As Tom and Mrs. Compliance Evangelist trek to Ann Arbor MI to attend his law school reunion, Go Blue and watch the Wolverines trounce Nebraska and enjoy some cool autumn weather, he and Jay are back with a look at some of the week’s top compliance and ethics stories.

  1. Due diligence is not a nice to have, it’s a mandatory. Scott Shaffer explains in the FCPA Blog.
  2. Kavanaugh and compliance? Matt Kelly considers in Radical Complaince. Tom and Matt explore in this week’s Compliance into the Weeds.
  3. Why does a law firm admit its internal investigation was designed to be a whitewash (in the internal investigation report)? More on the very strange Dansk Bank money laundering imbroglio. Patricia Kowsmann and Drew Hinshaw report in the Wall Street Journal. Tom dishes on the FCPA Compliance and Ethics Blog.
  4. Mark Cuban makes $10MM donation. Is it enough to make up for 15 years of toxic corporate culture of sexual abuse and harassment? Kaelne Jones reports in Sports Illustrated.
  5. Big oil on trial in the UK. What will be the fallout? Mara Lemos Stein reports in the WSJ Risk and Compliance Journal.
  6. KPMG study finds slow adoption of tech in compliance. See full report here.
  7. Matthew Stephenson continues his two-part consideration of the Hoskins decision. In the Global Anti-Corruption Blog.
  8. SEC proposal to limit whistleblower awards draws withering criticism from commentary period. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal.
  9. Want the top compliance training from the guy who wrote the book on compliance? Tom will put on a Compliance Master Class in Boston, September 25 & 26, hosted by Affiliated Monitors. Registration and information, click here.
  10. Want a 50% discount to one of the top compliance conferences around? Join Tom and AMI’s Eric Feldman at CONVERGE18 in Denver on October 9-11. I hope you can join me at the event. For information on the event, click here. As an extra benefit to fans of This Week in FCPA, CONVERGE18 is offering a 50% discount off the registration Enter discount code TOMFOXVIP.
  11. In this week’s podcast series I internview Rebecca Turco and Paul Johns from SAI Global on their current innovations in compliance learning. Part 1-the changing marketplace; Part 2-adaptive learning; Part 3-EthicsAnywhere; Part 4-trends in compliance; and Part 5-integrated risk management.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at

Over this podcast series I have been visiting with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both at SAI Global, the sponsor of this podcast series. We have been discussing the changes in ethics and compliance (E&C) learning and how a more technology-based learning solution can help move your company to a more effective and  more operationalized best practices compliance program. In this final episode, I visit with Paul Johns on the need for an integrated approach to risk management.

One of the primary reasons why an integrated approach to risk management is mandatory in today’s business environment is the increasing amount and complexity of risk which every company and, indeed, every Chief Compliance Officer (CCO) face. Moreover, social media has amplified every action and reaction both in terms of signal strength and speed of dissemination and communication. New risks include the parties you are working with down the line to 3rd, 4thand 5thlevel suppliers and sales representatives. Obviously cyber risks are greatly increased as well. From consumers or customers, however, the calculation is strikingly simple – did your company do the right thing?

It is only through an integrated risk management strategy that you can being to prepare your company to do business in the modern world. Such a strategy includes (1) forecasting, (2) risk assessment, (3) risk-based monitoring and (4) feedback of information gleaned from your monitoring into your risk strategy going forward. Yet it is more than the risk management process; it is using each part of your compliance program to develop information which can make your overall risk management strategy more robust.

While this five-part series has focused largely on compliance and ethics training, consider how an integrated approach to risk management works even with training. As Turco noted regarding adaptive learning, it is designed to focus on “making sure the learners are getting the content and relevant information that they need within any piece of content. It begins with asking questions about where they work and whether they interact with government officials. From there, it moves to serve up content to the employee which is meaningful, that helps them start to see what risks are in their area.” By asking questions to deliver an appropriate training solution, you begin to develop information about the state of your compliance program. If you are weak in some areas, you may wish to engage in remediation. If you strong in other areas, you can use those employees as Compliance Ambassadors within your organization to be a resource to other employees.

Johns tied this concept to your overall risk management strategy by noting it is only as strong as the weakest link. In the area of compliance training, this means if you have a high employee turnover, as is common in retail companies, your annual Code of Conduct training may not be sufficient to catch all employees every year. Moreover, if such training is run out of Human Resources (HR), the compliance function and hence senior management and the Board of Directors may not even be aware of this gap. But you may not even be aware of this gap unless you ask questions or consider what the data is telling you.

Some other questions Johns posed in the context of an integrated risk management strategy are if your company moves to a new geographic region or opens a new sales line, have all of your policies and procedures been updated to reflect this change in your risk profile? Has anyone considered such a move from the risk perspective? Are you even assessing such risks before product implementation or change in sales strategy? From the Board and Chief Executive Officer (CEO) perspective, have they been presented with an integrated risk report from which they can even begin to assess the risk in front of them? Your sales model will directly impact your risk under anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA). Third-party risks are still the highest risks under the FCPA. However, an employee-based sales strategy also presents risks, albeit a different set of risks. (Consider GSK in China.)

Another interesting reflection from Johns was that with the more flexible nature of a workforce, including those on flex time, working from home, working during a commute and those who are essentially on 24-hour call; these innovations in working conditions demand an innovation in ways that training and ongoing communications are delivered. This means a company should have a mobile platform for learning and communication that can deliver its messages to employees when and how they want (and need) to consume it. This also ties into questions about not only content but the technology you use to deliver that content. When was the last time you considered the technology you are using in terms of the best manner to deliver the appropriate content?

Johns concluded with quite an interesting observation on the role of compliance and risk management. It is to become the new Praetorian Guards, which is to say put a ring around the senior executives to protect them. (Note – I am a fan of the Alamo analogy articulated by Chuck Duross but then again, all the defenders at the Alamo died.) He also alluded to the offensive nature of the Praetorian Guard. This also ties more closely into how a more fully operationalized compliance program makes a business run more efficiently and at the end of the day, more profitably.

In this episode of the CONGERGE18 Preview Podcasts series, I visit with Susan du Becker, Global Compliance Enablement at Cisco Systems. We discuss some of her strategies for breaking down silos to facilitate compliance training. Some of the issues we tackle in this podcast are:

  • How compliance and ethics has moved to a must have corporate discipline.
  • What are the most important ‘care-abouts’ for your company’s workforce?
  • Every different elements do you have to work with in each country you do business for your compliance training?

In what is fast becoming one of the top ethics and compliance conferences around, I hope you can join me at CONVERGE18, hosted by Convercent. This year’s event will be October 8-11 at the Omni in Broomfield, Colorado. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

With the acceleration of the speak up culture and organizational accountability that social media is enabling and amplifying, companies need to incorporate integrity into every level of the organization. CONVERGE18 will help you do just that by addressing this ethical transformation head-on. Get the insights, information and solutions you need to put ethics into action. Join compliance executives from Salesforce, Kimberly Clark, Avis, U.S. Bank, AARP, Wells Fargo, Cheesecake Factory and many others to:

  • Network with 300 of your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Gain insights from 35 speakers including Ethics and Compliance advocate Hui Chen, ECI’s CEO Pat Harned, NBA’s Deputy Chief Compliance Officer Steph Vogel, President at OCEG Carole Switzer and more.
  • Bring actionable takeaways back to your program from various session types including 2 keynotes, 5 general sessions, 12 discussion-based roundtables, 18 interactive breakout sessions for you to listen, learn and share.
  • The goal of CONVERGE18 is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to readers of this blog, CONVERGE18 is offering a 50% discount off the registration price. Enter discount code TOMFOXVIP.

CONVERGE18 is a production of Convercent, which is the sponsor of this podcast series.

Over this series I have been visiting with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both at SAI Global, the sponsor of this podcast series. We are discussing the changes in ethics and compliance learning (E&C) and how a more technology-based learning solution can help move your company to a more effective and more operationalized best practices compliance program. In Part IV, I visit with Rebecca Turco on the current trends she is seeing in culture, ethics and compliance (E&C) and where it all may be headed.

We began the discussion with adaptive learning, which is more of a personalization way to learn. It is key for the compliance ethics discipline because adaptive learning “really looks at how do we differentiate the content for the learners? How do we start to serve up content that’s relevant based on role or region? How do we help learners?” Adaptive learning is designed to focus on “making sure the learners are getting the content and relevant information that they need within any piece of content. It begins with asking questions about where they work and whether they interact with government officials. From there, it moves to serve up content to the employee which is meaningful, that helps them start to see what risks are in their area. It also allows content designers to be able to give them a personalization to the training experience that is more meaningful than just kind of a one size fits all.”

Another key usefulness of this approach is that it does not reinvent training for employees who do not need it. This comes from “giving people credit for understanding risks, giving them the ability to kind of test out, by asking them a series of questions and if they know the answers, they may know what their risks are and they can move to a level at which they do not know the answers. You do not need to train employees in areas where they have demonstrated competency. This gives companies the opportunities to really think about their program and differentiate the ethics and compliance training of their compliance program.” Turco concluded, “in the world today, people are looking for compliance training that is as short and sweet as possible, getting to the relevant pieces of information.”

Another innovation in E&C learning has been around the concept of branching. Turco explained this is building out different scenarios. She provided an example of training about “a security breach. Things happen on a video and the learner is watching them unfold. By using adaptive technology you can require the learner to pick out the hotspot where they would see a risk or something being violated. From there the video would branch off into different scenarios based on what you decide because that’s real life. It is not the first decision that causes an ethical breach or a security breach. It’s for decisions down the road. That’s the hard part in training to get right because it is not always just as black and white as is the conflict of interest might lie.”

We next turned to the area of the effectiveness of compliance training, which, Turco said, “is the key story for compliance”. Interestingly, Turco said the first question asked is about the content of the training, not the data around this issue. She explained, “you can collect as much data as you want for any, any reason but if the content you are writing and designing for the training is not meaningful, then the data you’re getting isn’t meaningful.” (as fine a definition of GIGO as I have ever heard.) She said that a company must really think about data and how to use it to make your program smarter and to make you understand where the risks are in your organization.

Effectiveness then starts with building content with thought provoking questions in the presentation. This leads to scenarios which ask the learner, “what do you think?” From there you can begin collecting the data from their responses and start to analyze it on the back end. This can give you trends about whether there is a disconnect in your written Code of Conduct, policies and procedures and how business is operationalized in the field.  With this data, an organization can start to target campaigns to that team around that risk area identified. Turco pointed to one example where a company was able to demonstrate through this approach a training competency and effectiveness increase from 20% to 80% in one year.

Your goal should be that the needle is moving and your organization is providing employees the tools in order to make sure they have the knowledge and the competency to not only pass that assessment but also understand those risks in the business. This is far beyond the “check the box” method of training. With the speed of current day corporate decision making in the field and the pressure your sales teams are under to meet goals, timelines and deadlines; you need to provide training to meet these business realities. Once you understand that, then you can start to understand how to provide your employees effective training.

Turco concluded by noting that your training should aid in the decision-making process when the teams are under pressure; whether that be sales pressure, pressure due to a high-risk region or other. Turco said, “How do you make sure that when they’re under that pressure, they will know exactly what to do?” The data collected from the training process can help identify risks, provide the opportunity to help employees understand more and drive training or campaigning around risks.

On this date in 1970, Number 2 on my all-time favorite live albums began a two-week run at the top of the US charts. It was the Rolling Stones Get Yer Ya-Ya’s Out! The album was largely recorded at two sold-out shows at the old Madison Square Garden in NYC with one song from a Baltimore concert: all from the 1969 US tour which had ended at Altamont. Rock critic Lester Bangs said, “I have no doubt that it’s the best rock concert ever put on record.” The 1969 tour was the first to include guitarist Mick Taylor, taking over from the deceased Brian Jones and it also included Ian Stewart on keyboards. While I loved and cherished the original vinyl, I became curious when I purchased the 40thanniversary box set earlier this year and it included songs from other artists.

This anniversary edition featured three other artists who had been on the ’69 tour with the Stones; B.B. King and Ike and Tina Turner. While I had heard other B.B. King live albums (Live in Cook County Jail), I had never heard Ike and Tina Turner live so their set was a revelation. It included “Sweet Soul Music”, “Son of a Preacher Man”, “Proud Mary” and “I’ve Been Loving You Too Long”. While the original version of the album and then CD was fabulous, it was made even better by the addition of King and the Turners. Check it out here.

Today, I conclude a two part exploration of the Harvard Business Review (HBR) article, entitled “The Business Case for Curiosity”, by Francesca Gino.  Yesterday I wrote about a key ingredient for any Chief Compliance Officer (CCO) or compliance practitioner, which is curiosity. Today I want to conclude by considering what you can do as a leader to enhance curiosity in your group and what a company can do to foster curiosity in the workplace.

The first thing to recall is that companies which foster and facilitate curiosity demonstrate that they want their employees to think and raise their collective hands with ideas. This promotes institutional justice throughout the organization. Companies which either do not want their employees to be curious or worse, say they want that trait then actively discourage employees who practice it, would seem to be culturally poor and prone to employees not raising ethical violations or even ethical questions.

Curiosity also leads to another positive corporate culture attribute – empathy. Simply put, “Empathy allows employees to listen thoughtfully and see problems or decisions from another person’s perspective, while curiosity extends to interest in other people’s disciplines, so much so that one may start to practice them. And it recognizes that most people perform at their best not because they’re specialists but because their deep skill is accompanied by an intellectual curiosity that leads them to ask questions, explore, and collaborate.” If you have organizational justice at the top, coupled with empathy from your immediate supervisor and your co-workers, it is highly likely you will have a positive culture at your organization.

Gino prescribes five actions you can take.


You can incorporate questions about curiosity into your hiring protocol. Google did this in their famous billboard posing a math puzzle but you can put questions into your hiring process. Some of the questions Gino cites are ““Have you ever found yourself unable to stop learning something you’ve never encountered before? Why? What kept you persistent?” The answers usually highlight either a specific purpose driving the candidate’s inquiry (“It was my job to find the answer”) or genuine curiosity (“I just had to figure out the answer”).

Model Inquisitiveness

Gino notes that “Leaders can encourage curiosity throughout their organization by being inquisitive themselves.” This relates to one of the most important skills for any leader, that of listening. Gino provided the example of Greg Dyke who, after being named Director at the BBC but before he took on the role, went on a tour to meet BBC employees. Rather than lay out his vision, he asked employees “What is the one thing I should do to make things better for you?” He would follow this up with “What is the one thing I should do to make things better for our viewers and listeners?

Not only did this win over a skeptical workforce but it modeled the twin behaviors of listening and being curious. Gino believes that by asking questions you are communicating your curiosity. Also it makes clear you “approach the unknown with curiosity rather than judgment.” Judging your co-workers and employees rather than listening to them is never a good prescription for a positive culture.

Continuous Learning

Perhaps the most famous commercial airline pilot of the 21stcentury is Captain Chesley “Sully” Sullenberger. When asked how he was able to land his airplane in the Hudson River, “he described a passion for continuous learning.” While many senior leaders and companies focus on the results, it is actually more beneficial to focus on learning more generally. This is a variation of the prescription to focus on the process and not the results in compliance. Yet it is equally valid.

Gino notes, “A body of research demonstrates that framing work around learning goals (developing competence, acquiring skills, mastering new situations, and so on) rather than performance goals (hitting targets, proving our competence, impressing others) boosts motivation. And when motivated by learning goals, we acquire more-diverse skills, do better at work, get higher grades in college, do better on problem-solving tasks, and receive higher ratings after training.” 

Foster Curiosity

Your company should give employees time and resources to be curious. The return on investment (ROI) will be in spades. This can come from practices as straight-forward as reimbursing employees for tuition for continued learning. It can come through rotation of employees to other corporate disciplines; such as placing an engineer in the internal audit group. It can also come through travel to locations away from the home office or outside the US.

These last two strategies also have the added benefit of broadening out one’s network. Gino stated, “they’re more comfortable than others asking questions, such people more easily create and nurture ties at work—and those ties are critical to their career development and success. The organization benefits when employees are connected to people who can help them with challenges and motivate them to go the extra mile. MIT’s Bob Langer works to raise curiosity in his students by introducing them to experts in his network. Similarly, by connecting people across organizational departments and units, leaders can encourage employees to be curious about their colleagues’ work and ways of doing business.” 

Why? And What if? Days

How about dedicating certain days in your company to asking such questions as Why? What if?and How might we…?Obviously, such questions spur curiosity but the answers that come up would not only foster this trait within your organization but might raise some concrete ideas to put into practice. Gino believes that senior leadership should not only encourage employees to be curious but they should also teach how to ask curiosity inducing questions.

Hui Chen has said one of her goals in creating the Evaluation of Corporate Compliance Programs (Evaluation) was to induce compliance professionals to ask questions. I would rephrase it to say the Evaluation provides a framework with which to be curious about your compliance program. As a compliance professional you should take this a step further and broaden out your curiosity. Gino ended her article by stating, “maintaining a sense of wonder is crucial to creativity and innovation. The most effective leaders look for ways to nurture their employees’ curiosity to fuel learning and discovery.” I would only add, you should do this for yourself as well.

While you are at it, check out Get Yer Ya Yasout. Let me know your favorite rock live album.

Original Album Playlist (all from YouTube)

Side One

  1. Jumpin’ Jack Flash
  2. Carol
  3. Stray Cat Blues
  4. Love in Vain
  5. Midnight Rambler

Side Two

  1. Sympathy for the Devil
  2. Live with Me
  3. Little Queenie
  4. Honky Tonk Women
  5. Street Fighting Man

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018