Tag: Risk Management

Categories
AI Today in 5

AI Today in 5: August 13, 2025, The Beware the EU AI Act Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

For more information on the use of AI in compliance programs, see Tom Fox’s new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 71 – Surviving the Unknown: Risk Management Lessons from “That Which Survives”

In compliance, risk management is more than a checklist. It is the ongoing discipline of identifying threats, assessing their potential impact, and implementing measures to mitigate or neutralize them before they cause harm.

Few Star Trek episodes illustrate the escalating consequences of underestimated risks as effectively as That Which Survives. In it, the Enterprise crew encounters a seemingly lifeless planet guarded by Losira, an alien projection who can kill with a single touch. Her purpose is to protect the planet’s secrets, but her method is indiscriminate, deadly, and poorly aligned to the situation at hand.

For compliance professionals, this episode offers five important lessons on anticipating, assessing, and responding to risks, both known and unknown, within an organization.

Lesson 1: Identify Risks Before Engaging in New Ventures

Illustrated By: The Enterprise arrives at an uncharted planet. Within moments, a mysterious woman materializes and kills a crew member simply by touching him.

Compliance Lesson. Too often, companies rush into new markets, partnerships, or projects without conducting a thorough risk assessment. This can expose the organization to sanctions violations, corruption risks, cybersecurity vulnerabilities, or operational failures.

Lesson 2: Understand That Some Risks Are Intelligent and Adaptive

Illustrated By: Losira targets specific individuals and adapts her approach to their vulnerabilities.

Compliance Lesson. Not all risks are static. Fraudsters change tactics, cyber threats evolve, and corrupt third parties find new ways to conceal misconduct. A compliance program must anticipate that some risks will actively seek to bypass controls.

Lesson 3: Don’t Dismiss Low-Probability, High-Impact Threats

Illustrated By: At first, the crew assumes Losira’s appearances are isolated incidents, but they quickly realize she poses an existential threat.

Compliance Lesson. Rare events, such as a single high-value bribery transaction, a lone rogue employee, or a targeted cyberattack, can have catastrophic consequences. Organizations sometimes underprepare for these scenarios because they seem unlikely.

Lesson 4: Risk Mitigation Requires Cross-Functional Coordination

Illustrated By: The landing party on the planet and the Enterprise crew in orbit are each facing threats from Losira, but their survival depends on sharing information and coordinating responses. Without clear communication, both groups would be doomed.

Compliance Lesson. Compliance cannot manage risk in isolation. It must work with legal, internal audit, operations, IT, and HR to identify threats and implement controls.

Lesson 5: Address the Root Cause, Not Just the Symptoms

Illustrated By: The crew eventually discovers that Losira is an automated defense mechanism left behind by an extinct race. Once the crew understands her origin and purpose, they can neutralize the threat.

Compliance Lesson. In risk management, addressing surface-level problems without finding the underlying cause only delays future incidents. Compliance should integrate root cause analysis into all investigations.

Final ComplianceLog Reflections

That Which Survives is more than a suspense episode; it is a cautionary tale about the dangers of underestimating risk. Losira was not inherently evil; she was a misunderstood, unexamined part of an environment the crew did not fully assess before engagement.

The compliance officer’s mandate is to ensure the company doesn’t make the same mistake: to scan for threats before beaming in, to adapt to risks that evolve, to prepare for unlikely but devastating events, to coordinate across the enterprise, and to address the root cause when problems arise. Risk management is not just about surviving; it is about ensuring that your organization thrives in any environment, whether it’s an unexplored planet or a rapidly changing market.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Blog

Risk Management in Compliance: Five Lessons from Star Trek’s That Which Survives

In compliance, risk management is more than a checklist. It is the ongoing discipline of identifying threats, assessing their potential impact, and implementing measures to mitigate or neutralize them before they cause harm.

Few Star Trek episodes illustrate the escalating consequences of underestimated risks as effectively as That Which Survives. In it, the Enterprise crew encounters a seemingly lifeless planet guarded by Losira, an alien projection who can kill with a single touch. Her purpose is to protect the planet’s secrets, but her method is indiscriminate, deadly, and poorly aligned to the situation at hand.

For compliance professionals, this episode offers five important lessons on anticipating, assessing, and responding to risks, both known and unknown, within an organization.

Lesson 1: Identify Risks Before Engaging in New Ventures

Illustrated By: The Enterprise arrives at an uncharted planet, scans it briefly, and beams down a landing party. Within moments, a mysterious woman materializes and kills a crew member simply by touching him.

Compliance Lesson. Too often, companies rush into new markets, partnerships, or projects without conducting a thorough risk assessment. This can expose the organization to sanctions violations, corruption risks, cybersecurity vulnerabilities, or operational failures. Compliance should lead or be deeply involved in pre-engagement risk assessments. Before “beaming down” into a new business environment, map potential threats—regulatory, operational, reputational—and identify safeguards. Skipping this step can lead to preventable harm and costly remediation.

Lesson 2: Understand That Some Risks Are Intelligent and Adaptive

Illustrated By: Losira’s ability to appear anywhere, both on the planet and aboard the Enterprise, shows she is not a passive hazard. She targets specific individuals and adapts her approach to their vulnerabilities.

Compliance Lesson. Not all risks are static. Fraudsters change tactics, cyber threats evolve, and corrupt third parties find new ways to conceal misconduct. A compliance program must anticipate that some risks will actively seek to bypass controls. Build adaptive monitoring into your compliance systems. Use continuous transaction monitoring, real-time alerts, and data analytics to detect changes in patterns. A one-time risk assessment is not enough—ongoing vigilance is essential.

Lesson 3: Don’t Dismiss Low-Probability, High-Impact Threats

Illustrated By: At first, the crew assumes Losira’s appearances are isolated incidents, but they quickly realize she poses an existential threat. Even though she is only one individual, her capabilities could destroy the Enterprise if not addressed.

Compliance Lesson. Rare events, such as a single high-value bribery transaction, a lone rogue employee, or a targeted cyberattack, can have catastrophic consequences. Organizations sometimes underprepare for these scenarios because they seem unlikely. Compliance departments should incorporate low-probability, high-impact risks into the risk register. Conduct tabletop exercises to simulate rare but potentially devastating events, ensuring the organization has both prevention and response plans in place.

Lesson 4: Risk Mitigation Requires Cross-Functional Coordination

Illustrated By: The landing party on the planet and the Enterprise crew in orbit are each facing threats from Losira, but their survival depends on sharing information and coordinating responses. Without clear communication, both groups would be doomed.

Compliance Lesson. Compliance cannot manage risk in isolation. It must work with legal, internal audit, operations, IT, and HR to identify threats and implement controls. Silos breed blind spots, and blind spots breed crises. Establish cross-functional risk committees or working groups. Ensure that incident reporting and escalation procedures are well understood across departments. Make compliance the hub of a collaborative risk network, not a separate spoke.

Lesson 5: Address the Root Cause, Not Just the Symptoms

Illustrated By: The crew eventually discovers that Losira is an automated defense mechanism left behind by an extinct race. She’s not malicious—she’s simply executing a program without context or adaptability. Once the crew understands her origin and purpose, they can neutralize the threat.

Compliance Lesson. In risk management, addressing surface-level problems without finding the underlying cause only delays future incidents. For example, punishing an employee for violating a policy without examining why the policy was ignored leaves the organization vulnerable to repeat violations. Compliance should integrate root cause analysis into all investigations. Whether it’s a process flaw, cultural issue, or oversight gap, solving the real problem is the only way to reduce recurrence.

The Enterprise as a Risk Management Model

Captain Kirk and his crew succeed not because they are lucky, but because they adapt quickly, share intelligence, and dig deeper to understand the nature of the threat. These are precisely the attributes a corporate compliance department needs to lead risk management:

  • Proactive assessment before engagement.
  • Adaptive controls that respond to evolving risks.
  • Preparation for rare but high-impact events.
  • Collaboration across organizational functions.
  • Root cause remediation for lasting solutions.

Practical Compliance Takeaways

From That Which Survives, compliance professionals can draw these operational insights:

  1. Integrate Compliance Early—Risk management starts before contracts are signed or operations begin, not after.
  2. Invest in Technology—Data analytics, AI monitoring, and continuous auditing tools make adaptive risk management possible.
  3. Conduct Scenario Planning—Practice responding to “Losira-like” threats: targeted, intelligent, and hard to predict.
  4. Build Risk Alliances—Partner with all departments to create a unified threat picture.
  5. Close the Loop—Use each incident to strengthen your program against future threats.

Final ComplianceLog Reflections

That Which Survives is more than a suspense episode; it is a cautionary tale about the dangers of underestimating risk. Losira was not inherently evil; she was a misunderstood, unexamined part of an environment the crew did not fully assess before engagement.

The compliance officer’s mandate is to ensure the company doesn’t make the same mistake: to scan for threats before beaming in, to adapt to risks that evolve, to prepare for unlikely but devastating events, to coordinate across the enterprise, and to address the root cause when problems arise.

In other words, risk management is not just about surviving; it is about ensuring that your organization thrives in any environment, whether it’s an unexplored planet or a rapidly changing market.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
AI Today in 5

AI Today in 5: August 5, 2025, The AI at the SEC Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI. 

 

For more information on the use of AI in Compliance programs, Tom Fox’s new book is Upping Your Game. You can purchase a copy of the book on ⁠Amazon.com.

Categories
Blog

10 Prompts for Compliance

A colleague recently asked me to provide them with some prompts they could use to start their journey using AgenticAI, machine learning, and natural language processing. They also wanted an explanation of why these prompts would be helpful. I thought about it and came up with a list of the Top 10 prompts compliance professionals frequently use or need to use, along with a detailed explanation of their critical importance. I have added an answer for each prompt. To obtain these prompts, I began with the following query to ChatGPT. ‘You are a compliance professional at a US corporation. Please list the top 10 prompts I can use to start my journey of using AI to improve a corporate compliance program.’

1. “Identify emerging compliance risks in our industry.”

Explanation:

This prompt is foundational for proactive compliance management. Compliance professionals must continuously scan the regulatory landscape, industry developments, technology advancements, and geopolitical shifts to detect emerging risks. Understanding new threats before they fully materialize allows compliance teams to take proactive steps, adapt policies, provide training, and mitigate potential issues before they result in violations or enforcement actions. Moreover, this prompt promotes a forward-looking compliance program, which aligns with regulatory expectations such as those outlined by the DOJ’s Evaluation of Corporate Compliance Programs (ECCP), making this a critical practice for effective compliance professionals.

2. “Summarize recent regulatory updates relevant to our business operations.”

Explanation:

Compliance landscapes are dynamic, with rules frequently evolving. This prompt ensures compliance professionals remain fully informed about current regulatory changes that directly impact their company’s operations. Effective compliance teams leverage these summaries to update policies, provide timely training, and communicate clearly to management and employees. Staying abreast of regulatory developments also positions compliance professionals to strategically advise senior leadership on business decisions, mitigate regulatory risk, and avoid costly penalties or enforcement actions resulting from non-compliance or outdated practices.

3. “Provide best practices for conducting a thorough compliance risk assessment.”

Explanation:

Risk assessment is the cornerstone of an effective compliance program, as emphasized by regulatory guidelines from bodies as diverse as the DOJ and COSO. This prompt enables compliance professionals to leverage proven methodologies, frameworks, and standards to identify, prioritize, and address key risk areas systematically. An effective compliance risk assessment not only satisfies regulatory expectations but also informs strategic allocation of compliance resources. Moreover, a robust risk assessment is foundational for proactive management, policy development, and training, enhancing an organization’s overall compliance posture and reducing potential liabilities.

4. “Generate scenario-based training examples on ethical dilemmas and compliance issues.”

Explanation:

Training remains a critical element in a strong compliance program. Scenario-based prompts help compliance professionals create realistic, relatable training modules that resonate with employees. Ethical dilemmas and practical compliance scenarios allow employees to practice decision-making, reflect upon corporate values, and internalize compliance expectations. Such scenario-based training significantly improves retention, awareness, and adherence to corporate standards. Additionally, regulators frequently examine training effectiveness during compliance reviews, and scenario-based training demonstrates a genuine commitment to fostering a culture of compliance.

5. “Draft a communication plan for implementing significant compliance program changes.”

Explanation:

Clear, structured communication is essential when changes occur in compliance programs, procedures, or policies. This prompt helps compliance professionals ensure they address critical points transparently and consistently to all stakeholders. A thoughtful communication plan ensures key messages are effectively conveyed, minimizes confusion, and reinforces the seriousness of compliance updates. Effective communication plans also document a defensible record of the company’s efforts to implement and socialize compliance changes, satisfying regulatory expectations for robust internal communication, transparency, and awareness across the organization.

6. “Suggest steps for performing effective third-party due diligence and monitoring.”

Explanation:

Third-party relationships pose significant compliance and reputational risks, especially concerning bribery, corruption, fraud, and sanctions violations. This prompt assists compliance professionals in defining robust due diligence and monitoring procedures aligned with international best practices and regulatory expectations such as those in the FCPA and the UK Bribery Act. Effective due diligence steps allow companies to proactively identify potential red flags, implement controls, and continuously monitor third-party activities. This approach helps mitigate liability from third-party misconduct and demonstrates regulatory rigor and commitment to compliance oversight.

7. “Explain key lessons learned from recent enforcement actions relevant to our sector.”

Explanation:

Learning from regulatory enforcement actions is pivotal in compliance. This prompt ensures compliance professionals leverage real-world cases to strengthen their compliance programs. By analyzing enforcement trends and critical lessons, compliance officers identify and rectify gaps before they lead to serious issues. Regulators often expect companies to adjust their compliance efforts based on industry-specific enforcement activity, and proactively analyzing recent cases underscores an organization’s commitment to continuous improvement and diligent compliance management. This practice helps mitigate risk, avoid similar pitfalls, and demonstrate compliance program effectiveness.

8. “Guide developing or updating a whistleblower policy and protection procedures.”

Explanation:

Whistleblower protection is not just regulatory guidance; it’s often legally required. This prompt helps compliance professionals craft robust whistleblower policies to encourage employees to report misconduct safely without fear of retaliation. An effective whistleblower program builds trust, integrity, and accountability within an organization. Regulatory bodies, such as the SEC and DOJ, evaluate whistleblower programs as indicators of a mature compliance culture. Hence, this prompt helps compliance teams align policy with best practices and legal mandates, protecting both whistleblowers and the company from serious compliance violations and reputational harm.

9. “Outline a structured root cause analysis process for compliance failures.”

Explanation:

Conducting a root cause analysis (RCA) is essential for compliance professionals to identify underlying factors contributing to compliance failures. This prompt provides compliance officers with a structured methodology to systematically evaluate incidents, prevent recurrence, and make informed decisions on corrective measures. Regulators, including the DOJ, increasingly require companies to demonstrate a systematic RCA process following a compliance breach. Utilizing RCA strengthens an organization’s ability to enhance controls, improve policies, refine training, and demonstrate commitment to compliance effectiveness, thus enhancing credibility with regulators.

10. “Draft a checklist for auditing and monitoring compliance program effectiveness.”

Explanation:

Auditing and monitoring are fundamental elements of a strong compliance program. This prompt helps compliance professionals systematically evaluate their programs’ design, implementation, and ongoing performance. Detailed checklists facilitate consistent reviews, identify vulnerabilities, track remediation progress, and ensure continuous improvement. Regulators regularly review auditing and monitoring processes as evidence of a compliance program’s maturity. Thus, having articulated auditing checklists underscores a proactive approach to maintaining compliance program effectiveness and regulatory readiness and ensures swift corrective actions whenever issues arise.

Conclusion:

These top 10 prompts embody essential practices in modern compliance management. Leveraging these prompts enables compliance professionals to proactively manage risk, remain informed, educate effectively, communicate clearly, and demonstrate regulatory rigor. They ensure that organizations maintain robust compliance programs that protect the business and sustain an ethical, accountable, and risk-aware culture.

Categories
Blog

Chasing Shadows: Five Compliance Lessons from the Hound of the Baskervilles

The Hound of the Baskervilles,” penned by Sir Arthur Conan Doyle, is not only the most famous Sherlock Holmes story and a riveting detective tale but also presents timeless lessons in compliance applicable to corporate governance and risk management. Through its intricate plot and detailed character portrayals, the novel underscores several critical principles that every compliance professional should heed.

The story itself blends mystery, suspense, and supernatural elements. Sherlock Holmes and Dr. Watson investigate Sir Charles Baskerville’s mysterious death on the eerie Devonshire moors, connected to a legendary demonic hound curse. Holmes sends Watson with his heir, Sir Henry Baskerville, to the estate, where suspicious servants, an escaped convict, and peculiar neighbors—the Stapletons—heighten tensions. Watson’s observations reveal Jack Stapleton’s instability and jealousy over Sir Henry’s attention to Beryl Stapleton. Secretly investigating, Holmes identifies Stapleton as a Baskerville relative plotting Sir Henry’s death to claim the inheritance. Stapleton’s deception includes staging supernatural events to exploit local superstition. In the climax, Stapleton releases a phosphorus-painted hound to kill Sir Henry, but Holmes and Watson intervene, killing the beast. Stapleton flees, presumed dead in the Grimpen Mire. Holmes’s rational deductions triumph, dismissing supernatural fears and reinforcing logic and reason. Watson’s meticulous work is instrumental, showcasing his courage and skill. The novel concludes by affirming reason over superstition, demonstrating the dangers of irrational fear.

Here are five key compliance lessons derived from specific events within this classic tale.

Lesson 1: Avoiding Complacency in Risk Assessment

The initial approach to the mystery of Sir Charles Baskerville’s death illustrates a critical lesson in risk assessment: the importance of maintaining vigilance. Dr. Mortimer initially attributes the death to supernatural causes, influenced by local legends of a family curse. Sherlock Holmes immediately challenges this complacency, emphasizing the need for rational investigation over reliance on myths or unexamined assumptions. Holmes insists on examining evidence logically rather than accepting straightforward, sensational explanations.

Compliance professionals must similarly avoid complacency. It is easy for an organization to rely on historical assumptions or superficial risk assessments. However, genuine vigilance requires continuous questioning and reevaluation of all potential threats. By regularly revisiting risk assessments and remaining skeptical of conventional wisdom, compliance teams can better anticipate, mitigate, and respond to potential compliance failures before they escalate into significant issues.

Lesson 2: Effective Use of Data and Evidence

Throughout “The Hound of the Baskervilles,” Holmes’s meticulous use of evidence exemplifies the necessity of thorough documentation and analysis in achieving effective compliance outcomes. One key example is Holmes’s careful examination of Sir Henry Baskerville’s stolen boots. Holmes correctly deduces that the shoes were stolen to provide the hound with Sir Henry’s scent. This attention to minute detail and systematic analysis underscores the importance of robust documentation and record-keeping.

Compliance professionals should similarly prioritize precise data collection, rigorous documentation, and evidence-based decision-making. Proper documentation provides transparency, facilitates effective audits, and ensures clarity when addressing compliance issues or regulatory inquiries. By fostering a culture where data-driven decision-making is standard practice, organizations can strengthen their compliance programs and more effectively prevent violations.

Lesson 3: Maintaining Independence and Objectivity

A pivotal moment in the novel occurs when Holmes secretly arrives on the moor, independent of Watson’s investigation. Holmes understands the importance of maintaining independence to gather unbiased information. By conducting a parallel investigation that is free from local biases and personal relationships, Holmes preserves objectivity and ultimately identifies the true culprit, Jack Stapleton.

For compliance professionals, maintaining independence and objectivity is equally vital. Conflicts of interest can obscure judgment and compromise investigations. Compliance officers must be empowered to act independently, free from undue influence, to ensure the integrity of their findings and recommendations. Establishing clear reporting structures and supporting unbiased investigative procedures can significantly enhance an organization’s overall compliance effectiveness.

Lesson 4: Transparent Communication and Reporting

Transparency is repeatedly highlighted as essential throughout Conan Doyle’s narrative. Watson’s regular and detailed correspondence with Holmes exemplifies clear, transparent reporting. Watson meticulously records his observations, suspicions, and interactions, ensuring Holmes remains informed of developments in real time. This ongoing communication proves instrumental in Holmes’s eventual successful intervention.

In the realm of corporate compliance, transparent communication and reporting are equally critical. Employees must feel encouraged and supported in reporting suspicious activities or compliance concerns without fear of retaliation or retribution. Implementing precise and accessible reporting mechanisms, while ensuring open lines of communication, fosters a culture that is compliant-friendly. This transparency enables compliance teams to detect and address issues promptly, thereby reducing organizational exposure to risk and promoting an ethical business environment.

Lesson 5: Importance of Culture and Ethics

The actions and eventual downfall of Jack Stapleton underscore a profound lesson in compliance regarding organizational culture and ethics. Stapleton manipulates local fears and exploits the legend of the supernatural hound to facilitate his criminal plans. His unethical behavior, driven by greed and a disregard for human life, ultimately led to his ruin.

Organizations must prioritize building and maintaining a strong ethical culture. Leadership should exemplify ethical behavior, clearly communicate expectations, and swiftly address unethical actions. Regular training and communication regarding ethical standards reinforce an organization’s values and expectations. By cultivating a robust ethical culture, organizations not only reduce the likelihood of compliance violations but also enhance their reputation and long-term sustainability.

The Hound of the Baskervilles” offers rich insights for compliance professionals. Avoiding complacency, emphasizing evidence-based decision-making, maintaining independence, ensuring transparent communication, and fostering a robust ethical culture are foundational principles that are vividly highlighted throughout Conan Doyle’s timeless narrative. These lessons, illustrated through specific events and character decisions within the story, remain deeply relevant in guiding modern corporate compliance practices.

Categories
#RiskNYC Speaker Series

#Risk New York Speaker Series- Upping Your Game with Tom Fox

Join myself and hundreds of other GRC professionals in the city that never sleeps, New York City on July 9 & 10 for one of the top conferences around #Risk New York. current US landscape – shaped by evolving policies, rapid AI advancements, and shifting global dynamics – demands adaptive strategies and cross-functional collaboration.

At #RISK New York you will master the New Regulatory Reality by Getting ahead of US regulatory shifts and their impact. Conquer AI & Tech Risk by Safeguarding your organization in an AI-driven world and understand the implications of major tech investments. Navigate Financial & Crypto Volatility by Protecting assets and explore solutions in a dynamic market. Strengthen Your GRC Framework by Leverage governance, risk, and compliance for strategic advantage. Protect Digital Trust by Addressing challenges in cybersecurity, data privacy, and combating misinformation. All while meeting

In this episode of the Risk New York podcast series, Tom Fox introduces the upcoming Risk New York Conference, scheduled for July 9-10 at Fordham Law School. The conference, hosted by GRC World Forums, will focus on various aspects of risk management, including AI, tech risk, financial and crypto risk, and GRC frameworks. Tom discusses his keynote based on his book ‘Upping the Game’ and highlights key speakers and exhibitors, including Robert Clark from Howard University, Bill Coffin and Erica Alburn from Ecosphere, and Michael Rasmussen, known as the father of GRC. The episode emphasizes the significance of the conference and provides information on discounted tickets and other details available in the show notes.

Resources

#Risk Conference Series

#RiskNYC-Tickets and Information

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 8 – Miri

In this episode of Trekking Through Compliance, we consider the episode Miri, which aired on October 27, 1966, Star Date 2713.5. In this episode of Trekking Through Compliance, we explore one of the eeriest and most profound cautionary tales in the Star Trek canon: “Miri.” When the crew responds to a distress signal from a planet that’s an exact duplicate of Earth, they find a society ravaged by a failed experiment in human longevity. Only children remain, while the adults, the “grups,” have all died from a virulent disease.

This haunting story is not simply science fiction. It is a case study of what happens when risk management is treated as an afterthought. We draw parallels between the biohazard breakdowns on the planet and the kinds of failures that modern compliance officers must guard against, whether in public health readiness, supply chain risk, or workforce welfare.

Episode Summary

A disfigured man attacks a landing party, who die after Kirk strikes him. They discover a preadolescent, Miri, who ran away from them because “grups” kill and maim children before dying. She and her friends are “onlies,” the only ones left. The distress call is traced to an automated signal. The landing party, except for Spock, notices purple lesions on their bodies; Miri tells them that these are the first signs of the disease, and they will soon develop into the same condition as the other adults. When the disease begins, its victims have seven days to live. Although Spock is immune, he considers himself a carrier who could infect the Enterprise if he returns.

Back on the Enterprise, after vaccinating everyone and leaving the children in the care of a medical team, Kirk sends for teachers and advisers to help the children improve their lives.

Key highlights:

1. Disaster Preparedness—A Cure Without a Contingency Plan

🖖Illustrated by: The civilization’s experiment to extend life, which instead wipes out all adults.

This central failure underscores the risks associated with scientific advancement that lacks proper risk assessment. The developers had no fallback, no regulatory oversight, and no crisis management framework in place. For compliance professionals, this serves as a reminder that innovation must be paired with effective scenario planning and disaster recovery protocols.

2. Environmental and Public Health Compliance—Invisible Risks Become Existential Threats

🖖Illustrated by: The crew’s infection with the disease upon beaming down, with lesions appearing days later.

This serves as a metaphor for health and safety non-compliance. Enterprises must be vigilant about how workplace conditions, unseen hazards, and biological risks can impact staff and operations. Proactive monitoring and rapid-response mechanisms are essential components of any risk management strategy.

3. Data Governance and Early Warning Systems—Responding Too Late

🖖Illustrated by: The automated distress signal continued even though no adult survivors remained.

The signal was still active, but no one was listening until it was far too late. In modern organizations, this is equivalent to ignoring audit logs, internal control alerts, or whistleblower reports that go unread. A culture of attentiveness to data and signals is crucial to catching issues before they cascade.

4. Supply Chain Risk—Critical Resource Shortages in the Field

🖖Illustrated by: The crew’s struggle to develop a cure with limited time, no labs, and deteriorating conditions.

Kirk and McCoy were caught without adequate resources. This scenario mirrors the real-world risks companies face when they lack redundancy in their supply chains, fail to conduct thorough vendor audits, or fail to plan for logistical disruptions. A robust compliance framework includes stress-testing the supply chain for resilience under duress.

Employee Welfare and Isolation—Psychological and Ethical Concerns in Hazard Zones

🖖Illustrated by: Spock’s decision not to return to the Enterprise due to the risk of contamination.

Spock’s sacrifice is a model of ethical risk containment. In any risk environment, whether it is a pandemic, data breach, or financial misconduct, companies must empower employees to make ethically sound decisions while providing mental health support for those isolated by crisis response roles.

Final Starlog Reflections

Miri is a chilling illustration of what happens when ambition outpaces ethics and planning. The children left behind are the victims of a society that prioritizes progress over protection. For compliance professionals, this episode serves as a vivid reminder that a well-crafted compliance program is not just about preventing misconduct—it’s about preparing for the unknown.

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Innovation in Compliance

Innovation in Compliance: Integrating AI in Compliance and Risk Management with Jana Brost

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Jana Brost, COO at myCOI, the sponsor of this podcast.

They chat about the intersection of compliance, risk management, and AI. Jana discusses her background in high-growth business process outsourcing and data analysis, as well as her journey to joining my company. She explains the concept of Certificates of Insurance (COIs) and their importance in managing risk for companies. The conversation examines how myCOI empowers vendors and owners to manage their insurance requirements more efficiently through the use of AI, highlighting key industry trends and the impact of AI on speed, accuracy, and user experience. Jana also discusses the future of AI in risk management and its potential to enhance employee engagement and foster a positive company culture.

Key highlights:

  • Understanding COIs in Construction
  • Risk Management and Insurance
  • Evolution of COI Management with AI
  • AI’s Impact on Vendors and Owners
  • Customer Expectations and AI
  • Future of AI and Company Culture

Resources:

Jana Brost on LinkedIn

myCOI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Compliance and AI

Compliance and AI: Revolutionizing Risk Management with John Byrne

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These are but three questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom welcomes John Byrne, founder and CEO at Corlytics, to discuss the company’s groundbreaking ISO 42001 certification and its significance for RegTech.

They delve into the evolving role of compliance, emphasizing the transition from reactive to proactive problem-solving. John highlights the shift towards AI-centric operations at Corlytics, aiming for enhanced accuracy, consistency, and traceability in compliance processes. The conversation explores the benefits and risks of AI, including data poisoning and the practical differences between large and small language models. They also touch upon integrating compliance into core business operations, aiming for better client outcomes and speeding up processes like account opening. John envisions RegTech becoming widely accessible, benefiting even the smallest regulated players by enabling proactive business solutions and reducing bottlenecks.

Key highlights:

  • ISO 42001 Certification and Its Importance
  • AI in Compliance and Security
  • AI as an Everyday Tool in Banking
  • Large Language Models vs. Small Language Models
  • Data Poisoning and Its Risks
  • Dynamic Traceability and Policy Lifecycle
  • Compliance as a Strategic Risk Management Tool

Resources:

John Byrne on LinkedIn

Corlytics

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Check out my latest book, Upping Your Game: How Compliance and Risk Management Move to 2030 and Beyond, available from Amazon.com.