Gerry Zack recently attended the OECD 2025 Global Anti-Corruption and Integrity Forum Conference in Paris. I was able to catch up with Gerry about his reflections on the conference. The full interview is found on this episode of the FCPA Compliance Report. This event has long been a cornerstone in the global compliance calendar, and this year’s gathering confirmed what many in the compliance profession already suspected: the expectations for corporate compliance programs are not only rising, but they are expanding in scope, depth, and accountability.
Over several days of panel discussions, roundtables, hallway conversations, and formal presentations, Zack heard from government regulators, corporate leaders, NGO advocates, academics, and frontline compliance professionals. Each brought their perspectives, but the collective message was clear: compliance has matured. It’s no longer a reactive function that kicks into gear when things go wrong. It is a proactive, dynamic, and essential business function that must be embedded throughout the organization, from the boardroom to the back office. Here are Zack’s key takeaways from the conference.
1. Compliance Has Gone Global—And So Have the Regulators
The global nature of risk is not new. However, what is new is the increasing level of coordination and information-sharing among regulators. This year’s Forum showcased how cross-border enforcement is now the norm, not the exception.
Representatives from Brazil, Germany, South Africa, and Indonesia all spoke candidly about their partnerships with international bodies like the OECD Working Group on Bribery, the United Nations Office on Drugs and Crime (UNODC), and national law enforcement agencies including the U.S. Department of Justice and the UK Serious Fraud Office.
Couple this with the task force recently created by the UK, France, and Switzerland, and it creates an undeniable takeaway for the corporate world: Enforcement is no longer local. It is global, coordinated, and deeply interconnected.
This means that compliance teams must have scalable internal controls, third-party risk processes, and applicable investigation protocols across jurisdictions. A weak compliance program in a high-risk country is no longer just a local problem; it is a potential global liability.
2. The Definition of “Compliance Risk” Is Expanding Rapidly
You’re missing the bigger picture if your organization still structures your compliance risk assessment around bribery, fraud, and financial misconduct alone. One of the most notable shifts at this year’s conference was the broadening of the integrity lens.
Some of the key areas compliance professionals are being asked to tackle:
- Human rights violations in supply chains;
- Climate-related disclosure risks;
- Workplace harassment and DEI failures;
- Misinformation and data ethics risks; and
- AI governance and algorithmic bias.
As one panelist from the European Commission aptly said, “Integrity today includes not just what’s illegal but what’s unethical, unsustainable, or irresponsible.”
This evolution presents a golden opportunity for compliance professionals to step into broader leadership roles, working cross-functionally with ESG teams, legal departments, HR, procurement, and IT. However, it also means that risk ownership needs to be clarified. If your risk universe is expanding, your governance model should evolve with it.
3. Real-Time Monitoring and Data-Driven Compliance Are the New Norm
Several sessions at the Forum focused on the power of data analytics and automation in transforming compliance programs. Gone are the days when manual, quarterly sample testing was enough. Today’s compliance function must be continuous, predictive, and digital. Here are some of the key advancements discussed:
- AI-driven due diligence tools that adapt based on geopolitical risk signals;
- Transaction monitoring platforms that flag anomalies in near real-time;
- Natural language processing (NLP) is used to screen internal communications for misconduct indicators and
- Dashboarding that visualizes cultural metrics, training gaps, and hotline responsiveness
One global bank compliance leader shared how their monitoring system identified an uptick in vendor payments in a particular region, triggering a review that uncovered a corruption scheme in its early stages.
The message was clear: if regulators are using data to investigate you, you should be using data to stay ahead of them.
Of course, technology is not a silver bullet; it requires investment, integration, and governance. But the future of compliance will be won by those who use data not just for reporting, but for anticipating risk and enabling the business to act decisively.
4. Culture is No Longer a “Soft” Metric—It’s a Leading Indicator
One of the most powerful sessions I attended focused on measuring and monitoring organizational culture. For years, compliance professionals have been saying, “Culture eats policy for breakfast.” Now, regulators are saying it, too, and they are acting on it.
Several enforcement agencies, including the U.S. DOJ and French AFA have signaled that they now interview employees at various levels during investigations to assess whether a company’s compliance program is truly operational or just a paper tiger. As a compliance professional, you need to move from showing what policies you have in place and procedures to implement them to whether your employees believe in them.
In practice, this means you should use such tools as
- Pulse surveys should become a regular part of your compliance toolkit.
- Behavioral metrics, such as speaking-up rates, bystander intervention, and trust in investigations, matter more than ever.
- Leadership modeling and how your senior managers demonstrate (or fail to demonstrate) ethical conduct will be scrutinized.
In short, culture has become a measurable compliance risk factor. And you need to be able to show not just that you have a positive culture but that you’re tracking it, nurturing it, and improving it.
5. Community Is Compliance’s Secret Weapon
One of the most energizing aspects of the OECD Forum is not just the content; it is the people. Zack walked away from the conference, reminded that compliance professionals do not have to go it alone. Whether you are a seasoned CCO at a multinational or a solo compliance officer at a mid-market company, the challenges we face are surprisingly similar. The OECD Forum reminded me just how powerful our community can be when we share resources, ask hard questions, and commit to learning from each other.
If there is one thing we have all learned over our collective years in the compliance field, it is that the best compliance programs are not built in isolation. They are informed by the wisdom of others, through conferences, working groups, webinars, and yes, even podcasts.
Keep the Conversation Going
After the final session of the OECD Forum, an attendee asked a simple question: “How do we keep this conversation alive after we go back to our companies? ”
The answer is the same one I will leave you with: reach out. Keep the dialogue going. Ask questions. Share what is and perhaps what is not working for you. Stay engaged and connected.
