Tag: compliance

Categories
Compliance Tip of the Day

Compliance Tip of the Day – 10 Lessons for the Compliance Professional on Fighting Fraud, Waste and Abuse

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We conclude our look at fraud, waste, and abuse by providing the compliance professional with 10 steps to take to help fight these three iniquities.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Creativity and Compliance

Creativity and Compliance – Crowdsourcing Compliance: Creative Strategies for Engaging Employees

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on the award-winning Creativity and Compliance. Ronnie’s company, Learning and Entertainment, utilizes the entertainment devices that people use to consume information in their everyday, non-work lives, and applies it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

In this episode, Tom and Ronnie discuss innovative ways to tap into the collective intelligence of employees through crowdsourcing. They explore how creative methods can be used to promote an ethical workplace, including employee contests, mascots, and fun engagement activities. They highlight examples such as compliance trading cards, privacy promotions with pets, cocktail-themed compliance policies, and internal lip-syncing videos. They also discuss using internal podcasts to enhance corporate culture and the importance of creating a culture of trust where employees feel heard and engaged.

Key highlights:

  • Crowdsourcing Compliance: An Innovative Approach
  • Creative Examples of Employee Engagement
  • Building a Culture of Trust
  • Fun and Cost-Effective Compliance Strategies
  • The Power of Internal Podcasts

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
Blog

Fighting Fraud, Waste, and Abuse: Ten Lessons for the Compliance Professional

Fraud, waste, and abuse are often bundled together in compliance conversations, but they are not interchangeable. Fraud is intentional deception, waste is the careless misuse of resources, and abuse is the opportunistic exploitation of gray areas. Each carries unique risks. Each erodes value. And each, if left unchecked, creates fertile ground for corruption and regulatory exposure.

Throughout this series, we have examined each element in depth. Fraud remains the most familiar, often linked directly to corruption. Waste, though usually unintentional, drains millions from corporate coffers each year. Abuse occupies the murky middle ground where rationalizations and loopholes open the door to larger misconduct. Finally, we examined how an integrated framework, spanning from controls to culture, can help compliance professionals address fraud, waste, and abuse in a holistic manner.

What emerges is clear: fighting fraud, waste, and abuse is not an optional add-on to anti-corruption programs. It is central to them. Fraud cannot thrive without weak controls. Waste creates the conditions that foster corruption. Abuse normalizes rule-bending until bribery becomes a natural extension of it.

For compliance professionals, the question is not whether to address fraud, waste, and abuse but how. Here are ten key lessons that stand out.

1. Know the Difference

The first lesson is definitional clarity. Fraud, waste, and abuse often overlap, but they are distinct categories of risk. Fraud is intentional and prosecutable. Waste is careless and costly. Abuse is opportunistic and corrosive. Treating them as one dulls your controls. Compliance programs must tailor messaging, policies, and monitoring to each risk. For example, fraud requires forensic controls, waste requires efficiency metrics, and abuse demands cultural reinforcement. Clarity sharpens strategy and ensures that prevention is precise, not blunt.

2. Fraud Prevention Requires Strong Controls

Fraud rarely occurs in isolation. Bribery schemes rely on falsified invoices, manipulated expenses, or deceptive contracts. Preventing fraud means embedding strong controls: segregation of duties, third-party due diligence, mandatory job rotations, and robust hotlines. Data analytics adds another critical layer, identifying anomalies in billing, procurement, or expenses before they metastasize. Fraud prevention is not just about legal risk; it is about stopping corruption before it takes root.

3. Waste Is More Than Inefficiency

Waste may lack intent, but its impact is devastating. It drains profits, frustrates shareholders, and weakens culture. Waste in corporate travel, maintenance, or software licenses often reflects poor oversight and sends the wrong cultural message: accountability is optional. Compliance cannot dismiss waste as “just operations.” Regulators and boards increasingly demand stewardship. Waste that goes unchecked creates cover for fraud and abuse, turning inefficiency into risk. Compliance leaders must treat waste as a core governance issue, not an afterthought.

4. Predictive Analytics Is a Compliance Tool

Our review of Shell’s predictive maintenance program offers a powerful analogy for compliance. By embedding sensors and utilizing predictive analytics, Shell reduced waste, minimized downtime, and enhanced safety. Compliance can achieve the same results. Predictive analytics enables compliance officers to move from reactive investigations to proactive risk detection. Expense anomalies, hotline spikes, or vendor irregularities can be flagged in real time, preventing issues before they escalate. Predictive analytics is no longer a “nice to have.” It is the future of compliance risk management.

5. Abuse Is the Gateway to Fraud

Abuse thrives in gray areas, exploiting loopholes, stretching policies, or rationalizing questionable conduct. It often starts small, such as recreating a lost taxi receipt, but escalates when unchecked. AI-generated fake receipts illustrate how easily abuse morphs into fraud. Abuse corrodes culture by teaching employees that rules can be bent without consequence. Compliance must treat abuse as seriously as fraud, because, in practice, abuse is often a precursor to fraud. Ignoring it is an invitation to systemic misconduct.

6. Technology Must Match the Threat

Employees are already using AI to generate fake receipts. Compliance must use AI to detect them. Modern expense-auditing platforms now flag anomalies in fonts, metadata, or behavior patterns. Similar tools analyze procurement, payroll, and travel data for red flags. The lesson is clear: compliance cannot fight tomorrow’s threats with yesterday’s tools. Technology must evolve as quickly as the risks do. Matching technology to the danger is no longer optional; it is essential for credibility and effectiveness.

7. Culture Is the Ultimate Control

Policies and tools matter, but culture determines outcomes. Fraud, waste, and abuse thrive where accountability is negotiable, where entitlement is tolerated, and where corner-cutting is excused. Conversely, a culture of transparency and stewardship closes the space in which misconduct thrives. Compliance officers must partner with leadership to model integrity, reinforce accountability, and celebrate stewardship. Culture sends the clearest message: fraud, waste, and abuse are not tolerated here. Without cultural reinforcement, even the strongest controls will eventually fail.

8. Empower Whistleblowers as Early Warning Systems

Whistleblowers are often the first to spot fraud, waste, or abuse. Yet too many organizations undercut their own defenses by failing to protect or empower employees who speak up. Robust reporting channels, anti-retaliation policies, and timely follow-up are essential. In the fight against fraud, waste, and abuse, whistleblowers are not just informants; they are strategic allies. Empowering them demonstrates that the company values integrity, deters misconduct, and surfaces risks before regulators do.

9. Build Cross-Functional Coalitions

Fraud, waste, and abuse cut across silos. Fraud may surface in finance, waste may occur in operations, and abuse may be present in HR. Compliance cannot fight these battles alone. Cross-functional coalitions with audit, procurement, IT, and HR ensure risks do not slip through the cracks. Coalitions also strengthen messaging: stewardship is everyone’s responsibility. When functions share data, align incentives, and coordinate responses, blind spots shrink and resilience grows. Compliance professionals must position themselves as connectors across the enterprise.

10. Continuous Improvement Is Non-Negotiable

Fraud, waste, and abuse risks are not static; they are dynamic. Predictive models require recalibration. Fraud schemes evolve. Waste emerges in new technologies and processes. Abuse shifts as policies and cultures change. Compliance programs must continually improve by reviewing data, updating controls, and reassessing cultural vulnerabilities to ensure ongoing effectiveness. Static programs become obsolete, leaving gaps for misconduct to exploit. Dynamic, evolving compliance programs, by contrast, remain credible, resilient, and aligned with regulatory expectations.

Conclusion

Fraud, waste, and abuse represent a continuum of risks that, if left unchecked, will erode profitability, corrode culture, and undermine trust. Fraud is the most visible, but waste and abuse are equally insidious. Together, they form the ecosystem in which corruption thrives.

For compliance professionals, the fight against fraud, waste, and abuse is both a mandate and an opportunity for growth. By understanding the differences, strengthening controls, leveraging predictive analytics, addressing abuse early, deploying technology, fostering a culture of compliance, empowering whistleblowers, forming coalitions, and committing to continuous improvement, compliance can lead the fight.

The message is simple: fraud, waste, and abuse are not just a financial issue; it is also a compliance issue. When compliance professionals treat it as such, they not only protect their organizations from regulatory exposure but also create cultures of stewardship, accountability, and integrity. That is the true mandate of modern compliance to ensure that fraud, waste, and abuse cannot take root and that corporate integrity remains strong.

Resources:

Untangling Fraud, Waste, and Abuse: A Primer for the Compliance Professional

From Controls to Culture: Building Anti-Corruption Programs that Address Fraud, Waste, and Abuse

Culture, Costs, and Compliance: Tackling Corporate Waste with Data-Driven Solutions

Culture, Controls, and Consequences: Why Compliance Should Address Abuse Before It Escalates

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using Your ABC Framework to Prevent Fraud Waste and Abuse

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our look at fraud, waste, and abuse. Today, explore using a best practices compliance program to fight these three iniquities.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
AI Today in 5

AI Today in 5: September 11, 2025, The Cruz Sandbox AI Episode

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  • Navigating the path to AI compliance. (BDO)
  • AI and ML are reshaping financial compliance. (FinExtra)
  • Ted Cruz proposes a free Sandbox. (Tech Policy Press)
  • Why AI alone can’t fix compliance screening. (FinTechGlobal)
  • Empire AI program exceeds expectations, says Gov. (Bloomberg)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
All Things Investigations

All Things Investigations – FinCEN’s Recent Actions: Existential Threat for Financial Institutions in Mexico

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox welcomes back Jeremy Paner and Diego Durán de la Vega to discuss recent FinCEN enforcement actions targeting three Mexican financial institutions. The conversation explores the implications of these actions under the Fend Off Fentanyl Act, the evolving regulatory landscape, and the existential risks facing financial institutions operating in Mexico. The guests provide practical compliance guidance, lessons learned, and a forward-looking perspective on U.S. enforcement trends.

Highlights include:

  • Why These Enforcement Actions Matter
  • The Fend Off Fentanyl Act: A New Legal Tool
  • U.S. Government Focus on Mexico
  • Lessons from OFAC Enforcement
  • Compliance Implications for Financial Institutions
  • Responding to Enforcement: Practical Steps
  • Global Jurisdiction and the U.S. Financial System
  • Key Lessons for Compliance Officers
  • Looking Ahead: Future Enforcement Trends

Key Takeaways for Compliance Professionals:

  • The Fend Off Fentanyl Act introduces new, immediate risks for financial institutions, especially those with ties to Mexico.
  • U.S. enforcement actions can have global reach, severing access to the U.S. financial system.
  • Compliance programs must be robust, proactive, and responsive to regulatory advisories and negative media.
  • Effective communication between compliance and legal functions is crucial for mitigating risk.

Resources:

Hughes Hubbard & Reed website

Jeremy Paner

Diego Durán de la Vega

Categories
Blog

From Controls to Culture: Building Anti-Corruption Programs that Address Fraud, Waste, and Abuse

Fraud, waste, and abuse are not just buzzwords in the government sector. They represent a real continuum of risk that every private sector company must confront. In fact, when designing or refreshing an anti-corruption compliance program, these three categories should not be seen as separate from bribery and corruption risks; they are integral to them. Bribery schemes thrive in environments where fraud is unchecked, where waste is tolerated, and where abuse of authority is normalized.

A truly effective anti-corruption compliance program, therefore, must address fraud, waste, and abuse head-on. Each requires different tools, but all rest on the same foundation: clear expectations, adequate controls, data-driven monitoring, and a culture of accountability. Yesterday, we took a deep dive into the three concepts behind fraud, waste, and abuse. Today, we continue our primer on fraud, waste, and abuse for the compliance professional by exploring how compliance professionals can operationalize their ABC framework to help fight these corporate scourges.

1. Fraud Prevention: Strengthening the Control Environment

Fraud sits at the heart of most corruption schemes. Bribery rarely occurs without the use of falsified invoices, fraudulent expense reports, or deceptive third-party contracts. That’s why fraud prevention measures must be embedded directly into your anti-corruption compliance program.

Practical steps include:

  • Segregation of duties. No single employee should have the authority to control both vendor approval and invoice payment. Splitting responsibilities closes off avenues for concealment.
  • Mandatory rotations or vacations. Employees in high-risk positions, such as procurement or finance, should be required to take periodic breaks. This not only reduces burnout but also increases the chance of uncovering irregularities.
  • Third-party due diligence. Vendors, distributors, and consultants are often used as conduits for corrupt payments. Screening them for red flags of fraud and corruption is essential.
  • Hotlines and reporting mechanisms. Anonymous channels encourage employees to report fraudulent or corrupt activity before it escalates.

Finally, modern fraud prevention is inseparable from data analytics. Reviewing transactions for anomalies in billing, procurement, or travel can help compliance officers identify both fraudulent activity and corruption red flags early.

2. Waste Reduction: Linking Efficiency to Integrity

Waste may not sound like a corruption risk at first, but it often creates the environment in which corrupt practices thrive. When organizations tolerate careless spending or redundant processes, they signal that accountability is optional. Waste becomes the fertile soil in which corruption can take root.

Practical steps include:

  • Cross-functional accountability. Compliance should collaborate with finance, procurement, and operations to ensure efficient allocation of resources.
  • Tracking key waste indicators. Duplicate software licenses, unnecessary travel expenses, or high energy consumption may not be fraudulent, but they represent vulnerabilities that can be exploited. Left unchecked, they normalize sloppy practices that corrupt employees can exploit.
  • Integrating waste metrics into compliance dashboards. If a business unit consistently demonstrates waste, it may also be vulnerable to bribery risks, particularly in operations that are heavily reliant on procurement.

By spotlighting waste, compliance leaders not only save the company money but also reinforce a culture of stewardship and integrity, two qualities that reduce the likelihood of corruption.

3. Abuse Control: Guarding Against the Gray Areas

Abuse often serves as the gateway to corruption. It thrives in gray zones, where managers stretch policies, exploit loopholes, or turn a blind eye to questionable behavior. Abuse may not always cross a legal line, but it corrodes culture and opens the door to bribery and unethical decision-making.

Practical steps include:

  • Tone from the top and middle. Executives and line managers alike must model integrity. If leaders exploit perks or bend rules, employees will assume similar behavior is acceptable in dealing with third parties.
  • Policy clarity. Abusive practices often hide in vague policies. For example, a travel policy that allows “reasonable upgrades” without definition invites abuse. Aligning policies with anti-corruption standards closes these loopholes.
  • Incentive structures. Embedding transparency and fairness into performance reviews and rewards ensures managers do not cut ethical corners to hit financial targets.

By shrinking the space in which abuse can thrive, companies make it more difficult for corrupt practices to become normalized.

4. Leverage Data Analytics: Uncovering Patterns Across Risk Categories

Corruption schemes are rarely isolated. They often weave together fraud, waste, and abuse. That’s why analytics should not be siloed. A robust anti-corruption program integrates monitoring across multiple risk vectors.

Practical applications include:

  • Travel and entertainment analytics. Reviewing expense reports can uncover fraudulent receipts, wasteful spending, or abusive upgrades. These same reports may also reveal bribery risks if entertainment involves government officials or high-risk clients.
  • Procurement analytics. Comparing vendor pricing across regions may reveal fraudulent invoicing, excessive costs (resulting in wasteful spending), or favoritism (abuse of power). It can also reveal third parties that may be used as conduits for corruption.
  • Cross-data integration. Linking procurement, HR, and finance data highlights unusual patterns. For example, a sudden spike in overtime in a high-risk market may flag both payroll abuse and potential red flags for corruption.

Data analytics transforms compliance from a reactive to a proactive discipline, catching issues before they metastasize into a full-blown corruption scandal.

5. Whistleblower Empowerment: The Human Early Warning System

Even the most advanced controls and analytics cannot replace human intelligence. Employees are the first to notice when fraud, waste, or abuse is occurring. But unless they feel safe speaking up, those observations remain hidden.

Practical steps include:

  • Robust reporting channels. Multiple options, including hotlines, digital portals, or direct reporting to compliance, all make it easier for employees to raise concerns.
  • Protection against retaliation. Employees must trust that speaking up won’t cost them their careers. Policies must be clear, and enforcement consistent.
  • Timely follow-up. When employees report fraud, waste, or abuse, prompt investigation and feedback demonstrate that the company takes reports seriously.

In the context of anti-corruption compliance, whistleblowers are invaluable. They can flag bribery schemes before external regulators or auditors uncover them.

Building Resilience by Tackling All Three

An anti-corruption compliance program that focuses only on bribery risks but ignores fraud, waste, and abuse is incomplete. Fraud fuels corruption, waste fosters the conditions where it flourishes, and abuse normalizes the behavior that enables it.

By embedding fraud prevention, waste reduction, abuse control, data analytics, and whistleblower empowerment into your anti-corruption framework, you create a resilient program that goes beyond compliance checklists. You demonstrate stewardship to shareholders, accountability to employees, and integrity to regulators.

The fight against corruption is not won by policing bribery alone. It is won by creating a culture where fraud, waste, and abuse cannot survive and where transparency, efficiency, and fairness are the norm. That is the true mandate for today’s compliance professional.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Addressing Abuse

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our look at fighting fraud, waste, and abuse. Today, we take a deep dive into the abuse prong of fraud, waste, and abuse, and how compliance can help to fight it.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Fracht – The Bonkers Sanctions Case

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss a recent OFAC enforcement action against a Swiss-domiciled freight forwarding company, Fracht.

The case stands out for its complexity, involving a single, high-value transaction that exposed the company to significant sanctions risk through dealings with both Venezuelan and Iranian entities. Tom and Matt break down the compliance failures, the role of senior management, and the extensive remediation steps taken post-incident. This episode offers actionable lessons for compliance professionals on supply chain due diligence, the importance of compliance involvement in urgent deals, and the consequences of sidelining compliance functions.

Key highlights:

  • OFAC Enforcement Details
  • Anatomy of the Transaction
  • Third- and Fourth-Party Risks
  • Senior Management Involvement
  • Compliance Failures & Supply Chain Visibility
  • Remediation & Consequence Management

Key Takeaways for Compliance Professionals:

  • Always involve compliance in high-value, urgent transactions.
  • Ensure robust due diligence for all counterparties, including third- and fourth-party risks.
  • Senior management must be accountable for compliance failures.
  • Remediation should include policy updates, staff training, and ongoing oversight.

Resources:

Matt on Radical Compliance 

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred the Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Great Women in Compliance

Great Women in Compliance – Being an Entrepreneur in Residence with Kathy Zhu

Now is the time for all of us to think of ourselves as entrepreneurs in residence, designing the future of compliance.

In this episode of the Great Women in Compliance Podcast, GWIC co-host Hemma Lomax speaks with Kathy Zhu, Co-Founder and CEO of Streamline AI, about her journey from big law to in-house legal at DoorDash to launching her own legal tech company.  

They discuss the importance of adopting an entrepreneurial mindset within compliance and legal departments, the journey of building innovative solutions like Streamline AI, and how addressing workflow pain points can revolutionize the industry. Kathy shares her personal journey, practical tips for aspiring entrepreneurs, and insights on leveraging technology to optimize legal operations for the future.

Kathy’s story is a testament to the power of entrepreneurship as a service. Tune in to hear how frustration became innovation, why compliance leaders are uniquely positioned to design the future of our field, and how each of us can become a tech influencer inside our organizations.

✨ You’ll hear:

  • Why compliance leaders should see themselves as entrepreneurs in residence.
  • How Kathy turned workflow chaos into a scalable AI-driven product.
  • Practical ways to start experimenting with tech and influence the next generation of compliance.

This conversation is a powerful reminder that the future of compliance isn’t something we wait for — it’s something we create.

Guest Bio: Kathy Zhu

Kathy Zhu is the Co-Founder, CEO, and General Counsel of Streamline AI, a workflow intelligence platform transforming how in-house legal and compliance teams manage intake, triage, and operational efficiency.

Kathy began her career at Wilson Sonsini, advising startups and emerging companies on incorporations, financings, and IPOs before moving in-house. At Medallia and later as the first commercial counsel at DoorDash, she experienced firsthand the growing pains of legal and compliance operations at scale. Frustrated by inefficiencies, she hacked together her own solutions — an experiment that became the foundation for Streamline AI.

Today, Kathy leads Streamline AI in its mission to empower compliance and legal teams to operate as strategic business partners, supported by data, automation, and seamless integrations. She is also an advocate for women in leadership and brings lessons from her passions, such as scuba diving and meditation, into how she leads with calmness and clarity under pressure.

Resources & Links:

Podcast Recommendations: 

Book Recommendation: Three Horizons Framework by Bill Sharpe