Compliance Perspectives

By Adam Turteltaub I recently learned that at the US Department of Justice’s law library, one of the most common requests the librarians receive is for vintage dictionaries. Why? Because the lawyers often need to find out what the definition of a word was at the time a law was passed. Meanings change over time in the law and in the vernacular. Remember when describing something as “sick” meant that it was bad? Now it’s the opposite. Stacey Parks, Ethics Officer, Enterprise Operations and International Ethics at Lockheed Martin will be taking on our evolving language at the 2025 SCCE Compliance & Ethics Institute. Her session is, appropriately, entitled, “Divided by a Common Language: No Cap. Here’s the Tea on How Being a Mom of a Teenager Made Me a Better Communicator.” With five generations in the workplace today, it’s important to understand that each has its own communications style and what works for one may not for another. Millennials, Gen Z and Gen Alpha are all digital natives and are much more comfortable than their predecessors with online communication. They also tend to prefer shorter, more succinct messaging, including pictures and diagrams. For them, less is more. Many are also “telephobic,” afraid of and uncomfortable using the phone for talking. They prefer texting and have a poor understanding of telephone etiquette. What’s a compliance team to do? Think differently. Use lots of imagery, and even memes to communicate. Look to short form training, rather than long. Learn their language, too, so you can be a better listener when they share their concerns. And, before you dismiss these ideas, don’t forget how your felt when your parents (or grandparents) threw in the word “groovy” long after it was no longer so groovy to do so. Listen in to this podcast and then be sure to join her in Nashville at the Compliance & Ethics Institute. It’s going to be sick!

By Adam Turteltaub If you’re looking for compliance direction only from the US Department of Justice, you’re missing the wider picture. There is a lot going on in Europe that companies operating in that geography need to be complying with. Dr. Tobias Kruis, Head of Corporate Compliance, Giesecke+Devrient, shares what is going on both in this podcast in his session “Dancing with the Acronyms: Jiving Through LkSG and CSDDDD in the European Compliance Ballroom” at the 2025 SCCE Annual Compliance & Ethics Institute. The German Supply Chain Due Diligence Act, also known under the acronym LkSG, is focused on human rights, occupational health and safety and environmental projects. It requires regular and systematic risk assessments as well as remediation and preventative measures if risks are found. Grievance procedures are also a mandate, as are annual effectiveness reports on the supplier due diligence process. Sanctions for non-compliance can be as high as 2% of annual turnover. The German regulator has already conducted over 1,000 proactive reviews since the act was adopted. The EU Corporate Sustainability Due Diligence Directive was adopted in 2024 and builds on some existing national laws. The aim is to ensure a level playing field for companies in Europe by requiring them to address human rights and environmental concerns in the supply chain. It has much broader reach than the German law in its requirements, including a mandate to conduct due diligence beyond the first tier of suppliers. While enforcement has not yet begun and several changes are contemplated, compliance teams can begin preparing now, taking a risk-based approach to their due diligence efforts. They should also start building cross-functional partnerships with HR, quality, management, procurement and the sustainability teams. Listen in to learn more about what’s happening in Europe, and then don’t miss his session “Dancing with the Acronyms: Jiving Through LkSG and CSDDDD in the European Compliance Ballroom” at the 2025 SCCE Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub There’s always a “but” when it comes to AI. It has great potential, but there’s always the risk of bad things happening. In the case of the False Claims Act and healthcare, that’s very much the case. In a recent article for Compliance Today – “AI and the False Claims Act: Navigating compliance in the age of automation” -- Phoebe Roth and Colton Kopcik of Day Pitney warn that the same “but” applies to medical coding. AI and coding seem to be a match made in heaven. There is enormous potential for ensuring that bills get processed quickly and all the proper charges are made. But (of course) plenty of risks come with it. First and foremost, a lack of human oversight can lead small errors to quickly multiply, especially if the AI model was trained on biased historical data or follows patterns of mis-billing. False claims can then can quickly spiral out of control, leading to expensive refunds and settlements. Other areas of risk include telehealth and remote care fraud, especially at a time of increased government scrutiny of medically unnecessary services or improper billing. So what should you do? It is prudent when embracing AI, they warn, to ensure that the algorithm is always up to date on the latest changes to the regulations. Whether the AI was created in-house or by a vendor, be sure there is a plan in place to monitor for changes and make accurate, real-time adjustments. Having in place an AI steering committee is also a good idea. Be sure to include IT, coders, clinical staff, compliance and others. Finally, turn the staff into your front line of defense. Help them be on the alert for potential issues so that you can head off problems before they become big problems. Listen in to learn other ways to manage the “buts” of AI. This podcast is for educational purposes only and does not constitute legal advice. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub As important as gaining access to the board is, using that time properly is even more crucial. Becky Rohr, Chief Compliance Officer and head of Investigations at Ericsson, will be sharing her insights and advice on this topic in her session “Board Reporting, Not Bored Reporting: Presenting to Boards and Other Senior Stakeholders by Using Data and Storytelling” at the 2025 SCCE Annual Compliance & Ethics Institute in Nashville. In this podcast and preview of her session, she advises that, even before entering the boardroom it’s important to take the time to know your audience. Talking to the board, a board committee or senior executives is different since each has its own priorities. Be sure that what you say and show them speaks directly to their role. Remember, too, that the board is focused on the organization as a whole. She cautions that the board will feel obligated to read anything you send it. So, be sure to avoid overwhelming them and to focus on the larger issues that could materially affect the organization. When presenting data, don’t just give them the raw numbers. Prepare a concise analysis that tells them what those numbers mean and what the key takeaways are. She found that a slide showing opportunities, challenges, highlights and lowlights in a simple quadrant graphic can be particularly useful. Dashboards, too, can be valuable, so long as every light on it isn’t green. That’s bound to raise suspicions. Take the time, too, to anticipate what questions they are likely to ask. She warns that boards tend to want to know how the organization stacks up against its industry peers. So, be sure to take the time to benchmark. Be sure to also take the time to listen to the podcast and join us in Nashville, September 14-17, at the SCCE Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub What you don’t know can hurt you. And what you do know can hurt you. Such is the dilemma of background screening. Companies want to know who they are hiring, but, explains Al Firato, CEO & Founder of HireSafe, some information is off limits. The 1964 Civil Rights Act and Title VII prohibit examinations of race, religion, ethnicity and more. In addition, federal and state regulations set limits on what background check firms can look at. That’s not always a bad thing, Al points out. A conviction for a criminal offense from decades earlier should not be cause for immediate disqualification, especially if the person has since made amends. In addition, the conviction may not be relevant for the job at hand: a DUI for a prospective delivery driver is a lot different than one for someone who will be working at a desk all day. The EEOC has also made it clear that people are, in most cases, entitled to a second chance. With that said, background checks can be very useful for revealing exaggerated academic and work histories. Many prospective employees take advantage of the fact that, with so many mergers, it may be difficult, if not impossible, to verify previous employment. Listen in to learn more about the do’s and don’ts of background screening. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Dr. Hemma R. Lomax, Vice President, Deputy General Counsel and Global Head of Ethics and Compliance for DocuSign thinks a lot about leaving a legacy, not just for herself but in general. She’ll be addressing the topic Beyond the Rules: The Future of Compliance is Legacy-Driven Leadership at the SCCE 24th Annual Compliance & Ethics Institute, which takes place September 14-17, 2025 in Nashville. She is a strong advocate for thinking beyond quarterly goals and looking to operationalize best intentions to leave something behind that is more enduring. Getting there, she explains, requires first helping leaders understand that they know that a legacy is not out of reach, if they focus on doing the right thing and for the long run. Done correctly, the legacy they create can be an enduring strategic asset. For compliance teams it means recognizing that every human has a survivor and a sage brain. And, while we in compliance need to embrace that survivor brain and embrace bad scenarios, we cannot be prophets of doom, raising already high anxiety levels. Instead, we need to lead with transparency, embed purpose into processes, make ethics a design feature, and create internal accountability. Listen in to learn more and then join her session in Nashville at the SCCE 24th Annual Compliance & Ethics Institute. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Joint ventures are created to capitalize on a business opportunity, but they come with challenges. Each partner may have a different experience with or attitude towards compliance. They may have distinctly different cultures, and, in the worst case, may each be expecting the other to be watching compliance when, in fact, no one is. Hassan Chaudry, a member of the SCCE & HCCA Board and Chief Compliance Officer of POSCO JV, a General Motors joint venture, recommends several keys to success in JVs. First, having meaningful conversations with leadership right at the start is important, especially if it is face-to-face. This helps establish rapport and makes top management more comfortable with the role of compliance. Look to commonalities between the partners, not just the difference. In his case, with one party being from North America and the other from South Korea, there were different approaches and laws, but both countries are members of the OECD, and its guidance for compliance programs provided a common reference point. Once the groundwork is set, take the time to meet with employees from senior and middle management, as well as the front line. Also, don’t forget the board: setting expectations with them and building an ongoing line of communication is essential. He also recommends treating the JV like a start-up, not an established company. Finally, put yourself in the shoes of joint venture partners. Look at the business from their perspective, and that will help you better understand what will make for a truly successful compliance program. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Don’t take it personally if it’s taking you forever to find a new compliance job. According to Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance, you’re far from alone. It’s not that there aren’t jobs out there, he explains. There is just a hesitancy to hire due to the macro-economic environment. With so much economic instability and unpredictability, organizations are slower to hire. Adding to the challenge is technology. A job posted on LinkedIn can generate hundreds or thousands of applications, making it more difficult for organizations to wade through them. So how do you make yourself stand out and become a must-hire? He recommends moving beyond showcasing your ability to manage regulatory issues and instead focus on how your skills can help the organization navigate the range of operational risks that they face. Be sure to also shift from focusing on what you can do to defend the company to how you can help the company grow. Finally, he advises showcasing your certifications and cutting edge experiences, and using technology to help. There are AI tools out there which will help you tailor your resume to the posted job description. Listen in to learn more and accelerate your job hunt. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Professors Todd Haugh (LinkedIn) and Suneal Bedi (LinkedIn) of the Institute for Corporate Governance & Ethics at the Kelley School of Business at Indiana University recently published a paper: Retheorizing Corporate Compliance. In it they argued strongly that compliance needs to be seen not just as a defense against potential corporate legal liability. It also needs to be recognized as a proactive offensive tool for building market share and competitive advantage. On this podcast they explain that compliance creates numerous non-market strategies for helping the business. For example, organizations with stronger programs can demonstrate to regulators that they would be a good choice to acquire a troubled company. Leading compliance programs can also help to set the standard of practices for their industry, giving their organizations an advantage over those with lagging compliance practices. In sum, by thinking of how compliance can help the business, not just protect it, there are significant opportunities created to grow the business, and change the way people think about compliance. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub In November 2024, the Office of Inspector General at Health and Human Services released its Nursing Facility: Industry Segment-Specific Compliance Program Guidance. The document is part of an effort to modernize how HHS OIG is communicating to industry and providing information about risks, how to mitigate them and best practices for compliance programs. Jillian Willis (LinkedIn/Firm Page) and Melissa Scott (LinkedIn/Firm Page) of Nelson Mullins explain that the new guidance contains four main sections: quality of care and quality of life, Medicare and Medicaid billing requirements, Federal anti-kickback statute and other risk areas such as physician self-referral, HIPAA and related-party transactions. It shares best practices. Notably, the guidance, complements other guidance out there, including the Department of Justice’s. And, in addition to focusing compliance efforts, it can be helpful for promoting operational efficiency. Listen in and then spend some time reading the Nursing Facility: Industry Segment-Specific Compliance Program Guidance. Listen now The Compliance Perspectives Podcast is sponsored by Athennian, a leading provider of entity management and governance software. Get started at www.athennian.com.

By Adam Turteltaub Professors Guido Palazzo and Ulrich Hoffrage are skeptical. When they hear that there was a bad apple at the core of a scandal, they are hesitant to accept that explanation. Instead, they argue in this podcast and in their new book, The Dark Pattern: The Hidden Dynamics of Corporate Scandals, that the problem is typically much deeper and wider. There are dark patterns, as they call them, that lead to bad behavior. Underlying the patterns are nine building blocks. They explain: Rigid ideology is a shared belief system that narrows the view of decision-makers at the expense of other views, risking them losing sight of ethical dimensions. Toxic leadership can create fearful contexts when narcissistic, Machiavellian, or psychopathic leaders abuse their power and cause harm, be it through direct orders, leading by example, or a carrot- and- stick approach. Manipulative language restricts how things are perceived and evaluated, influencing people’s judgments, decisions, and behaviors in ways that contribute to evil. Corrupting goals and unrealistic targets divert people’s attention so that they lose the ability to see the bigger picture in which their decisions are embedded— and the ethical dimension of their behavior. Destructive incentives create a tunnel vision of reality and lead to unhealthy competition and fights. Ambiguous rules create a gray area where people at best are confused and at worst can morally disengage when they do something bad because, after all, they were just following the rules. Perceived unfairness can lead people to engage in illegal practices while feeling that they are restoring justice. Dangerous groups may force individuals to conform, encourage aggression against members of out- groups, or pressure those who are considering speaking up not to do so. Finally, people who are on a slippery slope may not realize how they are straying from the right path to the point of escalating their commitment to evil things without even realizing how they have changed. While there are ways to manage for these risk areas, the challenge is that they are too often missed. The solution they advocate for includes compliance teams educating themselves more in areas such as social psychology so that they are more attuned to the human factors. Within the office there is a need for companies to resist the need to move on from scandals and to instead engage in deeper soul searching to understand what went wrong and why. Finally, they are advocates for making ethics a much more important part of compliance programs. Listen in to better understand what dark patterns are and how to keep them from taking hold of your organization. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub So you’ve got a case of AI fever and want to put the technology to work for your compliance team. What should you do? Jordan Domash, Founder of Rersponsiv, urges you to first take a deep breath and think through the process starting with defining your goals. Interestingly, he shares, the goals can be affected by the solution you choose, whether you go with a solution that is homegrown or out of the box. Either way, once the goal is set, expect an iterative process and regular testing to ensure that the solution is delivering what you were looking for, free from hallucinations and other problems. To make that process work it’s essential to have an evaluation plan in place, which includes identifying all the potential failure points. Make a part of it conducting some manual tests to see if the AI is delivering the results it should. In sum, AI can be invaluable to your program, but only if you put in the work to ensure that it is well designed and truly performing as it should. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub On May 12, 2025 the head of the Criminal Division at the US Department of Justice issued a memo to all Criminal Division personnel with the subject: Focus, Fairness and Efficiency in the Fight Against White Collar Crime. To understand what the document means for compliance programs, we spoke with Amy Matsuo, leader for both Regulatory Insights and Compliance Transformation at KPMG. Overall, she sees the document as being good news for compliance programs. It reiterates the importance and value of quickly finding and remediating violations. The DOJ also outlines some very favorable terms for organizations that self-disclose. These can include a declination with no requirement to enter into a criminal resolution, a non-prosecution agreement and a 75% reduction in potential fines. The Department of Justice will also be reviewing settlements that are already in place and may provide relief if the organization is found to have made substantial progress, has a reduced risk profile and self-reported. This review is a part of an effort to revisit monitorships and to ensure the cost to organizations is justified. The Department of Justice also shared where it will be focusing its efforts. Procurement and program fraud, trade violations, sanctions violations and support to foreign terrorist organizations will all be in the cross hairs. Listen in to learn more about what the DOJ’s expectations are and what you should be doing to ensure your organization meets them. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Andres Cuevas, Compliance Director LATAM for EmergentCold explains from Chile that for compliance officers to be successful in Latin America they need to stop thinking about Latin America as a whole and start thinking much more about each country and its culture. And, of course, we must be mindful that each company also has a culture of its own. To navigate the differences and build consistency, he advocates for having a strong set of baselines rules that are common across your enterprise and the region. Establish what is non-negotiable. But, at the same time, it’s important to work with local leaders to have an understanding of what the local realities are, work with them and respond accordingly when variations are necessary. Compliance leaders also need to be mindful of the legal requirements of each country. In Chile, for example, he reports that there are more than 250 crimes that the company can be found liable for. Listen in to learn more about how to navigate your compliance efforts successfully across this diverse region. He also shares what he has learned about managing compliance in a company growing through acquisition. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Mark Diamond wants you to stop thinking of records retention as a chore and start thinking of it as a driver of compliance. In this podcast the President & CEO of Contoural shares that retention schedules have grown in importance with increased requirements for privacy and safeguarding personal data. That, in turn, is having an enormous impact on the risks and costs of ediscovery. Proper retention schedules also have significant impact on employee productivity and collaboration, as well as using AI in less risky ways. Organizations are now increasingly treating records based on their business value and are developing retention schedules that reflect their worth. One of the greatest challenges they face, though, is the tendency of employees to want to hold onto everything just in case. While it’s understandable, it adversely affects efficiency, as employees are forced to wade their way through obsolete records. Part of the solution, he suggests, is to develop a “super schedule” for document retention. Rather than having multiple different policies which can cause confusion, having one overall policy vastly simplifies things for employees and allows for greater automation. Listen in to learn more, but don’t retain this podcast longer than you should. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub In a recent issue of Compliance & Ethics Professional ®, Nick Gallo, Chief Servant and Co-CEO of Ethico addressed the control paradox, a situation in which the controls designed to prevent misconduct, actually encourage it. Think of it like the person whose car has so many airbags that they no longer fear an accident and drive quicker. So what’s the solution? He argues it’s creating an environment where we have faith in controls, but not too much, and focus on helping those on the front line make the right decisions. That includes, he says, teaching not just what you should do but why. It also means encouraging ownership of ethical issues, not outsourcing it. Listen in to learn more about how to get better control on your controls. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Recently, Gartner released very intriguing research into third party risk. Chris Audet, Vice President and Chief of Research in the Gartner Assurance Practice tell us that they found business has it’s spending all wrong. Too much is invested in due diligence, and not enough time and effort is spent on monitoring. There research found that the business unit knows the risks third parties pose and is seeing it firsthand. When relationship managers were surveyed, 84% had seen changes to the risk profile and 76% found a third party had provided materially inaccurate information. In fact, 95% had seen something troubling in the past year. So why aren’t they reporting this information to the compliance team and what would get them to share more? There were three main answers, Chris reports: Creating more relationship ownership objectivity. Too many feel too strong a tie to the third party. Confidence in identifying red flags. Encouraging objectivity and providing reassurance that compliance won’t over-react. He also advises making it easy for third party relationship owners to contact compliance and to work compliance into the workflow. Listen in to learn more about the benefits of rebalancing the third party risk equation. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Risk assessments are not new in healthcare, and in specific regulatory areas are required. But, that doesn’t mean things aren’t changing. More and more organizations are embracing enterprise risk assessments (ERM) as a way to assess the range of risks that they face, including legal and regulatory concerns. Getting the risk assessment right is particularly challenging for healthcare organizations, explains Robert Stratton, Executive Director – Enterprise Risk and Security; Corporate Compliance Official and Senior Counsel for Northwest Permanente. Robert is also the author of the chapter “Enterprise Risk Management in Healthcare” in the latest edition of the Complete Healthcare Compliance Manual. The mix of insurance, patient care professionals, large sums of money and complex structures makes the risk map challenging. On the positive side, electronic health records can provide a wealth of information to inform your ERM efforts, as can frontline employees who can provide insights into what is going on behind the numbers. Once the risks are mapped, there are four ways to manage them, he explains: transfer, accept, mitigate and avoid. It’s hard to do any of them cleanly, but it’s important to understand which approach or approaches are best for a given risk. All four approaches, he adds, need to be accompanied by a culture which is aware of the risks, understands the risk appetite of the organization and their department, and acts accordingly. Listen in to learn more about ERM and how compliance can play an effective role in identifying and managing risk. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub As if ransomware and phishing attacks weren’t enough to keep us up at night, now AI is enabling a whole new range of cyber threats. Ryan Redman, Product Manager, Marketing and Brett Sommers, Director of GRC Products at Onspring warn that the nature of attacks is evolving. Vishing, in which criminals use technology to imitate the voices of colleagues and organization leaders, is being used to trick people into revealing passwords, share data or send money. Employees need to learn to be wary and even confirm requests, even from trusted voices, via email or other means. Healthcare and manufacturing are two industries that have been singled out by bad actors for this kind of attack. Aside from training, what else can compliance teams do? They recommend: Focusing your resources on high value risk areas Ensuring your cyber defenses are as strong as they need to be Reviewing your third parties to ensure that a compromise won’t come from someone hacking into their systems Understanding how AI is being used by your organization and vendors to make sure that the security is adequate Being transparent about your expectations Listen in to learn more. I swear it’s really us and not AI. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub These are fractious times, and it’s often difficult to figure out what to do, what comes next and keep people with divergent views working together. Despite these challenges, Anna Romberg, Executive Vice President, Sustainability, Legal and Compliance for Getinge, doesn’t believe that things are hopeless. In an article she co-authored with Richard Bistrong for Harvard Business Review, they laid out several strategies for successfully navigating the current era. In this podcast, she reminds us that ethics and compliance programs are about more than following the law. They are also about encouraging good behavior, which includes following the company’s values, no matter how the political winds are blowing. With that said, now is a good time to do what organizations need to do, which is assess their values periodically to ensure that they are relevant, and the organization is living up to them. At the same time, she encourages the compliance team to embrace friction. It is inevitable when facing difficult discussions and different opinions. It’s also a sign of change and that the matter at hand needed to be dealt with. She also cautions compliance teams to be alert and encourage speaking up. With increased pressure and changing norms, some may lose sight of the need to do the right thing. Listen in for a bit of stability during unstable times. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.