Tag: compliance

Categories
Blog

How Compliance Can Leverage Agentic AI Systems, Part 2

Agentic AI systems, with their unique ability to operate autonomously, present a game-changing opportunity for corporate compliance functions. In a recent article in Bloomberg entitled “Using AI Agents Requires a Balance of Trust, Privacy, Compliance,” Sabastian Niles, President, and Chief Legal Officer of Salesforce, discussed AI agents’ roles. Today, we, therefore, enter the world of agentic AI systems. Understanding this new breed of AI is essential for compliance professionals to harness its power responsibly while safeguarding trust, privacy, and compliance.

Unlike traditional chatbots or large language models that are limited to providing static responses, Agentic AI systems can analyze complex data, adapt to new information, and take actions based on predefined parameters. This capability can revolutionize compliance operations by introducing efficiencies, enhancing decision-making, and improving the organization’s ability to anticipate and respond to risks. However, leveraging these systems effectively requires compliance professionals to approach them thoughtfully and strategically. Over this three-part blog series, I will explore what Agentic AI systems are, how they can be used in compliance, and how to use Agentic AI going forward. In Part 2, we look at how compliance can use Agentic AI systems.

Understanding the Potential of Agentic AI in Compliance

Agentic AI is distinguished by its autonomy. These systems do not simply respond to queries; they execute tasks, provide actionable insights, and adapt to changing circumstances with minimal human intervention. For compliance professionals, this shift represents an opportunity to go beyond even monitoring and detection. Instead, compliance teams can integrate AI agents into their workflows to proactively manage risks, enhance internal processes, and improve the organization’s overall compliance posture. Here are some specific ways agentic AI systems can be applied within the compliance function.

Automating Routine Tasks. Many compliance activities are repetitive and resource-intensive, leading to inefficiencies and bottlenecks. Agentic AI can streamline these processes by handling internal inquiries. AI agents can respond to frequently asked compliance questions from employees, such as clarifications on company policies, reporting obligations, or training requirements. This reduces the workload on compliance officers while ensuring consistent and accurate responses.

Agentic AI can assist in managing external counsel and external consultant relationships. For companies working with multiple external legal advisors, Agentic AI can automate the tracking of legal expenses, performance metrics, and case statuses, providing a centralized view of outside counsel activities. Finally, Agentic AI can be a game-changer in monitoring transactions on a real-time and ongoing basis. Agentic AI systems can autonomously review large volumes of financial transactions to identify red flags, such as unusual payment patterns or potential violations of anti-corruption laws.

  • Enhancing Decision-Making

Compliance often involves making decisions based on a wide array of data, from regulatory updates to internal audit findings. Agentic AI can enhance this process by providing real-time insights. It can analyze data across the organization to identify emerging risks, such as changes in geopolitical conditions or new regulatory developments, and provide recommendations on how to address them.

Agentic AI can also help reduce human error. Agentic AI can help eliminate biases or oversight errors in compliance assessments, ensuring that decisions are more objective and accurate. It can also model the potential impact of regulatory changes or proposed business initiatives, allowing compliance teams to anticipate challenges and provide informed guidance to leadership.

  • Driving Resilience

The regulatory environment is constantly evolving under the second Trump Administration, and organizations must be able to adapt quickly. Agentic AI can help compliance teams stay ahead by monitoring regulatory changes. It can automatically track and analyze updates to laws and regulations worldwide, highlighting changes relevant to the organization and suggesting actions to ensure compliance.

One of the key areas the Department of Justice communicated back in 2020 and brought forward in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) was the need for risk assessments as your risk changes. Agentic AI moves you to a level beyond this with proactive risk assessments. By analyzing internal and external data, AI systems can identify vulnerabilities and recommend preventive measures, reducing the likelihood of compliance failures. It can also assist in your incident and triage process by investigating the issue, gathering evidence, and suggesting corrective actions, enabling the organization to respond more effectively.

Managing the Risks of Autonomy

While the autonomy of agentic AI systems offers significant benefits, it also introduces new risks that compliance professionals must address. Poor data quality and bias will still generate suboptimal results. Poor-quality or incomplete data can lead to incorrect or biased outputs from AI systems. Compliance teams must ensure that the data used by these systems is accurate, representative, and regularly updated.

The autonomous nature of Agentic AI means that organizations must establish clear guidelines for oversight and accountability. This includes defining when human intervention is required and ensuring that AI decisions align with organizational values and regulatory requirements. Finally, there are the dual areas of transparency and accountability. One of the most critical challenges with agentic AI is understanding how the system arrives at its decisions. Compliance teams must advocate for transparency in AI operations and develop mechanisms to explain decisions to regulators, stakeholders, and employees.

Steps for Compliance Teams to Adopt Agentic AI

To maximize the benefits of agentic AI while minimizing its risks, compliance teams should take the following steps:

  1. Assess Current Processes. Begin by identifying compliance activities that are repetitive, time-consuming, or prone to error. These are often the best candidates for automation through agentic AI.
  2. Pilot AI Applications. Before deploying AI across the entire compliance function, start with pilot projects in specific areas, such as policy monitoring or transaction reviews. Use pilots to test the system’s capabilities, identify potential risks, and gather feedback.
  3. Strengthen Data Governance. Agentic AI relies heavily on data, making strong data governance practices essential. This includes implementing controls to ensure data accuracy, managing access to sensitive information, and maintaining compliance with data privacy regulations.
  4. Develop Ethical Guidelines. Work with cross-functional teams to establish ethical guidelines for AI use. These guidelines should cover issues such as transparency, accountability, and acceptable use and should be reviewed regularly to reflect evolving best practices and regulatory standards.
  5. Provide Training and Support. Compliance teams must be equipped to work effectively with AI systems. Offer training to help team members understand how agentic AI works, how it can be used responsibly, and their role in overseeing its operations.
  6. Establish a Feedback Loop. Implement processes for continuously monitoring AI performance and gathering feedback from users. Use this information to refine the system and address any issues that arise.

Down the Road

Agentic AI systems represent a powerful tool for compliance functions, offering the potential to enhance efficiency, improve decision-making, and build resilience. However, these benefits can only be realized if the technology is implemented responsibly. Compliance professionals must balance leveraging AI’s capabilities and maintaining the trust, privacy, and ethical standards critical to the organization’s success.

By taking a proactive approach to understanding and adopting agentic AI, compliance teams can streamline their own operations and position themselves as strategic partners in driving the organization’s broader innovation and risk management efforts. The question is no longer whether compliance teams should embrace agentic AI but how they can do so responsibly and effectively.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The IG Friday Night Massacre

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this Compliance into the Weeds episode, Tom Fox and Matt Kelly explore the Trump Administration’s summary of the Friday night firing of 17 US Inspector Generals.

They explore the background and illegality of these firings, highlighting the critical role Inspector Generals play in the federal government by investigating fraud, mismanagement, and abuse. Furthermore, they discuss the implications for compliance professionals, comparing this situation to what would be deemed unacceptable in corporate settings. The conversation also touches on potential consequences, such as increased False Claims Act lawsuits and the problematic precedent set for the rule of law within federal agencies.

Key highlights:

  • The Friday Night Massacre: What Happened?
  • Role and Importance of Inspectors General
  • Comparisons to Corporate Governance
  • Potential Consequences and Future Outlook

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 29 – Enhancing Compliance through Automation

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

Traditional compliance reporting methods, often reliant on manual processes like Excel spreadsheets, are time-consuming and prone to errors. This episode explores how Chief Compliance Officers and compliance professionals can enhance their programs through automation. By adopting data-driven solutions and leveraging regulatory operations (Reg Ops), it’s possible to provide near real-time reporting and improve decision-making efficiency. The focus is on integrating existing security and compliance tools, gathering real-time evidence, automating compliance gap tickets, and generating comprehensive reports for stakeholders. However, challenges like balancing data accuracy and security and the cultural transformation required for adopting these new practices are critical considerations. Embracing data-driven compliance can help organizations modernize and keep pace with the evolving regulatory landscape.

Key highlights:

  • Challenges in Traditional Compliance Reporting
  • The Role of Reg Ops in Compliance
  • Integrating Tools for Real-Time Compliance

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Great Women in Compliance

Great Women in Compliance – Karolina Aleksandrova on Compliance in Eastern Europe and Ukraine

We know Great Women in Compliance are usually superheroes, but this woman takes it to another level. Karolina Aleksandrova is the founder of ProMoney, a consultancy based in Ukraine. Before delving into her career path and how she is building an E&C community in Eastern Europe, she gives us a peek into her day-to-day life. She talks about the people’s resilience and how they continue to live their day-to-day lives, whether taking children to school, working, or hearing warnings of bombings.

Lisa and Karolina spoke about how she got into compliance and building the Eastern European community with her conferences. She talks about the region’s unique needs and how the Eastern European community has united at the events and in their networks. They also discuss how #GWICs can support the E&C community, especially women, who can support our peers in Eastern Europe.

We are grateful for Karolina’s insights. This was her first podcast, and she did it in English. Just wow!

We hope you are enjoying the Great Women in Compliance podcast. If you do, please provide a rating or review and feedback regarding what you would like us to do next.

Categories
Blog

What Are Agentic AI Systems, Part 1

We live in an era where artificial intelligence (AI) is no longer just a tool for answering questions or providing recommendations; it has strengthened into a partner capable of acting on our behalf. In a recent article in Bloomberg entitled Using AI Agents Requires a Balance of Trust, Privacy, Compliance, Sabastian Niles, President and Chief Legal Officer of Salesforce, discussed the role of AI agents. Today, we, therefore, enter the world of agentic AI systems. Understanding this new breed of AI is essential for compliance professionals to harness its power responsibly while safeguarding trust, privacy, and compliance. Over this three-part blog series, I will explore what Agentic AI systems are, how they can be used in compliance, and how to use Agentic AI going forward.

Defining Agentic AI Systems

In simple terms, Agentic AI does not simply inform; it acts. For compliance professionals, this opens up many possibilities for automating tasks, improving efficiency, and enhancing decision-making. However, with greater autonomy comes greater responsibility, particularly in ensuring these systems operate ethically and within regulatory boundaries.

Agentic AI systems differ significantly from traditional AI tools like chatbots or standalone large language models. While the latter is primarily reactive, responding to queries or prompts, Agentic AI systems operate with a higher degree of autonomy. These systems can analyze data, adapt to new information, and act within pre-defined parameters without requiring constant human oversight. Some of the key differences include the following.

  1. Autonomy. Unlike traditional AI, which often requires human input to execute tasks, agentic AI can take the initiative within established guidelines.
  2. Adaptability. Agentic AI learns and develops based on new data or changing conditions, making it highly dynamic.
  3. Action-Oriented. These systems can analyze data and decide and execute tasks in real time.

For example, imagine a compliance chatbot that answers employees’ questions about corporate policies. While useful, this chatbot cannot take further steps, such as generating a personalized policy report or flagging potential compliance risks. On the other hand, an Agentic AI system could handle these additional tasks autonomously, freeing compliance teams to focus on more strategic priorities.

Agentic AI in Action for Compliance

What does agentic AI mean for the compliance function? Essentially, it represents an opportunity to reimagine how compliance teams operate, enabling them to do more with less. Here are a few ways agentic AI systems can be used effectively in corporate compliance.

  1. Automating Repetitive Tasks. Compliance professionals often find themselves bogged down by routine, resource-intensive tasks. Agentic AI can take over many of these responsibilities, such as in policy management automation, by reviewing and updating compliance policies based on regulatory changes. You can provide employee support by responding to frequently asked compliance questions and escalating complex issues to the appropriate team members. You can move it outside your organization by continuously assessing third-party risks and analyzing real-time data, such as media reports or transaction histories.
  2. Enhancing Risk Assessment. Agentic AI systems can analyze vast amounts of data quickly and accurately, making them invaluable for identifying and mitigating risks. They can assist in transaction monitoring by detecting anomalies in financial transactions that may show potential fraud or corruption. You can move to more proactive risk screening by monitoring news and regulatory updates to identify emerging risks that could impact the organization. Most excitingly, they can provide predictive analytics. They could allow you to expect compliance challenges based on historical trends and current data.
  3. Supporting Decision-Making. With their ability to analyze complex data and generate actionable insights, agentic AI systems can help compliance teams make better-informed decisions. This can include scenario planning and forecasting by modeling the impact of potential regulatory changes on the organization. As the Department of Justice reminded us in the 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update), you can move to true data-driven recommendations to provide documented guidance on addressing identified risks or improving compliance processes. Finally, in the never-ending battle for resource allocation, Agentic AI can identify areas where compliance efforts should be prioritized for maximum impact.

The Risks and Responsibilities of Agentic AI

While the benefits of agentic AI are clear, compliance professionals must approach its adoption cautiously. The autonomy of these systems introduces new risks. First and foremost is data integrity and Garbage In, Garbage Out (GIGO), which tells us that AI systems are only as good as the data they process. The system’s outputs could be flawed if the data is incomplete, biased, or outdated. Accountability and transparency are critical, as the question will be asked, “When AI systems make decisions or take actions, who is ultimately responsible?” Compliance teams must establish clear guidelines to ensure accountability and transparency. Finally, there are the ethical concerns involved. The ability of agentic AI to act autonomously raises questions about transparency, fairness, and privacy. These concerns must be addressed through robust governance and ethical guidelines.

Why Compliance Professionals Should Care

Agentic AI systems are not just another tech innovation—they are a significant change that will shape the future of compliance. By understanding these systems, compliance professionals can position themselves as strategic enablers, helping their organizations harness the power of AI responsibly. Compliance teams are uniquely positioned to ensure that AI systems operate transparently and ethically, fostering stakeholder trust.

As AI-specific regulations emerge, compliance professionals will play a critical role in ensuring adherence to new legal standards, as echoed in the 2024 Update.

By integrating agentic AI into their workflows, compliance teams can improve efficiency, reduce costs, and drive profitability in the company. It will certainly demonstrate an increased ROI for compliance.

The Path Forward

The rise of agentic AI systems represents a transformative opportunity for compliance professionals, but only if implemented thoughtfully and responsibly. By embracing this technology, compliance teams can move from being seen as cost centers to becoming innovation partners, driving compliance and business success.

The key is striking the right balance: leveraging the autonomy of agentic AI to achieve efficiencies while maintaining the trust, privacy, and ethical standards foundational to compliance. As compliance professionals, we can lead this transformation, ensuring that agentic AI serves as a tool for good, not a source of risk. The bottom line is that the future of compliance is not simply about saying no to innovation; it is about guiding it responsibly. Let Agentic AI be your ally in this journey.

Join us tomorrow in Part 2, to discuss how to use Agentic AI systems.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 28 – The Importance of Data Governance

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 28, we look into the crucial importance of data governance in compliance and cybersecurity. As data generation increases, businesses must enhance their efforts in managing, organizing, and preserving data to meet regulatory obligations and ensure accuracy, accessibility, and adherence to legal standards. We discuss the growing trend of converging compliance, data governance, and cyber security and the necessity of breaking down organizational silos for effective collaboration. Business and legal teams rely on well-managed data to make informed decisions, analyze trends, and measure key performance indicators.

The episode also covers the challenges in gaining buy-in from the ELT and the vital process of transforming corporate culture to prioritize data governance and cybersecurity. We touch on the complexities of regional data privacy laws inspired by GDPR and emphasize the importance of understanding specific regulations for compliance. With key takeaways, including the significance of data preservation, the intertwined nature of compliance, data governance, and cybersecurity, and the urgency for organizations to prioritize data governance, this episode is packed with essential insights for compliance professionals.

Key highlights:

  • The Role of Data Governance in Compliance and Cybersecurity
  • Data Governance and ESG
  • Understanding Data Privacy Laws

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Blog

AI and Compliance Training

AI-driven training tools are transforming how organizations deliver compliance programs. By offering personalized, interactive, and role-specific training at scale, AI eliminates many cost and logistical barriers that have historically made tailored training challenging. This evolution improves engagement and reduces compliance risks by equipping employees with relevant, actionable knowledge. Today, I want to explore how AI reshapes compliance training, supplemented with real-world examples of companies leading the charge.

Personalization at Scale

AI analyzes vast amounts of data, an employee’s role, learning history, and performance metrics to create tailored training experiences. This ensures that the content is directly relevant to each employee’s responsibilities. For example, a sales team focusing on international transactions might focus on anti-bribery and corruption rules under the FCPA. A procurement team could receive training on vendor due diligence, export control and sanctions, and conflict-of-interest disclosures. Conversely, a finance staff member might dive into anti-money laundering (AML) and financial controls.

You can integrate AI into your global compliance training programs to tailor content to employees’ roles. Through machine learning, your system can deliver specific modules to individuals, ensuring that high-risk roles receive advanced training while others get streamlined, relevant content. The result will be better alignment between training content and operational realities, boosting engagement and effectiveness.

Just-in-Time Learning

AI enables “just-in-time” learning, delivering content at the precise moment it’s needed. For example, an employee preparing to interact with a foreign government official might receive a refresher module on anti-corruption policies before the meeting. Similarly, an employee about to onboard a vendor might receive training on due diligence best practices. This approach effectively ensures that employees apply their knowledge in real-world scenarios when it matters most. It also minimizes the “forgetting curve” by delivering training in digestible chunks that reinforce memory retention.

This means you can use AI to deliver microlearning modules through your internal compliance training platform. Employees receive targeted reminders about data privacy regulations when working on projects involving personal data, ensuring compliance is seamlessly integrated into daily workflows.

Enhanced Engagement Through Gamification 

AI makes compliance training engaging by incorporating gamified elements like quizzes, leaderboards, and decision-making simulations. These interactive features transform mundane lessons into enjoyable experiences, boosting motivation and retention. Imagine employees participating in a simulated bribery scenario, navigating ethical dilemmas in real time. Such immersive experiences teach policies and foster critical thinking and decision-making skills.

For example, PwC’s Game of Threats™ is a digital game that simulates the speed and complexity of a real-world cyber breach. It is designed to help executives “understand the steps they can take to protect their companies. The game environment creates a realistic experience where both sides, the company and the attacker, are required to make quick, high-impact decisions with minimal information.” You can “coach players through realistic scenarios with different types of threat actors and their preferred methodologies and explain what they can do to better prevent, detect, and respond to an attack.”

Continuous Improvement

AI-powered platforms don’t just deliver training; they learn and adapt. These systems analyze performance metrics, such as quiz scores and engagement rates, to identify areas where employees struggle. Based on this data, the platform refines its content, ensuring that training evolves alongside organizational needs and regulatory changes.

One company implemented AI-driven tools for compliance training that adapt based on user feedback and performance data. If employees consistently fail a particular module, the AI identifies gaps and adjusts the content to address misunderstandings more effectively.

Cost-Effective Solutions for Large Organizations

Scaling traditional training methods across a large global workforce is challenging and expensive. AI simplifies this by automating the customization process, ensuring consistent quality across teams and geographies. It also reduces costs associated with in-person training sessions and printed materials—one large multinational leveraged AI to implement a scalable compliance training platform for its over 150,000 employees. By automating the delivery of role-specific training modules and offering multi-language support, Unilever significantly reduced training costs while maintaining high levels of engagement and effectiveness.

Overcoming Barriers to AI Adoption in Compliance Training

Unfortunately, despite its obvious benefits, some organizations hesitate to adopt AI-driven compliance training due to perceived challenges. Some of these challenges include one or more of the following concerns: The Cost Concern is where the initial investment in AI tools seems way too high. This is even where the long-term savings, through improved training efficiency and reduced compliance risks, far outweigh the upfront expenses. Another concern is around the Technological Complexity. Partnering with experienced vendors or consultants can simplify the implementation process, ensuring seamless integration with existing systems. Finally, there is the ever-present Cultural Resistance. Employees may resist AI-driven training for fear of surveillance or skepticism about its effectiveness. Clear communication about how AI enhances training rather than replacing human oversight can help alleviate these concerns.

The Future of Compliance Training: AI as a Strategic Advantage

AI-driven compliance training is more than just a technological upgrade; it is a strategic advantage that organizations can use in various ways. It can mitigate compliance risks by delivering tailored, engaging, and timely training. AI reduces the likelihood of compliance violations and associated penalties. It can build and foster trust between compliance and your customer base, which is corporate employees. Employees who feel supported with relevant, engaging training are more likely to embrace compliance as part of their workplace culture. Finally, it will allow you to stay ahead of the compliance curve in training and potentially the Department of Justice (DOJ). AI ensures training evolves alongside regulatory changes, keeping organizations proactive rather than reactive.

The message is clear: Investing in AI-driven compliance training is not just about ticking boxes; it is rather about building a resilient, ethical organization that thrives in today’s complex regulatory environment. If your company has not yet embraced the AI revolution in compliance training, now is the time to explore the possibilities. With the right tools and a commitment to meaningful employee engagement, you can transform compliance from a checkbox exercise into a powerful driver of business success.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 27 – The Compliance Function in an Organization

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 27, we explore the growing importance and responsibilities of the compliance function within corporations, emphasizing the need for adequate staffing, resources, and independence. The 2020 FCPA Resource Guide outlines key factors that the DOJ considers indicative of an effective compliance program, including the quality of personnel, authority, compensation, and reporting structure. We delve into the necessity of properly funding compliance initiatives and ensuring the organization empowers and sufficiently supports compliance professionals. The updated Corporate Enforcement Policy emphasizes the prevention of retaliation against compliance investigators and the need for a robust structure supporting the compliance program. We conclude with three key takeaways for enhancing compliance functions: evaluating their treatment in the budget process, ensuring management respects compliance decisions, and considering the implications of outsourced compliance services.

Key highlights:

  • DOJ’s Expectations for Compliance Programs
  • Funding and Resources for Compliance
  • Compliance Program Structure and Authority

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from ‘The Adventure of the Lion’s Mane’

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case-Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider a story more from the Natural World, The Adventure of the Lion’s Mane.

In this episode, Tom dives into ‘The Adventure of the Lion’s Mane,’ a lesser-known Holmes tale set in Holmes’ retirement on Sussex Beach. The story includes a mysterious and agonizing death of a science master, initially suspected to be a murder but revealed to be caused by a lion’s mane jellyfish. This episode draws crucial compliance lessons from the narrative, such as the importance of root cause analysis, adaptability in new roles, vigilance on external risks, methodical investigations, and effective communication.

We show how Sherlockian deduction parallels the skills needed for compliance professionals to address unseen threats, adapt to dynamic environments, and ensure meticulous documentation. Tom encourages compliance officers to emulate Holmes’ analytical rigor to build robust programs tackling unexpected challenges.

Highlights include:

  • Unraveling the Mystery
  • Compliance Lessons from The Adventure of the Lion’s Mane
  • Holmes’ Investigative Techniques
  • Understanding External Risks
  • Effective Investigation Strategies
  • The Importance of Communication

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Unseen Threats and Deduction: Compliance Lessons from The Adventure of the Lion’s Mane

Sherlock Holmes, the master of deduction, seldom worked without Dr. Watson. Yet in The Adventure of the Lion’s Mane, Holmes takes center stage in a quiet coastal town, solving a case that presents no apparent suspects, no human culprit, and a mystery rooted in the natural world. For corporate compliance professionals, this unusual story offers rich lessons about vigilance, adaptability, and the importance of robust investigative techniques. The story is unusual for several reasons, including Holmes’s first-person narrative. Also, the case involves an antagonist from the natural world instead of the human world.

Equally interesting are the lessons the story can teach the 21st-century compliance professional. Today, I will examine five key compliance lessons from Holmes’s encounter with the lion’s mane jellyfish. For additional information on the story and commentary, check out the podcast Compliance Lessons from The Lion’s Mane on the Compliance Podcast Network.

Unraveling Unseen Threats: The Importance of Root Cause Analysis

In this story, the victim collapses after screaming the cryptic words “The lion’s mane!” while bearing strange, whip-like marks on his body. At first, suspicion falls on human suspects, but Holmes’s methodical approach reveals the true cause: a Cyanea capillata jellyfish, an elusive and deadly natural threat. The case highlights a critical point for compliance professionals: risks may not always appear obvious, and solutions often require digging beneath the surface.

In the compliance world, it is often tempting to stop at the first explanation for misconduct, such as blaming individual employees or focusing on the visible symptoms of an issue. However, failing to identify the root cause leaves your organization vulnerable to repeated compliance failures. Whether dealing with third-party bribery risks, internal fraud, or systemic policy gaps, the Department of Justice has made clear in the 2024 Update to the Evaluation of Corporate Compliance Programs, that a root cause analysis is a cornerstone of effective compliance programs, re-emphasizing the need for both performing a root cause analysis and equally importantly using it to remediate your compliance program. It stated, “A hallmark of a compliance program that works effectively in practice is the extent to which a company can conduct a thoughtful root cause analysis of misconduct and timely and appropriately remediate to address the root causes.”

It stated what additional steps the company has taken “that demonstrate recognition of the seriousness of the misconduct, acceptance of responsibility for it, and implementing measures to reduce the risk of repetition of such misconduct, including measures to identify future risk.” The following questions were then posed:

Root Cause Analysis—What is the company’s root cause analysis of the misconduct at issue? Were any systemic issues identified? Who in the company was involved in making the analysis?

Prior Weaknesses—What controls failed? If policies or procedures should have prohibited the misconduct, were they effectively implemented, and have functions that had ownership of these policies and procedures been held accountable?

Adaptability in Unfamiliar Environments

Holmes’s seaside investigation takes him far from his usual London setting. Without the bustle of Baker Street or Watson’s steady presence, Holmes must rely entirely on his deductive skills and adaptability. This scenario mirrors the modern compliance officer’s challenge of addressing new and unfamiliar risks.

For example, your organization may expand into a new market or pivot its business model, exposing it to unfamiliar regulatory requirements or operational risks. In these situations, compliance professionals must act as business partners, guiding the organization through uncharted waters while ensuring compliance remains a priority.

You should begin with the question of who should perform the remediation; should it be an investigator or an investigative team that was part of the root cause analysis? Jonathan Marks believes the key is both “independence and objectivity.” An investigator or investigative team may be a subject matter expert and “therefore more qualified to get that particular recourse.” Yet, to perform the remediation, the key is to integrate the information developed from the root cause analysis into the solution.

Accounting for External Risks

The lion’s mane jellyfish, a force of nature, represents the kind of external risk that organizations often overlook. External risks, whether from geopolitical shifts, third-party misconduct, or environmental factors, can devastate even the most robust compliance programs if not properly managed.

Consider the recent focus on supply chain risks. An organization may have strong internal controls, but a third-party supplier engaging in unethical practices can still expose it to liability. Therefore, due diligence and ongoing monitoring are essential to an effective compliance program. Some of the key actions you can take include the following:.

Conduct comprehensive third-party due diligence before onboarding suppliers, agents, or contractors; regularly review external risks as part of your enterprise risk management (ERM) program; and implement tools and technologies to monitor external developments in real-time, such as sanctions lists or geopolitical instability.

The Power of Patience and Observation 

Holmes’s resolution hinges on his meticulous observation of minor details, marks on the victim’s body, the jellyfish’s natural habitat, and the timeline of events. He doesn’t rush to conclusions or allow others’ assumptions to sway him. Instead, he systematically gathers evidence and applies his knowledge to reach the correct conclusion. This approach underscores the importance of methodical, data-driven investigations for compliance professionals. Whether handling an internal whistleblower complaint or responding to a regulatory inquiry, rushing the process can lead to missed details or flawed conclusions.

You may also have deficiencies in internal controls. Failing to remediate gaps in internal controls “allows additional errors or misconduct to occur and thus could damage the company’s credibility with regulators” by allowing the same or similar conduct to reoccur. Finally, with both the 2024 ECCP and FCPA Corporate Enforcement Policy, the DOJ has added its voice to prior SEC statements that regulators “will focus on what steps the company took upon learning of the misconduct, whether the company immediately stopped the misconduct, and what new and more effective internal controls or procedures the company has adopted or plans to adopt to prevent a recurrence.”

Communication as a Compliance Superpower

One of Holmes’s strengths lies in his ability to explain complex phenomena in a way others can understand. In this story, he demystifies the jellyfish’s deadly nature for the local community, helping them grasp their danger and take appropriate precautions. Communication is equally critical. Whether presenting findings to the board, conducting employee training, or preparing reports for regulators, you must convey complex information clearly and compellingly. The best compliance programs are not just comprehensive; they are understood and embraced by everyone in the organization.

For compliance professionals, there are several actions you can take. First, tailor your communication style to your audience, whether it’s frontline employees, senior leadership, or regulators. Next, use data visualization, case studies, and real-world examples to make your message relatable and memorable. Finally, foster a culture of transparency, ensuring employees feel empowered to ask questions and report concerns without fear of retaliation.

Final Thoughts 

The Adventure of the Lion’s Mane is a tale of hidden threats, careful investigation, and the power of critical thinking—qualities that resonate deeply with the compliance profession. Holmes’s success lies in adapting to unfamiliar circumstances, uncovering an unseen danger, and effectively communicating his findings. Compliance officers need these skills to navigate the complex and ever-changing corporate risk landscape.

As you reflect on Holmes’s seaside investigation, consider how his methods can inspire your compliance practices. Are you conducting root-cause analyses with the same rigor? Have you adapted your program to account for external risks? And most importantly, are you equipping your organization with the tools and knowledge to prevent compliance failures before they occur?

By channeling Sherlock Holmes’s spirit of deduction and vigilance, you can strengthen your compliance program and ensure it is prepared to face even the most unexpected challenges. When the next hidden risk emerges, you will be ready to solve the mystery with precision and confidence, just like Sherlock Holmes.