Categories
Blog

Shore Leave – Why Compliance Should be Fun (At Times)

Show Summary

What does the episode “Shore Leave” have to do with compliance? Quite a bit, it turns out. Intended as a respite for the fatigued crew of the Enterprise, the planet soon becomes a living playground of the imagination where thoughts turn instantly into reality. Fantasies (and nightmares) from the subconscious materialize: White Rabbits, medieval knights, lost lovers, and even Kirk’s old academy rival, Finnegan.

At first glance, “Shore Leave” may not seem like fertile ground for compliance lessons. But in fact, it offers a powerful metaphor for an often-overlooked truth in corporate ethics and compliance programs: compliance need not be serious to be effective. Sometimes, as Carsten Tams reminds us, it should be playful. In today’s episode, we explore how compliance professionals can make training, communications, and culture-building engaginginteractive, and even fun without ever compromising on rigor or integrity. So join me as we unpack six key lessons from “Shore Leave” that illustrate how playfulness can be a surprisingly powerful tool in your compliance toolkit.

1. People Learn More When They’re Not Stressed

Illustrated by: The Enterprise crew’s need for R&R after exhausting missions.

Captain Kirk initially resists the idea of shore leave, arguing that there’s too much work to be done. But Dr. McCoy, supported by Spock’s logical assessment, insists the crew is showing signs of physical and mental exhaustion. Rest is not a luxury; it is a necessity for operational effectiveness. When the crew beams down, they begin to laugh, explore, and decompress. For a moment, morale is restored.

Compliance Lesson:

Think of your employees the same way you’d think of the Enterprise crew: trained professionals under pressure. If you deliver compliance training in a joyless, legalistic tone, monotone webinars, lengthy policy PDFs, and punishment-driven messaging, instead of creating cognitive overload, you are hindering learning. Neuroscience confirms what “Shore Leave” dramatizes: people learn best when they’re relaxed, open, and stimulated by novelty.

So inject levity. Use storytelling. Create gamified challenges. Host “compliance scavenger hunts” or “ethics escape rooms.” A light touch does not dilute the message. It makes the message stick.

2. Make It Personal, Make It Stick

Illustrated by: The planet’s ability to tailor experiences to each crew member’s thoughts.

The so-called “amusement park planet” adapts its landscape in real-time to reflect each visitor’s thoughts. McCoy sees characters from fairy tales. Sulu finds himself with a samurai. Kirk confronts Finnegan, his mischievous nemesis from the Academy. The planet’s strength lies in its personalization, and each experience is unique, vivid, and relevant to the individual.

Compliance Lesson:

This is precisely what compliance communications should strive to be. People engage with content when it reflects their context, whether that is their role, region, risk exposure, or personal values. A generic, one-size-fits-all compliance email about anti-bribery laws won’t have nearly the impact of a short, animated video showing a sales manager navigating a tricky interaction with a government official in Brazil.

Use personas in your training. Build case studies based on real-life departmental challenges. Include localized content for global audiences. When people see themselves in the message, they remember the lesson.

3. Surprise Can Be a Teaching Tool

Illustrated by: The sudden appearance of surreal figures, from tigers to Alice in Wonderland.

“Shore Leave” keeps the crew and viewers on their toes. When things feel calm, something unexpected occurs. A knight skewers McCoy. A WW2 fighter plane swoops overhead. And Kirk is ambushed by his old nemesis in a fistfight. These surprises grab attention, trigger curiosity, and break the monotony. The episode feels whimsical, but it delivers deeper insights about stress, psychology, and perception.

Compliance Lesson:

In your compliance training program, don’t underestimate the value of surprise. Unexpected storytelling, clever twists, and humorous “wrong way” examples can all disarm your audience and make learning more memorable. Consider starting a training session with a movie scene, a meme, or even a parody of a compliance mistake. Then, pivot into serious learning.

Surprise doesn’t mean gimmickry. It means creating moments that catch attention, challenge assumptions, and open up space for meaningful engagement. Your goal is not simply to inform; rather, as Hui Chin told us many years ago, it is to make people think.

4. Let People Engage on Their Terms

Illustrated by: Different crew members experience the planet in different ways.

While the planet remains the same physical space, everyone interacts with it differently. McCoy goes on a fantasy adventure. Sulu finds joy in weapons. Yeoman Barrows imagines herself in a medieval gown. No one is forced into a particular experience; instead, each crew member chooses their path through the environment, making the experience more personal and fulfilling.

Compliance Lesson:

Apply this principle to your compliance communications strategy. Offer multiple modalities. Some people prefer videos; others prefer articles or podcasts. Some individuals may enjoy scenario-based learning games, while others may prefer simulations or role-playing exercises. Design your training architecture like a multi-lane road: different entry points, same destination.

Consider offering voluntary “bonus” compliance events, lunch-and-learns with guest speakers, ethical film screenings, or cross-functional “spot the risk” challenges. When people have choices, they feel a sense of ownership. And ownership increases buy-in.

5. Even Fantasy Has Rules—Define the Boundaries

Illustrated by: The discovery that the planet’s illusions, while playful, can cause real harm.

Initially, the planet seems harmless. But soon, McCoy is seriously injured, and other experiences become increasingly intense. Kirk and his crew learn that while the Earth is designed for recreation, it can become dangerous if participants do not understand the boundaries or rules. The solution is not to avoid play but to clarify the framework.

Compliance Lesson:

This is one of the most important parallels to corporate compliance. Creating engaging, playful content doesn’t mean abandoning standards or structure; it means embracing them in fresh, innovative ways. The opposite is true. Clear guardrails, defined objectives, code alignment, and measurable outcomes underpin the best compliance engagement programs.

If you host a gamified compliance tournament, ensure that the scoring mechanisms reinforce ethical behavior, not just speed. If you allow user-generated content, ensure review protocols are in place. Structured play can be just as effective and far safer than unsupervised learning. Fun is not the enemy of accountability.

6. Debriefing Deepens Learning

Illustrated by Kirk’s reflection with McCoy and Spock at the end of the episode.

At the end of “Shore Leave,” Kirk pauses to process what happened. He discusses the nature of the planet, its risks, and its benefits. He reflects on his emotional response to Finnegan, his sense of guilt and nostalgia, and what he learned about himself. This moment transforms the experience from play into one of growth and development.

Compliance Lesson:

Never end a training without a debrief. Whether your program was fun, serious, or somewhere in between, reflection is what turns experience into understanding. After a game-based simulation, send out discussion questions. After a role-play session, ask participants to share lessons learned or “What would you do differently? ”

Even something as simple as a brief email summary, a leaderboard shoutout, or a team wrap-up call can reinforce key takeaways and prompt their practical application. The brain needs repetition and connection to consolidate learning. Give your audience the chance to process.

Final ComplianceLog Reflections:

Compliance Doesn’t Have to Be a “No-Fun Zone”

Sometimes, you need to channel your inner Ronnie Feldman, for if there is one thing Shore Leave teaches us, it is that even the most disciplined teams need room for release, exploration, and imagination. The same is true in compliance. You’re not just teaching policies; you’re influencing behavior, shaping culture, and earning trust. And if playfulness, humor, and surprise can help you do that more effectively, then beam those strategies aboard.

Compliance has its profound moments, no doubt. But if your entire program is built on fear, formality, and fatigue, you are missing out on one of the most powerful motivators we have: joy.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Full-Court Compliance: What the Knicks’ Championship Teaches CCOs About Winning the Right Way

While later surpassed by the Michael Jordan Bulls and the back-to-back NBA Champs, my (then) hometown heroes, the Houston Rockets, my favorite NBA team from my teen years was the two-time NBA champs, the New York Knicks. I can still name the starting lineup from the 70-71 champs (Walt Frazier, Dick Barnett, Dave DeBusschere, Bill Bradley, and Willis Reed). So, while I live down the road from San Antonio, I was one of the very few people in Kerrville, TX, rooting for the Knicks.

Today, the New York Knicks are NBA champions for the first time since the 1972-73 season, and for compliance professionals, the story is more than basketball. It is a case study in governance, risk appetite, culture, talent strategy, controls, remediation, and execution under pressure. As reported by ESPN, New York defeated the San Antonio Spurs in five games to win its first NBA championship in 53 years, with Jalen Brunson scoring 45 points in the closeout Game 5 and earning Finals MVP honors.

The scoreboard tells the story of a team that operated under pressure:

Game Score
Game 1 at San Antonio Knicks 105, Spurs 95
Game 2 at San Antonio Knicks 105, Spurs 104
Game 3 at New York Spurs 115, Knicks 111
Game 4 at New York Knicks 107, Spurs 106
Game 5 at San Antonio Knicks 94, Spurs 90

ESPN’s Finals matchup summary listed the Knicks as the 4-1 series winners, based on those five-game results.

For CCOs, the championship lesson starts with roster construction. Leon Rose, the Knicks’ president of basketball operations and chief roster architect, did not build this team by chasing headlines. He built it the way an effective CCO builds a compliance program: with a clear risk assessment, disciplined resource allocation, cultural fit, control remediation, and continuous monitoring.

Start with Jalen Brunson. The Knicks acquired Brunson through free agency in 2022, and NBA.com described him as the central acquisition in Rose’s rebuild. Brunson later agreed to a below-market extension, which gave the organization flexibility to retain and add other players. That is a compliance principle in the form of basketball. You do not spend all your capital on one control and leave no budget for investigations, training, data analytics, third-party management, and monitoring. Brunson was the control owner, but the program still needed a full system around him.

Then came the risk-based gap analysis. Rose did not simply ask, “Who is available? ” He asked the compliance equivalent of, “What risk remains unmitigated? ”The answer was size, defense, positional versatility, rebounding, and playoff resilience. Karl-Anthony Towns arrived through a 2024 three-team trade with Minnesota, giving the Knicks elite frontcourt skill and passing. OG Anunoby came from Toronto in 2023 because the Knicks needed a high-end defender who could handle elite wings and still contribute offensively. Mikal Bridges came from Brooklyn in 2024 as a multi-position wing who could defend and shoot. Josh Hart arrived in a 2023 trade with Portland, bringing toughness, energy, leadership, and the intangible glue that every good system requires.

That is how a compliance officer should think about program design. Policies alone are not enough. Training alone is not enough. Hotline data alone is not enough. A championship compliance program needs anti-corruption controls, third-party due diligence, internal accounting controls, sanctions screening, speak-up culture, investigation protocols, data testing, and board reporting. Each element has a role. Each element covers a gap. Each element must work under stress.

The Knicks also demonstrated the value of cultural due diligence. Brunson, Bridges, and Hart carried a Villanova connection, but the lesson is not nostalgia. The lesson is known as performance under known pressure. Rose understood that talent without fit is a control failure waiting to happen. Compliance leaders understand this point well. A technically gifted executive who rejects controls, bypasses procurement, bullies internal audit, or treats legal review as an obstacle is not a high performer. That executive is a risk amplifier.

The Bridges trade is especially instructive. Rose paid a significant price, sending multiple first-round assets to Brooklyn. NBA.com described it as one of Rose’s biggest and most questioned risks before Bridges proved his value in the postseason. In terms of compliance, this was not risk avoidance. It was risk governance. The question for any board is not whether a strategy carries risk. All meaningful strategies carry risk. The question is whether management has identified the risk, documented the rationale, designed mitigation, and monitored outcomes.

Game 4 was the stress test. The Knicks trailed by 29 points and still beat the Spurs 107-106, completing the largest comeback in NBA Finals history under modern play-by-play tracking. In compliance, this is where paper programs fail, and real programs prove themselves. A company can look strong during the annual training season. The test comes when a whistleblower allegation arrives before the close of a quarter, a high-risk distributor is tied to a government official, a sanctions rule changes overnight, or a business leader asks for an exception because “the deal is too important.”

The Knicks did not win because they avoided adversity. They won because their controls held when adversity arrived. NBA.com noted that every game in the series was within five points in the last five minutes, and the Knicks erased double-digit deficits throughout the Finals. That is program effectiveness. A compliance program is not effective because the code of conduct is polished. It is effective because people make the right decisions when the score is close, the pressure is high, and the wrong shortcut looks attractive.

Finally, Rose made the coaching decision. Mike Brown replaced Tom Thibodeau in 2025, and NBA.com reported that Brown’s approach helped win over the locker room and make strategic changes during the playoff run. This is remediation. Mature organizations do not confuse past success with future sufficiency. Thibodeau helped move the Knicks forward, but Rose concluded that the next stage required a different operating model. CCOs face the same challenge when a legacy control, legacy investigator, legacy third-party process, or legacy reporting structure no longer fits the risk environment.

The Knicks’ championship was not an accident. It was the result of governance, discipline, culture, and controls. That is why CCOs should study it. Define your risk appetite before the season starts. Build around culture, not just talent. Spend resources where the risk assessment shows the gaps. Treat major decisions as board-defensible governance judgments. Most importantly, test whether your program can perform in the final five minutes, because that is where championships and compliance failures are decided.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 15 – Shore Leave – Why Compliance Should be Fun

Show Summary

In this episode of Trekking Through Compliance, we beam down to the lush, surreal planet featured in the original Star Trek series episode, “Shore Leave.” Intended as a respite for the fatigued crew of the Enterprise, the planet soon becomes a living playground of the imagination where thoughts turn instantly into reality. Fantasies (and nightmares) from the subconscious materialize: White Rabbits, medieval knights, lost lovers, and even Kirk’s old academy rival, Finnegan.

At first glance, “Shore Leave” may not seem like fertile ground for compliance lessons. But in fact, it offers a powerful metaphor for an often-overlooked truth in corporate ethics and compliance programs: compliance need not be serious to be effective. Sometimes, as Carsten Tams reminds us, it should be playful. In today’s episode, we explore how compliance professionals can make training, communications, and culture-building engaging, interactive, and even fun without ever compromising on rigor or integrity. So join me as we unpack six key lessons from “Shore Leave” that illustrate how playfulness can be a surprisingly powerful tool in your compliance toolkit.

Key highlights:

1. People Learn More When They’re Not Stressed

 Illustrated by: The Enterprise crew’s need for R&R after exhausting missions.

Dr. McCoy, supported by Spock’s logical assessment, insists the crew is showing signs of physical and mental exhaustion. Rest is not a luxury; it is a necessity for operational effectiveness. For compliance professionals, the message is that if you deliver compliance training in a joyless, legalistic tone, you create cognitive overload rather than facilitate learning. Neuroscience confirms what “Shore Leave” dramatizes: people learn best when they’re relaxed, open, and stimulated by novelty.

2. Make It Personal, Make It Stick

 Illustrated by: The planet’s ability to tailor experiences to each crew member’s thoughts.

No doubt, anticipating GenAI in compliance training, the planet’s strength lies in its personalization; each experience is unique, vivid, and relevant to the individual. This is precisely what compliance communications should strive to be. People engage with content when it reflects their context, whether that is their role, region, risk exposure, or personal values.

3. Surprise Can Be a Teaching Tool

 Illustrated by: The sudden appearance of surreal figures, from tigers to Alice in Wonderland.

When things feel calm, something unexpected occurs. A knight skewers McCoy. A WW2 fighter plane swoops overhead. These surprises grab attention, trigger curiosity, and break the monotony. The episode feels whimsical, but it delivers deeper insights about stress, psychology, and perception. In your compliance training program, do not underestimate the value of surprise. Unexpected storytelling, clever twists, and humorous “wrong way” examples can all disarm your audience and make learning more memorable. Consider starting a training session with a movie scene, a meme, or even a parody of a compliance mistake. Then, pivot into serious learning.

4. Let People Engage on Their Terms

Illustrated by: Different crew members experience the planet in different ways.

While the planet remains the same physical space, everyone interacts with it differently. McCoy goes on a fantasy adventure. Sulu finds joy in weapons. Yeoman Barrows imagines herself in a medieval gown. No one is forced into a particular experience; instead, each crew member chooses their path through the environment, making the experience more personal and fulfilling. Now, apply this principle to your compliance communications strategy. Offer multiple modalities. Some people prefer videos; others prefer articles or podcasts. Some individuals may enjoy scenario-based learning games, while others may prefer simulations or role-playing exercises. Design your training architecture like a multi-lane road: different entry points, same destination.

5. Even Fantasy Has Rules—Define the Boundaries

Illustrated by: The discovery that the planet’s illusions, while playful, can cause real harm.

Initially, the planet seems harmless. However, Kirk and his crew soon discover that while the Earth is designed for recreation, it can become hazardous if participants fail to understand its boundaries or rules. The solution is not to avoid play but to clarify the framework. This is one of the most important parallels to corporate compliance. Creating engaging, playful content doesn’t mean abandoning standards or structure; it means embracing them in fresh, innovative ways. The opposite is true. Clear guardrails, defined objectives, code alignment, and measurable outcomes underpin the best compliance engagement programs.

6. Debriefing Deepens Learning

 Illustrated by: Kirk’s reflection with McCoy and Spock at the end of the episode.

At the end of “Shore Leave,” Kirk pauses to reflect on what has happened. He discusses the nature of the planet, its risks, and its benefits. He reflects on his emotional response to Finnegan, his sense of guilt and nostalgia, and what he learned about himself. This moment transforms the experience from play into one of growth. Never end a training without a debrief. Whether your program was fun, serious, or somewhere in between, reflection is what turns experience into understanding. After a game-based simulation, send out discussion questions. After a role-play session, ask participants to share lessons learned or “What would you do differently?”

Final ComplianceLog Reflections:

Compliance Doesn’t Have to Be a “No-Fun Zone”

Sometimes, you need to channel your inner Ronnie Feldman, for if there is one thing Shore Leave teaches us, it is that even the most disciplined teams need room for release, exploration, and imagination. The same is true in compliance. You’re not just teaching policies; you’re also influencing behavior, shaping culture, and earning trust. And if playfulness, humor, and surprise can help you do that more effectively, then beam those strategies aboard.

Compliance has its serious moments, no doubt. But if your entire program is built on fear, formality, and fatigue, you are missing out on one of the most powerful motivators we have: joy.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Daily Compliance News

Daily Compliance News: June 15, 2026 – The SBF Loses His Appeal Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Corruption on the White House lawn. (Al Jazeera)
  • Hospices need ‘bulletproof’ compliance. (Hospice News)
  • Bond investor pleads guilty. (WSJ)
  • SBF loses appeal. (FT)

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report: Data Defensibility: The Foundation of AI Readiness with George Tziahanas

In this episode, Tom Fox welcomes George Tziahanas, VP of Compliance and Associate General Counsel at Archive360, who brings a practical legal and governance perspective to the challenges of AI and data governance.

George argues that organizations must go beyond simply storing data and instead prove their integrity, lineage, provenance, and accountability so the data is defensible for compliance and AI use. He also believes AI governance should follow the model of mature security programs, with clear ownership, governing councils, and risk frameworks that make responsibility visible to regulators. For him, the path to compliant, defensible data starts with strong inventories, governed environments, and risk-tiered oversight that protects sensitive uses while still enabling innovation.

Key highlights:

  • Walking Upstream: Defending AI Data and Systems
  • Who Is Ultimately Responsible for AI Governance
  • Zubulake rulings reshape e-discovery compliance playbook
  • Dark Data Risks in DOJ Compliance Programs
  • Mapping data inventory back into legacy systems
  • Simple risk tiering for AI compliance oversight

Resources:

Archive360

George Tziahanas on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 14 – Investigative Lessons from Balance of Terror

In this episode of Trekking Through Compliance, we consider the episode Balance of Terror, which aired on December 15, 1966, Star Date 1709.1.

In this episode of Trekking Through Compliance, we analyze “Balance of Terror,” the tense, submarine-style showdown between the Enterprise and a Romulan Bird-of-Prey, which introduces one of Star Trek’s most enduring adversaries. The story unfolds as a mystery: Who attacked the Earth outposts? What is this new weapon? Who are the Romulans? And what do their sudden appearances mean for the Federation?

We review the critical investigative lessons this episode offers for compliance professionals: the importance of situational analysis, managing internal bias, respecting operational security, and knowing when to act and when to wait. In this cat-and-mouse episode, we find the foundations of modern investigative best practices.

Key highlights:

1. Situational Awareness and Evidence Gathering—Don’t Jump to Conclusions

🖖Illustrated by: The destruction of Outposts 2 and 3 and the cryptic communication from Outpost 4.

Captain Kirk begins his investigation without clear evidence, gathering fragmented data from the surviving outpost’s transmissions and assessing the damage patterns. For compliance professionals, this illustrates the importance of establishing a clear fact pattern before reaching a conclusion. Investigations must be driven by objective evidence, not assumptions.

2. Managing Internal Bias—Appearance Is Not Proof

🖖Illustrated by: Lieutenant Stiles’ suspicion of Mr. Spock based on the physical resemblance between Romulans and Vulcans.

Stiles immediately targets Spock as a potential traitor, despite a complete lack of evidence, simply because Romulans and Vulcans share a similar appearance. This moment serves as a cautionary tale about compliance: biases, whether conscious or unconscious, can derail investigations and damage team morale.

3. Strategic Surveillance—Investigate Without Provoking Retaliation

🖖Illustrated by: Kirk shadowing the Romulan ship to determine intent and capabilities before engaging.

Rather than charging into conflict, Kirk chooses to observe the Romulan ship’s behavior. In compliance investigations, particularly those involving fraud or misconduct, covert observation and the secure handling of information are crucial to preventing tip-offs or escalation.

4. Chain of Custody and Documentation—Recording and Communicating the Facts

🖖Illustrated by: The tactical logs Kirk reviews and Spock’s technical input during the confrontation.

Throughout the engagement, Kirk relies on detailed sensor data, eyewitness accounts, and Spock’s analysis to make decisions. Compliance professionals must ensure the proper documentation of interviews, timelines, and data sources for both internal review and external audit.

5. Ethical Leadership During Investigations—Calm in the Face of Conflict

🖖Illustrated by: Kirk’s balance between decisiveness and restraint, even when provoked by Romulan attacks.

Kirk refuses to act out of fear or anger—even as tensions rise. He models ethical leadership by protecting lives, upholding treaty obligations, and maintaining moral clarity. In high-stakes compliance investigations, emotional discipline and ethical consistency are vital.

Final Starlog Reflections

Balance of Terror is a masterclass in investigative poise, procedural discipline, and ethical clarity under pressure. As the Enterprise crew faces a new adversary cloaked in invisibility, we see what real leadership looks like when facts are scarce and risks are high.

For compliance professionals, this episode is a reminder that investigations require patience, vigilance, and integrity. Bias must be checked, facts must be verified, and trust must be earned. The threat may be hidden, but your investigative principles must always remain visible.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Conscience of the King: Leadership, Legacy, and the Ethical Burden of Memory

Show Summary

Today, we turn our attention to The Conscience of the King. This Shakespeare-infused Star Trek story challenges Captain Kirk to grapple with the ethics of justice, mercy, and leadership responsibility. When Kirk suspects that the famed actor Anton Karidian is Kodos the Executioner, a governor responsible for ordering the deaths of 4,000 colonists years earlier, he must weigh vengeance, truth, and the costs of reopening old wounds.

As we unpack this story, we connect Kirk’s internal struggle and ethical decision-making to the real-world challenges compliance professionals face when confronting legacy misconduct, institutional cover-ups, and questions of redemption in corporate culture. We provide five key highlights for the compliance professional.

1. The Weight of Past Decisions—Leadership Never Forgets

Illustrated by: Kirk’s memory of witnessing the atrocities of Tarsus IV as a young man.

Leaders are shaped by what they have seen and experienced, as well as what they may have survived. Kirk’s commitment to uncovering the truth about Karidian isn’t about revenge; it’s about moral closure and honoring the memory of those lost. For compliance professionals, this serves as a reminder that legacy issues—whether they’re unresolved FCPA violations, historical human rights abuses, or systemic failures—do not simply fade with time. If anything, they cast a longer shadow. Ethical leadership requires confronting past wrongdoing with transparency and resolve. A failure to address yesterday’s misconduct risks undermining today’s culture. Institutional memory is not a burden, and it is a compass that should guide future ethical decisions.

2. Silent Complicity and Ethical Courage—Speak Up, Even Years Later

Illustrated by: Dr. Leighton’s insistence that Karidian is Kodos, despite the passage of time.

Dr. Leighton embodies the ethical courage it takes to speak the truth, especially when public interest has waned over time. His determination underscores a core truth of compliance: there is no statute of limitations on accountability. When misconduct has caused real harm, silence becomes complicity. Leaders must create compliance cultures in which reporting long-dormant concerns is viewed as a moral responsibility rather than as disloyalty or disruption. Whistleblower protections shouldn’t only apply to active employees but also encourage former employees, partners, or community stakeholders to come forward. Organizations must foster environments where the pursuit of truth is always welcome, regardless of how inconvenient or uncomfortable that truth may be.

3. Leadership and Doubt—Action Without Certainty

Illustrated byKirk’s internal struggle over whether Karidian is truly Kodos and whether justice still matters.

Kirk’s doubt is not a sign of weakness; it is a sign of leadership maturity. He could act rashly, but chooses restraint and investigation. This reminds compliance professionals that ethical decision-making often requires grappling with uncertainty. There won’t always be a perfect set of facts or unanimous agreement. However, delaying action indefinitely out of fear of being wrong can allow misconduct to persist. Effective compliance officers must learn to manage ambiguity, gather facts diligently, and still move forward with measured integrity. Courage lies not in having all the answers but in taking ethical steps toward resolution, even when the path is unclear.

4. When the Next Generation Fails—Managing Succession and Oversight

Illustrated by: Lenore Karidian’s vigilante campaign to eliminate witnesses to her father’s past.

Lenore’s actions reflect a failure of ethical inheritance. Her misplaced loyalty to her father led her to believe that protecting his reputation, even through murder, was justified. This is what happens when leadership fails to instill ethical values in successors. For compliance leaders, it’s a cautionary tale: legacy is not only what you accomplish but also what you teach others to carry forward. Ethics must be embedded through mentoring, continuous training, and a succession plan that prizes transparency and accountability. Without intentional cultural transmission, the next generation may feel entitled to protect the institution’s image at the cost of truth and justice.

5. Justice vs. Mercy—Leadership Must Balance the Two

Illustrated by: Kirk’s decision not to kill Karidian but to hold him accountable through due process.

Kirk is presented with the opportunity to exact personal vengeance, but chooses institutional justice instead. His restraint highlights a critical ethical principle: leadership is not about indulging emotion but about modeling fairness and integrity. In the compliance world, it’s tempting to punish harshly to “make an example,” but true justice lies in proportionality and process. Compliance officers must strike a balance between the need for deterrence and the values of fairness, remediation, and restorative opportunity. Mercy is not weakness. It is a disciplined response rooted in ethical clarity. By refusing to be judge and executioner, Kirk upholds not just justice but the integrity of his leadership.

Final ComplianceLog Reflections

The Conscience of the King is more than a mystery; it is a meditation on the responsibilities of leadership and the ethics of remembrance. Compliance professionals often find themselves at the intersection of institutional memory and moral action. Whether addressing legacy misconduct, evaluating redemptive narratives, or confronting cover-ups, we must carry the same conscience Kirk bears: one rooted in justice, tempered by mercy, and guided by truth.

As we say in the world of compliance, investigate when others ignore the issue. Act when others hesitate. Lead when others bury the past.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 13 – The Conscience of the King

In this episode of Trekking Through Compliance, we consider the episode The Conscience of the King, which aired on December 8, 1966, with a Star Date of 2817.6.

In this episode of Trekking Through Compliance, we turn our attention to The Conscience of the King, a Shakespeare-infused Star Trek story that challenges Captain Kirk—and us—to grapple with the ethics of justice, mercy, and leadership responsibility. When Kirk suspects that the famed actor Anton Karidian is Kodos the Executioner—a governor responsible for ordering the deaths of 4,000 colonists years earlier—he must weigh vengeance, truth, and the costs of reopening old wounds.

As we unpack this episode, we connect Kirk’s internal struggle and ethical decision-making to the real-world challenges compliance professionals face when confronting legacy misconduct, institutional cover-ups, and questions of redemption in corporate culture.

Story Synopsis

Dr. Thomas Leighton calls the Enterprise Planet Q. Leighton suspects Anton Karidian, the leader of a Shakespearean acting troupe currently on the planet, is Kodos the Executioner, the former governor of the Earth colony of Tarsus IV. Kodos ordered that half the population of 8,000 be put to death during a food shortage. Both Leighton and Kirk were eyewitnesses.

Kirk arranges to ferry the acting troupe to its next destination. Spock learns the history of the massacre, Kirk’s connection to it, and that seven of the nine witnesses had died in each case when Karidian’s troupe was nearby. Kirk confronts Karidian with his suspicions. Karidian does not admit to being Kodos.

Karidian, overhearing, is disturbed, and Lenore tries to reassure him by revealing that she has been killing the witnesses to his crimes. Kirk moves to arrest them both. Lenore snatches a phaser and accidentally kills Karidian.

Key highlights:

1. The Weight of Past Decisions—Leadership Never Forgets

🖖Illustrated by: Kirk’s memory of witnessing the atrocities of Tarsus IV as a young man.

Great leaders never leave their past behind—they carry it forward as context and compass. When legacy issues, such as old FCPA violations or dormant discrimination claims, resurface, leaders must face them directly rather than bury them under corporate amnesia.

2. Silent Complicity and Ethical Courage—Speak Up, Even Years Later

🖖Illustrated by: Dr. Leighton’s insistence that Karidian is Kodos, despite the passage of time.

Leighton models the whistleblower’s dilemma: does the pursuit of truth justify disrupting someone’s life decades later? The answer, in compliance, is yes; when lives are harmed or injustice is committed, silence is complicity.

3. Leadership and Doubt—Action Without Certainty

🖖Illustrated by: Kirk’s internal struggle over whether Karidian is truly Kodos and whether justice still matters.

Kirk wrestles with doubt, a hallmark of responsible leadership. Unlike the rigid commander stereotype, Kirk shows us that great leaders pause, reflect, and sometimes hesitate before acting.

4. When the Next Generation Fails—Managing Succession and Oversight

🖖Illustrated by: Lenore Karidian’s vigilante campaign to eliminate witnesses to her father’s past.

Lenore’s misguided sense of loyalty and justice highlights the risks of leadership failure in succession. In a corporate setting, this highlights the importance of mentoring future leaders, integrating ethics into the culture, and establishing oversight during transitions.

5. Justice vs. Mercy—Leadership Must Balance the Two

🖖Illustrated by: Kirk’s decision not to kill Karidian but to hold him accountable through due process.

Ultimately, Kirk refuses to exact revenge. He chooses lawful action over vigilante justice. This restraint is perhaps the greatest leadership lesson of the episode: compliance is not about punishment; it is about principled action.

Final Starlog Reflections

The Conscience of the King is more than a mystery; it is a meditation on the responsibilities of leadership and the ethics of remembrance. Compliance professionals often find themselves at the intersection of institutional memory and moral action. Whether addressing legacy misconduct, evaluating redemptive narratives, or confronting cover-ups, we must carry the same conscience Kirk bears: one rooted in justice, tempered by mercy, and guided by truth.

As we say in the world of compliance, investigate when others ignore the issue. Act when others hesitate. Lead when others bury the past.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Fiona and Timothy are AI-generated voices.

Categories
Creativity and Compliance

Creativity and Compliance: Compliance 6-Pack: Part 5 – Truth in Comedy – Authenticity and Storytelling for More Credible Compliance

Tom and Ronnie continue their six-part series highlighting the role of improv in compliance. This series links improv lessons to corporate compliance and some of the key tools and strategies Ronnie has brought from his former world of improv to the corporate compliance communications realm. In today’s Improv & Compliance Lesson 5, the lesson focuses on “Truth in Comedy,” linking improv and comedy to ethics and compliance.

Tom and Ronnie begin with Gilda Radner’s quote, “Humor is just truth only faster.” Feldman argues comedy works because it exposes shared truths, and compliance programs build credibility by being authentic about real issues rather than pretending everything is fine. He recommends sharing speak-up and reporting trends, anonymized investigation outcomes, culture survey results, and what happens after reports to build trust. Feldman suggests using true stories—internal case studies or news examples—told in engaging formats (newsletters, podcasts, interviews, videos, reenactments) to create teachable moments, stressing “don’t be boring.” They conclude that truthful, interesting communication and authenticity increase engagement, strengthen training, and improve psychological safety and speak-up culture.

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance is a multiple-award-winning podcast and was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
Blog

The CCO as AI Trust Architect

The most important AI risk inside many companies may not be that employees are using AI. It may be that employees are using AI and hiding what they are learning. That is the central compliance lesson from Eric Anicich and Jeslyn Brouwers’ HBR article, Why Employees Aren’t Transparent About Their AI Usage. The authors open with a physician who had built a highly effective prompting template inside an approved, HIPAA-compliant AI tool. His colleagues were struggling with the same tool. He believed his template could help them. Yet he did not share it.

The article reports that a study by KPMG and the University of Melbourne, involving more than 48,000 respondents, found that 57% of employees admitted to hiding their AI use at work. More importantly, the authors argue that concealed use is only part of the issue. What employees are learning privately through prompt sequences, chained tools, and successful workflows may matter even more. AI introduces what the authors call the suppression of solutions: employees may be withholding productivity breakthroughs that could help the entire organization.

For the CCO, this creates a new mandate. The compliance function must help bring AI use into the open without becoming the AI police. The CCO must build a governance system that encourages employees to disclose, share, and improve AI-enabled work while still protecting the company from real risks around confidentiality, privacy, IP, bias, inaccurate outputs, cybersecurity, records retention, regulatory representations, and misuse. That is the function the CCO can fulfill: the AI trust function.

Why Hidden AI Use Is a Compliance Problem

Most compliance professionals instinctively focus on the obvious AI risks. Employees may paste confidential data into public tools. They may use AI to draft customer-facing claims without verification. They may generate code, contracts, marketing copy, investigation summaries, due diligence reports, or regulatory submissions without appropriate review. They may rely on AI outputs that are inaccurate, biased, incomplete, or unsupported. Those risks are real.

But the authors point to a second problem: the company may also be losing the benefits of compliant AI experimentation. Productivity gains are once scaled through shared systems and standardized processes. With AI, many gains begin as individual discoveries: a better prompt, a workflow shortcut, a way to summarize information, a way to identify anomalies, or a method that reduces a multi-hour task to minutes. That knowledge is portable, private, and easy to conceal.

This means the CCO must avoid a one-dimensional response. A punitive AI governance program may reduce some visible misuse, but it may also drive experimentation underground. Employees who fear being judged, punished, overworked, or replaced will not share what they are doing. They will protect themselves. That creates the worst of both worlds: risk remains hidden, and useful innovation remains trapped inside individual workflows.

The CCO’s New Role: Govern for Trust, Not Just Control

The author’s core finding is highly relevant to compliance. They surveyed 604 U.S.-based employees who used AI at work daily or multiple times per day. Nearly one in three said they had intentionally withheld AI-related knowledge, workflows, or techniques. Employees in the lowest quartile of organizational trust were nearly four times as likely to withhold AI knowledge as those in the highest quartile (47% versus 14%). A similar pattern appeared for psychological safety, 45% versus 17%.

That finding should feel familiar to compliance professionals. Speak-up culture works the same way. Employees report misconduct when they believe the company will listen, protect them, and act fairly. Employees hide misconduct when they believe the company will punish the messenger, ignore the issue, or retaliate indirectly. AI transparency is now a speak-up issue.

The CCO should therefore treat AI disclosure as part of the company’s broader culture of integrity. The question is not merely, “Are employees using approved AI tools? ”The better question is, ‘Do employees trust us enough to tell us how they are using AI, what they have learned, where they are uncertain, and what risks they see? ”

That is where the compliance function can add unique value. Compliance already understands reporting channels, non-retaliation, policy clarity, training, investigation triage, escalation, monitoring, remediation, third-party risk, and board reporting. Those capabilities can be applied to AI governance if the CCO frames the issue correctly.

Distinguish Experimentation from Misconduct

A major insight in the article is that companies often confuse two very different categories of behavior. One is blameworthy deviance: ignoring rules or cutting corners in ways that harm the organization. The other is exploratory testing: experimenting at the edge of what is known in ways that can generate valuable learning. When companies confuse the second with the first, they punish the behavior they need to encourage. This is directly applicable to the CCO.

An employee who uploads customer personal data into an unapproved public AI tool may have created a serious compliance issue. An employee who uses an approved internal AI tool to create a better first draft of a due diligence memo may have created a learning opportunity. An employee who uses AI to fabricate supporting documentation has engaged in misconduct. An employee who uses AI to test a workflow and then asks compliance whether the use is permissible has done exactly what the company should want. The CCO’s job is to build a framework that makes those distinctions clear.

That means creating red lines, green lanes, and gray zones. Red lines are prohibited uses: confidential data in unapproved tools, AI-generated false records, unreviewed regulatory filings, discriminatory automated decision-making, or any use that circumvents required approvals. Green lanes are encouraged for use: approved tools for summarization, first drafts, brainstorming, translation support, policy search, training development, or internal productivity tasks, where appropriate safeguards are in place. Gray zones are uses that require consultation: HR decisions, customer communications, legal analysis, investigation outputs, high-risk third-party reviews, or regulated submissions.

A compliance program that treats every use of AI as suspicious will teach employees to hide. A compliance program that treats every use of AI as harmless will fail in its duty. The CCO must create the middle path: clear, risk-based, practical, and trusted.

Earn the Disclosure You Want

The article advises leaders to “earn the disclosure” they want. Employees need clear guidance on what AI use is encouraged, what is off-limits, and how to handle gray areas. The authors also warn that companies should not force employees to convert a useful prompt into a long process memo. Lightweight templates, short demos, and practical “show me how you built this” sessions are better ways to turn private methods into reusable knowledge.

That is a practical blueprint for the CCO. A CCO should create an AI disclosure process that is easy to use. It should not feel like an investigation request. It should not require a ten-page form. It should not punish employees for asking questions. The goal is to make disclosure normal.

That is enough to begin. The CCO can then partner with IT, Legal, Privacy, Cybersecurity, HR, Internal Audit, and business leaders to determine whether the workflow should be approved, modified, shared, restricted, or escalated. The key is tone. The message should be: “Show us what you are learning so we can help you use AI safely and scale what works.”

Reward Multiplier Behavior

The article warns against rewarding only individual AI productivity. If employees believe that sharing makes them less distinctive while others benefit, they will hide. Instead, companies should reward reusable workflows, peer adoption, quality improvements, and contributions that help others. The authors recommend giving credit in performance reviews, protecting time for continued experimentation, and closing the loop by telling employees where their contribution was used and what improved. This is where a CCO can help turn AI transparency into culture.

Compliance should not run a generic AI leaderboard that encourages unhealthy competition. Instead, the CCO should help build recognition for responsible AI multipliers: employees who find a better way to do their work, disclose it, help validate it, and enable the company to scale it safely. This turns AI governance from a prohibition system into an integrity system. Employees are not just being told what not to do. They are being recognized for helping the company do better.

In compliance terms, that means rewarding employees who:

  • Identify a safe AI workflow that improves the effectiveness of control.
  • Flag a risky AI use before harm occurs.
  • Develop a prompt that improves due diligence quality.
  • Create a monitoring workflow that identifies anomalies faster.
  • Help colleagues use approved tools properly.
  • Document limitations and human review requirements.
  • Share lessons learned from AI experimentation.

Treat Disclosure as a Contribution

One of the article’s most powerful points is that the manager’s reaction in the first thirty seconds after an employee discloses an AI workflow may be the decisive trust signal. If the employee is treated as though they cut corners, they learn to hide. If the disclosure is treated as something worth understanding, they learn that disclosure pays. The authors also warn that disclosure should not amount to unpaid labor; the employee should demonstrate the method once, and the company should then own the documentation, distribution, and support, while the discoverer keeps the credit. This is a direct instruction to compliance professionals.

A CCO should train managers to respond the same way. Most AI disclosures will not go to compliance first. They will happen in team meetings, performance conversations, project reviews, and manager check-ins. If local managers shame employees for using AI, employees will hide. If local managers automatically add more work to anyone who discloses a productivity gain, employees will hide. If local managers give credit and bring compliance in as a partner, employees will share.

The CCO’s AI Trust Playbook

A CCO who wants to fulfill this function should take five practical steps.

  1. Create a risk-based AI use framework. Define prohibited uses, encouraged uses, and uses requiring consultation. Make the guidance short, practical, and example-driven.
  2. Build a safe AI disclosure channel. This should be separate from the hotline in tone, even if connected administratively. Employees need a place to ask, “Can I use AI this way? ”without feeling as if they are self-reporting misconduct.
  3. Launch structured AI learning sessions. Invite employees to demonstrate useful workflows created with approved tools. Keep documentation light. Capture the use case, data inputs, review controls, risks, and adoption potential.
  4. Partner with HR on incentives. Ensure responsible AI sharing is recognized in performance reviews, promotion discussions, and leadership communications. Reward employees who become AI multipliers, not only those who quietly produce more.
  5. Report AI transparency metrics to leadership and the board. Do not only report policy completion or tool adoption. Report the number of disclosed workflows, number approved for broader use, number modified for risk reasons, number rejected, key risk themes, training gaps, and examples where disclosure improved both productivity and control.

Conclusion

The CCO should not try to own every aspect of AI. IT must own infrastructure. Cybersecurity must own security controls. Legal must advise on legal risks.  Privacy must address data protection. HR must address workforce impacts. Business leaders must own operational use cases. Internal audit must test the program. But the CCO can own the trust architecture.

The bottom line is straightforward. AI governance cannot be built only on restriction, monitoring, and fear. That approach may make the company look controlled while driving the most important AI activity underground.

The CCO has a different opportunity: to build an AI trust function that brings use cases, risks, questions, and innovations into the open. The compliance function should not be the department that says, “Do not use AI.” It should be the function that says, “Use it responsibly, show us what you are learning, and let us help the company scale it safely.” That is how compliance fulfills this function. It turns hidden AI use into visible learning, visible learning into governed practice, and governed practice into ethical business value.