Tag: compliance

Categories
Great Women in Compliance

Great Women in Compliance – Navigating Risk, Culture, and Compliance with Teri Cotton Santos

✨ New Episode Alert! ✨

On this special episode of #GWIC, guest host Ellen Hunt talks with the incredible Teri Cotton Santos, Chief Compliance Officer at Phillips 66.

Teri shares her inspiring journey—from serving as General Counsel in Asia at Eli Lilly to leading compliance at HF Sinclair, and now shaping the culture of ethics and compliance at Phillips 66.

🔑 Key takeaways from this conversation:

  • Why trust is the foundation of every effective compliance program
  • How to integrate risk, ethics, and strategy to create impact
  • Lessons in resilience and resourcefulness when leading with limited resources
  • Building compliance programs that are truly fit-for-purpose and built to scale
  • The growing importance of data, technology, and behavioral science in compliance work

Teri also reflects on #leadership, #mentorship, and the power of community in the compliance profession.

🎧 Tune in for an honest, thoughtful, and inspiring discussion about leading with purpose and integrity in today’s evolving regulatory environment.

🔗 Sponsored by Corporate Compliance Insights

#Compliance #Leadership #WomenInCompliance #GreatWomenInCompliance #Ethics #Trust

Categories
Compliance Into the Weeds

Compliance into the Weeds: Unpacking the University of Michigan Football Scandal: Compliance and Consequences

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss the recent University of Michigan football scandal.

They draw parallels to the infamous 2017 Houston Astros sign-stealing incident and examine the numerous compliance failures within Michigan’s football program. Highlighted issues include impermissible scouting, leadership failures by Jim Harbaugh, marginalization of the compliance function, and the NCAA’s ineffective enforcement. The conversation highlights crucial lessons for corporate compliance, emphasizing the importance of documentation, intern training, cooperation in investigations, and maintaining robust enforcement actions.

Key highlights:

  • Michigan Football Scandal Overview
  • Impermissible Scouting and Violations
  • Leadership Failures and Compliance Issues
  • NCAA’s Toothless Enforcement
  • Comparisons to Corporate Compliance
  • Lessons for Compliance Officers

Ed. Note: Tom Fox has written a 5-part blog post series on the UM Cheating Scandal. It will be posted each day this week. You can view the full series on his blog, the FCPA Compliance and Ethics Blog.

Resources :

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast.

Categories
Innovation in Compliance

Innovation in Compliance – Global Outsourcing and GDPR Compliance – Navigating Challenges and Opportunities with Inge Zwick

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox interviews Inge Zwick, a senior leader from Emapta Global, a global outsourcing company, who elaborates on his experience working in different international locations, including the Philippines and now Italy.

Zwick discusses the complexities and common concerns around outsourcing under GDPR, emphasizing the importance of compliance and data protection. They explain how Emapta supports clients in achieving GDPR compliance while outsourcing, including risk assessments, data flow mapping, and maintaining secure work environments. The conversation delves into the practical aspects of handling Subject Access Requests (SARs), the integration of compliance into operational workflows, and the importance of maintaining ongoing monitoring and updates. Zwick also touches upon how ESG initiatives and compliance are seamlessly woven into Emapta’s operations, providing a sustainable approach to global outsourcing. Lastly, advice is given to business leaders on how to future-proof their outsourcing strategies in light of GDPR, encouraging them not to shy away from global talent opportunities due to compliance fears.

Key highlights:

  • Company Overview and Global Operations
  • Outsourcing and GDPR Compliance
  • Risk Assessment and Data Security
  • Subject Access Requests (SAR)
  • Outsourcing Contracts and GDPR Obligations
  • Integrating Compliance into Operations
  • Future-Proofing Your Outsourcing Strategy  

Resources:

Connect with Inge Zwick

Connect with Emapta Global

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Valley of Fear, Root Cause Analysis: Uncovering Deep-Seated Issues in Corporate Compliance

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Over this season, Tom will take a deep dive into each novel over a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear. For the month of August, we conclude this Season with a deep dive into the least well-known of the Sherlock Holmes novels, The Valley of Fear. 

Timothy and Fiona return to explore how Sherlock Holmes’ methods in ‘The Valley of Fear’ can be applied to modern corporate compliance. By examining five key lessons from Holmes’ approach, distinguishing symptoms from causes, expanding the scope of investigation, tracing the chain of causation, evaluating the role of fear and culture, and ensuring remediation aligns with root causes. Timothy and Fiona provide invaluable insights for anyone dealing with complex problems. This episode is essential for compliance professionals and anyone looking to delve deeper into systemic failures and long-lasting solutions.

Key highlights:

  • Lesson 1: Distinguishing Symptom from Cause
  • Lesson 2: Look Beyond the Obvious Suspects
  • Lesson 3: Trace the Chain of Causation
  • Lesson 4: Consider the Role of Fear and Culture
  • Lesson 5: Ensure Remediation Aligns with the Root Cause

 Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using AI to Embed Your Compliance Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we conclude our 5-part series on using compliance in a best practices compliance program by considering how to embed compliance into your business operations with the help of AI.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Daily Compliance News

Daily Compliance News: August 22, 2025, The WADA Returns Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • WADA punches its weight, says Sri Lanka is not compliant. (WADA)
  • Is audio quality a compliance issue? (CXToday)
  • Air cargo compliance challenges. (Cargo Facts)
  • Citibank investigates the Chief Wealth Officer. (Bloomberg)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
Blog

Using AI to Embed Compliance into Business Operations

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

Compliance programs have long wrestled with a central challenge: how to move from “bolt-on” to “built-in.” Too often, compliance has been perceived as an overlay, a set of policies and reviews that operate parallel to business activity. The Department of Justice has repeatedly emphasized that compliance should be integrated directly into operations, not treated as an afterthought.

Generative AI offers compliance professionals a new tool to achieve this, as Elisa Farri and Gabriele Rosani argue in an HBR article How AI Can Help Managers Think Through Problems, that AI is not just a productivity enhancer but a thought partner. Instead, it is capable of helping leaders frame problems, test assumptions, and engage in structured dialogues that improve decision-making.

I aim to utilize their article to support compliance officers in leveraging AI to enhance our ability to embed compliance into business processes more effectively. Today, I conclude my five-part blog post series on using GenAI in compliance to explore how AI can assist in building compliance into the business and what it means for the future of compliance programs. I also provide five key takeaways for compliance professionals on how to do so.

1. AI as a Co-Thinking Partner for Embedding Compliance into Workflows

One of the article’s most powerful insights is the concept of “co-thinking”; AI as a partner in structured dialogue rather than just a tool for quick answers. For compliance, this is transformative. Imagine using AI not simply to draft a policy, but to help you think through how that policy should be embedded in day-to-day operations.

For instance, when designing a gifts-and-entertainment approval process, AI can walk compliance through stakeholder perspectives: What does sales need? What would regulators expect? What friction will finance raise? By simulating these perspectives, AI helps compliance professionals design workflows that are practical and embedded, rather than abstract and detached.

This approach also makes compliance more proactive. Instead of reacting to risks after violations occur, AI-enabled co-thinking allows compliance to anticipate where policies may clash with business objectives and design operational solutions upfront. The compliance lesson is to treat AI as a structured dialogue partner to design compliance that lives inside the workflow, policies, and processes that are not just documented but operationalized.

2. Enhancing Stakeholder Engagement Through AI Simulations

Embedding compliance into business operations requires more than rules; it requires buy-in. The article highlights how AI can role-play different stakeholders, challenging managers to anticipate reactions. Compliance can use this capability to stress-test initiatives before rollout.

Suppose compliance is introducing a new due diligence system for third-party onboarding. AI can simulate how procurement might respond (“slows down vendor onboarding”), how business development might object (“hurts competitiveness”), and how regulators might evaluate (“strong demonstration of risk-based management”). This multi-stakeholder dialogue allows compliance teams to refine both process design and messaging before rollout.

The implication for compliance programs is clear: embedding compliance requires deep cultural alignment. AI makes it possible to test and rehearse that alignment at scale, reducing resistance and building smoother adoption. The compliance lesson is to use AI simulations to bring stakeholder voices into the design process, ensuring compliance is not bolted on but built with empathy for business realities.

3. AI-Assisted Root Cause Analysis Strengthens Business Integration

Compliance programs are expected to conduct root cause analysis after misconduct, but too often these reviews remain siloed. AI-enabled co-thinking helps expand root cause analysis into an exercise that strengthens business operations.

For example, when analyzing repeated travel and expense violations, AI can guide compliance through structured questions: Were training gaps to blame? Were approval workflows too weak? Were sales incentives misaligned? Then, critically, AI can help map remediation back into operations—tightening finance approvals, adjusting incentive structures, and embedding compliance flags directly into expense systems.

This is not about AI making the decision. It is about AI helping compliance think through operational integration of lessons learned. Instead of merely complying with regulations by writing a report that sits on a shelf, the outcome becomes operational adjustments inside business processes. The compliance lesson (or rather, perhaps implication) is that the DOJ expects compliance programs to prevent recurrence through systemic fixes. AI co-thinking can ensure those fixes are operational, not theoretical.

4. Scaling Compliance Culture and Mindset Shifts Across the Organization

The article notes how AI can be used to coach managers through mindset shifts, helping them reflect on new behaviors and practices. Compliance can use the same approach to embed cultural expectations directly into business teams. For example, AI can be configured as a compliance coach embedded in daily tools, guiding managers through ethical dilemmas, prompting reflection during approval requests, or reinforcing company values during project planning. Instead of compliance being external and episodic, it becomes internal and continuous.

This democratizes compliance development. A frontline manager in Asia can interact with AI that reinforces compliance culture in real time, rather than waiting for annual training or sporadic compliance visits. It also gives compliance leaders data on where employees are struggling, revealing cultural gaps that can be addressed systemically.

The implication is that embedding compliance is not just about systems but about mindset. AI can make culture-building a daily, distributed activity rather than a centralized, one-time effort.

5. Ensuring Human Judgment Remains Central in AI-Enabled Compliance

Finally, while AI can enhance problem-solving and integration, the article underscores that co-thinking only works when humans stay actively engaged. Compliance cannot abdicate responsibility to machines. This has profound implications for compliance programs. AI can help frame problems, simulate stakeholders, and propose operational fixes, but it cannot weigh reputational risk, interpret regulatory expectations, or balance competing global obligations. Those decisions require human judgment.

The key is balance: AI accelerates and deepens thinking, but compliance leaders must build governance frameworks to ensure outputs are reviewed, validated, and contextualized. Embedding compliance into business operations does not mean letting AI run the show; it means letting AI augment human reasoning so that compliance becomes more practical, strategic, and defensible.

The compliance lesson, based on both the DOJ’s FCPA Resource Guide and the 2024 ECCP, is clear that compliance must be risk-based, well-resourced, and continuously improved. AI helps compliance think through integration, but humans remain accountable for ensuring it meets regulatory standards and ethical expectations.

AI as a Pathway to Embedded Compliance

The future of compliance is embedded, not bolted on. DOJ expects it. Boards demand it. Employees need it. The challenge is figuring out how to make it real. AI offers compliance professionals a powerful new tool: not as an oracle, but as a co-thinker. By helping compliance frame problems, simulate stakeholders, strengthen root cause analysis, scale cultural coaching, and reinforce human judgment, AI can accelerate the shift from compliance as oversight to compliance as an integrated business practice.

The call to action is simple: use AI not just to make compliance faster, but to make compliance inseparable from business. That is how compliance earns trust, drives culture, and meets regulatory expectations in the age of AI.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Co-Thinking with AI

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we continue our 5-part series on using compliance in a best practices compliance program by considering how AI can be a new approach for compliance problem-solving.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Blog

Co-Thinking with AI: A New Frontier for Compliance Problem-Solving

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Every other day this week, I have created a one-page checklist for each article that you can use in presentations or for easier reference. However, for today’s blog post, I have made a Compliance AI Dialogue Playbook to illustrate the concepts discussed. If you would like a copy, email my EA, Jaja, at jaja@compliancepodcastnetwork.net.

Compliance officers are, at their core, problem-solvers. We wrestle with thorny questions every day: How do we implement a global gifts-and-entertainment policy across jurisdictions with vastly different cultural norms? How do we balance business pressures with anti-corruption obligations? How do we address new risks like AI itself? Traditionally, compliance officers have relied on their teams, external counsel, and regulators for perspective. But now, there is another partner available: AI as a co-thinker.

Elisa Farri and Gabriele Rosani, in their HBR article, How AI Can Help Managers Think Through Problems, argue that generative AI is not simply a productivity booster but a thought partner that can help managers frame problems, weigh trade-offs, and refine decision-making. For compliance professionals, this opens an exciting frontier. Instead of seeing AI as just a summarization or monitoring tool, we can use it to think with us about compliance challenges.

Today, we consider five key takeaways for compliance professionals, each exploring how AI can and should be trusted as a structured co-thinker in corporate compliance problem-solving.

1. AI Can Help Frame Compliance Problems More Clearly

One of the hardest parts of compliance work is problem framing. Regulators do not hand us neat checklists; instead, they give us principles, expectations, and enforcement actions. It’s up to us to translate these into workable policies and controls.

The authors highlight how AI can act as a sounding board, asking clarifying questions, offering perspectives, and reframing issues. In compliance, this is invaluable. For example, when confronting a possible books-and-records violation, you can ask AI to outline the problem from different angles: the DOJ’s perspective, the auditor’s lens, or the business unit’s operational concerns.

This “co-thinking” dialogue helps compliance officers avoid blind spots. By articulating context and criteria while AI proposes reframings or stakeholder perspectives, the problem becomes clearer. Often, clarity is half the solution.

The compliance lesson: Don’t just throw a problem at AI and expect an answer. Use it to refine the question. A well-framed compliance issue is easier to analyze, explain, and ultimately solve.

2. AI Strengthens Root Cause Analysis in Compliance Investigations

Root cause analysis is central to modern compliance. Regulators do not just want misconduct identified; they want to know why it happened and how you’ll prevent it going forward. Yet too often, root cause analysis gets bogged down in assumptions or limited perspectives.

Farri and Rosani cite managers who use AI dialogues to explore underlying causes systematically. For compliance officers, this can be a game-changer. Imagine an investigation into repeated expense-report fraud. AI can walk you through potential cultural drivers (“tone at the top,” sales pressure), structural flaws (weak approval workflows), and training gaps. It can then push back: “Are you overlooking incentives?” or “What if the issue is inadequate third-party vetting?”

By iterating through hypotheses in a structured dialogue, compliance professionals can avoid premature conclusions and dig deeper. This not only strengthens remediation but also demonstrates to regulators that the company engaged in a thorough, multi-perspective analysis.

The compliance lesson: AI co-thinking transforms root cause analysis from a static checklist into a dynamic dialogue, driving richer insights and more defensible conclusions.

3. AI Helps Anticipate Stakeholder Reactions to Compliance Decisions

Compliance isn’t just about rules; it’s about relationships. A compliance policy that looks perfect on paper can fail if stakeholders resist or misunderstand it. That’s why anticipating reactions is essential.

The article describes a communications manager who used AI to role-play stakeholder perspectives. Compliance teams can apply the same method. Suppose you’re rolling out a new third-party due diligence system. You could ask AI to simulate how sales might react (“This slows down deal velocity“), how finance might respond (“We lack resources for added checks“), and how regulators would view the process (“Demonstrates good faith risk management“).

This kind of dialogue allows compliance officers to refine messaging, anticipate objections, and design mitigation strategies before rollout. It’s essentially stakeholder mapping on steroids.

The compliance lesson: Use AI to run “compliance fire drills.” Let it act as different stakeholders, challenge your assumptions, and highlight where communication or process gaps may derail implementation. Better to hear objections from an AI simulation than from the DOJ or your workforce, after the fact.

4. AI Supports Compliance Leadership and Mindset Shifts

Compliance is not static; it evolves as risks and expectations change. One of the hardest parts of leadership is helping teams adopt new mindsets. Whether it’s embedding ESG into compliance or shifting from reactive investigations to proactive risk management, change is as much about people as it is about rules.

The authors point to managers using AI to coach teams through mindset shifts. Compliance officers can replicate this by designing AI dialogues that help teams reflect on change. For example: “Act as a compliance coach guiding a regional manager through adopting a risk-based mindset for third-party approvals.” AI can then walk the manager through scenarios, pose self-assessment questions, and suggest daily practices to internalize the change.

This turns AI into a scalable leadership development tool for compliance. It’s not replacing human mentorship but supplementing it, ensuring employees across geographies get consistent coaching.

The compliance lesson is straightforward: AI can democratize leadership development in compliance. By embedding coaching into AI assistants, compliance leaders can scale mindset change while reinforcing culture across the enterprise.

5. AI Encourages Reflective and Ethical Decision-Making

Finally, compliance is about judgment. Not every decision can be reduced to a policy or rulebook. Whether deciding how to respond to a gray-area hospitality offer or whether to self-disclose a violation, compliance officers must weigh trade-offs.

Farri and Rosani emphasize that AI, when engaged as a co-thinker, can enhance reflective decision-making. It does so by slowing us down, asking probing questions, and challenging quick assumptions. This is especially important because compliance officers are often under pressure to deliver fast answers to complex problems.

By prompting reflections such as “What risks might we be missing? What would regulators expect? What precedent are we setting? AI ensures compliance officers approach decisions with greater ethical clarity. It’s the Socratic method in digital form.

The compliance lesson: AI should not be seen as replacing compliance judgment but as sharpening it. By making space for reflection, AI helps ensure that compliance decisions are thoughtful, principled, and defensible.

From Automation to Co-Thinking

For too long, compliance has viewed AI as a back-office automation tool: summarizing, monitoring, and drafting. Farri and Rosani remind us that AI can do much more: it can think with us.

By helping frame problems, strengthening root cause analysis, anticipating stakeholder reactions, supporting mindset shifts, and fostering reflective decision-making, AI becomes not just a tool but a thought partner. For compliance officers under increasing pressure from regulators and boards, that partnership could be transformative.

The path forward is clear: stop asking “What can AI do for compliance?” and start asking “How can AI help compliance think better?”

Categories
Great Women in Compliance

Great Woman in Compliance – Building Strategic and Effective Risk Assessments

In this episode of the Great Women and Compliance Podcast, co-hosts Hemma Lomax and Lisa Fine discuss the breadth and depth of effective risk assessments with guests Jisha Dymond and Lisa Beth Lentini Walker.  Jisha and Lisa Beth have both worked in highly regulated and high-profile industries. Jisha most recently served as Chief Ethics & Compliance Officer at OneTrust, and Lisa Beth is currently the Deputy General Counsel, Corporate Legal, and Assistant Secretary at Marqeta, as well as the CEO and Founder of Lumen Worldwide Endeavors.

They discuss various aspects of assessing risk and how to align the needs best for your compliance risk assessments with other functions to develop strategic and holistic approaches that influence organizational direction. The discussion touches on the importance of cross-functional collaboration, effective use of data and AI, and practical steps for implementing comprehensive risk management processes.

Key highlights include:

  • Holistic vs. Compliance Risk Assessments
  • Engaging Key Stakeholders
  • Building Trust and Cross-functional Collaboration 
  • Data-Driven Risk Assessments
  • The Role of AI in Risk Management