Tag: compliance

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Tackling Corporate Waste with Data-Driven Solutions

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our look at fighting fraud, waste, and abuse. Today, we take a deep dive into waste and how compliance can help to fight it.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Blog

Culture, Costs, and Compliance: Tackling Corporate Waste with Data-Driven Solutions

When compliance professionals hear the phrase “fraud, waste, and abuse,” their attention almost always gravitates toward the concept of fraud. Fraud makes headlines, triggers DOJ enforcement actions, and carries obvious reputational risk. But waste, the second component in that trio, costs corporations millions of dollars annually and often goes unnoticed. Waste is not always the result of intentional misconduct. Instead, it is the unnecessary, careless, or inefficient use of resources.

Left unchecked, waste can sap profits, drain morale, and erode organizational culture. Worse, it creates vulnerabilities that open the door to fraud and abuse. As compliance officers, we have a role to play in combating waste, not just as a financial drain, but also as a risk factor that undermines long-term business sustainability.

We continue our review of the role of compliance in combating fraud, waste, and abuse. Today, we consider the role of compliance in the fight against waste. One of the most promising tools in this fight is predictive analytics. We review how Shell used predictive analytics to transform its maintenance programs and discuss how compliance officers can harness these same principles to anticipate, identify, and prevent waste before it spirals into a major liability.

What Is Waste?

Waste is the misuse of corporate resources without necessarily crossing the line into fraud. It may include:

  1. Excessive travel or entertainment expenses.
  2. Over-maintenance of equipment that does not need servicing.
  3. Duplication of tasks due to poor communication.
  4. Paying for unused licenses, subscriptions, or services.
  5. Poorly designed processes that consume time and labor unnecessarily.

Unlike fraud, waste is not always intentional. An employee may not realize that expensing unnecessary upgrades or double-booking a supplier constitutes waste. Yet the cumulative impact is enormous. According to industry surveys, corporate waste can cost companies millions annually, and much of it is preventable through better monitoring and smarter resource allocation.

The Cost of Waste

Waste rarely grabs headlines, but its financial impact is staggering. Consider how often corporations schedule routine maintenance on equipment, even when it is not actually needed. The expense of replacing parts “on schedule” rather than based on actual performance data runs into the billions across industries. Similarly, compliance functions themselves can generate waste by deploying broad, unfocused training or redundant audits instead of targeting resources where they matter most.

Waste also undermines culture. Employees who see inefficiencies tolerated may conclude that the company does not take stewardship seriously. This normalization can spread: if no one cares about wasted money, why should they care about ethical gray zones? In this way, waste weakens the very cultural foundation compliance programs are designed to strengthen.

Lessons from Shell: Predictive Analytics and Maintenance

Shell provides a vivid example of how predictive analytics can transform waste into efficiency. Historically, Shell relied on calendar-based maintenance schedules, servicing equipment at predetermined intervals regardless of actual wear and tear. While effective in preventing breakdowns, this method was wasteful, resulting in unnecessary part replacements, downtime, and inefficient resource allocation.

By adopting predictive analytics, Shell embedded sensors across its global assets, collecting real-time data on vibration, temperature, and pressure. Machine learning models analyzed this data to detect anomalies, allowing Shell to service equipment only when necessary—the result: reduced downtime, lower costs, and improved reliability.

The compliance parallel is clear. Just as Shell transitioned from reactive repairs to predictive maintenance, compliance must also shift from reactive investigations to proactive monitoring. Waste in compliance, whether in resources, training, or oversight, can be dramatically reduced when programs are data-driven and predictive rather than static and calendar-based.

The Compliance Angle: Why Waste Matters

Waste is not just an operational issue. It is a compliance issue for three reasons:

  1. Regulatory scrutiny: Regulators are increasingly expecting companies to utilize data-driven tools to ensure efficiency and accountability. Wasteful practices, particularly in government contracting, can lead to legal exposure.
  2. Fraud adjacency: Waste creates gray areas that fraudsters exploit. If duplicate payments or unused services go unnoticed, bad actors can hide fraudulent charges within the noise.
  3. Cultural risk: Tolerating waste sends a signal to employees that accountability is negotiable. This undermines compliance culture and makes it harder to enforce policies consistently.

How Compliance Can Fight Waste

1. Leveraging Predictive Analytics

Compliance officers can use predictive analytics to spot wasteful spending patterns, such as duplicate vendor payments, recurring unused subscriptions, or expense anomalies. By analyzing large datasets in real-time, predictive analytics reveals inefficiencies that traditional audits often miss.

2. Targeting Resources

Much like Shell’s predictive maintenance conserved resources, compliance can use analytics to deploy training, audits, and investigations where they are most needed. This prevents the waste of blanket initiatives that consume time and budget without addressing real risk.

3. Building Proactivity into Culture

Predictive analytics fosters a culture of proactivity rather than reactivity. Employees learn to anticipate risks and inefficiencies before they escalate, creating a compliance culture that values stewardship of resources alongside ethical conduct.

4. Enhancing Decision-Making

Predictive models provide compliance leaders with actionable insights that sharpen their decision-making. Instead of guessing where to allocate limited resources, compliance officers can point to data-driven evidence, increasing credibility with leadership.

5. Continuous Improvement

Just as Shell recalibrates its predictive models with real-world data, compliance must treat waste reduction as a continuous improvement process. Predictive models should evolve in tandem with business practices, regulatory shifts, and emerging risks.

Five Key Takeaways for the Compliance Professional

1. Waste Is More Than Inefficiency

Waste is the misuse of resources, whether intentional or not, and it costs corporations millions annually. Beyond financial impact, tolerating waste erodes culture and creates openings for fraud.

2. Predictive Analytics Reduces Waste

Just as Shell cut costs and improved reliability through predictive maintenance, compliance programs can use predictive analytics to identify inefficiencies, anticipate risks, and allocate resources effectively.

3. Compliance Has a Role in Fighting Waste

Waste may appear to be an operational issue, but it is also a compliance issue. Regulators expect efficient use of resources, and unchecked waste can conceal fraud or abuse.

4. Proactivity Strengthens Culture

Predictive analytics fosters a proactive compliance culture that anticipates risks and addresses them before they escalate, reinforcing accountability and resource stewardship.

5. Continuous Improvement Is Key

Predictive analytics and waste reduction are not one-off projects. Compliance must continuously reassess data, refine models, and adapt to evolving risks to remain effective and credible.

Conclusion

Waste may not carry the same drama as fraud or abuse, but it represents a critical vulnerability for corporations. The financial cost is real, the cultural cost is corrosive, and the compliance implications are significant.

By taking a page from Shell’s predictive analytics playbook, compliance officers can transform their programs from passive monitors to proactive risk managers. Predictive analytics enables compliance to identify inefficiencies before they escalate, conserve resources, and enhance credibility with leadership. Most importantly, it positions compliance as a strategic partner in building a culture of accountability and efficiency.

In today’s environment, where regulators demand real-time monitoring and organizations face constant pressure to do more with less, fighting waste is not optional. It should be a compliance imperative.

Categories
FCPA Compliance Report

FCPA Compliance Report – Exploring Compliance, in the US and Nigeria with Adeyinka Adejugbe

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, join Tom as he interviews Adeyinka Adejugbe, a seasoned business lawyer and compliance expert, to discuss his professional journey and insights into compliance frameworks across various industries and countries.

Adeyinka is a business lawyer, HR specialist, and certified chief compliance officer with an MBA. He has extensive experience across various industries and is passionate about creating systems of fairness and accountability. Adeyinka shares his experiences and the importance of tailoring compliance strategies to specific sectors, as well as the role of leadership in fostering a culture of ethical conduct and psychological safety.

Key takeaways highlights:

– 🌍 The importance of aligning compliance strategies with industry-specific needs.

– 📚 Insights into the differences and similarities between Nigerian and US compliance frameworks.

– 🚀 The role of AI and technology in the future of compliance.

– 🛡️ The significance of whistleblower protection in fostering a safe work environment.

– 🤝 How US and Nigerian compliance programs can learn from each other.

Resources:

Adeyinka Adejugbe on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – What is Fraud, Waste and Abuse

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we will look at a ubiquitous term that everyone has heard but not many know what it means: fraud, waste, and abuse. Today, we define the term and explain what it matters to a compliance professional.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Blog

Untangling Fraud, Waste, and Abuse: A Primer for the Compliance Professional

In the world of compliance, few phrases are tossed around with as much frequency and often as little precision as “fraud, waste, and abuse.” In the government sector, this triad is well-defined. Federal and state agencies spend billions each year tracking, auditing, and enforcing rules to combat it. But in the private sector, the phrase is no less relevant. Whether you are managing a global compliance program, overseeing internal controls, or leading an ethics initiative, fraud, Waste, and abuse can quietly erode corporate value, undermine trust, and invite unwanted scrutiny from regulators, auditors, and stakeholders.

Yet too many compliance professionals lump these terms together, failing to appreciate the important differences between them. Fraud, Waste, and abuse may sometimes overlap in practice, but they require distinct prevention strategies, tailored controls, and cultural messaging. Today, we begin a multipart blog post series to unpack what each of these terms means for the private sector and explore how your organization can fight against their scourge.

Fraud: The Deliberate Deception

Fraud is the most familiar of the three. It is intentional deception or misrepresentation made with the knowledge that it will result in an unauthorized benefit. In the corporate world, fraud is not limited to elaborate Ponzi schemes or headline-grabbing accounting scandals; it often hides in plain sight.

Examples from the private sector include:

  • Financial statement fraud. Inflating revenue or concealing liabilities to present a healthier picture of the business. Enron, WorldCom, and Wirecard are stark reminders.
  • Procurement fraud. Kickbacks from suppliers, false invoices, or bid-rigging. A procurement officer who colludes with a vendor to inflate prices is not just wasting company money; they are stealing it.
  • Expense reimbursement fraud. Employees are submitting falsified receipts or double-billing travel expenses. What starts as “a little padding” quickly snowballs into a systemic problem.

Fraud is deliberate, targeted, and harmful by design. It requires intent to deceive. For this reason, fraud often falls under the purview of regulators and prosecutors, resulting in criminal charges, civil penalties, and severe reputational damage.

Waste: The Silent Erosion of Value

Waste, by contrast, is rarely intentional. It refers to the careless or unnecessary use of resources, leading to inefficiency and loss of value. Waste does not always involve dishonesty; usually, it is more often a byproduct of poor management, weak oversight, or cultural indifference.

Examples from the private sector include:

  • Operational inefficiencies. A manufacturing line that continues to use outdated machinery, consuming more energy than modern alternatives. However, it can also encompass basic corporate functions, such as failing to timely service vehicles and other large pieces of equipment until they break down.
  • Bloated corporate travel. Business units booked last-minute flights in premium class when lower-cost options were available with better planning.
  • Technology sprawl. Companies are paying for redundant software licenses because IT and business units fail to coordinate their procurement.

Waste drains profitability. Unlike fraud, it may not land your employees in court, but over time, it corrodes competitiveness, frustrates shareholders, and damages morale. For the compliance professional, Waste is tricky. Because it often lacks intent, it falls into a gray zone between compliance, internal audit, and operations. But leaving Waste unchecked is an abdication of governance responsibility. And of course, it can be very costly.

Abuse: The Exploitation of Loopholes

Abuse sits somewhere between fraud and Waste. It involves the improper or excessive use of resources or authority, but without a clear intent to defraud. Abuse may not violate the letter of company policy, but it often violates its spirit.

Examples from the private sector include:

  • Excessive executive perks. A senior leader insists on flying private, despite company policy allowing business class.
  • Overtime gaming. Employees schedule themselves in ways that maximize overtime pay, even when workloads do not justify it.
  • Supplier favoritism. A manager repeatedly awards contracts to a personal acquaintance without competitive bidding, even if the price is technically “market.”

Abuse thrives in cultures of entitlement and weak oversight. It often signals to employees that procurement rules are flexible or merely suggestions, undermining trust in leadership. Regulators may not always prosecute abuse, but investors, boards, and employees will notice.

Five Key Takeaways for the Compliance Professional

1. Know the Difference

Fraud, Waste, and abuse are often lumped together, but they are distinct risks with different causes and remedies. Fraud is intentional deception designed to enrich the perpetrator at the company’s expense. Waste is careless or inefficient use of resources, often unintentional but just as costly. Abuse sits in the middle ground, exploiting loopholes, gray areas, or authority for personal gain. If you treat these three risks as interchangeable, your controls will be blunt instruments. The savvy compliance professional tailors training, monitoring, and cultural messaging to each risk, ensuring prevention efforts are both precise and effective.

2. Fraud Is Not the Only Threat

Compliance programs often emphasize fraud because it creates legal exposure, attracts regulatory scrutiny, and can lead to criminal liability. Yet fraud is not the only drain on corporate value. Waste can hollow out profitability year after year through inefficiency and mismanagement. Abuse corrodes employee trust, culture, and morale, even when it does not cross a legal line. Boards and shareholders increasingly look beyond compliance “check the box” fraud controls. They demand stewardship, efficiency, and accountability across the enterprise. Expanding your program’s scope to tackle Waste and abuse demonstrates leadership, adds measurable business value, and positions compliance as a strategic partner.

3. Culture Is the Battleground for Abuse

You can design airtight policies and sophisticated controls to prevent fraud or reduce Waste, but abuse is more insidious. It thrives in cultures of entitlement, favoritism, and “wink-and-nod” exceptions to the rules. Abuse may not always break laws or policies, but it violates fairness and damages trust. That is why culture is the key battleground. Compliance leaders must set clear expectations, train managers to model ethical behavior, and empower employees to speak up when necessary. When entitlement and corner-cutting are tolerated, abuse spreads. When accountability, transparency, and stewardship are celebrated, abuse withers. Culture, not checklists, is the ultimate safeguard.

4. Data Is Your Ally

The complexity of modern business means fraud, Waste, and abuse can hide in plain sight. Data analytics provides compliance professionals with the tools to detect risks early. Anomalies in travel expenses may uncover not only fraudulent reimbursement but also systemic Waste in last-minute bookings or abusive upgrades. Procurement analytics can expose inflated invoices, duplicate payments, or favoritism in the vendor selection process. The key is not just gathering data but integrating it across compliance, audit, and finance systems. With proper dashboards and regular reviews, data becomes a proactive ally, identifying red flags before they metastasize into scandals that damage reputation and value.

5. Build Cross-Functional Coalitions

Fraud, Waste, and abuse do not respect organizational silos. They intersect with compliance, audit, HR, procurement, finance, and operations. If each function fights its own battles in isolation, risks will inevitably slip through the cracks. The compliance professional is uniquely positioned to serve as the connector, building coalitions that share data, align incentives, and coordinate responses. For example, a fraud indicator spotted by finance may also highlight Waste tracked by operations. HR may uncover abusive practices that compliance can remediate with policy changes. When functions collaborate, blind spots shrink, accountability rises, and the entire organization becomes more resilient.

Stewardship as Compliance

Fraud, Waste, and abuse may manifest differently, but together they represent a continuum of risks that can erode profitability, corrode culture, and undermine trust in leadership. For the compliance professional, the way forward lies in anchoring your program on five core pillars.

First, you need to understand the difference. Fraud, Waste, and abuse require distinct approaches, and treating them as interchangeable dulls your controls. Second, remember that fraud is not the only threat. Waste and abuse, while less visible, can be just as damaging to shareholders and boards who care about stewardship as much as compliance. Third, recognize that culture is the battleground for abuse. Without accountability and transparency embedded in daily operations, policies and controls are powerless against entitlement and favoritism. Fourth, leverage the fact that data is your ally. Analytics reveal patterns across all three categories, allowing you to act before small issues metastasize. Finally, build cross-functional coalitions. Fraud, Waste, and abuse cut across silos, and only through collaboration can you close the gaps.

Taken together, these five strategies form more than a compliance toolkit; they create a holistic framework for corporate stewardship. By clearly distinguishing risks, broadening your scope, reinforcing your culture, embracing data, and building coalitions, you elevate compliance from a defensive shield to a proactive value driver.

The organizations that thrive in today’s demanding environment will be those that go beyond chasing fraud and instead build resilient, data-driven, and culture-anchored programs to fight fraud, Waste, and abuse in all their forms. That is the mandate for the modern compliance professional.

Join us tomorrow as we explore how your anti-corruption compliance program can help your company combat fraud, Waste, and abuse.

Categories
FCPA Compliance Report

FCPA Compliance Report – Special Edition on Is the US Going Socialist

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, we discuss President Trump’s review of other interests in US business and its implications for compliance.

The panel explores the evolving landscape of government involvement in major U.S. corporations and the resulting compliance and anti-corruption risks. With recent actions by the Trump administration to acquire stakes or exert control over companies like US Steel and Intel, the discussion centers on the implications for FCPA enforcement, the definition of “instrumentality,” and the challenges facing compliance professionals as the boundaries between public and private sectors blur. The episode also examines international perspectives, potential conflicts of interest, and the impact on global business relationships.

Key highlights:

  • Introduction: Are We Becoming Socialist?
  • Golden Share and Control Mechanisms
  • Anti-Corruption Risks and FCPA Instrumentality
  • International Law and Foreign Supplier Risks
  • Conflicts of Interest and Board Representation
  • International Perspectives: UK and EU Compliance
  • Politically Exposed Persons and Due Diligence
  • Closing Thoughts: Navigating Uncharted Territory

Resources:

Matt Kelly in Radical Compliance

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Regulatory Ramblings

Regulatory Ramblings: Episode 77 – Financial Inclusion and Sustainability/Legal & Compliance Recruitment Trends with Lotte Schou Zibell, Ian Morrison , and Raoul Montgomery

In the initial spotlight segment of this episode, we speak with London-based Ian Morrison of search and recruitment firm Arion House, and his Hong Kong colleague Raoul Montgomery to get a broader perspective on hiring trends in the legal and compliance space for the remainder of this year and into 2026 – with an eye towards global hubs such as London, Hong Kong, and Singapore.

Following that, we chat with Lotte Schou Zibell, formerly of the Asian Development Bank (ADB), to discuss the importance of financial inclusion and sustainability – including her thoughts on how something as seemingly mundane as the bamboo plant can be part of the solution.

Ian Morrison has over 18 years of experience in executive search and market intelligence, spanning Europe and Asia. Having placed legal, compliance, and financial crime professionals at the vice president, managing director, and partner levels globally, he has worked with many of the world’s leading investment banks, asset managers, hedge funds, law firms, and corporate clients.

Before establishing Arion House, Ian spent three years running the Asia Pacific business for Leathwaite International. He holds a degree in history from the University of Newcastle.

Raoul Montgomery joined as a research consultant in September 2019, with a focus on the APAC markets. He joined the University of Hong Kong, where he graduated with a Bachelor of Arts degree in History, Politics, and Public Administration. Having worked with numerous non-governmental organizations (NGOs), he is currently pursuing a JD degree in law at HKU. He is also fluent in English, Hindi, and Spanish.

Lotte Schou Zibell is a veteran international expert on sustainable finance, digital financial innovation, and financial inclusion. Lotte has played a key role in shaping policies and leading initiatives addressing emerging challenges in capital markets and financial systems.

For 19 years, she held various leadership positions at the Asian Development Bank, including serving as an advisor in the Finance Sector Office, as regional director for the Bank’s Pacific Liaison and Coordination Office, and as its chief of finance.

Before joining the ADB, she served as Director for International Economic Policy at the Swedish Ministry of Finance. She held positions at the Swedish Financial Supervisory Authority and the Swedish Central Bank. She has also worked as a consultant for the International Monetary Fund (IMF).

Lotte holds a master’s degree in economics from Lund University and a bachelor’s degree in international relations from George Mason University in the US state of Virginia. Her career reflects a deep commitment to strengthening financial systems and fostering economic resilience on a global scale.

Discussion:

With recruitment budgets for compliance and legal hires already set for the remainder of this year and into 2026, Ian and Raoul begin the conversation by discussing their observations on hiring trends in London, Hong Kong, and Singapore. As Ian tells Regulatory Ramblings host Ajay Shamdasani, hiring appears most robust in the insurance sector relative to other parts of the financial world.

A common refrain is that even with compliance, many organizations want to keep headcounts lean. Many employers seem willing to hire at the very senior levels, yet for middle management to junior hires, they are in retention mode. Simply put: if someone leaves, they are generally not replaced.

Worse still, stories of layoffs and hiring freezes at banking and financial institutions, as well as multinational corporations (MNCs), abound. For example, HSBC’s recent decision to shut its regional geopolitical risk unit caused quite a stir.

The spotlight chat concludes with a discussion of what knowledge and soft skills, other than being savvy in legal and regulatory matters, in-house counsel, and compliance, should possess. Ian noted that a greater awareness of political and economic risk was now firmly part of the remit of many in-house lawyers and compliance professionals at financial institutions and other multinational corporations.

We then proceed to our discussion with Lotte, who shares her experiences growing up in Sweden and spending time abroad in the US due to her father’s postings. She discusses what drew her to work for the IMF and ADB, as well as her commitment to developmental economics.

Having run Bank’s financial sector development projects for the past 20 years, Lotte comments on her achievements and how awed she is by the developments in fintech that she has seen during her tenure.

Acknowledging her current status as a consultant with the ADB, she discusses how it is to still work with her former colleagues, albeit in a less formal capacity, outside of the organization’s official hierarchy. As Lotte notes, being a consultant enables her to devote time to other interests.

She also elaborates on a post she authored for the ADB website, entitled “Five Ways Bamboo Can Revolutionize Finance, Housing, and Sustainability.” She noted that: “Bamboo’s fast growth and carbon capture abilities offer a sustainable solution to financial inclusion, housing affordability, and economic resilience in developing countries. Integrating modern technologies with bamboo cultivation can drive economic development while mitigating environmental impacts.”

The chat then drifted to another one of her posts entitled “Banks Without Borders: How AI, IDs, and Innovation Are Changing the Game.” Lotte wrote: “Rising compliance costs, regulatory fragmentation, and de-risking are limiting cross-border banking access, but technology-driven solutions offer a path to restore connectivity and resilience.”

Regulators often advise banks to adopt a risk-weighted approach to compliance and refrain from engaging in wholesale derisking. Yet, correspondent banking and related AML/KYC issues for certain sectors are a perennial issue, Lotte admits.

Acknowledging the problem’s entrenched nature, the sad truth is that derisking occurs when the compliance costs for banks maintaining particular correspondent banking relationships are too great. This can be due to the meager profit from serving them, resulting from small business volumes, or to the enhanced risk associated with serving a particular client or category of clients.

Lotte noted that there is often a lack of basic infrastructure in many emerging markets and that the developed world needs to provide those nations without capital, technology, and know-how the means to catch up.

Sadly, biometric safeguards are often not there in the developing world, she said. Many do not have identity cards or smartphones. In that regard, she thinks India’s Aadhaar card initiative is a triumph.

Their chat concludes with a reflection on a more recent ADB website post by Lotte entitled “Strengthen Compliance to Safeguard Pacific Banking Access.” She said: “Addressing gaps in financial compliance, upgrading digital infrastructure, and improving regulatory capacity can help Pacific countries build economic resilience and protect vital financial links.”

She added, however, that the resources required for compliance and risk management invariably affect a banking or financial institution’s bottom line.

Regulatory Ramblings podcasts is brought to you by The University of Hong Kong – Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech, with support from the HKU Faculty of Law.

Useful links in this episode:

  • Follow Lotte Schou Zibell on LinkedIn

  • Check out Asia Finance Forum (ADB Manila) at: website

  • Follow Ian Morrison on LinkedIn

  • Follow Raoul Montgomery on LinkedIn

  • Visit Arion House at: website

You might also be interested in:

Connect with RR Podcast at:

LinkedIn: https://hk.linkedin.com/company/hkufintech 
Facebook: https://www.facebook.com/hkufintech.fb/
Instagram: https://www.instagram.com/hkufintech/ 
Twitter: https://twitter.com/HKUFinTech 
Threads: https://www.threads.net/@hkufintech
Website: https://www.hkufintech.com/regulatoryramblings 

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net

Categories
Blog

Speed as a Compliance Decision: Lessons from Amazon’s Andy Jassy

When Andy Jassy succeeded Jeff Bezos as CEO of Amazon in 2021, many questioned whether the company could maintain its legendary momentum. Four years later, Jassy has not only sustained but also accelerated growth, adding more than $230 billion in revenue, expanding AI initiatives, and reinventing the management culture of one of the world’s most complex enterprises. That is why I was intrigued by an article in the Harvard Business Review (HBR) entitled, Speed Is a Leadership Decision,” where reporter Adi Ignatius interviewed Andy Jassy.

For compliance professionals, Jassy’s insights about speed, risk, culture, and innovation offer timely lessons. Too often, compliance leaders fall back on the excuse that “we’re too big, too regulated, too constrained to move quickly.” Jassy flips that script: speed, he insists, is a leadership decision. And the same is true for compliance.

Today, we look at five key lessons compliance professionals can draw from Jassy’s leadership playbook.

1. Speed Is a Leadership Decision

Jassy bluntly states that “speed disproportionately matters in every business at every time”. He challenges leaders to stop accepting bureaucracy and regulation as excuses. Instead, leaders must actively identify and remove barriers, empowering teams to act with urgency.

For compliance professionals, the lesson is clear: do not let the weight of regulations, policies, or oversight structures become a drag on effectiveness. Yes, compliance requires controls, documentation, and approvals, but speed is also important. Think of third-party due diligence reviews, hotline triage, or incident investigations. When compliance moves slowly, it signals indifference or ineffectiveness, and risks fester.

The decision to prioritize speed, backed by streamlined processes, real-time monitoring, and empowered teams, can transform compliance from a bureaucratic bottleneck into a proactive partner to the business.

2. Risk-Taking and Failure Are Essential to Innovation

Jassy observes that as companies grow, they tend to become risk-averse. Achievement-oriented professionals “play not to lose” rather than take chances. He emphasizes that the only way to build something truly unique is to take risks, make mistakes, and learn from them. Compliance teams face this challenge daily. The instinct is to avoid risk entirely, to say “no” rather than take a chance. But compliance innovation, whether adopting AI for monitoring, piloting new training formats, or embedding compliance into business processes, requires taking calculated risks. This means that risk management strategies must be implemented, monitored, and updated as necessary.

Failure in compliance is not about missing a regulatory requirement. It is about learning that a new process does not resonate with employees, or a monitoring tool generates too many false positives. Leaders should create safe zones for experimentation. If you never fail, you are not pushing hard enough. Compliance innovation must be iterative, and tolerance for small, recoverable failures is the price of true progress.

3. Flattening Bureaucracy Fuels Accountability

Jassy highlights Amazon’s initiative to flatten its organization and empower individual contributors. By increasing the ratio of builders to managers, reducing layers of decision-making, and encouraging employees to own “two-way-door decisions”. Those are choices that can easily be reversed. With this strategy, Amazon streamlined processes and accelerated innovation.

Compliance functions are often drowning in pre-meetings and approval chains. A compliance officer identifies a risk, drafts a recommendation, and waits while three levels of committees review it. Meanwhile, the risk festers. The compliance profession should adopt Jassy’s model: empower frontline employees to make two-way decisions in real-time. For example, a compliance manager in Brazil should have the authority to pause a suspicious vendor engagement without waiting for headquarters. Flattening decision-making structures creates accountability, agility, and credibility. Compliance must be a builder’s mindset: see the problem, fix the problem, move forward.

4. Culture Must Be Reinvented Continuously

“Culture is not our birthright,” Jassy warns. As companies scale, their culture stretches and must be deliberately reinforced. At Amazon, this means reasserting ownership, accountability, and a customer-centric approach, even as new layers of management emerge. For compliance professionals, this is a powerful reminder: culture is not static. A “speak-up” culture may flourish in year one and decay by year five if it isn’t nurtured. New geographies, acquisitions, and technologies stretch corporate culture in unpredictable ways.

The compliance function must continuously assess cultural health: are employees still raising concerns? Do managers still model ethical behavior? Are incentive structures still aligned with compliance values? A strong compliance culture requires constant reinvention: new training, new channels, new metrics; so that employees see it as living and evolving, not stale or perfunctory.

5. AI, Innovation, and Responsibility Must Go Hand in Hand

Jassy views AI as the biggest transformation since the internet, with the power to reinvent every customer experience. He emphasizes that progress is inevitable, so leaders must focus on using AI responsibly and productively.

Compliance professionals face the same dual imperative. On the one hand, AI tools, such as automated transaction monitoring, predictive analytics, and natural language chatbots, can make compliance faster, smarter, and more effective. On the other hand, AI introduces new risks, including bias, opacity, privacy breaches, and increased regulatory scrutiny.

The compliance leader’s role is not to resist AI but to guide its responsible adoption. Establish AI governance frameworks. Ensure transparency and explainability. Audit data inputs and outputs. Partner with business units to embed compliance guardrails into AI development. If compliance can keep pace with AI’s speed while safeguarding ethics, it will become indispensable to the business.

Compliance at the Speed of Leadership

Andy Jassy’s mantra, “speed is a leadership decision,” rings true far beyond Amazon. For compliance professionals, it reframes the mission. Compliance does not require slow responses, being bureaucratic, or being risk-averse. (Always remember, you do not have brakes on a car to drive slowly; instead, you have brakes on a car to drive fast.) Leaders can choose speed by empowering their teams, flattening the decision-making process, fostering a culture of ownership, tolerating smart failures, and embracing technology responsibly.

The stakes are high. Compliance must move at the same speed as the business, not the other way around. Regulators expect swift detection and remediation. Employees expect rapid answers to ethics and compliance questions. Boards expect real-time risk visibility. Compliance that lags will be seen as irrelevant or ineffective.

The lesson from Amazon’s Jassy is that compliance speed is not about cutting corners. It is about clarity of leadership, empowerment of people, and continuous cultural reinvention. In an era of accelerating technology and mounting risk, compliance professionals must embrace speed as a core leadership choice.

Categories
Blog

Agentic AI, Data Discipline, and Cross-Functional Governance: Compliance Insights for the Modern Era

As compliance professionals, we often inherit the boundaries that IT, Legal, and Security established long before we arrived. But what happens when those lines are out of date? I recently had a far-ranging conversation with cybersecurity author and educator Robert Meyers, who has spent more than three decades transitioning from “plain IT” to a world where cybersecurity and privacy have become distinct, high-impact disciplines. He explains why the old map no longer matches the terrain. Meyers’ vantage point spans early dial-up remote access fiascos, modern breach response, philosophical differences between U.S. and EU privacy regimes, and the tidal shift that agentic AI is bringing to accountability and data governance.

This blog post distills that conversation for a corporate compliance audience, focusing on practical, board-relevant governance and the day-to-day tactics that make privacy and security work together before, during, and after incidents.

From “IT Does Everything” to “Risk, Roles, and Accountability”

Meyers started in an era when “cybersecurity” did not exist. There was just “IT,” and everyone did everything. That lack of specialization produced preventable harm;  misconfigured remote access where a “guest” credential quietly had admin rights, cavalier attitudes toward email and user surveillance (Remember when “I read your email” bumper stickers were a thing.), and a culture that treated privacy as a corporate secrecy issue rather than a people-protection mandate. The lesson for compliance? Risk thrives in ambiguity. When roles and ownership are unclear and authority is not defined, controls are merely a facade.

Meyer contrasts the U.S. and EU not as a legal vs. legal comparison, but as a philosophical split. In Europe, privacy is government-centric and procedurally channeled through regulators; in the U.S., it is more individual-centric and notification-driven. California’s rules can even exceed the practical strictness of the GDPR in certain respects. For compliance leaders, that means your privacy posture must be designed around intent (IE., who is protected), governance (IE., who decides), and operational execution (IE., who does the work) and not just a citation list.

Data Has a Life Cycle—Treat It That Way

One of Meyers’ most pointed critiques is that organizations hoard data without a purpose or end-of-life discipline. If you keep 30 years of email, do not be surprised when eDiscovery asks for all 30. The habit of “keep it all, we might need it” is the enemy of proportional risk. Compliance should drive a business-backed data minimization program with explicit retention schedules tied to legal, operational, and risk rationales and then audit for enforcement. If the business cannot articulate why it needs a dataset today and in the future, that data is a liability, not an asset.

Fix the Operating Model: Privacy Is Not a Side Gig for Security

Meyers has observed the exact misalignment play out repeatedly: privacy responsibility is often assigned to Legal or Compliance, but Cybersecurity typically handles the work and associated expectations. CISOs are asked to “own” controls for which they lack budgetary authority or policy ownership. Legal “owns” privacy on paper, but it is not integrated into cyber operations. Meyer is clear that the cure is governance, not heroics: establish a cross-functional steering committee (including Legal, Security, Compliance, IT Ops, and the business) with clear charters, shared KPIs, and defined decision rights. Diversity matters here; mix senior leaders with younger employees and varied backgrounds to avoid blind spots. The first agenda item of that committee should be ruthless purpose-alignment: “Why do we have this data? Do we still need it?”

Put Risks on One Page—and Make It Everyone’s Page

While cybersecurity tooling is often automated and technical, Meyers recommends one deceptively simple instrument to unite the disciplines: a shared risk register. GRC teams already live in this world. You should bring Security into it and treat security events, control weaknesses, and privacy exposures as entries that share owners, mitigations, and review cadences. If the CISO, Chief Compliance Officer, and General Counsel are not reading, updating, and arguing over the same risk register, you do not have a single source of truth or a shared sense of urgency.

Breach Reality: Precision Beats Blanket Notification

“Assume breach” is not fatalism; it is a sign of professional maturity. Meyers highlights the emergence of data security posture management (DSPM) solutions that not only identify exposures but also determine who actually owns the data that was accessed. That allows for targeted notifications — “these 15 people, not 500,000 customers” — and saves both real money and reputation. For the compliance function, the key point is proportionality; your incident playbook should pair legal thresholds with data lineage and ownership maps, ensuring a fast, accurate, and respectful response to individuals.

Agentic AI: Accountability Without a Face

Agentic AI changes the rules. Agents act without asking, talk to other agents, and traverse systems and data at machine speed. They also obscure accountability because the human “operator” may interact with one agent while three others are making consequential decisions out of view. This breaks the legacy consent and audit paradigms, demanding new guardrails: identity and authorization that can follow agents, granular logging of agent-to-agent interactions, and data lineage that respects privacy scopes. From a compliance lens, agentic AI requires you to rewrite playbooks on consent, purpose limitation, and lawful processing, before deployment, not after the first mishap.

Storytelling: The Culture Carrier for Security and Privacy

Meyers’ long connection to San Diego Comic-Con may seem far removed from cybersecurity. Yet when you see a cybersecurity team finally “get it” when you swap a nameless attacker for “Lex Luthor” in a tabletop. That is not playing to pop culture; rather, it is cultural engineering. Humans adopt guardrails that they emotionally understand. If your privacy training or AI oversight policy can be told as a story, with villains, flawed heroes, and a clear “why,”  you improve retention, reduce resistance, and create connective tissue across silos. Compliance is, at its core, applied storytelling backed by controls.

Robert Meyers traces the evolution from undifferentiated IT to today’s specialized privacy and cybersecurity disciplines, emphasizing how poor role clarity and indiscriminate data retention have caused preventable harm for decades. He frames the U.S.–EU divide as a philosophical one, between individual-centric versus regulator-centric approaches, while urging companies to stop treating privacy as a side project for Security when Legal nominally “owns” it. The solution involves a cross-functional steering committee, a shared risk register, and purpose-driven data lifecycle governance.

Meyers underscores “assume breach” realism and highlights new DSPM tooling that enables precise, owner-level breach notification instead of blanket, costly responses. Looking ahead, agentic AI creates accountability gaps as autonomous agents act and collaborate out of human view, demanding fresh guardrails for identity, consent, lineage, and logging. Finally, Meyers champions storytelling (yes, even Comic-Con-style narratives) to make security and privacy relatable, and advocates for cross-training, with privacy professionals learning security and vice versa, so organizations can speak a single operational language from the boardroom to the SOC.

Categories
AI Today in 5

AI Today in 5: September 4, 2025, The Better Coffee with AI Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories:

  • AI-led drones enter the battlefield. (WSJ)
  • Crypto cannot scale without AI. (CoinTelegraph)
  • Army CIO issues guidelines on AI compliance. (ExecutiveGov)
  • Is the dream of superintelligence breaking? (NYT)
  • Starbucks is using AI to enhance the coffee experience. (Starbucks)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com