Tag: compliance

Categories
Blog

House of Atreus Week: Part 1 – Tantalus’ Transgression – The Birth of a Toxic Culture

I have long been fascinated by the Greek myths around the House of Atreus. It is the most cursed House in all Greek myth. I have also long wanted to blog post series on the compliance lessons for the modern-day compliance professional. This week, I am going to take a deep dive into the most doomed House and explore some of the key stories to mine them for lessons learned for the 21st-century compliance professional. We begin our series with the founder of the House of Atreus, Tantalus, and how one leader’s moral failure can poison the entire culture of an organization. His story is a cautionary tale about hubris, accountability, and the long shadow of tone from the top.

Every great compliance failure begins somewhere. Sometimes it is a single decision, a moment of arrogance, or the quiet belief that the rules apply to everyone else but not to you. In the myths of ancient Greece, that moment came with Tantalus, patriarch of the cursed House of Atreus. His name lives on in infamy, not because of power lost, but because of ethics abandoned.

The Feast of Deception

Tantalus was a favorite of the gods. He dined with them on Mount Olympus, enjoying privileges no mortal ever had. But instead of gratitude, he showed contempt. To test their omniscience, Tantalus served the gods a horrific meal, the cooked flesh of his own son, Pelops. The gods recoiled in horror, restored Pelops to life, and condemned Tantalus to eternal punishment: forever hungry and thirsty, standing in a pool of water beneath fruit-laden branches that receded whenever he reached for them.

This is where we get the word tantalize to tempt with what is always just out of reach. But for compliance professionals, the story isn’t about temptation; it’s about transgression.

Tantalus’ sin was not merely moral or criminal. It was cultural. It revealed a belief that he was above consequence, that his proximity to power made him immune to accountability. Sound familiar? It’s the same psychology that drives corporate misconduct today: the executive who hides risk, manipulates reporting lines, or treats compliance as a box to check rather than a value to live.

Hubris at the Top: When Leaders Believe They Are Untouchable

The core of Tantalus’ failure is hubris, excessive pride that blinds leaders to ethical limits. He thought himself equal to the gods, just as modern executives sometimes see themselves as beyond internal controls, policies, or oversight.

We have seen it in corporate scandals from Enron to Theranos: charismatic leaders who create cultures where questioning authority is punished, transparency is discouraged, and the pursuit of results justifies every means. These leaders often start with good intentions —innovation, performance, growth — but end in disaster because no one dares to tell them “no.” When a CEO, department head, or even a team manager sends the message that rules are flexible for those who produce, that’s the modern equivalent of dining at Olympus. It’s the moment when culture begins to rot from the inside.

Tone from the Top: What Tantalus Forgot

In compliance, we often say “tone from the top” sets the ethical compass of the organization. Tantalus was the top, and his tone was deceitful. Instead of modeling integrity, he modeled arrogance and disrespect. His actions communicated that power excused anything.

Modern organizations are no different. Employees don’t take their ethical cues from the code of conduct on the intranet. They take them from leadership behavior, from what’s rewarded, ignored, or punished.

If Tantalus had shown humility or accountability, his descendants might have inherited a culture of honor. Instead, they inherited corruption, vengeance, and betrayal. It’s no coincidence that every generation of the House of Atreus, including Pelops, Atreus, Thyestes, Agamemnon, Clytemnestra, Orestes, repeats the cycle of wrongdoing and retaliation. The family’s downfall wasn’t fate; it was culture. A toxic tone from the top doesn’t just corrupt a moment; it defines a legacy.

Culture of Consequences: What Happens When Misconduct Goes Unpunished

One of the most striking aspects of the Tantalus myth is how long the effects last. His descendants commit crimes generations later, yet all trace back to his original transgression.

That’s what happens in modern corporations when ethical breaches are not addressed. Once misconduct is tolerated, it becomes precedent. Once precedent hardens, it becomes culture. Think of organizations where sexual harassment was covered up “to protect the company,” or where accounting irregularities were ignored “to meet quarterly targets.” Each decision not to act creates a silent permission structure. And before long, you have what we see in so many enforcement cases: a pattern of misconduct spanning years, sometimes decades.

Tantalus’ punishment, forever reaching but never attaining satisfaction, mirrors what happens in these companies. They chase success endlessly, but integrity is always out of reach because they’ve traded ethics for expedience. A culture of consequences, by contrast, does the opposite. It makes accountability tangible. It shows employees that integrity is the expectation, not the exception.

The Modern Mirror: When Hubris Meets Compliance Failure

The story of Tantalus echoes across modern boardrooms and compliance case studies. Consider:

  • The FCPA case against Siemens (2008): A culture of “business at any cost” led to systematic bribery across divisions, because leadership prioritized results over integrity.
  • The Wells Fargo scandal: Unrealistic sales goals, driven by executives insulated from consequence, encouraged widespread fraud at the branch level.
  • Theranos: A founder’s belief in her infallibility silenced dissent, distorted reporting, and destroyed trust both internally and externally.

Each of these stories began like Tantalus’ dinner with one decision to deceive, rationalized as necessary, even brilliant. Each became a legend of ethical collapse.

The compliance lesson is simple: arrogance without accountability creates catastrophe.

Rebuilding What is Broken: Lessons from Tantalus’ Fall

So how do we avoid the curse of Tantalus in modern organizations? Three principles stand out:

1. Make Ethics the Core of Leadership Identity

Ethical leadership isn’t a function of compliance checklists. It’s the lived demonstration of integrity. Leaders must see compliance not as a constraint but as an enabler of trust and sustainability. When executives model ethical decision-making, it cascades downward.

Compliance Lesson: Integrate ethical leadership into performance reviews and succession planning. Reward transparency as much as performance.

2. Institutionalize Accountability

Accountability must be structured, not situational. That means ensuring robust internal investigations, consistent discipline, and a compliance function with real independence. The moment compliance must “ask permission” to act, the organization has lost its compass.

Compliance Lesson: Empower compliance officers with direct access to the board and audit committee. Build transparency into reporting lines.

3. Preserve Psychological Safety

Tantalus’ court, like many modern workplaces, thrived on fear. When employees can’t question leaders or raise concerns, misconduct flourishes. Psychological safety is the soil in which ethical cultures grow.

Compliance Lesson: Implement anonymous reporting, protect whistleblowers, and make public examples of non-retaliation.

Breaking the Curse: The Compliance Evangelist’s View

The curse of Tantalus was not divine punishment; instead, it was a predictable outcome of leadership failure. Every compliance professional knows that culture is destiny. If leaders are deceitful, employees will be cynical. If leaders are accountable, employees will be engaged.

Tantalus’ name survives as a warning to those who confuse privilege with power, and authority with exemption. His eternal hunger reflects what happens when organizations try to feed success on a diet of deception; they are never satisfied because trust, once lost, cannot nourish growth.

The modern compliance officer stands at the intersection of myth and management, tasked with ensuring that our organizations don’t repeat Tantalus’ mistake. We cannot test the gods of regulation or ethics without consequence. Instead, we must build cultures where doing right isn’t exceptional; it is expected.

Because in the end, every compliance program has a mythic choice: become Olympus or become Tantalus.

Join us tomorrow for Part 2 — Pelops and Myrtilus: Corruption in the Bidding Process. We will explore how bribery, betrayal, and broken promises tainted Pelops’ victory and what it teaches us about third-party risk and ethical procurement.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – AI Powered Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we consider issues around internal controls in a best practices compliance program. Today, we consider how you can leverage AI to enhance your AI control framework.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 3 – Compliance in the Full Moonlight: Lessons from The Wolf Man

Welcome to a special series of Popcorn and Compliance. In this series, we will be looking at the Classic Universal Monster Movies from the 30s and 40s and mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this episode, Tom explores critical compliance insights drawn from Lon Chaney Jr.’s portrayal of The Wolf Man.

In this episode, we take a deep dive into my favorite Classic Universal Monster, The Wolf Man, to unpack five critical lessons, including the danger of ignoring warnings, the importance of timely intervention, and the challenges of recognizing risks in ordinary people under extraordinary circumstances. Listeners are encouraged to consider how these timeless themes apply to modern corporate compliance, emphasizing proactive measures to prevent potential catastrophes. Join Tom, along with AI hosts Fiona and Timothy, for a surprisingly relevant exploration of compliance through the eerie lens of Hollywood’s iconic monster movies.

Key highlights:

The Relevance of the Wolf Man to Modern Compliance

  • Lesson 1: Ordinary People Can Become Compliance Risks
  • Lesson 2: Warnings Ignored Become Disasters Realized
  • Lesson 3: The Curse of Silence and Stigma
  • Lesson 4: Risk is Cyclical and Predictable
  • Lesson 5: Tragedy Comes from a Lack of Intervention

Resources:

Compliance Lessons from Lon Chaney Jr.’s The Wolf Man on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Compliance Lessons from the Lon Chaney Jr.’s The Wolf Man

As many of my readers know, I am a huge fan of the Classic Universal Picture Movie Monsters, focusing on the period from 1931 to the mid-1950s. In October, I traditionally use our Halloween-ending month to explore the Classic Universal Movie Monsters, along with other films from the Hammer Studio, those produced by Val Lewton, and those starring Vincent Price.  This year, I wanted to go back to basics by looking at the Classic Universal Movie Monsters, starting with Dracula and Frankenstein in 1931, followed by The Invisible Man in 1933, The Mummy in 1936, and ending with The Wolf Man in 1940.

Over the five Fridays in October, I will examine each of these movies through the lens of compliance and extract compliance lessons from each one. Today, I continue with perhaps the most psychologically complicated of the top 5: the Classic Universal Movie Monster Lon Chaney Jr.’s version of The Wolf Man. If you want to take a deeper dive into this movie in the podcast format, check out the special series on Popcorn and Compliance, hosted by my friends Fiona and Timothy. These podcasts will be posted alongside the blog post each Friday during October.

When Lon Chaney Jr. first appeared on screen as Larry Talbot in The Wolf Man (1941), audiences were introduced to one of the most enduring monsters in cinema. Unlike Frankenstein’s creation or Lugosi’s Dracula, Chaney’s Wolf Man was not entirely “other.” He was human, a son returning home, trying to reconnect with family, and falling victim to forces beyond his control. His torment was that he transformed into a monster against his will, unable to control the destruction he unleashed.

For compliance professionals, The Wolf Man offers some striking lessons. Chaney’s performance shows how good people can end up in bad situations, how organizations ignore warning signs at their peril, and how systems must be designed not only to catch intentional wrongdoing but also to address risks that emerge when ordinary individuals are put under pressure.

We continue our exploration of Classic Universal Monster Movies by considering five compliance lessons from Lon Chaney Jr.’s The Wolf Man.

1. Ordinary People Can Become Compliance Risks

Larry Talbot begins as an essentially decent man. He returns to his family estate, reconciles with his father, and awkwardly woos the local shopkeeper’s daughter. There is nothing inherently villainous about him. But after being bitten, he becomes something he cannot control. By moonlight, he turns into the Wolf Man and wreaks havoc. This duality mirrors what compliance professionals often see. Not every compliance violation comes from a “bad actor.” Sometimes it comes from ordinary employees under extraordinary circumstances: pressure, opportunity, or rationalization (the famous “fraud triangle”). Even good employees can become risks if they are put in the wrong situation without proper safeguards.

Compliance takeaway: Programs must be designed to account for human weakness. Training should emphasize not only rules but also ethical decision-making. Monitoring should not assume intent but look for patterns of behavior that may indicate an employee is slipping into risk. Like Larry Talbot, sometimes risk comes from within.

2. Warnings Ignored Become Disasters Realized

Throughout the film, there are clear warnings. Locals whisper about werewolves. An old Romani woman (played by great character actor Maria Ouspenskaya) gives a direct warning: “Even a man who is pure in heart and says his prayers by night, may become a wolf when the wolfsbane blooms and the autumn moon is bright.” But these warnings are dismissed as folklore, superstition, or exaggeration.

This is a common compliance failure: ignoring red flags. Whether it is a whistleblower report, suspicious payments, or unusual accounting entries, companies often rationalize risks away until they become unavoidable crises. Regulators such as the DOJ have repeatedly emphasized that ignoring warning signs is tantamount to negligence.

Compliance takeaway: Listen to the warnings. Investigate whistleblower reports promptly, document your findings, and act on them. A culture that treats red flags as noise will end up in crisis. As in The Wolf Man, the warnings were there. The failure was in dismissing them.

3. The Curse of Silence and Stigma

One of the most tragic elements of The Wolf Man is Larry Talbot’s isolation. He tries to tell others about what is happening to him, but he is met with disbelief, ridicule, or silence. The stigma of his transformation keeps him from getting the help he needs.

This resonates powerfully with the experience of corporate whistleblowers. Too often, employees who raise concerns are ignored, marginalized, or retaliated against. The result is silence, and silence allows misconduct to thrive. In its 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), the DOJ emphasized the need to encourage reporting, keep whistleblowers informed, and protect them from retaliation.

Compliance takeaway: Break the curse of silence. Companies must foster cultures where employees feel safe raising concerns. Reporting channels must be confidential, retaliation must be prohibited, and whistleblowers should be treated as allies, not threats. Without breaking the stigma, organizations risk letting problems grow in the shadows.

4. Risk Is Cyclical and Predictable

Larry Talbot’s transformations follow a cycle; the full moon triggers his change into the Wolf Man. The risk is not random; it is predictable. Once you understand the pattern, you can anticipate the danger. This is precisely how compliance professionals must view risk. Corruption, fraud, and misconduct often follow cycles such as end-of-quarter pressure, market entry into high-risk jurisdictions, merger and acquisition activity, or supply chain disruptions. These moments are “full moons” in corporate life, where risks spike and vulnerabilities appear.

Compliance takeaway: Compliance must not only react but anticipate. Use data analytics and risk assessments to map the cycles of risk within your organization. Build monitoring around predictable pressure points. Just as villagers could expect when the Wolf Man would appear, compliance officers must anticipate when and where misconduct risks are most likely to emerge.

5. Tragedy Comes from Lack of Intervention

The story of The Wolf Man is, at its heart, a tragedy. Larry Talbot’s father refuses to believe him. Authorities dismiss his pleas. Friends ignore his warnings. No one intervenes until it is too late. By the end, Larry is destroyed, both man and monster, undone by neglect. The same pattern appears in many corporate scandals. Think of Wells Fargo’s sales practices scandal, Volkswagen’s emissions testing fraud, or recent FCPA enforcement actions. In nearly every case, someone knew. Red flags were visible. But intervention never came, whether out of fear, complacency, or willful blindness.

Compliance takeaway: Timely intervention is the difference between a near miss and a full-blown scandal. Compliance officers must have authority, resources, and independence to intervene early. Boards and executives must empower compliance not only to identify risk but also to act upon it. Without intervention, tragedy is inevitable.

Conclusion: The Wolf Man as a Compliance Parable

What makes Lon Chaney Jr.’s The Wolf Man so enduring is his humanity. He is not a monster by choice, but by circumstance. He represents the vulnerability of all people—how, under the wrong pressures, even the best of us can cross into dangerous territory. For compliance professionals, the lesson is not to hunt down “bad apples” alone, but to design systems that recognize, support, and mitigate human weakness before it becomes destructive.

As compliance officers, our role is to act before the full moon rises. We must listen to warnings, protect whistleblowers, anticipate risk cycles, and intervene decisively. Lon Chaney Jr.’s The Wolf Man is more than a gothic tragedy; rather, it is a case study in compliance failure.

The DOJ and SEC may not speak in the language of werewolves and curses, but their message is the same: prevent risk before it transforms into something uncontrollable. Because once the transformation occurs, once the Wolf Man is loose, no compliance officer can undo the damage already done.

Join us next Friday as we consider The Mummy.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Design Centric Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we consider issues around internal controls in a best practices compliance program. Today, we consider how design-centric internal controls can lay the foundation for an effective compliance program.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Blog

Compliance Under Pressure: Why Preventing Burnout Is a Governance Imperative

In a recent article in the MIT Sloan Management Review, author Brian Elliot says that we are living in what he calls The Burnout Age. Across industries and professions, exhaustion has become the new normal, and compliance is no exception. Recent studies show that over half of full-time U.S. employees report feeling burned out. In technology and professional services, that number climbs to over 80%. Even more telling: those who use AI tools most actively, the supposed productivity saviors, report the highest burnout levels of all.

For compliance officers, the parallels are unmistakable. You are being asked to “do more with less,” often without the resources, recognition, or rest needed to sustain that effort. You carry the responsibility of protecting your organization’s integrity, culture, and reputation, yet few roles face such unrelenting scrutiny and moral load. But here is the hard truth: burnout in compliance is not a problem solved by time off or a meditation app. It is a deeper challenge of structure, self-management, and purpose.

The author cites organizational psychologist Nick Petrie’s research, and I believe it applies directly to those of us in the compliance field. Drawing on his findings, I want to highlight three key ways compliance professionals can stop burnout before it stops them.

1. Balance “Perform Mode” and “Grow Mode”

Petrie’s research divides our work lives into two operating modes:

  • Perform mode — when we execute the skills we already know.
  • Grow mode — when we develop new capabilities and stretch into new territory.

Across thousands of professionals, he found the average split was 61% perform, 39% grow. But for high performers, including compliance officers, that ratio often becomes dangerously unbalanced. We overperform and undergrow. Compliance leaders tend to live in constant perform mode: reviewing investigations, updating policies, answering board queries, responding to regulators, or managing crises. Each task reinforces mastery, but rarely renewal. It is efficient, even satisfying, until it becomes a trap.

Here’s the danger: when you live too long in perform mode, you do not simply stagnate, you regress. Doctors, teachers, and yes, compliance professionals actually risk getting worse at their jobs over time because they stop learning, questioning, and refreshing their mental models.

To combat that, compliance professionals must build “grow mode” into their daily and strategic rhythm. That might mean:

  • Taking on projects that stretch your knowledge, such as AI governance, behavioral ethics, or cross-cultural compliance training.
  • Seeking rotation into a business unit to see risk and culture from the inside.
  • Joining a cross-functional ethics task force to collaborate differently.

Growth does not require leaving your role; it requires reframing it. Ask yourself regularly: What am I learning right now that will make me a better compliance leader a year from today?

Organizations that succeed in retaining compliance talent deliberately carve out “grow time” offering rotational opportunities, innovation labs, or even temporary secondments. If your company doesn’t provide them, advocate for them. Growth is not simply indulgence; it should be seen as sustainability.

2. Recognize Your Early Warning Signs

Compliance officers are masters of risk assessment, except, too often, when it comes to themselves. In Petrie’s work, high performers who experienced full burnout later said the signs had been “obvious in hindsight.” They just ignored them until it was too late. Compliance professionals are particularly vulnerable because of the role’s constant vigilance. You are expected to monitor everything from employee misconduct to third-party risk, but you cannot monitor your own well-being if you have normalized exhaustion.

Start with awareness. What are your personal leading indicators of burnout? For some, it is emotional: irritability, cynicism, or detachment. For others, it is behavioral: working weekends “just to catch up” or skipping lunch to squeeze in one more due diligence review. And for many, it is physical: poor sleep, headaches, fatigue that coffee cannot fix.

As Petrie put it, “I didn’t know what mine were, so I asked people close to me.” That’s a brilliant exercise for compliance leaders. Ask your peers, your partner, or even your team: What do you notice about me when I’m running on fumes?

Once you know your signs, the next step is to develop your recovery playbook. Call them your “if-thens”:

  • If I start working weekends, then I will block off an afternoon for reflection.
  • If I catch myself being short with colleagues, then I will step away from email for an hour.
  • If I’m consistently skipping exercise or hobbies, then I will schedule one small activity that re-energizes me.

For compliance officers, reflection is not a luxury. It is part of governance. You cannot sustain integrity in the organization if you are losing integrity with yourself. Recognizing and acting on those signals early is not selfish; rather, it is leadership.

3. Build Habits That Sustain, Not Deplete

Burnout does not happen overnight. It is the accumulation of small compromises: skipped meals, unchecked emails, endless meetings, and the belief that “just a little more effort” will fix everything. Compliance leaders know this pattern intimately because many of us built our reputations on it. We were the ones who said yes to every request, answered every hotline report, and took pride in responsiveness. That dedication made us successful, many of us in our 20s. But as Petrie notes, the habits that make you successful early in your career can burn you out later in it. To stop burnout, compliance professionals must build boundaries and rituals that protect their energy.

Here are three powerful habits to practice:

1. Reclaim Your Deep Work

Carve out time for deep focus; drafting a major policy overhaul, analyzing trends in internal reporting, or preparing a thoughtful presentation for the audit committee without interruptions. Turn off notifications. Close the compliance portal for a set block of time. Protecting your focus is protecting your value.

2. Create Transition Rituals

Between work and home, you need a deliberate “reattachment” moment, something that signals your brain that compliance mode is over. For some, it’s a walk, a podcast, or cooking dinner. For others, it’s journaling or a quiet drive. Do not dismiss it as small; transitions are the psychological bridge between productivity and peace.

3. Embrace Your “Opposite World”

Petrie calls this finding your “opposite world,” an activity that engages completely different parts of your mind and body. One tech executive told him, Argentinian tango saved my career.” For compliance officers, that could be cycling, painting, gardening, or volunteering. The goal is not distraction but rather renewal. When you activate different dimensions of your identity, you restore the emotional elasticity that burnout erodes. Finally, permit yourself to do less. That is not weakness, it is wisdom. As your career grows, the work will always outsize the hours. The key is to redefine success: it is not about getting everything done, but about doing what matters well.

Burnout Is a Governance Issue

It is tempting to see burnout as a personal issue, but for compliance leaders, it is also a governance risk. A burned-out compliance officer makes slower decisions, misses subtle patterns, and loses moral clarity. Fatigue is a threat to judgment, and in our field, judgment is everything. The Department of Justice’s 2024 Evaluation of Corporate Compliance Programs emphasizes continuous improvement and culture, but both rely on a compliance function that is psychologically and physically sustainable. The same applies to the board. When compliance fatigue spreads across leadership, the organization loses not just energy, but ethics.

That is why compliance leaders should view burnout prevention as part of their risk mitigation strategy. Incorporate it into team norms. Encourage “grow mode” through professional development. Recognize warning signs openly. And most importantly, lead by example, demonstrating that resilience and integrity are inseparable.

The Final Word: Bouncing Forward, Not Back

Nick Petrie calls the result of overcoming burnout “post-traumatic growth.” People who recover don’t return to where they were; they move beyond it. For compliance professionals, that’s the real opportunity of The Burnout Age. To emerge not as exhausted enforcers, but as energized leaders. To model balance, humanity, and perspective in a profession that often forgets to pause.

And always remember, the healthiest compliance programs begin with the healthiest compliance officers.

Categories
AI Today in 5

AI Today in 5: October 15, 2025, The White House Target Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  1. AI assistant for loan compliance. (Housing Wire)
  2. AI for customer outreach compliance. (Business Wire)
  3. Streamlining compliance for marketing with AI. (CMS Wire)
  4. Anthropic is a WH target. (Bloomberg)
  5. OpenAI has a 5-year plan to spend $1tn. (FT)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Monitoring and Improvement of Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we consider issues around internal controls in a best practices compliance program. Today, we consider how to monitor and improve your internal controls.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Blog

From a Wake to Global Greatness: Compliance Lessons from the Creation of Les Misérables

The New York Times recently ran an article on the creation of the play Les Misérables. When the show premiered at London’s Barbican Theatre in 1985, the creative team celebrated with champagne and optimism. But by the next morning, that optimism had curdled. Critics savaged the show, The Evening Standard called it a “glum opera,” and The Daily Mail mocked it as “ripples of cheap sentiment.” Yet forty years later, the musical has become a global juggernaut: 15,500 London performances, translations into 22 languages, and productions across 53 countries.

How did a project that began as a critical failure turn into one of the most beloved works of modern theatre? The answer lies in the same principles that define a strong corporate compliance program: resilience, continuous improvement, and purpose-driven leadership. Today, I want to use this most beloved story behind Les Misérables (Les Miz) to explore lessons for compliance professionals seeking to build programs that endure, inspire, and transform.

Act I: Facing the Critics – Resilience in the Face of Failure

Producer Cameron Mackintosh had just 48 hours after opening night to decide whether to fund a West End transfer. With negative reviews piling up, the rational business decision might have been to pull the plug. But Mackintosh did not because he listened to a different source of data: the public. Within days, the Barbican box office was inundated with calls. Demand skyrocketed. Word of mouth triumphed over the headlines. Mackintosh saw that passion and persistence, not panic, should guide his decision-making. (IE., Cool, Calm, and Collected)

For compliance officers, this moment is instructive. Programs often face early resistance: executives skeptical of costs, employees fatigued by training, or media narratives about “bureaucracy over business.” Like Mackintosh, compliance leaders must look beyond the immediate criticism and focus on long-term trust indicators: employee engagement, internal reporting rates, and cultural alignment. As John Caird, one of the show’s co-directors, later recalled, “It was two or three days of worry. Then it became apparent this thing was unstoppable.” That’s what resilient leadership looks like. It is the courage to hold the line until values prove their worth.

Act II: Reinvention and Collaboration – Building Through Continuous Improvement

The original French production of Les Misérables was a creation of Claude-Michel Schönberg and Alain Boublil. It was little more than “a series of tableaux.” To bring it to London, Mackintosh assembled a powerhouse team: Caird, Trevor Nunn, and poet James Fenton. Together, they reshaped the story, studied Victor Hugo’s 1,400-page novel, and discovered a central truth: the conflict between forgiveness and justice.

When the scene of Jean Valjean stealing silver from a bishop was reimagined to include the bishop’s forgiveness, the show found its soul. As Caird put it, “Sewing God into the show was what animated the characters.”  In compliance terms, that’s equivalent to finding your “why.” Many programs begin as checklists: rules, policies, and audits. But the real power comes when compliance discovers its animating purpose: integrity, fairness, and the belief in redemption.

And the Les Misérables team did not stop improving. Even weeks before opening, they were rewriting scenes and composing new music. The haunting ballad “Bring Him Home,” for instance, was added at the eleventh hour to showcase Colm Wilkinson’s voice. A lyric change from “the song of common men” to “the song of angry men” captured the fire of revolution and made the anthem unforgettable. That kind of iterative creativity mirrors modern compliance practice. Programs thrive when they are dynamic. When risk assessments lead to policy refinements, when whistleblower feedback reshapes processes, and when technology brings fresh insight into employee behavior. Continuous monitoring and improvement are not simply boxes to check; instead, they are the lifeblood of sustained success.

Act III: Mission, Meaning, and the Power of Emotion

What ultimately made Les Misérables unstoppable was not just the music or the staging. It was emotion and story. The raw humanity of people struggling against injustice. Audiences from Shanghai to São Paulo connected to Jean Valjean’s redemption, Fantine’s suffering, and the students’ defiance on the barricades. The musical’s emotional resonance even crossed from stage to real life. During the Tiananmen Square protests in 1989, members of the Los Angeles cast watched the news backstage, then went out to sing “Do You Hear the People Sing?” with renewed intensity. “We were singing to empower them,” one actor said.

That is what great art and great compliance can do: inspire people to act on their values. A compliance culture isn’t sustained by fear of enforcement but by belief in purpose. When employees see compliance not as control but as conscience, they become part of something larger. Les Misérables endures because its story is universal. As Caird reflected, “Deep down, so many members of the audience feel the same sense of fate or destiny about their own life journeys.” Compliance, too, speaks to that inner struggle, doing the right thing when no one’s watching, holding fast to integrity under pressure, and believing that redemption is possible even after mistakes.

Act IV: Governance, Adaptation, and Global Legacy

Even as Les Misérables became a global brand, its creative and business stewards never lost sight of governance. The show’s licensing model ensures consistent quality worldwide. Each local production is supported by an extensive oversight network, a framework that any compliance professional would recognize as a control environment.

The show’s adaptability has also been key to its longevity. From Paris to London, from Broadway to Shanghai, the creative team allowed for local variation without losing the show’s ethical and emotional core. For compliance, the essence of risk-based design is adapting policies and procedures to the local context while maintaining global standards.

The duality of consistency and flexibility is the hallmark of resilient compliance systems. Whether you’re dealing with data privacy laws in the EU or anti-bribery rules in emerging markets, the goal is the same: uphold integrity, but adapt intelligently.

Curtain Call: The Compliance Lessons from Les Misérables

Forty years on, Les Misérables remains not just a musical but a movement. Its improbable rise from derision to dominance reflects the same principles that make compliance programs succeed in the long run. Here are three key lessons for today’s compliance professionals:

1. Resilience Over Reputation. Critics will come, whether they are journalists, executives, or employees, and they will be skeptical of compliance initiatives. What matters is endurance. Listen to feedback, adapt when necessary, but stay rooted in purpose. Like Mackintosh, bet on the long-term power of doing what’s right, not what’s popular.

2. Continuous Reinvention Is Compliance Excellence. Les Misérableswas refined until every lyric and note supported the story. Similarly, compliance programs must be living systems. They must constantly be assessed, tested, and evolved. Success comes not from a perfect launch but from perpetual improvement.

3. Emotion and Ethics Drive Engagement. What made Les Misérablesunforgettable was not its spectacle but rather its soul. The same applies to compliance. Rules deter misconduct; stories inspire integrity. Embed humanity into your messaging. Celebrate courage. Encourage second chances. Compliance is not about fear. It is about belief.

Final Encore

From the opening-night “wake” to four decades of standing ovations, Les Misérables proves that greatness often begins in adversity. For compliance professionals, the lesson is clear: Build programs with purpose, persistence, and passion. Like Valjean himself, a great compliance culture does not just survive, it redeems, inspires, and endures.

Categories
Life with GDPR

A Compliance Roadmap for ADS/ADMT – Part 2: Understanding Opt-In and Opt-Out Requirements

Welcome to a special series on Life with GDPR. Over the next five episodes, Tom Fox and Alyssa DeSimone, a legal/compliance & risk management expert, with an extensive background in HR,  will discuss the complex topic of a Compliance Roadmap for ADS/ADMT.

In this second episode, Tom Fox and Alyssa DeSimone review the opt-in and opt-out requirements introduced in the recent updates to the California Consumer Privacy Act (CCPA). They discuss what opting in and out entails, the concept of anti-retaliation in this context, and how disparate impact analysis can help regulators assess compliance. Additionally, they explore the importance of clear communication and training for HR departments on the use of AI in hiring, as well as the role of vendors in ensuring compliance. The episode wraps up with a discussion on the ambiguous term ‘significant decision making’ and its potential for litigation.

Key highlights:

  • Understanding Opt-In and Opt-Out Requirements
  • Anti-Retaliation Measures
  • Disparate Impact Analysis
  • Applicant Rights and Training
  • Vendor Collaboration and Compliance
  • Significant Decision Making

Resources:

Connect with Tom Fox

Connect with Alyssa DeSimone

Life with GDPR was recently honored as a Top Data Security Podcast