Tag: compliance

Categories
Great Women in Compliance

Great Women in Compliance – The Power of Vulnerability with Cricket Snyder

Lisa Fine speaks with Cricket Snyder, the first Chief Compliance Officer for the Jefferson County Commission in Birmingham, Alabama, a role that was mandated by a US Federal District Court decree.

Cricket shares her experiences in shifting the compliance culture in Jefferson County from one where she was initially viewed as an extension of the monitoring to one where she overcame employee skepticism and built trust, connecting with people throughout the county.

Cricket also emphasizes the importance of vulnerability, particularly in a new, challenging role. She also reminds us of the power of being open about what you don’t know and how doing so helped foster a more transparent and collaborative environment. She also received support from the broader compliance community.

Lisa and Cricket also discuss strategies to increase engagement. Cricket introduced “Compliance Week” to Jefferson County, transforming compliance education into engaging, themed events. These have increased trust in the function among all county employees, leading to a positive culture shift.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – AI and 3rd Party Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider how you can bring predictive analytics into your program to make it proactive rather than reactive.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 59 – Unmasking Compliance Blind Spots: Training and Communication Lessons from ‘Is There in Truth No Beauty?’

No TOS episode is more apt for compliance professionals seeking to elevate their training and communications program than the third season gem, “Is There in Truth No Beauty?”

As compliance professionals, we can mine “Is There in Truth No Beauty?” for powerful lessons on how to build a culture of effective training and communications that prepares our teams for the uncharted territory of tomorrow’s risks. Today, we set our phasers to “inspire” and explore five key compliance training and communications lessons from this classic Trek tale.

1. Embrace the Limits of Human Perception

Illustrated By: The crew’s first briefing about the Medusan ambassador is laden with warnings: “No one may look upon a Medusan with the naked eye.”

Compliance Lesson. Every organization has its own “Medusans” risks, regulations, and even people whose perspectives are so different they can seem incomprehensible. Too often, compliance training assumes everyone shares the same baseline understanding and comfort level. That is a dangerous assumption.

2. Communicate Expectations—Don’t Assume Understanding

Illustrated By: Early in the episode, Captain Kirk assembles his crew for a detailed briefing. Spock and Dr. Jones reinforce the message, and the procedures for safe interaction are laid out.

Compliance Lesson. How many compliance failures begin with, “Well, I thought I understood what was required…”? In Star Trek, lives depend on explicit, repeated communication of expectations. In your organization, regulatory and reputational survival depends on it as well.

3. Build Trust and Psychological Safety Before the Crisis

Illustrated By: The relationship between Dr. Jones and the crew is initially fraught. She is a telepath, guarded and secretive. Her sense of isolation is palpable. Yet as the episode progresses, Kirk and Spock earn her trust by inviting her into their confidence and acknowledging her unique expertise. This trust proves critical when disaster strikes.

Compliance Lesson. Effective communication is built on trust and psychological safety. If employees feel isolated, mistrusted, or afraid to speak up, no amount of “mandatory training” will make your compliance program effective.

4. Prepare for the Unexpected—And Practice the Protocols

Illustrated By: When Kollos’s container is accidentally opened, crew member Larry Marvick is exposed to the Medusan and descends into madness, nearly destroying the Enterprise.

Compliance Lesson. Crises never unfold according to plan, but they reveal the effectiveness of your training and protocols. Star Trek demonstrates that it’s not enough to have a policy in the binder; you must train, rehearse, and test those protocols until they are second nature.

5. Embrace Diversity—and the Value of the Outsider’s View

Illustrated By: The Medusan, Kollos, is physically incomprehensible to humans, yet he is also a being of great intelligence and empathy.

Compliance Lesson:

Homogeneity is a hidden compliance risk. Diverse teams bring broader perspectives, challenge assumptions, and spot blind spots that a monoculture would miss. In Star Trek, survival depends on learning from the outsider; in compliance, innovation, and vigilance depend on the same principle.

Final ComplianceLog Reflections

Is There in Truth No Beauty?” is a meditation on the limits of perception, the power of communication, and the necessity of embracing difference. For compliance professionals, it offers a road map for building training and communications programs that are clear, inclusive, practical, and resilient.

The universe of compliance is ever-expanding. Let’s train and communicate so our teams are ready to boldly go where no one has gone before.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Bringing Predictive Analytics into Your Compliance Regime

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider how you can bring predictive analytics into your program to make it proactive rather than reactive.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Innovation in Compliance

Innovation in Compliance: Scaling Compliance Programs: Insights from a Navy Veteran and Compliance Leader

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. This series is introduced by Tom Fox and hosted by Roxeanne Petraeus. Ethena sponsors this special five-part series on Innovation in Compliance.

In this engaging episode, Roxeanne Petraeus sits down with LaSalle Vaughn, a seasoned compliance leader and Navy veteran. They delve into Vaughn’s extensive experience in scaling compliance programs for both large and small companies, emphasizing the importance of top leadership buy-in, cross-functional collaboration, and creative compliance training solutions. Vaughn shares his journey to becoming a board member, the significance of network relationships, and how his military background informs his approach to building a strong compliance culture. The discussion also highlights the unique qualities of the Ethena compliance platform and the necessity of effective customer support. Listeners gain valuable insights on effective compliance strategies and career development in the compliance field.

Key highlights:

  • LaSalle Vaughn’s Background and Experience
  • Scaling Compliance Programs
  • Getting C-Suite Buy-In for Compliance
  • Cross-Functional Collaboration in Compliance
  • Path to Board Service
  • Military Influence on Compliance and Culture

Resources:

LaSalle Vaughn on LinkedIn

Ethena Website

Roxanne Petraeus on LinkedIn

Ethena on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Beyond the Checklist: Dynamic Fraud Risk Assessments for the Failure to Prevent Fraud Offense

We continue our review of the Economic Crime and Corporate Transparency Act 2023, which has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Section 3.2 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into the requirement for a fraud risk assessment.

As compliance professionals eagerly anticipate the impending go-live of the UK’s Failure to Prevent Fraud Offense, it is paramount to revisit the foundational pillar of any anti-fraud strategy—the fraud risk assessment. The act of assessing fraud risk has always been critical, but in this new legislative context, its significance cannot be overstated. The comprehensive risk assessment outlined by guidance in section 3.2 provides a blueprint that can prepare your organization not only to meet compliance standards but also to strengthen your corporate defenses against fraud.

Risk assessments must be both dynamic and regularly updated. Static, outdated assessments leave your organization exposed, failing to capture evolving fraud techniques and risks introduced by changes in personnel, procedures, technology, or external environments. Organizations are now explicitly encouraged to leverage their existing risk assessment frameworks, extending them to encapsulate the broader scope of the Failure to Prevent Fraud Offense. This approach not only maximizes efficiency but also ensures thoroughness and cohesion within your risk management strategies.

Identifying Associated Persons

The term “associated persons” casts a wide net, and it is essential to thoroughly understand who within and outside your organization could potentially expose you to risk. This includes agents, contractors, and personnel in sensitive roles such as finance or procurement. Each category presents unique fraud risks, ranging from false representation and failure to disclose to false accounting and abuse of position. Properly categorizing and assessing these typologies enables targeted, efficient mitigation measures and preventive strategies tailored to specific vulnerabilities.

Leveraging the Fraud Triangle

Compliance professionals must use the Fraud Triangle. Opportunity, motive, and rationalization are foundational tools to structure their risk assessments. Each element provides a lens through which potential fraud scenarios can be systematically evaluated:

  1. Opportunity: Does your organization inadvertently offer avenues for fraudulent activity due to weak controls, insufficient oversight, or technological vulnerabilities? For instance, departments such as finance, procurement, and marketing often harbor increased opportunities for fraud due to their access to funds or sensitive information. It’s also crucial to consider external agents or contractors operating with minimal oversight.
  2. Motive: Financial incentives and operational pressures can drive individuals towards fraudulent activities. Compliance teams must critically assess whether reward systems such as bonuses or commissions could unintentionally incentivize fraud. Additionally, organizational pressures related to achieving financial targets, impending mergers, acquisitions, or regulatory deadlines must be closely monitored.
  3. Rationalization: The justification of fraudulent acts often stems from organizational culture and industry norms. A company that subtly tolerates fraud, perhaps viewing it as a necessary evil for winning business or reaching targets, sets the stage for rationalization. Ensuring a robust speak-up culture and providing effective whistleblowing channels can significantly mitigate this risk.

Using Diverse Sources and Preparing for Emergency Scenarios

Risk assessment is enriched by diverse sources, including data analytics, past audit findings, industry-specific information, regulatory enforcement actions, and publicly available prosecutions or DPAs. These resources not only help identify potential fraud scenarios but also benchmark your organization’s prevention measures against industry standards and practices.

Unexpected emergencies, from natural disasters to economic crises, inherently increase fraud risks. Organizations must proactively incorporate emergency scenarios into their risk assessments. Doing so not only complies with the statutory obligation to demonstrate reasonable fraud prevention measures but also practically prepares your organization to adapt and maintain integrity during challenging times swiftly.

Classification and Regular Review of Risks

A thorough risk assessment involves classifying inherent risks by their likelihood and impact. This classification is vital in prioritizing resources effectively, focusing efforts on mitigating high-impact, high-probability risks. Regular reviews of your risk assessment, typically every two years, or sooner if triggered by significant internal or external changes, ensure its continued relevance and effectiveness.

Failing to update and refine your risk assessment regularly can expose your organization to severe consequences. Courts may interpret outdated assessments as indicators of inadequate preventive measures, leaving your organization vulnerable to penalties and reputational harm.

Five Key Takeaways for the Compliance Professional

Here are five key takeaways for the compliance professional:

1. Dynamic and Regular Updates Are Essential:

Risk assessments must not be viewed as one-off or static exercises. Continuous monitoring, regular updating, and adaptation to emerging fraud threats are essential to maintain relevance and ensure comprehensive fraud prevention capabilities.

2. Comprehensive Identification of Associated Persons:

Given the expansive definition of “associated persons,” compliance professionals must carefully identify and categorize all internal and external parties capable of exposing the organization to fraud risks. Tailored fraud risk mitigation strategies should then be developed based on these typologies.

3. Utilize the Fraud Triangle Effectively:

Applying the fraud triangle’s elements, opportunity, motive, and rationalization, can provide structure and depth to fraud risk assessments. This systematic approach helps to uncover specific vulnerabilities and inform targeted preventive measures.

4. Broaden Your Sources of Risk Intelligence:

Compliance professionals must leverage multiple sources, including past audit reports, data analytics, regulatory enforcement actions, and publicly available case studies. Integrating this diverse intelligence enhances the effectiveness and breadth of fraud risk assessments.

5. Incorporate Emergency Scenario Planning:

Fraud risks escalate during emergencies. Preparing and integrating emergency scenarios into your fraud risk assessment framework helps ensure that robust fraud prevention measures remain effective during crises, aligning your risk management practices with statutory obligations and best practices.

The Time to Act is Now

The clock is ticking towards the implementation of the Failure to Prevent Fraud Offense, and complacency is not an option. Conducting and maintaining a dynamic, comprehensive fraud risk assessment is no longer just best practice. It is a statutory necessity. By rigorously identifying associated persons, leveraging the Fraud Triangle, drawing insights from diverse sources, preparing for emergency scenarios, and regularly reviewing your assessment, your organization can confidently demonstrate its commitment to fraud prevention. Proactive engagement in these activities not only fortifies your compliance posture but also significantly enhances your organization’s resilience against fraud. Compliance professionals must seize this opportunity to reinforce their strategic value, embedding effective anti-fraud measures into their organizational culture and operations as we move closer to this critical regulatory milestone.

Join us tomorrow as we consider the procedures to implement your fraud risk assessment.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Strategies for Embedding Compliance into your Organization

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, what are some key strategies for embedding compliance into your organization?

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles: Uncovering M&A Compliance Lessons

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Over the course of this season, Tom Fox will take a deep dive into each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear. For the month of July, we are considering lessons from The Hound of the Baskervilles. Today, Timothy and Fiona are back to consider the pre- and post-acquisition M&A lessons from the novel.

This episode explores the fascinating parallels between Sir Arthur Conan Doyle’s ‘The Hound of the Baskervilles‘ and modern corporate compliance. By examining Sherlock Holmes’ meticulous investigative methods, we gain critical insights into due diligence, compliance integration, and forensic investigations. Discover how to apply Sherlockian principles to proactively prevent corruption, foster an ethical corporate environment, and transform potential liabilities into assets. We break down these ideas into three stages: pre-acquisition due diligence, post-acquisition training and integration, and the handling of forensic investigations when issues arise.

Highlights include:

  • Pre-Acquisition Due Diligence: The Sherlockian Approach
  • Post-Acquisition Integration: Building a Baskerville Hall of Compliance
  • Forensic Investigations: Swift and Evidence-Based Responses
  • Conclusion: Applying Sherlockian Insights to Modern Compliance

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Lost Among the Stars: Leadership & Tone from the Top Lessons from Star Trek’s “The Paradise Syndrome”

Few Star Trek episodes put Captain Kirk in as vulnerable or as revealing a position as “The Paradise Syndrome.” What begins as a routine mission to deflect an asteroid from a primitive planet spirals down into an exploration of leadership, identity, and the power of influence from the very top. For corporate compliance professionals, this story is a masterclass in how tone from the top and authentic leadership can either protect or imperil an entire organization.

In “The Paradise Syndrome,” the Enterprise crew is faced not only with a ticking clock but also with the absence of their leader. As Kirk loses his memory and is separated from his command, Spock, McCoy, and the rest must navigate the crisis without the guiding presence that usually sets the tone. What unfolds is a powerful lesson in why leadership and the values it projects matter more than any written policy or technology.

With Kirk’s leadership removed at the most critical moment, we see the cascading impact on the crew, on the planet, and on Kirk himself. This scenario, while fantastical, is a perfect metaphor for what happens in organizations when the tone from the top is unclear, inconsistent, or simply absent.

Join me as we step through the wormhole and extract five vital leadership lessons for the modern compliance officer, each illustrated by scenes from this unforgettable episode.

Leadership Presence Is the First Line of Defense

Illustrated By: As soon as Kirk disappears, Spock and McCoy sense something is amiss. The crew is uneasy, decision-making becomes muddled, and a lack of clear command amplifies the mission’s urgency.

Compliance Lesson: The tone set by leadership isn’t just about lofty statements or annual memos. It’s a daily, lived presence. When leadership is visible, engaged, and available, the organization operates with clarity and confidence. When it is absent, even for a short time, uncertainty fills the vacuum, and risk increases.

What should I do? For compliance professionals, this means that leadership must be front and center, not just when things go wrong, but in the rhythms of daily business. Leaders should participate in training, be present in investigations, and visibly support the compliance function. A leader’s consistent presence sends the strongest possible message: compliance matters here.

Values Must Be Internalized, Not Just Announced

Illustrated By: Stripped of his memory, Kirk (as “Kirok”) is taken in by the planet’s people. Despite not knowing who he is, his instincts for fairness, curiosity, and protection shine through. He becomes a leader not by decree, but by action.

Compliance Lesson: True leadership is more than titles and speeches; it’s about internalized values that guide decisions, even under stress or uncertainty. Kirk’s ethical compass survives amnesia because it’s part of who he is.

What should I do? Corporate values, particularly those related to ethics and compliance, must be deeply ingrained in the organization. Training and messaging must move beyond checklists to foster genuine understanding and belief. When faced with unexpected challenges or moral dilemmas, employees should be able to act based on these internalized values, even if the “playbook” is missing. Compliance professionals should focus on culture-building, rather than just disseminating policies.

Crisis Reveals the True Tone from the Top

Illustrated By: Spock, now in command, faces a daunting technical challenge with limited time and resources. He makes tough, sometimes unpopular decisions, including pushing the engines to dangerous limits. McCoy protests, but Spock remains steadfast, demonstrating calm under pressure.

Compliance Lesson: In a crisis, all eyes turn to leadership. How leaders act or fail to act under stress defines the tone from the top far more than any code of conduct. Spock’s resolve and willingness to make hard choices keep the crew focused on their mission, even as doubt and tension rise.

What should I do? Compliance leaders should prepare for the inevitable crisis by building trust, communicating transparently, and showing willingness to take responsibility. When employees see leadership confronting difficulties head-on, they are more likely to follow suit. Tabletop exercises and crisis simulations should always include a tone-from-the-top component. How will leadership communicate? How will they reinforce values under pressure?

Empathy and Communication Sustain Compliance

Illustrated By: While among the villagers, Kirk forms relationships based on empathy and service. He marries Miramanee, helps heal a sick child, and supports his new community. Even without his identity, he inspires trust because of the way he listens and responds to those around him.

Compliance Lesson: Leadership is not just about command; it is about connection. In compliance, the ability to listen, understand, and respond to concerns is just as important as issuing directives. Empathy fosters credibility and promotes a culture of speaking up, particularly during times of change.

What should I do? Compliance officers should foster open-door environments where employees feel comfortable sharing concerns and asking questions. Leaders should model humility and emotional intelligence, admitting when they don’t have all the answers. In the modern workplace, psychological safety is an essential component of tone from the top.

Sustainable Culture Requires Both Structure and Spirit

Illustrated By: When Kirk finally regains his memory and identity, he is torn between his love for Miramanee and his duty to the Enterprise. The heartbreak of leaving behind his new life underscores that authentic leadership often requires personal sacrifice for the greater good.

Compliance Lesson: Tone from the top is sustained not just by systems and controls, but by the personal commitment of leaders to do what’s right, even when it’s difficult. The spirit of compliance must be aligned with the structure of compliance; one without the other is incomplete.

What should I do? Senior leaders and compliance professionals must demonstrate their commitment through both words and deeds. This may involve making tough decisions, investing resources, or prioritizing compliance over short-term gains. By modeling this balance, leadership sets the foundation for a culture that endures, regardless of who is at the helm.

Final ComplianceLog Reflections

“The Paradise Syndrome” is a cautionary tale and an inspiration. When leadership vanishes, even temporarily, an organization’s values, direction, and resilience are put to the test. Kirk’s journey reminds us that leadership is not just about the title on the door but about daily actions, internalized values, and the ability to connect authentically with those you lead. By embracing these lessons, compliance officers and business leaders alike can build organizations that thrive not just in paradise but in any storm the universe throws their way.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Blog

Setting the Tone: Why Top-Level Commitment Is the Heart of Fraud Prevention

In today’s rapidly evolving compliance landscape, one principle has become abundantly clear: effective fraud prevention starts at the top. The Economic Crime and Corporate Transparency Act 2023, with its new offense of failure to prevent fraud, has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organizations on the offense of failure to prevent fraud” (The Guidance). Section 3.1 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into what a top-level commitment is.

The Imperative: Leadership’s Role in Preventing Fraud

Section 3.1 places the responsibility for preventing and detecting fraud squarely on those charged with governance, including the Board of Directors, partners, and senior management. This is not simply a perfunctory statement. The Guidance makes it clear: without authentic buy-in and leadership from the very top, even the best-written policies and controls will falter.

A culture of zero tolerance for fraud must be more than a slogan. The board and senior management must actively foster an environment where fraud is not only discouraged but also considered unthinkable, where profit derived from or assisted by fraud is unequivocally rejected.

Visible Commitment: Not Just Words, But Deeds

What does genuine top-level commitment look like? The Guidance offers a clear framework. It is about visible, consistent action that resonates throughout the organization. This includes:

  • Publicly rejecting fraud, even at the cost of lost business opportunities. Boards and executives must demonstrate that they will walk away from deals if the price compromises their integrity and values.
  • Explaining the business benefits of a strong anti-fraud posture. Protecting the company’s reputation, building trust with customers and business partners, and ensuring long-term sustainability are tangible, valuable outcomes.
  • Backing policies and codes of conduct with consequences. There must be clarity about what happens if someone breaches anti-fraud policies—up to and including contractual and disciplinary action.
  • Acknowledging and endorsing collective anti-fraud efforts. Participation in industry initiatives or trade body actions against fraud demonstrates seriousness of intent.

A leadership statement is only credible if real accountability, named roles, and continuous communication back it.

Governance: Structuring Responsibility for Real Results

Clear governance is the backbone of any fraud prevention framework. Section 3.1 stresses that organizations should define, document, and communicate who is responsible for every aspect of fraud prevention, from risk assessment to whistleblowing, and from detection to disciplinary actions.

Best practice governance includes:

  • Designated responsibility for horizon scanning, risk assessment, policy development, disciplinary action, whistleblowing, investigation, and ongoing review.
  • Direct access for compliance leadership to the board or CEO, even if day-to-day reporting is elsewhere. This ensures critical issues don’t get buried in middle management.
  • Documentation of decisions and actions. Board minutes should capture key compliance decisions, risk reviews, and follow-up actions.
  • Succession planning for compliance leadership. Governance should account for staff turnover and ensure continuity in anti-fraud efforts, even when key personnel are absent or leave the organization.

In some organizations, the board or senior executives will be personally involved in designing fraud prevention measures; in others, they will delegate this responsibility to the Head of Ethics and Compliance while retaining ultimate accountability. The key is active engagement and oversight.

Commitment to Resources: Funding and Training

Fraud prevention is not a costless endeavor. The guidance is explicit: senior management must allocate a reasonable and proportionate budget for compliance leadership, fraud prevention staff, training, and technology, including due diligence tools and platforms. This budget commitment must be sustained for the long term, not just as a one-off initiative.

Training is equally crucial. Senior management must champion not only initial training but also ongoing refreshers and updates, ensuring that all staff, especially those in high-risk roles, are equipped to identify and prevent fraud. Resilience is key: anti-fraud practices must be maintained even when staff are on vacation or sick leave or when there is turnover.

Leading by Example: The Tone at the Top

The “tone at the top” is more than a catchphrase; it is the bedrock of ethical culture. Senior managers must embody the standards they expect from the rest of the organization. This means:

  • Openly challenging rationalizations for fraud. Whether it’s “everyone does it,” “it’s not material,” or “it’s for the good of the business,” these are dangerous myths that must be confronted.
  • Encouraging early reporting of concerns. Leadership should foster an open culture where staff feel empowered to speak up, no matter how minor the issue may seem. The earlier a problem is raised, the less likely it will snowball into a major scandal.
  • Making ethics a daily practice, not a quarterly campaign. Whether through regular reminders, integration into performance evaluations, or simply modeling the right behaviors, leaders set the ethical weather for the company.

Communication: Reinforcing the Anti-Fraud Message

Top-level commitment must be consistently and credibly communicated to all key audiences, including employees, contractors, agents, suppliers, and business partners. The guidance recommends tailoring the message for different stakeholders; what resonates with employees may differ from what is relevant for contractors or vendors.

Effective anti-fraud communication should:

  • Highlight the organization’s commitment to integrity over short-term gains.
  • Reinforce the real-world consequences of violating anti-fraud policies.
  • Regularly spotlight examples of ethical leadership, transparency, and collective action against fraud.

The Importance of Whistleblowing

Section 3.1 places significant emphasis on whistleblowing—not only establishing clear channels but also creating a culture where speaking up is encouraged and protected. Senior management should ensure:

  • There are safe, independent channels for reporting concerns.
  • Whistleblowers are protected from retaliation.
  • Reports are acted on quickly and transparently.

A strong whistleblowing culture indicates that leadership is committed to identifying and addressing problems before they become systemic.

The “Why” Behind Top-Level Commitment

Why is all of this so critical? Because fraud is adaptive. It thrives in ambiguity, and it flourishes when leadership is distracted, disinterested, or inconsistent. The Economic Crime and Corporate Transparency Act 2023 raises the stakes: organizations now face not just reputational and commercial damage but also criminal liability if they cannot show that their prevention procedures were reasonable and implemented with real top-level commitment.

The regulators and prosecutors will look for evidence of this commitment. Are senior managers personally invested? Do they walk the talk? Can they demonstrate, with documentation, that anti-fraud policies are embedded in the organization’s DNA?

Practical Steps for Compliance Professionals

What should compliance professionals do today?

  1. Engage with your board and C-suite. Make sure they understand their personal and collective responsibilities under the Act.
  2. Audit your current governance structures. Identify gaps in accountability, communication, or resource allocation.
  3. Refresh your anti-fraud messaging and training. Ensure it is regular, targeted, and endorsed by top management.
  4. Enhance your whistleblowing framework. Benchmark it against best practices and ensure visible support from leadership.
  5. Document everything. If it’s not written down, it didn’t happen. Ensure that minutes, decisions, and compliance actions are accurately recorded.

Conclusion: Leadership Sets the Standard

Section 3.1 is clear: fraud prevention is not just the job of compliance or internal audit. It is the duty of those at the top. Authentic leadership means investing in people, systems, and culture; communicating a vision of integrity; and never wavering, even when the pressure to bend the rules is immense.

For the modern compliance professional, this is both a challenge and an opportunity. With exemplary leadership, organizations can move beyond reactive compliance and build an enduring culture where ethical conduct is the norm and fraud has no place to hide.

Join us tomorrow, where we will consider a fraud risk assessment.