Tag: culture

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 2 – Dracula’s Compliance Secrets: What Lurks in the Night

Welcome to a special series of Popcorn and Compliance. In this series, we will be looking at the Classic Universal Monster Movies from the 30s and 40s and mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this episode, Tom explores critical compliance insights drawn from Bela Lugosi’s portrayal of Dracula.

Tom dives into five key compliance lessons: the dangers of third-party relationships, the subtle power of influence, the risk hidden in shadows, the importance of cultural awareness, and the perils of complacency. By drawing parallels between Dracula’s methods and modern compliance challenges, the episode underscores the need for rigorous due diligence, continuous monitoring, and a proactive mindset in risk management.

Key highlights:

  • Exploring Count Dracula’s Compliance Lessons
  • Third Parties: Your Greatest Risk
  • The Power of Influence
  • Risk Hides in the Shadows
  • Cultural Blindness Increases Vulnerability
  • Complacency Enables Catastrophe

Resources:

Compliance Lessons from Bela Lugosi’s Dracula on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Culture Crafters

Culture Crafters – Ethics Culture Divide, Part 1 – The Critical Connection Between Culture and Ethics in Organizations

In this first episode in a 3-part series of podcasts, Tom Fox and Sam Silverstein discuss the critical divide in companies around Ethics and Culture. This 3-part series is based on data from a national survey of over a thousand people, highlighting the divide between high and low-performing companies in terms of ethics. Key topics in this episode include the relationship between accountability and responsibility, the leader’s role in setting an ethical tone, and the importance of regularly assessing organizational culture. The discussion also emphasizes the need for leaders to focus on people over processes and the long-term benefits of ethical decision-making.

Key highlights:

  • Survey Insights on Ethics and Culture
  • Defining the Culture-Ethics Connection
  • Accountability vs Responsibility
  • Leadership’s Role in Ethical Culture
  • Pressure to Compromise Values
  • Unintentional Signals in Leadership

Resources:

Sam Silverstein

Sam Silverstein on LinkedIn

Sam Silverstein

The Culture Audit™

Categories
Daily Compliance News

Daily Compliance News: October 3, 2025, The Dictating Culture Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top stories include:

  • Trump wants to dictate US university culture. (Reuters)
  • Cargo firm to leave India due to government extortion. (India Today)
  • LLMs can play a key role in enhancing compliance. (Engineering at Meta)
  • When corruption kills. (CNN)
Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 1 – Frankenstein’s Lab: Five Compliance Lessons: Ambition, Accountability and Organizational Culture

Welcome to a special series of Popcorn and Compliance. In this series, we will examine the Classic Universal Monster Movies from the 1930s and 1940s, mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this first episode of our special 5-part series, we consider compliance lessons drawn from the classic 1931 film ‘Frankenstein,’ starring Boris Karloff.

Exploring Henry Frankenstein’s unchecked ambition and lack of oversight, Tom and his AI co-hosts, Timothy and Fiona, extract five crucial compliance lessons: the necessity of setting boundaries for ambition, the importance of un-delegatable accountability, the profound impact of corporate culture on employee behavior, the need for constant reassessment of emerging risks, and the importance of crisis preparedness. These lessons offer profound insights for today’s professionals on how to navigate modern corporate compliance challenges effectively.

Key highlights:

  • Frankenstein’s Monster: Ambition Without Boundaries
  • The Importance of Oversight and Accountability
  • Corporate Culture and Its Impact
  • Continuous Risk Reassessment
  • Crisis Management: Preparation Over Panic

Resources:

Compliance Lessons from Boris Karloff’s Frankenstein on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Risk Management and the Board: Why Oversight is Now a Strategic Imperative

In today’s business landscape, boards of directors are navigating a storm of risks that would test even the most resilient organizations. This topic was explored in a recent article titled “Risk Management and the Board of Directors.” Geopolitical uncertainty, economic volatility, cybersecurity threats, climate change, and the uncharted waters of generative AI are no longer background noise. They have moved to the front and center in boardrooms. Against this backdrop, risk management has emerged not just as an operational necessity but as a governance and strategic imperative. For compliance professionals, this raises a critical question: what role should the board play in risk management, and how can compliance officers support them in fulfilling that role effectively?

Oversight, Not Management

A crucial distinction must be made: boards are not responsible for managing risk on a day-to-day basis. That responsibility belongs to management. But boards do carry the weight of oversight. This oversight includes monitoring the most significant corporate risk factors, ensuring that appropriate risk systems are in place, and verifying that those systems function in practice.

Think about the Boeing case. Regulators and auditors identified multiple failures in Boeing’s manufacturing controls and safety processes, resulting in devastating reputational and financial consequences that continue to unfold. The lesson is clear. It is not enough for a board to approve a risk framework and then step away. Boards must oversee, probe, and confirm that those frameworks are embedded in operations across the enterprise.

Compliance officers can support this by providing boards with accurate, timely, and actionable reporting. Minutes, board packets, and oversight documentation are not administrative afterthoughts. They are evidence of diligence that courts, regulators, and investors increasingly scrutinize.

Tone at the Top: Culture as the Foundation

If oversight is the board’s mandate, then culture is the foundation that determines whether risk management succeeds or fails. Boards set the “tone at the top,” and that tone resonates throughout the organization.

Transparency, consistency, and communication are essential. A board that prioritizes ethics, compliance, and stakeholder safety sends a clear message: compliance failures and corner-cutting will not be tolerated. Conversely, when boards tolerate delay or indecision in addressing risks, such as safety lapses, misconduct, or harassment, they erode employee trust, tarnish their reputation, and invite regulatory scrutiny.

Board Readiness in a Dynamic Environment

Boards must prepare not only for the risks they know but for those that are emerging. This means ongoing director training, scenario planning, and recruitment strategies that close knowledge gaps. While no board can house every kind of subject matter expertise, they must know when to bring in advisors, leverage external resources, and engage with stakeholders directly.

A readiness mindset also means anticipating the unexpected. Crisis response plans, covering a range of scenarios from cyberattacks to workplace misconduct, should be in place and regularly tested to ensure their effectiveness. Compliance leaders should be part of these conversations, ensuring that prevention, detection, and remediation are embedded into strategy, not bolted on as afterthoughts.

Investors, regulators, and even the courts of Delaware are sharpening their focus on board-level risk oversight. The Caremark line of cases continues to set a high bar, but boards that fail to engage in good faith with core risks run the risk of liability. Compliance officers can help directors demonstrate that their oversight is active, engaged, and documented.

Practical Recommendations for Compliance Professionals

What does this mean for compliance officers working with boards? Here are four takeaways:

1. Provide Clear, Actionable Risk Reporting

Boards cannot oversee what they cannot see, and too often, directors are presented with overwhelming data that obscures the real risks. Compliance should deliver reporting that distills information into clear, concise insights, showing not just what happened but why it matters. The most effective reports highlight trends, identify root causes, and directly connect risks to business strategy, enabling the board to act with confidence.

2. Integrate Oversight into Strategy

Compliance risk management should never be treated as an afterthought, bolted onto the business after decisions are made. Instead, compliance officers must help boards see how compliance oversight is deeply intertwined with growth, innovation, and operational resilience. By linking compliance considerations to strategy, compliance becomes a driver of sustainable success rather than a box-checking obligation.

3. Focus on Emerging Risks

Generative AI, biodiversity loss, and geopolitical fragmentation are no longer distant or theoretical; instead, they are reshaping risk landscapes as we speak. Boards need compliance officers to translate these complex issues into practical implications before they escalate into crises that erode value and reputation. A forward-looking compliance function enables directors to anticipate threats, allocate resources effectively, and avoid being blindsided.

4. Reinforce Culture and Ethics

Tone at the top must resonate throughout the organization, and compliance is the bridge that connects board-level values to everyday business practices. Compliance officers can help embed cultural expectations by weaving red flags, lessons learned, and behavioral standards into training, communications, and accountability structures. When done well, this alignment ensures that ethical behavior is not aspirational but operational, lived out across all levels of the enterprise.

Why It Matters Now

The expectations for board-level risk oversight are higher than ever. Regulators want evidence that boards are engaged. Courts are scrutinizing oversight failures with fresh vigor. Investors are pressing for transparency on ESG, cyber, and DEI risks. And employees, your most important stakeholders, expect boards to prioritize safety, inclusion, and integrity.

For compliance professionals, this creates both a challenge and an opportunity. The challenge is to help boards stay ahead of complex risks in an environment of constant change. The opportunity is to elevate the compliance function as a strategic partner in governance, resilience, and corporate integrity.

Final Thoughts

Risk management is no longer just an operational function; it has become a strategic imperative. It is a governance issue that sits squarely in the boardroom. Boards do not need to manage risk, but they must actively oversee it, document their oversight, and ensure that culture and strategy align with risk management systems.

As compliance professionals, we are uniquely positioned to support this mandate. We provide the frameworks, reporting, and insights that help boards meet their obligations and protect the enterprise. In doing so, we not only maintain compliance but also enhance resilience, protect reputation, and foster trust with stakeholders.

The message is clear: oversight is not optional, culture is not cosmetic, and preparation is not a luxury. For today’s boards and for the compliance professionals who advise them, risk management is a strategic imperative that can no longer be ignored.

Categories
Culture Crafters

Culture Crafters – Building Accountability for Crisis Management

In this episode, the third part of a 3-part series of podcasts, Tom Fox and Sam Silverstein discuss how to build Accountability for Crisis Management. In this concluding Part 3, Tom and Sam discuss the importance of fostering a culture of accountability, particularly in times of disaster. Drawing on personal experiences of natural disasters, they explore the differences between proactive and reactive approaches to crisis management. Key takeaways include the necessity of auditing organizational crisis readiness, continuous leadership training, and integrating accountability into day-to-day operations. The episode underscores the significance of accountability in promoting trust, resilience, and effective communication within organizations. Practical steps for empowering employees and handling difficult conversations during crises are also covered.

Key highlights:

  • Proactive vs. Reactive Accountability
  • Steps to Implement Accountability in Crisis Management
  • The Importance of Culture Audits
  • Handling Difficult Conversations with Empathy
  • Empowering Employees Through Accountability

Resources:

Sam Silverstein

Sam Silverstein on LinkedIn

Sam Silverstein

The Culture Audit™

Categories
Compliance Into the Weeds

Compliance into the Weeds: Examining the Impact of Reducing Middle Management on Corporate Culture

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss the implications of reducing the number of middle managers in corporate America.

Kelly’s blog post, inspired by a Wall Street Journal article, serves as the foundation for a broader discussion on how the reduction of managers impacts corporate culture, employee dynamics, and compliance programs. They explore the reasons behind this trend, such as the desire for agility or cost-cutting, and its effects on communication, institutional knowledge, and the role of compliance officers. They also explore potential solutions, including the use of AI, enhanced training, and adaptive compliance strategies, to mitigate the risks associated with fewer middle managers.

Key highlights:

  • Corporate America’s Managerial Shift
  • Implications for Corporate Culture
  • AI and Compliance Solutions
  • Institutional Knowledge and Risks
  • Compliance Takeaways and Final Thoughts

Resources:

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred the Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Great Women in Compliance

Great Women in Compliance – Navigating Risk, Culture, and Compliance with Teri Cotton Santos

✨ New Episode Alert! ✨

On this special episode of #GWIC, guest host Ellen Hunt talks with the incredible Teri Cotton Santos, Chief Compliance Officer at Phillips 66.

Teri shares her inspiring journey—from serving as General Counsel in Asia at Eli Lilly to leading compliance at HF Sinclair, and now shaping the culture of ethics and compliance at Phillips 66.

🔑 Key takeaways from this conversation:

  • Why trust is the foundation of every effective compliance program
  • How to integrate risk, ethics, and strategy to create impact
  • Lessons in resilience and resourcefulness when leading with limited resources
  • Building compliance programs that are truly fit-for-purpose and built to scale
  • The growing importance of data, technology, and behavioral science in compliance work

Teri also reflects on #leadership, #mentorship, and the power of community in the compliance profession.

🎧 Tune in for an honest, thoughtful, and inspiring discussion about leading with purpose and integrity in today’s evolving regulatory environment.

🔗 Sponsored by Corporate Compliance Insights

#Compliance #Leadership #WomenInCompliance #GreatWomenInCompliance #Ethics #Trust

Categories
Compliance Into the Weeds

Compliance into the Weeds: Unpacking the University of Michigan Football Scandal: Compliance and Consequences

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss the recent University of Michigan football scandal.

They draw parallels to the infamous 2017 Houston Astros sign-stealing incident and examine the numerous compliance failures within Michigan’s football program. Highlighted issues include impermissible scouting, leadership failures by Jim Harbaugh, marginalization of the compliance function, and the NCAA’s ineffective enforcement. The conversation highlights crucial lessons for corporate compliance, emphasizing the importance of documentation, intern training, cooperation in investigations, and maintaining robust enforcement actions.

Key highlights:

  • Michigan Football Scandal Overview
  • Impermissible Scouting and Violations
  • Leadership Failures and Compliance Issues
  • NCAA’s Toothless Enforcement
  • Comparisons to Corporate Compliance
  • Lessons for Compliance Officers

Ed. Note: Tom Fox has written a 5-part blog post series on the UM Cheating Scandal. It will be posted each day this week. You can view the full series on his blog, the FCPA Compliance and Ethics Blog.

Resources :

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast.

Categories
Blog

UM Cheating Scandal Part 2: A Culture at War With Compliance

In August 2025, the NCAA released its long-awaited Report on infractions committed by and for the University of Michigan football program. For compliance professionals, this case should be viewed not merely as a college sports story but as a case study in organizational misconduct, leadership failure, and cultural breakdown. Just as an FCPA enforcement action lays bare how companies slip into non-compliance, this NCAA decision reveals how one of the country’s premier football programs allowed systemic misconduct to flourish.

In Part 1 of this series, we looked at the factual background of the University of Michigan football program’s NCAA infractions case: the impermissible scouting scheme, recruiting inducements, failures to cooperate, and the repeat violator status that ultimately sealed the program’s fate. But if the facts explain what happened, they do not explain why it happened. So today, in Part 2, we consider the lack of a culture of compliance inside Michigan football.

The “why” lies in culture. And here, the NCAA’s decision is crystal clear: Michigan’s football program did not have a culture of compliance. The compliance office existed, it was well-resourced, and a respected Chief Compliance Officer staffed it. Yet the football program treated compliance as a nuisance, an adversary, even an enemy. For compliance professionals, this is where the story gets interesting. Because in sports, as in business, culture eats policy for breakfast.

The Adversarial Relationship with Compliance

The NCAA decision describes a “contentious relationship” between Michigan football and the university’s compliance office. Staff members regularly dismissed or mocked compliance staff. One recruiting staffer went so far as to describe them in a text message as “true scum of the earth.” Others referred to compliance as “roadblocks” or even “shitty at their jobs.” Indeed, UM’s Chief Compliance Officer herself acknowledged that she was “perceived as a thorn in [Harbaugh’s] side.” Even the athletic director noted the “tension” he observed between the two offices.

For any corporate compliance officer, this picture may sound all too familiar. You have a respected compliance function, staffed by experienced professionals, but the business unit sees them as the enemy. Compliance is viewed not as a partner but as an obstacle. When that perception takes hold, it is only a matter of time before rules are ignored, controls are bypassed, and misconduct proliferates.

Willful Blindness and “Not Wanting to Know”

The culture in Michigan football was not simply adversarial; it was deliberately blind. Regarding Connor Stalions’ elaborate signal-stealing scheme, multiple staffers admitted that “no one really cared how you got it done as long as you got it done.” A student-athlete noted that the staff “went out of their way not to know” what Stalions was up to.

Even when red flags were raised, they were dismissed. One intern reported that Stalions asked him to rent a car under false pretenses. When he brought this up to an Assistant Coach, including concerns about “signal stealing,” he was told the coach “did not want to hear any more about that.” Another coach, confronted by an opponent who accused Michigan of improper sign stealing, relayed the concern internally, only to be met with a shrug and denial.

This is the corporate equivalent of sales teams ignoring whistleblowers who raise concerns about improper payments, or executives waving away red flags because they don’t want to know. It is the textbook definition of willful blindness, a concept the DOJ and SEC regularly cite in enforcement actions.

Excluding Compliance from the Room

The Chief Compliance Officer testified that she and her team were rarely, if ever, invited into football operations by the football staff. Instead, they had to push their way in: “I can’t think of a time when we scheduled a meeting at football’s request. It was pretty much always us saying, hey, we’ve got to get in there, we’ve got to do some education”.

Obviously, this matters, even if only for optics. Compliance cannot be effective if it is excluded from the business. When compliance officers are locked out of meetings, ignored in decision-making, or treated as outsiders, they cannot monitor risks or detect misconduct. In corporate settings, we often see this when compliance is not given a seat at the table in M&A due diligence, sales strategy, or third-party onboarding. The result is predictable: compliance is left to clean up violations after the fact, rather than preventing them in real time.

Interns, Education, and the Forgotten Workforce

One of the most revealing details in the NCAA’s decision involves the interns. Stalions used interns heavily in his scouting scheme. They were instructed to attend games, film sidelines, and even help analyze signals. Some were unsure whether their actions were permissible. The Chief Compliance Officer admitted that Michigan had no targeted compliance education for interns. Here, you can recall HP and its FCPA enforcement action, where a contract employee was unsure how to raise compliance concerns. Interns came and went frequently, making them difficult to track. Compliance training was focused on full-time staff, not on lower-level interns.

Sound familiar? In corporate compliance, we often see companies that train executives but neglect contractors, temporary workers, or third-party agents. Yet these “lower-level” actors usually pose the greatest risks, precisely because they are less trained, less supervised, and more vulnerable to pressure.

The lesson here is straightforward: compliance education cannot stop with senior leaders. It must cascade down to every level of the organization, including temporary staff, contractors, and anyone acting on behalf of the enterprise.

Harbaugh’s Leadership and the Tone at the Top

At the center of all of this was head coach Jim Harbaugh. The NCAA made it clear: “Harbaugh did not embrace responsibility. He and his program had a contentious relationship with compliance, leading coaches and staff members to act, at times, with disregard for the rules”.

This is the compliance officer’s nightmare. When the leader of the organization treats compliance as an adversary, that tone cascades down. Staff pick up on it. Interns internalize it. Even student-athletes understood the message: compliance was not to be welcomed.

Tone at the top is more than a catchphrase; it is the single greatest driver of compliance culture. Regulators from the DOJ to the FCA in the UK emphasize it again and again. Harbaugh’s indifference or worse, hostility, set a tone that made noncompliance not just possible but inevitable.

The Cost of Compliance as “The Enemy”

The Michigan case is a powerful example of the dangers of treating compliance as the enemy. When business units (or in this case, football staff) see compliance as an obstacle, several consequences follow:

  1. Red flags are ignored — because staff fear raising them or believe no one cares.
  2. Compliance staff are marginalized, making it harder to educate or monitor.
  3. Misconduct festers in the shadows — as employees learn that leadership values results over rules.
  4. Investigations are obstructed — because a culture that disrespects compliance has no incentive to cooperate with regulators.

For corporations, the consequences are clear: higher penalties, damaged reputations, and, in some cases, existential crises.

Corporate Parallels: Uber, Wells Fargo, and Beyond

Michigan football’s cultural breakdown is hardly unique. We’ve seen the same dynamic play out in corporate scandals:

  • At Uber, a “growth at any cost” culture led to systemic misconduct and regulatory run-ins.
  • At Wells Fargo, sales culture so dominated compliance that millions of fake accounts were created, even as compliance officers raised alarms.
  • At Odebrecht, a construction giant, compliance existed on paper but was ignored in practice, allowing a global bribery scheme to flourish.

In each case, the lesson was the same: when culture treats compliance as an obstacle, violations become not just likely but inevitable.

The Compliance Officer’s Dilemma

One striking aspect of the NCAA decision is how much it sympathized with Michigan’s Chief Compliance Officer. The panel noted that she was “a well-respected leader in the industry” and that she “did everything she could to promote compliance.” Yet her efforts “were not welcomed. Instead, they were rebuked, dismissed, and disregarded”.

This raises an important question for compliance professionals: what happens when the business refuses to engage? What happens when leadership is openly hostile to compliance?

The DOJ has been clear on this point. It is not enough to have compliance programs that look good on paper. Regulators will ask whether compliance has sufficient stature, resources, and access to management. If compliance is marginalized, companies cannot expect leniency.

Lessons for Corporate Compliance Officers

What should compliance professionals take from Michigan’s cultural breakdown?

  1. Measure culture, not just policies. Policies are necessary, but culture drives behavior. Tools like employee surveys, exit interviews, and hotline trends can help assess whether compliance is trusted or distrusted.
  2. Fight for access. Compliance must be in the room where business decisions are made. If your team is always chasing after the business, you are already behind.
  3. Train the forgotten workforce. Interns, contractors, and agents often do the risky work. Make sure they are trained, monitored, and held accountable.
  4. Escalate leadership failures. If tone at the top is toxic, escalate to the board. Regulators are increasingly holding boards accountable for failing to address cultural risks.
  5. Document resistance. If business leaders are hostile to compliance, document it. This may protect you later and show regulators that the compliance function was not complicit.

Culture Wins Every Time

The Michigan football infractions case demonstrates what happens when compliance is marginalized. The Chief Compliance Officer could not overcome a culture that treated compliance as an enemy. Harbaugh’s tone at the top, combined with willful blindness, ensured that misconduct flourished.

For corporate compliance officers, the lesson is sobering: no matter how good your compliance systems are, culture will win. If leadership sets the wrong tone, compliance will fail.

Join us tomorrow, as we continue this series with Part 3, where we will examine the penalties Michigan received, including fines, suspensions, and probation, and draw lessons on how repeat violations, obstruction, and cultural failure influence sanctioning decisions.