “the level of uncertainty today is absolutely unprecedented,” resilience will depend less on predicting the next crisis and more on ensuring the integrity of the response. That is the mission compliance was born to serve.

What It Means for the Chief Compliance Officer

For the CCO, this moment represents both an invitation and a mandate. The board needs a partner who can translate regulatory language into strategic value and who can help bridge the trust gap between directors and management.

Here is how the CCO can deliver:

  1. Be the Board’s Barometer: Regularly update directors on the ethical health of the organization, including hotline data, investigation closure rates, and culture metrics, so that they can gauge the tone and trust across business units.
  2. Champion Cross-Functional Risk Alignment: Ensure that compliance, internal audit, and enterprise risk functions speak with one voice in board reporting. Fragmented risk narratives breed confusion, not confidence.
  3. Embed Compliance Into Resilience Planning: Collaborate with HR, IT, and finance to map how regulatory compliance underpins business continuity and crisis management.
  4. Educate for Anticipation, Not Reaction: Keep the board informed about emerging compliance trends, such as AI ethics, ESG reporting, or sanctions enforcement, so directors are prepared to govern the risks of tomorrow.
  5. Strengthen the Ethical Reflex: Make ethics an instinct, not an initiative, by integrating compliance into strategy discussions, M&A reviews, and innovation frameworks.

When the compliance function evolves from a rule enforcer to a resilience partner, it transforms board oversight from passive to proactive. It gives directors not just the confidence to govern but the courage to lead.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – NBA Betting Scandal – The Role of Compliance in Sports Leagues

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will mine the ongoing NBA betting scandal for compliance lessons. Today, in Part 4, we review the role of compliance and ethics in sports leagues in combating illegal gambling scandals and the appearance of impropriety.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Great Women in Compliance

Great Women in Compliance: The Art and Science of Compliance: Nicole Rose on Culture, Curiosity, and Change

In this episode of Great Women in Compliance, host Sarah Hadden sits down with Nicole Rose—lawyer, artist, author, and creator of the FRAME Training Method—to explore how human behavior, psychology, and creativity can transform compliance from a checkbox exercise into a movement that drives real change. Nicole shares the story behind her “Moneyball Compliance” approach, showing how small, measurable behaviors can predict integrity, build stronger cultures, and make ethics training finally stick. The two also discuss Nicole’s upcoming book, Told: How In-House Legal and Compliance Professionals Secure Airtime, Gain Traction, and Transform Organizations.

Four Takeaways:

1. Compliance Is About People, Not Policies

Nicole’s journey from lawyer to artist to compliance innovator reveals that effective compliance starts with understanding human behavior and culture—not just ticking boxes or enforcing rules.

2. Behavior Beats Metrics

Traditional compliance programs measure completion rates; Nicole’s “Moneyball Compliance” approach measures behaviors that predict integrity—like speaking up, giving feedback, and practicing micro-activities that build ethical “muscle memory.”

3. Curiosity Is the Secret Ingredient

Engagement happens when employees are curious. Nicole emphasizes creating “pre-frames” that connect compliance messages to what people already know and care about, making training meaningful and memorable.

4. Make It Real, Not Funny

Humor has its place in presentations, but when it comes to serious topics like bribery, privacy, or human rights, authenticity and relatability are far more powerful than laughs. Real characters and relatable stories drive real change.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Incentives in Compliance: Structuring Effective Compensation Plans

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss the intricacies of integrating incentives into corporate compliance programs.

Matt shares insights from a recent webinar and blog posts, discussing how companies can encourage ethical behavior through executive compensation plans, performance bonuses, and other incentive schemes. The conversation explores the Justice Department’s guidelines on executive compensation, the intricacies of designing these programs to align with industry-specific risks, and the implications for various levels of management. They also examine the challenges of establishing meaningful compliance metrics and striking a balance between compliance incentives and overall business objectives across multiple sectors.

Key highlights:

  • The Role of Incentives in Compliance Programs
  • Structuring Executive Compensation for Compliance
  • Challenges and Nuances in Incentive Programs
  • Incentives for Different Business Models
  • Compensation Types and Ethical Behavior

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been honored with a Davey, Communicator, and W3 Award, all for excellence in podcasting.

Categories
Blog

Who Is an Officer? The D&O Implications of an Evolving Compliance Title

If you are a Chief Compliance Officer (CCO), you have likely spent countless hours parsing language in policies, contracts, and regulations. Words matter, especially when those words define responsibility, liability, and protection. Few words in the D&O insurance world carry as much significance or ambiguity as officer.

In a recent D&O Diary guest post, John Orr, D&O Liability Product Leader for Willis FINEX North America, tackled a deceptively simple question: Who qualifies as an “officer” under a directors and officers (D&O) insurance policy? His analysis extends beyond an insurance issue. As organizations evolve, titles proliferate, and regulatory exposure expands, the boundaries of who counts as an “officer” and thus who bears personal risk are blurring.

In today’s compliance landscape, the CCO cannot afford to let that ambiguity go unexamined. Because, as Orr notes, “titles no longer define exposure; functions do.” And that statement carries profound implications for how we manage risk, structure accountability, and design compliance frameworks in the era of AI, ESG, and cybersecurity. It also puts CCOs directly in the line of fire for shareholder litigation based upon a Caremark claim, which was expanded to include officers in the In re McDonald’s Corporation Stockholder Derivative Litigation case.

Today, explore five key lessons compliance officers should take away from this discussion.

1. The Old Definition No Longer Fits the New Enterprise

For decades, D&O insurance policies defined “officer” narrowly: those “duly elected or appointed” under corporate bylaws, which typically included the CEO, CFO, COO, and General Counsel. That made sense when corporate structures were simple and hierarchies clear.

But those days are gone. Modern organizations are matrixed, decentralized, and global. Entire risk domains, such as cybersecurity, compliance, sustainability, and AI governance, now have leaders whose decisions can expose the company to significant regulatory, reputational, or legal peril. Orr points out that after the SEC charged the CISO of SolarWinds in 2023, companies began asking a new question: Is my CISO actually covered under our D&O policy?

That question should not just keep risk managers up at night. It should jolt every compliance leader. Because if your peers in cybersecurity, privacy, or ESG can face personal liability for organizational failures, and if their roles fall outside traditional definitions of “officer,” then your compliance architecture is incomplete.

2. Titles Cannot Shield You from Risk, and They Should Not Define Protection.

Orr rightly criticizes what he calls the “legacy efforts at deliberate ambiguity” in defining who counts as an officer. Historically, this ambiguity offered flexibility to insurers and policyholders. But now it provides uncertainty; if your coverage depends on whether someone’s title happens to include “officer,” you are one reorganization away from being uninsured.

For compliance professionals, this echoes a familiar theme: form versus substance. Regulators, from the DOJ to the SEC, are increasingly looking beyond the organizational chart to assess who truly exercises authority and control. The same principle should apply internally when defining who merits D&O coverage or corporate indemnification in civil litigation.

If a CISO, Chief People Officer, or Head of AI Governance makes risk-laden decisions equivalent in impact to those of a CFO, should they not receive equivalent protection? Orr argues for a shift from title-based to function-based definitions, a position entirely consistent with modern compliance thinking. Accountability should flow from influence, not nomenclature.

3. Endorsements Are Band-Aids, Not Blueprints

As ambiguity around “officer” status has grown, companies have sought quick fixes, such as endorsements listing specific titles or individuals to be covered under D&O policies. Orr concedes that while these endorsements “address the need,” they are not scalable or sustainable. Compliance officers should recognize the analogy to policy exceptions and one-off approvals. Every time you bolt on an endorsement, you introduce friction, inconsistency, and the potential for oversight. It’s a reactive, not proactive, form of risk management.

Endorsements also fail the foresight test. They require organizations to predict which roles might become legally exposed next year, a nearly impossible task in a fast-evolving regulatory landscape. Who foresaw five years ago that ESG directors or AI governance leads would be in the crosshairs of regulators? For compliance, the takeaway is clear: tactical fixes can’t substitute for structural reform. Instead of adding endorsements to patch the definition, align the policy’s logic with the company’s real-world indemnification practices, a concept Orr calls using indemnification as the “North Star.”

4. Indemnification Is the True Test of Officer Status

Orr’s most compelling insight is his proposed “indemnification-based” solution. Under this model, anyone whom the company indemnifies or would have indemnified but for insolvency or other barriers qualifies as an officer under the D&O policy.

This approach elegantly ties together governance, insurance, and compliance. It shifts the focus from job titles to actual corporate behavior: if your organization considers someone important enough to indemnify for their decisions, they are important enough to insure. It also harmonizes coverage with reality, reducing uncertainty during a claim and ensuring consistency across corporate structures.

From a compliance standpoint, this is a governance revolution. It aligns with what the DOJ has repeatedly emphasized in its most recent Evaluation of Corporate Compliance Programs (2024 Ed.): policies must reflect “the actual day-to-day functioning” of the organization, not theoretical constructs. Indemnification as a coverage anchor reflects the compliance principle that responsibility should align with decision-making authority. If someone makes risk-bearing decisions, your compliance and D&O frameworks should converge to support and monitor that role.

5. Modern Risk Requires Modern Coverage and Modern Collaboration

The concluding insight from Orr’s piece should resonate deeply with every compliance officer: “This is not about expanding coverage. It’s about modernizing coverage to address the way companies operate today.”

That statement could serve as the mission of compliance itself. As emerging technologies and global expectations reshape the corporate landscape, the boundaries of responsibility shift daily. AI, ESG reporting, data ethics, and cybersecurity aren’t just technical or operational concerns; instead, they are compliance risks with individual accountability attached.

If your D&O policy does not reflect those realities, neither does your compliance program. The modern CCO must therefore work closely with risk management, finance, and HR to ensure alignment between the forms of protection (insurance, indemnification) and the functions of oversight (compliance, ethics, governance). The article also hints at an opportunity for insurers: innovation. Just as compliance leaders must find new ways to embed ethical decision-making, insurers must design products that reflect the fluid nature of modern corporate risk. Both fields, compliance and D&O, are being asked the same fundamental question: Are you structured for yesterday’s risks or tomorrow’s realities?

What It Means for the Chief Compliance Officer

For the CCO, this discussion is not simply an academic exercise. The question “Who is an officer? ” is really a question about who bears the moral and legal weight of corporate decision-making. As compliance matures into a strategic function, the CCO’s role increasingly resembles that of the “modern officer,” as Orr describes it: not just a gatekeeper, but a guardian of integrity, transparency, and accountability.

Here’s what that means in practice:

  • Map functional authority. Identify which roles across your enterprise carry significant compliance or legal exposure, regardless of title.
  • Engage with risk management. Ensure your D&O policy reflects the true landscape of decision-making authority.
  • Revisit indemnification practices. Advocate for parity between those granted indemnity and those exposed to regulatory risk.
  • Educate the C-suite and Board. Clarify that modern risk is horizontal, not vertical, and coverage must follow function, not hierarchy.
  • Champion continuous evolution. Compliance, like D&O coverage, must adapt as corporate structures evolve. Stasis is not a strategy.

Ultimately, the compliance function exists to ensure that individuals are accountable for their actions and protected for acting in good faith. That dual mandate, accountability and protection, lies at the heart of Orr’s argument and at the soul of every effective compliance program.

Compliance is not about saying no; it is about creating the conditions where doing the right thing is easy. In this context, that means ensuring your organization’s structure, policies, and insurance mechanisms make ethical leadership a safe and supported choice. The term “officer” may seem like a semantic detail, but as John Orr reminds us, it reflects how corporations define responsibility in an era of constant change. For compliance professionals, the challenge and the opportunity are to make sure that the mirror reflects reality.

 

Categories
Compliance Tip of the Day

Compliance Tip of the Day – NBA Betting Scandal – Prop Bets and Sports Books

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will mine the ongoing NBA betting scandal for compliance lessons. Today in Part 2, we look at the role of prop bets and sports books in the scandal.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.