Tag: Hui Chen

Categories
Blog

Greek Philosophers Week: Part 5 – Euclid and Proving Your Program Is Effective

We conclude our exploration of how ancient Greek philosophers influence compliance and ethics in 2026 and beyond. In this series, we have considered Socrates, Plato, Aristotle, and Pythagoras. Today, we conclude with Euclid.

Pythagoras teaches compliance professionals how to measure, analyze, and detect ethical risk through data, proportion, and pattern recognition. But measurement alone never closes the loop. At some point, regulators, boards, and senior leadership ask a harder question: Can you prove your compliance program actually works? That is where Euclid becomes the natural capstone of this philosophical journey.

Euclid was not concerned with numbers in isolation. He was concerned with structure, logic, definition, and proof. His Elements did not merely describe geometry. It demonstrated how a coherent system is built from first principles, how each part follows logically from the last, and how conclusions are proven rather than asserted. That methodology aligns almost perfectly with modern expectations for compliance program effectiveness under the DOJ Evaluation of Corporate Compliance Programs (ECCP).

If Pythagoras gives compliance professionals the tools to see risk, Euclid shows them how to organize those insights into a defensible, durable system. We also circle back to Hui Chen, the original Corporate Compliance Counsel to the DOJ, who would challenge Chief Compliance Officers (CCOs) and their counsel when they came before the DOJ in settlement negotiations, demonstrating the effectiveness of their compliance programs through data rather than anecdote.

First Principles Are the Foundation of Compliance Credibility

Euclid begins with definitions, axioms, and postulates. He does not assume shared understanding. He defines it. Everything that follows depends on clarity at the start. Many compliance programs struggle precisely because they skip this step. Policies proliferate. Controls multiply. Training expands. Yet foundational questions remain vague. What does ethical behavior actually mean in this organization? What risks are intolerable regardless of business pressure? What decisions require escalation without exception?

The ECCP begins with 3 fundamental questions:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

Throughout the ECCP, the DOJ repeatedly asks whether a compliance program is well designed. That evaluation begins with clarity of purpose and scope. A Euclidean compliance program explicitly defines its terms, principles, and boundaries. Without that clarity, enforcement becomes inconsistent, and explanations to regulators become fragile. In daily operations, this means compliance professionals must insist on precision. Ambiguity is not flexibility. It is a risk.

Logical Structure Is a Compliance Control

Euclid’s brilliance lies in sequencing. Each proposition follows logically from what came before. Nothing is random. Nothing is decorative. The system works because it is internally consistent. Compliance programs often fail this test. Risk assessments do not inform training. Training does not influence monitoring. Investigations do not drive remediation. Each function operates competently, but not coherently.

The ECCP explicitly evaluates whether compliance programs operate as integrated systems rather than as disconnected components, stating, “Ensure the compliance program is well-integrated into the company’s operations and workforce.” Prosecutors want to see feedback loops, escalation pathways, and continuous improvement mechanisms. That is Euclidean thinking applied to compliance. In practice, compliance leaders should be able to explain how a risk moves through the system from identification to mitigation. If that explanation requires hand-waving, the system is not structurally sound.

Proof, Not Assertion, Is the Regulatory Standard

Euclid never asks the reader to trust him. He proves every claim. That lesson may be his most important contribution to modern compliance. Companies often assert that their programs are effective because training is delivered, policies are updated, or hotlines exist. Hui Chen led the charge on this concept when she was the DOJ Compliance Counsel. The ECCP has reiterated Chen’s requirement for evidence, as prosecutors now routinely request proof of effectiveness. How quickly are issues identified? How consistently is discipline applied? How does remediation prevent recurrence?

A Euclidean compliance program is designed to generate proof. Controls are documented. Decisions are recorded. Metrics are reviewed and refined. Effectiveness is demonstrated through data and outcomes, not narrative assurances. This is not about bureaucracy. It is about credibility. When regulators ask how you know your program works, Euclid provides the answer: because the proof is built into the structure.

Precision Enables Fairness and Trust

Euclid’s definitions leave little room for interpretation. In compliance, precision serves a similar function. Clear definitions reduce bias, inconsistency, and resentment. Vague policies create uneven enforcement. Uneven enforcement destroys trust. Employees quickly learn whether rules are real or elastic. The ECCP’s emphasis on consistent discipline reflects this reality. The ECCP states, “Have disciplinary actions and incentives been fairly and consistently applied across the organization?”

Daily compliance operations should therefore prioritize clarity. What constitutes a conflict of interest? What thresholds trigger approval? What timelines govern investigations? Who owns decisions at each stage? Precision protects both the organization and the compliance function. It allows fairness to be demonstrated, not merely claimed.

Systems Must Be Built to Endure

Euclid’s work has endured for more than two millennia because it was built as a system, not a response to a crisis. Compliance programs should aspire to similar durability. Programs that rely on personalities, informal influence, or unwritten norms collapse when leadership changes. The ECCP evaluates whether compliance programs are institutionalized, supported by governance structures, and able to withstand turnover. A Euclidean compliance program embeds ethics into processes, charters, reporting lines, and documentation. Knowledge is transferred. Decisions are repeatable. Improvements are systematic. This durability is not accidental. It is designed.

Why Euclid Completes the Series

Socrates teaches compliance professionals to ask uncomfortable questions. Plato teaches them to design ethical governance structures. Aristotle shows how ethics are lived through habit and judgment. Pythagoras introduces measurement, analytics, and AI. Euclid brings all of it together. He shows how inquiry, governance, behavior, and data become a coherent system that can be explained, defended, and proven. In modern compliance, that is the difference between aspiration and effectiveness.

5 Key Takeaways for the Compliance Professional

1. Compliance programs must be grounded in clear first principles.

Euclid reminds us that systems fail when foundations are vague. Compliance programs should clearly define ethical expectations, risk boundaries, and escalation triggers. The ECCP evaluates whether programs are thoughtfully designed, not merely comprehensive. Clear first principles guide daily decisions, reduce ambiguity, and support consistent enforcement. Without them, controls become reactive, and credibility erodes under scrutiny.

2. Logical integration is a core element of effectiveness.

Disconnected compliance components create blind spots. Euclid teaches that a system works when each part follows logically from the previous one. Risk assessments should drive policies. Policies should inform training. Training should influence monitoring. Investigations should lead to remediation. The ECCP rewards programs that demonstrate this internal logic. Integration is not administrative elegance. It is risk management.

3. Proof of effectiveness must be built into the program.

Assertions no longer satisfy regulators. Euclid’s insistence on proof mirrors the ECCP’s demand for evidence. Compliance programs should be designed to generate data demonstrating timely detection, consistent discipline, and meaningful remediation. When proof is embedded in the system, credibility follows naturally.

4. Precision enables fairness and protects trust.

Clear definitions and thresholds reduce inconsistency and perceived bias. Euclid’s precision offers a model for compliance policies and procedures. The ECCP scrutinizes the fairness of disciplinary proceedings and investigations because trust depends on it. Precision protects employees, managers, and the compliance function alike.

5. Durable compliance programs are designed, not improvised.

Euclid’s work endures because it was built as a coherent system. Compliance programs should aim for the same longevity. Institutionalized governance, documented processes, and structured improvement allow programs to survive leadership changes and regulatory shifts. Durability is a marker of maturity and a signal of seriousness to regulators.

Euclid teaches compliance professionals the final lesson in this series: effectiveness is not claimed. It is demonstrated.

Conclusion

The enduring relevance of the ancient Greek philosophers to modern compliance and ethics lies in their not theorizing in the abstract. They were grappling with the same human pressures that drive misconduct today: power, incentives, rationalization, fear, and convenience. Socrates teaches compliance professionals the discipline of ethical inquiry and the courage to ask uncomfortable questions. Plato shows that values without governance structures are fragile, while Aristotle grounds ethics in habit, judgment, and daily behavior rather than aspiration. Together, they mirror the DOJ’s insistence that effective compliance programs begin with understanding risk, designing systems to manage it, and ensuring those systems operate in practice.

What makes these philosophers especially relevant today is how naturally their ideas align with modern regulatory expectations. Pythagoras anticipates the role of data, analytics, and AI in measuring compliance effectiveness, while Euclid provides the blueprint for structure, precision, and proof that regulators now demand. In an era of complex global operations and heightened enforcement scrutiny, compliance programs succeed or fail based on inquiry, governance, behavior, measurement, and demonstrable effectiveness. The ancient Greeks understood those dynamics long before corporate compliance existed, which is why their lessons remain not only relevant but essential for modern compliance and ethics professionals.

Categories
Blog

Greek Philosophers Week: Part 1 – Socrates and the Asking Questions

I have long wanted to trace the origins of the modern corporate compliance organization back to the ancient Greek philosophers, drawing lessons for compliance and ethics in 2026 and beyond. Today, I begin a five-part series where I do just that. In this series, we will consider Socrates, Plato, Aristotle, Pythagoras, and Euclid. We start with Socrates.

Socrates left no writings of his own. What he left was a method. He believed wisdom began with recognizing what one did not know and then relentlessly testing assumptions through disciplined questioning. That approach maps directly onto the daily work of the compliance professional. Risk assessments, investigations, root cause analysis, culture reviews, and even board reporting all rise or fall based on the quality of the questions asked.

Every effective compliance program begins with a question. Not a policy. Not a control. Not a dashboard. A question. That insight alone makes Socrates the right place to start any serious discussion about the influence of ancient Greek philosophy on modern corporate compliance and ethics programs.

The Department of Justice’s Evaluation of Corporate Compliance Programs (ECCP) does not use the word “Socratic,” but its expectations are unmistakably aligned with Socratic inquiry. Prosecutors repeatedly ask whether a company understands its risks, tests its assumptions, challenges its controls, and adapts when reality changes. A compliance program that does not ask hard questions is not mature. It is merely quiet. Indeed, Hui Chen, the author of the original ECCP, has said that a key purpose of the ECCP was to get compliance professionals to ‘ask questions’.

Ethical Inquiry as a Compliance Obligation

Socrates believed that unexamined beliefs were dangerous. He challenged Athenian leaders not because he enjoyed disruption, but because false confidence creates harm. In a corporate setting, the same risk exists when executives assume that a policy equals compliance or that training completion equals ethical behavior.

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?
  3. Does the corporation’s compliance program work in practice?

These questions are fundamentally Socratic. It demands inquiry into how the business actually operates, where pressure points exist, and how misconduct could realistically occur. A compliance function that accepts management narratives at face value fails this test.

Daily compliance operations depend on this discipline. When reviewing third-party relationships, a Socratic compliance officer does not ask whether due diligence was performed. They ask whether it was sufficient, whether red flags were rationalized, and whether business incentives distorted judgment. That is inquiry, not administration.

Challenging Assumptions Without Becoming the Enemy

Socrates was executed because his questioning made powerful people uncomfortable. Compliance professionals face a less dramatic, but no less real, version of that tension. The role requires challenging assumptions, even when doing so slows deals, complicates reporting lines, or disrupts revenue projections.

The ECCP specifically evaluates whether a corporate compliance function has sufficient staff to audit, document, analyze, and utilize the results of the corporation’s compliance efforts. Prosecutors should also determine “whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it. Does the company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated.”

Those structural questions exist because DOJ understands that inquiry without protection is performative. If compliance professionals cannot safely ask uncomfortable questions, the program is cosmetic.

In daily operations, this plays out in subtle ways. Does compliance have the authority to pause a transaction? Can investigators follow evidence wherever it leads? Are audit findings welcomed or explained away? A Socratic approach demands that compliance leaders test these realities rather than assume the answer.

The Socratic Method in Investigations and Root Cause Analysis

Socrates did not accept the first answer offered. He pushed deeper, often exposing contradictions or incomplete reasoning. That approach is directly applicable to investigations and root cause analysis. The ECCP places significant emphasis on whether companies understand why misconduct occurred and whether remediation addresses underlying causes. Too many investigations stop at identifying who violated a policy. Echoing Jonathan Marks, Socratic investigation asks why the violation made sense to the individual at the time. What pressures existed? What incentives misaligned behavior? What controls failed or were bypassed?

This type of inquiry requires patience and courage. It also involves trust from leadership. Findings may implicate management decisions, cultural signals, or compensation structures. Socrates reminds us that truth-seeking is rarely comfortable, but it is essential to ethical improvement.

Culture Is Revealed by the Questions You Allow

Socrates believed that a society’s health could be measured by its openness to questioning. The same is true for corporate culture. The questions employees feel safe asking reveal more than any values statement. The ECCP now explicitly asks companies to explain how they measure and address culture. The ECCP states, “Prosecutors should also assess how the company has leveraged its data to gain insights into the effectiveness of its compliance program and otherwise sought to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” Surveys, hotline data, and exit interviews are tools, but they are meaningless without inquiry. Key questions include: Are employees encouraged to speak up? Are concerns investigated thoroughly? Are outcomes communicated? Is retaliation punished?

In daily compliance practice, this means listening as much as enforcing. A Socratic compliance program does not treat employee concerns as noise to be managed. It treats them as data points to be explored. The quality of questions asked in response to a report often determines whether trust is strengthened or destroyed.

5 Key Takeaways for the Compliance Professional

1. Effective compliance begins with inquiry, not documentation.

A compliance program does not become effective simply because policies exist or training is completed. Effectiveness begins when compliance professionals consistently ask how misconduct could realistically occur within their organization. This requires challenging business assumptions, pressure points, and incentive structures. The ECCP repeatedly emphasizes the importance of understanding risk in context, which is impossible without disciplined questioning. A Socratic approach positions inquiry as an operational obligation, not an intellectual exercise, ensuring the program remains dynamic, responsive, and grounded in reality rather than formalism.

2. Risk assessments are living Socratic exercises, not static reports.

Too many organizations treat risk assessments as periodic documentation rather than ongoing inquiry. A Socratic risk assessment tests assumptions continuously as business models, geographies, and incentives evolve. Compliance professionals should revisit risk hypotheses, ask whether controls still function as intended, and challenge comfort-driven conclusions. Under the ECCP, regulators expect risk assessments to inform program design and resource allocation. Socratic inquiry ensures risk assessments remain relevant, credible, and capable of identifying emerging threats before they mature into enforcement issues.

3. Investigations must pursue understanding, not merely attribution.

Identifying who violated a policy is rarely sufficient to prevent recurrence. A Socratic investigation asks why the misconduct occurred, what pressures or incentives influenced behavior, and how organizational systems failed. This aligns directly with the ECCP’s focus on root cause analysis and remediation. When compliance professionals ask deeper questions, investigations become tools for program improvement rather than disciplinary endpoints. This approach strengthens controls, enhances credibility with regulators, and reduces the likelihood of repeat misconduct driven by unresolved systemic weaknesses.

4. Speak-up culture is defined by response quality, not hotline volume.

Organizations often measure speak-up culture by the number of reports received, but Socrates teaches that the real measure lies in how questions are received and addressed. Employees quickly learn whether raising concerns leads to thoughtful inquiry or defensive dismissal. The ECCP evaluates whether companies encourage reporting, protect against retaliation, and communicate outcomes appropriately. A Socratic compliance function listens carefully, asks clarifying questions, and treats concerns as signals worth examining. That discipline builds trust and reinforces ethical accountability across the organization.

5. Socratic questioning requires independence, authority, and protection.

Inquiry without authority is performative. Socrates paid the ultimate price for challenging power, but modern compliance professionals should not. The ECCP explicitly assesses whether compliance functions have sufficient independence, resources, and access to leadership. Without these safeguards, difficult questions go unasked or unanswered. A Socratic compliance program empowers professionals to challenge decisions, pause transactions, and escalate concerns without fear of retaliation. That structural support transforms ethical inquiry from individual courage into institutional practice.

From Socrates to Plato: From Inquiry to Structure

Socrates gives us the starting point. He teaches the compliance professional how to think, question, and resist complacency. But inquiry alone is not enough. Questions must eventually lead to structure, governance, and systems that translate insight into action.

That transition sets the stage for Plato. Where Socrates focuses on method, Plato focuses on design. The movement from Socrates to Plato mirrors the evolution of a compliance program itself, from asking whether risks exist to building governance structures capable of addressing them. In that sense, Socrates is the conscience of the compliance function. He reminds us that effectiveness begins with intellectual honesty and ethical curiosity. Without those traits, even the most sophisticated compliance architecture will rest on shaky ground.

Join us tomorrow for Part 2 and learn about Plato’s role in today’s compliance and ethics programs.

Categories
SBR - Authors' Podcast

SBR-Author’s Podcast: Upping Your (Compliance) Game

Welcome to the SBR-Authors Podcast! In this podcast series, host Tom Fox visits with authors in the compliance arena and beyond. Today, the tables are turned as Caitlyn Tobey and Ellen Hunt from The Seven Elements Compliance Book Club host Tom to talk about his most recent book, Upping Your Game.

They explore how AI and machine learning can transform compliance operations, turning them into strategic business functions. He discusses the operationalization of compliance, the importance of integrating ethics into business practices, and the role of AI in enhancing the effectiveness of compliance. Notable examples, such as Wells Fargo’s use of AI in compliance and the concept of compliance by design, demonstrate how technology can facilitate more efficient business processes and foster a proactive compliance culture.

Key highlights:

  • Reframing Compliance in the Trump Era
  • The Role of AI in Compliance
  • Ethics and Compliance: A Strategic Partnership
  • Challenges and Risks of AI in Compliance
  • AI Chatbots in Compliance

Resources:

Upping Your Game on Amazon.com

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance – Culture. Data. Ethics with Hui Chen

Hui Chen is a luminary in the world of Ethics and Compliance, and she is our guest on today’s episode of Great Women in Compliance. Today, Hui is one of the co-founders of CDE Advisors, which stands for “Culture. Data. Ethics.”

Most of us know Hui from her work at the Department of Justice (DOJ) and her contributions to the Evaluation of Corporate Compliance for the Fraud Section. However, my career path included being a prosecutor, in-house compliance work, and even being inspired to pursue a Master’s degree in Divinity after the 9/11 attacks.

Hui discusses the origins of the ECCP and her perspective on its current use. She also discusses the opportunity in the “FCPA pause” and how organizations can broaden their ethical considerations beyond foreign bribery to focus on relationships with all stakeholders. She discussed how the focus on regulatory guidance, particularly on bribery outside the United States, is just one of many areas to consider as a compliance professional. 

She also offers practical advice based on her experiences working with global compliance functions and the lessons she has learned.

Categories
Blog

Compliance Stands at the Turning Point

As compliance professionals, we are at a turning point. We either embrace the opportunity that Trump has presented us, or our professionals will be consigned to an organization’s technical back office function. AI is not merely an intriguing possibility for tomorrow; it has become the reality of today’s compliance landscape. From predictive analytics to behavioral monitoring, embedded compliance education, and conversational chatbots, AI is fundamentally reshaping the compliance function. Organizations that embrace this revolution achieve greater operational efficiency and risk management and position themselves as ethical leaders in an increasingly complex and demanding regulatory world.

AI is now indispensable to robust compliance practices. Yet, technology itself is not the endpoint. Instead, AI is the catalyst driving compliance teams from reactive, check-the-box mentalities toward proactive, strategic, and culturally embedded roles. It empowers compliance to engage employees at every organizational level in real-time, turning passive observers into active participants in cultivating an ethical business culture.

Consider third-party risk management, historically burdened by static, manual reviews and periodic due diligence. AI-driven predictive analytics and blockchain-backed transparency have emerged as game-changing technologies, continuously evaluating third parties, rapidly identifying emerging risks, and automating enforcement actions through smart contracts. There are documented and substantial benefits of reducing compliance risk, enhancing commercial efficiency, and minimizing legal exposure. AI fundamentally alters the equation, enabling compliance teams to achieve real-time transparency and responsiveness unimaginable a decade ago.

In continuous monitoring, Andrew McBride’s compelling vision of compliance as the “Holy Grail” reveals a future already upon us, where AI synthesizes vast datasets from internal transactions to communications, pinpointing anomalies with unprecedented precision. Real-time monitoring, once aspirational, is now achievable, providing compliance teams the agility to act swiftly and decisively. The necessity of integrating such systems has grown urgent, underscored by regulators like the DOJ, whose 2024 Evaluation of Corporate Compliance Programs explicitly cites real-time analytics as integral to compliance excellence.

Yet, the transformative power of AI extends beyond risk mitigation alone. The most profound innovation lies in compliance education. Long constrained by rigid formats and yearly box-checking exercises, today’s compliance training leverages AI and gamification, transforming learning into immersive, personalized experiences. Microlearning and scenario-driven simulations have replaced passive information absorption with active, ongoing engagement. This approach embeds compliance principles into daily workflows, reinforcing knowledge when employees need it. Vorecol’s striking revelation that virtual reality can enhance knowledge retention by up to 75% illustrates how transformative these approaches have become. Compliance training is now an integrated, real-time, strategic advantage rather than a peripheral, periodic chore.

Behavioral analytics offer another revolutionary dimension. By analyzing employee behavior, survey data, and internal communications in real-time, compliance teams can proactively identify cultural risks and implement targeted interventions. Albemarle’s practical experience clearly demonstrates how behavioral analytics foster cross-functional collaboration, prioritize data accessibility, and engage leadership through meaningful insights. By shifting from reactive enforcement to proactive culture shaping, compliance professionals using behavioral analytics are empowered to create resilient, ethically robust organizations.

But perhaps nothing epitomizes AI’s immediacy and practicality better than compliance chatbots. As seen through HSBC’s deployment of the ORRA chatbot, AI-driven conversational agents significantly streamline compliance operations. Employees worldwide gain instant access to precise policy guidance, effectively embedding compliance within everyday business interactions. Chatbots address queries consistently and escalations intelligently and provide compliance teams invaluable insights through analytics. This example illustrates the operational efficiencies achievable through AI and emphasizes the strategic potential of embedding AI tools within an organization’s digital fabric.

Yet, as we embrace these technological innovations, we must heed critical lessons:

  • Data Quality and Ethical Management: AI’s effectiveness depends on rigorous data governance, ensuring unbiased and comprehensive training data. Ethical use of AI must remain a core commitment, upholding transparency, fairness, and privacy in all deployments.
  • Continuous Human Oversight: AI systems require ongoing human judgment. Compliance professionals must remain closely engaged, providing nuanced oversight and strategic decision-making, particularly in complex ethical scenarios that algorithms alone cannot resolve.
  • Strategic Scalability and Agility: Implement AI solutions with future growth in mind, prioritizing adaptable, scalable technologies that swiftly adjust to emerging regulations and evolving compliance needs.
  • Robust Cross-Functional Collaboration: Successful AI integration demands proactive partnerships across compliance, legal, IT, HR, procurement, and business units. Shared accountability and mutual understanding amplify AI’s impact across the organization.

AI is not replacing compliance professionals—it is empowering them. Our roles shift from manual oversight and routine administrative tasks to strategic leadership, advanced risk anticipation, and deep organizational influence. As compliance programs increasingly leverage predictive analytics, continuous monitoring, conversational AI, and behavioral insights, compliance officers must evolve into visionary strategists who guide their organizations confidently through complex ethical landscapes.

Ultimately, the embrace of AI is a strategic imperative for sustainable success. Organizations slow to adopt these innovations risk falling behind, both operationally and ethically. Meanwhile, forward-thinking compliance teams leveraging AI gain operational advantages and reputational distinction as leaders in responsible, transparent business practices.

Let the insights shared throughout this book be a clarion call. The future of corporate compliance is proactive, predictive, personalized, and powered by AI. This is our new compliance normal. The opportunities are limitless for compliance professionals ready to adapt, innovate, and lead.

The future is now. Embrace AI, embed compliance into every business operation, and lead your organizations confidently toward enduring ethical excellence.

Hui Chen, perhaps the most respected commentator in the compliance arena, has challenged us: “The pause on FCPA enforcement is not a crisis; it is an opportunity to lead with culture, data, and ethics.” Let us all embrace that opportunity.

Categories
Upping Your Game

Upping Your Game: Episode 1 – Meeting Hui Chen’s Challenge

In February, the Trump Administration suspended investigations under and enforcement of the FCPA. Many compliance professionals have since wondered what this will mean for corporate compliance programs going forward. Hui Chen challenged compliance professionals with “It’s time to up your game.”

This podcast series, sponsored by Ethico and co-hosted with Ethico co-CEO Nick Gallo, hopes to meet Hui Chen’s challenge for compliance professionals. We will discuss how compliance professionals can ‘Up Their Game’ using currently existing Generative AI (GenAI) tools to improve compliance programs dramatically. As compliance professionals, it is critical to recognize that this moment is not merely about incremental improvements but about elevating our profession to an entirely new level of effectiveness, efficiency, and organizational value.

In the inaugural episode of ‘Upping Your Game,’ co-hosts Tom Fox and Nick Gallo, co-CEO at Ethical, discuss the future of compliance and risk management. They explore the need for compliance professionals to evolve by integrating AI and focusing on creating business value. The conversation covers the importance of the user experience (UX), the employee and third-party experience (CX), and the shift towards a proactive and predictive compliance program. Real-world examples, such as Citibank’s use of AI for compliance, illustrate how technology can enhance compliance programs. The episode emphasizes the crucial role of compliance in risk management and the potential for professionals to elevate their impact within organizations.

Key highlights:

  • The Spark Behind ‘Upping Your Game’
  • The Role of AI in Compliance
  • Evolving Compliance to Business Value
  • The Human Experience in Compliance
  • Risk Management and Future Outlook

Resources:

Upping Your Game: How Compliance and Risk Management Move to 2030 on Amazon.com

Nick Gallo on LinkedIn

Ethico

Check out the Ethico White Paper on the Introduction to Upping Your Game, click here.

Tom Fox

Instagram

Facebook

YouTube

Twitter

Categories
Blog

Stepping Up and Stepping Forward: The Future of Compliance in an Age of AI and Deregulation

The world of compliance took a surprising turn this February with the Executive Order issued by the President suspending FCPA investigation and enforcement. This was followed in short order by the dismissal, after six years of prosecution, of the two ex-Cognizant Technology executives charged with paying or authorizing the payment of bribes in that case. It now appears that both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA units will be eviscerated and even shut down by the Administration. These significant legal rollbacks have ignited a series of conversations about the very essence and future of the compliance profession. As compliance professionals, many of us are left pondering, where exactly does compliance go from here?

I recently discussed this topic on the Compliance into the Weeds podcast with Matt Kelly, reflecting on his insights from a compliance event held in Boston he wrote about in a blog post in Radical Compliance. Matt highlighted a prevalent unease among compliance officers, underpinned by two primary concerns: the potential redundancy of compliance roles due to relaxed regulatory scrutiny and the impact of advancing technology, particularly AI, on compliance functions.

First, tackle the issue of regulatory rollback. The Trump administration has shown a clear inclination toward scaling back certain regulatory requirements, warranted or not. But there is a critical takeaway. It is not 2010, at the modern beginnings of compliance; it is 2025, and compliance is fundamentally different from what it was 15 years ago. Compliance practices and ethics programs have become deeply integrated into business operations, creating intrinsic value that transcends mere regulatory requirements. These practices have proven essential not only for managing regulatory risk but also for effectively managing broader business risks, operational efficiency, and corporate reputation.

Yet, despite the embedded nature of compliance in modern corporations, there’s a troubling scenario Matt outlined based on a keen observation from Kristy Grant-Hart. Could compliance functions gradually be absorbed by other departments? Could compliance tasks like hotline management drift toward HR, regulatory compliance fall into the hands of the legal department, and privacy compliance become the responsibility of IT security? Unfortunately, this scenario is not entirely implausible. Some short-sighted organizations might indeed take this fragmented route, viewing it as an opportunity to reduce headcount and costs.

Both Matt and I agree this is a dangerous and ultimately costly path. Fragmenting compliance capabilities across departments risks creating silos, precisely what compliance professionals have spent years fighting against. Silos impede effective communication and cloud transparency and hinder the swift, coordinated responses necessary to manage risk in today’s complex business environments. In short, this fragmentation threatens operational integrity, compliance effectiveness, and, ultimately, corporate profitability.

Instead of retrenching, compliance professionals must seize this uncertain moment as an opportunity. This is a time to demonstrate conclusively how compliance adds tangible business value beyond regulatory mandates. Hui Chen beautifully articulated this sentiment in her insightful blog post, urging compliance leaders to elevate their roles proactively. Chen recommends re-evaluating and broadening our compliance messaging, enhancing engagement with leadership, and demonstrating the clear business value compliance delivers to the organization.

Now, when we look at technology, particularly AI, there is palpable excitement and understandable anxiety within our compliance community. AI presents both extraordinary potential and a perceived threat. The crux of the concern is straightforward: could AI replace human compliance professionals?

AI undoubtedly enhances compliance capabilities significantly; it empowers us to manage larger, more complex data sets, swiftly identifies risks, automates repetitive compliance tasks, and enriches our analytical capabilities. But here’s the fundamental truth: AI requires a “human in the loop.” Human oversight, nuanced judgment, ethical considerations, and strategic thinking cannot, and should not, be outsourced entirely to algorithms.

Moreover, AI is not a threat but a tool that amplifies the effectiveness of compliance officers. Compliance professionals should proactively harness AI to enhance third-party risk management, improve whistleblower and speak-up programs, conduct more nuanced behavioral analytics, and streamline compliance training and communication. AI is here to augment, not eliminate, the vital role of the compliance officer.

Short-sighted individuals will always view AI as a cost-cutting opportunity. These individuals might attempt to unravel compliance functions, dispersing responsibilities across various departments supported by AI, thereby undermining the coherent strategic value a centralized compliance function provides.

Our response as compliance professionals should be unequivocal; robust compliance management and risk assessment capabilities are more critical now than ever. Compliance functions must remain centralized and strategic, leveraging technology to enhance rather than dilute their impact. We must clearly demonstrate to senior management how a strong, unified compliance function, bolstered by advanced technologies like AI, not only ensures regulatory compliance but actively strengthens operational resilience, business efficiency, and profitability.

In closing, Matt and I both agree these are indeed challenging and uncertain times for the compliance profession. However, they also represent a profound opportunity for growth and innovation and demonstrate the indispensable value compliance brings to businesses. Compliance professionals must rise to this challenge, proactively shaping the future rather than passively waiting for it to unfold.

As Matt aptly concluded, and I echo wholeheartedly, “I would bet on the durability of the ethics and compliance profession every day of the week.” I would only add that now is unquestionably the moment for compliance to step forward confidently, embracing innovation and clearly demonstrating its value as a strategic partner in business success.

Categories
Creativity and Compliance

Creativity and Compliance – Upping Your Compliance Game

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection—they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible. In this episode of Creativity and Compliance, Tom Fox and Ronnie Feldman take up the challenge handed down by Hui Chen in light of the administration’s suspension of FCPA enforcement to up their compliance game.

Ronnie begins by advocating for a transformation in compliance training, suggesting a shift from traditional e-learning methods to engaging communication campaigns emphasizing a Speak Up Culture and seamlessly integrating compliance into daily business operations. He believes that by using short, entertaining formats and training leaders to present content playfully, compliance can become more interesting and effective, positioning compliance professionals as valuable assets through proactive engagement and collaboration. Tom underscores the importance of compliance professionals being approachable and communicative, serving as problem solvers who collaborate with business units to achieve unexpected, beneficial outcomes. Both experts agree that by humanizing the compliance function and focusing on values and behaviors, compliance professionals can enhance their programs and contribute significantly to organizational success.

Key highlights:

  • Engaging Communication Campaigns for Compliance Training
  • Strategic Communication for Compliance Professionals
  • Cultivating Proactive Compliance Culture through Training Programs
  • Strategic Engagement for Compliance Professionals

Resources:

Ronnie

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets” these 90-second commercials address misconceptions and excuses to promote speak up culture and the E&C team as positive and helpful.
  • E&C Training Jams – a soulful singer banters with ethics & compliance explaining policies, sharing examples and debunking excuses. 
  • Tales from the Hotline – Real speak up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Creativity and Compliance was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
Blog

Upping Your Compliance Game, Part 1 – The Business Case for Compliance: How Ethics and Compliance Drive Profitability

The Trump Administration has suspended FCPA enforcement for the foreseeable future. What does that mean for compliance professionals? Hui Chen has suggested this should be seen as an opportunity for compliance, but to do so, “It’s time to up your game . . . Instead of selling insurance for FCPA enforcement, become leaders that help your organizations perform.” Based on this challenge by the most imminent compliance commentator, I will devote this week’s blog posts to ways compliance professionals can up their collective game. Today, I demonstrate that effective compliance equates to more efficient business processes and great Return on Investment (ROI).

We are now at a point where sufficient data, academic research, and real-world case studies make one thing abundantly clear: a strong ethics and compliance program is not just good for business; it can now be seen as a driver of profitability. While compliance has long been seen as a necessary cost of doing business, organizations that take compliance seriously have discovered a competitive advantage hidden in plain sight.

The Ethics Premium: Data-Driven Proof of Compliance ROI

For the past 15 years, Ethisphere has collected data on its World’s Most Ethical Companies awards, and the results are telling. Companies that earn this designation consistently outperform their peers in stock market performance. Ethisphere refers to this as the “Ethics Premium.” Ethisphere Executive Vice President Erica Salmon Byrne has stated, “In tracking how the stock prices of publicly traded honorees compare to the U.S. Large Cap Index, we found that listed World’s Most Ethical Companies outperformed the large cap sector.”

In 2010, that performance gap was 4.5%. By 2020, the number had surged to 13.5%. Ethical businesses are not only surviving but thriving in competitive markets. The message is simple: investors, customers, and stakeholders place greater value on companies with strong ethical foundations, and the market rewards those companies accordingly.

Academic Research Supports Compliance as a Profit Driver

Beyond market trends, academic research backs up the claim that compliance is a value generator. George Serafeim and Paul M. Healy, in their paper An Analysis of Firms’ Self-Reported Anti-Corruption Efforts, found that companies with robust compliance programs perform better financially in high-risk, corruption-prone countries than those with weaker programs.

One of their key findings was that companies without strong compliance frameworks, despite high sales in these markets, experienced a negative Return on Equity (ROE) of between 24% and 30%. In contrast, companies that invested in compliance infrastructure were better equipped to navigate challenging business environments, sustain long-term growth, and protect shareholder value.

This research reinforces that compliance isn’t just about avoiding fines or regulatory scrutiny—it’s about building a business model that can weather uncertainty and thrive in complex global markets.

Real-World Example: How Compliance Data Drove Profitability

Numbers and research are compelling, but nothing drives the point home like real-world success stories. One such example comes from a company operating in a high-risk FCPA jurisdiction. As part of its compliance initiatives, the company conducted a fraud risk analysis on business development spending related to gifts and entertainment to identify patterns of improper spending and mitigate corruption risks.

Unexpected Findings and a New Compliance Strategy

Without prior approval, the company had a strict $75.00 cap on gifts and entertainment spending. The analysis examined traditional fraud indicators, such as:

  • Split receipts are designed to circumvent the spending limit.
  • Transactions clustered just below the approval threshold.
  • Aggregate spending on individual government officials by multiple salespeople.

However, the results yielded an unexpected insight: spending patterns revealed two distinct thresholds:

  • Data Point A: The minimum spend required to close a deal successfully.
  • Data Point Z: A limit beyond which no additional spending would influence a sale.

Armed with this insight, the company implemented a new policy. Sales teams were required to meet the threshold of Data Point A but were prohibited from exceeding Data Point Z. This simple compliance-driven adjustment had a massive impact:

  1. Immediate Cost Savings: Sales teams stopped wasting money on futile attempts to win business past a certain spending level.
  2. Operational Efficiency Gains: By recognizing when a sale was unlikely to close, sales professionals could pivot more quickly, reducing the overall sales cycle time and improving productivity.

The result? The company eliminated unnecessary expenses and increased overall business unit profitability—all thanks to insights derived from a compliance analysis.

Compliance as a Business Efficiency Tool

This case study is the perfect example of how compliance, when approached strategically, can improve efficiency and profitability. The same principles can be applied across other business functions:

  • Quote-to-Cash (QTC) Sales Cycle: Compliance insights can optimize contract approvals and improve revenue recognition.
  • Procure-to-Pay (P2P) Procurement Cycle: Compliance controls can prevent fraud and enhance supplier negotiation strategies.
  • Third-Party Risk Management: Effective compliance due diligence can reduce supply chain disruptions and improve vendor relationships.

When compliance is embedded within key business processes, it ceases to be a regulatory checkbox and instead becomes a powerful tool for operational excellence.

Reframing the Compliance Conversation: From Cost Center to Profit Generator

Compliance has been considered an overhead expense for years—necessary but not necessarily value-generating. The data, research, and case studies tell a different story. Compliance is not just about avoiding legal trouble; it’s about making smarter business decisions that enhance long-term sustainability.

To reframe the conversation, compliance professionals should:

  1. Leverage Data: Use metrics and research to quantify the financial benefits of ethical business practices.
  2. Tell Compelling Stories: Highlight real-world examples of how compliance has improved profitability and efficiency.
  3. Engage Business Leaders: Collaborate with finance, operations, and sales teams to position compliance as a business enabler rather than a regulatory burden.

The Bottom Line

Ethical companies perform better. Research proves it, and real-world success stories validate it. Businesses that invest in compliance don’t just protect themselves from regulatory risk—they position themselves for sustained profitability and competitive advantage.

It is time for compliance leaders to own this narrative. Compliance is not simply about avoiding penalties; it’s a strategic asset that drives business success. The next time you’re asked to justify your compliance budget, do not just talk about risk; talk about ROI. In today’s world, ethics and profitability go hand in hand.

Categories
Daily Compliance News

Daily Compliance News: February 12, 2025, The Hui Chen on Bondi Memo Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Buyer’s remorse in Minnesota. (WSJ)
  • Hui Chen weighs in on Bondi Memo. (Law360sub req’d
  • Ethics programs are more than simply compliance. (Forbes)
  • A green light for corruption. (FT)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the FCPA Survival Guide on Amazon.com.