Tag: Risk Management

Categories
AI Today in 5

AI Today in 5: August 5, 2025, The AI at the SEC Episode

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI. 

 

For more information on the use of AI in Compliance programs, Tom Fox’s new book is Upping Your Game. You can purchase a copy of the book on ⁠Amazon.com.

Categories
Blog

10 Prompts for Compliance

A colleague recently asked me to provide them with some prompts they could use to start their journey using AgenticAI, machine learning, and natural language processing. They also wanted an explanation of why these prompts would be helpful. I thought about it and came up with a list of the Top 10 prompts compliance professionals frequently use or need to use, along with a detailed explanation of their critical importance. I have added an answer for each prompt. To obtain these prompts, I began with the following query to ChatGPT. ‘You are a compliance professional at a US corporation. Please list the top 10 prompts I can use to start my journey of using AI to improve a corporate compliance program.’

1. “Identify emerging compliance risks in our industry.”

Explanation:

This prompt is foundational for proactive compliance management. Compliance professionals must continuously scan the regulatory landscape, industry developments, technology advancements, and geopolitical shifts to detect emerging risks. Understanding new threats before they fully materialize allows compliance teams to take proactive steps, adapt policies, provide training, and mitigate potential issues before they result in violations or enforcement actions. Moreover, this prompt promotes a forward-looking compliance program, which aligns with regulatory expectations such as those outlined by the DOJ’s Evaluation of Corporate Compliance Programs (ECCP), making this a critical practice for effective compliance professionals.

2. “Summarize recent regulatory updates relevant to our business operations.”

Explanation:

Compliance landscapes are dynamic, with rules frequently evolving. This prompt ensures compliance professionals remain fully informed about current regulatory changes that directly impact their company’s operations. Effective compliance teams leverage these summaries to update policies, provide timely training, and communicate clearly to management and employees. Staying abreast of regulatory developments also positions compliance professionals to strategically advise senior leadership on business decisions, mitigate regulatory risk, and avoid costly penalties or enforcement actions resulting from non-compliance or outdated practices.

3. “Provide best practices for conducting a thorough compliance risk assessment.”

Explanation:

Risk assessment is the cornerstone of an effective compliance program, as emphasized by regulatory guidelines from bodies as diverse as the DOJ and COSO. This prompt enables compliance professionals to leverage proven methodologies, frameworks, and standards to identify, prioritize, and address key risk areas systematically. An effective compliance risk assessment not only satisfies regulatory expectations but also informs strategic allocation of compliance resources. Moreover, a robust risk assessment is foundational for proactive management, policy development, and training, enhancing an organization’s overall compliance posture and reducing potential liabilities.

4. “Generate scenario-based training examples on ethical dilemmas and compliance issues.”

Explanation:

Training remains a critical element in a strong compliance program. Scenario-based prompts help compliance professionals create realistic, relatable training modules that resonate with employees. Ethical dilemmas and practical compliance scenarios allow employees to practice decision-making, reflect upon corporate values, and internalize compliance expectations. Such scenario-based training significantly improves retention, awareness, and adherence to corporate standards. Additionally, regulators frequently examine training effectiveness during compliance reviews, and scenario-based training demonstrates a genuine commitment to fostering a culture of compliance.

5. “Draft a communication plan for implementing significant compliance program changes.”

Explanation:

Clear, structured communication is essential when changes occur in compliance programs, procedures, or policies. This prompt helps compliance professionals ensure they address critical points transparently and consistently to all stakeholders. A thoughtful communication plan ensures key messages are effectively conveyed, minimizes confusion, and reinforces the seriousness of compliance updates. Effective communication plans also document a defensible record of the company’s efforts to implement and socialize compliance changes, satisfying regulatory expectations for robust internal communication, transparency, and awareness across the organization.

6. “Suggest steps for performing effective third-party due diligence and monitoring.”

Explanation:

Third-party relationships pose significant compliance and reputational risks, especially concerning bribery, corruption, fraud, and sanctions violations. This prompt assists compliance professionals in defining robust due diligence and monitoring procedures aligned with international best practices and regulatory expectations such as those in the FCPA and the UK Bribery Act. Effective due diligence steps allow companies to proactively identify potential red flags, implement controls, and continuously monitor third-party activities. This approach helps mitigate liability from third-party misconduct and demonstrates regulatory rigor and commitment to compliance oversight.

7. “Explain key lessons learned from recent enforcement actions relevant to our sector.”

Explanation:

Learning from regulatory enforcement actions is pivotal in compliance. This prompt ensures compliance professionals leverage real-world cases to strengthen their compliance programs. By analyzing enforcement trends and critical lessons, compliance officers identify and rectify gaps before they lead to serious issues. Regulators often expect companies to adjust their compliance efforts based on industry-specific enforcement activity, and proactively analyzing recent cases underscores an organization’s commitment to continuous improvement and diligent compliance management. This practice helps mitigate risk, avoid similar pitfalls, and demonstrate compliance program effectiveness.

8. “Guide developing or updating a whistleblower policy and protection procedures.”

Explanation:

Whistleblower protection is not just regulatory guidance; it’s often legally required. This prompt helps compliance professionals craft robust whistleblower policies to encourage employees to report misconduct safely without fear of retaliation. An effective whistleblower program builds trust, integrity, and accountability within an organization. Regulatory bodies, such as the SEC and DOJ, evaluate whistleblower programs as indicators of a mature compliance culture. Hence, this prompt helps compliance teams align policy with best practices and legal mandates, protecting both whistleblowers and the company from serious compliance violations and reputational harm.

9. “Outline a structured root cause analysis process for compliance failures.”

Explanation:

Conducting a root cause analysis (RCA) is essential for compliance professionals to identify underlying factors contributing to compliance failures. This prompt provides compliance officers with a structured methodology to systematically evaluate incidents, prevent recurrence, and make informed decisions on corrective measures. Regulators, including the DOJ, increasingly require companies to demonstrate a systematic RCA process following a compliance breach. Utilizing RCA strengthens an organization’s ability to enhance controls, improve policies, refine training, and demonstrate commitment to compliance effectiveness, thus enhancing credibility with regulators.

10. “Draft a checklist for auditing and monitoring compliance program effectiveness.”

Explanation:

Auditing and monitoring are fundamental elements of a strong compliance program. This prompt helps compliance professionals systematically evaluate their programs’ design, implementation, and ongoing performance. Detailed checklists facilitate consistent reviews, identify vulnerabilities, track remediation progress, and ensure continuous improvement. Regulators regularly review auditing and monitoring processes as evidence of a compliance program’s maturity. Thus, having articulated auditing checklists underscores a proactive approach to maintaining compliance program effectiveness and regulatory readiness and ensures swift corrective actions whenever issues arise.

Conclusion:

These top 10 prompts embody essential practices in modern compliance management. Leveraging these prompts enables compliance professionals to proactively manage risk, remain informed, educate effectively, communicate clearly, and demonstrate regulatory rigor. They ensure that organizations maintain robust compliance programs that protect the business and sustain an ethical, accountable, and risk-aware culture.

Categories
Blog

Chasing Shadows: Five Compliance Lessons from the Hound of the Baskervilles

The Hound of the Baskervilles,” penned by Sir Arthur Conan Doyle, is not only the most famous Sherlock Holmes story and a riveting detective tale but also presents timeless lessons in compliance applicable to corporate governance and risk management. Through its intricate plot and detailed character portrayals, the novel underscores several critical principles that every compliance professional should heed.

The story itself blends mystery, suspense, and supernatural elements. Sherlock Holmes and Dr. Watson investigate Sir Charles Baskerville’s mysterious death on the eerie Devonshire moors, connected to a legendary demonic hound curse. Holmes sends Watson with his heir, Sir Henry Baskerville, to the estate, where suspicious servants, an escaped convict, and peculiar neighbors—the Stapletons—heighten tensions. Watson’s observations reveal Jack Stapleton’s instability and jealousy over Sir Henry’s attention to Beryl Stapleton. Secretly investigating, Holmes identifies Stapleton as a Baskerville relative plotting Sir Henry’s death to claim the inheritance. Stapleton’s deception includes staging supernatural events to exploit local superstition. In the climax, Stapleton releases a phosphorus-painted hound to kill Sir Henry, but Holmes and Watson intervene, killing the beast. Stapleton flees, presumed dead in the Grimpen Mire. Holmes’s rational deductions triumph, dismissing supernatural fears and reinforcing logic and reason. Watson’s meticulous work is instrumental, showcasing his courage and skill. The novel concludes by affirming reason over superstition, demonstrating the dangers of irrational fear.

Here are five key compliance lessons derived from specific events within this classic tale.

Lesson 1: Avoiding Complacency in Risk Assessment

The initial approach to the mystery of Sir Charles Baskerville’s death illustrates a critical lesson in risk assessment: the importance of maintaining vigilance. Dr. Mortimer initially attributes the death to supernatural causes, influenced by local legends of a family curse. Sherlock Holmes immediately challenges this complacency, emphasizing the need for rational investigation over reliance on myths or unexamined assumptions. Holmes insists on examining evidence logically rather than accepting straightforward, sensational explanations.

Compliance professionals must similarly avoid complacency. It is easy for an organization to rely on historical assumptions or superficial risk assessments. However, genuine vigilance requires continuous questioning and reevaluation of all potential threats. By regularly revisiting risk assessments and remaining skeptical of conventional wisdom, compliance teams can better anticipate, mitigate, and respond to potential compliance failures before they escalate into significant issues.

Lesson 2: Effective Use of Data and Evidence

Throughout “The Hound of the Baskervilles,” Holmes’s meticulous use of evidence exemplifies the necessity of thorough documentation and analysis in achieving effective compliance outcomes. One key example is Holmes’s careful examination of Sir Henry Baskerville’s stolen boots. Holmes correctly deduces that the shoes were stolen to provide the hound with Sir Henry’s scent. This attention to minute detail and systematic analysis underscores the importance of robust documentation and record-keeping.

Compliance professionals should similarly prioritize precise data collection, rigorous documentation, and evidence-based decision-making. Proper documentation provides transparency, facilitates effective audits, and ensures clarity when addressing compliance issues or regulatory inquiries. By fostering a culture where data-driven decision-making is standard practice, organizations can strengthen their compliance programs and more effectively prevent violations.

Lesson 3: Maintaining Independence and Objectivity

A pivotal moment in the novel occurs when Holmes secretly arrives on the moor, independent of Watson’s investigation. Holmes understands the importance of maintaining independence to gather unbiased information. By conducting a parallel investigation that is free from local biases and personal relationships, Holmes preserves objectivity and ultimately identifies the true culprit, Jack Stapleton.

For compliance professionals, maintaining independence and objectivity is equally vital. Conflicts of interest can obscure judgment and compromise investigations. Compliance officers must be empowered to act independently, free from undue influence, to ensure the integrity of their findings and recommendations. Establishing clear reporting structures and supporting unbiased investigative procedures can significantly enhance an organization’s overall compliance effectiveness.

Lesson 4: Transparent Communication and Reporting

Transparency is repeatedly highlighted as essential throughout Conan Doyle’s narrative. Watson’s regular and detailed correspondence with Holmes exemplifies clear, transparent reporting. Watson meticulously records his observations, suspicions, and interactions, ensuring Holmes remains informed of developments in real time. This ongoing communication proves instrumental in Holmes’s eventual successful intervention.

In the realm of corporate compliance, transparent communication and reporting are equally critical. Employees must feel encouraged and supported in reporting suspicious activities or compliance concerns without fear of retaliation or retribution. Implementing precise and accessible reporting mechanisms, while ensuring open lines of communication, fosters a culture that is compliant-friendly. This transparency enables compliance teams to detect and address issues promptly, thereby reducing organizational exposure to risk and promoting an ethical business environment.

Lesson 5: Importance of Culture and Ethics

The actions and eventual downfall of Jack Stapleton underscore a profound lesson in compliance regarding organizational culture and ethics. Stapleton manipulates local fears and exploits the legend of the supernatural hound to facilitate his criminal plans. His unethical behavior, driven by greed and a disregard for human life, ultimately led to his ruin.

Organizations must prioritize building and maintaining a strong ethical culture. Leadership should exemplify ethical behavior, clearly communicate expectations, and swiftly address unethical actions. Regular training and communication regarding ethical standards reinforce an organization’s values and expectations. By cultivating a robust ethical culture, organizations not only reduce the likelihood of compliance violations but also enhance their reputation and long-term sustainability.

The Hound of the Baskervilles” offers rich insights for compliance professionals. Avoiding complacency, emphasizing evidence-based decision-making, maintaining independence, ensuring transparent communication, and fostering a robust ethical culture are foundational principles that are vividly highlighted throughout Conan Doyle’s timeless narrative. These lessons, illustrated through specific events and character decisions within the story, remain deeply relevant in guiding modern corporate compliance practices.

Categories
#RiskNYC Speaker Series

#Risk New York Speaker Series- Upping Your Game with Tom Fox

Join myself and hundreds of other GRC professionals in the city that never sleeps, New York City on July 9 & 10 for one of the top conferences around #Risk New York. current US landscape – shaped by evolving policies, rapid AI advancements, and shifting global dynamics – demands adaptive strategies and cross-functional collaboration.

At #RISK New York you will master the New Regulatory Reality by Getting ahead of US regulatory shifts and their impact. Conquer AI & Tech Risk by Safeguarding your organization in an AI-driven world and understand the implications of major tech investments. Navigate Financial & Crypto Volatility by Protecting assets and explore solutions in a dynamic market. Strengthen Your GRC Framework by Leverage governance, risk, and compliance for strategic advantage. Protect Digital Trust by Addressing challenges in cybersecurity, data privacy, and combating misinformation. All while meeting

In this episode of the Risk New York podcast series, Tom Fox introduces the upcoming Risk New York Conference, scheduled for July 9-10 at Fordham Law School. The conference, hosted by GRC World Forums, will focus on various aspects of risk management, including AI, tech risk, financial and crypto risk, and GRC frameworks. Tom discusses his keynote based on his book ‘Upping the Game’ and highlights key speakers and exhibitors, including Robert Clark from Howard University, Bill Coffin and Erica Alburn from Ecosphere, and Michael Rasmussen, known as the father of GRC. The episode emphasizes the significance of the conference and provides information on discounted tickets and other details available in the show notes.

Resources

#Risk Conference Series

#RiskNYC-Tickets and Information

Categories
Trekking Through Compliance

Trekking Through Compliance – Episode 8 – Miri

In this episode of Trekking Through Compliance, we consider the episode Miri, which aired on October 27, 1966, Star Date 2713.5. In this episode of Trekking Through Compliance, we explore one of the eeriest and most profound cautionary tales in the Star Trek canon: “Miri.” When the crew responds to a distress signal from a planet that’s an exact duplicate of Earth, they find a society ravaged by a failed experiment in human longevity. Only children remain, while the adults, the “grups,” have all died from a virulent disease.

This haunting story is not simply science fiction. It is a case study of what happens when risk management is treated as an afterthought. We draw parallels between the biohazard breakdowns on the planet and the kinds of failures that modern compliance officers must guard against, whether in public health readiness, supply chain risk, or workforce welfare.

Episode Summary

A disfigured man attacks a landing party, who die after Kirk strikes him. They discover a preadolescent, Miri, who ran away from them because “grups” kill and maim children before dying. She and her friends are “onlies,” the only ones left. The distress call is traced to an automated signal. The landing party, except for Spock, notices purple lesions on their bodies; Miri tells them that these are the first signs of the disease, and they will soon develop into the same condition as the other adults. When the disease begins, its victims have seven days to live. Although Spock is immune, he considers himself a carrier who could infect the Enterprise if he returns.

Back on the Enterprise, after vaccinating everyone and leaving the children in the care of a medical team, Kirk sends for teachers and advisers to help the children improve their lives.

Key highlights:

1. Disaster Preparedness—A Cure Without a Contingency Plan

🖖Illustrated by: The civilization’s experiment to extend life, which instead wipes out all adults.

This central failure underscores the risks associated with scientific advancement that lacks proper risk assessment. The developers had no fallback, no regulatory oversight, and no crisis management framework in place. For compliance professionals, this serves as a reminder that innovation must be paired with effective scenario planning and disaster recovery protocols.

2. Environmental and Public Health Compliance—Invisible Risks Become Existential Threats

🖖Illustrated by: The crew’s infection with the disease upon beaming down, with lesions appearing days later.

This serves as a metaphor for health and safety non-compliance. Enterprises must be vigilant about how workplace conditions, unseen hazards, and biological risks can impact staff and operations. Proactive monitoring and rapid-response mechanisms are essential components of any risk management strategy.

3. Data Governance and Early Warning Systems—Responding Too Late

🖖Illustrated by: The automated distress signal continued even though no adult survivors remained.

The signal was still active, but no one was listening until it was far too late. In modern organizations, this is equivalent to ignoring audit logs, internal control alerts, or whistleblower reports that go unread. A culture of attentiveness to data and signals is crucial to catching issues before they cascade.

4. Supply Chain Risk—Critical Resource Shortages in the Field

🖖Illustrated by: The crew’s struggle to develop a cure with limited time, no labs, and deteriorating conditions.

Kirk and McCoy were caught without adequate resources. This scenario mirrors the real-world risks companies face when they lack redundancy in their supply chains, fail to conduct thorough vendor audits, or fail to plan for logistical disruptions. A robust compliance framework includes stress-testing the supply chain for resilience under duress.

Employee Welfare and Isolation—Psychological and Ethical Concerns in Hazard Zones

🖖Illustrated by: Spock’s decision not to return to the Enterprise due to the risk of contamination.

Spock’s sacrifice is a model of ethical risk containment. In any risk environment, whether it is a pandemic, data breach, or financial misconduct, companies must empower employees to make ethically sound decisions while providing mental health support for those isolated by crisis response roles.

Final Starlog Reflections

Miri is a chilling illustration of what happens when ambition outpaces ethics and planning. The children left behind are the victims of a society that prioritizes progress over protection. For compliance professionals, this episode serves as a vivid reminder that a well-crafted compliance program is not just about preventing misconduct—it’s about preparing for the unknown.

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Innovation in Compliance

Innovation in Compliance: Integrating AI in Compliance and Risk Management with Jana Brost

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox visits with Jana Brost, COO at myCOI, the sponsor of this podcast.

They chat about the intersection of compliance, risk management, and AI. Jana discusses her background in high-growth business process outsourcing and data analysis, as well as her journey to joining my company. She explains the concept of Certificates of Insurance (COIs) and their importance in managing risk for companies. The conversation examines how myCOI empowers vendors and owners to manage their insurance requirements more efficiently through the use of AI, highlighting key industry trends and the impact of AI on speed, accuracy, and user experience. Jana also discusses the future of AI in risk management and its potential to enhance employee engagement and foster a positive company culture.

Key highlights:

  • Understanding COIs in Construction
  • Risk Management and Insurance
  • Evolution of COI Management with AI
  • AI’s Impact on Vendors and Owners
  • Customer Expectations and AI
  • Future of AI and Company Culture

Resources:

Jana Brost on LinkedIn

myCOI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Compliance and AI

Compliance and AI: Revolutionizing Risk Management with John Byrne

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These are but three questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this episode, Tom welcomes John Byrne, founder and CEO at Corlytics, to discuss the company’s groundbreaking ISO 42001 certification and its significance for RegTech.

They delve into the evolving role of compliance, emphasizing the transition from reactive to proactive problem-solving. John highlights the shift towards AI-centric operations at Corlytics, aiming for enhanced accuracy, consistency, and traceability in compliance processes. The conversation explores the benefits and risks of AI, including data poisoning and the practical differences between large and small language models. They also touch upon integrating compliance into core business operations, aiming for better client outcomes and speeding up processes like account opening. John envisions RegTech becoming widely accessible, benefiting even the smallest regulated players by enabling proactive business solutions and reducing bottlenecks.

Key highlights:

  • ISO 42001 Certification and Its Importance
  • AI in Compliance and Security
  • AI as an Everyday Tool in Banking
  • Large Language Models vs. Small Language Models
  • Data Poisoning and Its Risks
  • Dynamic Traceability and Policy Lifecycle
  • Compliance as a Strategic Risk Management Tool

Resources:

John Byrne on LinkedIn

Corlytics

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Check out my latest book, Upping Your Game: How Compliance and Risk Management Move to 2030 and Beyond, available from Amazon.com.

Categories
Blog

Predictive. Proactive. Protected: Leveraging AI for Real-Time Third-Party Risk Management

Even in 2025, third-party risk management remains one of the thorniest challenges for compliance professionals. Whether you oversee distributors in the Middle East, suppliers in Southeast Asia, or data processors in Eastern Europe, the risks, including bribery, sanctions violations, labor abuses, and fraud, remain ever-present. Traditionally, compliance teams fought these battles using static tools: onboarding questionnaires, annual reviews, and spreadsheet trackers. But those blunt instruments are no longer enough in today’s real-time risk environment.

Enter AI, specifically Generative AI (GenAI), predictive analytics, and blockchain, which is revolutionizing third-party oversight and giving compliance professionals the power to act proactively, not reactively. As Jag Lamba, CEO of Certa, astutely notes, GenAI brings three significant value buckets: reduced risk, commercial ROI, and reduced legal costs. Today, I will unpack what that means for compliance and how we can move from the “check-the-box” era to one of integrated, continuous monitoring and risk mitigation.

Compliance in Real Time: The Shift to Predictive Tools

Historically, the compliance approach to third-party risk was episodic. We conducted due diligence at onboarding, maybe revisited it every few years, and crossed our fingers in between. However, the gaps between assessments were dangerous blind spots, exposing companies to risks that regulators like the DOJ and SFO are increasingly unwilling to tolerate.

That’s where predictive analytics steps in. To forecast potential violations, these systems analyze structured and unstructured data, from financial records to adverse media to geopolitical trends. AI flags early risk indicators, such as an unusual payment pattern or a politically exposed person. That allows compliance to intervene before a deal closes, a bribe is paid, and reputational damage is done.

Machine learning (ML) models also allow dynamic anomaly detection. This is especially useful in sifting through transactional data and flagging high-risk behavior patterns like duplicate invoices, mismatched documentation, or sudden changes in third-party ownership.

Blockchain brings an additional layer of trust. Immutable audit trails secure contracts, payments, and due diligence documentation, ensuring the record is tamper-proof and regulator-ready. Smart contracts can enforce compliance obligations automatically, stopping payments, triggering alerts, or suspending activity when a vendor falls out of bounds.

Three Buckets of Value: What GenAI Delivers

Jag Lamba, CEO of Certa, outlined three distinct areas where GenAI delivers:

  1. Risk Reduction Compliance risk, data privacy risk, ESG risk, reputational risk—the list goes on. AI helps companies avoid working with third parties that introduce these risks into the business ecosystem. This is more than good practice; it is a lifeline for organizations operating under Deferred Prosecution Agreements (DPAs) or with heightened scrutiny from regulators.
  2. Commercial Value Faster onboarding of sales agents, vendors, or channel partners means faster revenue. Reducing a six-week onboarding timeline to two days can translate into hundreds of millions in new revenue, especially in fast-moving sectors.
  3. Legal Savings Avoiding regulatory missteps means avoiding costly enforcement actions. In today’s aggressive enforcement climate, those savings are not simply theoretical; they are very real and very substantial.

Compliance should not be a handbrake on business; it should be a business enabler. By embedding GenAI into core operations, organizations create less friction and fewer dual processes, improving business agility without sacrificing oversight.

Five Takeaways for Compliance Professionals

  • Predictive Compliance Is the New Norm

The days of “wait and see” are over. AI lets us anticipate risk, not just react to it. Predictive tools shift compliance from being an internal auditor to a strategic partner in risk mitigation. Companies like Certa use automated third-party master data enrichment to reduce false positives and streamline screening, creating cleaner data for faster, smarter decisions.

  • AI Supercharges Due Diligence

Natural language processing (NLP) and machine learning enable deep due diligence at scale. To flag red flags, AI can scan global watchlists, sanctions databases, court records, and newsfeeds. It can uncover hidden connections, shell entities, familial relationships, and obscure affiliates that human reviewers often miss.

Even better, AI does not sleep. It continually updates third-party risk profiles in real time, offering dynamic monitoring that aligns with today’s fast-changing regulatory landscape.

  • Real-Time Supply Chain Monitoring Is a Must

Supply chains are now under a microscope. From human rights to trade sanctions, regulators demand evidence that companies are proactively managing supply chain risks. AI tools monitor supplier behaviors and flag real-time ESG risks, such as forced labor or environmental non-compliance.

Blockchain ensures that supply chain data remains unaltered and provides traceability across multiple tiers of suppliers. With AI-integrated blockchain systems, compliance professionals can quickly identify issues, trace them to their source, and take corrective action.

  • AI + Blockchain = Fraud and Corruption Prevention

Fraud detection meant following static rules, like transaction thresholds or vendor location mismatches. AI adds nuance. It can detect bribery patterns or fraudulent shell entities by learning from thousands of real-world cases. Meanwhile, blockchain creates an unchangeable record of each transaction, making it harder for corrupt actors to falsify invoices or backdate payments. This two-pronged approach, predictive analytics plus immutable records, offers a potent defense against FCPA and UKBA violations.

  • Third-Party Risk Must Be Continuous, Not Episodic

Third-party due diligence cannot be a one-and-done exercise. Predictive analytics enables a live risk-scoring environment where third parties are constantly evaluated. AI can even detect patterns that suggest “compliance-sensitive” activity, like vendors interacting with government officials or operating in high-risk jurisdictions, flagging them for further review.

One multinational recently implemented a no-code solution that monitors purchase requisitions for signs of regulatory engagement, triggering automated validation questions. This kind of innovation is only possible when compliance works in tandem with IT, legal, and procurement.

Compliance at a Crossroads: Innovate or Fall Behind

After the Trump Administration’s Executive Order suspending FCPA investigation and enforcement, compliance professionals face a fundamental choice: evolve or be eclipsed. But in 2025, manual reviews and siloed spreadsheets. Business leaders expect real-time monitoring, cross-functional integration, and data-backed decision-making to create greater business value. That means compliance must step into a new leadership role that embraces technology, champions cross-department collaboration, and drives value across the enterprise.

It is time for compliance teams to stop seeing AI as a future concept and start seeing it as a present-day imperative. The organizations that embrace this shift will thrive in the next wave of regulatory scrutiny and be best equipped to meet the moment.

As the saying goes, “The best way to predict the future is to invent it.” For compliance professionals, that future is AI-driven, real-time, and risk-resilient.

This article was based on my new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The Role of Compliance Going Forward

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly take a deep dive into the intricate future of corporate compliance amidst changes brought by the presidential executive order suspending FCPA investigation and enforcement.

Matt shares insights from a recent Compliance Week event in Boston, highlighting concerns among compliance professionals about the potential obsolescence of their roles. The discussion covers two primary scenarios: regulatory relaxation, making dedicated compliance roles redundant, and technological advancements, particularly AI, potentially replacing human compliance officers. However, both agree on the enduring importance of robust compliance functions integrated within corporate structures, emphasizing the strategic value of compliance in risk management and business operations.

They explore the dual excitement and anxiety surrounding AI’s role in compliance. Matt and Tom caution against shortsighted management decisions to decentralize compliance functions and highlight how AI can be harnessed to enhance rather than replace human oversight. They argue for proactive measures from compliance officers to demonstrate their value and leverage AI to improve compliance programs. As Matt eloquently puts it, this is a challenging yet opportune time for compliance professionals to up their game and secure their vital role in ensuring corporate integrity and efficiency.

Key highlights:

  • The Future of Compliance Post-Executive Order
  • The Role of Technology in Compliance
  • AI’s Impact on Compliance Officers
  • Strategic Imperatives for Compliance

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Hui Chen A Pause in FCPA Enforcement: Crisis or Opportunity

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Compliance into the Weeds was recently honored as one of a Top 25 Regulatory Compliance Podcast

Categories
Daily Compliance News

Daily Compliance News: March 27, 2025, The Eliminate The District Courts Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Who is going to get your 23andMe data? (WSJ)
  • Even Bloomberg says to enforce the FCPA.  (Bloomberg)
  • The House speaker says Congress can eliminate district courts.  (Reuters)
  • What is the fire risk for your business? (NYT)