Tag: ECCP

Categories
Blog

Returning to Venezuela: Part 2 – Bribery, Corruption and the Risks You Must Confront Before You Enter

We continue our review of bribery and corruption issues (ABC) that you must address before you travel to Venezuela.  There is another set of problems that every compliance professional will face if their company decides to go into Venezuela. It is systemic corruption. Not episodic corruption. Not bad actors at the margins. Systemic, embedded, institutionalized corruption that touches government agencies, state-owned enterprises, procurement systems, and the judiciary. This is not a theoretical risk. It is the operating environment.

The Department of Justice (DOJ) has made clear in the Evaluation of Corporate Compliance Programs (ECCP) that high-risk jurisdictions require tailored, well-resourced, and empowered compliance programs. Venezuela is the textbook example of why. Over the next several blog posts, we will explore some of the key issues every company and every CCO will face when considering whether to enter (or re-enter) Venezuela. In Part 2, I will consider the second half of the 10 ABC risks a compliance professional will face. Later in this series, we will then consider AML risk, export control and trade sanctions, security risks, and end with operational risks.

In Part 1, we described the corruption environment. In Part 2, we consider what happens when companies actually try to operate inside it. This is where theory meets pressure. We begin our numbers with 6, picking up where we left off yesterday.

6. Extortion Is Not a Defense

In Venezuela, companies are often told, “You have no choice.” Payments are demanded to release cargo, protect personnel, or continue operations, sometimes thinly veiled as “fees” for expedited treatment. Venezuelan law itself recognizes extortion as a corruption offense, in which a public official abuses their position to demand an undue benefit. Under Venezuelan anti-corruption law, extortion (called concussion) carries criminal penalties and fines.

At the same time, U.S. enforcement views participation in extortion as a compliance red flag. While coercion can be a mitigating factor in narrow circumstances under the Foreign Corrupt Practices Act (FCPA) or the Foreign Extortion Prevention Act (FEPA), repeated payments, disguised invoices, or third-party routing create evidence of complicity. Deciding to pay from the field without escalation essentially decides for the company, and compliance will struggle to justify it under an ECCP review. Compliance professionals must define escalation paths, refusal protocols, and clear exit points before any signs of extortion arise. Waiting to decide “in the moment” is too late.

Compliance Response

1. Assessment Controls

  • Identify operational choke points where officials or intermediaries can halt operations, including ports, customs, checkpoints, utilities, and inspections.
  • Assess historical incidents involving detentions, delays, threats, or asset seizure tied to payment demands.
  • Map scenarios where employee safety or operational continuity could be leveraged for improper payments.

2. Management Controls

  • Establish a zero-tolerance policy for extortion payments, with narrowly defined emergency exceptions tied to imminent health or safety threats.
  • Implement pre-approved emergency response protocols for detentions, threats, or seizures.
  • Prohibit third-party routing, recharacterization, or retroactive approval of payments in the context of extortion scenarios.
  • Require contemporaneous documentation of all extortion-related incidents and decisions.

3. Monitoring

  • Track frequency, location, and duration of detentions or operational stoppages.
  • Review off-cycle, urgent, or cash payment requests for patterns.
  • Audit expense categories are commonly used to disguise extortion payments.

4. Board Oversight

  • Where are we most exposed to extortion pressure?
  • How often are emergency exceptions invoked, and are they increasing?
  • At what point do we pause or exit operations rather than continue under pressure?

7. Third Parties as the Primary Corruption Vector

In Venezuela, third parties are the everyday vectors through which corruption pressure crystallizes. Agents, customs brokers, logistics providers, security vendors, and even local fixers frequently serve as the conduit for improper value transfers. These intermediaries claim to navigate Venezuela’s opaque systems, but they also create liability if their actions result in bribery or improper advantage.

Pressure points are endemic and include:

  • Customs clearance: Goods may be held pending unofficial “service fees” or clearance bribes.
  • Port operations: Terminal operators or officials may demand payments for priority access.
  • Transportation: Toleration at checkpoints is often predicated on unofficial payments.
  • Security arrangements: Local guards or militia may demand fees for access or protection.
  • Licensing follow-up: Expediency “services” are offered at a premium.

Third parties promise solutions. They also create liability when their conduct crosses legal lines. Under the ECCP, regulators will ask whether the company understands and monitors how these third parties operate in practice, not just whether it has a diligence checklist. Paper diligence alone is insufficient where pressure is constant, and corruption vectors hide in plain sight.

Compliance Response

1. Assessment Controls

  • Classify third parties by function (customs, logistics, security, licensing), not by spend alone.
  • Identify third parties that interact directly with government officials.
  • Assess compensation structures for success fees, urgency premiums, or discretionary payments.

2. Management Controls

  • Apply enhanced due diligence to high-pressure third-party functions.
  • Require detailed, verifiable scopes of work tied to legitimate services.
  • Mandate compliance approval before onboarding or paying high-risk third parties.
  • Prohibit subcontracting or pass-through arrangements without prior written approval.

3. Monitoring

  • Conduct invoice analytics to identify duplications, rounding issues, urgency issues, or vague descriptions.
  • Monitor third-party performance against contractual scope and deliverables.
  • Review third parties involved in repeated government interactions or escalations.

4. Board Oversight

  • Which third-party functions create the greatest corruption pressure?
  • How do we verify what third parties do in practice?
  • When do we terminate a third-party relationship rather than attempt remediation?

8. Organized Crime and the Blurred Line of “Business”

In Venezuela, organized crime intersects with commerce, logistics, and even parts of the formal economy. Corruption and criminal networks often coalesce in sectors like mining, fuel distribution, and transport infrastructure, where armed groups and informal power structures exercise influence. Some of these networks are intertwined with state actors, and corruption and illicit activity can reinforce one another.

For compliance professionals, this means recognizing when business relationships drift into criminal entanglement. That drift is not always obvious at contract signing. Contracts negotiated under duress or through intermediaries with opaque ownership may conceal criminal activity. Continuous monitoring matters precisely because initial signals are subtle. The line between a vendor and a syndicate can be ecosystem-specific and may manifest in patterns of behavior, unexplained payments, or associations with known corrupt actors.

This is also where AML risk begins to dominate. When organized crime is part of the value network, it is present through smuggling rings, illicit fuel markets, or bribery conduits.  The controls for bribery, AML, sanctions, and export compliance must interlock to detect and escalate suspicious patterns.

1. Assessment Controls

  • Screen vendors and partners for criminal exposure, unusual affiliations, and opaque ownership.
  • Assess whether services operate in sectors known for illicit activity, including fuel distribution, logistics, or private security.
  • Review beneficial ownership structures and local power dynamics.

2. Management Controls

  • Integrate anti-bribery, AML, and sanctions screening for high-risk vendors.
  • Require certifications regarding lawful sourcing, operations, and subcontractors.
  • Prohibit informal arrangements, undocumented services, or side agreements.

3. Monitoring

  • Monitor for cash-intensive activity without commercial justification.
  • Track changes in ownership, management, or operational behavior.
  • Escalate associations with known illicit markets, actors, or criminal networks.

4. Board Oversight

  • How do we detect drift from legitimate commerce into criminal entanglement?
  • What triggers an immediate suspension or exit?
  • Are our controls sufficient to identify concealed criminal exposure?

9. Currency, Pricing, and Manipulation Pressure

Venezuela’s economic distortions, including exchange controls, multiple currency rates, and the scarcity of hard currency, create fertile ground for corruption. Access to U.S. dollars through official channels is tightly controlled, which historically has led companies and intermediaries to engage in schemes to secure foreign exchange at preferential rates. A notable U.S. enforcement action involved a major telecommunications subsidiary that allegedly bribed officials to gain access to a currency auction and disguised corrupt commissions through inflated equipment purchases.

These distortions become more than operational headaches. They create incentives for side payments and off-book arrangements on pricing and contracts. These practices are not just bribery issues. They implicate accounting integrity, financial reporting, AML vigilance, and sanctions exposure. Once money flows lose transparency, whether through inflated vendor invoices, opaque currency conversions, or third-party routing, compliance loses line-of-sight and control. This intersection reinforces why a compliance program must integrate transactional monitoring and financial controls alongside anti-bribery controls to detect anomalies that traditional gift/entertainment policies won’t reveal.

Compliance Response

1. Assessment Controls

  • Identify exposure to foreign exchange approvals, currency scarcity, and pricing discretion.
  • Review historical pricing anomalies or currency-related workarounds.
  • Map payment flows involving third-country or non-standard accounts.

2. Management Controls

  • Enforce strict controls over pricing adjustments and currency conversions.
  • Require joint Finance–Compliance approval for non-standard payment terms.
  • Prohibit side agreements, rebates, or off-book arrangements.

3. Monitoring

  • Monitor invoices for inconsistencies with market pricing.
  • Flag requests for alternative currencies or complex payment routing.
  • Conduct periodic reviews of foreign exchange transactions and pricing deviations.

4. Board Oversight

  • Where do currency controls create the strongest corruption incentives?
  • How do we maintain transparency in pricing and payments?
  • When does financial complexity cross into unacceptable risk?

10. Weak Rule of Law Raises the Stakes

Venezuela’s judiciary and law enforcement institutions are widely seen as politicized, under-resourced, and inconsistent in enforcing anti-corruption laws. Although the Venezuelan legal framework criminalizes extortion, passive and active bribery, and related offenses, enforcement is weak and selective. In practice, companies cannot rely on local remedies to resolve disputes or push back against corrupt demands.

This elevates the importance of internal compliance controls and pre-defined exit strategies. When there is no neutral referee, no reliable government adjudicator, and prevention becomes the only viable protection. It also means that compliance must internalize enforcement risk rather than outsource it to local authorities. A robust compliance program must include strict refusal protocols, incident documentation, real-time monitoring, and clear decision-making boundaries. Without these, companies are exposed to both local corruption risk and U.S. enforcement risk under the FCPA and allied statutes.

Compliance Response

1. Assessment Controls

  • Assume limited availability of neutral local legal remedies.
  • Identify areas where officials exercise unchecked discretion.
  • Assess reliance on informal dispute resolution mechanisms.

2. Management Controls

  • Strengthen internal documentation, approval, and escalation requirements.
  • Define clear walk-away criteria when disputes cannot be resolved lawfully.
  • Require Legal and Compliance review of all high-risk disputes and resolutions.

3. Monitoring

  • Track disputes resolved outside formal legal or contractual processes.
  • Review patterns of repeated “local solutions” or informal settlements.
  • Assess escalation timelines and resolution outcomes.

4. Board Oversight

  • Where are we relying on influence rather than process?
  • How quickly do disputes escalate to senior leadership?
  • When do we exit rather than attempt resolution?

Parts 1 and 2 of this series make clear that bribery and corruption are not peripheral risks in Venezuela. They are the entry conditions. From systemic corruption and PDVSA exposure to extortion, third-party involvement, currency manipulation, and a weak rule of law, each risk compounds the next. For compliance professionals, the lesson is not that Venezuela is impossible, but that it is unforgiving of informal controls, delayed escalation, and weak governance. Elevated risk can be managed only through disciplined assessment, operational controls, continuous monitoring, and engaged board oversight. When corruption becomes operational, however, another risk inevitably follows.

Next in Part 3 of this series, we turn to anti-money laundering, where improper value moves, hides, and metastasizes beyond corruption alone. Bribery is how improper value enters the system. Money laundering is how it moves and hides. Once corruption becomes operational, AML risk becomes unavoidable. Join us tomorrow for Part 3 in our series.

Categories
Blog

Greek Philosophers Week: Part 5 – Euclid and Proving Your Program Is Effective

We conclude our exploration of how ancient Greek philosophers influence compliance and ethics in 2026 and beyond. In this series, we have considered Socrates, Plato, Aristotle, and Pythagoras. Today, we conclude with Euclid.

Pythagoras teaches compliance professionals how to measure, analyze, and detect ethical risk through data, proportion, and pattern recognition. But measurement alone never closes the loop. At some point, regulators, boards, and senior leadership ask a harder question: Can you prove your compliance program actually works? That is where Euclid becomes the natural capstone of this philosophical journey.

Euclid was not concerned with numbers in isolation. He was concerned with structure, logic, definition, and proof. His Elements did not merely describe geometry. It demonstrated how a coherent system is built from first principles, how each part follows logically from the last, and how conclusions are proven rather than asserted. That methodology aligns almost perfectly with modern expectations for compliance program effectiveness under the DOJ Evaluation of Corporate Compliance Programs (ECCP).

If Pythagoras gives compliance professionals the tools to see risk, Euclid shows them how to organize those insights into a defensible, durable system. We also circle back to Hui Chen, the original Corporate Compliance Counsel to the DOJ, who would challenge Chief Compliance Officers (CCOs) and their counsel when they came before the DOJ in settlement negotiations, demonstrating the effectiveness of their compliance programs through data rather than anecdote.

First Principles Are the Foundation of Compliance Credibility

Euclid begins with definitions, axioms, and postulates. He does not assume shared understanding. He defines it. Everything that follows depends on clarity at the start. Many compliance programs struggle precisely because they skip this step. Policies proliferate. Controls multiply. Training expands. Yet foundational questions remain vague. What does ethical behavior actually mean in this organization? What risks are intolerable regardless of business pressure? What decisions require escalation without exception?

The ECCP begins with 3 fundamental questions:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

Throughout the ECCP, the DOJ repeatedly asks whether a compliance program is well designed. That evaluation begins with clarity of purpose and scope. A Euclidean compliance program explicitly defines its terms, principles, and boundaries. Without that clarity, enforcement becomes inconsistent, and explanations to regulators become fragile. In daily operations, this means compliance professionals must insist on precision. Ambiguity is not flexibility. It is a risk.

Logical Structure Is a Compliance Control

Euclid’s brilliance lies in sequencing. Each proposition follows logically from what came before. Nothing is random. Nothing is decorative. The system works because it is internally consistent. Compliance programs often fail this test. Risk assessments do not inform training. Training does not influence monitoring. Investigations do not drive remediation. Each function operates competently, but not coherently.

The ECCP explicitly evaluates whether compliance programs operate as integrated systems rather than as disconnected components, stating, “Ensure the compliance program is well-integrated into the company’s operations and workforce.” Prosecutors want to see feedback loops, escalation pathways, and continuous improvement mechanisms. That is Euclidean thinking applied to compliance. In practice, compliance leaders should be able to explain how a risk moves through the system from identification to mitigation. If that explanation requires hand-waving, the system is not structurally sound.

Proof, Not Assertion, Is the Regulatory Standard

Euclid never asks the reader to trust him. He proves every claim. That lesson may be his most important contribution to modern compliance. Companies often assert that their programs are effective because training is delivered, policies are updated, or hotlines exist. Hui Chen led the charge on this concept when she was the DOJ Compliance Counsel. The ECCP has reiterated Chen’s requirement for evidence, as prosecutors now routinely request proof of effectiveness. How quickly are issues identified? How consistently is discipline applied? How does remediation prevent recurrence?

A Euclidean compliance program is designed to generate proof. Controls are documented. Decisions are recorded. Metrics are reviewed and refined. Effectiveness is demonstrated through data and outcomes, not narrative assurances. This is not about bureaucracy. It is about credibility. When regulators ask how you know your program works, Euclid provides the answer: because the proof is built into the structure.

Precision Enables Fairness and Trust

Euclid’s definitions leave little room for interpretation. In compliance, precision serves a similar function. Clear definitions reduce bias, inconsistency, and resentment. Vague policies create uneven enforcement. Uneven enforcement destroys trust. Employees quickly learn whether rules are real or elastic. The ECCP’s emphasis on consistent discipline reflects this reality. The ECCP states, “Have disciplinary actions and incentives been fairly and consistently applied across the organization?”

Daily compliance operations should therefore prioritize clarity. What constitutes a conflict of interest? What thresholds trigger approval? What timelines govern investigations? Who owns decisions at each stage? Precision protects both the organization and the compliance function. It allows fairness to be demonstrated, not merely claimed.

Systems Must Be Built to Endure

Euclid’s work has endured for more than two millennia because it was built as a system, not a response to a crisis. Compliance programs should aspire to similar durability. Programs that rely on personalities, informal influence, or unwritten norms collapse when leadership changes. The ECCP evaluates whether compliance programs are institutionalized, supported by governance structures, and able to withstand turnover. A Euclidean compliance program embeds ethics into processes, charters, reporting lines, and documentation. Knowledge is transferred. Decisions are repeatable. Improvements are systematic. This durability is not accidental. It is designed.

Why Euclid Completes the Series

Socrates teaches compliance professionals to ask uncomfortable questions. Plato teaches them to design ethical governance structures. Aristotle shows how ethics are lived through habit and judgment. Pythagoras introduces measurement, analytics, and AI. Euclid brings all of it together. He shows how inquiry, governance, behavior, and data become a coherent system that can be explained, defended, and proven. In modern compliance, that is the difference between aspiration and effectiveness.

5 Key Takeaways for the Compliance Professional

1. Compliance programs must be grounded in clear first principles.

Euclid reminds us that systems fail when foundations are vague. Compliance programs should clearly define ethical expectations, risk boundaries, and escalation triggers. The ECCP evaluates whether programs are thoughtfully designed, not merely comprehensive. Clear first principles guide daily decisions, reduce ambiguity, and support consistent enforcement. Without them, controls become reactive, and credibility erodes under scrutiny.

2. Logical integration is a core element of effectiveness.

Disconnected compliance components create blind spots. Euclid teaches that a system works when each part follows logically from the previous one. Risk assessments should drive policies. Policies should inform training. Training should influence monitoring. Investigations should lead to remediation. The ECCP rewards programs that demonstrate this internal logic. Integration is not administrative elegance. It is risk management.

3. Proof of effectiveness must be built into the program.

Assertions no longer satisfy regulators. Euclid’s insistence on proof mirrors the ECCP’s demand for evidence. Compliance programs should be designed to generate data demonstrating timely detection, consistent discipline, and meaningful remediation. When proof is embedded in the system, credibility follows naturally.

4. Precision enables fairness and protects trust.

Clear definitions and thresholds reduce inconsistency and perceived bias. Euclid’s precision offers a model for compliance policies and procedures. The ECCP scrutinizes the fairness of disciplinary proceedings and investigations because trust depends on it. Precision protects employees, managers, and the compliance function alike.

5. Durable compliance programs are designed, not improvised.

Euclid’s work endures because it was built as a coherent system. Compliance programs should aim for the same longevity. Institutionalized governance, documented processes, and structured improvement allow programs to survive leadership changes and regulatory shifts. Durability is a marker of maturity and a signal of seriousness to regulators.

Euclid teaches compliance professionals the final lesson in this series: effectiveness is not claimed. It is demonstrated.

Conclusion

The enduring relevance of the ancient Greek philosophers to modern compliance and ethics lies in their not theorizing in the abstract. They were grappling with the same human pressures that drive misconduct today: power, incentives, rationalization, fear, and convenience. Socrates teaches compliance professionals the discipline of ethical inquiry and the courage to ask uncomfortable questions. Plato shows that values without governance structures are fragile, while Aristotle grounds ethics in habit, judgment, and daily behavior rather than aspiration. Together, they mirror the DOJ’s insistence that effective compliance programs begin with understanding risk, designing systems to manage it, and ensuring those systems operate in practice.

What makes these philosophers especially relevant today is how naturally their ideas align with modern regulatory expectations. Pythagoras anticipates the role of data, analytics, and AI in measuring compliance effectiveness, while Euclid provides the blueprint for structure, precision, and proof that regulators now demand. In an era of complex global operations and heightened enforcement scrutiny, compliance programs succeed or fail based on inquiry, governance, behavior, measurement, and demonstrable effectiveness. The ancient Greeks understood those dynamics long before corporate compliance existed, which is why their lessons remain not only relevant but essential for modern compliance and ethics professionals.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Understanding SFO Guidance and Compliance Program Assessments

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss the recently released Serious Fraud Office (SFO) guidance on compliance programs.

Tom and Matt highlight the SFO’s lack of specific directives and contrast them with more detailed guidance from the United States. The conversation focuses on the ambiguity organizations face in understanding what the SFO looks for in assessing compliance programs and underscores the need for a more holistic, tailored approach to individual circumstances.

Key highlights:

  • Introduction to SFO Guidance
  • Comparing SFO Guidance with US Standards
  • Uncertainty in SFO’s Expectations
  • Holistic Assessment by SFO

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.

Categories
Blog

House of Atreus Week: Part 5 – Orestes and Electra – Breaking the Cycle Through Accountability

Every compliance journey must eventually reach its reckoning —the point at which wrongdoing, however deeply embedded, must give way to accountability. In Greek tragedy, that moment comes with Orestes and Electra, the final heirs of the cursed House of Atreus.

Their story marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It’s not just the end of a tragic dynasty; it’s the beginning of governance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo, moving from reactive crisis management to mature, transparent, and accountable systems of justice.

Today, we conclude our look at lessons from the House of Atreus for the 21st-century compliance profession through a review of my personal favorite, the tragedy of Orestes and Electra. Their tale was memorialized as the final play in Aeschylus’s trilogy The Oresteia, written in the 5th century BC. The Oresteia trilogy consists of three plays: Agamemnon, The Libation Bearers, and The Eumenides. They all discuss the murder of Agamemnon by Clytemnestra, the murder of Clytemnestra by Orestes, the trial of Orestes, the end of the curse on the House of Atreus, and the pacification of the Furies.

The tale of Orestes and Electra marks a transformation, from vengeance to justice, from chaos to order, from curse to compliance. It is not just the end of a tragic dynasty; it is the beginning of governance and compliance. And for the modern compliance professional, Orestes’ journey mirrors the evolution every organization must undergo —from reactive crisis management to mature, transparent, and accountable systems of justice.

In today’s Part 5, we discuss what every compliance practitioner and compliance regime must eventually face. Their journey reaches its reckoning,  the point where wrongdoing, however deeply embedded, must give way to accountability.

The Last Act of the Curse

After Clytemnestra murders Agamemnon, she takes power alongside her lover, Aegisthus. Their rule, built on deceit and blood, becomes yet another chapter in the family’s curse. Orestes and his sister Electra, exiled and grieving, grow up in a world where justice has been replaced by fear and silence.

Years later, Orestes returns to Mycenae with Electra’s encouragement. Together, they plot vengeance, the killing of their mother and her consort, to avenge their father’s murder. The act fulfills the family’s grim legacy: the son kills the mother as the mother killed the father. But Orestes doesn’t find peace. Instead, he’s haunted by the Furies, ancient goddesses who punish those who shed family blood. Tormented and desperate, he seeks sanctuary in Athens, where the goddess Athena establishes the first trial by jury. The Furies prosecute, Apollo defends, and Athena casts the deciding vote. The verdict is acquittal, but not because Orestes was blameless, but because justice must evolve from vengeance to law. And just like that, the curse ends,  not through violence, but through accountability.

From Retribution to Governance

What Athena did for Orestes is what modern compliance programs do for organizations: they replace personal retribution with institutional justice and institutional fairness. Before that trial, every wrong in the House of Atreus was met with revenge. Each generation avenged the last until there was no one left to save. Athena’s tribunal introduced a revolutionary idea: that justice must be impartial, procedural, and transparent.

That’s precisely the evolution every organization must undertake when it faces a scandal. At first, the instinct is vengeance: fire the bad actors, issue a statement, move on. But sustainable integrity requires something deeper: process, documentation, fairness, and continuous improvement. Orestes’ trial marks the shift from chaos to compliance.

Accountability: The End of the Curse

The word “accountability” is often misunderstood. It does not mean punishment. It means answerability, the willingness to stand before a system greater than oneself and be judged fairly. That is what Orestes did. He did not flee the Furies forever; he submitted to judgment. He participated in the process. And in doing so, he transformed justice from a personal to an institutional matter. For modern compliance officers, this is a powerful metaphor. Accountability is not about creating fear. It is about building trust. It ensures that wrongdoing is addressed through a fair, transparent process that restores, rather than destroys, culture.

The Furies as Internal Audit

The Furies are terrifying, but in the compliance world, they’re familiar. They represent the internal mechanisms of conscience and oversight, the investigations, audits, and regulators that chase wrongdoing wherever it hides. Like Orestes, many leaders try to outrun them, hoping the past won’t catch up. But true integrity doesn’t come from evasion; it comes from engagement. The companies that emerge strongest from scandal are those that face their Furies head-on, invite scrutiny, and cooperate transparently.

Think of how Siemens rebuilt its compliance function after its massive bribery scandal by embracing rigorous internal controls, external oversight, and a commitment to ethical reform. Indeed, we saw similar results based upon similar actions by both Wells Fargo and ABB. That was Orestes’ trial in corporate form, judgment accepted, redemption earned.

Electra: The Voice of Culture Renewal

Electra plays a quieter but equally vital role. She represents the voice of moral conscience, the employee who still believes in right and wrong even when everyone else has gone silent. She is the whistleblower who says, “This isn’t who we are.” The compliance champion who refuses to normalize misconduct. Without Electra’s courage, Orestes would never have acted.

Modern organizations need their Electras: employees empowered to speak, question, and persist. That’s why building a speak-up culture is the cornerstone of the 2024 DOJ Evaluation of Corporate Compliance Programs (ECCP). A company’s ability to surface issues early depends on whether it protects, informs, and celebrates those who come forward. If Orestes symbolizes accountability, Electra symbolizes cultural integrity, the belief that justice is worth pursuing even when it is dangerous.

The Birth of the Rule of Law

The trial of Orestes is one of the most significant moments in Western moral thought because it replaces vengeance with the rule of law. It is also the mythological birth of compliance, where emotion gives way to ethics, and chaos yields to process. Athena’s message is timeless: “No one person may decide justice alone. We must build systems that outlast individuals.”

That is the essence of compliance governance. Codes of conduct, reporting channels, disciplinary processes, and training all exist for one reason: to ensure that justice does not depend on personalities. Orestes’ acquittal didn’t erase his crime. It institutionalized accountability so the next generation wouldn’t repeat his curse. For corporate culture, that’s exactly what post-crisis reform does: it replaces vengeance with systems and outrage with order.

Compliance as Redemption

Orestes’ story ends not in punishment, but in purification. Athena orders the Furies to become the Eumenides,  “the Kindly Ones.” Their role shifts from persecutors to protectors, guarding the moral order they once avenged. That transformation is the perfect metaphor for what a compliance function can become after a crisis. At first, compliance feels punitive,  investigators, auditors, monitors. But over time, as systems mature and transparency grows, compliance evolves into something restorative: a protector of trust, reputation, and ethical resilience. The same forces that once punished now preserve. That is redemption for organizations and for people.

Lessons in Modern Compliance Transformation

What can compliance professionals learn from Orestes’ journey? The parallels are striking.

  1. Justice Must Be Systemic, Not Personal. Vengeance satisfies emotion but destroys culture. Justice through process restores legitimacy. For the compliance professional, the ECCP demands institutional fairness, which builds procedural fairness into investigations. Transparency and due process protect both the company and its people.
  2. Accountability Ends the Cycle. Denial perpetuates dysfunction. Facing wrongdoing directly, even publicly, is the first step to rebuilding credibility. You should conduct root cause analyses after every violation. Use findings to strengthen systems, not just assign blame.
  3. Protect the Electras. Ethical renewal begins with those who dare to speak truth.
  4. As a compliance professional, you must empower whistleblowers by providing visible protections, feedback loops, and cultural recognition.
  5. Embrace Your Furies. Auditors, regulators, and monitors are not enemies; instead, they should be seen as accountability partners. As counterintuitive as it may seem, you should treat oversight as an opportunity. Transparency with regulators builds long-term trust.
  6. Transform Enforcement into Ethics. The end goal of compliance is not punishment, it is not even detection; it is prevention. Every compliance professional should use disciplinary outcomes as learning opportunities. Celebrate integrity as publicly as you punish misconduct.

From Tragedy to Transformation

The House of Atreus began with arrogance, deception, and retaliation. It ended with something extraordinary, the birth of justice as a system. Each generation’s failure taught a lesson:

  • Tantalus showed that leadership without humility corrupts.
  • Pelops revealed the dangers of winning through corruption.
  • Atreus and Thyestes exposed the poison of internal retaliation.
  • Agamemnon and Clytemnestra warned of power without accountability.
  • Orestes and Electra finally demonstrated how accountability, due process, and transparency can cleanse even the deepest cultural stain.

That arc is the same one every mature compliance program follows from reaction to reflection, from punishment to prevention, from crisis to culture.

From Curse to Compliance

The story of Orestes is not about vengeance; rather, it is about evolution. He did not end the curse by denying it. He ended it by confronting it, submitting to judgment, and accepting that systems, not individuals, define justice. That is the ultimate compliance insight. You can’t train your way out of a cultural problem. You can’t manage ethics through charisma. You must build structures that embed accountability into every decision, every leader, and every process.

Orestes reminds us that compliance is not just about preventing misconduct; it is about healing organizations. It is about helping companies move from the chaos of reaction to the clarity of governance, from fear to fairness, from silence to transparency, from vengeance to virtue. Because in the end, every organization has its own House of Atreus somewhere in its history. The question is not whether the curse exists. The question is whether we, like Orestes, will have the courage to face it and the wisdom to replace it with justice that lasts.

Categories
Blog

House of Atreus Week: Part 4 – Agamemnon and Clytemnestra – When Power Breeds Entitlement

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on key stories and mining them for compliance lessons. In today’s Part 4, we take up the Agamemnon Problem: a leader so focused on results, so convinced of their indispensability, that ethics become negotiable. It is the mindset that says, “We’ll fix the compliance later—after we win.”

In Greek tragedy, that rationalization cost Agamemnon his life. In corporate life, it costs organizations their culture, credibility, and sometimes their license to operate. The story of Agamemnon and Clytemnestra is not only one of betrayal and revenge, it is a powerful parable about what happens when leaders mistake power for permission and performance for purpose.

The King’s Fatal Trade-Off

As the legend goes, Agamemnon, king of Mycenae and commander of the Greek forces at Troy, faced a crisis before the war even began. The goddess Artemis, angered by his arrogance, becalmed the winds and trapped his fleet in port. The only way to appease her, a seer declared, was to sacrifice his daughter, Iphigenia.

Agamemnon’s dilemma was stark: abandon his military ambitions or sacrifice his own child. He chose the latter. The winds rose, the ships sailed, and the war began. Years later, when Agamemnon returned triumphant, his wife Clytemnestra murdered him in his bath as revenge for their daughter’s death. This was not just a family tragedy; it was a leadership failure of the highest order. Agamemnon traded ethics for expedience, and the cost was everything he loved.

The Corporate Iphigenia

Every organization has its Iphigenia(s); the values, people, or principles that get sacrificed for “strategic goals.” It may be:

  • Cutting compliance budgets to hit quarterly numbers.
  • Overriding safety protocols to meet production quotas.
  • Ignoring harassment complaints to keep a star performer happy.

Like Agamemnon, leaders rationalize these sacrifices as necessary or temporary. But every compromise chips away at the moral capital that sustains the enterprise. Once the organization learns that “winning” matters more than doing right, the line between ambition and arrogance disappears.

The Entitlement of Success

When Agamemnon returned from Troy, he arrived not as a humbled survivor but as an entitled conqueror. He paraded Cassandra, a captive prophetess, before his wife and walked proudly across a purple carpet, a gesture the Greeks saw as blasphemous arrogance. It’s the same pattern we see in modern compliance disasters: success breeding entitlement. Executives who deliver profits begin to believe they’ve earned the right to bend the rules. Performance metrics replace principles as the measure of worth.

Consider a few familiar examples:

  • The Wells Fargo sales scandal: Pressure to perform led employees to create millions of fake accounts. It also involved senior management lying to its own Board of Directors.
  • Volkswagen’s emissions fraud: Engineers rationalized deception as necessary to stay competitive. But this rationalization went all the way to the CEO.
  • Boeing’s safety crisis: Leadership prioritized schedules and cost over engineering integrity. Then they blamed the airline’s pilots for operational failures.

In each case, strong organizations were undone not by ignorance of ethics but by entitlement —the belief that achievement excused misconduct.

The Compliance Cost of Entitlement

Entitlement corrodes three pillars of compliance: accountability, transparency, and humility.

1. Accountability: When leaders feel untouchable, rules become optional. Internal controls are ignored, and ethical review is seen as bureaucracy rather than protection.

2. Transparency: Entitled leaders hoard information and discourage challenge. “Bad news doesn’t travel up” becomes the cultural norm.

3. Humility: Ethical reflection gives way to moral blindness. If success is proof of righteousness, who needs oversight?

Agamemnon’s decision to sacrifice Iphigenia was not just moral cowardice; it was a governance failure. He believed his power justified his actions, and no one around him could say otherwise. That is precisely how modern compliance collapses begin.

Clytemnestra: The Whistleblower Turned Avenger

Clytemnestra’s revenge may seem extreme, but, symbolically, she represents the voice of accountability that has been ignored for too long. She warned, questioned, and grieved, yet was silenced by hierarchy and hubris. When the system denied her justice, she took justice into her own hands.

Modern organizations often create their own Clytemnestras when they suppress legitimate dissent. Whistleblowers who feel unheard can become external leakers, litigants, or catalysts for regulatory scrutiny. Every retaliation case begins as an unheeded complaint. The DOJ’s 2024 ECCP emphasizes this point. Organizations must protect, inform, and empower those who speak up. When internal channels fail, external consequences follow, just as Clytemnestra’s knife followed Agamemnon’s silence.

Ethical Decision-Making Under Pressure

Agamemnon’s fateful choice came under immense pressure, a condition every executive recognizes. But pressure is where compliance either proves its worth or disappears. Strong organizations prepare for ethical stress tests long before a crisis strikes. They establish frameworks that turn moral instinct into a structured process:

1. Define Core Non-Negotiables – The “values that will not be sacrificed.” If integrity, safety, or human dignity are ever negotiable, they soon become expendable.

2. Create Decision Pathways – Require escalation when choices have ethical or reputational risk. Ethical red flags should automatically trigger review, not after-action regret.

3. Model Accountability at the Top – Leaders must demonstrate that difficult ethical decisions are shared, not borne alone. Agamemnon acted in isolation; modern governance demands collaboration.

The Tyranny of Performance Metrics

Much of Agamemnon’s arrogance stemmed from performance obsession, the need to deliver victory at any cost. That same tyranny drives unethical behavior in today’s boardrooms. Metrics matter, but when they become idols, they demand sacrifices. Compliance programs should therefore measure how results are achieved, not just whether they are achieved.

The 2024 Evaluation of Corporate Compliance Programs (ECCP) specifically instructs prosecutors to ask whether companies’ incentives reward ethical behavior. A compliant organization aligns compensation with conduct; an entitled one rewards outcomes regardless of means. A key question for leaders: Would I still consider this a “win” if it were public tomorrow?

From Power to Stewardship

The entitlement cure is stewardship, the recognition that power is not owned, but entrusted. Great leaders see themselves as guardians of values, not exploiters of privilege. This mindset shift transforms compliance from constraint to compass:

  • Stewards ask how their choices affect stakeholders beyond themselves.
  • Stewards invite transparency because they understand accountability strengthens credibility.
  • Stewards use compliance as a mirror, not a muzzle.

Agamemnon ruled as an owner; a steward would have ruled as a custodian. The difference is the difference between arrogance and integrity.

The Compliance Evangelist’s Reflection: The Scarlet Carpet of Arrogance

When Agamemnon strode across that purple carpet, he symbolically walked across the values he was sworn to protect. Every leader who dismisses compliance as “red tape” does the same. Each step says, “The rules are for others.” But history and enforcement teach a consistent lesson: when leaders trample ethics, the organization soon trips over the fabric they have soiled. Clytemnestra’s dagger was not random vengeance; it was the return of consequence. In today’s language, it was enforcement action, indeed a reckoning deferred until accountability could no longer be ignored.

Breaking the Cycle: From Arrogance to Accountability

The tragedy of Agamemnon and Clytemnestra is that both were right and both were wrong. He betrayed his values for ambition; she destroyed justice in the name of vengeance. Their story ends in blood because neither trusted process, transparency, or accountability. Modern organizations don’t have to share that fate. Compliance offers a third path: structured accountability through systems, not swords. It ensures that no one, no matter how powerful, stands above the moral order that sustains the enterprise.

When companies embrace that mindset, they turn tragedy into transformation. They move from the purple carpet of arrogance to the solid ground of integrity. Because, as every compliance professional knows, the true test of leadership is not what you achieve when you are powerful, it is what you refuse to sacrifice to stay that way.

I hope you will join us for our concluding Part 5 — Orestes and Electra: Breaking the Cycle Through Accountability. This is my favorite story from the House of Atreus. With this myth, we will see how justice, rule of law, and redemption finally end the curse of the House of Atreus and what that means for the modern compliance function striving to build ethical resilience and renewal.

Categories
Blog

House of Atreus Week: Part 3 – Atreus and Thyestes – Internal Rivalry and the Dangers of Retaliation

We continue to look at the lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for insights. In today’s Part 3, we take up the feud between Atreus and Thyestes, sons of Pelops and heirs to his poisoned legacy. Their myth is not just about murder and betrayal; it is about what happens when leaders weaponize authority for vengeance rather than stewardship.

Every organization eventually faces conflict within its own ranks. Disagreements over power, vision, and credit are inevitable. But when rivalry turns to revenge, governance collapses, trust erodes, and compliance becomes collateral damage. Today, we take a deep dive into this issue from the 21st-century compliance perspective.

The Feast of Vengeance

After Pelops’ death, his sons Atreus and Thyestes fought over the throne of Mycenae. They began like many corporate siblings, ambitious, capable, and determined to lead. But soon ambition turned into envy. Thyestes seduced Atreus’ wife and stole a prized golden lamb that symbolized kingship.

Atreus, humiliated, plotted revenge. Pretending reconciliation, he invited Thyestes and his sons to a grand banquet. During the feast, Atreus served them a meal of Thyestes’s own children. (Shakespeare used this story much later.) When the truth was revealed, horror swept the hall. Thyestes cursed his brother, and the curse carried through the next generation, consuming Atreus’ son Agamemnon and his grandson Orestes. It is a horrifying tale, but beneath the gore lies a familiar truth: internal retaliation destroys organizations from the inside out.

When Leadership Turns on Itself

Atreus’ banquet is not simply a mythic horror story fit for my classic monster movie month; rather, it is a 21st-century metaphor for every leadership team that devours its own. In terms of compliance, Atreus and Thyestes represent toxic internal politics. They illustrate how leadership rivalries, unchecked ego, and personal vendettas can dismantle governance systems faster than any external scandal.

Modern organizations suffer the same fate when:

  • Executives undermine each other publicly.
  • Managers retaliate against whistleblowers or rivals.
  • Compliance officers are punished for doing their jobs.

When leaders use their authority to punish rather than protect, culture collapses into fear. Employees stop reporting misconduct, colleagues turn on one another, and the compliance function becomes an instrument of control instead of accountability. Atreus’ feast might look extreme, but we have all seen versions of it in the workplace.

The Corporate Equivalent of the Cannibal Feast

Let’s translate the myth into modern terms.

  • Atreus’ “banquet” = a retaliatory campaign designed to humiliate a rival or critic.
  • Thyestes’ seduction = internal manipulation, gossip, or theft of credit.
  • The curse = the lingering culture of distrust that infects every successor.

Retaliation rarely ends with the original act. Once one leader weaponizes power, everyone learns the same lesson: “You’re safe only when you’re silent.” That’s how once-strong organizations become silos of fear. Compliance reports decline not because misconduct has ended, but because employees no longer believe reporting is safe. Like the House of Atreus, the company devours itself while pretending to feast.

The Dangers of Internal Retaliation

From the compliance perspective, retaliation is one of the clearest indicators of cultural rot. It’s also one of the DOJ’s most serious red flags. The 2024 Evaluation of Corporate Compliance Programs (ECCP) explicitly asks prosecutors to evaluate:

  • Whether employees are protected from retaliation.
  • Whether complaints lead to timely investigations.
  • Whether leadership promotes a speak-up culture.

If your organization punishes dissent, even quietly, you may well find yourself already on the DOJ’s radar. Atreus’ actions were the ultimate act of retaliation: gruesome, personal, and destructive. But the underlying pattern is timeless, leadership vengeance disguised as discipline. The lesson is as modern as it is mythic: a compliance program without psychological safety is a compliance program in name only.

Case Study Parallels: When Modern Leaders Feast on Their Own

  • Uber (2017): Retaliation against employees who raised harassment claims led to executive resignations and a cultural overhaul.
  • Wells Fargo: Whistleblowers reported retaliation after flagging fraudulent account practices, compounding reputational damage.
  • Boeing (737 MAX): Internal dissent on safety concerns was suppressed, leading to tragedies that reshaped regulatory scrutiny.

Each of these companies faced its own version of Atreus’ banquet, consuming credibility and trust in the process.

The Role of Compliance in Preventing Organizational Cannibalism

The compliance function exists not just to catch misconduct, but to defend integrity against internal retaliation. A strong compliance culture ensures that ethical leadership trumps personal rivalry. Here’s how to do it:

1. Build governance that transcends personalities. Authority should rest on process, not proximity to power.

2. Separate investigative authority from reporting lines. Compliance officers must have autonomy to act without interference.

3. Educate leadership on the cost of retaliation. Retaliation isn’t just a legal risk — it’s a culture killer.

When leaders understand that internal war erodes value faster than external threats, they start behaving more like guardians than gladiators.

Creating a Culture of Trust After Betrayal

Atreus’ kingdom fell because no one could trust anyone. In business terms, that’s what happens when transparency dies. To rebuild trust, companies must do three things:

1. Acknowledge Harm. Pretending internal feuds never happened only deepens cynicism. Compliance leaders must publicly reinforce that retaliation and toxicity are violations of corporate values. Acknowledgment is the first step toward cultural repair.

2. Reinforce Transparency. Regular reporting on investigations, outcomes, and disciplinary measures builds credibility. Employees must see that misconduct is addressed fairly, not selectively.

3. Model Ethical Reconciliation. Where conflict exists, leaders must model resolution through dialogue, not vengeance. A modern compliance culture is one where accountability coexists with forgiveness, where mistakes are corrected, not avenged.

Leadership Ego and the Compliance Cost

The rivalry between Atreus and Thyestes began with ego, the same ego that drives many corporate meltdowns. Ego tells leaders that compliance is optional, that their moral compass is self-calibrated. It convinces them that retaliation is justified, that “he started it,” or that removing a critic will restore order.

But as every compliance professional knows, ego is expensive. It costs credibility, cooperation, and often millions in remediation and fines. The only sustainable leadership model values humility over hubris. In compliance terms: replace ego with ethics, and rivalry with responsibility.

The Compliance Evangelist’s Reflection: The Curse of the Retaliator

Atreus believed vengeance would bring closure. Instead, it ensured endless conflict. In organizations, retaliation operates the same way. It may silence the critic today, but it guarantees more fear and more silence tomorrow.

The DOJ, SEC, and whistleblower programs worldwide have made one thing clear: protecting those who speak up is not just the right thing to do; it is the smart business approach. The companies that thrive in the modern regulatory landscape are those that treat every internal voice as an asset, not a threat. Atreus’ downfall shows what happens when leaders fail to learn that lesson. His house became a case study in the cost of ignoring culture. For compliance professionals, that’s the real moral: you cannot achieve ethical stability through punishment alone.

From Retaliation to Redemption

The saga of Atreus and Thyestes teaches us that retaliation is never a solution; it is a multiplier of risk. The only way to end the cycle is through structural and cultural change: transparency, accountability, and empathy in leadership. For compliance professionals, that means moving from enforcement to enlightenment, helping leaders understand that the true power of compliance is not control, but trust. Because when leaders stop feeding on their own and start feeding their culture with integrity, the curse finally breaks.

I hope you will join me tomorrow for Part 4 — Agamemnon and Clytemnestra: When Power Breeds Entitlement. In it, we will explore how Agamemnon’s moral compromises and Clytemnestra’s revenge illuminate the modern dangers of performance pressure, ethical trade-offs, and the corruption of power at the top.

Categories
Blog

House of Atreus Week: Part 2 – Pelops and Myrtilus – Corruption in the Bidding Process

The curse of the House of Atreus did not begin and end with Tantalus. Like many toxic corporate cultures, it passed from one generation to the next a legacy of moral shortcuts disguised as clever strategy.

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for valuable insights. In today’s Part 2, we consider the myth of Pelops and Myrtilus, an ancient fable about corruption, betrayal, and the fatal cost of winning the wrong way. In this story, we look at Pelops, who was Tantalus’s son. Having been literally restored to life by the gods, he had the chance to rebuild his house on a foundation of integrity. Instead, he reached for the easy win, and in doing so, repeated his father’s error: he traded ethics for expedience.

For modern compliance professionals, it is a reminder that bribery and ethical compromise never end where you think they will. They will always come back to haunt you.

The Chariot Race for a Kingdom

According to Greek legend, King Oenomaus of Pisa received a prophecy that he would die at the hands of his son-in-law. To prevent this, he devised a deadly test for any man seeking to marry his daughter, Hippodamia, a chariot race from Pisa to Corinth. If the suitor won, he gained Hippodamia’s hand. If he lost, he died. Pelops, ambitious and determined, entered the race. But he knew Oenomaus’ horses were divine and unbeatable. So he sought an advantage, not through skill or preparation, but through corruption.

He approached the king’s charioteer, Myrtilus, and offered a bribe: riches, favor, and a promise of reward. Myrtilus agreed to sabotage Oenomaus’ chariot by replacing the bronze linchpins with wax. During the race, the wax melted, the chariot crashed, and the king was killed.

But when Myrtilus came to claim his reward, Pelops betrayed him, either pushing him off a cliff or ordering his death. As he fell, Myrtilus cursed Pelops and his descendants, ensuring the family’s cycle of corruption and vengeance would continue.

The First Procurement Fraud

Strip away the mythic trappings, and Pelops’ race looks remarkably modern.

This was a procurement process, a competition for something of value (in this case, marriage and a kingdom), corrupted by bribery and fraud. Pelops did not win on merit; he won by manipulating a key insider in the process.

That’s the same dynamic at play in so many real-world scandals:

  • A contractor bribing a government official for an unfair advantage.
  • A vendor is rigging bids through inside information.
  • A company turning a blind eye to its agents’ actions abroad, so long as they deliver results.

In each case, the underlying temptation is the same as Pelops’: the belief that “winning is what matters.”

The Illusion of a “Victimless” Bribe

Pelops might have rationalized his actions. He could have told himself that everyone cheats in such races or that Oenomaus’ divine horses made the contest unfair to begin with, that the ends justified the means.

Modern compliance officers hear versions of this rationalization every day:

  • “It’s just a facilitation payment.”
  • “That’s how business is done in this region.”
  • “We’re not bribing; we’re just showing appreciation.”

But as Pelops learned, there is no such thing as a victimless bribe. His corruption did not end with a single race; unfortunately, it defined generations. Myrtilus’ curse became symbolic of the reputational and ethical taint that lingers long after the bribe is paid.

Third-Party Risk: Myrtilus as the First “Agent”

In compliance terms, Myrtilus represents the classic third-party intermediary, the local fixer, the consultant, the distributor. He was not a direct employee, but his actions became Pelops’ liability. When Pelops bribed Myrtilus, he created not just moral exposure, but third-party risk. Once you involve a third party in your scheme, you lose control over the outcome. Myrtilus could expose him, blackmail him, or turn witness.

Modern compliance programs have learned this lesson the hard way. Nearly every major FCPA enforcement action, from Siemens to Petrobras to Deere, involves third-party intermediaries. These individuals promise results, grease local wheels, and leave the company holding the bag when the investigation begins. Pelops thought he could control Myrtilus. He could not. No one ever can.

The Cost of Betrayal: When Corruption Destroys Trust

After the race, Pelops killed Myrtilus to eliminate a liability. But in doing so, he destroyed something even more valuable: trust.

Once an organization uses deception as a tool, it cannot sustain authentic relationships with employees, partners, regulators, or the public. Each act of concealment breeds another, until deception becomes standard operating procedure.

We’ve seen this pattern again and again:

  • A company that falsifies quality reports must falsify safety audits next.
  • A firm that manipulates bid data must suppress whistleblowers who question it.
  • A leader who lies externally must eventually lie internally.

In the end, Pelops did not just kill a man; he killed his organization’s capacity for integrity. That’s the same fate that awaits companies that treat compliance as expendable.

Culture Eats Compliance for Breakfast

The myth of Pelops is not about one race or one bribe; it is about the cultural rot that follows. Once Pelops normalized deceit, his descendants followed suit.

In corporate life, this manifests as a culture of winning at any cost, the most dangerous culture there is. It’s what drives salespeople to falsify data, procurement officers to overlook red flags, and executives to manipulate books.

Culture eats compliance for breakfast because if the unspoken rule of your organization is “get the deal,” no policy manual will save you. Pelops’ court would have had a Code of Ethics printed in gold, and it still wouldn’t have mattered. The only antidote is integrity built into incentives, recognition, and leadership behavior.

Lessons for Modern Compliance Professionals

What can we learn from Pelops’ fall? Quite a lot. His story offers five timeless lessons for those charged with safeguarding ethics and integrity in complex organizations.

1. Corruption Always Starts Small

The first step down the wrong path rarely looks like a scandal. It seems like a shortcut. A “favor.” A small gift. Pelops’ race was just one event, yet it came to define an entire dynasty. The concept of broken windows has demonstrated that you should treat every minor ethical compromise as a potential precedent. Small acts of misconduct become cultural habits faster than anyone realizes.

2. Third-Party Due Diligence Is Non-Negotiable

Myrtilus’ betrayal highlights why vetting, monitoring, and auditing third parties is critical. Companies must know who they’re partnering with and what incentives drive their actions. This means that compliance must have a robust third-party risk management process in place. You should require a business justification, a questionnaire, documented due diligence, risk-based screening, compliance terms and conditions in your contract, and ongoing monitoring for all third parties after the contract is signed.  Finally, transparency is not optional; it is mandatory.

3. Ethical Procurement Builds Long-Term Value

In the rush to “win” contracts, companies often forget that ethical procurement protects more than reputation; it protects relationships. A tainted bid can lead to debarment, litigation, and loss of trust from clients and governments alike. For the compliance professional, you must embed integrity in procurement policy. Make ethics a competitive advantage, not a compliance burden.

4. Retaliation Destroys Cultures

Pelops’ murder of Myrtilus was the ancient equivalent of whistleblower retaliation. Myrtilus knew too much, and instead of managing the risk ethically, Pelops eliminated the witness. The result? A curse or, in modern terms, a scandal that never dies. Every compliance professional must work diligently to protect those who speak up. Encourage reporting. Make it clear that retaliation is a firing offense, not a survival tactic.

5. Integrity Outlasts Every Shortcut

Pelops won his race but lost his legacy. The true measure of success for individuals and organizations alike is sustainability. Ethical wins last; corrupt ones collapse. This requires corporate cultures where ethical behavior and business success are aligned. When values drive results, not the other way around, compliance becomes self-sustaining.

The Curse of the Easy Win

Every compliance professional has faced their “Pelops moment”; that pressure to deliver results faster, cheaper, or more impressively than the rules allow. The temptation is powerful because it is wrapped in the language of success. But as Pelops shows, every unethical win carries a hidden invoice. The ancient Greeks would call it nemesis, the inescapable reckoning that follows hubris. We call it enforcement. Whether through regulators, prosecutors, or public outrage, the bill always comes due.

The challenge for modern compliance leaders is to help their organizations see beyond the race. Winning today is not worth cursing tomorrow.

Join us tomorrow for Part 3 — Atreus and Thyestes: Internal Rivalry and the Dangers of Retaliation. We will explore how infighting, revenge, and the weaponization of leadership destroyed the next generation and how modern organizations can prevent internal culture wars from becoming compliance catastrophes.

 

Categories
Blog

House of Atreus Week: Part 1 – Tantalus’ Transgression – The Birth of a Toxic Culture

I have long been fascinated by the Greek myths around the House of Atreus. It is the most cursed House in all Greek myth. I have also long wanted to blog post series on the compliance lessons for the modern-day compliance professional. This week, I am going to take a deep dive into the most doomed House and explore some of the key stories to mine them for lessons learned for the 21st-century compliance professional. We begin our series with the founder of the House of Atreus, Tantalus, and how one leader’s moral failure can poison the entire culture of an organization. His story is a cautionary tale about hubris, accountability, and the long shadow of tone from the top.

Every great compliance failure begins somewhere. Sometimes it is a single decision, a moment of arrogance, or the quiet belief that the rules apply to everyone else but not to you. In the myths of ancient Greece, that moment came with Tantalus, patriarch of the cursed House of Atreus. His name lives on in infamy, not because of power lost, but because of ethics abandoned.

The Feast of Deception

Tantalus was a favorite of the gods. He dined with them on Mount Olympus, enjoying privileges no mortal ever had. But instead of gratitude, he showed contempt. To test their omniscience, Tantalus served the gods a horrific meal, the cooked flesh of his own son, Pelops. The gods recoiled in horror, restored Pelops to life, and condemned Tantalus to eternal punishment: forever hungry and thirsty, standing in a pool of water beneath fruit-laden branches that receded whenever he reached for them.

This is where we get the word tantalize to tempt with what is always just out of reach. But for compliance professionals, the story isn’t about temptation; it’s about transgression.

Tantalus’ sin was not merely moral or criminal. It was cultural. It revealed a belief that he was above consequence, that his proximity to power made him immune to accountability. Sound familiar? It’s the same psychology that drives corporate misconduct today: the executive who hides risk, manipulates reporting lines, or treats compliance as a box to check rather than a value to live.

Hubris at the Top: When Leaders Believe They Are Untouchable

The core of Tantalus’ failure is hubris, excessive pride that blinds leaders to ethical limits. He thought himself equal to the gods, just as modern executives sometimes see themselves as beyond internal controls, policies, or oversight.

We have seen it in corporate scandals from Enron to Theranos: charismatic leaders who create cultures where questioning authority is punished, transparency is discouraged, and the pursuit of results justifies every means. These leaders often start with good intentions —innovation, performance, growth — but end in disaster because no one dares to tell them “no.” When a CEO, department head, or even a team manager sends the message that rules are flexible for those who produce, that’s the modern equivalent of dining at Olympus. It’s the moment when culture begins to rot from the inside.

Tone from the Top: What Tantalus Forgot

In compliance, we often say “tone from the top” sets the ethical compass of the organization. Tantalus was the top, and his tone was deceitful. Instead of modeling integrity, he modeled arrogance and disrespect. His actions communicated that power excused anything.

Modern organizations are no different. Employees don’t take their ethical cues from the code of conduct on the intranet. They take them from leadership behavior, from what’s rewarded, ignored, or punished.

If Tantalus had shown humility or accountability, his descendants might have inherited a culture of honor. Instead, they inherited corruption, vengeance, and betrayal. It’s no coincidence that every generation of the House of Atreus, including Pelops, Atreus, Thyestes, Agamemnon, Clytemnestra, Orestes, repeats the cycle of wrongdoing and retaliation. The family’s downfall wasn’t fate; it was culture. A toxic tone from the top doesn’t just corrupt a moment; it defines a legacy.

Culture of Consequences: What Happens When Misconduct Goes Unpunished

One of the most striking aspects of the Tantalus myth is how long the effects last. His descendants commit crimes generations later, yet all trace back to his original transgression.

That’s what happens in modern corporations when ethical breaches are not addressed. Once misconduct is tolerated, it becomes precedent. Once precedent hardens, it becomes culture. Think of organizations where sexual harassment was covered up “to protect the company,” or where accounting irregularities were ignored “to meet quarterly targets.” Each decision not to act creates a silent permission structure. And before long, you have what we see in so many enforcement cases: a pattern of misconduct spanning years, sometimes decades.

Tantalus’ punishment, forever reaching but never attaining satisfaction, mirrors what happens in these companies. They chase success endlessly, but integrity is always out of reach because they’ve traded ethics for expedience. A culture of consequences, by contrast, does the opposite. It makes accountability tangible. It shows employees that integrity is the expectation, not the exception.

The Modern Mirror: When Hubris Meets Compliance Failure

The story of Tantalus echoes across modern boardrooms and compliance case studies. Consider:

  • The FCPA case against Siemens (2008): A culture of “business at any cost” led to systematic bribery across divisions, because leadership prioritized results over integrity.
  • The Wells Fargo scandal: Unrealistic sales goals, driven by executives insulated from consequence, encouraged widespread fraud at the branch level.
  • Theranos: A founder’s belief in her infallibility silenced dissent, distorted reporting, and destroyed trust both internally and externally.

Each of these stories began like Tantalus’ dinner with one decision to deceive, rationalized as necessary, even brilliant. Each became a legend of ethical collapse.

The compliance lesson is simple: arrogance without accountability creates catastrophe.

Rebuilding What is Broken: Lessons from Tantalus’ Fall

So how do we avoid the curse of Tantalus in modern organizations? Three principles stand out:

1. Make Ethics the Core of Leadership Identity

Ethical leadership isn’t a function of compliance checklists. It’s the lived demonstration of integrity. Leaders must see compliance not as a constraint but as an enabler of trust and sustainability. When executives model ethical decision-making, it cascades downward.

Compliance Lesson: Integrate ethical leadership into performance reviews and succession planning. Reward transparency as much as performance.

2. Institutionalize Accountability

Accountability must be structured, not situational. That means ensuring robust internal investigations, consistent discipline, and a compliance function with real independence. The moment compliance must “ask permission” to act, the organization has lost its compass.

Compliance Lesson: Empower compliance officers with direct access to the board and audit committee. Build transparency into reporting lines.

3. Preserve Psychological Safety

Tantalus’ court, like many modern workplaces, thrived on fear. When employees can’t question leaders or raise concerns, misconduct flourishes. Psychological safety is the soil in which ethical cultures grow.

Compliance Lesson: Implement anonymous reporting, protect whistleblowers, and make public examples of non-retaliation.

Breaking the Curse: The Compliance Evangelist’s View

The curse of Tantalus was not divine punishment; instead, it was a predictable outcome of leadership failure. Every compliance professional knows that culture is destiny. If leaders are deceitful, employees will be cynical. If leaders are accountable, employees will be engaged.

Tantalus’ name survives as a warning to those who confuse privilege with power, and authority with exemption. His eternal hunger reflects what happens when organizations try to feed success on a diet of deception; they are never satisfied because trust, once lost, cannot nourish growth.

The modern compliance officer stands at the intersection of myth and management, tasked with ensuring that our organizations don’t repeat Tantalus’ mistake. We cannot test the gods of regulation or ethics without consequence. Instead, we must build cultures where doing right isn’t exceptional; it is expected.

Because in the end, every compliance program has a mythic choice: become Olympus or become Tantalus.

Join us tomorrow for Part 2 — Pelops and Myrtilus: Corruption in the Bidding Process. We will explore how bribery, betrayal, and broken promises tainted Pelops’ victory and what it teaches us about third-party risk and ethical procurement.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The Dark Side of AI in Employee Training

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss emerging concerns surrounding AI, particularly ChatGPT, in the realm of employee training.

Their discussion centers on the potential use of AI, specifically ChatGPT’s newest ‘Agent Mode’, to administer compliance training courses on behalf of employees, which could potentially enable them to cheat. They debate the implications of this capability, touching on the historical context of cheating, the effectiveness of current training methods, and the need for new internal controls and strategies to adapt to these technological advancements. They also contemplate the future of training, potentially evolving into AI-driven bots that provide on-the-spot, micro-learning modules. The episode encourages compliance officers to thoroughly vet their training vendors to ensure measures are in place to prevent AI-enabled cheating.

Key highlights:

  • The Dark Side of AI in Compliance Training
  • AI’s Impact on Employee Training
  • AI’s Role in Training and Compliance
  • Future of AI in Corporate Training
  • Challenges and Considerations

Resources:

Matt Kelly in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Blog

Building Your Own AI Assistant: Compliance Lessons in Customization

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

In the ever-changing world of compliance, resource constraints remain one of our biggest hurdles. Whether you’re drafting policies, conducting risk assessments, or preparing investigation summaries, the work is often repetitive, labor-intensive, and subject to tight deadlines. Enter the AI assistant, not as a futuristic dream, but as a practical, buildable tool available to compliance professionals right now.

Alexandra Samuel’s article in Harvard Business Review titled How to Build Your Own AI Assistant, makes one point crystal clear: if you can describe a project in plain English, you can build your own AI assistant. And for compliance professionals, this represents a transformative opportunity to reduce administrative burdens while increasing consistency, accuracy, and adaptability.

But building your compliance AI assistant isn’t about chasing efficiency alone—it’s about making intentional design choices that reinforce compliance objectives, protect corporate culture, and ensure regulatory defensibility. Today, we consider five key takeaways for compliance professionals, each showing how you can harness AI assistants to enhance, not replace, your compliance program.

1. Start with the Right Use Cases

Before building, compliance leaders must ask: What problems do we want AI to solve? Samuel notes that AI assistants excel in four domains: writing and communications, troubleshooting, project management, and strategic coaching. For compliance, this translates into use cases like:

  • Drafting first-pass policy updates aligned with global regulations.
  • Summarizing enforcement actions for Board reporting.
  • Automating responses to routine employee compliance questions (e.g., “Can I accept this client gift?”).
  • Tracking investigation timelines and automatically extracting action items from meeting transcripts.

Choosing the right use case ensures your AI assistant is a force multiplier rather than a shiny distraction. Importantly, you want to start with low-risk, high-volume tasks. Drafting an anti-corruption annual training memo? AI can handle the boilerplate. Deciding whether to disclose a potential FCPA violation to the DOJ? That still belongs squarely in the human domain.

The real lesson here: compliance officers should not let “AI hype” dictate priorities. Instead, define pain points within your compliance workflow and build assistants targeted at those specific, recurring problems. Start small, iterate, and scale responsibly.

2. Design Clear Instructions—Your Assistant Is Only as Good as Its Guidance

According to Samuel, the “heart” of a custom AI assistant is the set of instructions you provide. For compliance teams, this is where risk and opportunity intersect. If your assistant doesn’t know who it is, what standards to apply, and what tone to use, it will produce outputs that undermine your credibility.

Think of instructions as your assistant’s Code of Conduct. Instead of saying “you are a compliance assistant,” you can be more precise:

  • “You are a corporate compliance officer drafting policies for a multinational company. You must ensure all content aligns with DOJ guidance on effective compliance programs, uses a professional but approachable tone, and provides practical examples for employees.”

These custom instructions allow you to “bake in” compliance frameworks from day one. For example, you can require the assistant to reference the COSO Framework for Internal Controls, ISO 37001, or the DOJ’s Evaluation of Corporate Compliance Programs whenever relevant.

The key compliance insight: good AI assistants reflect great compliance design. Just as vague compliance policies create ambiguity, vague AI instructions create unreliable outputs. Invest time in precise persona-building for your assistant, and you’ll reap consistent, defensible results.

3. Feed It Knowledge—Without Losing Control of Sensitive Data

Samuel emphasizes that AI assistants become truly powerful when equipped with background documents, such as policies, reports, contracts, or training decks. For compliance, this is both a gold mine and a minefield.

On one hand, uploading prior investigation reports, risk assessments, or compliance training modules allows your assistant to generate outputs that reflect your company’s real history and regulatory environment. Imagine an assistant that can instantly pull together a cross-border risk assessment using your own prior filings and internal guidance.

On the other hand, compliance officers must stay vigilant about data protection, privilege, and confidentiality. Sensitive HR records, whistleblower reports, and privileged investigation materials should never be indiscriminately fed into a platform without proper safeguards.

Here lies the balancing act: compliance teams must create AI assistants that are well-informed but tightly governed. This may involve anonymizing data, working through secure enterprise-grade AI platforms, or restricting inputs to public and non-sensitive internal documents.

The compliance lesson is simple but non-negotiable: context matters, but confidentiality reigns supreme. Building a compliance AI assistant means establishing protocols for what can and cannot be shared.

4. Iterate Constantly—Think Like a Compliance Monitor

Just as compliance programs require continuous improvement, so too do AI assistants. Samuel makes it clear that assistants won’t be perfect out of the box. They require ongoing feedback, refinement, and adjustment.

For compliance professionals, this is second nature. We already think in terms of monitoring, auditing, and revising. Apply the same discipline to your AI assistant:

  • Audit its outputs for accuracy, tone, and regulatory defensibility.
  • Track where it consistently underperforms (e.g., misinterpreting data privacy rules) and feed corrective instructions.
  • Periodically, “refresh” its context files to reflect updated regulations, new enforcement actions, or changes in corporate policy.

Samuel suggests asking your assistant to write their own revised instructions based on your feedback. That’s a compliance monitoring exercise in itself—your assistant becomes both subject and participant in continuous improvement.

The compliance takeaway: treat your AI assistant as a dynamic system, not a static tool. Just as DOJ expects ongoing risk assessments and remediation, regulators will expect that AI tools in compliance are actively managed, not blindly trusted.

5. Embed Ethical Guardrails and Accountability

The most important compliance lesson in building your own AI assistant is ensuring accountability. As Samuel warns, assistants can hallucinate or produce flawed outputs. In compliance, this is not simply an annoyance; more importantly, it is a potential liability.

That means your assistant must operate under ethical guardrails:

  • Always include a human-in-the-loop review before any AI-generated compliance document is finalized.
  • Require disclosures when AI was used in drafting policies, reports, or training.
  • Train employees not to treat AI outputs as gospel but as drafts for critical evaluation.
  • Align your assistant’s objectives with compliance KPIs, accuracy, transparency, and defensibility, rather than raw speed.

This mirrors the DOJ’s emphasis on corporate accountability. An AI assistant may help draft your gifts and entertainment policy, but it cannot stand before prosecutors and defend your compliance program. That responsibility remains squarely with leadership.

The compliance lesson here is unmistakable: AI is a tool, not a scapegoat. Build it to augment compliance decision-making, not to absolve it.

From Experiment to Integration

Building your own AI assistant is not a technical challenge. It is a compliance design challenge. As Alexandra Samuel reminds us, if you can describe your project, you can build your assistant. For compliance officers, that means thinking intentionally about use cases, precision in instructions, safeguards for sensitive data, iteration, and ethical guardrails.

The opportunity is immense. With thoughtfully designed AI assistants, compliance professionals can shift their focus from repetitive drafting to higher-order strategy, from administrative overload to proactive risk management. But the responsibility is equally immense. An AI assistant reflects the design choices of its creators, choices that must always prioritize compliance culture, accountability, and trust.