Tag: compliance

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 4 – Building Effective Data Analytics Programs for Compliance

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. On Day 4, this episode focuses on defining the specific risks an organization wants to monitor, capturing relevant data creatively, and leveraging internal expertise to build effective data analytics programs.

Key highlights:

  • Defining and Identifying Risks
  • Innovative Data Capture and Internal Collaboration
  • Demonstrating Value to Senior Management

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 2 – The ECCP on Incentives, Consequences, and Clawbacks

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, we look at what the ECCP has to say on incentives, consequences, and clawbacks.

Key highlights:

  • Starting with Incentives and Consequences
  • Incentive Program Breakdown
  • Consequence Management Deep Dive

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
FCPA Compliance Report

FCPA Compliance Report-Episode 789 – Reinventing Compliance in 2026: Insights and Strategies with Daniel Zmak

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes, Daniel Zmak, Senior Director of Product Marketing at Diligent to discuss the evolving landscape of compliance.

They explore the importance of modernizing compliance practices, addressing challenges like fragmentation and fatigue, and leveraging AI and technology to enhance efficiency. Key topics include the compliance maturity journey, connected compliance, and strategies for improving governance and oversight. With actionable insights and practical advice, this session aims to guide compliance professionals through the dynamic changes in the field.

Highlights Include

  • Highs, Lows, and Surprises in Compliance
  • Compliance at an Inflection Point
  • The Compliance Maturity Journey
  • Fragmentation and Fatigue in Compliance
  • Connected Compliance: The Concept, Benefits and Future
  • AI in Compliance: Opportunities and Challenges
  • Dynamic Compliance Programs

Resources

Daniel Zmak on LinkedIn

Diligent Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day –Investigative Challenges

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week we have considered issues relating to your internal investigations. Today we conclude with a review of some investigative challenges you may face.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
AI Today in 5

AI Today in 5: December 19, 2025, The Project Vend Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, I will bring to you 5 stories about AI stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest about AI.

  1. Does the Trump EO on AI represent a framework or simply nothing? (America’s Credit Unions)
  2. Increasing need for AI awareness of regulatory requirements. (Wane15)
  3. Compliance AI needs humans. (FinTechWeekly)
  4. Smart AI hiring. (Law.com)
  5. What happens when AI runs the vending machine? (WSJ)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
Blog

A Merry (Compliance) Christmas and Tribute to Jim McGrath

Ed. Note: Jim McGrath was a great friend and a trusted colleague who passed away in 2014. As a tribute to McGrath and for Christmas this year, I submit the post below for your enjoyment, which initially appeared on McGrath’s Internal Investigations Blog on December 24, 2012.

The allegations under investigation involve gifts given by individual businessmen to the family of an Israeli government official several years ago. These businessmen, Mr. Balthasar, Mr. Gaspar, and Mr. Melchior, supposedly provided a family in the royal line of King David with significant gifts, including gold, frankincense, and myrrh, in return for favorable consideration of an as-yet undetermined project in the Middle East.

The three men are believed to be third-party intermediaries for many Christian church organizations in the United States, and, if verified, any jurisdictional nexus would appear to be based on this fact.

Whether any family member who received the gifts was or is a “government official”—as the DOJ has expansively defined that term—is unverified but likely. While Transparency International’s Corruption Perceptions Index does not list them in its annual rankings, a large body of other sources appears to establish one or more of them as linked to the ruling family in Israel.

Regardless of the strength of the government’s case in these respects, there remains the hurdle posed by the age of the alleged violations.  They are reported to have occurred approximately 2,012 years ago.  The DOJ could be expected to assert that the clock did not begin to run until the government recently became aware of Balthazar’s, Gaspar’s, and Melchior’s conduct. However, there appears to be a strong argument that voluntary self-disclosure occurred some time ago, thereby commencing the statutory period’s running and its expiration.

I hope you and your family have a wonderful Holiday Season and Merry Christmas.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Your Investigative Team

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week we continue our consideration of issues relating to your internal investigations. Today we consider who should be on your investigative team.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
Blog

Michigan Man, Part 4 – Lessons Learned: What This Crisis Teaches Compliance Professionals

Every major compliance failure eventually reaches the same destination: a moment when leadership says, “How did we not see this coming? ” The answer is almost always the same. The warning signs were visible. They were rationalized, minimized, or overridden in the name of performance, continuity, or institutional pride.

The Sherrone Moore crisis at the University of Michigan is not a college football anomaly. It is a case study in how compliance programs fail when they are structurally subordinated, culturally discounted, or selectively enforced. For compliance professionals, the value of this case lies not in outrage but in extraction: extracting lessons that can be operationalized before the next crisis unfolds.

Lesson 1: Compliance Authority Must Be Structural, Not Aspirational

Michigan’s experience demonstrates that access to leadership is meaningless without authority. The compliance function may have been consulted, investigations commissioned, and policies in place. None of that mattered when the athletic department retained de facto control over outcomes. For compliance professionals, the lesson is clear. Compliance must have defined escalation rights and veto authority over high-risk decisions, including promotions, discipline, and crisis response. If a business unit can override compliance based on performance or legacy, compliance is not independent. It is decorative.

The Department of Justice has repeatedly emphasized that effective compliance programs require empowered compliance functions. That empowerment must be written into governance documents, reinforced by boards, and tested in practice.

Lesson 2: Past Dishonesty Is a Permanent Risk Factor

One of the most glaring failures in this case was the organization’s willingness to treat Moore’s prior dishonesty during the sign-stealing investigation as a closed chapter. It was not. It was predictive. Compliance professionals must internalize a hard truth: once credibility is damaged, it does not reset. Individuals who have lied to investigators, deleted records, or misrepresented facts should never again be treated as presumptively reliable. Enhanced monitoring, corroboration, and scrutiny are not punitive. They are risk management.

Organizations that ignore this lesson inevitably relearn it at a higher cost.

Lesson 3: Promotions Are Compliance Decisions

The elevation of Moore to head coach was framed as a football decision. In reality, it was one of the most consequential compliance decisions the university made.

Any promotion into a role with significant authority, visibility, and discretion is a compliance event. Risk-based due diligence should include:

  • Review of prior investigations and disciplinary history
  • Assessment of truthfulness and cooperation during past inquiries
  • Evaluation of behavioral and reputational risk, not just technical violations

In corporate terms, Michigan promoted an executive with unresolved compliance issues and a clear lack of an ethical grounding into a CEO-equivalent role. That decision alone dramatically increased institutional risk. But the consequences will reverberate for a long time to come.

Lesson 4: Investigations Involving Power Imbalances Require Heightened Standards

The initial investigation into Moore’s relationship with a staffer failed predictably. When both parties denied the relationship and the evidence was limited, the inquiry stalled. That outcome reflects a misunderstanding of power dynamics. Compliance professionals know that power imbalance distorts disclosure. Subordinates may deny relationships out of fear, loyalty, or uncertainty. Senior leaders may deny wrongdoing out of self-preservation. Effective investigations account for this reality by expanding evidence collection, conducting pattern analysis, and implementing interim safeguards.

Neutrality is not passivity. When allegations involve senior leadership, the standard of diligence must rise, not fall.

Lesson 5: Star Performers Are the Highest-Risk Population

One of the most enduring myths in organizational life is that high performers deserve flexibility. In reality, they deserve even greater scrutiny. Star performers operate with autonomy, influence culture, and often shape informal norms. Moore’s trajectory illustrates how repeated exceptions create a sense of entitlement. Each time misconduct is reframed as survivable, the individual learns that boundaries are negotiable. Compliance professionals must relentlessly resist this dynamic.

Rules applied selectively are not rules. They are invitations.

Lesson 6: Pattern Risk Demands Pattern Response

Perhaps the most damning aspect of the Michigan case is that it unfolded amid repeated scandals within the athletic department. When misconduct clusters, the correct response is not incremental fixes. It is a structural intervention. Compliance professionals must recognize pattern risk early and escalate it aggressively. That escalation should include:

  • Enterprise-wide risk assessments
  • Cultural diagnostics
  • Leadership accountability reviews
  • Board-level engagement

Waiting for the next incident is not caution. It is abdication.

Lesson 7: Culture Is Set by What Leadership Tolerates

Michigan’s long-standing deference to athletic success and legacy culture created an environment where misconduct was rationalized rather than confronted. This is not unique to sports. It appears in sales-driven organizations, founder-led companies, and high-growth environments. Culture is not what leadership says. It is what leadership allows. From the Board of Regents to the UM President on down, compliance professionals must evaluate actions, not rhetoric, when assessing culture risk.

Lesson 8: Human Impact Is the Ultimate Compliance Metric

It is easy, especially for lawyers and compliance officers, to focus on policy breaches and enforcement exposure. The Moore crisis is a reminder that compliance failures produce human harm. Families are destabilized. Employees feel unsafe. Stakeholders lose trust. Effective compliance programs exist not only to prevent fines but also to prevent damage. When that purpose is forgotten, compliance becomes performative.

Final Thought: Compliance Is Tested at the Top

The Sherrone Moore crisis did not originate with a junior employee. It originated at the top of a powerful institution. That is where compliance programs are always tested. For compliance professionals, the final lesson is this: if your program cannot stop, slow, or surface misconduct by your most powerful leaders, it will eventually fail when it matters most.

The University of Michigan now faces years of rebuilding trust, governance, and credibility. Compliance professionals elsewhere should treat this case as a warning, not a curiosity. The cost of ignoring these lessons is never hypothetical. It is only deferred. This takeaway is stark but actionable. Compliance failures are rarely a surprise. They are choices made over time. The question for every compliance professional is whether those choices will be challenged early or explained later.

As always, prevention is less visible than a crisis. It is also far less costly.

Resources:

The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.

Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.

Fire Everybody—Alex Kirshner, writing in Slate.

Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Selection of Investigative Counsel

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week are considering issues relating to your internal investigations. Today we review your decision of selection of your investigative counsel.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition which was recently released by LexisNexis. It is available here.

Categories
Great Women in Compliance

Great Woman in Compliance – 2025 GWIC-tacular

#GWIC wishes all the most wonderful of holidays and a very happy, ethical & compliant New Year.

@LisaFine, @HemmaLomax, @SarahHadden & @EllenHunt gathered for the #GWIC-tacular 2025 round-up roundtable.

We reflected on 2025 as a year of disruption and rapidly changing public policy and on how Ethics & Compliance leaders must now, more than ever, manage the polarities we face. We expressed our gratitude for the generous and always supportive GWIC community and shared our optimism about 2026. We also unwrapped a gift that we’ll be working on in the new year.

We would love to hear what you would like GWIC’s focus to be in 2026.

You can hear the GWIC-tacular episode on any of these platforms:

📰 Corporate Compliance Insights

🎙️ Compliance Podcast Network

🍏 Apple

🎧 Spotify

📺 YouTube