Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
In this roundtable episode, Sarah Hadden and Ellen M. Hunt explore the real art of workplace investigations with guests Lloydette Bai-Marrow and Onyinye Asala-Olojola through these three lenses:
If you are looking for expert advice on how to increase the value of workplace investigations to your organization, tune in on your favorite podcast platform, on Corporate Compliance Insights, and the Compliance Podcast Network
#WorkplaceInvestigations #RootCause #CorrectiveMeasures #Retaliation #EthicalLeadership
Corporate compliance professionals spend a lot of time talking about controls, training, third parties, and investigations. Yet the hard truth is that the most important control environment sits above all of that: leadership behavior and the culture it creates. That is why this NASA investigation report on the Boeing CST-100 Starliner Crewed Flight Test (CFT) is such a useful case study. It is a technical report, to be sure. But it is also a cultural, leadership, and governance report. NASA’s bottom line is unambiguous: technical excellence and safety require transparent communication and clear roles and responsibilities, not as slogans, but as operating requirements that must be institutionalized so safety is never compromised in pursuit of schedule or cost.
If you are a Chief Compliance Officer, General Counsel, or business leader, you should read this report the way you read an enforcement action. Not to gawk. Not to assign blame. But to harvest lessons for your own organization before you have your own high-visibility close call.
The incident(s) that led to the report
The CFT mission launched June 5, 2024, as a pivotal step toward certifying Starliner to transport astronauts to the International Space Station. It was planned as an 8-to-14-day mission but was extended to 93 days after significant propulsion system anomalies emerged. Ultimately, the Starliner capsule returned uncrewed, while astronauts Barry “Butch” Wilmore and Sunita “Suni” Williams returned aboard SpaceX’s Crew-9 Dragon in March 2025. In February 2025, NASA chartered a Program Investigation Team (PIT) to examine the technical, organizational, and cultural factors contributing to the anomalies.
The report describes four major hardware anomaly areas, including Service Module RCS thruster fail-offs that temporarily caused a loss of 6 Degrees of Freedom control during ISS rendezvous and required in-situ troubleshooting to recover enough capability to dock, a Crew Module thruster failure during descent that reduced fault tolerance, and helium manifold leaks where seven of eight Service Module helium manifolds leaked during the mission. The PIT further determined that the 6DOF loss during rendezvous met criteria for a Type A mishap (or at least a high-visibility close call), underscoring how close the program came to a very different ending.
That is the “what.” For compliance professionals, the “so what” is that NASA did not treat this as a purely engineering problem. It treated it as an integrated system failure, in which culture and leadership either reduce risk or magnify it.
Lesson 1: Decision authority is culture, not paperwork
One of the report’s clearest threads is that fragmented roles and responsibilities delayed decision-making and eroded confidence. In the compliance world, unclear decision rights become the breeding ground for “informal governance”: private conversations, end-runs around committees, and decisions that are never fully documented. Over time, that becomes a shadow-control environment that your policies cannot touch.
Compliance action steps
Lesson 2: Transparency is a control, and selective data sharing destroys trust
The report explicitly flags that the lack of data access fueled concerns about selective information sharing. Interviewees described frustration that information could be filtered, selectively chosen, or sanitized, which eroded confidence in the process and people. It also notes reports of questions being labeled “too detailed” or “out of scope” without mechanisms to ensure concerns were addressed. That is the compliance danger zone. When teams believe the narrative matters more than the data, they stop escalating early. They start documenting defensively. They seek safety in silence.
Compliance action steps
Lesson 3: Risk acceptance without rigor becomes “unexplained anomaly tolerance”
NASA calls out “anomaly resolution discipline” and warns that repeated acceptance of unexplained anomalies without root cause can lead to recurrence. That single lesson belongs on a poster in every compliance office. In corporate terms, “unexplained anomalies” are recurring control exceptions, repeat hotline themes, repeated third-party red flags, and audit findings that are “managed” rather than fixed. If leadership normalizes that pattern, it teaches the organization that closure is more important than correction.
Compliance action steps
Lesson 4: Partnerships fail when “shared accountability” is not operationalized
The report emphasizes that shared accountability in the commercial model was inconsistently understood and applied. It also notes that historical relationships and private conversations outside formal forums created perceptions of blurred boundaries, favoritism, and lack of objectivity, whether or not those perceptions were accurate. Compliance teams have seen this movie. Think distributors, joint ventures, outsourced compliance support, and major technology partners. If accountability is shared in theory but siloed in practice, something will fall through the cracks. Usually, it falls right into your lap when regulators arrive.
Compliance action steps
Lesson 5: Burnout is a risk factor, and meeting chaos is a governance failure
The report’s recommendations recognize the operational reality: high-pressure environments can degrade decision quality. It calls for “pulse checks,” rotation of high-pressure responsibilities, contingency staffing, and time protection for deep work to proactively address burnout and improve decision-making under mission conditions. Compliance professionals should take that to heart. Crisis cadence is sometimes unavoidable. Permanent crisis cadence is a leadership choice. And it carries predictable consequences: shortcuts, missed details, weakened documentation, and poor judgment.
Compliance action steps
Lesson 6: Accountability must be visible, not performative
NASA does not bury the human dimension. The report contains leadership recommendations to speak openly with the joint team about leadership accountability, including concurrence with the report and reclassification as a mishap, and to hold a leadership-led stand-down day focused on reflection, accountability concerns, and rebuilding trust. For corporate leaders, this is where trust is won or lost after a crisis. Employees can tolerate a hard outcome. They struggle to tolerate spin. If your organization communicates externally with confidence but internally with vagueness, your culture learns the wrong lesson: optics first, truth second.
Compliance action steps
Lesson 7: Trust repair requires a plan, not a pep talk
One of the most useful artifacts in the report is a sample Organizational Trust Plan. It sets a goal to rebuild trust by establishing clear expectations, open accountability, and shared commitment to safety and mission success. It includes objectives around transparent communication, acknowledging past challenges, reinforcing shared values, and structured engagement. It then lays out action steps: leadership engagement, facilitated sessions, outward expressions of accountability, teamwide rollout, training and coaching, and communication through a written plan and regular updates.
That is exactly the kind of operational discipline compliance leaders should bring to culture work. Culture does not change because someone gives a speech. Culture changes when the organization changes how it makes decisions, treats dissent, and follows through.
Five key takeaways for the compliance professional
In the end, the Starliner lesson for compliance is simple: controls matter, but culture decides whether controls work when it counts. If leadership cannot run disagreements well, cannot share data broadly, and cannot demonstrate accountability after the fact, the best-written compliance program in the world will fail the moment the pressure rises.
In this conversation, GWIC host Dr. Hemma R. Lomax and Shalini Rajoo explore the critical role of decision rubrics in governance, accountability, and trust, especially in the context of AI. Shalini shares her journey from law to compliance, emphasizing the importance of understanding systems and the impact of leadership on decision-making processes. They discuss how transparency and clarity in decision-making can build trust within organizations and the necessity of responsible AI governance. Practical tips for improving decision quality are also provided, highlighting the importance of self-awareness and critical thinking in leadership.
Takeaways:
Sound bites:
“Systems and rules are not inherently neutral.”
“Transparency in decision making builds trust.”
“Slow is smooth, and smooth is fast.”
Chapters:
00:00 Introduction to Decision Rubrics and Governance
02:55 Shalini’s Journey: From Law to Governance
06:09 The Impact of Systems on Leadership and Accountability
09:09 Transitioning to Compliance and Ethics
11:49 Understanding Decision Rubrics in Compliance
15:06 The Role of Leadership in Decision Making
18:03 Designing Conditions for Effective Decision Making
20:47 The Importance of Transparency in Decision Processes
24:09 Decision Rubrics: Building Trust in Organizations
26:49 AI and Governance: Leadership Infrastructure Failures
29:47 Responsible AI: The Role of Ethics and Compliance
32:55 Practical Tips for Improving Decision Quality
36:00 Conclusion: The Future of Decision Making in AI
Guest Biography:
Shalini Rajoo is the Founder and Principal Consultant of Shalini Rajoo Advisory, LLC, where she partners with organizations to design governance, compliance, and decision-making systems that are resilient, trustworthy, and aligned to real operational pressures. Across more than two decades in law, compliance, HR, and organizational leadership, Shalini has helped companies and leaders move beyond check-the-box frameworks to build structures that embed accountability, clarity, and performance into everyday decisions.
She began her career in South Africa, first as a public prosecutor and then leading regulatory work with the Department of Trade and Industry, collaborating with legislative and executive stakeholders on corporate, competition, and consumer law. After relocating to the U.S., Shalini practiced commercial litigation. She later served as Director of Global Business Conduct for a Fortune 500 company, where she redesigned ethics and compliance systems, led global risk assessments, and championed psychological safety and integrity-based practices.
Today, Shalini’s work centers on helping leaders clarify decision rights, governance architectures, and accountability pathways — especially as organizations adopt AI and automation. She recently spoke at the Opal Group’s Corporate Governance & Ethics in the Age of AI conference, where she reframed AI governance as a leadership-infrastructure challenge rather than a purely technical or compliance one.
The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the leadership failures from Donald Trump and his administration after the killing of Alex Pretti last weekend. This episode has significant editorial commentary.
Matt and Tom critically examine the behavior and leadership failings of Donald Trump and his Administration in the wake of the shooting of Alex Pretti and argue that his approach is far from exemplary for CEOs or business leaders. The discussion highlights the essence of effective leadership as the ability to instill trust and direction, contrasting this with Trump’s history of questionable business acumen and the allegations of his disastrous lying to the American people. The takeaway is that true leadership involves integrity, trustworthiness, and the ability to inspire and guide employees toward a common goal, traits that Trump is argued to lack.
Key highlights:
Resources:
Matt in Radical Compliance
Tom
A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.
Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Angie McPhail to discuss the transformation of compliance from a regulatory function to a strategic business imperative.
Angie shares her professional background, having led the Integrity and Compliance group for the Americas at Juniper Networks before its acquisition by HPE. Key discussions include the evolving role of compliance as a strategic influencer within organizations, the intersection of ethics and integrity with ESG, and the importance of trust in building effective compliance programs. Angie emphasizes the need for compliance professionals to understand business strategy, leverage technology, and build trust to drive sustainable growth. The talk also covers the future outlook for compliance leaders and provides advice on preparing the next generation of compliance professionals.
Key highlights:
Resources:
Angie McPhail on LinkedIn
Innovation in Compliance was recently ranked 4th among Risk Management podcasts by 1,000,000 Podcasts.
Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s episode, Day 10, we dive into the critical role of senior management in fostering a strong corporate culture of compliance.
Key highlights:
Resources:
Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.
Every major compliance failure eventually reaches the same destination: a moment when leadership says, “How did we not see this coming? ” The answer is almost always the same. The warning signs were visible. They were rationalized, minimized, or overridden in the name of performance, continuity, or institutional pride.
The Sherrone Moore crisis at the University of Michigan is not a college football anomaly. It is a case study in how compliance programs fail when they are structurally subordinated, culturally discounted, or selectively enforced. For compliance professionals, the value of this case lies not in outrage but in extraction: extracting lessons that can be operationalized before the next crisis unfolds.
Lesson 1: Compliance Authority Must Be Structural, Not Aspirational
Michigan’s experience demonstrates that access to leadership is meaningless without authority. The compliance function may have been consulted, investigations commissioned, and policies in place. None of that mattered when the athletic department retained de facto control over outcomes. For compliance professionals, the lesson is clear. Compliance must have defined escalation rights and veto authority over high-risk decisions, including promotions, discipline, and crisis response. If a business unit can override compliance based on performance or legacy, compliance is not independent. It is decorative.
The Department of Justice has repeatedly emphasized that effective compliance programs require empowered compliance functions. That empowerment must be written into governance documents, reinforced by boards, and tested in practice.
Lesson 2: Past Dishonesty Is a Permanent Risk Factor
One of the most glaring failures in this case was the organization’s willingness to treat Moore’s prior dishonesty during the sign-stealing investigation as a closed chapter. It was not. It was predictive. Compliance professionals must internalize a hard truth: once credibility is damaged, it does not reset. Individuals who have lied to investigators, deleted records, or misrepresented facts should never again be treated as presumptively reliable. Enhanced monitoring, corroboration, and scrutiny are not punitive. They are risk management.
Organizations that ignore this lesson inevitably relearn it at a higher cost.
Lesson 3: Promotions Are Compliance Decisions
The elevation of Moore to head coach was framed as a football decision. In reality, it was one of the most consequential compliance decisions the university made.
Any promotion into a role with significant authority, visibility, and discretion is a compliance event. Risk-based due diligence should include:
In corporate terms, Michigan promoted an executive with unresolved compliance issues and a clear lack of an ethical grounding into a CEO-equivalent role. That decision alone dramatically increased institutional risk. But the consequences will reverberate for a long time to come.
Lesson 4: Investigations Involving Power Imbalances Require Heightened Standards
The initial investigation into Moore’s relationship with a staffer failed predictably. When both parties denied the relationship and the evidence was limited, the inquiry stalled. That outcome reflects a misunderstanding of power dynamics. Compliance professionals know that power imbalance distorts disclosure. Subordinates may deny relationships out of fear, loyalty, or uncertainty. Senior leaders may deny wrongdoing out of self-preservation. Effective investigations account for this reality by expanding evidence collection, conducting pattern analysis, and implementing interim safeguards.
Neutrality is not passivity. When allegations involve senior leadership, the standard of diligence must rise, not fall.
Lesson 5: Star Performers Are the Highest-Risk Population
One of the most enduring myths in organizational life is that high performers deserve flexibility. In reality, they deserve even greater scrutiny. Star performers operate with autonomy, influence culture, and often shape informal norms. Moore’s trajectory illustrates how repeated exceptions create a sense of entitlement. Each time misconduct is reframed as survivable, the individual learns that boundaries are negotiable. Compliance professionals must relentlessly resist this dynamic.
Rules applied selectively are not rules. They are invitations.
Lesson 6: Pattern Risk Demands Pattern Response
Perhaps the most damning aspect of the Michigan case is that it unfolded amid repeated scandals within the athletic department. When misconduct clusters, the correct response is not incremental fixes. It is a structural intervention. Compliance professionals must recognize pattern risk early and escalate it aggressively. That escalation should include:
Waiting for the next incident is not caution. It is abdication.
Lesson 7: Culture Is Set by What Leadership Tolerates
Michigan’s long-standing deference to athletic success and legacy culture created an environment where misconduct was rationalized rather than confronted. This is not unique to sports. It appears in sales-driven organizations, founder-led companies, and high-growth environments. Culture is not what leadership says. It is what leadership allows. From the Board of Regents to the UM President on down, compliance professionals must evaluate actions, not rhetoric, when assessing culture risk.
Lesson 8: Human Impact Is the Ultimate Compliance Metric
It is easy, especially for lawyers and compliance officers, to focus on policy breaches and enforcement exposure. The Moore crisis is a reminder that compliance failures produce human harm. Families are destabilized. Employees feel unsafe. Stakeholders lose trust. Effective compliance programs exist not only to prevent fines but also to prevent damage. When that purpose is forgotten, compliance becomes performative.
Final Thought: Compliance Is Tested at the Top
The Sherrone Moore crisis did not originate with a junior employee. It originated at the top of a powerful institution. That is where compliance programs are always tested. For compliance professionals, the final lesson is this: if your program cannot stop, slow, or surface misconduct by your most powerful leaders, it will eventually fail when it matters most.
The University of Michigan now faces years of rebuilding trust, governance, and credibility. Compliance professionals elsewhere should treat this case as a warning, not a curiosity. The cost of ignoring these lessons is never hypothetical. It is only deferred. This takeaway is stark but actionable. Compliance failures are rarely a surprise. They are choices made over time. The question for every compliance professional is whether those choices will be challenged early or explained later.
As always, prevention is less visible than a crisis. It is also far less costly.
Resources:
The Terrible Mess at Michigan Football, by Jason Gay, writing in the Wall Street Journal.
Ex-Michigan coach Sherrone Moore charged with home invasion, stalking, breaking—Austin Meek and Sam Jane writing in The Athletic.
Fire Everybody—Alex Kirshner, writing in Slate.
Source: Michigan begins a review of the athletic department, by Dan Wetzel and Pete Thamel, writing for ESPN.
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Jim Massey, who has recently released a new book, Risk in Action.
Jim Massey, an accomplished author and behaviorist practitioner, delves into the intricate dynamics of trust within leadership through his book “Risk in Action.” Drawing from his extensive experience in high-stakes boardrooms and executive sessions, Massey emphasizes the crucial role of trust as a foundation for effective action. He explores the interconnected nature of trust, risk, and fear, urging individuals to redefine risk as a prioritization tool that enables progress and bold decision-making. By addressing these themes, Massey aims to spark vital conversations and empower leaders to embrace uncertainty, ultimately encouraging them to take courageous actions that drive growth and innovation.
Key highlights:
Resources:
Risk in Action on Amazon
Jim Massey Website
Jim Massey on LinkedIn
Eastward.ai Website
Tom Fox
Corporate leaders love to talk about innovation, transformation, and building the future. Yet most organizations still get stuck in the same place: standing at the edge of a decision, staring into the unknown, and doing nothing. At that moment, the hesitation between where we are and where we need to go is the space Jim Massey calls the gap. And in Risk in Action, Massey makes a compelling argument that how leaders approach this gap will define not only their relevance but also their ability to lead in today’s fast-moving environment.
For the corporate compliance professional, this book is more than leadership philosophy. It is a practical guide for making disciplined, values-driven choices under uncertainty. It is also a call to rethink how our organizations confront risk, how we enable decision-making, and how we build systems that do more than slow the business down.
Risk as the Distance Between Now and Next
Early in the book, Massey reframes a concept that compliance professionals often treat as static. Risk, he argues, is not a heat map, a mitigation plan, or a quarterly review. Risk is the distance between where you are and where you want to be. Trust is the bridge. Fear is the fog that makes the crossing difficult (see Chapter 2). That deceptively simple framing is powerful. It exposes why so many organizations fall into oscillation: they mistake movement for progress. More meetings. More decks. More analysis. And yet nothing moves.
We tell ourselves we are being prudent, disciplined, or thorough when in reality we are waiting for fear to subside. Massey does not dismiss the importance of analysis. Instead, he asks leaders to confront their own reflexive relationship with risk. Whether the risk is regulatory, strategic, environmental, or reputational, the greater danger is not action; it is inaction. The world moves quickly. Competitors accelerate. Expectations shift. Standing still is its own risk, and often the most significant one.
Face, Frame, Forward: The Anatomy of Real Decision-Making
The central model in the book—Face, Frame, Forward—offers a decision-making cadence that leaders can apply daily. As Massey describes, the greatest failures he has seen in organizations did not come from a bad decision but from delaying a necessary one. His model helps break that paralysis.
Face
Facing risk begins with naming the truth in front of you. Not the sanitized version. The real version. What is the risk that keeps you up at night? What is the organizational behavior you keep tolerating? What is the emerging external pressure that is already reshaping your strategic environment? (see Chapter 4). Massey’s point is blunt: You cannot frame a risk you refuse to see, and you cannot move forward from a place of ambiguity.
Frame
Framing is about meaning-making. Two companies can experience the same regulatory change, market disruption, or technology shift and respond in completely different ways. Why? Because they frame its significance differently (see Chapter 5). Framing is where compliance officers have enormous influence. We help leaders see regulatory shifts as more than check-the-box obligations. We help boards see cultural issues as more than HR noise. We help executives understand that ESG risks are strategic risks and that reputational risks are governance risks. Impact matters, yes. But meaning drives action.
Forward
Forward is where clarity becomes motion. Not recklessness. Not speed for speed’s sake. But disciplined, intentional, values-aligned action. Massey writes that the fog does not lift before we move. It lifts because we move (Chapter 6). That insight is especially relevant for compliance professionals. We often wait for the perfect policy, perfect data, or perfect operating plan. Yet most risks today evolve faster than our systems can process. The future belongs to organizations that move forward with clarity, not certainty.
Risk, Trust, and Fear: The Three-Dimensional Model of Leadership
What makes Risk in Action uniquely valuable for compliance professionals is Massey’s integration of risk, trust, and fear. These forces, he argues, are always active, competing, overlapping, and shaping our choices (see Chapter 7). Compliance professionals know this intuitively. A team hesitates to escalate a concern—not because they lack information, but because fear is louder than trust. A business unit drags its feet on a remediation plan—not because the fix is complicated, but because the risk feels abstract. A board over-rotates to control, not because of a regulatory requirement, but because fear has dominated the discussion.
Massey identifies three essential questions every leader must answer:
These three elements—Can, Care, Do—form the building blocks of trust (see Chapter 8). And trust, in turn, is what enables movement across the risk gap.
FearFULL Leadership: Why Pretending to Be Fearless Does Not Work
One of the book’s most compelling contributions is Massey’s challenge to the myth of fearlessness. Leaders spend too much time trying to appear unshakable. In reality, fear shows up silently, through overcontrol, indecision, or relentless perfectionism. Massey argues for something more honest: becoming fearFULL, not devoid of fear, but full of awareness, reflection, and intention (see Chapter 9). FearFULL leaders admit the truth early. They ask the hard questions. They name the tension. And by doing so, they create a sense of psychological safety for others.
For compliance professionals, this matters enormously. Transparency, escalation, and ethical decision-making cannot coexist with unacknowledged fear. Leaders who cannot name their own fear cannot build environments where employees feel safe speaking up.
The Compliance Connection: Why This Book Matters for Our Profession
At its core, Risk in Action is about building systems and cultures where leaders face reality with honesty, interpret risks with clarity, and move with purpose. That is the very heart of compliance work. Massey critiques the old model of compliance as the organizational brake pedal. The modern compliance function must instead help the business navigate uncertainty, not out of fear, but with disciplined confidence (see Chapter 1).
Compliance does not eliminate risk. Compliance enables the organization to move forward intelligently. Risk in Action reinforces several truths compliance professionals have long understood:
What Massey offers is a leadership model that makes movement possible again.
Five Key Takeaways for the Compliance Professional
Perhaps the most interesting overall concept posited by Massey is one I learned from John Lee Dumas from his interview in the award-winning podcast series, Looking Back on 9/11. On 9/11, Dumas was a college senior in ROTC, and that night, he knew he was going to war. As a 21-year-old Lieutenant, he led a 40-man tank crew in the invasion of Iraq. I asked him what he learned from his Army experience. He instantly responded, “Make a Decision.” He added that you never have perfect information, so you have to take what you have, synthesize it, and act on it. Massey makes clear that compliance leadership requires action.
