Tag: compliance

Categories
Innovation in Compliance

Innovation in Compliance: Mastering Compliance Branding on LinkedIn: Insights from Carol Kaemmerer

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox is joined by returning guest Carol Kaemmerer, author of ‘LinkedIn for the Savvy Executive.’

Carol shares valuable insights on how compliance professionals can leverage LinkedIn to build their personal brand and gain credibility with senior management. She introduces her Brilliance Framework, which includes strategies such as leading with authenticity, utilizing the rule of three for memorable branding, maximizing digital real estate, and emphasizing the importance of engagement. Tune in to enhance your LinkedIn strategy and make a lasting impression in your career.

Key highlights:

  • Building a Compliance Professional’s Brand
  • Reframing Compliance Communication
  • Introducing the LinkedIn Brilliance Framework
  • Maximizing LinkedIn’s Digital Real Estate
  • The Importance of Visuals on LinkedIn
  • Engagement: The Gold of LinkedIn

Resources:

Carol Kaemmerer on LinkedIn

Carol Kaemmerer Website

LinkedIn for the Savvy Executive Second Edition

The LinkedIn Brilliance Framework™: Amplify Your Professional Presence

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Compliance Lessons Uber

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we begin a look at how companies are utilizing AI in their business operations and draw compliance lessons from this use for compliance professionals. Today, we start with lessons from Uber.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Pat Poitevin on Transforming Corporate Compliance: Leveraging AI and Building Ethical Cultures

Join Tom Fox as he welcomes Pat Poitevin, a compliance veteran with extensive experience in enforcement, consulting, and academia. Pat shares his professional journey, beginning with his work at the Royal Canadian Mounted Police (RCMP), and discusses the importance of establishing strong ethics and compliance cultures within organizations. He emphasizes the role of AI in transforming compliance functions and enhancing the effectiveness of risk management. Pat also touches on the future of compliance, talent acquisition, and the impact of technology on business ethics. The conversation offers valuable insights for compliance professionals looking to refine their programs and align them with business strategies for sustained growth.

Key highlights:

  • Current Projects and Focus Areas
  • Building a Strong Ethics and Compliance Culture
  • Leveraging AI in Compliance
  • Compliance Strategies for Geopolitical and Technological Changes
  • Balancing Policies and Human Behavior
  • Future of Compliance and Technology

Resources 

Pat Poitevin

🔸 LinkedIn: Pat Poitevin

🔸 Consulting Firm: Active Compliance and Ethics Group (ACEG)

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com

Categories
Blog

Courageous Leadership in an Era of Disruption: Compliance Lessons from Brené Brown

The New York Times (NYT) recently published an interview with Brené Brown, best known for her TEDx Talk on “The Power of Vulnerability.”  Her TEDx Talk focused on individuals. Brown is now using those concepts as a basis for work in the corporate world. Many of the concepts she discussed in this interview directly apply to a Chief Compliance Officer (CCO) and corporate compliance function. In this article, I will summarize the key themes of Brown’s discussion and draw out five critical lessons for compliance professionals navigating today’s turbulent environment.

The world of corporate compliance does not exist in a vacuum. Every day, compliance professionals work within organizations facing extraordinary pressures: disruptive technologies, geopolitical instability, shifting marketplaces, and evolving workforce expectations. Against this backdrop, Brené Brown, renowned researcher on shame, vulnerability, and courage, has turned her attention to leadership in corporate, nonprofit, and even military contexts. Her latest reflections provide timely insights not just for executives, but for compliance professionals tasked with guiding organizations through uncertainty.

Brown’s message is clear: in moments of disruption, the quality of leadership matters more than ever. She challenges us to think about courage, vulnerability, and clarity not as “soft skills,” but as the very foundation of sustainable organizational performance. For the compliance professional, her work resonates deeply. After all, compliance is fundamentally about behavior, how people act under pressure, how they respond to risk, and how organizations foster cultures of accountability and trust.

The Pace of Change and the Trap of Fear

Brown describes today’s business climate as a “supercycle” of unprecedented change. Artificial intelligence, geopolitical instability, and economic volatility create a sense of scarcity, a nagging feeling that organizations lack sufficient time, resources, or talent to keep up. For compliance leaders, this context should feel familiar. When regulations shift overnight or enforcement priorities change, fear and reactive decision-making often follow.

Brown cautions against “action over impact,” where leaders rush to act without pausing to assess whether their actions are aligned with strategy. For compliance, this is the difference between a carefully calibrated monitoring program and a scattershot set of controls that look good on paper but fail in practice. Strategic urgency, not blind urgency, must guide the compliance function.

Courage, Accountability, and Human Leadership

At the heart of Brown’s research is the idea that courage, not technical expertise alone, is the limiting factor in organizational performance. Across industries, she found leaders struggling to have hard conversations, to hold others accountable, and to resist blame and shame.

For compliance, this insight hits home. We have all seen organizations where misconduct festers because leaders fear confrontation, or where accountability is deflected onto “bad apples” instead of being addressed systemically. Brown reminds us that courage means leaning into discomfort, whether that’s delivering difficult feedback, shutting down toxic behavior, or confronting senior leaders when ethical lines are at risk of being crossed.

Communication as a Compliance Tool

Brown describes good communication as rooted in clarity, discipline, and accountability. It requires vulnerability, honesty, and a willingness to tolerate discomfort. In her words, “A brave life is basically 15 hard conversations a day.” Compliance professionals should take note. Too often, compliance messages are dulled by legal jargon or buried in training modules that merely check the box without creating a genuine understanding. Effective compliance communication is not about volume, but clarity — stating expectations plainly, reinforcing them consistently, and holding both leaders and employees accountable when those expectations are not met.

When compliance officers avoid difficult conversations, whether with business leaders, employees, or regulators, they fail in their role as stewards of integrity.

Generational Shifts and the “Why” Question

Another theme Brown highlights is the growing demand from younger generations to understand the “why” behind organizational decisions. Gen Z, in particular, tends to resist following orders blindly. They ask questions, challenge assumptions, and expect transparency.

For compliance, this is an opportunity, not a threat. When employees ask “why,” they create space for dialogue about risk, ethics, and accountability. If handled well, these conversations can strengthen the compliance culture. If dismissed or ignored, however, they can morph into conflict and disengagement. Compliance professionals must equip themselves and their organizations with the skills to turn task conflict into innovation, rather than emotional conflict that fractures teams.

The Decline of Fear-Based Leadership

Brown pushes back against the notion that fear-driven leadership, exemplified by mass layoffs or authoritarian management, produces sustainable performance. Fear may yield quick results, but its shelf life is short. To maintain fear as a motivator, leaders must repeatedly demonstrate cruelty, which corrodes trust and drives talent away.

Compliance programs grounded in fear face the same limitation. Employees may comply out of fear of punishment in the short term, but over time, they disengage, seek ways to evade controls, or leave the organization entirely. Sustainable compliance requires trust, fairness, and accountability, not periodic shows of cruelty.

Five Key Takeaways for the Compliance Professional

1. Strategic Urgency Over Panic

In times of disruption, resist “chicken with your head cut off” urgency. Compliance programs must prioritize thoughtful, strategic action over quick fixes that create the illusion of progress without real impact.

2. Courage as the Compliance Differentiator

Having hard conversations, holding people accountable, and confronting uncomfortable truths are the core of both leadership and compliance. Technical expertise matters, but courage drives results.

3. Communication Builds Trust

Effective compliance communication requires clarity, discipline, and accountability. Don’t hide behind jargon or check-the-box training. Say what needs to be said, even when it’s uncomfortable.

4. Harness the Power of ‘Why’

Younger employees demand transparency and reasoning. Use this as a lever to build stronger compliance cultures. Equip leaders to turn questions into opportunities for education, engagement, and innovation.

5. Reject Fear-Based Models

Fear is a short-term motivator with long-term costs. Compliance programs grounded in trust, fairness, and respect will outperform those that rely on punishment and intimidation.

Compliance Lessons in Courage

Brené Brown’s reflections on leadership are not abstract musings. They speak directly to the challenges compliance professionals face in guiding organizations through uncertainty, disruption, and cultural change. At its core, compliance is about shaping behavior and building cultures of integrity. That work requires courage, clarity, and compassion, which are precisely the traits Brown identifies as the hallmarks of effective leadership.

As we look ahead to the next wave of regulatory change, technological disruption, and workforce transformation, compliance officers must resist the temptation to react out of fear. Instead, we must embrace courageous leadership that aligns action with impact, values clarity over noise, and treats people with humanity even in moments of adversity.

Brown’s work reminds us that compliance is not just about preventing wrongdoing; it is also about promoting ethical behavior. It is about cultivating courage and clarity in organizations so that, when disruption hits, leaders and employees alike know how to “settle the ball,” take a breath, and make the right play.

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 1 – Frankenstein’s Lab: Five Compliance Lessons: Ambition, Accountability and Organizational Culture

Welcome to a special series of Popcorn and Compliance. In this series, we will examine the Classic Universal Monster Movies from the 1930s and 1940s, mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this first episode of our special 5-part series, we consider compliance lessons drawn from the classic 1931 film ‘Frankenstein,’ starring Boris Karloff.

Exploring Henry Frankenstein’s unchecked ambition and lack of oversight, Tom and his AI co-hosts, Timothy and Fiona, extract five crucial compliance lessons: the necessity of setting boundaries for ambition, the importance of un-delegatable accountability, the profound impact of corporate culture on employee behavior, the need for constant reassessment of emerging risks, and the importance of crisis preparedness. These lessons offer profound insights for today’s professionals on how to navigate modern corporate compliance challenges effectively.

Key highlights:

  • Frankenstein’s Monster: Ambition Without Boundaries
  • The Importance of Oversight and Accountability
  • Corporate Culture and Its Impact
  • Continuous Risk Reassessment
  • Crisis Management: Preparation Over Panic

Resources:

Compliance Lessons from Boris Karloff’s Frankenstein on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
AI Today in 5

AI Today in 5: October 3, 2025, The What is Truth Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

Compliance Lessons from the Boris Karloff’s Frankenstein

As many of my readers know, I am a huge fan of the Classic Universal Picture Movie Monsters, which spanned from 1931 to the mid-1950s. In October, I traditionally use our Halloween month to revisit the Classic Universal Movie Monsters, as well as other notable films, including those from Hammer Studios, Val Lewton productions, and movies starring Vincent Price.  This year, I wanted to return to the basics by revisiting the Classic Universal movie monsters, starting with Dracula and Frankenstein in 1931, followed by The Invisible Man in 1933, The Mummy in 1932, and concluding with The Wolf Man in 1941.

Over the next five weeks, I will examine each of these movies through the lens of compliance and extract lessons on compliance from each. Today, I begin with the greatest and most famous Classic Universal Movie Monster of them all, Boris Karloff’s Frankenstein. Suppose you want to take a deeper dive into what all of these movies mean in the podcast format. Check out the special series on the FCPA Compliance Report, hosted by my friends Fiona and Timothy. These podcasts will post each Friday during October.

When Boris Karloff first lumbered onto the screen as the Monster in James Whale’s 1931 adaptation of Frankenstein, audiences were horrified. Here was not only a creature stitched together from corpses but also the chilling outcome of unchecked ambition, poor oversight, and a total disregard for ethical boundaries. Nearly a century later, Karloff’s performance remains the iconic portrayal of Frankenstein. But it continues to offer a rich set of lessons for corporate compliance professionals.

At its heart, Frankenstein is a story about risk, responsibility, and governance failure. Victor Frankenstein’s quest to create life is not unlike what many corporations attempt when pushing the boundaries of innovation or entering new markets. The question for compliance is straightforward: Are we implementing the right controls, oversight, and ethical framework to manage these risks?

Today, I highlight five core compliance lessons from the Karloff version of Frankenstein that remain strikingly relevant for today’s professionals.

1. Ambition Without Boundaries Leads to Disaster

Henry Frankenstein is driven by ambition; his vision of “creating man in his own image” propels him to conduct experiments that fall outside accepted ethical and scientific norms. He isolates himself from colleagues, ignores established rules, and convinces only a single assistant to support his reckless project.

For compliance officers, this is a cautionary tale of what happens when ambition overrides governance. In corporate life, ambition often comes in the form of growth targets, market entry deadlines, or technological breakthroughs. The drive itself is not wrong, but when ambition operates without boundaries, the risks multiply.

Compliance takeaway: The role of compliance is to ensure ambition is channeled responsibly. That means building policies and procedures that establish guardrails, embedding ethical considerations into business decisions, and providing leadership that understands that success cannot come at the cost of compliance.

2. Oversight and Accountability Cannot Be Delegated Away.

One of the striking elements in the film is how Henry Frankenstein assumes total authority but shirks responsibility once things spiral out of control. His assistant Fritz mistreats the Monster, provoking violence, while Henry himself disappears into denial. When the creature escapes, Henry claims he never intended harm.

This mirrors what regulators often see in enforcement actions: executives who authorize high-risk ventures but then argue they were unaware of misconduct. In the DOJ’s Evaluation of Corporate Compliance Programs (2024 ECCP), accountability is crystal clear, leadership must own risk, and responsibility cannot be delegated away.

Compliance takeaway: Compliance leaders must establish clear lines of accountability to ensure effective oversight and ensure compliance. Decision-makers cannot hide behind subordinates, contractors, or third parties. A robust compliance program requires oversight mechanisms, regular reporting, board engagement, and escalation procedures that prevent responsibility from being ignored.

3. Culture Determines Outcomes

Perhaps the most tragic part of Karloff’s Monster is that he is not inherently evil. In fact, he demonstrates innocence and curiosity, most famously in the heartbreaking scene with the little girl by the lake. Yet he is rejected, mistreated, and feared. The culture around him, suspicion, hostility, and secrecy, all drive him to violence.

In a corporate context, this serves as a stark reminder that culture has a profound influence on the behavior of individuals. Employees are not “born” unethical; culture shapes conduct. If an organization fosters openness, respect, and ethical decision-making, employees are more likely to do the right thing. If, instead, fear, retaliation, or secrecy prevail, even well-intentioned people may lash out or stray from their goals.

Compliance takeaway: Compliance professionals must continually monitor, measure, and foster a culture. It’s not enough to write codes of conduct; leaders must model ethical behavior, middle management must reinforce these expectations, and employees must feel safe in raising concerns. Without the right culture, even the strongest controls will fail.

4. Emerging Risks Require Continuous Reassessment

Henry Frankenstein believed he understood the risks of his creation. But once the Monster came to life, new risks appeared that he had not anticipated: strength, unpredictability, and the impact of isolation. His failure was not only in creating the Monster but also in failing to reassess and adapt once circumstances changed.

This is exactly the type of oversight the DOJ emphasizes in its 2024 ECCP revisions; risk is not static. New markets, new products, and new technologies all bring new and emerging risks. A program that does not evolve quickly becomes obsolete.

Compliance takeaway: Compliance programs must be dynamic and adaptable. Conduct regular risk assessments, update training and monitoring tools, and be ready to pivot as new risks appear. Static policies written three years ago will not protect a company from today’s realities. Just as Henry Frankenstein failed to re-evaluate the risks of his “creation,” companies that fail to reassess can find themselves blindsided.

5. Crisis Management Requires Preparation, Not Panic

The climax of the film, with villagers wielding torches storming the castle, is pure chaos. By then, no plan exists. Henry Frankenstein is reactive, not proactive. Instead of containing the situation, he lets panic dictate the outcome. The Monster is hunted down, the laboratory destroyed, and the community traumatized.

Corporate compliance teams face similar moments of crisis, whether it is an FCPA investigation, a data breach, or allegations of whistleblower misconduct. The difference between chaos and resilience lies in preparation. A company that has practiced crisis management scenarios, established reporting lines, and empowered its compliance function will weather storms more effectively.

Compliance takeaway: Don’t wait until regulators come knocking to figure out your crisis response. Build playbooks, test them with tabletop exercises, and ensure compliance has a seat at the table in crisis planning. Preparation prevents panic.

Conclusion: Frankenstein’s Monster and the Modern Compliance Officer

The genius of Boris Karloff’s Monster is that he is both terrifying and sympathetic. He embodies the unintended consequences of human ambition and the failures of oversight, accountability, and culture. For compliance professionals, Frankenstein is more than a horror story. It is a case study in what happens when governance collapses.

Today’s compliance challenges, including AI governance, supply chain transparency, ESG accountability, and third-party risks, are not so different from Henry Frankenstein’s laboratory. They involve bold ambitions, innovative experiments, and high stakes. The question is whether compliance is in the room early enough to set the guardrails, monitor the risks, and ensure the organization does not create its own “monster.”

The Karloff Frankenstein may be a black-and-white classic. Still, its compliance lessons are vividly relevant: ambition needs boundaries, accountability cannot be delegated, culture drives conduct, risks must be reassessed, and crisis planning is non-negotiable.

For compliance officers, the movie serves as a powerful reminder that our job is not to stifle ambition but to shape it so that innovation thrives without unleashing unintended harm.

Join us next Friday as we consider Bela Lugosi’s Dracula.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Compliance Lessons from the Mummy

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we have a 5-part series on compliance lessons from the Classic Universal Movie Monsters. Today in Part 4, we continue our exploration of the Classical Universal Movie Monsters by looking at Boris Karloff’s version of The Mummy.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Life with GDPR

Life With GDPR – From IT to Total Compliance Tracking with Adam Goslin

Jonathan Armstrong remains on assignment. Today, Tom visits with Adam Goslin, founder of Total Compliance Tracking, to discuss his journey from IT development and management to becoming a leader in the security and compliance sector.

Adam shares his professional background, the challenges he faced with achieving PCI compliance, and the insights that led him to create a system to streamline compliance management. He details how his company, TCT, helps organizations efficiently manage various certifications and compliance standards. Adam also discusses the unique, direct marketing approach TCT employs and shares the philosophy behind providing accessible compliance resources. This conversation offers valuable insights into the importance of pragmatic, user-friendly compliance solutions.

Key takeaways:

  • Adam Goslin’s Professional Journey
  • Founding Total Compliance Tracking
  • Marketing Strategy and Philosophy
  • Future of TCT and Industry Insights

Resources:

Connect with Tom Fox

Connect with Adam Goslin

Connect with Total Compliance Tracking

Life with GDPR was recently honored as a Top Data Security Podcast.  

Categories
Red Flags Rising

Red Flags Rising: S01 E28: The Long-Awaited “50% Rule” – Key Takeaways and Liability Pitfalls to Avoid

Mike and Brent return with their take on a hotter-than-hot topic, the Bureau of Industry & Security’s new “50% Rule,” effective yesterday, September 29, 2025. Mike and Brent discuss the news of the rule’s announcement and the basics of what it does (00:46); the fact that the rule was effective immediately upon filing for public review, i.e., on September 29, 2025 (02:24); the fact that 50% is not some threshold under which risk goes away (06:19); how commentary suggesting that a “loophole” has been closed is not entirely accurate because such a loophole never existed in the first place (08:12); the requirements (including a description of due diligence performed) under a new, unique license application process (09:45); what enforcement risks are likely to arise in the government’s implementation of the new rule, especially if the government compares pre-rule trade flows to post-rule trade flows (10:43); the importance of not making a quick decision in how to respond to the new rule that you might later regret (12:23); the dangers of misreading the new rule to permit entity-shifting as an appropriate response (15:53); BIS’s caution that the rest of the U.S. Export Administration Regulations (EAR) still apply, separately from the Entity List (18:43); the admonition by BIS that “exporters, reexporters, and transferors have an affirmative responsibility to know the ownership of the foreign companies that are parties to a transaction” (19:45); the statement in the rule that those same actors “must adopt a risk-based compliance program to assist them in complying with these requirements” (20:14); the new “Red Flag 29” added to the BIS Know-Your-Customer (KYC) Guidance (21:05); and the importance of the explanatory text’s reference to “control” (irrespective of ownership) by a listed entity as a “red flag” requiring further due diligence (21:59).

Mike and Brent conclude with another installment, back by popular demand, of Brent Carlson’s “Managing Up” segment (24:57).

Resources:

Brent’s new contact information: brent@redflagsrising.com

Mike’s new contact information: michael.huneke@morganlewis.com

Brent LinkedIn

Mike LinkedIn

The U.S. export controls “Country List” (Supplement No. 1 to Part 740)

The BIS Press Release (with a link to the new rule)