Categories
AI Today in 5

AI Today in 5: June 4, 2026, The Circular Bet Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Why AI will reshape compliance. (FinTech Global)
  2. How compliance can unlock AI innovation. (TechRadar)
  3. WK expands AI offering for regulated industries. (WoltersKluwer)
  4. 6 top worries for AI in healthcare. (HealthExec)
  5. AI as a ‘circular bet’. (Bloomberg)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Great Women in Compliance

Great Women in Compliance: Wildly Effective, 10 Years Later

Author and compliance professional Kristy Grant-Hart on the 10th anniversary of her book. 

Sarah Hadden sits down with Kristy Grant Hart to discuss the 10th anniversary edition of her influential book, How to Be a Wildly Effective Compliance Officer. They explore how the compliance profession has evolved over the past decade — from a rules-and-regulations mindset toward a more human-centered approach grounded in influence, resilience, storytelling, and leadership.

They also dig into some of the book’s more debated ideas, including personal branding, visibility, networking, and whether being “wildly effective” requires becoming an influencer.

Along the way, they tackle burnout, resilience, AI’s rapidly expanding role and why human judgment remains irreplaceable. This is a candid and energizing conversation about what it really takes to thrive in compliance today — and why the future of the profession is bright.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 2 – Leadership and Training Lessons from Charlie X

In this episode of Trekking Through Compliance for 2026, we consider leadership and training lessons from Charlie X, which aired on September 15, 1966, Star Date 1533.6.

Story

The USS Enterprise meets the merchant vessel Antares to take charge of Charlie Evans, the sole survivor of a transport ship that crashed on Thasus. For fourteen years, seventeen-year-old Charlie grew up alone, stranded in the wreckage, learning to communicate with the ship’s computer systems, which remained intact.

Despite his eagerness to please, Charlie becomes obnoxious because his lack of upbringing has left him without knowledge of social norms or control over his emotions. He latches on to Captain Kirk as a father figure and develops an infatuation with Yeoman Janice Rand. He demonstrates extraordinary telepathic and matter-transmutation powers. When the Antares is nearly out of sensor range, it transmits a message to the Enterprise. The message is cut off before it can convey a warning. Scanners show that Antares has been reduced to debris.

Realizing Charlie’s powers are too great to be controlled, Kirk opts to divert from Alpha V to at least keep Charlie away from a civilized world where he would wreak havoc. Charlie discovers Kirk’s plans and takes control of the Enterprise.

A Thasian ship approaches and restores the Enterprise and its crew to their proper forms. The Thasian commander says that his race gave Charlie his powers so he could survive in their world, but these powers (which they can’t remove from him) make him too dangerous to live among humans. Charlie begs Kirk not to let the aliens have him since the Thasians lack any physical form or capacity for love. However, the Thasians reject Kirk’s argument that Charlie belongs with his kind, with a final echoing wail of “I wanna stay!

Commentary

The episode explores the story of Charlie Evans, a young man with dangerous telekinetic powers, and draws parallels to modern compliance and mental health issues. Tom discusses the responsibilities that come with power, the importance of training and supervision, handling unpredictable behavior, clear communication, crisis management, and addressing misconduct. He also reflects on recent real-world events, such as the Uvalde school shooting and the challenges of addressing mental health in compliance programs.

Key highlights:

1. The Responsibilities of Power—Strength Without Structure

🖖 Illustrated by: Charlie turning crew members into nothingness when they anger him.

Charlie is gifted with tremendous abilities but lacks any ethical framework or boundaries. This is a vivid metaphor for what happens when individuals inside an organization gain influence or access without training or accountability. Think of an unmonitored executive with access to financial controls or an engineer with override access but no compliance training—a ticking time bomb.

2. Training and Supervision—It’s Not Optional, It’s Essential

🖖 Illustrated by: Kirk’s attempt to guide Charlie and his later regret at not recognizing the full scope of the risk.

Charlie’s guardianship was left to chance: no proper onboarding, no safety protocols. Sound familiar? In corporate compliance, onboarding isn’t just about day one—it’s about culture shaping. Organizations must ensure that individuals with a higher risk potential receive both guidance and oversight from the outset.

3. Unpredictable Behavior and Ethical Culture—From Red Flag to Alarm Bell

🖖 Illustrated by: Charlie’s mood swings and escalating aggression, which are repeatedly ignored until it’s too late.

The crew notices early signs—jealousy, possessiveness, emotional outbursts—but tolerates them. This reflects the real-world danger of brushing off early signs of a toxic culture. A strong compliance function identifies behavioral red flags before they escalate into corporate crises.

4. Communication and Escalation Protocols—Say Something, Do Something

🖖 Illustrated by: Janice Rand’s discomfort and unease around Charlie, which she initially tries to manage on her own.

Rand’s growing fear underscores the difficulty of speaking up, especially when someone powerful appears to be protected. Her reluctance reminds us that a speak-up culture is not automatic. Companies must establish genuine channels for complaints, empower employees to utilize them, and respond promptly and transparently.

5. Crisis Management—Too Late is Still Too Late

🖖 Illustrated by: The crew’s loss of control over the Enterprise, forcing alien intervention to remove Charlie.

The crew fails to contain the situation internally. It takes external, godlike beings to restore order—a cautionary tale for compliance leaders. If a company waits until the crisis has gone public or regulatory bodies step in, internal credibility is lost. Crisis planning and early intervention are crucial in protecting the organization before outside authorities are required to intervene.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Charlie X: Power Without Boundaries – A Compliance Nightmare

Today, we explore the explosive volatility of Charlie X—a story about unchecked power, emotional instability, and the dire consequences of failing to enforce rules and structure. Charlie Evans, a teenage orphan raised by aliens, is taken aboard the Enterprise, possessing extraordinary telekinetic abilities but lacking social training, emotional discipline, and accountability. That combination proves disastrous. We consider how Charlie’s descent into violence mirrors risks faced by compliance professionals when misconduct is ignored, misbehavior is tolerated, and power is given without oversight. In today’s corporate world, “Charlie X” is less about space and more about leadership responsibility, psychological safety, and early intervention.

Key Highlights and Star Trek Case Studies:

1. The Responsibilities of Power—Strength Without Structure

This is illustrated by Charlie turning crew members into nothingness when they anger him.

Charlie is gifted with tremendous abilities but lacks any ethical framework or boundaries. This is a vivid metaphor for what happens when individuals inside an organization gain influence or access without training or accountability. Think of an unmonitored executive with access to financial controls or an engineer with override access but no compliance training—a ticking time bomb.

2. Training and Supervision—It’s Not Optional, It’s Essential

This is illustrated by Kirk’s attempt to guide Charlie and his later regret at not recognizing the full scope of the risk.

Charlie’s guardianship was left to chance, with no proper onboarding and no safety protocols. Sound familiar? In corporate compliance, onboarding isn’t just about day one—it’s about culture shaping. Organizations must ensure that individuals with a higher risk potential receive both guidance and oversight from the outset.

3. Unpredictable Behavior and Ethical Culture—From Red Flag to Alarm Bell

This is illustrated by Charlie’s mood swings and escalating aggression, which are repeatedly ignored until it’s too late.

The crew notices early signs, such as jealousy and possessiveness, but tolerates them. This reflects the real-world danger of brushing off early signs of a toxic culture. A strong compliance function identifies behavioral red flags before they escalate into corporate crises.

4. Communication and Escalation Protocols—Say Something, Do Something

This is illustrated by Janice Rand’s discomfort and unease around Charlie, which she initially tries to manage on her own.

Rand’s growing fear underscores the difficulty of speaking up, especially when someone powerful appears to be protected. Her reluctance reminds us that a speak-up culture is not automatic. Companies must establish genuine channels for complaints, empower employees to utilize them, and respond promptly and transparently.

5. Crisis Management—Too Late is Still Too Late

This is illustrated by the crew’s loss of control of the Enterprise, which forced alien intervention to remove Charlie.

The crew fails to contain the situation internally. It takes external, godlike beings to restore order—a cautionary tale for compliance leaders. If a company waits until the crisis has gone public or regulatory bodies step in, internal credibility is lost. Crisis planning and early intervention are crucial in protecting the organization before outside authorities are required to intervene.

Final ComplianceLog Reflections

Charlie X reminds us that power without oversight is perilous, that emotional and psychological health must be part of our compliance focus, and that red flags must not be ignored simply because they come wrapped in charm or vulnerability. Compliance is not simply about policies, procedures, or even rules but rather readiness, responsiveness, and respect for the human element.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Man Trap: Salt Vampires, Soft Controls, and the Price of Inaction

Today, we consider the Star Trek: TOS episode “The Man Trap,” which aired on June 3, 1969, Star Date 5298.5. We mine it for compliance and leadership lessons.  We begin by beaming down to Planet M113 with Captain Kirk and crew to uncover the compliance and leadership lessons buried in the salt-thirsty narrative of The Man Trap. This first-aired Star Trek episode is not simply science fiction; rather, it is a parable for today’s compliance professional. When a creature with the ability to shapeshift into anyone it wants hides among the crew, deception, emotional blind spots, and ethical hesitation threaten the mission’s integrity and the lives aboard the Enterprise.

Story

In this episode, a landing party from the Enterprise beams down to perform an annual checkup of scientist Bob Crater and his wife Nancy, who have lived on the planet M113 for 5 years. Dr. Crater and Nancy appear to be in good health, but Dr. Crater goes out of his way to request an additional salt supply from the Enterprise’s stores. A crewman wanders off and dies under mysterious circumstances. Further tests show that his body is completely devoid of salt.

Scanning the planet’s surface reveals only a single life form, so Spock and Kirk realize that Nancy must have beamed aboard the Enterprise and started searching for her. They question Dr. Crater and learn that Nancy is dead and that her form has been taken over by the planet’s last remaining indigenous creature, which can assume any form and requires salt to live.

Kirk and Spock then beam Dr. Crater aboard the Enterprise, who prevents Kirk from killing the creature (which he still sees as Nancy Crater), and then stands idly by as she begins to drain the salt from Kirk’s body. At this juncture, Spock rushes in and demonstrates to McCoy that the woman attacking Kirk could not be Nancy by striking her repeatedly and forcefully. Nancy does not flinch, sending Spock flying across the room with a single counterblow. When the creature attacks Kirk again, its proper alien form is revealed, and Bones kills it with a phaser, even after it reverts to Nancy’s form.

Key highlights:

1. Compliance and Leadership Lessons – The Cost of Denial

Key Scene—Dr. Crater’s refusal to acknowledge the danger posed by the creature impersonating his wife, Nancy.

Leadership is about difficult truths, not convenient fantasies. Dr. Crater’s emotional attachment blinds him to reality, echoing the risks faced when leaders ignore clear signs of compliance breakdowns. Just as he stalls Kirk and enables the creature’s deception, real-world executives who refuse to confront corruption or misconduct endanger the entire ship.

2. Character Dynamics – Trust, Bias, and Team Decision-Making

Key Scene—The landing party’s conflicting views of Nancy—each member sees her differently.

This episode reminds us how biases cloud judgment. The creature manipulates the crew’s perceptions, much like a charismatic fraudster might mislead auditors or compliance officers. Effective compliance teams must cultivate objectivity and challenge assumptions, especially when red flags appear under familiar disguises.

3. Ethical Decision-Making and Vigilance – When Loyalty Becomes Liability

Key Scene—McCoy’s inability to act until it’s almost too late.

McCoy’s emotional paralysis shows the danger of misplaced loyalty in corporate settings. Compliance professionals must prioritize facts over feelings. Only when Spock physically assaults the creature and reveals its true nature does McCoy accept the need for lethal action. It’s a painful but powerful lesson in balancing empathy with professional duty.

4. Storytelling and Visual Branding – Make the Message Memorable

Key Scene—The unforgettable reveal of the creature’s true alien form.

The creature’s transformation is a visual metaphor for uncovering the truth beneath appearances. For compliance programs, this underscores the importance of storytelling, compelling visuals, and emotional engagement. Dry policies don’t stick—memorable messages do. Think of the salt vampire’s final scene as a compliance training module with bite.

5. Balancing Security and Compassion – Don’t Let the Monster in the Room Stay Hidden

Key Scene—The crew’s initial desire to give Nancy space, contrasted with the need for containment.

Compassion is vital, but so is security. The crew’s hesitation to confront “Nancy” creates a vulnerability that costs lives. In corporate compliance, this translates to having the courage to investigate suspicions swiftly and without prejudice. The longer you let a problem impersonate a solution, the greater the risk to your organization

Final ComplianceLog Reflections

As we wrap up this episode, we are reminded that illusions, whether born of nostalgia, bias, or fear, can be deadly in space and in the boardroom. “The Man Trap” teaches us that truth must be pursued with vigilance, that leaders must act decisively in the face of risk, and that compliance is not simply about rules; it is also about readiness.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
FCPA Compliance Report

FCPA Compliance Report: Matt Ellis on Cartels, FTO Risk, and Corporate Compliance in Latin America

In this episode, Tom Fox welcomes Matt Ellis of Miller & Chevalier about the ACI “Cartels, TCOs and Compliance in Latin America” forum (July 20–21, Washington, DC) and why cartel/TCO/FTO risk is a timely 2026 compliance priority.

Ellis describes the Trump administration’s focus on cartels, fentanyl, China’s influence, and the expanded enforcement toolkit—FCPA guidance linking to cartel activity, sanctions, AML actions (including FinCEN orders against Mexican financial institutions), and cartel FTO designations implicating the Anti-Terrorism Act. They discuss how cartels infiltrate supply chains, creating “material support” exposure, and why due diligence must go beyond traditional screening to on-the-ground intelligence and nuanced red flags. Ellis notes government interest in compliance expectations, extortion-payment considerations, the Lafarge/ISIS example, anticipated investigations, broader regional risk (Mexico, Venezuela, Colombia, Brazil), and increased multi-agency coordination and potential dialogue with U.S. authorities.

Key highlights:

  • Why This Conference Now
  • Due Diligence Goes Deeper
  • Extortion and Self-Reporting
  • Beyond Mexico Regional Risks
  • Whole-of-Government Focus
  • When to Engage Government

Resources:

Cartels, TCOs and Compliance in Latin America, July 20-21

Matt Ellis on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 1 – Compliance Lessons from The Man Trap

In this episode of Trekking Through Compliance, we examine “The Man Trap,” which aired on September 8, 1966, at Star Date 1515.1.

A landing party from the Enterprise beams down to perform an annual checkup of scientist Bob Crater and his wife, Nancy, who have lived on the planet M113 for 5 years. Dr. Crater and Nancy appear to be in good health, but Dr. Crater goes out of his way to request an additional salt supply from the Enterprise’s stores. A crewman wanders off and dies under mysterious circumstances. Further tests show that his body is completely devoid of salt.

Scanning the planet’s surface reveals only a single life form, so Spock and Kirk realize that Nancy must have beamed aboard the Enterprise and start searching for her. They question Dr. Crater and learn that Nancy is dead and that her form has been taken over by the planet’s last remaining indigenous creature, which can assume any form and requires salt to live.

Kirk and Spock then beam Dr. Crater aboard the Enterprise, who prevents Kirk from killing the creature (whom he still sees as Nancy Crater) and then stands idly by as she begins to drain the salt from Kirk’s body. At this juncture, Spock rushes in and demonstrates to McCoy that the woman attacking Kirk could not be Nancy by striking her repeatedly and forcefully. Nancy does not flinch, sending Spock flying across the room with a single counterblow. When the creature attacks Kirk again, its proper alien form is revealed, and Bones kills it with a phaser, even after it reverts to Nancy’s form.

Key highlights:

1. Compliance and Leadership Lessons—The Cost of Denial

🖖 Illustrated by Dr. Crater’s refusal to acknowledge the danger posed by the creature impersonating his wife, Nancy.

Leadership is about facing difficult truths, not indulging in convenient fantasies. Dr. Crater’s emotional attachment blinds him to reality, echoing the risks faced when leaders ignore clear signs of compliance breakdowns. Just as he stalls Kirk and enables the creature’s deception, real-world executives who refuse to confront corruption or misconduct put the entire organization at risk.

2. Character Dynamics—Trust, Bias, and Team Decision-Making

🖖 Illustrated by the landing party’s conflicting views of Nancy, each member sees her in a different light.

This episode reminds us how biases cloud judgment. The creature manipulates the crew’s perceptions, much like a charismatic con artist might deceive auditors or compliance officers. Effective compliance teams must cultivate objectivity and challenge assumptions, especially when red flags appear under familiar disguises.

3. Ethical Decision-Making and Vigilance—When Loyalty Becomes Liability

🖖 Illustrated by McCoy’s inability to act until it’s almost too late.

McCoy’s emotional paralysis shows the danger of misplaced loyalty in corporate settings. Compliance professionals must prioritize facts over feelings. Only when Spock physically assaults the creature and reveals its true nature does McCoy accept the need for lethal action. It’s a painful but powerful lesson in balancing empathy with professional duty.

4. Storytelling and Visual Branding—Make the Message Memorable

🖖 Illustrated by the unforgettable reveal of the creature’s true alien form.

The creature’s transformation is a visual metaphor for uncovering the truth beneath appearances. For compliance programs, this underscores the importance of storytelling, compelling visuals, and emotional engagement. Dry policies don’t stick—memorable messages do. Think of the salt vampire’s final scene as a compliance training module with a bite.

5. Balancing Security and Compassion—Don’t Let the Monster in the Room Stay Hidden

🖖 Illustrated by the crew’s initial desire to give Nancy space, contrasted with the need for containment.

Compassion is vital—but so is security. The crew’s hesitation to confront “Nancy” creates a vulnerability that costs lives. In corporate compliance, this translates to having the courage to investigate suspicions swiftly and without prejudice. The longer you let a problem impersonate a solution, the greater the risk to your organization.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

The Muppet C-Suite: A Compliance Professional’s Guide to Culture, Controls, and Chaos Part 4: Animal as Chief Operating Risk Officer: Managing Chaos Before Chaos Manages You

This week we are honoring the return of The Muppets for a 2026 Special Edition. I thought it would be fun to look at business leadership teams through the lens of The Muppets. Every compliance professional has worked with a Kermit, managed a Piggy, worried about a Gonzo, or tried to contain an Animal. Today, we conclude by looking at The Animal problem. This series has used the Muppet executive team as a framework to explore leadership, governance, innovation, operational risk, and corporate compliance through the lens of the DOJ’s Evaluation of Corporate Compliance Programs and modern governance expectations.

Every organization has an Animal. Sometimes it is a person. Sometimes it is a business unit. Sometimes it is a revenue stream so profitable that leadership stops asking difficult questions. But every organization eventually encounters a force that is energetic, productive, volatile, difficult to control, and capable of creating enormous operational damage if left unmanaged. That is Animal.

As Chief Operating Risk Officer, Animal represents a truth many organizations struggle to confront: the greatest operational risks are often tolerated because they generate short-term success. An animal is loud, destructive, impulsive, emotional, and frequently one bad day away from catastrophe. Yet he is also highly effective in the environment for which he was designed. He brings energy, intensity, speed, and momentum.

The problem is not that Animal exists. The problem is when the organization mistakes unmanaged volatility for sustainable performance. That is where compliance, governance, and operational discipline become critical.

Operational Risk Rarely Arrives Quietly

One of the most dangerous assumptions organizations make is that operational failure arrives gradually and predictably. Often, it does not. Operational breakdowns tend to emerge after warning signs have already been normalized:

  • repeated policy exceptions,
  • constant escalation failures,
  • excessive workload pressure,
  • ignored complaints,
  • control fatigue,
  • unmanaged third parties, and
  • and high-performing employees who are allowed to operate outside established expectations.

Animal embodies this normalization problem perfectly. Everyone knows he is dangerous. Everyone knows he is unpredictable. Everyone knows he creates operational instability. Yet the organization repeatedly tolerates the behavior because the show benefits from his energy. This is how many operational crises develop in real organizations. The issue is rarely ignorance. The issue is tolerance.

The Compliance Challenge of High-Performing Risk Creators

One of the DOJ’s most important compliance questions is whether organizations apply discipline consistently, regardless of title, status, or revenue generation. That sounds straightforward. In practice, it is extraordinarily difficult. Organizations routinely create informal exceptions for:

  • top producers,
  • senior executives,
  • innovative teams,
  • politically connected employees, and
  • and operational leaders are perceived as indispensable.

An animal represents this exact governance problem. A mature compliance program recognizes that unmanaged high performers create enterprise risk because they gradually teach the organization that controls are optional for the “right” people. Once that message spreads, culture deteriorates quickly. Employees notice:

  • who gets exceptions,
  • whose misconduct is ignored,
  • whose violations are minimized, and
  • and whether leadership consistently enforces standards.

That is why operational risk is deeply connected to culture. Operational instability rarely begins with a single process failure. It usually begins with accountability failure.

Animal and the Failure of Escalation

Perhaps the most dangerous thing about Animal is not his volatility. The organization tends to underestimate the seriousness of the risk until after damage occurs. This reflects a common corporate governance problem: escalation fatigue. Over time, organizations become accustomed to recurring dysfunction:

  • “That is just how he operates.”
  • “That team is always difficult.”
  • “They are under pressure.”
  • “The business results justify the headaches.”
  • “We can manage around it.”

Those statements are operational-risk warning signs. A mature compliance program must create escalation structures capable of identifying:

  • repeated near misses,
  • recurring control failures,
  • cultural deterioration,
  • operational shortcuts, and
  • and conduct risks before they evolve into crises.

An animal should not require an explosion before leadership intervenes. Unfortunately, many organizations wait for exactly that moment.

Root Cause Analysis Matters

When operational failures occur, organizations often focus immediately on the visible event:

  • the failed transaction,
  • the misconduct,
  • the regulatory inquiry,
  • the system failure, and
  • or the public embarrassment.

But effective governance requires deeper analysis. The ECCP specifically emphasizes root cause analysis because sustainable remediation depends on understanding why the failure occurred in the first place. With Animal, the obvious answer might be: “Animal lost control.”

But the real questions are:

  • Why was the risk tolerated repeatedly?
  • Why were escalation signals ignored?
  • Why were controls insufficient?
  • Why did leadership normalize the volatility?
  • Why were prior incidents dismissed as isolated?

Those questions move the organization from blame to governance. A mature compliance function should always ask whether operational failure reflects:

  • incentive problems,
  • leadership failures,
  • staffing pressures,
  • inadequate oversight,
  • resource constraints, and
  • or cultural normalization of misconduct.

Without root cause analysis, organizations simply reset the stage for the next crisis.

Speak-Up Culture and Operational Risk

Animal also highlights the importance of a culture of speaking up. In many organizations, employees recognize operational risk long before leadership does. The problem is that employees often conclude:

  • raising concerns changes nothing,
  • leadership already knows,
  • retaliation risk is too high,
  • or operational pressure outweighs ethical concerns.

That silence becomes dangerous. The DOJ increasingly expects organizations to maintain effective reporting channels, anti-retaliation protections, and meaningful investigative response mechanisms. But a speak-up culture is not merely a hotline issue. It is a credibility issue. Employees must believe:

  • concerns will be heard,
  • escalation will occur,
  • retaliation will not be tolerated,
  • and leadership is willing to intervene even when operational performance is affected.

In Animal’s world, the organization often appears resigned to the chaos. That resignation is itself a governance failure.

Crisis Management Is a Governance Discipline

Animal is also a reminder that crisis management is not public relations. It is governance under pressure. Operational crises test:

  • leadership credibility,
  • escalation systems,
  • internal communication,
  • decision-making discipline,
  • documentation quality, and
  • and organizational resilience.

Strong organizations prepare for operational disruption before it occurs. That means:

  • crisis-management protocols,
  • escalation matrices,
  • tabletop exercises,
  • communication plans,
  • cross-functional coordination, and
  • and clear authority structures.

Animal should never be the organization’s first operational surprise.

Yet many companies operate as though volatility itself is unpredictable when, in reality, warning signs existed for months or years. The question is whether leadership chose to recognize them.

Control Fatigue Is Real

One of the most overlooked operational risks is control fatigue. When organizations operate under constant pressure, employees gradually begin bypassing safeguards:

  • approvals become rushed,
  • documentation becomes incomplete,
  • exceptions become routine,
  • monitoring weakens,
  • and oversight becomes reactive instead of preventive.

Animal accelerates this dynamic because his operational style rewards speed and intensity over discipline and sustainability. That creates a dangerous cycle:

  1. pressure increases,
  2. controls weaken,
  3. near misses increase,
  4. normalization expands, and
  5. and eventually failure becomes inevitable.

A mature compliance program continuously monitors for this pattern because operational collapse rarely occurs without warning.

5 Key Takeaways for the Compliance Professional

1. Operational risk is often tolerated because it produces results.

Organizations must resist creating informal exceptions for high-performing but destabilizing individuals or business units.

2. Escalation failures are early warning signs.

Repeated policy exceptions, ignored concerns, and normalized dysfunction frequently precede major operational breakdowns.

3. Root cause analysis is essential for sustainable remediation.

Organizations should investigate not only what failed, but why leadership and controls allowed the failure to persist.

4. Speak-up culture directly affects operational resilience.

Employees must trust that concerns will be heard, investigated, and acted upon without retaliation.

5. Crisis management is a governance function.

Effective organizations prepare for operational disruption through planning, escalation structures, monitoring, and cross-functional coordination.

The Final Governance Lesson

Across this series, Kermit, Piggy, Gonzo, and Animal together represent the four forces constantly shaping corporate governance:

  • leadership,
  • reputation,
  • innovation,
  • and operational risk.

The lesson is not that organizations should eliminate strong personalities, ambition, experimentation, or intensity. The lesson is that mature governance recognizes these forces early and builds systems capable of channeling them responsibly.

Kermit provides stability.

Piggy creates visibility.

Gonzo drives innovation.

Animal tests the strength of operational controls.

Every organization contains all four. The real question for compliance professionals is whether the governance structure is strong enough to keep the theater standing when all four are operating at the same time. Because eventually, they will be.

Long Live The Muppets

Categories
Blog

The Muppet C-Suite: A Compliance Professional’s Guide to Culture, Controls, and Chaos Part 3: Gonzo as Chief Innovation Officer: Innovation Without Governance Is Just Operational Risk

This week we are honoring the return of The Muppets for a 2026 Special Edition. I thought it would be fun to look at business leadership teams through the lens of The Muppets. Every compliance professional has worked with a Kermit, managed a Piggy, worried about a Gonzo, or tried to contain an Animal. This series uses the Muppet executive team as a framework to explore leadership, governance, innovation, operational risk, and corporate compliance through the lens of the DOJ’s Evaluation of Corporate Compliance Programs and modern governance expectations.

Every company eventually hires a Gonzo. Not literally, of course. But every organization eventually encounters someone who believes the limits of the possible are merely suggestions waiting to be ignored. That is Gonzo. He is creative, fearless, experimental, unconventional, and absolutely convinced that launching himself out of a cannon remains a reasonable business strategy despite overwhelming evidence to the contrary. Naturally, he becomes the Chief Innovation Officer.

At first glance, Gonzo appears to represent innovation at its most dangerous. He ignores procedure, embraces uncertainty, and treats risk as entertainment. But beneath the chaos sits a lesson that modern compliance professionals urgently need to understand: innovation itself is not the problem. The problem is innovation without governance.

That distinction matters enormously in today’s corporate environment, where organizations face relentless pressure to adopt the following:

  • artificial intelligence,
  • automation,
  • advanced analytics,
  • digital transformation,
  • agentic AI, and
  • and emerging technologies that often evolve faster than governance structures can respond.

In other words, many organizations are currently operating inside a large-scale Gonzo experiment.

Gonzo Represents Innovation Pressure

One overriding instinct: pushing boundaries drives Gonzo. That instinct exists in virtually every modern enterprise. Boards demand innovation. Investors reward disruption. Executives fear being left behind by competitors. Product teams move quickly. Technology leaders promise transformation. Vendors insist their tools are revolutionary. The result is predictable: governance often lags behind implementation.

This is exactly the environment the DOJ’s ECCP increasingly expects organizations to manage. Prosecutors now ask whether compliance programs can identify and respond to evolving risks. They also ask whether organizations adequately understand the technologies they deploy and the risks those technologies create. In practical terms, the government is asking:

Do you know where your Gonzos are? ”Many organizations do not.

The Problem Is Not Innovation. It Is Uncontrolled Innovation.

Too many compliance discussions frame governance and innovation as opposing forces. That is incorrect. Good governance should enable innovation by allowing organizations to experiment responsibly. The objective is not to stop Gonzo from inventing new things. The objective is preventing Gonzo from accidentally detonating the theater during testing. This distinction becomes critical in AI governance.

Consider what often happens inside organizations:

  • business units adopt generative AI tools without approval,
  • employees upload sensitive data into external systems,
  • procurement bypasses security reviews,
  • automated decision systems are deployed without testing,
  • vendors market “AI-powered” solutions nobody fully understands,
  • and leadership assumes innovation itself justifies the risk.

That is not a transformation. That is unmanaged operational exposure. Gonzo would absolutely deploy experimental AI tools without reading the documentation. He would also enthusiastically demonstrate them during a live performance before anyone completed legal review. Many companies are doing exactly that right now.

Shadow AI Is the Modern Gonzo Problem

One of the most significant emerging governance risks is shadow AI: technology adoption occurring outside formal oversight structures. This happens because innovation pressure rarely waits for policy development. Employees want efficiency. Business units want speed. Executives want results. Vendors promise a competitive advantage. Eventually, someone says:

“We cannot afford to fall behind.”

At that point, governance often becomes reactive rather than proactive. The compliance challenge is not preventing experimentation. It is creating governance structures that enable safe experimentation. This is why mature AI governance programs increasingly rely on:

  • approved use-case inventories,
  • risk-tiering frameworks,
  • data-governance protocols,
  • human oversight requirements,
  • testing standards,
  • escalation procedures,
  • and continuous monitoring.

Or, stated differently:

Someone needs to verify whether Gonzo’s cannon is aimed at the audience.

Innovation Requires Documentation

One of Gonzo’s defining traits is enthusiasm without paperwork. That creates a governance problem. The ECCP repeatedly emphasizes documentation, testing, continuous improvement, and evidence-based compliance. Organizations must demonstrate not merely that policies exist, but that controls operate effectively in practice.

Innovation functions often struggle here because innovation culture tends to prioritize speed over documentation. This creates dangerous blind spots:

  • unclear accountability,
  • undocumented approvals,
  • undefined ownership,
  • missing testing records,
  • inconsistent monitoring,
  • and inadequate escalation procedures.

If the organization cannot explain:

  • why a technology was adopted,
  • who approved it,
  • how risks were assessed,
  • what controls exist,
  • and how effectiveness is monitored,

Then the organisation does not truly govern the technology. It merely hopes for the best. Hope is not a control.

Gonzo and the Myth of the Brilliant Exception

Another important compliance lesson emerges from Gonzo’s personality itself. Organizations often tolerate elevated risk from highly creative or high-performing individuals because leadership perceives them as uniquely valuable. This is a dangerous governance instinct.

Every major corporate failure eventually contains some version of:

  • “We assumed he knew what he was doing.”
  • “Nobody wanted to challenge the innovation team.”
  • “They moved too fast for the controls.”
  • “The business results were too good to slow down.”

In many organizations, innovation teams become culturally insulated from oversight because questioning them appears anti-progress or anti-growth. That is precisely when governance becomes most necessary. The role of compliance is not to suppress innovation. It is to ensure innovation remains accountable to the enterprise.

Gonzo should absolutely continue inventing things. But somebody must still ask:

  • Was the system tested?
  • Is the data reliable?
  • Who owns the risk?
  • What happens if the model fails?
  • Is there human oversight?
  • Can we explain the outcome?

Those questions are not barriers to innovation. They are what keep innovation from becoming litigation.

Continuous Monitoring: The “Day Two” Problem

One of the most overlooked governance failures occurs after deployment. Organizations frequently focus intensely on implementation but pay far less attention to ongoing monitoring. Yet most technology risks emerge over time through:

  • model drift,
  • scope expansion,
  • vendor changes,
  • data degradation,
  • user workarounds,
  • and control fatigue.

Gonzo perfectly represents this problem because he rarely revisits prior experiments. Once the cannon fires, he is already planning the next stunt. Modern compliance programs cannot operate that way. AI governance, digital governance, and innovation oversight require “Day Two” discipline:

  • continuous testing,
  • ongoing review,
  • updated risk assessments,
  • incident reporting,
  • and remediation protocols.

The question is not merely: “Did the innovation work? ”The real question is:

Does the control environment still work six months later? ”That is where mature governance separates itself from performative governance.

The Board’s Role in Innovation Governance

Boards increasingly face direct oversight expectations regarding technology and innovation risk. That means directors should ask:

  • Do we have formal AI governance?
  • Who owns innovation risk?
  • How are emerging technologies reviewed?
  • What testing standards exist?
  • How do we monitor ongoing performance?
  • What happens when innovation conflicts with compliance requirements?
  • How quickly can issues be escalated?

These questions are no longer theoretical. Regulators increasingly expect boards and senior leadership to demonstrate understanding of operational technology risk, especially where AI, automation, or sensitive data are involved. In governance terms, the age of “let the technology team handle it” is over.

5 Key Takeaways for the Compliance Professional

1. Innovation is not the enemy of compliance.

The real risk is innovation that operates outside governance structures, documentation, and accountability.

2. Shadow AI creates significant operational exposure.

Organizations must identify and govern unauthorized or poorly supervised technology adoption.

3. Documentation is a governance control.

If an organization cannot explain how a technology was approved, tested, monitored, and governed, it does not truly control the risk.

4. High-performing innovators still require oversight.

Organizations should not exempt innovation teams from compliance expectations because they generate results or move quickly.

5. Governance continues after deployment.

Continuous monitoring, testing, escalation, and remediation are essential to managing evolving technology and innovation risk.

From Gonzo to Animal

Gonzo teaches compliance professionals that innovation creates risk when governance cannot keep pace with experimentation. But there is another danger waiting behind the pressure to innovate: the normalisation of unmanaged operational chaos. That is where Animal enters the story.

Because eventually every organization encounters a moment when high-energy operational risk stops being an exception and starts becoming part of the culture itself. In Part 4, we will examine Animal as Chief Operating Risk Officer and what he teaches compliance professionals about operational volatility, escalation failures, crisis management, and the dangers of unmanaged high performers.

Categories
AI Today in 5

AI Today in 5: May 27, 2026, The Clock is Ticking Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. AI leading to revenue for compliance. (StartUpHub.ai)
  2. ECB says the clock is ticking for bank cybersecurity. (FinExtra)
  3. AI reshaping the healthcare C-Suite. (Modern Healthcare)
  4. Vertical AI is winning the compliance race. (FinTech Global)
  5. Spotify advocates for AI-generated music. (FT)

For more information on the use of AI in compliance programs, Tom Fox’s new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out Tom’s latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.