Tag: Risk Management

Categories
ACI FCPA Conference 2025

ACI-FCPA Conference Speaker Preview Series – Dan Kahn on the New DOJ Enforcement Priorities

In this episode of the ACI-FCPA and Global Anti-Corruption Conference Speaker Podcasts series, Dan Kahn discusses his panel at the event, “Unpacking the DOJ’s New FCPA Enforcement Guidelines and Priorities: Practical Takeaways for Updating Risk Management, Internal Investigations, and Compliance Strategies.”

Some of the issues the panel will discuss are:

  • How does the current DOJ guidance inform compliance?
  • How to recalibrate your compliance program based on the updated Guidance.
  • What does the DOJ FCPA Guidance say about enforcement priorities? 

I hope you can join me at the ACI–FCPA Conference. This year’s event will take place on December 3-4 at the Gaylord National Resort & Convention Center in National Harbor, Maryland, near Washington, D.C. The lineup of this year’s event is simply first-rate, featuring some of the top FCPA professionals, white-collar attorneys, and compliance practitioners in the field.

The 2025 program is being completely redesigned to help your organization stay agile, responsive, and ahead of the curve. Expect a dynamic agenda shaped by real-world priorities, practical takeaways, and the most cutting-edge thinking in compliance—led by a faculty of global practitioners with boots on the ground, encountering the very risks that come across your desk.

Please join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount by using the code D10-999-CPN26.

Categories
Innovation in Compliance

Innovation in Compliance: Dare to Dream: Leveraging AI and Innovation

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Dr. Hemma Lomax from DocuSign, Chris Crowder from Airbus, and Vince Walden from konaAI to explore the future of compliance with AI and AgenticAI. This podcast was edited from a konaAI-sponsored webinar. For a link to the full webinar replay, see below.

Our discussion centers around the integration of AI, innovation, and compliance within corporate environments. Chris and Hemma share insights about their current data analytics efforts and the transformative role of AI in enhancing compliance processes. They discuss the importance of human judgment, exploring new technologies, and creating a forward-thinking compliance culture. Audience members are encouraged to think creatively about leveraging technology to address compliance challenges and prepare for a rapidly evolving business landscape.

Key highlights:

  • Current State of AI and Data Analytics in Compliance
  • Challenges and Opportunities in AI Implementation
  • The Role of AI in Risk Management
  • Human Judgment and AI: A Balanced Approach
  • Future of AI in Compliance and Business
  • Future of AI Agents in Compliance

Resources:

For a full replay of the Webinar, click here.

For the konaAI white paper on AgenticAI, click here.

To listen to the award-winning podcast Upping Your Game on the use of AI in a compliance program, click here.

Check out my latest book, Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Compliance and AI

Compliance and AI: Automate the Noise Away – The Future of Financial Crime Detection with Oracle’s Jason Somrak

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this insightful episode, Tom Fox interviews Jason Somrak, Chief of Product & Strategy – Financial Crime & Compliance at Oracle Financial Services Software Limited.

They delve into the evolving role of AI in combating financial crimes and the proactive potential of AI in compliance investigations. Highlighting the transformative power of AI, Jason explains its applications, ranging from detection to investigation, and its impact on regulatory practices. They also discuss future emerging challenges in risk management and the collaboration between humans and AI in enhancing financial crime detection and compliance.

Key highlights:

  • AI’s Role in Financial Crime Prevention
  • Proactive and Preventive Measures
  • AI in Investigations and Triage
  • Automating the Noise Away
  • Regulatory Interactions and Challenges
  • Emerging Challenges in Risk Management
  • Future of AI in Compliance
  • Corporate Culture and AI Adoption

Resources:

Jason Somrak on LinkedIn

Oracle Financial Services

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Sunday Book Review

Sunday Book Review: October 26, 2025, The Risk Management Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. Today, we review four top books on risk management.

  • How to be a Chief Risk Officer by Jennifer Geary
  • Fundamentals of Risk Management by Kate Boothroyd and Clive Thompson
  • The Failure of Risk Management by Douglas Hubbard
  • The Risk Management Handbook by David Hillson
Categories
Innovation in Compliance

Innovation in Compliance – AI in Financial Crime and Compliance: A Deep Dive with Oracle’s Jason Somrak

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox welcomes Jason Somrak, the Chief of Product and Strategy for Financial Crime and Compliance at Oracle.

Jason elaborates on his professional background and his decade-long journey at Oracle. He delves into the transformative role of AI in combating financial crimes, exploring how AI has evolved from predicting false positives to using behavioral models and generative AI to enhance investigation processes. Their discussion touches on AI’s potential to shift from detection to prevention, the impact of real-time AML, and the significance of automating noise in compliance investigations. They also discuss the importance of regulatory relationships and the emerging challenges in risk management. The episode concludes with insights into the future skills needed in compliance roles and the critical role of corporate culture in implementing AI solutions.

Key highlights:

  • AI’s Role in Financial Crime Prevention
  • Proactive vs. Reactive Approaches
  • AI in Investigations and Triage
  • Emerging Challenges in Risk Management
  • Future of AI in Compliance
  • Skills for Next-Gen Compliance Officers

Resources:

Jason Somrak on LinkedIn

Oracle Financial Services

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 3 – Compliance in the Full Moonlight: Lessons from The Wolf Man

Welcome to a special series of Popcorn and Compliance. In this series, we will be looking at the Classic Universal Monster Movies from the 30s and 40s and mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this episode, Tom explores critical compliance insights drawn from Lon Chaney Jr.’s portrayal of The Wolf Man.

In this episode, we take a deep dive into my favorite Classic Universal Monster, The Wolf Man, to unpack five critical lessons, including the danger of ignoring warnings, the importance of timely intervention, and the challenges of recognizing risks in ordinary people under extraordinary circumstances. Listeners are encouraged to consider how these timeless themes apply to modern corporate compliance, emphasizing proactive measures to prevent potential catastrophes. Join Tom, along with AI hosts Fiona and Timothy, for a surprisingly relevant exploration of compliance through the eerie lens of Hollywood’s iconic monster movies.

Key highlights:

The Relevance of the Wolf Man to Modern Compliance

  • Lesson 1: Ordinary People Can Become Compliance Risks
  • Lesson 2: Warnings Ignored Become Disasters Realized
  • Lesson 3: The Curse of Silence and Stigma
  • Lesson 4: Risk is Cyclical and Predictable
  • Lesson 5: Tragedy Comes from a Lack of Intervention

Resources:

Compliance Lessons from Lon Chaney Jr.’s The Wolf Man on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Regulatory Ramblings

Regulatory Ramblings: Episode 79 – Is the Divide Between Traditional Finance and DeFi / Crypto Over? // Spotlight on: Why Businesses Must Understand Banking Flows for Due Diligence with Stanley Foodman and Viktoria Soltesz

Today’s podcast opens with Viktoria Soltesz (tax, payment, and banking expert, and founder of PSP Angels Group and the Soltesz Institute) discussing payments and banking, and why businesses must understand banking flows to ensure proper due diligence on their clients.

Following that, we chat with Miami-based accountant Stanley Foodman about an article he penned for LinkedIn earlier this summer, in which he states that the barriers between DeFi, or decentralized finance, and traditional finance have now been broken.

Biography:

Viktoria Soltesz has over 20 years of experience, with a focus on complex cases. She runs an accounting and tax consulting firm in Cyprus, supporting complex and global corporate setups, and founded PSP Angels out of frustration with not having the answers to the most basic online payment questions.

She developed the Soltesz Payment Framework, which is used by international companies worldwide. Viktoria also established the Soltesz Institute, the leading independent certification body for the payment and banking industry.

An EU-certified trainer, she formerly lectured at the University of West London and is a well-known speaker at various industry conferences and summits.

Viktoria is also an author, sharing her expertise and advice in the book Moving Money – How Banks Think, which was on the Amazon bestseller list.

She also won the “Business Woman of the Year” award in 2023 and was named “Payment Consultant of the Year” in 2023, 2024, and 2025.

Stanley Foodman is the founder and CEO of Foodman CPAs and Advisers, a Miami-based firm that he established over 50 years ago.

With decades of experience in both public and private sectors, Stan specializes in financial crime, risk management, and asset recovery. His background includes serving as an auxiliary special agent with the Florida Department of Law Enforcement and consulting for the U.S. Attorney’s Office in civil RICO money laundering cases. He partners with legal teams, financial institutions, and business leaders to proactively identify risks and protect client interests.

He holds a Master of Science degree in Accounting and Tax from the University of Miami, as well as multiple professional certifications, including CPA, CFE, CAMS, and STEP. A board member of the Financial & International Business Association, he is also a member of the AICPA, FICPA, and the ACFCS.

As for his firm, Foodman CPAs & Advisors is a specialized forensic accounting, tax compliance, and regulatory advisory firm serving C-Suite executives, financial institutions, legal professionals, businesses, and high-net-worth individuals (HNWIs).

He leads a team dedicated to solving complex financial challenges— ranging from cross-border tax compliance and forensic investigations to litigation support and regulatory risk management.

Discussion:

Viktoria begins the conversation by explaining to Regulatory Ramblings host Ajay Shamdasani why businesses need to understand banking flows and operations to perform adequate due diligence on their clients. She also stresses that Blockchain and cryptocurrencies are not the solution, but rather, such innovations “mask the problem” because, as she puts it, “the same players are trying to cheat the system.”

She also emphasizes the need for financial education, yet she acknowledges that many institutions of higher learning do not teach their graduates about payments and banking when they matriculate from university.

According to Viktoria, awareness needs to be raised in the general population as to how banks think and manage money; how money moves is key, she says. A corollary to that is that companies need to understand cash flows and banking requirements.

The discussion ends with her sharing her thoughts on what can be done to make the existing payment systems fairer in both the developed and developing world. A common refrain is the lack of access to financial technology (fintech).

Following that, we have a lengthier chat with veteran Miami-based accountant and fraud investigator Stanley Foodman on an article he penned for LinkedIn entitled “Crypto’s Compliance Crossover: Are You Ready for Multi-Framework Reporting?”[1]

In it, he argues: “The line between digital assets and traditional finance no longer exists. With CARF and CRS 3.0 now in effect, cryptocurrency is fully within the regulatory perimeter, and financial institutions across LATAM need to be prepared. This isn’t just a reporting update. It’s a fundamental shift in how compliance must operate across jurisdictions, asset types, and internal systems.”

In his piece, Stan breaks down the most common gaps in crypto compliance today – namely:

  • Incomplete capture of wallet ownership and sender/receiver data
  • Misaligned AML/KYC and tax due diligence processes
  • Gaps in cross-border policy coverage
  • Limited interoperability across compliance tools and departments

Beyond just where institutions are falling behind, the op-ed piece explores how they can get ahead, along with what readiness truly entails under CARF and CRS 3.0.

Looking ahead, he highlights the need for strategic priorities to enhance compliance readiness. “To meet new demands of crypto compliance, institutions must go beyond surface-level solutions. A true response to CARF requires structural alignment across policy, data, staffing, and governance,” he said.

According to Stan, top compliance priorities should include:

  • Integrated Policy Frameworks: Expand your internal policies to treat crypto assets as part of the same risk landscape as traditional holdings. This includes wallet traceability, exposure to decentralized exchanges, and automated risk scoring.
  • Unified Data Architecture: Break down internal silos. Create a centralized compliance data environment where AML, tax, and digital asset reporting teams can access a consolidated view of client behaviors across fiat and blockchain transactions.
  • Enhanced Client Onboarding & Monitoring:  Update onboarding processes to capture crypto wallet IDs, source of funds, blockchain transaction history, and risk triggers. Ongoing monitoring must include both on-chain and off-chain behavior.
  • Staff Training & Cross-Functional Collaboration:  Equip your teams to understand crypto regulations and compliance risks. Encourage collaboration between compliance officers, IT, legal, and product leads to bridge technical and regulatory knowledge gaps.
  • Cross-Border Regulatory Mapping: Align your reporting framework with FATF, CARF, CRS 3.0, and relevant domestic disclosure regimes. For institutions operating in multiple jurisdictions or serving cross-border clients, a cohesive compliance map is critical.

Stan also shares a little about his background and how his training as an accountant aided him during his career in law enforcement, as well as the dividends such public service has paid him in his private practice. He reflects on what initially drew him to the field of accounting.

Ultimately, he concludes that the distinction between digital assets and traditional finance is no longer clear. Looking to compliance leadership in the digital future, Stan remarks: “The institutions that will thrive in the new era aren’t just adding crypto checkboxes to their CRS tools. They’re embedding digital assets into their entire compliance DNA, governance, strategy, and infrastructure.”

Regulatory Ramblings podcasts is brought to you by The University of Hong Kong – Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech, with support from the HKU Faculty of Law.

Useful links in this episode:

You might also be interested in:

Connect with RR Podcast at:

LinkedIn: https://hk.linkedin.com/company/hkufintech 
Facebook: https://www.facebook.com/hkufintech.fb/
Instagram: https://www.instagram.com/hkufintech/ 
Twitter: https://twitter.com/HKUFinTech 
Threads: https://www.threads.net/@hkufintech
Website: https://www.hkufintech.com/regulatoryramblings 

Connect with the Compliance Podcast Network at:

LinkedIn: https://www.linkedin.com/company/compliance-podcast-network/
Facebook: https://www.facebook.com/compliancepodcastnetwork/
YouTube: https://www.youtube.com/@CompliancePodcastNetwork
Twitter: https://twitter.com/tfoxlaw
Instagram: https://www.instagram.com/voiceofcompliance/
Website: https://compliancepodcastnetwork.net

Categories
Blog

Risk Management and the Board: Why Oversight is Now a Strategic Imperative

In today’s business landscape, boards of directors are navigating a storm of risks that would test even the most resilient organizations. This topic was explored in a recent article titled “Risk Management and the Board of Directors.” Geopolitical uncertainty, economic volatility, cybersecurity threats, climate change, and the uncharted waters of generative AI are no longer background noise. They have moved to the front and center in boardrooms. Against this backdrop, risk management has emerged not just as an operational necessity but as a governance and strategic imperative. For compliance professionals, this raises a critical question: what role should the board play in risk management, and how can compliance officers support them in fulfilling that role effectively?

Oversight, Not Management

A crucial distinction must be made: boards are not responsible for managing risk on a day-to-day basis. That responsibility belongs to management. But boards do carry the weight of oversight. This oversight includes monitoring the most significant corporate risk factors, ensuring that appropriate risk systems are in place, and verifying that those systems function in practice.

Think about the Boeing case. Regulators and auditors identified multiple failures in Boeing’s manufacturing controls and safety processes, resulting in devastating reputational and financial consequences that continue to unfold. The lesson is clear. It is not enough for a board to approve a risk framework and then step away. Boards must oversee, probe, and confirm that those frameworks are embedded in operations across the enterprise.

Compliance officers can support this by providing boards with accurate, timely, and actionable reporting. Minutes, board packets, and oversight documentation are not administrative afterthoughts. They are evidence of diligence that courts, regulators, and investors increasingly scrutinize.

Tone at the Top: Culture as the Foundation

If oversight is the board’s mandate, then culture is the foundation that determines whether risk management succeeds or fails. Boards set the “tone at the top,” and that tone resonates throughout the organization.

Transparency, consistency, and communication are essential. A board that prioritizes ethics, compliance, and stakeholder safety sends a clear message: compliance failures and corner-cutting will not be tolerated. Conversely, when boards tolerate delay or indecision in addressing risks, such as safety lapses, misconduct, or harassment, they erode employee trust, tarnish their reputation, and invite regulatory scrutiny.

Board Readiness in a Dynamic Environment

Boards must prepare not only for the risks they know but for those that are emerging. This means ongoing director training, scenario planning, and recruitment strategies that close knowledge gaps. While no board can house every kind of subject matter expertise, they must know when to bring in advisors, leverage external resources, and engage with stakeholders directly.

A readiness mindset also means anticipating the unexpected. Crisis response plans, covering a range of scenarios from cyberattacks to workplace misconduct, should be in place and regularly tested to ensure their effectiveness. Compliance leaders should be part of these conversations, ensuring that prevention, detection, and remediation are embedded into strategy, not bolted on as afterthoughts.

Investors, regulators, and even the courts of Delaware are sharpening their focus on board-level risk oversight. The Caremark line of cases continues to set a high bar, but boards that fail to engage in good faith with core risks run the risk of liability. Compliance officers can help directors demonstrate that their oversight is active, engaged, and documented.

Practical Recommendations for Compliance Professionals

What does this mean for compliance officers working with boards? Here are four takeaways:

1. Provide Clear, Actionable Risk Reporting

Boards cannot oversee what they cannot see, and too often, directors are presented with overwhelming data that obscures the real risks. Compliance should deliver reporting that distills information into clear, concise insights, showing not just what happened but why it matters. The most effective reports highlight trends, identify root causes, and directly connect risks to business strategy, enabling the board to act with confidence.

2. Integrate Oversight into Strategy

Compliance risk management should never be treated as an afterthought, bolted onto the business after decisions are made. Instead, compliance officers must help boards see how compliance oversight is deeply intertwined with growth, innovation, and operational resilience. By linking compliance considerations to strategy, compliance becomes a driver of sustainable success rather than a box-checking obligation.

3. Focus on Emerging Risks

Generative AI, biodiversity loss, and geopolitical fragmentation are no longer distant or theoretical; instead, they are reshaping risk landscapes as we speak. Boards need compliance officers to translate these complex issues into practical implications before they escalate into crises that erode value and reputation. A forward-looking compliance function enables directors to anticipate threats, allocate resources effectively, and avoid being blindsided.

4. Reinforce Culture and Ethics

Tone at the top must resonate throughout the organization, and compliance is the bridge that connects board-level values to everyday business practices. Compliance officers can help embed cultural expectations by weaving red flags, lessons learned, and behavioral standards into training, communications, and accountability structures. When done well, this alignment ensures that ethical behavior is not aspirational but operational, lived out across all levels of the enterprise.

Why It Matters Now

The expectations for board-level risk oversight are higher than ever. Regulators want evidence that boards are engaged. Courts are scrutinizing oversight failures with fresh vigor. Investors are pressing for transparency on ESG, cyber, and DEI risks. And employees, your most important stakeholders, expect boards to prioritize safety, inclusion, and integrity.

For compliance professionals, this creates both a challenge and an opportunity. The challenge is to help boards stay ahead of complex risks in an environment of constant change. The opportunity is to elevate the compliance function as a strategic partner in governance, resilience, and corporate integrity.

Final Thoughts

Risk management is no longer just an operational function; it has become a strategic imperative. It is a governance issue that sits squarely in the boardroom. Boards do not need to manage risk, but they must actively oversee it, document their oversight, and ensure that culture and strategy align with risk management systems.

As compliance professionals, we are uniquely positioned to support this mandate. We provide the frameworks, reporting, and insights that help boards meet their obligations and protect the enterprise. In doing so, we not only maintain compliance but also enhance resilience, protect reputation, and foster trust with stakeholders.

The message is clear: oversight is not optional, culture is not cosmetic, and preparation is not a luxury. For today’s boards and for the compliance professionals who advise them, risk management is a strategic imperative that can no longer be ignored.

Categories
AI Today in 5

AI Today in 5: September 22, 2025, The Chaos of Consent Episode

Welcome to AI Today in 5, the newest edition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI, so start your day, sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5, all from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest related to AI.

Top AI stories include:

  • JFrog advances investment compliance. (Simply Wall St)
  • Using AI to navigate consent. (MarTech)
  • Making risk management a competitive advantage. (KPMG)
  • Using AI for cybersecurity. (IBM)
  • The AI race is like the Space Race. (Bloomberg)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Blog

Untangling Fraud, Waste, and Abuse: A Primer for the Compliance Professional

In the world of compliance, few phrases are tossed around with as much frequency and often as little precision as “fraud, waste, and abuse.” In the government sector, this triad is well-defined. Federal and state agencies spend billions each year tracking, auditing, and enforcing rules to combat it. But in the private sector, the phrase is no less relevant. Whether you are managing a global compliance program, overseeing internal controls, or leading an ethics initiative, fraud, Waste, and abuse can quietly erode corporate value, undermine trust, and invite unwanted scrutiny from regulators, auditors, and stakeholders.

Yet too many compliance professionals lump these terms together, failing to appreciate the important differences between them. Fraud, Waste, and abuse may sometimes overlap in practice, but they require distinct prevention strategies, tailored controls, and cultural messaging. Today, we begin a multipart blog post series to unpack what each of these terms means for the private sector and explore how your organization can fight against their scourge.

Fraud: The Deliberate Deception

Fraud is the most familiar of the three. It is intentional deception or misrepresentation made with the knowledge that it will result in an unauthorized benefit. In the corporate world, fraud is not limited to elaborate Ponzi schemes or headline-grabbing accounting scandals; it often hides in plain sight.

Examples from the private sector include:

  • Financial statement fraud. Inflating revenue or concealing liabilities to present a healthier picture of the business. Enron, WorldCom, and Wirecard are stark reminders.
  • Procurement fraud. Kickbacks from suppliers, false invoices, or bid-rigging. A procurement officer who colludes with a vendor to inflate prices is not just wasting company money; they are stealing it.
  • Expense reimbursement fraud. Employees are submitting falsified receipts or double-billing travel expenses. What starts as “a little padding” quickly snowballs into a systemic problem.

Fraud is deliberate, targeted, and harmful by design. It requires intent to deceive. For this reason, fraud often falls under the purview of regulators and prosecutors, resulting in criminal charges, civil penalties, and severe reputational damage.

Waste: The Silent Erosion of Value

Waste, by contrast, is rarely intentional. It refers to the careless or unnecessary use of resources, leading to inefficiency and loss of value. Waste does not always involve dishonesty; usually, it is more often a byproduct of poor management, weak oversight, or cultural indifference.

Examples from the private sector include:

  • Operational inefficiencies. A manufacturing line that continues to use outdated machinery, consuming more energy than modern alternatives. However, it can also encompass basic corporate functions, such as failing to timely service vehicles and other large pieces of equipment until they break down.
  • Bloated corporate travel. Business units booked last-minute flights in premium class when lower-cost options were available with better planning.
  • Technology sprawl. Companies are paying for redundant software licenses because IT and business units fail to coordinate their procurement.

Waste drains profitability. Unlike fraud, it may not land your employees in court, but over time, it corrodes competitiveness, frustrates shareholders, and damages morale. For the compliance professional, Waste is tricky. Because it often lacks intent, it falls into a gray zone between compliance, internal audit, and operations. But leaving Waste unchecked is an abdication of governance responsibility. And of course, it can be very costly.

Abuse: The Exploitation of Loopholes

Abuse sits somewhere between fraud and Waste. It involves the improper or excessive use of resources or authority, but without a clear intent to defraud. Abuse may not violate the letter of company policy, but it often violates its spirit.

Examples from the private sector include:

  • Excessive executive perks. A senior leader insists on flying private, despite company policy allowing business class.
  • Overtime gaming. Employees schedule themselves in ways that maximize overtime pay, even when workloads do not justify it.
  • Supplier favoritism. A manager repeatedly awards contracts to a personal acquaintance without competitive bidding, even if the price is technically “market.”

Abuse thrives in cultures of entitlement and weak oversight. It often signals to employees that procurement rules are flexible or merely suggestions, undermining trust in leadership. Regulators may not always prosecute abuse, but investors, boards, and employees will notice.

Five Key Takeaways for the Compliance Professional

1. Know the Difference

Fraud, Waste, and abuse are often lumped together, but they are distinct risks with different causes and remedies. Fraud is intentional deception designed to enrich the perpetrator at the company’s expense. Waste is careless or inefficient use of resources, often unintentional but just as costly. Abuse sits in the middle ground, exploiting loopholes, gray areas, or authority for personal gain. If you treat these three risks as interchangeable, your controls will be blunt instruments. The savvy compliance professional tailors training, monitoring, and cultural messaging to each risk, ensuring prevention efforts are both precise and effective.

2. Fraud Is Not the Only Threat

Compliance programs often emphasize fraud because it creates legal exposure, attracts regulatory scrutiny, and can lead to criminal liability. Yet fraud is not the only drain on corporate value. Waste can hollow out profitability year after year through inefficiency and mismanagement. Abuse corrodes employee trust, culture, and morale, even when it does not cross a legal line. Boards and shareholders increasingly look beyond compliance “check the box” fraud controls. They demand stewardship, efficiency, and accountability across the enterprise. Expanding your program’s scope to tackle Waste and abuse demonstrates leadership, adds measurable business value, and positions compliance as a strategic partner.

3. Culture Is the Battleground for Abuse

You can design airtight policies and sophisticated controls to prevent fraud or reduce Waste, but abuse is more insidious. It thrives in cultures of entitlement, favoritism, and “wink-and-nod” exceptions to the rules. Abuse may not always break laws or policies, but it violates fairness and damages trust. That is why culture is the key battleground. Compliance leaders must set clear expectations, train managers to model ethical behavior, and empower employees to speak up when necessary. When entitlement and corner-cutting are tolerated, abuse spreads. When accountability, transparency, and stewardship are celebrated, abuse withers. Culture, not checklists, is the ultimate safeguard.

4. Data Is Your Ally

The complexity of modern business means fraud, Waste, and abuse can hide in plain sight. Data analytics provides compliance professionals with the tools to detect risks early. Anomalies in travel expenses may uncover not only fraudulent reimbursement but also systemic Waste in last-minute bookings or abusive upgrades. Procurement analytics can expose inflated invoices, duplicate payments, or favoritism in the vendor selection process. The key is not just gathering data but integrating it across compliance, audit, and finance systems. With proper dashboards and regular reviews, data becomes a proactive ally, identifying red flags before they metastasize into scandals that damage reputation and value.

5. Build Cross-Functional Coalitions

Fraud, Waste, and abuse do not respect organizational silos. They intersect with compliance, audit, HR, procurement, finance, and operations. If each function fights its own battles in isolation, risks will inevitably slip through the cracks. The compliance professional is uniquely positioned to serve as the connector, building coalitions that share data, align incentives, and coordinate responses. For example, a fraud indicator spotted by finance may also highlight Waste tracked by operations. HR may uncover abusive practices that compliance can remediate with policy changes. When functions collaborate, blind spots shrink, accountability rises, and the entire organization becomes more resilient.

Stewardship as Compliance

Fraud, Waste, and abuse may manifest differently, but together they represent a continuum of risks that can erode profitability, corrode culture, and undermine trust in leadership. For the compliance professional, the way forward lies in anchoring your program on five core pillars.

First, you need to understand the difference. Fraud, Waste, and abuse require distinct approaches, and treating them as interchangeable dulls your controls. Second, remember that fraud is not the only threat. Waste and abuse, while less visible, can be just as damaging to shareholders and boards who care about stewardship as much as compliance. Third, recognize that culture is the battleground for abuse. Without accountability and transparency embedded in daily operations, policies and controls are powerless against entitlement and favoritism. Fourth, leverage the fact that data is your ally. Analytics reveal patterns across all three categories, allowing you to act before small issues metastasize. Finally, build cross-functional coalitions. Fraud, Waste, and abuse cut across silos, and only through collaboration can you close the gaps.

Taken together, these five strategies form more than a compliance toolkit; they create a holistic framework for corporate stewardship. By clearly distinguishing risks, broadening your scope, reinforcing your culture, embracing data, and building coalitions, you elevate compliance from a defensive shield to a proactive value driver.

The organizations that thrive in today’s demanding environment will be those that go beyond chasing fraud and instead build resilient, data-driven, and culture-anchored programs to fight fraud, Waste, and abuse in all their forms. That is the mandate for the modern compliance professional.

Join us tomorrow as we explore how your anti-corruption compliance program can help your company combat fraud, Waste, and abuse.