It is with no small amount of pride that I am pleased to announce the publication of my latest book, The Game Is Afoot in Compliance. The book was sponsored by Gan Integrity. There is a reason Sherlock Holmes still resonates with compliance professionals. It is not nostalgia. It is not literary charm. It is not Victorian fog and deerstalker hats. It is a method.
That is what makes The Game Is Afoot in Compliance such a compelling contribution to the compliance profession. The book’s central insight is that Holmes gives us more than a detective story. He gives us a way to think. He gives us a discipline of observation, skepticism, rigor, and moral clarity that aligns remarkably well with the Department of Justice’s expectations for a modern compliance program.
For Chief Compliance Officers, compliance practitioners, boards, internal audit, and legal, that is the real message. Holmes is not a gimmick. Holmes is a framework. In the book, each of the four Holmes novels maps onto a core compliance discipline. Taken together, they form a coherent approach to designing, testing, and leading a best-practices compliance program.
We start with A Study in Scarlet. The lesson here is investigation. Holmes insists on evidence before theory. He refuses to let assumptions drive conclusions. He follows facts, not narratives. That is as close as one can get to the DOJ’s current expectations. Under the 2024 Evaluation of Corporate Compliance Programs, the DOJ is not interested in whether a company can identify a problem. It wants to know whether the company can investigate thoroughly, understand what happened, determine why it happened, and use that knowledge to improve going forward. The FCPA Resource Guide makes the same point differently. A compliance program must work in practice, and a credible investigative function is a large part of proving that.
Holmes would understand that immediately. He would also understand root cause analysis. The novel A Study in Scarlet is not simply about solving a crime. It is about going deeper than the surface event and uncovering the human, structural, and historical causes beneath it. That is precisely what compliance officers must do. Misconduct rarely appears out of nowhere. It is usually the product of pressure, weak controls, cultural tolerance, or a failure to act on warning signs.
Then comes The Sign of Four. Here, the lesson is signals, data, and decision-making. Holmes’ genius was not that he had more information than everyone else. It was that he knew how to distinguish signal from noise. That may be the most important compliance lesson of all in 2026. Every company today is awash in data. The issue is not access. The issue is architecture, judgment, and discipline.
This is where The Game Is Afoot in Compliance becomes particularly timely. Fox connects Holmes to data analytics, pattern recognition, communication, and ongoing monitoring. That is exactly where the compliance profession has moved. The best programs use data to identify anomalies, test controls, and surface risks before they become enforcement matters. But data alone is not enough. Holmes reminds us that human judgment still matters. Someone has to ask the right question. Someone has to notice the odd payment, the missing approval, the relationship that makes no sense, or the policy exception that keeps repeating.
Boards should take note here as well. Board oversight in compliance is not passive. Directors should be asking whether the company has information flows that produce timely, useful, and actionable insights. They should ask whether the compliance function can convert data into decisions. They should ask whether management can explain what it is monitoring, why it is monitoring it, and what it has learned from that work. A dashboard without analysis is decoration. Holmes would have no patience for decorative oversight.
In The Hound of the Baskervilles, I turn to third-party risk and accountability. This may be the most direct compliance analogy in the entire book. The great danger in The Hound is not simply the hound itself. It is the myth surrounding it. People accept the legend. They stop asking hard questions. They allow fear and assumption to take the place of inquiry. How often does that happen in business? “That distributor has been with us forever.” “That agent knows the local market.” “That is how business gets done there.” Those are the modern legends of the Baskerville moor. In compliance, they are red flags wrapped in habit.
The FCPA Resource Guide is crystal clear that risk-based due diligence on third parties is essential. The DOJ has repeatedly emphasized that onboarding due diligence is not enough. Companies must monitor. They must test. They must revisit. Fox makes exactly that point through Holmes: trust without verification is not trust. It is negligence
This is also where independence comes in. Holmes often solved the problem because he was willing to step back from accepted narratives and popular opinion. The compliance function must have that same independence. It must be empowered, adequately resourced, and able to challenge business assumptions. If compliance is too close to the business to question it, then the program is already standing in the Grimpen Mire.
Finally, The Valley of Fear gives us the lessons of a speak-up culture, whistleblower protection, and controls on retaliation. This is perhaps the most urgent message in the book. Fear kills truth. It silences witnesses. It protects wrongdoers. It allows misconduct to metastasize. I use The Valley of Fear to show that a hotline alone is never enough. Regulators now expect proof that employees can raise concerns safely, that those concerns are investigated fairly, and that retaliation is prevented and punished. The ECCP makes this explicit. Companies must demonstrate that their reporting system is trusted and that appropriate controls are in place to prevent retaliation.
This is where leadership and board oversight become inseparable from culture. Tone at the top still matters, but so does conduct in the middle and response at the bottom. Employees watch what happens when someone raises a concern. They watch whether the reporter is protected. They watch whether the issue disappears. Every response is a cultural signal. That is one reason I wanted to write The Game Is Afoot in Compliance, and why I believe it is valuable for the compliance professional. It reminds us that compliance is not only about structure. It is about posture. Holmes teaches posture. He teaches curiosity over complacency. Evidence over assumption. Courage over convenience. Truth over comfort. Those are not literary flourishes. They are operational requirements for an effective compliance program.
The larger point is this: Holmes gives compliance professionals a mindset that fits modern enforcement expectations. The DOJ wants programs that work in practice. The FCPA Resource Guide calls for risk-based, dynamic, and grounded programs. Boards are increasingly expected to oversee not merely whether a program exists, but whether it is effective. In that environment, The Game Is Afoot in Compliance lands at exactly the right time.
It is a book launch with a larger purpose. It does not simply promote Sherlock Holmes as an entertaining analogy. It positions Holmes as a serious guide for the modern compliance professional. Fox gets that exactly right. Because at the end of the day, the best compliance officers are detectives of culture, analysts of systems, skeptics of easy answers, and guardians of institutional integrity. In other words, they are Holmesian.
And that is why this book matters.
5 Key Takeaways
- The Game Is Afoot in Compliance shows that Holmes provides a practical framework for modern compliance, not just a literary metaphor.
- A Study in Scarlet teaches the value of evidence before theory, rigorous investigation, and root cause analysis.
- The Sign of Four demonstrates that data only becomes useful when it is translated into disciplined monitoring, sound judgment, and defensible decisions.
- The Hound of the Baskervilles is a powerful lesson in third-party risk, independence, and the danger of letting myth or business custom replace due diligence.
- The Valley of Fear reminds us that fear and retaliation destroy speak-up culture, and that regulators now expect companies to prove their systems protect those who raise concerns.
You can purchase a copy of The Game Is Afoot in Compliance from Amazon.com. The book is sponsored by Gan Integrity and features a foreword by Karen Moore. Gan Integrity is sponsoring a road show, The Integrity Road, highlighting the book and each novel as a launching point for a larger discussion of compliance in 2026. The schedule is
Tuesday, April 21, in NYC, where we will discuss A Study in Scarlet and Investigations.
Tuesday, April 28, in San Francisco, where we will discuss the Sign of Four and AI in Compliance.
Tuesday, May 19, in London, where we will discuss The Hound of the Baskervilles and 3rd Party Risk.
You can register and find out more information here.
