Episodios

  • AI-Driven SOC Audits and the Growing Trust Gap

    AI-Driven SOC Audits and the Growing Trust Gap
    Apr 1 2026
    The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss concerns that AI-driven automation may be weakening SOC 1 and SOC 2 audits used to assure vendor financial reporting controls and cybersecurity/privacy controls. They focus on allegations by an anonymous whistleblower (“Deep Delver”) that tech startup Delve fabricates audit documentation with AI and relies on audit firms to rubber-stamp reports, claims Delve denies, potentially undermining trust in hundreds of SOC reports. Beyond Delve, they warn that startups are “fracturing” the traditional SOC audit model, driving timelines and costs from months and tens of thousands of dollars to days and a few thousand, encouraging check-the-box, low-quality audits, sometimes via little-known overseas firms. They note regulators are unlikely to intervene, leaving companies to reassess due diligence and the real assurance value of SOC reports. Key Highlights · Delve Whistleblower Claims · Red Flags in Audit Firms · How SOC Audits Work · Check the Box Trap · Regulatory Blind Spots · What Companies Should Do Resources Delve accused of misleading customers with ‘fake compliance’ in YaHoo!Finance Delve response Promises of ‘fast and easy’ threaten SOC credibility in Journal of Accountancy Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    23 m
  • Balt and TradeStation: Lessons for the Compliance Professional

    Balt and TradeStation: Lessons for the Compliance Professional
    Mar 25 2026
    The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the Declination awarded to Balt SAS and the OFAC enforcement action involving TradeStation. First, they review a Corporate Enforcement Policy declination for French medical-equipment company BAL SAS and the company’s U.S. subsidiary after self-disclosing, cooperating and remediating misconduct involving a U.S. subsidiary executive and a Belgian consultant allegedly funneling about $600,000 in bribes to a French public hospital official using sham consulting agreements, invoices, and poor documentation; BAL disgorged about $1.21 million in profit on roughly $1.68 million in revenue and disclosed while its internal investigation was still ongoing, raising timing and high-margin red-flag issues. Second, they cover OFAC’s $1.1 million settlement with TradeStation for accidentally disabling sanctions-screening controls for nearly a year, enabling hundreds of transactions from Iran, Syria, and Crimea; despite having layered tools on paper, IT changes and lapsed subscriptions undermined those controls, underscoring the need for ongoing monitoring, testing, and auditing. Key highlights: Balt FCPA Case Disclosure Timing Profit Margin Red Flags Controls and France Angle TradeStation Overview How Screening Failed Monitoring and Accountability Costs and OFAC Lessons Resources: Matt in ⁠Radical Compliance⁠ Tom in the ⁠FCPA Compliance Report⁠ Tom ⁠Instagram⁠ ⁠Facebook⁠ ⁠YouTube⁠ ⁠Twitter⁠ ⁠LinkedIn⁠ A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    27 m
  • McKinsey’s Lilli AI Hack: What It Signals for AI Governance, Security and Disclosure

    McKinsey’s Lilli AI Hack: What It Signals for AI Governance, Security and Disclosure
    Mar 18 2026
    The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look the recent hack of McKinsey’s AI tool Lilli. Tom and Matt discuss a Financial Times report that a white-hat hacker, Paul Price of one-person firm Code Wall, exploited flaws in McKinsey’s internal AI tool “Lilli” to access millions of internal chat messages, view sensitive client-related file names, and see the model weights used to train the system; McKinsey patched the vulnerabilities after disclosure. They argue the incident highlights emerging AI risks beyond traditional cybersecurity, including AI agents autonomously scouting for targets, the possibility of attackers altering models to change outputs and create hard-to-detect “drift,” and confusion over who inside organizations owns AI security and governance. The episode also explores the messy, inconsistent disclosure landscape for AI-related incidents and urges compliance and GRC leaders to slow AI adoption, pressure-test systems, clarify accountability, ensure kill-switch/manual fallback capabilities, and consider reputational fallout. Key Highlights · McKinsey AI Hack Overview · Three Big Implications · Model Drift and Tampering · GRC Playbook for AI Risk · Accountability and Kill Switches Resources Matt in Radical Compliance Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    20 m
  • Carrots and Sticks in Washington: Antitrust Whistleblowers and an FCPA SOL Extension

    Carrots and Sticks in Washington: Antitrust Whistleblowers and an FCPA SOL Extension
    Mar 11 2026
    The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look two recent developments sending a common message to compliance teams. First, DOJ antitrust official Daniel Glad warns that a new Antitrust Whistleblower Awards program and increased pursuit of prison time for individuals compress companies’ timelines to investigate and self-disclose, because insiders may report first and cost those firms potential leniency. Second, Senate Democrats led by Elizabeth Warren propose the FCPA Reinforcement Act to extend the FCPA statute of limitations from five to 10 years for an eight-year window, aiming to preserve future enforcement capacity for misconduct occurring now. They connect these “sticks” with “carrots” such as fast declinations for self-disclosure, emphasizing the need for robust compliance programs, strong reporting culture, prompt investigations, and clear decisions on disclosure regardless of who controls Washington. Key Highlights · Two Washington Signals · Antitrust Whistleblower Push · FCPA Reinforcement Act · Carrots Sticks and Culture · Why Internal Reporting Matters · Self Disclosure Through Line Resources Matt in Radical Compliance here and here Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    19 m
  • SDNY’s New Declination Policy: Crime Categories, Cooperation, and Compliance Implications

    SDNY’s New Declination Policy: Crime Categories, Cooperation, and Compliance Implications
    Mar 4 2026
    The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the recently announced new Southern District of New York standard for Declinations. They look at SDNY U.S. Attorney Jay Clayton’s newly released self-disclosure/cooperation/declination policy and its implications for corporate compliance. While the core elements, prompt voluntary disclosure, cooperation, remediation, and restitution, mirror existing DOJ expectations, they highlight a significant change: SDNY now treats “aggravated circumstances” as certain categories of crimes that are categorically ineligible for declinations, including foreign corruption/FCPA, sanctions evasion, terrorism, sex trafficking with minors, smuggling, drug cartels, and forced labor, rather than focusing on offense traits such as senior management involvement or recidivism. They note potential inconsistencies with DOJ’s corporate enforcement approach, uncertainty about disclosure timing despite references to promptness and pre-investigation disclosure, broad discretion in enforcement, and the risk of forum shopping. Key highlights: Why SDNY Declinations Matter Clayton Policy Key Changes Aggravated Circumstances Redefined FCPA Carve Out Confusion Timing and Disclosure Pressure Cooperation Restitution Disgorgement Resources: Matt in Radical Compliance Tom in the FCPA Compliance and Ethics Blog Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    23 m
  • FCPA Trial Rarity: Charles Hobson Convicted

    FCPA Trial Rarity: Charles Hobson Convicted
    Feb 25 2026
    The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the recent conviction of Charles ‘Hunter” Hobson for FCPA violations. Former Corsa Coal senior sales executive Charles Hunter Hobson was found guilty in Pennsylvania of helping arrange roughly $4.8 million in bribes to officials tied to a state-owned Egyptian coal company, using an intermediary, to secure about $143 million in contracts. Also, Hobson allegedly pocketed about $200,000. Tom and Matt Hobson’s unsuccessful “dog bite” defenses. They also discuss tensions between corporate and individual accountability, the practical reality that companies may cooperate and “turn on” individuals, and that individuals can also expose companies by cooperating with prosecutors. Finally, they speculate on why DOJ pursued trial amid shifting enforcement signals, referencing other recent FCPA matters (Millicom DPA, Smartmatic indictment) and past DOJ trial losses, and conclude that the best approach is to avoid bribery and avoid being the “last man standing.” Key highlights: Hobson Case Overview Dog Bite Defense Breakdown Payment Red Flags Declinations and Individual Risk Why Go to Trial? Resources Matt in Radical Compliance Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    Aún no se conoce
  • Truth Stranger the Fiction: Binance, Iran, Crypto and Compliance

    Truth Stranger the Fiction: Binance, Iran, Crypto and Compliance
    Feb 18 2026
    The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at recent reporting on Binance that raises questions about the effectiveness of its compliance program, monitorships, and executive attitudes toward compliance. They recap Binance’s 2023 resolution of U.S. criminal and civil matters involving money laundering and sanctions evasion. They discuss the Fortune article, which reported that Binance continued to route funds through its platform to the Iranian government in 2024 and into 2025. They highlight Mr. Zou’s public response on X, suggesting that if investigators found misconduct, it implied they failed to prevent it, which the hosts criticize as a misunderstanding that business units own risk and that compliance’s role is to provide systems, channels, oversight, and escalation rather than “prevent” all misconduct. Key highlights: Truth Stranger Than Fiction in Compliance Binance’s 2023 Guilty Plea, $4.3B Penalty & Two Monitorships Compliance Team Fallout: Investigators Fired & CCO on the Move ‘If You Found It, You Failed’: Why CEOs Misunderstand Compliance Iran as the Red Line: Plea Agreement Breach, Politics, and Corruption Risk Will Anyone Enforce This? Rule of Law Questions and What Comes Next Resources: Matt in Radical Compliance Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    20 m
  • NPAs, Escalation and Ethics in Competing

    NPAs, Escalation and Ethics in Competing
    Feb 11 2026
    The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at three recent stories to draw compliance lessons for the future. They discuss significant developments in compliance, focusing on Jay Clayton’s recent speech regarding FCPA enforcement and the implications for companies. They also analyze a case involving the termination of compliance officers at Scotiabank for failing to escalate concerns about insider trading. The conversation concludes with a reflection on athlete decision-making in the context of injuries and the lessons for corporate compliance practices. Key highlights: Jay Clayton’s Speech and White Collar Crime Prosecution Compliance Officers and Escalation Failures at Scotiabank Ethics in Sports: Decision-Making and Compliance Lessons Resources: Matt in Radical Compliance Tom Instagram Facebook YouTube Twitter LinkedIn A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    28 m