Tag: compliance

Categories
Upping Your Game

Upping Your Game: Episode 2 – From Reactive to Predictive: How AI is Rewriting the Compliance Playbook

In February, the Trump Administration suspended investigations under and enforcement of the FCPA. Many compliance professionals have since wondered what this will mean for corporate compliance programs. Hui Chen challenged compliance professionals with “It’s time to up your game.” This podcast series, sponsored by Ethico and co-hosted with Ethico co-CEO Nick Gallo, hopes to meet Hui Chen’s challenge for compliance professionals. We will discuss how compliance professionals can ‘Up Their Game’ using currently existing Generative AI (GenAI) tools to improve compliance programs dramatically. As compliance professionals, it is critical to recognize that this moment is not merely about incremental improvements but about elevating our profession to an entirely new level of effectiveness, efficiency, and organizational value.

In today’s ‘Upping Your Game’ episode, Nick and Tom discuss moving from reactive to predictive compliance. They discuss how artificial intelligence revolutionizes compliance by shifting from reactive measures to predictive analytics. They highlight how regulatory bodies like the SEC and DOJ have led the charge in data analytics, emphasizing the importance of having access to data silos. Nick shares his experiences and stresses the need for compliance officers to integrate predictive models into business operations. They also explore the iterative process of refining these models and the significance of speaking the language of business to achieve better compliance outcomes and business impacts. The episode concludes with practical advice for compliance officers seeking to educate themselves and effectively pitch their initiatives to executives.

Key highlights:

  • The Regulatory Wake-Up Call
  • The Power of Predictive Analytics
  • Key Lessons for Compliance Professionals
  • The Iterative Approach
  • Meeting with the CEO

Resources:

Upping Your Game: How Compliance and Risk Management Move to 2030 and Beyond on Amazon.com

Nick Gallo on LinkedIn

Ethico Workshop on EV Workshop: Calculate, Track & Articulate Return on Integrity (ROI). For registration and information, click here.

Ethico

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Innovation in Compliance

Navigating Regulatory Changes and Compliance in Trade and Data Privacy with Stephanie Font

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Today, we begin a 3-part podcast series sponsored by Diligent with Clint Palermo, Kristy Grant-Hart, and Stephanie Font. Part 2 discusses navigating regulatory changes and compliance in trade and data privacy.

In this episode, host Tom Fox converses with Stephanie Font, Director for Operations Optimization Group at Diligent, to discuss the ever-evolving landscape of economic sanctions, trade policies, and data privacy. Font shares insights on how businesses can stay compliant amidst rapid regulatory changes, emphasizing the importance of continuous monitoring, thorough due diligence, and understanding one’s business partners. The conversation also touches on new regulatory trends such as BIS address specifications, Mexican cartels being designated as FTOs, and the implications of the Uyghur Forced Labor Prevention Act.

Key highlights:

  • Economic Sanctions and Trade Policy
  • Compliance and Business Operations
  • Staying Updated on Regulatory Changes
  • Cartels and Foreign Terrorist Organizations
  • Data Privacy and Cybersecurity
  • Human Rights and Business Culture

Resources:

Stephanie Font on LinkedIn

Visit Diligent Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: May 13, 2025, The Leaving on a Jet Plane Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Is the gift of a jet plane corruption? (NYT)
  • Will the SEC overturn bans and suspensions? (Reuters)
  • GOP wants to ban state regulation of AI. (Bloomberg)
  • What is risk paralysis? (FT)
Categories
Compliance Tip of the Day

Compliance Tip of the Day – Multiplying the Influence of Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Use multipliers to extend the influence of your compliance regime.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Adventures in Compliance

Adventures in Compliance: Investigate Lessons from A Study in Scarlet

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Throughout this season, Tom will thoroughly explore each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear. We begin with A Study in Scarlet for our new season’s first offering. In Part 3, Tom deeply dives into the investigative lessons learned from the story.

When Sir Arthur Conan Doyle introduced the world to Sherlock Holmes in A Study in Scarlet, he didn’t just give us the greatest fictional detective of all time—he gave compliance professionals a master class in investigative methods. Through his cool logic, careful observation, and constant search for the truth, Holmes modeled what every corporate investigator should aspire to emulate. From his crime scene analysis to using deceptive tactics to expose a suspect, Holmes’s first published case offers lessons relevant to modern compliance programs, especially when dealing with internal investigations, whistleblower reports, and root cause analysis. Here are five enduring investigative lessons, grounded in the facts of A Study in Scarlet, that today’s compliance professionals can apply in their work.

Highlights include:

  • Let the Evidence Speak First—Not the Theory
  • Small Clues Are Often the Most Telling
  • Reconstruct the Incident with Logic and Imagination
  • Use Deception Strategically to Draw Out the Truth
  • Motive Often Lies in the Past—Not Just in the Present Crime

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance tip of the Day – Communication Through Persuasion

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to ensure your organization remains compliant with the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to improve your communication and relationship skills using persuasion.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Blog

A Textbook Declination: Lessons Learned from the USRA Declination

In the fast-moving world of enforcement actions and corporate misconduct, we rarely get an actual “bottle episode” of compliance—a neatly wrapped case that functions almost like a compliance case study come to life. That is precisely what we see in the recent declination issued to the Universities Space Research Association (USRA), a nonprofit organization working with NASA on advanced scientific research. The Declination is found here.

This declination tells us as much about what to do right as it does about what went wrong. USRA’s prompt and resolute response to employee misconduct provides a blueprint for companies, regardless of size, to attain the ideal result: a DOJ declination. This decline in the Trump Administration’s second term provided crucial lessons for compliance professionals.

The Story: Export Controls and a Rogue Employee

The facts are obvious. Between April 2017 and September 2020, USRA employee Jonathan Soong used his position to oversee export compliance and sell restricted software and source code to Beihang University in China. Mr. Soong did not simply mishandle sensitive materials; he willfully bypassed export laws, concealed his actions, and even embezzled from USRA in the process. Soong pleaded guilty to violating export control laws in connection with secretly funneling sensitive aeronautics software to a Beijing university.

But here is the key takeaway: once USRA learned of the misconduct, they acted fast. They alerted NASA. They conducted an internal investigation. They self-reported to the Department of Justice within days. They cooperated fully. And in the end, the DOJ rewarded them, not with a fine, but with a complete declination.

The Power of Prompt Self-Disclosure

USRA’s leadership did not wait to see if the issue would disappear or downplay it internally. Instead, they engaged with enforcement agencies early and often. This fits squarely within the DOJ’s National Security Division Guidance, which outlines how voluntary self-disclosure, cooperation, and timely remediation can mitigate or eliminate penalties.

Let’s be clear: this was a national security matter, not just a regulatory breach. The software involved may have had potential military applications, making USRA’s response all the more commendable and critical.

Internal Controls and Oversight: Where the Breakdown Happened

As much as this is a story of compliance success, it is also a reminder that internal controls must work in practice, not just on paper. There were three key control failures:

  1. Export compliance oversight was left to the same employee who committed the fraud.
  2. Internal monitoring failed to detect red flags.
  3. Supervisory negligence enabled the misconduct to continue for three years.

One of Mr. Soong’s supervisors was eventually disciplined or terminated. However, the lesson is that even well-designed controls fail when not executed or appropriately monitored.

What Made This Declination Possible?

  1. Voluntary, timely self-disclosure within days of learning of the misconduct.
  2. When the USRA discovered potential wrongdoing, they didn’t hesitate; they immediately self-reported the issue to NASA and the Department of Justice. This type of proactive disclosure is precisely what the DOJ expects when evaluating a company’s response to misconduct. The timeliness demonstrates a functioning internal control system and an ethical culture prioritizing transparency. Rather than hiding behind bureaucracy or launching a months-long internal cover-up, USRA made the call within days. That decision set the tone for everything that followed and paved the way for trust-based engagement with enforcement authorities.
  3. Full cooperation, including sharing internal findings and offering access to witnesses.
  4. USRA didn’t just make a phone call and then sit back. They actively cooperated with investigators at every stage. Their actions included providing access to key internal documents, conducting an internal investigation, and turning over their findings to the DOJ. Equally important, they facilitated interviews with relevant employees, supported the legal process, and ensured that authorities had all the resources necessary to pursue the case against the wrongdoer. In short, USRA became a partner to the government, not an adversary. Comprehensive, good-faith cooperation carries tremendous weight in a declination decision.
  5. Swift and meaningful remediation, including terminating the wrongdoer and disciplining supervisors.
  6. USRA didn’t stop at self-reporting. They took tangible steps to clean the house. Mr. Soong, the employee at the center of the misconduct, was promptly terminated. However, the company didn’t stop there; USRA also reviewed its supervisors’ actions (or inactions). At least one supervisor was disciplined or let go for failing to oversee export control responsibilities properly. The move sends a strong message internally and externally, emphasizing that accountability extends throughout the entire chain of command. This swift and meaningful remediation satisfies DOJ expectations and helps rebuild trust with business partners, regulators, and the broader public.
  7. Strong risk awareness of their role in handling sensitive, export-controlled material.
  8. USRA operates in a field where national security risks are inherent. As a NASA contractor handling sensitive aerospace research, they were well aware of the dangers posed by improper exports of data and source codes. The incident wasn’t just a case of a company claiming ignorance, as they were aware of the potential consequences. Their compliance failures came down to one rogue actor and a breakdown in oversight, not a lack of awareness. When problems surfaced, they acted with the urgency such risks demand. This situational awareness, recognizing how export control violations could ripple across global security, played a major role in helping the DOJ see them as a responsible actor.
  9. Responsiveness to the DOJ and NASA, including prompt answers and evidence production.
  10. Throughout the investigation, USRA maintained consistent and open lines of communication with both NASA and the DOJ. They promptly responded to any questions posed. They delivered the requested documents promptly and in excellent order. Such responsiveness isn’t just about meeting deadlines; it is about demonstrating respect for the investigative process and showing that the company values ethical resolution over self-preservation. By staying accessible, professional, and efficient throughout the inquiry, USRA signaled to prosecutors that they were committed to helping resolve the matter fairly and thoroughly. That level of responsiveness is precisely what the DOJ wants to see.

Lessons Learned for Compliance Professionals

  1. Speed Matters
  2. In the world of corporate enforcement, timing can be everything. Companies do not always receive declinations for self-reporting, but it often makes a significant difference when they do.  USRA moved within days to notify NASA and the DOJ of serious misconduct. That speed demonstrated a culture of integrity, robust internal reporting, and a commitment to doing the right thing even under pressure. Quick action also preserves evidence, signals accountability, and allows enforcement agencies to act more efficiently. The faster a company responds, the more credible its leadership appears and the more likely it is to be viewed as a trusted partner.
  3. Controls Must Work in Real Life
  4. Too often, compliance programs look good on paper but fail in execution. A policy isn’t controllable or effective unless it’s well-designed and implemented correctly. In the USRA case, while policies existed, execution faltered, and an employee responsible for oversight violated the law. That’s a stark reminder: your controls must work in the real world. We must regularly evaluate the effectiveness of supervisory review, dual controls, cross-checks, and audit testing. Failure to test a control could result in liability, enforcement, or worse.
  5. Know Your Risk Profile
  6. USRA dealt with export-controlled scientific software, which is a high-risk domain. Their failure wasn’t in identifying risk but in adequately mitigating and monitoring it. For every company, the starting point must be understanding your unique risk profile. Is it corruption and bribery? Data privacy? Sanctions exposure? What are the ethics of the supply chain? Compliance officers must align risk assessment, control design, and resource allocation accordingly. Implementing a universally applicable compliance program can lead to failure. Regulators expect a risk-based approach that demonstrates thoughtfulness and proportionality. You can’t mitigate what you don’t understand or defend a program that overlooks its most critical vulnerabilities.
  7. Use the Right Tone from the Top
  8. When the misconduct came to light, USRA leadership did not equivocate. They acted decisively, demonstrating a tone from the top that prioritizes ethical behavior and transparency. That tone matters. It influences how quickly issues are escalated, how freely employees speak up, and how credible regulators perceive your organization. Leadership must consistently communicate that compliance is not just a legal necessity but a core business priority. Words are important, but so is behavior: executives who support investigations, invest in controls, and respond to crises with accountability send a powerful message. That tone sets the cultural foundation for the entire compliance program.
  9. Partner with Enforcement, Don’t Oppose Them
  10. USRA’s interaction with NASA and the DOJ reflected a cooperative mindset. They partnered; they didn’t stonewall, delay, or obscure the facts. That approach is increasingly essential in today’s enforcement environment. Regulators are clear: they are looking for good-faith actors. A company that cooperates, provides relevant data promptly, and engages constructively in dialogue is far more likely to receive credit, whether in a declination, reduced penalties, or favorable settlement terms. Fighting regulators at every turn rarely results in positive outcomes. Instead, view enforcement as an opportunity to demonstrate integrity and operational maturity. Compliance should be a bridge, not a barricade.

Final Thoughts: Don’t Wait for the Crisis

USRA did not plan to become a compliance case study. However, they were ready when the time arrived. And preparation, coupled with integrity, made all the difference. This declination was not granted out of charity. We earned it. It resulted from a well-executed compliance framework, fast action, and an unrelenting drive to do the right thing. If your company faced a similar incident tomorrow, would you be ready to act like USRA? That’s the benchmark. And that’s the challenge for every compliance officer reading this.

So, take this as more than a good news story. Take it as your Monday morning prompt: check your controls, reassess your key risks, and remind your leadership that compliance isn’t about fear but readiness.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Empowering Middle Managers to Drive Compliance Transformation

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How a compliance function can use middle managers to drive real transformation in a compliance program.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Creativity and Compliance

Creativity and Compliance – From Compliance Enforcers to Trusted Advisors: The Path Forward

Where does creativity fit into compliance? It can be found in more places than you might expect. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and applies it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

In this episode, Tom and Ronnie discuss the evolution of compliance roles from merely cleaning up messes to becoming integral business advisors and coaches. They emphasize the necessity of showcasing value through proactive, positive communication and using creative, engaging methods. They highlight insights from the Global Ethics Summit and delve into the importance of humor, human connection, and innovative compliance training and interaction approaches. The episode points out the importance of transitioning compliance perceptions within organizations and offers practical, cost-effective ways for compliance officers to engage, educate, and support their colleagues.

Key highlights:

  • From Cleaning Up Messes to Becoming Advisors
  • The Role of AI in Compliance
  • Advertising Your Role as Advisors
  • Using Humor and Creativity in Compliance
  • Engaging Communication Strategies
  • Low-Cost, High-Impact Compliance Ideas

Resources:

 Ronnie

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets” these 90-second commercials address misconceptions and excuses to promote speak up culture and the E&C team as positive and helpful.
  • E&C Training Jams – a soulful singer banters with ethics & compliance explaining policies, sharing examples and debunking excuses. 
  • Tales from the Hotline – Real speak up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Muddle in the Middle Week: Part 5 – Empowering Middle Managers to Drive Compliance Transformation

We are at the end of this week’s exploration of how middle managers can elevate your organization’s compliance regime. While I named the week’s series Muddle in the Middle, I hope that by this Part 5, you have seen how powerful middle managers can be in making a compliance program run more effectively. I want to end this week by examining how a compliance function can use middle managers to drive real transformation in a compliance program.

As compliance professionals, we continuously strive to enhance our corporate compliance programs to navigate an increasingly complex regulatory landscape. While historically prevalent, the traditional methods of top-down directives paired with bottom-up execution in compliance have shown significant shortcomings. Indeed, according to recent studies highlighted by Michael Mankins and Patrick Litre in their article “Middle Managers Should Drive Your Business Transformation,” fewer than one in eight organizational transformations achieve sustained success without strong middle manager support.

Middle managers are frequently underestimated and often miscast as bureaucratic gatekeepers who slow down processes and resist innovation. However, the truth could not be further from this stereotype. Strategically positioned between executive leadership and frontline teams, middle managers possess unique capabilities essential to driving meaningful, lasting compliance transformations. Their role is vital today as compliance evolves beyond basic regulatory adherence into a strategic business partnership and ethical stewardship.

The authors advocate strongly for a new transformation model powered from the middle outward. I drew on this article to consider how compliance teams can leverage these insights, translating business transformation principles into effective compliance transformation strategies. Here are five essential lessons for compliance professionals:

Lesson 1: Select and Deploy Your Best Talent for Compliance Initiatives

Not all middle managers have an equal impact. The best compliance outcomes come from deploying your most competent middle managers as transformation leaders. At Amgen, senior leadership intentionally chose top-rated middle managers to lead critical business initiatives, dedicating these managers exclusively to the transformation process without distractions. Compliance officers should similarly identify middle managers with a strong record of integrity, clear decision-making abilities, and the respect of their teams, placing them at the forefront of compliance improvement projects. By deploying these standout individuals, compliance initiatives are far more likely to achieve the credibility, engagement, and results that compliance projects demand.

Lesson 2: Empower Middle Managers to Actively Sponsor Compliance Change

Effective compliance transformation hinges on middle managers executing instructions and actively sponsoring the change. The case of bioMérieux is instructive: the company succeeded in integrating a major business unit largely because it empowered middle managers to implement significant strategic shifts, ensuring that they had clearly defined objectives, adequate resources, and genuine authority to initiate change.   Compliance professionals must replicate this model. Middle managers in compliance roles must be empowered to advocate for and actively shape compliance policies, procedures, and cultural initiatives. They need the autonomy and support to tackle complex compliance challenges and facilitate meaningful dialogue across organizational hierarchies.

Lesson 3: Cultivate a Culture That Rewards Bold Compliance Actions

Transformative compliance isn’t about incremental tweaks; rather, it is about courageous, forward-looking innovation. When T-Mobile sought radical improvement in its customer experience, leadership directed their teams broadly: “Do what’s needed to rock the world.” This bold mandate, supported by recognition and reward, substantially improved customer satisfaction metrics. Compliance leaders must likewise cultivate environments where middle managers are rewarded for bold, creative, and proactive compliance thinking. Recognizing and promoting innovation within compliance signals clearly to all employees that compliance is not just about risk avoidance but about creating sustainable business value through ethical leadership and integrity.

Lesson 4: Shift Middle Management Focus from Oversight to Facilitation

Compliance middle managers often find themselves buried under administrative tasks that could easily be automated, detracting from their ability to lead strategic initiatives. The authors stressed that organizations must refocus middle managers on strategic initiatives, enabling them to leverage their unique insights and skills in transformative ways. In compliance terms, this means reducing the burden of routine oversight and increasing opportunities for middle managers to facilitate skill development, ethical decision-making workshops, and collaboration across diverse teams. Organizations can fully utilize their expertise in navigating complex ethical landscapes and regulatory environments by freeing compliance managers from lower-value tasks.

Lesson 5: Align Training and Development to Enable Compliance Transformation

Finally, effective compliance transformation requires an ongoing commitment to training middle managers in the soft skills necessary for ethical leadership and the technical knowledge required to manage emerging compliance risks. Amgen’s example clearly illustrates how carefully integrated leadership development programs with strategic initiatives provide managers with the tools to drive transformation effectively. Compliance teams must ensure their training programs comprehensively address evolving compliance demands, emphasizing leadership, coaching, conflict resolution, and critical analytical thinking. Middle managers with robust training and clearly defined career progression pathways become highly motivated compliance champions.

The Cornerstone of Sustainable Compliance

Compliance is at a critical inflection point. The challenges are becoming more complex, the regulatory demands are becoming more intricate, and stakeholder expectations are higher than ever. Traditional approaches no longer suffice. Effective compliance transformation must harness the strategic capabilities of middle managers who sit uniquely at the intersection of organizational strategy, operational reality, and ethical culture.

Middle managers are not merely policy executors; they must be active architects of compliance strategy. Compliance professionals can significantly elevate their programs’ effectiveness and sustainability by identifying and empowering top talent, facilitating bold compliance innovations, shifting managerial focus, and providing targeted development.

Let the insights from Amgen, bioMérieux, and T-Mobile guide your compliance journey. Embrace the power of middle managers, transforming them from operational gatekeepers into strategic compliance catalysts. Compliance professionals who understand and act on these lessons will undoubtedly lead their organizations into an era of resilient ethical leadership and sustainable compliance excellence.

I hope you have enjoyed this week’s focus on middle managers and how compliance professionals can use them to drive compliance transformation and messaging while leading the effort to do business ethically and in compliance.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.