Tag: compliance

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Next-Generation Predictive Analytics for Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We begin a week of exploring how AI can impact your compliance program in 2025. Today, we examine how compliance can use next-generation predictive analytics for its overall risk management process.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

AI Game-Changing Compliance: Part 2 – Next-Generation Predictive Analytics for Risk Management

Last week, I looked at five things a Chief Compliance Officer (CCO) or compliance professional could do at little or no cost to ‘Up Their (Compliance) Game.’ I want to continue this theme this week but want to tackle it differently. I will look at five innovations for compliance professionals around Artificial Intelligence (AI). AI has moved from an emerging trend to a fundamental component of modern corporate compliance programs. Today, I want to examine how compliance can use next-generation predictive analytics for your overall risk management process.

Predictive analytics tools have become more sophisticated, allowing compliance teams to move from reactive enforcement to proactive risk mitigation. By leveraging machine learning models, companies can expect compliance risks based on historical data, employee behavior, and external factors like geopolitical instability or regulatory changes. This approach enables organizations to allocate compliance resources more effectively and address emerging risks before they escalate.

The ability to predict and prevent compliance failures before they occur is a fundamental change. AI-driven predictive analytics help organizations identify patterns of misconduct, assess third-party risks, and enhance fraud detection. Regulators are also increasingly emphasizing the importance of data-driven compliance programs, with the DOJ’s latest guidance on corporate compliance highlighting the need for real-time monitoring and risk assessments.

Predictive Compliance Enhances Proactive Risk Mitigation

Predictive analytics transforms traditional AI methods to analyze vast data sets, identify patterns, and forecast potential risk areas before they escalate into full-blown violations. This proactive stance empowers companies to take decisive action ahead of time, mitigating risks, reducing the frequency of compliance breaches, and ultimately safeguarding the organization from financial penalties and reputational damage. When discussing predictive compliance analytics, we are talking about a paradigm shift. No longer are compliance teams simply reacting to incidents as they occur; instead, they are actively scanning the horizon for early warning signals. This foresight allows companies to allocate resources more efficiently, tailor their monitoring efforts to emerging trends, and address compliance issues at the root before they evolve into systemic problems.

Embracing this technology streamlines internal processes and solidifies an organization’s commitment to regulatory adherence, building stakeholder trust and reinforcing its reputation as an industry leader. It calls all corporate compliance professionals to invest in robust AI tools and predictive analytics to stay one step ahead. In an era where non-compliance costs are high, predictive compliance is not just an operational upgrade; it is a strategic imperative that enables organizations to preempt violations, strengthen their internal controls, and create an agile, forward-thinking compliance culture built to last.

The Future is Now in AI-Driven Predictive Analytics in Risk Management-Mastercard

The challenge was that Mastercard needed a proactive approach to detect fraudulent transactions and mitigate compliance risks in its vast payment network. The solution it came up with was to implement an AI-driven predictive analytics model that detects suspicious activity in real time by analyzing billions of transactions and identifying anomalies. The outcome was that fraud detection rates improved by 40%, reducing regulatory risk while enhancing customer trust and compliance with financial crime regulations. For compliance professionals striving to navigate the complex landscape of modern regulatory environments, the Mastercard case offers several critical lessons for compliance professionals.

1. Predictive Compliance is the Future

Mastercard’s success illustrates that predictive analytics is not simply a technological upgrade—it’s a strategic imperative. Compliance departments must invest in systems that monitor and predict. When you can anticipate a fraudulent transaction before it occurs, you gain invaluable time to implement remedial measures.

2. Regulators Expect Real-Time, Data-Driven Oversight

The landscape of regulatory oversight is evolving rapidly. Agencies like the DOJ, SEC, and FCA increasingly demand that companies move beyond periodic reviews and adopt real-time monitoring systems. In this context, AI-driven predictive analytics is not a luxury; it’s a necessity. Organizations that fail to implement such technologies risk regulatory penalties and a loss of market credibility. The Mastercard example serves as a clarion call: regulatory bodies are watching and expect data-driven compliance that leaves no stone unturned.

3. Integration of AI and Human Judgment is Critical

While AI can process vast amounts of data at lightning speed, it is not infallible. The human element remains essential in interpreting AI-generated insights. Corporate compliance professionals must ensure a seamless integration between sophisticated algorithms and experienced human judgment. Technology is a powerful tool, but it must be wielded by hands that understand the nuances of ethics, fairness, and regulatory intent. This means that a balanced approach, where AI identifies patterns and humans validate them, can lead to more robust compliance outcomes.

4. Enhancing Third-Party Risk Management

A significant part of any company’s risk profile comes from its network of third-party partners. Mastercard’s deployment of AI-driven predictive models also included monitoring third-party activities and enhancing its risk assessment capabilities. Compliance professionals should note that predictive analytics can extend beyond internal processes to encompass suppliers, vendors, and other external entities. By applying the same rigorous standards across the board, organizations can mitigate risks associated with external compliance breaches and ensure a holistic approach to risk management.

5. Early Adoption Creates Competitive and Ethical Advantages

Mastercard’s early adoption of AI-driven fraud detection positioned it as a leader in risk management and an ethical champion in the fight against financial crime. Early adopters of predictive compliance systems gain a dual advantage: they reduce immediate risks and build a reputation for being proactive and responsible. This attracts customers, investors, and regulators alike. For corporate compliance professionals, the lesson is clear: waiting to embrace innovation is a luxury that few can afford in today’s fast-paced regulatory environment.

The Broader Implications for the Compliance Landscape

Beyond Mastercard’s specific successes, this case study reflects a broader trend in compliance management. Integrating AI into compliance operations is transforming the field, offering unprecedented opportunities to preempt and neutralize risks before they escalate into full-blown crises. As more organizations recognize the value of predictive analytics, we can expect a shift toward a more dynamic and responsive compliance culture.

The Mastercard example also underscores the importance of continuous innovation. Fraudsters are constantly evolving, and so must the systems designed to thwart them. Compliance professionals must foster an environment of perpetual improvement, where technology and processes are continually refined to meet emerging challenges. This proactive mindset is good for business and essential to upholding the ethical standards that form the backbone of any reputable organization.

Next-generation predictive analytics is revolutionizing corporate compliance by transforming the traditional, reactive approach into a proactive, forward-looking discipline. By leveraging advanced machine learning models, companies can expect compliance risks before they escalate, drawing on historical data, employee behavior, and external factors, such as geopolitical shifts and regulatory changes. This paradigm shift enables organizations to allocate resources more efficiently, address emerging risks at their root, and ultimately strengthen regulatory adherence while avoiding costly enforcement actions.

At the core of this transformation is predictive analytics’ ability to identify subtle patterns of misconduct and potential vulnerabilities in real-time. Instead of waiting for a compliance failure to occur, compliance teams are now empowered to detect warning signals early, implement timely interventions, and continuously refine their risk management strategies. The article emphasizes that such proactive measures safeguard an organization’s reputation and financial stability and build greater trust with regulators, investors, and stakeholders by demonstrating a commitment to ethical governance.

Ultimately, this forward-thinking approach to compliance is an operational improvement and a strategic imperative for staying ahead in a rapidly changing regulatory landscape. By embracing predictive analytics, organizations position themselves as industry leaders in risk management, fostering a culture of continuous improvement essential for ethical and sustainable business practices. This article serves as a rallying cry for corporate compliance professionals to harness these innovations, turning compliance challenges into competitive advantages.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – AI Driven Compliance Monitoring

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We begin a week of looking at how AI can impact your compliance program in 2025. Today, we consider how AI can improve your compliance monitoring.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
FCPA Compliance Report

FCPA Compliance Report – The Role of Internal Audit in Export Controls

Welcome to the award-winning FCPA Compliance Report, the longest-running compliance podcast. In this episode, Tom welcomes Jonathan Marks, who discusses the role of internal audit in export control compliance.

Jonathan starts by defining export controls and their significance: regulations governing the export, re-export, and transfer of goods, technology, and services across borders to protect national security and enforce foreign policy. As a Compliance Profession, you should recognize the severe impacts of operational disruptions, supply chain issues, and national security risks resulting from non-compliance, emphasizing the need for comprehensive compliance frameworks. Internal audit responsibilities are expanded, stressing the necessity of robust policies, clear responsibilities, consistent employee training, and thorough risk assessments.

Jonathan discusses practical internal audit strategies, including evaluating high-risk transactions, identifying compliance gaps, and regularly monitoring and testing compliance controls through transaction testing, data analytics, third-party due diligence, and incident response mechanisms. Jonathan underscores the importance of collaboration between internal audit, legal, compliance, and supply chain teams to ensure an integrated and proactive compliance approach, thereby mitigating risks and strengthening corporate governance.

Key highlights:

  • Understanding Export Controls and Compliance
  • Role of Internal Audit in Export Controls
  • Key Areas for Internal Audit Focus
  • Testing and Monitoring Controls

Resources:

Jonathan Marks on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

AI Game-Changing Compliance: Part 1 – AI-Driven Compliance Monitoring

Last week, I looked at five things a Chief Compliance Officer (CCO) or compliance professional could do at little or no cost to ‘Up Their (Compliance) Game.’ I want to continue this theme this week but want to tackle it differently. I will look at five innovations for compliance professionals around Artificial Intelligence (AI). AI has moved from an emerging trend to a fundamental component of modern corporate compliance programs. Today, we begin with the use of AI for ongoing monitoring.

In 2025, organizations will no longer experiment with AI-driven compliance tools but will embed them into daily operations to monitor transactions, detect anomalies, and flag potential violations in real-time. The shift has been driven by increasing regulatory scrutiny, growing data complexity, and recognizing that traditional compliance methods, such as manual audits and periodic risk assessments, are no longer sufficient to address today’s evolving threats.

One of the most significant innovations in AI-powered compliance is using machine learning algorithms to analyze vast amounts of financial, transactional, and communications data. These tools can detect patterns of misconduct that would be nearly impossible for human reviewers to identify. AI-driven systems are particularly effective in identifying red flags associated with bribery, fraud, money laundering, and insider trading. For example, financial institutions such as JPMorgan Chase have implemented AI-based surveillance systems that analyze trader communications and transaction records to detect potential misconduct before it escalates.

Beyond monitoring, AI is transforming how organizations conduct internal investigations. Generative AI tools can now analyze employee emails, chat logs, and phone transcripts to identify risk-related language and patterns of unethical behavior. These tools can generate initial investigative reports, summarize key findings, and suggest next steps for compliance teams, significantly reducing the time and effort required to conduct in-depth inquiries. This capability is particularly valuable in responding to whistleblower complaints, as it enables companies to quickly assess a report’s credibility and determine whether further action is needed.

From a regulatory perspective, enforcement agencies are also embracing AI and, in turn, expecting corporations to do the same. No matter what might happen to the Department of Justice (DOJ) 2024 Evaluation of Corporate Compliance Programs (ECCP), this document clarified the importance of data-driven compliance monitoring. The bottom line is that regulators worldwide now expect companies to leverage advanced analytics and AI-driven tools to proactively identify misconduct rather than relying solely on traditional audit-based detection methods.

Lessons for Compliance Professionals

  1. AI is a Compliance Enabler, not a Replacement for Human Oversight. While AI can significantly enhance risk detection and investigative efficiency, it is not a substitute for experienced compliance professionals. Organizations must implement AI with human oversight and contextual analysis to assess and address flagged risks properly.
  2. Regulators Expect AI-Driven Compliance, and Ignorance is No Longer an Excuse. No matter what the Trump Administration would do to eviscerate the FCPA, the DOJ, and other enforcement agencies increasingly view AI-based monitoring as a best practice. Companies that fail to invest in these tools may be disadvantaged in regulatory investigations.
  3. Data Integrity and Bias Mitigation are Critical. AI models are only as effective as the data they are trained on. Compliance teams must ensure that their AI systems are not reinforcing biases or producing false positives that could lead to unnecessary investigations or missed risks.
  4. AI Can Improve Whistleblower Response Times and Investigations. Organizations that integrate AI into their whistleblower response programs can triage reports faster, prioritize high-risk cases, and ensure whistleblowers receive timely feedback, which aligns with the DOJ’s increased focus on whistleblower protections.
  5. Early Adoption Provides a Competitive and Ethical Advantage. Companies that invest in AI-driven compliance now will be better positioned to mitigate risks, meet regulatory expectations, and demonstrate a commitment to ethical business practices. Early adopters will also benefit from cost savings in reducing manual compliance efforts and avoiding costly enforcement actions.

The Future is Here

These lessons are not pie-in-the-sky prognostications but are based on real-world examples of how AI is used in business operations today.

  1. Citi’s AI-Powered Risk Analytics in Anti-Money Laundering (AML) Compliance. Citi has integrated predictive analytics and AI-driven risk assessment models into its AML compliance efforts. Citi’s system can identify potential money laundering activities by analyzing customer transaction histories, social connections, and geographic risk factors before they escalate. These predictive models help compliance officers prioritize high-risk cases and focus on investigating the most likely sources of financial crime. The result is a more efficient and effective AML compliance program, reducing false positives and improving regulatory compliance.
  2. Walmart’s Predictive Supply Chain Risk Management. Walmart uses predictive analytics to identify compliance risks within its global supply chain. By analyzing supplier performance data, shipment delays, and external risk factors such as weather disruptions, political instability, and labor violations, Walmart can proactively mitigate risks that could lead to regulatory violations or reputational damage. For example, the company can detect early warning signs of forced labor risks or environmental non-compliance and take corrective action before an issue triggers an investigation.
  3. Lockheed Martin’s Predictive Cyber Risk Modeling. Lockheed Martin has developed a predictive analytics framework for cybersecurity compliance. The company’s system uses machine learning algorithms to assess network traffic, employee behaviors, and external threat intelligence sources to predict potential cyberattacks before they occur. This predictive approach enables compliance teams to implement targeted security measures, ensuring compliance with strict defense industry regulations such as NIST 800-171 and the Cybersecurity Maturity Model Certification (CMMC).
  4. Pfizer’s Predictive Analytics for Drug Compliance and Pharmacovigilance uses predictive analytics to ensure regulatory compliance in drug development and distribution. The company’s models analyze clinical trial data, patient feedback, and adverse event reports to predict potential medication safety issues before regulatory agencies intervene. This proactive approach helps Pfizer stay ahead of FDA compliance requirements, minimize risks of drug recalls, and protect patient safety.
  5. Uber’s Predictive Risk Model for Regulatory Compliance has implemented predictive risk assessment models to monitor driver compliance with safety and licensing regulations across different jurisdictions. By analyzing driver behavior, customer complaints, and local regulatory trends, Uber can predict which regions will likely impose stricter regulations or where driver misconduct risks may increase. This allows the company to proactively adjust its compliance strategy, update policies, and strengthen enforcement measures before facing regulatory penalties.
  6. General Electric’s Predictive Compliance for Industrial Safety. GE has integrated predictive maintenance and compliance analytics into its industrial equipment operations. GE can predict when equipment failures or safety violations might occur by analyzing sensor data from turbines, jet engines, and manufacturing plants. This ensures regulatory compliance with occupational safety and environmental laws, reducing workplace accidents and avoiding hefty regulatory fines.

Predictive Compliance is a Game-Changer

The bottom line is that these examples demonstrate that predictive analytics is not just a theoretical concept; it is actively transforming compliance programs across industries. From financial institutions and global supply chains to healthcare, cybersecurity, and industrial safety, businesses use AI-powered insights to anticipate compliance risks and take proactive action.

The era of AI-powered compliance has arrived, and organizations that fail to embrace it risk being left behind. By leveraging AI-driven monitoring, predictive analytics, and investigative tools, compliance teams can enhance their ability to detect and prevent misconduct, streamline investigations, and strengthen their overall compliance posture. As regulators continue to raise expectations, companies must view AI not as a futuristic concept but as an essential component of a modern, proactive compliance regime.

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from The Adventure of Shoscombe Old Place

In this episode of the award-winning podcast ‘Adventures in Compliance,’ host Tom Fox dives into the compliance lessons from the Sherlock Holmes story ‘The Adventure of Shoscombe Old Place.’ This story, the final Sherlock Holmes short story collection, ‘The Case-Book of Sherlock Holmes’ by Sir Arthur Conan Doyle, provides rich insights into business ethics, investigative strategies, and leadership. The plot revolves around the suspicious activities at Shoscombe Old Place, a racing stable where Sir Robert Norberton engages in a series of questionable actions to save himself from financial ruin. Key compliance takeaways include the importance of due diligence, awareness of hidden vulnerabilities, and balancing trust with verification. Tom Fox translates these elements into contemporary corporate compliance lessons, urging listeners to maintain vigilance and skepticism, conduct thorough audits, and foster a culture of ethical behavior and proactive remediation.

Key highlights:

  • Compliance Lessons from The Adventure of Shoscombe Old Place
  • Holmes’ Investigation Unfolds
  • Unveiling the Truth

Resources:

The New Annotated Sherlock Holmes

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending February 22, 2025

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • You can take the KFC out of Kentucky. (NYT)
  • Grand jury investigating Synapse fraud.(WSJ)
  • Patel and Shein. (WSJ)
  • CTA back on. (WSJ)
  • DOJ guts bringing of corruption cases.(CNN)
  • Barclay’s faces money-laundering investigation. (WSJ)
  • Is settling litigation paying a bribe? (WSJ)
  • Wells Fargo Consent Decree terminated. (YaHooFinance)
  • JPMorgan purchase of Frank heads to criminal trial. (FT)
  • Of business plans and tariff changes. (Bloomberg)

For more information on the Ethico Toolkit for Middle Managers, available at no charge by clicking here.

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – A Roadmap for Compliance

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we discuss creating a roadmap for improving your compliance program.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Creativity and Compliance

Creativity and Compliance – Upping Your Compliance Game

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection—they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible. In this episode of Creativity and Compliance, Tom Fox and Ronnie Feldman take up the challenge handed down by Hui Chen in light of the administration’s suspension of FCPA enforcement to up their compliance game.

Ronnie begins by advocating for a transformation in compliance training, suggesting a shift from traditional e-learning methods to engaging communication campaigns emphasizing a Speak Up Culture and seamlessly integrating compliance into daily business operations. He believes that by using short, entertaining formats and training leaders to present content playfully, compliance can become more interesting and effective, positioning compliance professionals as valuable assets through proactive engagement and collaboration. Tom underscores the importance of compliance professionals being approachable and communicative, serving as problem solvers who collaborate with business units to achieve unexpected, beneficial outcomes. Both experts agree that by humanizing the compliance function and focusing on values and behaviors, compliance professionals can enhance their programs and contribute significantly to organizational success.

Key highlights:

  • Engaging Communication Campaigns for Compliance Training
  • Strategic Communication for Compliance Professionals
  • Cultivating Proactive Compliance Culture through Training Programs
  • Strategic Engagement for Compliance Professionals

Resources:

Ronnie

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets” these 90-second commercials address misconceptions and excuses to promote speak up culture and the E&C team as positive and helpful.
  • E&C Training Jams – a soulful singer banters with ethics & compliance explaining policies, sharing examples and debunking excuses. 
  • Tales from the Hotline – Real speak up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Creativity and Compliance was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
Blog

Upping Your Compliance Game, Part 5 – A Roadmap For Compliance Going Forward 

The Trump Administration has suspended FCPA enforcement for the foreseeable future. What does that mean for compliance professionals? Hui Chen has suggested that this is an opportunity for compliance, but to do so, “It’s time to up your game . . . Instead of selling insurance for FCPA enforcement, become leaders that help your organizations perform.” Based on this challenge by perhaps the most imminent compliance commentator around, this week I devoted all my blog posts to ways compliance professionals can indeed up their collective game. Today, I want to end by laying out a Roadmap for you to use going forward. LRN Corporation laid it out in its Ethics and Compliance Program Effectiveness Report (Effectiveness Report).

The report details four key findings symptomatic of an operationalized compliance program. Susan Divers, then Senior Advisor at LRN and now an Advisor at Ethena, noted the overarching theme is that ethics and compliance:

… programs centered on values are more effective than ones that aren’t. A values-based approach toward shaping culture emphasizes and sets expectations, not just about what can and cannot be done according to rules, but what should and should not be done in alignment with core beliefs. In rules-based environments, everyone’s job is to do the next thing right—to act correctly. In values-based environments, in contrast, everyone’s job is to do the next right thing—to act morally.

It is this drive to burn compliance into the DNA of an organization that fully operationalizes compliance. Think of any recent scandal, Boeing, Wells Fargo, Uber, Facebook, or you name the scandal, where if an employee had done the right thing instead of the illegal action, how much better off a company would have been? The four findings were:

The most effective E&C programs are embedded in business operations. Divers pointed out that a company must have thinkers, compliance, and values as part of its brand.” By doing so, each level in a company will understand its role from now on, from the Board of Directors, senior management, middle management, and the employee base. The company will train, develop, and promote an ethics and compliance program at each level. Divers provided an insightful example:

If I were to use one word to characterize all of them together, it would be holistic. The first one is embedding your E&C programs in your business ops. One big piece of that is your brand. For example, Volkswagen used to have a fantastic brand. When you thought of Volkswagen, you thought of basically a green car and one that was well engineered. Now, it’s a massive fraud. One headline I saw called it Hoaxwagen.

The most successful E&C programs use a variety of channels to convert guidance into practice. An effective compliance program will continuously communicate the corporate E&C values through multiple ongoing channels throughout the company. This speaks not only to upward and downward communications within an organization but also to inbound and outbound to the company. But more than simply saying there should be communication, the Effectiveness Report also assesses how communications occur through inquiring into the clearness and conciseness of messages and whether an organization uses more effective communication techniques such as shorter, more frequent training models or facilitated workshops as opposed to rote one-hour lectures from lawyers.

Communications can be made in other, more subtle manners. Consider the actual behaviors that the conduct shows. Divers said that at LRN:

We’re not so fond of the tone at the top here. We’re fonder of actions at the top because tone can be one thing, and actions are another. Whether managers’ ethical behavior counts regarding promotion and bonuses is where the rubber meets the road in many places, and that makes a huge difference. Another aspect of that is making middle managers accountable for ethics and compliance in their business, and the good programs coach people in that aspect. Those are some key aspects of how you embed it in business ops.

High-performing programs proactively convert regulatory guidance into practice. This was not often discussed enough as many compliance practitioners struggle to convert DOJ pronouncements, comments, or lessons learned from FCPA enforcement actions into practical guidance. As the Effectiveness Report notes, “The most effective programs internalize such guidance and continuously improve.” Here, one might consider an example torn from the headlines: when the Walmart corruption scandal in Mexico broke, I called one CCO the next day who told me he had already put a PowerPoint presentation in front of his senior management about the perils of finding your corporate name splashed across the front page of the New York Times alleging your organization of bribery and corruption.

Divers considered this finding from another perspective. She stated:

You have to look for the actual challenge the people view in the company, whether that’s sales force or other disciplines. There are many different and positive ways, not just negative ones. One of the things we did was that we didn’t just tell people that serious actions meant this; we looked at actual business cases where people had done the right thing and made the right choices to comply with regulations, and that’s very powerful for modeling. Another aspect of that is how you embed your Code of Conduct. Do you just put it on the website and say, “Great, here it is. Read it,” or do you have a discussion? Those are more effective.

High-performing programs spread their impact broadly, recognizing that the entire organization needs to be engaged in ethics. This finding considers whether an organization has moved away from a “silo-based approach to ethics and compliance.” It did so by reviewing how the different corporate functions work as catalysts for imbuing your organization’s values in their specific corporate discipline. Here, Divers related, “High-performing programs aren’t sitting in a closet somewhere; they are only visited when there’s an ethics issue. High-performing programs are out there. They work across the corporation with human resources, internal audit, legal, and even sales and marketing, as well as finance and accounting, to ensure that ethics are a part and parcel of business operations.”

We have considered a variety of compliance innovations. I have often said that a compliance program must be strengthened to meet new or updated risks, opportunities, or regulations. Innovation is one of the best ways to boost it. Finally, and perhaps most importantly, as a compliance practitioner, remember you are only limited by your imagination. As Hui Chen noted, this is a great opportunity for compliance.