Categories
Blog

House of Atreus Week: Part 4 – Agamemnon and Clytemnestra – When Power Breeds Entitlement

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on key stories and mining them for compliance lessons. In today’s Part 4, we take up the Agamemnon Problem: a leader so focused on results, so convinced of their indispensability, that ethics become negotiable. It is the mindset that says, “We’ll fix the compliance later—after we win.”

In Greek tragedy, that rationalization cost Agamemnon his life. In corporate life, it costs organizations their culture, credibility, and sometimes their license to operate. The story of Agamemnon and Clytemnestra is not only one of betrayal and revenge, it is a powerful parable about what happens when leaders mistake power for permission and performance for purpose.

The King’s Fatal Trade-Off

As the legend goes, Agamemnon, king of Mycenae and commander of the Greek forces at Troy, faced a crisis before the war even began. The goddess Artemis, angered by his arrogance, becalmed the winds and trapped his fleet in port. The only way to appease her, a seer declared, was to sacrifice his daughter, Iphigenia.

Agamemnon’s dilemma was stark: abandon his military ambitions or sacrifice his own child. He chose the latter. The winds rose, the ships sailed, and the war began. Years later, when Agamemnon returned triumphant, his wife Clytemnestra murdered him in his bath as revenge for their daughter’s death. This was not just a family tragedy; it was a leadership failure of the highest order. Agamemnon traded ethics for expedience, and the cost was everything he loved.

The Corporate Iphigenia

Every organization has its Iphigenia(s); the values, people, or principles that get sacrificed for “strategic goals.” It may be:

  • Cutting compliance budgets to hit quarterly numbers.
  • Overriding safety protocols to meet production quotas.
  • Ignoring harassment complaints to keep a star performer happy.

Like Agamemnon, leaders rationalize these sacrifices as necessary or temporary. But every compromise chips away at the moral capital that sustains the enterprise. Once the organization learns that “winning” matters more than doing right, the line between ambition and arrogance disappears.

The Entitlement of Success

When Agamemnon returned from Troy, he arrived not as a humbled survivor but as an entitled conqueror. He paraded Cassandra, a captive prophetess, before his wife and walked proudly across a purple carpet, a gesture the Greeks saw as blasphemous arrogance. It’s the same pattern we see in modern compliance disasters: success breeding entitlement. Executives who deliver profits begin to believe they’ve earned the right to bend the rules. Performance metrics replace principles as the measure of worth.

Consider a few familiar examples:

  • The Wells Fargo sales scandal: Pressure to perform led employees to create millions of fake accounts. It also involved senior management lying to its own Board of Directors.
  • Volkswagen’s emissions fraud: Engineers rationalized deception as necessary to stay competitive. But this rationalization went all the way to the CEO.
  • Boeing’s safety crisis: Leadership prioritized schedules and cost over engineering integrity. Then they blamed the airline’s pilots for operational failures.

In each case, strong organizations were undone not by ignorance of ethics but by entitlement —the belief that achievement excused misconduct.

The Compliance Cost of Entitlement

Entitlement corrodes three pillars of compliance: accountability, transparency, and humility.

1. Accountability: When leaders feel untouchable, rules become optional. Internal controls are ignored, and ethical review is seen as bureaucracy rather than protection.

2. Transparency: Entitled leaders hoard information and discourage challenge. “Bad news doesn’t travel up” becomes the cultural norm.

3. Humility: Ethical reflection gives way to moral blindness. If success is proof of righteousness, who needs oversight?

Agamemnon’s decision to sacrifice Iphigenia was not just moral cowardice; it was a governance failure. He believed his power justified his actions, and no one around him could say otherwise. That is precisely how modern compliance collapses begin.

Clytemnestra: The Whistleblower Turned Avenger

Clytemnestra’s revenge may seem extreme, but, symbolically, she represents the voice of accountability that has been ignored for too long. She warned, questioned, and grieved, yet was silenced by hierarchy and hubris. When the system denied her justice, she took justice into her own hands.

Modern organizations often create their own Clytemnestras when they suppress legitimate dissent. Whistleblowers who feel unheard can become external leakers, litigants, or catalysts for regulatory scrutiny. Every retaliation case begins as an unheeded complaint. The DOJ’s 2024 ECCP emphasizes this point. Organizations must protect, inform, and empower those who speak up. When internal channels fail, external consequences follow, just as Clytemnestra’s knife followed Agamemnon’s silence.

Ethical Decision-Making Under Pressure

Agamemnon’s fateful choice came under immense pressure, a condition every executive recognizes. But pressure is where compliance either proves its worth or disappears. Strong organizations prepare for ethical stress tests long before a crisis strikes. They establish frameworks that turn moral instinct into a structured process:

1. Define Core Non-Negotiables – The “values that will not be sacrificed.” If integrity, safety, or human dignity are ever negotiable, they soon become expendable.

2. Create Decision Pathways – Require escalation when choices have ethical or reputational risk. Ethical red flags should automatically trigger review, not after-action regret.

3. Model Accountability at the Top – Leaders must demonstrate that difficult ethical decisions are shared, not borne alone. Agamemnon acted in isolation; modern governance demands collaboration.

The Tyranny of Performance Metrics

Much of Agamemnon’s arrogance stemmed from performance obsession, the need to deliver victory at any cost. That same tyranny drives unethical behavior in today’s boardrooms. Metrics matter, but when they become idols, they demand sacrifices. Compliance programs should therefore measure how results are achieved, not just whether they are achieved.

The 2024 Evaluation of Corporate Compliance Programs (ECCP) specifically instructs prosecutors to ask whether companies’ incentives reward ethical behavior. A compliant organization aligns compensation with conduct; an entitled one rewards outcomes regardless of means. A key question for leaders: Would I still consider this a “win” if it were public tomorrow?

From Power to Stewardship

The entitlement cure is stewardship, the recognition that power is not owned, but entrusted. Great leaders see themselves as guardians of values, not exploiters of privilege. This mindset shift transforms compliance from constraint to compass:

  • Stewards ask how their choices affect stakeholders beyond themselves.
  • Stewards invite transparency because they understand accountability strengthens credibility.
  • Stewards use compliance as a mirror, not a muzzle.

Agamemnon ruled as an owner; a steward would have ruled as a custodian. The difference is the difference between arrogance and integrity.

The Compliance Evangelist’s Reflection: The Scarlet Carpet of Arrogance

When Agamemnon strode across that purple carpet, he symbolically walked across the values he was sworn to protect. Every leader who dismisses compliance as “red tape” does the same. Each step says, “The rules are for others.” But history and enforcement teach a consistent lesson: when leaders trample ethics, the organization soon trips over the fabric they have soiled. Clytemnestra’s dagger was not random vengeance; it was the return of consequence. In today’s language, it was enforcement action, indeed a reckoning deferred until accountability could no longer be ignored.

Breaking the Cycle: From Arrogance to Accountability

The tragedy of Agamemnon and Clytemnestra is that both were right and both were wrong. He betrayed his values for ambition; she destroyed justice in the name of vengeance. Their story ends in blood because neither trusted process, transparency, or accountability. Modern organizations don’t have to share that fate. Compliance offers a third path: structured accountability through systems, not swords. It ensures that no one, no matter how powerful, stands above the moral order that sustains the enterprise.

When companies embrace that mindset, they turn tragedy into transformation. They move from the purple carpet of arrogance to the solid ground of integrity. Because, as every compliance professional knows, the true test of leadership is not what you achieve when you are powerful, it is what you refuse to sacrifice to stay that way.

I hope you will join us for our concluding Part 5 — Orestes and Electra: Breaking the Cycle Through Accountability. This is my favorite story from the House of Atreus. With this myth, we will see how justice, rule of law, and redemption finally end the curse of the House of Atreus and what that means for the modern compliance function striving to build ethical resilience and renewal.

Categories
Blog

House of Atreus Week: Part 3 – Atreus and Thyestes – Internal Rivalry and the Dangers of Retaliation

We continue to look at the lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for insights. In today’s Part 3, we take up the feud between Atreus and Thyestes, sons of Pelops and heirs to his poisoned legacy. Their myth is not just about murder and betrayal; it is about what happens when leaders weaponize authority for vengeance rather than stewardship.

Every organization eventually faces conflict within its own ranks. Disagreements over power, vision, and credit are inevitable. But when rivalry turns to revenge, governance collapses, trust erodes, and compliance becomes collateral damage. Today, we take a deep dive into this issue from the 21st-century compliance perspective.

The Feast of Vengeance

After Pelops’ death, his sons Atreus and Thyestes fought over the throne of Mycenae. They began like many corporate siblings, ambitious, capable, and determined to lead. But soon ambition turned into envy. Thyestes seduced Atreus’ wife and stole a prized golden lamb that symbolized kingship.

Atreus, humiliated, plotted revenge. Pretending reconciliation, he invited Thyestes and his sons to a grand banquet. During the feast, Atreus served them a meal of Thyestes’s own children. (Shakespeare used this story much later.) When the truth was revealed, horror swept the hall. Thyestes cursed his brother, and the curse carried through the next generation, consuming Atreus’ son Agamemnon and his grandson Orestes. It is a horrifying tale, but beneath the gore lies a familiar truth: internal retaliation destroys organizations from the inside out.

When Leadership Turns on Itself

Atreus’ banquet is not simply a mythic horror story fit for my classic monster movie month; rather, it is a 21st-century metaphor for every leadership team that devours its own. In terms of compliance, Atreus and Thyestes represent toxic internal politics. They illustrate how leadership rivalries, unchecked ego, and personal vendettas can dismantle governance systems faster than any external scandal.

Modern organizations suffer the same fate when:

  • Executives undermine each other publicly.
  • Managers retaliate against whistleblowers or rivals.
  • Compliance officers are punished for doing their jobs.

When leaders use their authority to punish rather than protect, culture collapses into fear. Employees stop reporting misconduct, colleagues turn on one another, and the compliance function becomes an instrument of control instead of accountability. Atreus’ feast might look extreme, but we have all seen versions of it in the workplace.

The Corporate Equivalent of the Cannibal Feast

Let’s translate the myth into modern terms.

  • Atreus’ “banquet” = a retaliatory campaign designed to humiliate a rival or critic.
  • Thyestes’ seduction = internal manipulation, gossip, or theft of credit.
  • The curse = the lingering culture of distrust that infects every successor.

Retaliation rarely ends with the original act. Once one leader weaponizes power, everyone learns the same lesson: “You’re safe only when you’re silent.” That’s how once-strong organizations become silos of fear. Compliance reports decline not because misconduct has ended, but because employees no longer believe reporting is safe. Like the House of Atreus, the company devours itself while pretending to feast.

The Dangers of Internal Retaliation

From the compliance perspective, retaliation is one of the clearest indicators of cultural rot. It’s also one of the DOJ’s most serious red flags. The 2024 Evaluation of Corporate Compliance Programs (ECCP) explicitly asks prosecutors to evaluate:

  • Whether employees are protected from retaliation.
  • Whether complaints lead to timely investigations.
  • Whether leadership promotes a speak-up culture.

If your organization punishes dissent, even quietly, you may well find yourself already on the DOJ’s radar. Atreus’ actions were the ultimate act of retaliation: gruesome, personal, and destructive. But the underlying pattern is timeless, leadership vengeance disguised as discipline. The lesson is as modern as it is mythic: a compliance program without psychological safety is a compliance program in name only.

Case Study Parallels: When Modern Leaders Feast on Their Own

  • Uber (2017): Retaliation against employees who raised harassment claims led to executive resignations and a cultural overhaul.
  • Wells Fargo: Whistleblowers reported retaliation after flagging fraudulent account practices, compounding reputational damage.
  • Boeing (737 MAX): Internal dissent on safety concerns was suppressed, leading to tragedies that reshaped regulatory scrutiny.

Each of these companies faced its own version of Atreus’ banquet, consuming credibility and trust in the process.

The Role of Compliance in Preventing Organizational Cannibalism

The compliance function exists not just to catch misconduct, but to defend integrity against internal retaliation. A strong compliance culture ensures that ethical leadership trumps personal rivalry. Here’s how to do it:

1. Build governance that transcends personalities. Authority should rest on process, not proximity to power.

2. Separate investigative authority from reporting lines. Compliance officers must have autonomy to act without interference.

3. Educate leadership on the cost of retaliation. Retaliation isn’t just a legal risk — it’s a culture killer.

When leaders understand that internal war erodes value faster than external threats, they start behaving more like guardians than gladiators.

Creating a Culture of Trust After Betrayal

Atreus’ kingdom fell because no one could trust anyone. In business terms, that’s what happens when transparency dies. To rebuild trust, companies must do three things:

1. Acknowledge Harm. Pretending internal feuds never happened only deepens cynicism. Compliance leaders must publicly reinforce that retaliation and toxicity are violations of corporate values. Acknowledgment is the first step toward cultural repair.

2. Reinforce Transparency. Regular reporting on investigations, outcomes, and disciplinary measures builds credibility. Employees must see that misconduct is addressed fairly, not selectively.

3. Model Ethical Reconciliation. Where conflict exists, leaders must model resolution through dialogue, not vengeance. A modern compliance culture is one where accountability coexists with forgiveness, where mistakes are corrected, not avenged.

Leadership Ego and the Compliance Cost

The rivalry between Atreus and Thyestes began with ego, the same ego that drives many corporate meltdowns. Ego tells leaders that compliance is optional, that their moral compass is self-calibrated. It convinces them that retaliation is justified, that “he started it,” or that removing a critic will restore order.

But as every compliance professional knows, ego is expensive. It costs credibility, cooperation, and often millions in remediation and fines. The only sustainable leadership model values humility over hubris. In compliance terms: replace ego with ethics, and rivalry with responsibility.

The Compliance Evangelist’s Reflection: The Curse of the Retaliator

Atreus believed vengeance would bring closure. Instead, it ensured endless conflict. In organizations, retaliation operates the same way. It may silence the critic today, but it guarantees more fear and more silence tomorrow.

The DOJ, SEC, and whistleblower programs worldwide have made one thing clear: protecting those who speak up is not just the right thing to do; it is the smart business approach. The companies that thrive in the modern regulatory landscape are those that treat every internal voice as an asset, not a threat. Atreus’ downfall shows what happens when leaders fail to learn that lesson. His house became a case study in the cost of ignoring culture. For compliance professionals, that’s the real moral: you cannot achieve ethical stability through punishment alone.

From Retaliation to Redemption

The saga of Atreus and Thyestes teaches us that retaliation is never a solution; it is a multiplier of risk. The only way to end the cycle is through structural and cultural change: transparency, accountability, and empathy in leadership. For compliance professionals, that means moving from enforcement to enlightenment, helping leaders understand that the true power of compliance is not control, but trust. Because when leaders stop feeding on their own and start feeding their culture with integrity, the curse finally breaks.

I hope you will join me tomorrow for Part 4 — Agamemnon and Clytemnestra: When Power Breeds Entitlement. In it, we will explore how Agamemnon’s moral compromises and Clytemnestra’s revenge illuminate the modern dangers of performance pressure, ethical trade-offs, and the corruption of power at the top.

Categories
Blog

House of Atreus Week: Part 2 – Pelops and Myrtilus – Corruption in the Bidding Process

The curse of the House of Atreus did not begin and end with Tantalus. Like many toxic corporate cultures, it passed from one generation to the next a legacy of moral shortcuts disguised as clever strategy.

We continue our look at lessons from the House of Atreus for the 21st-century compliance profession, focusing on the key stories and mining them for valuable insights. In today’s Part 2, we consider the myth of Pelops and Myrtilus, an ancient fable about corruption, betrayal, and the fatal cost of winning the wrong way. In this story, we look at Pelops, who was Tantalus’s son. Having been literally restored to life by the gods, he had the chance to rebuild his house on a foundation of integrity. Instead, he reached for the easy win, and in doing so, repeated his father’s error: he traded ethics for expedience.

For modern compliance professionals, it is a reminder that bribery and ethical compromise never end where you think they will. They will always come back to haunt you.

The Chariot Race for a Kingdom

According to Greek legend, King Oenomaus of Pisa received a prophecy that he would die at the hands of his son-in-law. To prevent this, he devised a deadly test for any man seeking to marry his daughter, Hippodamia, a chariot race from Pisa to Corinth. If the suitor won, he gained Hippodamia’s hand. If he lost, he died. Pelops, ambitious and determined, entered the race. But he knew Oenomaus’ horses were divine and unbeatable. So he sought an advantage, not through skill or preparation, but through corruption.

He approached the king’s charioteer, Myrtilus, and offered a bribe: riches, favor, and a promise of reward. Myrtilus agreed to sabotage Oenomaus’ chariot by replacing the bronze linchpins with wax. During the race, the wax melted, the chariot crashed, and the king was killed.

But when Myrtilus came to claim his reward, Pelops betrayed him, either pushing him off a cliff or ordering his death. As he fell, Myrtilus cursed Pelops and his descendants, ensuring the family’s cycle of corruption and vengeance would continue.

The First Procurement Fraud

Strip away the mythic trappings, and Pelops’ race looks remarkably modern.

This was a procurement process, a competition for something of value (in this case, marriage and a kingdom), corrupted by bribery and fraud. Pelops did not win on merit; he won by manipulating a key insider in the process.

That’s the same dynamic at play in so many real-world scandals:

  • A contractor bribing a government official for an unfair advantage.
  • A vendor is rigging bids through inside information.
  • A company turning a blind eye to its agents’ actions abroad, so long as they deliver results.

In each case, the underlying temptation is the same as Pelops’: the belief that “winning is what matters.”

The Illusion of a “Victimless” Bribe

Pelops might have rationalized his actions. He could have told himself that everyone cheats in such races or that Oenomaus’ divine horses made the contest unfair to begin with, that the ends justified the means.

Modern compliance officers hear versions of this rationalization every day:

  • “It’s just a facilitation payment.”
  • “That’s how business is done in this region.”
  • “We’re not bribing; we’re just showing appreciation.”

But as Pelops learned, there is no such thing as a victimless bribe. His corruption did not end with a single race; unfortunately, it defined generations. Myrtilus’ curse became symbolic of the reputational and ethical taint that lingers long after the bribe is paid.

Third-Party Risk: Myrtilus as the First “Agent”

In compliance terms, Myrtilus represents the classic third-party intermediary, the local fixer, the consultant, the distributor. He was not a direct employee, but his actions became Pelops’ liability. When Pelops bribed Myrtilus, he created not just moral exposure, but third-party risk. Once you involve a third party in your scheme, you lose control over the outcome. Myrtilus could expose him, blackmail him, or turn witness.

Modern compliance programs have learned this lesson the hard way. Nearly every major FCPA enforcement action, from Siemens to Petrobras to Deere, involves third-party intermediaries. These individuals promise results, grease local wheels, and leave the company holding the bag when the investigation begins. Pelops thought he could control Myrtilus. He could not. No one ever can.

The Cost of Betrayal: When Corruption Destroys Trust

After the race, Pelops killed Myrtilus to eliminate a liability. But in doing so, he destroyed something even more valuable: trust.

Once an organization uses deception as a tool, it cannot sustain authentic relationships with employees, partners, regulators, or the public. Each act of concealment breeds another, until deception becomes standard operating procedure.

We’ve seen this pattern again and again:

  • A company that falsifies quality reports must falsify safety audits next.
  • A firm that manipulates bid data must suppress whistleblowers who question it.
  • A leader who lies externally must eventually lie internally.

In the end, Pelops did not just kill a man; he killed his organization’s capacity for integrity. That’s the same fate that awaits companies that treat compliance as expendable.

Culture Eats Compliance for Breakfast

The myth of Pelops is not about one race or one bribe; it is about the cultural rot that follows. Once Pelops normalized deceit, his descendants followed suit.

In corporate life, this manifests as a culture of winning at any cost, the most dangerous culture there is. It’s what drives salespeople to falsify data, procurement officers to overlook red flags, and executives to manipulate books.

Culture eats compliance for breakfast because if the unspoken rule of your organization is “get the deal,” no policy manual will save you. Pelops’ court would have had a Code of Ethics printed in gold, and it still wouldn’t have mattered. The only antidote is integrity built into incentives, recognition, and leadership behavior.

Lessons for Modern Compliance Professionals

What can we learn from Pelops’ fall? Quite a lot. His story offers five timeless lessons for those charged with safeguarding ethics and integrity in complex organizations.

1. Corruption Always Starts Small

The first step down the wrong path rarely looks like a scandal. It seems like a shortcut. A “favor.” A small gift. Pelops’ race was just one event, yet it came to define an entire dynasty. The concept of broken windows has demonstrated that you should treat every minor ethical compromise as a potential precedent. Small acts of misconduct become cultural habits faster than anyone realizes.

2. Third-Party Due Diligence Is Non-Negotiable

Myrtilus’ betrayal highlights why vetting, monitoring, and auditing third parties is critical. Companies must know who they’re partnering with and what incentives drive their actions. This means that compliance must have a robust third-party risk management process in place. You should require a business justification, a questionnaire, documented due diligence, risk-based screening, compliance terms and conditions in your contract, and ongoing monitoring for all third parties after the contract is signed.  Finally, transparency is not optional; it is mandatory.

3. Ethical Procurement Builds Long-Term Value

In the rush to “win” contracts, companies often forget that ethical procurement protects more than reputation; it protects relationships. A tainted bid can lead to debarment, litigation, and loss of trust from clients and governments alike. For the compliance professional, you must embed integrity in procurement policy. Make ethics a competitive advantage, not a compliance burden.

4. Retaliation Destroys Cultures

Pelops’ murder of Myrtilus was the ancient equivalent of whistleblower retaliation. Myrtilus knew too much, and instead of managing the risk ethically, Pelops eliminated the witness. The result? A curse or, in modern terms, a scandal that never dies. Every compliance professional must work diligently to protect those who speak up. Encourage reporting. Make it clear that retaliation is a firing offense, not a survival tactic.

5. Integrity Outlasts Every Shortcut

Pelops won his race but lost his legacy. The true measure of success for individuals and organizations alike is sustainability. Ethical wins last; corrupt ones collapse. This requires corporate cultures where ethical behavior and business success are aligned. When values drive results, not the other way around, compliance becomes self-sustaining.

The Curse of the Easy Win

Every compliance professional has faced their “Pelops moment”; that pressure to deliver results faster, cheaper, or more impressively than the rules allow. The temptation is powerful because it is wrapped in the language of success. But as Pelops shows, every unethical win carries a hidden invoice. The ancient Greeks would call it nemesis, the inescapable reckoning that follows hubris. We call it enforcement. Whether through regulators, prosecutors, or public outrage, the bill always comes due.

The challenge for modern compliance leaders is to help their organizations see beyond the race. Winning today is not worth cursing tomorrow.

Join us tomorrow for Part 3 — Atreus and Thyestes: Internal Rivalry and the Dangers of Retaliation. We will explore how infighting, revenge, and the weaponization of leadership destroyed the next generation and how modern organizations can prevent internal culture wars from becoming compliance catastrophes.

 

Categories
Blog

House of Atreus Week: Part 1 – Tantalus’ Transgression – The Birth of a Toxic Culture

I have long been fascinated by the Greek myths around the House of Atreus. It is the most cursed House in all Greek myth. I have also long wanted to blog post series on the compliance lessons for the modern-day compliance professional. This week, I am going to take a deep dive into the most doomed House and explore some of the key stories to mine them for lessons learned for the 21st-century compliance professional. We begin our series with the founder of the House of Atreus, Tantalus, and how one leader’s moral failure can poison the entire culture of an organization. His story is a cautionary tale about hubris, accountability, and the long shadow of tone from the top.

Every great compliance failure begins somewhere. Sometimes it is a single decision, a moment of arrogance, or the quiet belief that the rules apply to everyone else but not to you. In the myths of ancient Greece, that moment came with Tantalus, patriarch of the cursed House of Atreus. His name lives on in infamy, not because of power lost, but because of ethics abandoned.

The Feast of Deception

Tantalus was a favorite of the gods. He dined with them on Mount Olympus, enjoying privileges no mortal ever had. But instead of gratitude, he showed contempt. To test their omniscience, Tantalus served the gods a horrific meal, the cooked flesh of his own son, Pelops. The gods recoiled in horror, restored Pelops to life, and condemned Tantalus to eternal punishment: forever hungry and thirsty, standing in a pool of water beneath fruit-laden branches that receded whenever he reached for them.

This is where we get the word tantalize to tempt with what is always just out of reach. But for compliance professionals, the story isn’t about temptation; it’s about transgression.

Tantalus’ sin was not merely moral or criminal. It was cultural. It revealed a belief that he was above consequence, that his proximity to power made him immune to accountability. Sound familiar? It’s the same psychology that drives corporate misconduct today: the executive who hides risk, manipulates reporting lines, or treats compliance as a box to check rather than a value to live.

Hubris at the Top: When Leaders Believe They Are Untouchable

The core of Tantalus’ failure is hubris, excessive pride that blinds leaders to ethical limits. He thought himself equal to the gods, just as modern executives sometimes see themselves as beyond internal controls, policies, or oversight.

We have seen it in corporate scandals from Enron to Theranos: charismatic leaders who create cultures where questioning authority is punished, transparency is discouraged, and the pursuit of results justifies every means. These leaders often start with good intentions —innovation, performance, growth — but end in disaster because no one dares to tell them “no.” When a CEO, department head, or even a team manager sends the message that rules are flexible for those who produce, that’s the modern equivalent of dining at Olympus. It’s the moment when culture begins to rot from the inside.

Tone from the Top: What Tantalus Forgot

In compliance, we often say “tone from the top” sets the ethical compass of the organization. Tantalus was the top, and his tone was deceitful. Instead of modeling integrity, he modeled arrogance and disrespect. His actions communicated that power excused anything.

Modern organizations are no different. Employees don’t take their ethical cues from the code of conduct on the intranet. They take them from leadership behavior, from what’s rewarded, ignored, or punished.

If Tantalus had shown humility or accountability, his descendants might have inherited a culture of honor. Instead, they inherited corruption, vengeance, and betrayal. It’s no coincidence that every generation of the House of Atreus, including Pelops, Atreus, Thyestes, Agamemnon, Clytemnestra, Orestes, repeats the cycle of wrongdoing and retaliation. The family’s downfall wasn’t fate; it was culture. A toxic tone from the top doesn’t just corrupt a moment; it defines a legacy.

Culture of Consequences: What Happens When Misconduct Goes Unpunished

One of the most striking aspects of the Tantalus myth is how long the effects last. His descendants commit crimes generations later, yet all trace back to his original transgression.

That’s what happens in modern corporations when ethical breaches are not addressed. Once misconduct is tolerated, it becomes precedent. Once precedent hardens, it becomes culture. Think of organizations where sexual harassment was covered up “to protect the company,” or where accounting irregularities were ignored “to meet quarterly targets.” Each decision not to act creates a silent permission structure. And before long, you have what we see in so many enforcement cases: a pattern of misconduct spanning years, sometimes decades.

Tantalus’ punishment, forever reaching but never attaining satisfaction, mirrors what happens in these companies. They chase success endlessly, but integrity is always out of reach because they’ve traded ethics for expedience. A culture of consequences, by contrast, does the opposite. It makes accountability tangible. It shows employees that integrity is the expectation, not the exception.

The Modern Mirror: When Hubris Meets Compliance Failure

The story of Tantalus echoes across modern boardrooms and compliance case studies. Consider:

  • The FCPA case against Siemens (2008): A culture of “business at any cost” led to systematic bribery across divisions, because leadership prioritized results over integrity.
  • The Wells Fargo scandal: Unrealistic sales goals, driven by executives insulated from consequence, encouraged widespread fraud at the branch level.
  • Theranos: A founder’s belief in her infallibility silenced dissent, distorted reporting, and destroyed trust both internally and externally.

Each of these stories began like Tantalus’ dinner with one decision to deceive, rationalized as necessary, even brilliant. Each became a legend of ethical collapse.

The compliance lesson is simple: arrogance without accountability creates catastrophe.

Rebuilding What is Broken: Lessons from Tantalus’ Fall

So how do we avoid the curse of Tantalus in modern organizations? Three principles stand out:

1. Make Ethics the Core of Leadership Identity

Ethical leadership isn’t a function of compliance checklists. It’s the lived demonstration of integrity. Leaders must see compliance not as a constraint but as an enabler of trust and sustainability. When executives model ethical decision-making, it cascades downward.

Compliance Lesson: Integrate ethical leadership into performance reviews and succession planning. Reward transparency as much as performance.

2. Institutionalize Accountability

Accountability must be structured, not situational. That means ensuring robust internal investigations, consistent discipline, and a compliance function with real independence. The moment compliance must “ask permission” to act, the organization has lost its compass.

Compliance Lesson: Empower compliance officers with direct access to the board and audit committee. Build transparency into reporting lines.

3. Preserve Psychological Safety

Tantalus’ court, like many modern workplaces, thrived on fear. When employees can’t question leaders or raise concerns, misconduct flourishes. Psychological safety is the soil in which ethical cultures grow.

Compliance Lesson: Implement anonymous reporting, protect whistleblowers, and make public examples of non-retaliation.

Breaking the Curse: The Compliance Evangelist’s View

The curse of Tantalus was not divine punishment; instead, it was a predictable outcome of leadership failure. Every compliance professional knows that culture is destiny. If leaders are deceitful, employees will be cynical. If leaders are accountable, employees will be engaged.

Tantalus’ name survives as a warning to those who confuse privilege with power, and authority with exemption. His eternal hunger reflects what happens when organizations try to feed success on a diet of deception; they are never satisfied because trust, once lost, cannot nourish growth.

The modern compliance officer stands at the intersection of myth and management, tasked with ensuring that our organizations don’t repeat Tantalus’ mistake. We cannot test the gods of regulation or ethics without consequence. Instead, we must build cultures where doing right isn’t exceptional; it is expected.

Because in the end, every compliance program has a mythic choice: become Olympus or become Tantalus.

Join us tomorrow for Part 2 — Pelops and Myrtilus: Corruption in the Bidding Process. We will explore how bribery, betrayal, and broken promises tainted Pelops’ victory and what it teaches us about third-party risk and ethical procurement.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The Dark Side of AI in Employee Training

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss emerging concerns surrounding AI, particularly ChatGPT, in the realm of employee training.

Their discussion centers on the potential use of AI, specifically ChatGPT’s newest ‘Agent Mode’, to administer compliance training courses on behalf of employees, which could potentially enable them to cheat. They debate the implications of this capability, touching on the historical context of cheating, the effectiveness of current training methods, and the need for new internal controls and strategies to adapt to these technological advancements. They also contemplate the future of training, potentially evolving into AI-driven bots that provide on-the-spot, micro-learning modules. The episode encourages compliance officers to thoroughly vet their training vendors to ensure measures are in place to prevent AI-enabled cheating.

Key highlights:

  • The Dark Side of AI in Compliance Training
  • AI’s Impact on Employee Training
  • AI’s Role in Training and Compliance
  • Future of AI in Corporate Training
  • Challenges and Considerations

Resources:

Matt Kelly in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Blog

Building Your Own AI Assistant: Compliance Lessons in Customization

Ed. Note: This week, we present a week-long series on the use of GenAI in a best practices compliance program. Additionally, for each blog post, I have created a one-page checklist for each article that you can use in presentations or for easier reference. Email my EA Jaja at jaja@compliancepodcastnetwork.net for a complimentary copy.

In the ever-changing world of compliance, resource constraints remain one of our biggest hurdles. Whether you’re drafting policies, conducting risk assessments, or preparing investigation summaries, the work is often repetitive, labor-intensive, and subject to tight deadlines. Enter the AI assistant, not as a futuristic dream, but as a practical, buildable tool available to compliance professionals right now.

Alexandra Samuel’s article in Harvard Business Review titled How to Build Your Own AI Assistant, makes one point crystal clear: if you can describe a project in plain English, you can build your own AI assistant. And for compliance professionals, this represents a transformative opportunity to reduce administrative burdens while increasing consistency, accuracy, and adaptability.

But building your compliance AI assistant isn’t about chasing efficiency alone—it’s about making intentional design choices that reinforce compliance objectives, protect corporate culture, and ensure regulatory defensibility. Today, we consider five key takeaways for compliance professionals, each showing how you can harness AI assistants to enhance, not replace, your compliance program.

1. Start with the Right Use Cases

Before building, compliance leaders must ask: What problems do we want AI to solve? Samuel notes that AI assistants excel in four domains: writing and communications, troubleshooting, project management, and strategic coaching. For compliance, this translates into use cases like:

  • Drafting first-pass policy updates aligned with global regulations.
  • Summarizing enforcement actions for Board reporting.
  • Automating responses to routine employee compliance questions (e.g., “Can I accept this client gift?”).
  • Tracking investigation timelines and automatically extracting action items from meeting transcripts.

Choosing the right use case ensures your AI assistant is a force multiplier rather than a shiny distraction. Importantly, you want to start with low-risk, high-volume tasks. Drafting an anti-corruption annual training memo? AI can handle the boilerplate. Deciding whether to disclose a potential FCPA violation to the DOJ? That still belongs squarely in the human domain.

The real lesson here: compliance officers should not let “AI hype” dictate priorities. Instead, define pain points within your compliance workflow and build assistants targeted at those specific, recurring problems. Start small, iterate, and scale responsibly.

2. Design Clear Instructions—Your Assistant Is Only as Good as Its Guidance

According to Samuel, the “heart” of a custom AI assistant is the set of instructions you provide. For compliance teams, this is where risk and opportunity intersect. If your assistant doesn’t know who it is, what standards to apply, and what tone to use, it will produce outputs that undermine your credibility.

Think of instructions as your assistant’s Code of Conduct. Instead of saying “you are a compliance assistant,” you can be more precise:

  • “You are a corporate compliance officer drafting policies for a multinational company. You must ensure all content aligns with DOJ guidance on effective compliance programs, uses a professional but approachable tone, and provides practical examples for employees.”

These custom instructions allow you to “bake in” compliance frameworks from day one. For example, you can require the assistant to reference the COSO Framework for Internal Controls, ISO 37001, or the DOJ’s Evaluation of Corporate Compliance Programs whenever relevant.

The key compliance insight: good AI assistants reflect great compliance design. Just as vague compliance policies create ambiguity, vague AI instructions create unreliable outputs. Invest time in precise persona-building for your assistant, and you’ll reap consistent, defensible results.

3. Feed It Knowledge—Without Losing Control of Sensitive Data

Samuel emphasizes that AI assistants become truly powerful when equipped with background documents, such as policies, reports, contracts, or training decks. For compliance, this is both a gold mine and a minefield.

On one hand, uploading prior investigation reports, risk assessments, or compliance training modules allows your assistant to generate outputs that reflect your company’s real history and regulatory environment. Imagine an assistant that can instantly pull together a cross-border risk assessment using your own prior filings and internal guidance.

On the other hand, compliance officers must stay vigilant about data protection, privilege, and confidentiality. Sensitive HR records, whistleblower reports, and privileged investigation materials should never be indiscriminately fed into a platform without proper safeguards.

Here lies the balancing act: compliance teams must create AI assistants that are well-informed but tightly governed. This may involve anonymizing data, working through secure enterprise-grade AI platforms, or restricting inputs to public and non-sensitive internal documents.

The compliance lesson is simple but non-negotiable: context matters, but confidentiality reigns supreme. Building a compliance AI assistant means establishing protocols for what can and cannot be shared.

4. Iterate Constantly—Think Like a Compliance Monitor

Just as compliance programs require continuous improvement, so too do AI assistants. Samuel makes it clear that assistants won’t be perfect out of the box. They require ongoing feedback, refinement, and adjustment.

For compliance professionals, this is second nature. We already think in terms of monitoring, auditing, and revising. Apply the same discipline to your AI assistant:

  • Audit its outputs for accuracy, tone, and regulatory defensibility.
  • Track where it consistently underperforms (e.g., misinterpreting data privacy rules) and feed corrective instructions.
  • Periodically, “refresh” its context files to reflect updated regulations, new enforcement actions, or changes in corporate policy.

Samuel suggests asking your assistant to write their own revised instructions based on your feedback. That’s a compliance monitoring exercise in itself—your assistant becomes both subject and participant in continuous improvement.

The compliance takeaway: treat your AI assistant as a dynamic system, not a static tool. Just as DOJ expects ongoing risk assessments and remediation, regulators will expect that AI tools in compliance are actively managed, not blindly trusted.

5. Embed Ethical Guardrails and Accountability

The most important compliance lesson in building your own AI assistant is ensuring accountability. As Samuel warns, assistants can hallucinate or produce flawed outputs. In compliance, this is not simply an annoyance; more importantly, it is a potential liability.

That means your assistant must operate under ethical guardrails:

  • Always include a human-in-the-loop review before any AI-generated compliance document is finalized.
  • Require disclosures when AI was used in drafting policies, reports, or training.
  • Train employees not to treat AI outputs as gospel but as drafts for critical evaluation.
  • Align your assistant’s objectives with compliance KPIs, accuracy, transparency, and defensibility, rather than raw speed.

This mirrors the DOJ’s emphasis on corporate accountability. An AI assistant may help draft your gifts and entertainment policy, but it cannot stand before prosecutors and defend your compliance program. That responsibility remains squarely with leadership.

The compliance lesson here is unmistakable: AI is a tool, not a scapegoat. Build it to augment compliance decision-making, not to absolve it.

From Experiment to Integration

Building your own AI assistant is not a technical challenge. It is a compliance design challenge. As Alexandra Samuel reminds us, if you can describe your project, you can build your assistant. For compliance officers, that means thinking intentionally about use cases, precision in instructions, safeguards for sensitive data, iteration, and ethical guardrails.

The opportunity is immense. With thoughtfully designed AI assistants, compliance professionals can shift their focus from repetitive drafting to higher-order strategy, from administrative overload to proactive risk management. But the responsibility is equally immense. An AI assistant reflects the design choices of its creators, choices that must always prioritize compliance culture, accountability, and trust.

Categories
Blog

When the Captain Isn’t the Captain: Star Trek’s Turnabout Intruder as a Root Cause Analysis Case Study

One of the Department of Justice’s most consistent themes in its 2024 Update to the Evaluation of Corporate Compliance Programs (ECCP) is the need for companies to conduct effective root cause analysis following misconduct or control failures. It’s not enough to identify what went wrong; you must understand why it happened and implement measures to prevent it from happening again.

That principle is front and center in the Star Trek: The Original Series finale, Turnabout Intruder. In this episode, Captain Kirk is on an archaeological survey mission when he encounters Dr. Janice Lester, an old acquaintance from Starfleet Academy. Through a mysterious alien device, Lester transfers her consciousness into Kirk’s body, trapping his mind in her own body. What follows is a tense series of events in which “Kirk” behaves increasingly erratically, prompting suspicion among the crew.

For compliance professionals, the episode is a surprisingly apt case study in the perils of failing to dig past the surface when something seems off. Just as the crew needed to piece together the real cause of their captain’s strange behavior, compliance teams must be adept at peeling back layers to discover the true root cause of problems.

Here are five key root cause analysis lessons from Turnabout Intruder.

Lesson 1: Unusual Behavior Should Trigger an Investigation

Illustrated by: Shortly after the mind swap, “Kirk” begins making uncharacteristic decisions, belittling subordinates, ignoring Starfleet protocols, and punishing dissent in ways that are entirely out of character for the captain.

Compliance Lesson:

Behavior that deviates from established patterns should be a red flag. In corporate compliance, abrupt changes, whether in employee conduct, financial reporting patterns, or transaction activity, often indicate deeper issues.

Too often, organizations rationalize away early warning signs: “He’s under stress” or “That’s just her style.” But effective root cause analysis begins with the willingness to ask, Why is this happening now? Early detection is often the difference between a manageable problem and a full-blown crisis. Develop and maintain behavioral baselines for key personnel and functions. If something deviates sharply, investigate promptly rather than waiting for more evidence to emerge.

Lesson 2: Multiple Data Points Build a Stronger Case

Illustrated by: Several crew members—Spock, McCoy, Scotty—each notice something odd about “Kirk.” At first, their observations are anecdotal and separate. Only when they share information do they begin to see a pattern that suggests something is seriously wrong.

Compliance Lesson.  Root cause analysis is stronger when it integrates multiple perspectives and sources of data. If you rely on a single source, one audit, one complaint, you risk drawing incomplete or biased conclusions.

In the episode, no single crew member had enough to prove that Kirk wasn’t himself. But when their observations were combined, the collective evidence pointed toward an anomaly that needed urgent action. Create processes that encourage information sharing across departments. Compliance, audit, HR, and operations should have mechanisms to cross-reference findings because the root cause may only emerge when different pieces are put together.

Lesson 3: Be Alert to Hidden Motives

Illustrated by: In Kirk’s body, Lester uses her new authority to sideline suspected opponents, reassigning or threatening crew who question her behavior. Her motive isn’t mission success; it’s consolidating her stolen command.

Compliance Lesson. The apparent cause of a problem may mask deeper personal or organizational motives. Misconduct often occurs because someone is pursuing goals that conflict with corporate policy, whether financial gain, personal vendettas, or reputational enhancement.

If your analysis stops at “This person violated policy,” you miss the opportunity to uncover why they were willing to risk consequences. In many cases, systemic issues, misaligned incentives, toxic culture, and weak oversight are the true drivers. In every investigation, ask “What’s in it for them?” Understanding incentives, pressures, and personal agendas can reveal root causes that process analysis alone won’t uncover.

Lesson 4: Authority Structures Can Delay Recognition of the Problem

Illustrated by: Even when evidence mounts, the crew is reluctant to challenge “Kirk” because of the chain of command. Starfleet discipline dictates deference to the captain, making it harder to act on suspicions.

Compliance Lesson. In organizations, hierarchy can be a barrier to identifying root causes. Employees may hesitate to report misconduct by senior leaders, or they may assume questionable directives are “above their pay grade” to question.

This dynamic often allows problems to persist far longer than they should. A compliance program must be designed to bypass those bottlenecks, giving employees safe, confidential, and credible ways to report concerns, even about top executives. Ensure that escalation procedures allow for independent review of senior management conduct. Whistleblower protections, ombuds functions, and anonymous hotlines can help surface issues that otherwise stay buried.

Lesson 5: Validate Assumptions Before Acting

Illustrated by: Spock eventually confronts “Kirk” and demands an explanation. Through logical analysis and a mind meld, he confirms the body-swap truth. Only then can the crew take decisive action to restore the captain to his rightful body.

Compliance Lesson. One of the biggest pitfalls in root cause analysis is acting on unverified assumptions. If you jump to conclusions too early, you may “fix” the wrong problem—or make it worse. Spock’s mind meld was the ultimate verification step. In compliance, your “mind meld” might be corroborating whistleblower claims with independent documentation, or testing an internal control in multiple scenarios before concluding it’s defective.

Build verification into your root cause analysis process. Don’t settle for the first plausible explanation; pressure-test your conclusions before implementing remediation.

Connecting Star Trek to DOJ Expectations

The DOJ’s ECCP explicitly asks:

  • “What is the root cause of the misconduct?”
  • “Were prior opportunities to detect the misconduct missed?”
  • “What systemic failures contributed to the issue?”

Turnabout Intruder illustrates the importance of addressing these questions. If the crew had stopped at “the captain is acting oddly” and focused on damage control, they might never have uncovered the deeper truth of Lester’s body swap. Similarly, in corporate investigations, stopping at the surface level (“employee violated policy”) without probing the environment that allowed it to happen fails both the DOJ’s expectations and your prevention mandate.

Final ComplianceLog Reflections

In Turnabout Intruder, the crew’s slow realization of the true problem nearly cost them their captain and perhaps the Enterprise itself. In the compliance arena, a slow or shallow root cause analysis can allow misconduct to persist, control weaknesses to remain unaddressed, and systemic issues to metastasize.

Effective compliance leadership means not just spotting what’s wrong, but relentlessly pursuing why it went wrong. That’s how you fix the problem in a way that prevents recurrence.

Like Spock confronting “Kirk,” we must be willing to gather evidence methodically, test our conclusions, and take decisive action once the truth is clear. Root cause analysis isn’t about blame—it’s about ensuring your organization emerges stronger, more transparent, and more resilient than before.

Because in the end, just like the Enterprise, your mission depends on having the right people in the right roles, operating with integrity, and that’s a result only a thorough, well-executed root cause analysis can guarantee.

 Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Blog

Institutional Justice and Fairness in Compliance: Lessons from Star Trek’s ‘The Cloud Minders’

Institutional justice and institutional fairness are not abstract ideals; they are operational requirements in a corporate compliance program. They define how policies are enforced, how decisions are made, and how employees perceive the integrity of their workplace. One of the most vivid illustrations of the dangers of systemic injustice and perceived unfairness comes from Star Trek: The Original Series in “The Cloud Minders.”

The DOJ’s 2024 Evaluation of Corporate Compliance Programs (ECCP) reinforces this point: for a compliance program to be effective, it must not only exist on paper but also operate fairly in practice. The DOJ expects companies to show that their compliance processes are applied consistently across the organization, regardless of seniority, revenue generation, or personal connections.

Why the DOJ Cares About Justice and Fairness in Compliance

In the ECCP, the DOJ focused on institutional justice and institutional fairness as key mandates for the compliance function. Why? It was rooted in practicality: a compliance program that is seen as biased or inconsistent will fail. Employees will not report misconduct, will hide mistakes, and will disengage from ethics initiatives.

Prosecutors know that when misconduct occurs in such an environment, it’s often a symptom of deeper cultural problems. That’s why, during investigations, they ask:

  • Are policies applied equally to all levels of the organization?
  • Is discipline consistent and documented?
  • Do employees believe the process is fair?
  • Has the company addressed the underlying causes of misconduct?

If the answers to these questions are unsatisfactory, the DOJ is more likely to view the compliance program as ineffective, regardless of its written policies.

The Tale 

The Enterprise is sent to the planet Ardana to collect zenite, a mineral needed to stop a plague on another world. Captain Kirk and Mr. Spock beam down to Stratos, a floating city inhabited by the planet’s elite, only to discover a deep societal divide. The surface of Ardana is worked by “Troglytes,” a laborer class forced to mine zenite under hazardous conditions, denied access to the comforts and education of Stratos.

The elites justify this arrangement as necessary for stability, while the Troglytes see it as systemic exploitation. The episode becomes a study in the consequences of entrenched inequality, distrust, and the refusal to address legitimate grievances, exactly the kinds of dynamics that can erode trust in a corporate compliance program if not addressed.

From this story, we can extract five compliance lessons on institutional justice and institutional fairness.

Lesson 1: Consistency in Standards Is Non-Negotiable

Illustrated by:  The leaders of Stratos apply rules differently depending on social status. The elite enjoy cultural and political freedoms, while Troglytes face restrictions and harsher punishments for similar conduct.

Compliance Lesson. The DOJ has repeatedly emphasized that policies and disciplinary measures must be applied consistently. If employees perceive that “rainmakers” or executives receive lighter sanctions, or none at all, for policy violations, trust in the compliance function evaporates. In The Cloud Minders, the double standard deepens resentment and drives conflict, precisely what can happen inside a company when justice is selective.

Why It Matters to DOJ: Prosecutors evaluate whether discipline is enforced “consistently across the organization, regardless of position or power.” Inconsistency is a red flag that the program is a paper exercise rather than a living system.

What should you do?

  • Establish clear, documented disciplinary protocols.
  • Apply them uniformly, with oversight from the compliance function.
  • Communicate to the workforce that no one is above the rules.

Lesson 2: Address Root Causes, Not Just Symptoms

Illustrated by: The Troglytes’ performance and health are impaired because mining zenite exposes them to toxic vapors. The elites interpret this as proof of inferiority, ignoring the environmental cause.

Compliance Lesson. Organizations sometimes treat compliance failures as isolated misconduct rather than symptoms of deeper issues, such as inadequate training, unrealistic sales targets, or flawed incentive structures. In Ardana, fixing the air quality in the mines would have solved much of the productivity gap, just as fixing systemic drivers of noncompliance prevents repeat issues.

Why It Matters to DOJ: The DOJ looks for root cause analysis after misconduct. They want to see whether the company took corrective action to address systemic issues, not just discipline the individuals involved.

What should you do?

  • Investigate not only “who” did something wrong, but “why” it happened.
  • Use findings to improve processes, incentives, and controls.
  • Share non-confidential lessons learned with the workforce to demonstrate fairness and transparency.

Lesson 3: Perceived Fairness Matters as Much as Actual Fairness

Illustrated by: Even when Kirk offers protective gear to the Troglytes, they are slow to trust his intentions. Years of mistreatment have convinced them that promises from the elites are empty.

Compliance Parallel: Employees judge compliance programs not only by their design but by how fair they feel in practice. If people believe investigations are biased or that whistleblowers will be punished, they will avoid reporting, even if the official policy says otherwise. On Ardana, the absence of trust kept both sides from engaging in good-faith solutions—something corporate leaders must avoid at all costs.

Why It Matters to DOJ: Prosecutors assess whether employees trust the compliance program enough to use it. A hotline no one calls is not evidence of a healthy culture—it may be proof of fear or cynicism.

What should you do?

  • Publicize examples where issues were raised and resolved fairly.
  • Protect whistleblowers from retaliation and make that protection visible.
  • Use employee surveys to measure trust in compliance processes.

Lesson 4: Leadership Must Model Ethical Behavior

Illustrated by: Stratos’s leaders speak about justice and stability, but are unwilling to live under the same risks or hardships as the Troglytes. Their detachment from the reality of mining life fuels the unrest.

Compliance Lesson. Leaders who preach ethics but cut corners for themselves undermine institutional fairness. Employees take cues from the top; if executives are exempt from rules, the rest of the organization will follow suit. In The Cloud Minders, the Stratos elite’s credibility collapses because they refuse to share the burdens of those they govern, a mistake no corporate leadership team should make.

Why It Matters to DOJ: The DOJ examines “tone at the top” and “conduct at the middle.” They want to see that leadership’s actions match their words and that managers reinforce the message through daily decisions.

What should you do?

  • Ensure executives participate in the same training and certifications as all employees.
  • Make leadership accountable for compliance metrics.
  • Publicly acknowledge when senior leaders are held to account for violations.

Lesson 5: Dialogue and Inclusion Are Tools for Justice

Illustrated by: Spock approaches the Troglytes with genuine respect, listening to their grievances and acknowledging their intelligence. His willingness to engage earns him credibility that Stratos leaders lack.

Compliance Parallel: Institutional fairness is strengthened when employees feel heard and included in shaping solutions. This doesn’t mean every request can be granted, but the act of listening and considering input builds trust. Just as Spock bridged the divide on Ardana, compliance leaders can bridge gaps in trust by treating all stakeholders with respect and dignity.

Why It Matters to DOJ: A compliance program is stronger when it incorporates feedback from the workforce. The DOJ favors companies that regularly assess the program’s effectiveness through interviews, surveys, and focus groups.

What should you do?

  • Include employee representatives in policy review committees.
  • Hold listening sessions for employees and other stakeholders after major incidents or policy changes.
  • Act on feasible suggestions and explain when ideas can’t be implemented.

Practical Compliance Takeaways from The Cloud Minders

  1. Apply Rules Equally: Avoid double standards by holding everyone—from the C-suite to front-line staff—to the exact requirements.
  2. Investigate Root Causes: Fix systemic issues, not just individual mistakes.
  3. Build Trust in the Process: Ensure employees perceive the program as fair and protective.
  4. Lead by Example: Leadership must model the ethical behavior expected of all.
  5. Listen and Include: Use dialogue to bridge divides and strengthen buy-in.

Final ComplianceLog Reflections

The Cloud Minders is more than a parable about class division; it is a warning for any institution that neglects fairness and justice. In Ardana, injustice created resentment, distrust, and rebellion. In a corporation, those same dynamics can lead to silent disengagement, hidden misconduct, and public scandal.

The DOJ’s message is clear: fairness and justice are not optional add-ons to compliance; they are the foundation of a program that works. As compliance leaders, our role is to be the “Spock” in the room, listening, respecting, and bridging divides while ensuring that the rules are fair, transparent, and consistently applied.

When we do that, we do not just comply with the DOJ’s expectations; we build organizations where people trust the system enough to make it work.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Blog

Argentieri at ABA White Collar Conference: Corporate Enforcement, Part 1

There were recently two significant speeches by Department of Justice (DOJ) officials at the American Bar Association National Institute on White Collar Crime. The first was by Deputy Attorney General Lisa Monaco. The second was by Acting Assistant Attorney General Nicole Argentieri. They both had important remarks for the compliance professional. Over the next several blog posts, I will review both speeches and what they might indicate for compliance and Foreign Corrupt Practices Act enforcement going forward. Yesterday, I considered the Monaco speech. Today is the speech by Nicole Argentieri.

After reviewing some of the more significant individual prosecutions, Argentieri turned to corporate enforcement, noting, “Corporate accountability is the other side of our white-collar work because companies are the first line of defense against misconduct.” She emphasized the need for “a strong compliance program that is key to preventing corporate crime before it occurs and addressing misconduct when it does occur.” The DOJ’s Corporate Enforcement Policy also encourages “companies to invest in strong compliance functions and to step up and own up when misconduct occurs.” She cited one company that did not have a robust compliance program (or a culture of compliance), Binance, which explicitly communicated its “priorities, telling employees that, when it came to compliance, it was “better to ask for forgiveness than permission.”

In the Foreign Corrupt Practices Act enforcement arena, Argentieri pointed to four cases the DOJ prosecuted over the past 18 months. The companies all entered into corporate resolutions for FCPA violations. This group included Vitol, Glencore, Freepoint, and, most recently, Gunvor. Additionally, the DOJ prosecuted multiple individuals in connection with these cases. She even detailed the multiple bribery schemes involved: “Bribe payments funneled into the pockets of foreign officials through corrupt third-party agents using sham contracts and fake invoices.”

In each organization, there was a decided lack of a culture of compliance. Additionally,  employees exploited gaps in their companies’ internal controls and compliance programs. Personal cell phones and personal email accounts were used, which the organizations seemingly had no access to during the corruption and after the internal investigations. To make payments, internal controls were overridden or ignored to make off-the-books systems not subject to the organization’s standard checks and controls.

Because of the internal control and compliance failures that led to or contributed to the FCPA violations, each of these entities was required to make critical enhancements to their compliance programs to prevent future violations of the FCPA. Argentieri said, “Companies that take forward-leaning steps on compliance will be better-positioned to certify that they have met their compliance obligations at the end of the term of their agreements, as is now required in corporate resolutions with the Criminal Division.”

However, the DOJ’s work done after a settlement with a company is equally important. She clarified that the DOJ will monitor companies after resolution as they make, monitor, and attest to their compliance program and internal controls enhancements. She reported that “twenty-four companies have a market capitalization of more than $1 billion, and 22 are public companies. Over the past decade, hundreds of other companies across a wide range of industries have similarly been subject to compliance obligations in cases brought by the Criminal Division.” This ongoing oversight is not an independent monitorship but to ensure compliance with the resolution documents and to “have a real impact on corporate culture and compliance.”

The DOJ wants good corporate citizens and incentivizes companies to do so in various ways. Beyond enforcement actions are the Evaluation of Corporate Compliance Program (ECCP), the Corporate Enforcement Policy (CEP), the Voluntary Self-Disclosure Program (VSP), and the Compensation Incentives and Clawbacks Pilot Program. Argentieri reported that self-disclosures have increased over the past three years: “In 2023, we received nearly twice as many disclosures as in 2021. We expect this trend to continue as more companies take advantage of the benefits of voluntary self-disclosure and the CEP more generally.”

Argentieri believes that the DOJ has articulated policies that apply transparent criteria for both prosecutors to use and as “guideposts for companies and their counsel to consider when deciding what to do when faced with the prospect of a government investigation. It is a goal of the DOJ “to demonstrate the benefits that await those who voluntarily disclose misconduct.” She concluded this section by stating, “It’s one thing to issue and update policies. It’s another way to change corporate behavior. That is why we track the number of disclosures from companies. I’m proud to announce that early indications are that our policies are bearing fruit.”

Join us tomorrow as we examine how the ECCP, VSD, CEP, and Clawbacks Program have been reflected in recent enforcement actions.

Categories
Blog

Policies and Procedures

There are numerous reasons to put some serious work into your compliance policies and procedures. They are certainly a first line of defense when the government comes knocking. The 2023 ECCP made clear that “Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process.” This statement made clear that the regulators will take a strong view against a company that does not have well thought out and articulated policies and procedures against bribery and corruption; all of which are systematically reviewed and updated. Moreover, having policies written out and signed by employees provides what some consider the most vital layer of communication and acts as an internal control. Together with a signed acknowledgement, these documents can serve as evidentiary support if a future issue arises. In other words, the “Document, Document, and Document” mantra applies just as strongly to policies and procedures in anti-corruption compliance.

The specific written policies and procedures required for a best practices compliance program are well known and long established. According to the 2020 FCPA Resource Guide 2nd edition, some of the risks companies should keep in mind include the nature and extent of transactions with foreign governments (including payments to foreign officials); use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments. Policies help form the basis of expectations for standards of conduct in your company. Procedures are the documents that implement these standards of conduct.

Compliance policies do not guarantee employees will always make the right decision. However, the effective implementation and enforcement of compliance policies demonstrate to the government that a company is operating professionally and ethically for the benefit of its stakeholders, its employees and the community it serves.

There are five general elements to a compliance policy, which should stake out the following:

  • Identify who the compliance policy applies to;
  • Set out the objective of the compliance policy;
  • Describe why the compliance policy is required;
  • Outline examples of both acceptable and unacceptable behavior under the compliance policy; and
  • Lay out the specific consequences for failure to comply with the compliance policy.

The 2023 ECCP went further by requiring an assessment whether a company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations, through a design which is appropriate to the organization, based upon that organization’s assessed risks.

Design––What is the company’s process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time? Who has been involved in the design of policies and procedures? Have business units been consulted prior to rolling them out?

Comprehensiveness––What efforts has the company made to monitor and implement policies and procedures that reflect and deal with the spectrum of risks it faces, including changes to the legal and regulatory landscape?

The 2023 ECCP Evaluation mandated there must be communication of your compliance policies and procedures throughout the workforce and relevant stakeholders such as third parties and business venture partners.

Accessibility––How has the company communicated its policies and procedures to all employees and relevant third parties? If the company has foreign subsidiaries, are there linguistic or other barriers to foreign employees’ access? Have the policies and procedures been published in a searchable format for easy reference? Does the company track access to various policies and procedures to understand what policies are attracting more attention from relevant employees?

Responsibility for Operational Integration––Who has been responsible for integrating policies and procedures? Have they been rolled out in a way that ensures employees’ understanding of the policies? In what specific ways are compliance policies and procedures reinforced through the company’s internal control systems?

Moreover, just as risks evolve, your policies and procedures should evolve. The 2023 ECCP asked the following questions:

  • How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices?
  • Has the company undertaken a gap analysis to determine if particular areas of risk are not sufficiently addressed in its policies, controls, or training?
  • What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries?
  • Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

The bottom line is that the DOJ expects updates to your policies and procedures needed to be reviewed on a regular basis and updated as your risks evolve.

Finally, the 2020 FCPA Resource Guide, 2nd edition, ends its section on policies with the following, “Regardless of the specific policies and procedures implemented, these standards should apply to personnel at all levels of the company.” It is important that compliance policies and procedures are applied fairly and consistently across the organization. Institutional fairness demands that if compliance policies and procedures are not applied consistently, there is a greater chance that an employee dismissed for breaching a policy could successfully claim he or she was unfairly terminated. Moreover, inconsistent application of your policies and procedures will destroy the credibility of your compliance program. This last point cannot be over-emphasized. If an employee is going to be terminated for fudging their expense accounts in Brazil, you had best make sure that same conduct lands your top producer in the U.S. with the same quality of discipline.