Tag: compliance

Categories
AI Today in 5

AI Today in 5: October 29, 2025, The Chief AI Compliance Officer Edition

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. AI is providing fall tech to help seniors. (NYT)
  2. CompliSolv eases financial compliance through AI. (MyChesCo)
  3. ABA provides info to OSTP re: regulatory reform. (AmericanBankersAssociation)
  4. Palantir and NVIDIA team up to operationalize AI. (Nvidia News)
  5. Chief AI Compliance Officer. (BloombergLaw)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Great Women in Compliance

Great Woman in Compliance – Compliance with Courage

In today’s episode, Lisa speaks with Danielle Herrick, VP of Risk, Compliance, and Ethics at Bloom Energy.  After being diagnosed with Stage 4 cancer, Danielle began sharing her journey through her “Compliance with Courage” posts on LinkedIn.  And her candor and openness, in turn, are inspiring the Ethics & Compliance community.

Danielle shares how her experience became a turning point – reshaping how she leads, works, and views life in compliance. She talks about finding balance after years as a self-proclaimed workaholic, learning to say no, and discovering strength in vulnerability.

They discuss how compassion belongs in compliance, what it means to truly “show up,” and how clear, human communication can be just as powerful as policies and procedures. Danielle also highlights the incredible support she’s received, including from her manager, Human Resources, and her professional community, and how that support has influenced her mission to “rewrite the rulebook with compassion.”

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using Comms to Drive Speak Up

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider the role of communications in your reporting system.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The NBA Betting Scandal – Lessons for the Compliance Professional

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss the unfolding NBA betting scandal and explore what it all might mean for the compliance professional. 

Their discussion covers the allegations and implications involving high-profile NBA figures, including Terry Rozier, Damon Jones, and Chauncey Billups. They explore the role of material non-public information, the importance of risk assessment, the effectiveness of current compliance measures, and the crucial role of data analytics in detecting fraudulent activities. Insights into sports betting, preventive controls, and the ethical challenges faced by professional athletes are also discussed, drawing parallels for corporate compliance professionals.

 

 Key highlights:

  • NBA Betting Scandal Overview
  • Historical Context and Data Analytics
  • Conflict of Interest and Risk Assessment
  • Investigation and Compliance Strategies

 Resources:

Tom is writing a multipart series on the scandal on the FCPA Compliance and Ethics blog.

Tom  

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the ⁠Top 25 Regulatory Compliance Podcasts⁠ , a ⁠Top 10 Business Law Podcast⁠, and ⁠a Top 12 Risk Management Podcast⁠. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. 

Categories
Innovation in Compliance

Innovation in Compliance – Adam Goslin on Navigating Security and Compliance in the Digital World

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Adam Goslin, a seasoned IT professional who transitioned from developer to VP of IT and Infrastructure, and co-founded Total Compliance Tracking.

Adam and Tom address the complexities and challenges of security and compliance. Adam discusses how his journey into the compliance sector began with his efforts to achieve PCI compliance in his previous role, which illuminated a significant market gap for comprehensive compliance education and support. Driven by a passion to make compliance processes less burdensome, his vision for a comprehensive compliance-tracking company centers on delivering effective solutions that enable organizations to meet regulatory requirements with greater ease and efficiency. Through educational resources such as blogs and podcasts, Total Compliance Tracking demystifies the compliance process, helping organizations and individuals alike manage compliance responsibilities more effectively.

Key takeaways:

  • Evolution from Developer to Compliance Industry Leader
  • Revolutionizing Compliance Management with Bold Messaging
  • Comprehensive Solution for Data Control Challenges
  • Compliance Education Resources for Security and Compliance

Resources:

Connect with Adam Goslin

Connect with Total Compliance Tracking

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Sharing Information

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider how you can get employees to share information.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – A Clash of Cultures

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we consider communications in compliance. Today, we look at the merging of cultures as a merger or acquisition.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 4 – The Mummy’s Compliance Lessons: Uncovering Hidden Risks and the Importance of Organizational Transparency

Welcome to a special series of #PopcornandCompliance. In this series, we will look at the Classical Universal Monster Movies from the 30s and 40s and mine them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this episode, Tom explores critical compliance insights drawn from Boris Karloff’s portrayal of The Mummy.

Tom is once again joined by AI co-hosts Timothy and Fiona to explore The Mummy. Tom delves into the dangers of ignoring historical warnings, the necessity of radical transparency to prevent misconduct, and the critical role of organizational culture in compliance. The episode provides key insights into why compliance programs must learn from past mistakes, remain vigilant against emerging risks, and enforce boundaries to prevent catastrophic failures.

Key highlights:

  • Exploring The Mummy: A Deep Dive
  • Lesson 1: The Curse of Forgetting
  • Lesson 2: Radical Transparency
  • Lesson 3: Culture as the True Master
  • Lesson 4: The Mummified Mindset
  • Lesson 5: The Importance of Boundaries

Resources:

Compliance Lessons from Boris Karloff’s The Mummy on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Compliance Lessons from Boris Karloff’s The Mummy

As many of my readers know, I am a huge fan of the Classic Universal Picture Movie Monsters, focusing on the period from 1931 to the mid-1950s. In October, I traditionally use our Halloween-ending month to look at the Classic Universal Movie Monsters, as well as others, such as Hammer Studio movies, Val Lewton productions, and Vincent Price movies.  This year, I wanted to go back to basics by looking at the Classic Universal Movie Monsters: Dracula (1931), Frankenstein (1931), The Invisible Man (1933), The Mummy (1936), and The Wolf Man (1940).

Over the next five weeks, I will look at each of these movies through the lens of compliance and mine them for compliance lessons. Today, I continue with the Classic Universal Movie Monster Boris Karloff’s version of The Mummy. If you want to take a deeper dive into this movie in the podcast format, check out the special series on the FCPA Compliance Report, hosted by my friends Fiona and Timothy. These podcasts will post contemporaneously with the blog post each Friday during October.

When Boris Karloff first appeared swathed in ancient wrappings as The Mummy in 1932, audiences were transfixed. The story of Imhotep, an ancient Egyptian priest condemned for forbidden acts and resurrected thousands of years later, was both eerie and tragic. Unlike Frankenstein’s Monster or Dracula, Karloff’s Imhotep was not simply a beast or predator. He was a figure burdened by history, secrecy, and the consequences of defying rules.

For corporate compliance professionals, The Mummy is not just a gothic horror tale; rather, it is a parable about hidden risks, the danger of ignoring history, and the importance of clear rules and controls. Karloff’s Mummy reminds us that the past is never truly buried; if ignored, it will resurface to haunt organizations.

We continue our look at Classic Universal Monsters by exploring five compliance lessons from the Karloff version of The Mummy.

Ignoring History Leads to Repeated Mistakes

The British archaeologists who uncover Imhotep’s tomb are warned not to disturb it. Hieroglyphs clearly state the dangers. Yet curiosity and a touch of hubris push them to ignore the warnings. The result? They unleash a centuries-old curse. This resonates strongly with compliance. Organizations that fail to study their own past missteps or the lessons learned from industry scandals are doomed to repeat them. How many times have we seen bribery scandals unfold in sectors where other companies had already been punished? How often do firms enter high-risk markets without learning from past enforcement actions?

Compliance takeaway: Compliance programs must institutionalize lessons learned. Post-mortems, root cause analyses, and case study training ensure that past failures are not forgotten. History is a teacher; ignoring it is an invitation for disaster.

Secrets Fester in the Dark

Imhotep survives for thousands of years because he is hidden, entombed, forgotten, and buried under the sands of secrecy. When he reemerges, he operates in shadows, manipulating others with half-truths and disguises. His power thrives because no one knows his true identity until it is too late. This is a powerful metaphor for compliance risks. Misconduct, whether corruption, fraud, or abuse, thrives in secrecy. When information is concealed, when transparency is absent, risks multiply. By the time issues surface, the damage is often catastrophic.

Compliance takeaway: Transparency is the enemy of misconduct. Compliance officers must insist on disclosure, whether through clear financial reporting, transparent third-party relationships, or open communication channels. Darkness enables misconduct; transparency shines light on hidden risks.

Culture Outlasts Controls

What is striking about The Mummy is that even after 3,700 years, Imhotep’s devotion to his forbidden love, Ankh-es-en-amon, drives his every action. The cultural imprint of his choices outlives laws, punishments, and time itself.

The same is true in corporate life: culture outlasts controls. Policies and procedures may be updated, training refreshed, and leadership reshuffled, but if a culture of secrecy, corruption, or retaliation exists, it will endure unless deliberately changed. Regulators such as the DOJ have repeatedly emphasized that culture, not paper programs, determines compliance success.

Compliance takeaway: Compliance professionals must focus on shaping culture. This requires tone from the top, modeling from the middle, and reinforcement at every level. Controls matter, but without cultural alignment, they are as fragile as papyrus.

Obsession with the Past Can Blind Us to the Present

Imhotep is consumed by his obsession with reviving his ancient love. He manipulates the modern world only to resurrect the past. This obsession blinds him to present realities and ultimately leads to his downfall. Organizations can fall into the same trap. Compliance programs that focus solely on past risks, outdated procedures, legacy markets, and historical problems without quickly adapting to new realities become obsolete. Think of the rapid rise of ESG compliance, AI governance, and supply chain transparency. Companies stuck in “last decade’s risks” are unable to address emerging threats.

Compliance takeaway: Compliance must balance history with forward-looking risk assessments. Yes, learn from the past, but don’t become captive to it. The 2024 Update to the Evaluation of Corporate Compliance Programs (2024 ECCP) stresses the need to assess new business models and emerging risks. Compliance must look ahead as much as it looks back.

Lack of Boundaries Leads to Unintended Consequences

The archaeologists who awaken Imhotep fail because they have no boundaries; they open what should remain closed, touch what should remain untouched, and ignore the warnings etched on the tomb. Their lack of restraint unleashes destruction. This is a classic compliance lesson: boundaries exist for a reason. In business, these boundaries are policies, internal controls, approval processes, and ethical standards. When ignored—even unintentionally—they create exposure. The global enforcement landscape is littered with companies that ignored boundaries in pursuit of profit.

Compliance takeaway: Reinforce boundaries. Build controls that prevent risky actions, monitor for boundary-crossing behavior, and emphasize in training why rules exist. Boundaries are not bureaucratic obstacles; they are protective structures that prevent organizations from unleashing their own “mummies.”

Conclusion: The Mummy as a Compliance Case Study

Karloff’s The Mummy endures because it is more than a horror story; rather, it is a meditation on history, secrecy, obsession, and consequence. For compliance professionals, it is also a parable about governance.

For compliance officers, the film offers a powerful reminder: the past is never truly buried. Misconduct, once unleashed, is hard to contain. Our role is to study history, insist on transparency, shape culture, anticipate new risks, and enforce boundaries.

Like Imhotep, compliance failures rarely emerge overnight. They are buried, hidden, and ignored until they rise again with destructive force. The Karloff Mummy teaches us that vigilance, transparency, and cultural strength are the only safeguards against being haunted by the past.

Join us next Friday, October 31, as we conclude our special series by looking at The Invisible Man.

Categories
Blog

House of Atreus Week: Part 5 – Orestes and Electra – Breaking the Cycle Through Accountability

Every compliance journey must eventually reach its reckoning —the point at which wrongdoing, however deeply embedded, must give way to accountability. In Greek tragedy, that moment comes with Orestes and Electra, the final heirs of the cursed House of Atreus.

Their story marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It’s not just the end of a tragic dynasty; it’s the beginning of governance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo, moving from reactive crisis management to mature, transparent, and accountable systems of justice.

Today, we conclude our look at lessons from the House of Atreus for the 21st-century compliance profession through a review of my personal favorite, the tragedy of Orestes and Electra. Their tale was memorialized as the final play in Aeschylus’s trilogy The Oresteia, written in the 5th century BC. The Oresteia trilogy consists of three plays: Agamemnon, The Libation Bearers, and The Eumenides. They all discuss the murder of Agamemnon by Clytemnestra, the murder of Clytemnestra by Orestes, the trial of Orestes, the end of the curse on the House of Atreus, and the pacification of the Furies.

The tale of Orestes and Electra marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It is not just the end of a tragic dynasty; it is the beginning of governance and compliance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo —from reactive crisis management to mature, transparent, and accountable systems of justice.

In today’s Part 5, we discuss what every compliance practitioner and compliance regime must eventually face. Their journey reaches its reckoning,  the point where wrongdoing, however deeply embedded, must give way to accountability.

The Last Act of the Curse

After Clytemnestra murders Agamemnon, she takes power alongside her lover, Aegisthus. Their rule, built on deceit and blood, becomes yet another chapter in the family’s curse. Orestes and his sister Electra, exiled and grieving, grow up in a world where justice has been replaced by fear and silence.

Years later, Orestes returns to Mycenae with Electra’s encouragement. Together, they plot vengeance, the killing of their mother and her consort, to avenge their father’s murder. The act fulfills the family’s grim legacy: the son kills the mother as the mother killed the father. But Orestes doesn’t find peace. Instead, he’s haunted by the Furies, ancient goddesses who punish those who shed family blood. Tormented and desperate, he seeks sanctuary in Athens, where the goddess Athena establishes the first trial by jury. The Furies prosecute, Apollo defends, and Athena casts the deciding vote. The verdict is acquittal, but not because Orestes was blameless, but because justice must evolve from vengeance to law. And just like that, the curse ends,  not through violence, but through accountability.

From Retribution to Governance

What Athena did for Orestes is what modern compliance programs do for organizations: they replace personal retribution with institutional justice and institutional fairness. Before that trial, every wrong in the House of Atreus was met with revenge. Each generation avenged the last until there was no one left to save. Athena’s tribunal introduced a revolutionary idea: that justice must be impartial, procedural, and transparent.

That’s precisely the evolution every organization must undertake when it faces a scandal. At first, the instinct is vengeance: fire the bad actors, issue a statement, move on. But sustainable integrity requires something deeper: process, documentation, fairness, and continuous improvement. Orestes’ trial marks the shift from chaos to compliance.

Accountability: The End of the Curse

The word “accountability” is often misunderstood. It does not mean punishment. It means answerability, the willingness to stand before a system greater than oneself and be judged fairly. That is what Orestes did. He did not flee the Furies forever; he submitted to judgment. He participated in the process. And in doing so, he transformed justice from a personal to an institutional matter. For modern compliance officers, this is a powerful metaphor. Accountability is not about creating fear. It is about building trust. It ensures that wrongdoing is addressed through a fair, transparent process that restores, rather than destroys, culture.

The Furies as Internal Audit

The Furies are terrifying, but in the compliance world, they’re familiar. They represent the internal mechanisms of conscience and oversight, the investigations, audits, and regulators that chase wrongdoing wherever it hides. Like Orestes, many leaders try to outrun them, hoping the past won’t catch up. But true integrity doesn’t come from evasion; it comes from engagement. The companies that emerge strongest from scandal are those that face their Furies head-on, invite scrutiny, and cooperate transparently.

Think of how Siemens rebuilt its compliance function after its massive bribery scandal by embracing rigorous internal controls, external oversight, and a commitment to ethical reform. Indeed, we saw similar results based upon similar actions by both Wells Fargo and ABB. That was Orestes’ trial in corporate form, judgment accepted, redemption earned.

Electra: The Voice of Culture Renewal

Electra plays a quieter but equally vital role. She represents the voice of moral conscience, the employee who still believes in right and wrong even when everyone else has gone silent. She is the whistleblower who says, “This isn’t who we are.” The compliance champion who refuses to normalize misconduct. Without Electra’s courage, Orestes would never have acted.

Modern organizations need their Electras: employees empowered to speak, question, and persist. That’s why building a speak-up culture is the cornerstone of the 2024 DOJ Evaluation of Corporate Compliance Programs (ECCP). A company’s ability to surface issues early depends on whether it protects, informs, and celebrates those who come forward. If Orestes symbolizes accountability, Electra symbolizes cultural integrity, the belief that justice is worth pursuing even when it is dangerous.

The Birth of the Rule of Law

The trial of Orestes is one of the most significant moments in Western moral thought because it replaces vengeance with the rule of law. It is also the mythological birth of compliance, where emotion gives way to ethics, and chaos yields to process. Athena’s message is timeless: “No one person may decide justice alone. We must build systems that outlast individuals.”

That is the essence of compliance governance. Codes of conduct, reporting channels, disciplinary processes, and training all exist for one reason: to ensure that justice does not depend on personalities. Orestes’ acquittal didn’t erase his crime. It institutionalized accountability so the next generation wouldn’t repeat his curse. For corporate culture, that’s exactly what post-crisis reform does: it replaces vengeance with systems and outrage with order.

Compliance as Redemption

Orestes’ story ends not in punishment, but in purification. Athena orders the Furies to become the Eumenides,  “the Kindly Ones.” Their role shifts from persecutors to protectors, guarding the moral order they once avenged. That transformation is the perfect metaphor for what a compliance function can become after a crisis. At first, compliance feels punitive,  investigators, auditors, monitors. But over time, as systems mature and transparency grows, compliance evolves into something restorative: a protector of trust, reputation, and ethical resilience. The same forces that once punished now preserve. That is redemption for organizations and for people.

Lessons in Modern Compliance Transformation

What can compliance professionals learn from Orestes’ journey? The parallels are striking.

  1. Justice Must Be Systemic, Not Personal. Vengeance satisfies emotion but destroys culture. Justice through process restores legitimacy. For the compliance professional, the ECCP demands institutional fairness, which builds procedural fairness into investigations. Transparency and due process protect both the company and its people.
  2. Accountability Ends the Cycle. Denial perpetuates dysfunction. Facing wrongdoing directly, even publicly, is the first step to rebuilding credibility. You should conduct root cause analyses after every violation. Use findings to strengthen systems, not just assign blame.
  3. Protect the Electras. Ethical renewal begins with those who dare to speak truth.
  4. As a compliance professional, you must empower whistleblowers by providing visible protections, feedback loops, and cultural recognition.
  5. Embrace Your Furies. Auditors, regulators, and monitors are not enemies; instead, they should be seen as accountability partners. As counterintuitive as it may seem, you should treat oversight as an opportunity. Transparency with regulators builds long-term trust.
  6. Transform Enforcement into Ethics. The end goal of compliance is not punishment, it is not even detection; it is prevention. Every compliance professional should use disciplinary outcomes as learning opportunities. Celebrate integrity as publicly as you punish misconduct.

From Tragedy to Transformation

The House of Atreus began with arrogance, deception, and retaliation. It ended with something extraordinary, the birth of justice as a system. Each generation’s failure taught a lesson:

  • Tantalus showed that leadership without humility corrupts.
  • Pelops revealed the dangers of winning through corruption.
  • Atreus and Thyestes exposed the poison of internal retaliation.
  • Agamemnon and Clytemnestra warned of power without accountability.
  • Orestes and Electra finally demonstrated how accountability, due process, and transparency can cleanse even the deepest cultural stain.

That arc is the same one every mature compliance program follows from reaction to reflection, from punishment to prevention, from crisis to culture.

From Curse to Compliance

The story of Orestes is not about vengeance; rather, it is about evolution. He did not end the curse by denying it. He ended it by confronting it, submitting to judgment, and accepting that systems, not individuals, define justice. That is the ultimate compliance insight. You can’t train your way out of a cultural problem. You can’t manage ethics through charisma. You must build structures that embed accountability into every decision, every leader, and every process.

Orestes reminds us that compliance is not just about preventing misconduct; it is about healing organizations. It is about helping companies move from the chaos of reaction to the clarity of governance, from fear to fairness, from silence to transparency, from vengeance to virtue. Because in the end, every organization has its own House of Atreus somewhere in its history. The question is not whether the curse exists. The question is whether we, like Orestes, will have the courage to face it and the wisdom to replace it with justice that lasts.