Compliance Perspectives

Ahmed Salim, a consultant and adjunct professor, is passionate about transforming change management in compliance. He breaks down eight essential steps that ensure successful change, from crafting a compelling vision to engaging leadership and maintaining effective communication. Salim emphasizes the importance of continuous monitoring and adaptation for long-term sustainability. Personal anecdotes illuminate the critical role of stakeholder engagement in building a strong compliance culture, making his insights invaluable for those in the compliance community.

By Adam Turteltaub As with so many other areas, communication, or a lack of it, can be a big problem when it comes to eDiscovery.  Legal doesn’t always adequately communicate what it needs.  The business unit doesn’t share information about all the technologies its teams are using to communicate, and compliance may be giving the wrong message as a result. The cure, as Joey Seeber, CEO of Level Legal lays out in this podcast, is making sure that everyone is aware of the issues, the technology and what proper practices look like. That means understanding what platforms are being used for collaboration, and deletion schedules need to be understood and consistent, wherever possible. To understand more about navigating around these problems, and how to find a vendor that will help your efforts, listen in to discover more about eDiscovery.

By Adam Turteltaub On July 10, 2025 the European Commission posted The General-Purpose AI Code of Practice.  Unlike the EU AI Act, this new Code of Practice is not compulsory, at least not yet. Still, it seems prudent to start understanding what it says and what expectations are being laid, as well as what the definition of general-purpose AI (GPAI) is.  To that end, we spoke with  London-based Jonathan Armstrong, Partner at Punter Southall. Jonathan explains that GPAI systems perform generally applicable functions such as image and speech recognition, audio and video generation, pattern recognition, question answering and translation.  It is similar to generative AI but is not the same. He then shares that the Code of Practice contains three sections:  transparency, copyright, and safety and security. Transparency is a hugely important issues for AI.  Organizations need to keep their technical documents related to their AI use current and address topics such as how the AI was designed, the technical means by which it performs functions and energy consumption. Copyright is a significant source of litigation at present.  Authors and other content creators see the use of their work by AI engines as a violation.  AI developers see the use of those works as furthering a greater good.  The Code of Practice sets out measures designed to help navigate these difficult waters. Safety & Security guidance is targeted predominantly at the most impactful GPAI operations.  The Code calls for extra efforts to examine cybersecurity and the impact of the technology.  This chapter of the document also includes 10 commitments for organizations to make. Listen in to the podcast and then spend some time reviewing The General-Purpose AI Code of Practice.   It’s worth seeing where regulations, and perhaps your AI efforts, are going.

By Adam Turteltaub Managing whistleblowers is always a hot topic, and you’ll find it on the agenda at the 2025 SCCE Annual Compliance & Ethics Institute.   To provide a preview of what you will see if you join us in Nashville, we sat down with the speakers for the session “Someone Blew The Whistle: Perspectives from Former Whistleblowers, In-House Compliance, and External Investigators”. The speakers in Nashville, and guests of this podcast, are: Jordan Segall, Senior Counsel, Ethics & Compliance, Xylem John Pease, Partner, Morgan Lewis Andrew Bakaj, Chief Legal Counsel, Whistleblower Aid. In our conversation they share the work Xylem has done to encourage internal whistleblowing.  The compliance team’s efforts include not just having a policy but ensuring that it is clearly accessible as well as explaining confidentiality, anonymity, and even investigative standards and processes. The company offers their employees multiple avenues to speak up, including HR, internal audit, the hotline, compliance, and even the audit committee of the board. These efforts are important, the speakers explain, because when whistleblowers go outside and bring a matter to the qui tame bar, typically it’s because they felt that their concerns weren’t taken seriously. To help keep employees from going outside, they offer several recommendations.  First, show employees that their concerns are appreciated and will be looked into.  Second, explain the investigative process.  Third, to the extent possible, provide regular updates.  Fourth, clearly communicate what the next steps are. Listen in to learn more, and then be sure to join their session at the  Compliance & Ethics Institute in Nashville.

By Adam Turteltaub There’s a lot new going on in healthcare enforcement, and, at the same, there’s a lot that hasn’t changed, reports Greg Demske (LinkedIn), partner at Goodwin Proctor and, formerly, Chief Counsel to the Inspector General at HHS. While the US Department of Justice has changed its priorities in areas such as anticorruption, if you look at what they and the Office of Inspector General (OIG) at Health and Human Services have been doing, he observes, the long-time bipartisan effort to stop fraud in healthcare is continuing. Yet, there are some significant changes.  At CMS a major shift has occurred when it comes to Medicare Advantage.  In the past there were audits of fifty plans a year, but now the goal is to audit all six hundred or so annually.  Backing that up is an expansion in the number of coders from 40 to 2000.  This has huge implications both for the plans and providers. Meantime the Department of Justice and HHS have created a False Claims Act Working group to further their efforts. Then, of course, there are qui tam claims, which hit a record high in 2024, and we have dispositions in the courts as well. So what should compliance teams do?  He recommends keeping a close eye on what the government is saying to ensure your program is staying ahead of the curve. And, of course, you should listen to this podcast to gain more of his insights from private practice and over 16 years at HHS.

Glenn Sweatt, Vice President at ECC, shares his insights from the front lines of disaster response and compliance. He discusses the urgent necessity of adaptability when managing compliance in the chaotic aftermath of wildfires in Los Angeles. Glenn highlights the importance of clear communication in a linguistically diverse city, where unexpected language needs arose. With a focus on training and innovative methods, he offers valuable tips for organizations to effectively navigate compliance challenges when crises strike.

By Adam Turteltaub Here’s a little nightmare every compliance officer dreads.  You leave your current job for an exciting new one, only to find out that you just walked into a position where the compliance efforts are token at best because the organization’s leadership doesn’t take compliance seriously. In this podcast Mary Shirley, Vice President, Chief Compliance and Privacy Officer, Scion Health, shares what to look for and how to protect yourself if this bad dream becomes your reality.  And, for the record, she has not run into this disaster at Scion Health. So, what are the signs there is insufficient commitment?  Any or all of the following could be, although generally one or two, she notes, may not be definitive: The title and standing of the top compliance officer is relatively low with little authority The compliance teams is greatly understaffed compared to industry benchmarks (cross-industry, healthcare data), without some compelling reason such as the organization is undergoing financial difficulties There is insufficient or no budget for necessary outside resources A lack of management appetitive for even inexpensive compliance initiatives Lack of support for professional development for the compliance team Compliance not included in major deals or transactions A chief compliance officer with no background in compliance If you find yourself in a situation where the compliance role is not worth keeping, it’s best to determine if there is hope for change or if it is best to leave. Either way, take the time to protect yourself by documenting what you have done and recommended, including what management ultimately decided. To prepare to leave, turn to your network, if you have one.  If you don’t have one, it’s time to start building it out. And, regardless of whether you are in a bad situation looking for a better one, or just looking at a potential career move, she advises asking these questions during the interview to determine if the new position is one that is set up for success or failure: What gets people fired around here? It’s a good way to see if there is real and consistent discipline. Can I speak to my predecessor? What would you like to see improved in the compliance program in the next six months? How would you describe the company’s risk appetite? What would the rank and file say about whether leadership is held to the same standards as they are? What deliverables from the compliance team were rewarded? What types of meeting does compliance attend? Does it have a seat at the table? What professional skills development programs were the compliance team sent to or given last year? What is the full-time staffing of the compliance office? What percentage of that is dedicated vs. liaisons? Is there budget for travel for investigations, training, compliance and ethics week activities and other purposes as needed? Listen in to learn more about how to find the right compliance role.

By Adam Turteltaub There is so much hype and drama when it comes to AI, that it’s good to hear the voice of Mujo Vilasevic, Senior Compliance Officer, Raiffeisen Bank  International.  Contrary to most, he makes the case that the problem with AI is overdramatization.  Despite the fears, it’s not going to take over the world or our jobs, as he sees it. So what should be doing when it comes to AI?  Educating ourselves is a very good start.  Also, look at AI both, as he describes it, outside in and inside out:  Look to see where it can be useful for the compliance department and how the business unit is putting it to use. Do so, he advises, recognizing that there is, as of yet, no global regulatory consensus.  While laws are emerging, there is still a patchwork out there. However, there are some principles of responsible AI use that do seem to have global relevance.  The EU law, for example, is based on the principles of integrity, data confidentiality, consumer data protection, personal data protection and the reliability of data used.  Few would argue against them. In sum, he argues for avoiding the easy temptation of fearing the unknown.  Instead, learn what you need to know to understand this technology (starting with this podcast), and be prepared for global regulations to provide helpful guardrails.

Justin Ross, Vice President and Chief Compliance Officer at Sysco, and Carrie Penman, Chief Risk and Compliance Officer at NAVEX, dive into the transformative use of helpline data. They discuss how reporting should be tailored for different stakeholders to boost transparency. The conversation shifts from reactive to proactive approaches, highlighting the potential to uncover organizational culture and risks through data trends. Key topics include the importance of analyzing discipline outcomes, retaliation, and regional differences to address compliance challenges effectively.

In this discussion, Stacy Parks, an Ethics Officer at Lockheed Martin, shares insights from her experience as a parent to a teenager, reflecting on the vast generational shifts in communication styles. She highlights how terms and preferences have evolved, especially among Millennials, Gen Z, and Gen Alpha, leading to a preference for digital, visual communication over traditional, verbal methods. Parks emphasizes the need for compliance teams to adapt their messaging strategies, employing engaging formats like visual content to connect with younger employees effectively.