Compliance Perspectives

By Adam Turteltaub Uzbekistan, Kazakhstan, Tajikistan, Turkmenistan and Kyrgyzstan were all born out of the dissolution of the Soviet Union. With large energy deposits of national gas, many global companies and their suppliers are operating within these countries. To better understand the compliance risks there, we spoke with Timur Khasanov-Batirov, a compliance officer with deep and wide roots in the region. While we may think of this area as one region, he warns that there are substantial differences by country. Kazakhstan is the most developed, and compliance has gained significant traction in large companies, primarily in the oil and gas sector. Uzbekistan saw three major FCPA cases, and, as a result, compliance has garnered a great deal of attention. The other three countries have much smaller economies and less developed compliance cultures. In addition, Turkmenistan has a fairly-closed economy, which complicates the picture. While it is easy to focus on the anticorruption risk in the region, there are other challenges. The area has become a significant transshipment point to Russia of prohibited and dual-use goods. In addition, child and forced labor is an issue, especially in the textile industry. To mitigate these risks, especially for sanctions evasion and corruption, companies operating in the region will need to pay close attention to the ownership of companies. That is not always easy to do because corporate structures are often opaque. The desktop-based due diligence systems in the US and Europe are likely not sufficient, Timur advises. Having someone on the ground in the region is likely needed. Listen in to learn more about what it takes to operate a compliance program in this important part of the world. Listen now

By Adam Turteltaub It’s not a good time to be a manufacturer of ten-foot poles. That’s because with the growing number of sanctions regimes, there are an increasing number of companies and individuals that businesses shouldn’t touch with a poll of ten feet, or any length for that matter. Rachel Gerstein, who most recently served as Vice President, Global Ethics and Compliance Counsel for Gartner, explains in this podcast that trade sanctions are laws and regulations designed to prevent and punish engaging with countries, organization and individuals who the government has deemed a threat to national and international security, or has committed human rights violations. Many countries have sanctions regimes, although the United States tends to have the strongest. The US, for example, has countrywide sanctions against Iran, Cuba, Syria and North Korea, as well as numerous sanctions against Russian individuals and entities. The government’s enforcement arm is the Department of the Treasury’s Office of Foreign Assets Control (OFAC), which has developed comprehensive guidance for compliance programs. It includes five pillars that will sound very familiar to anyone in compliance: Management commitment Risk assessment Internal controls Testing and monitoring Training In addition to the obvious similarities in compliance program design, there is also great practical overlap. Third party vetting for anticorruption risk, for example, can also include sanctions-related checks. When determining if the company’s owners are politically exposed, it’s an ideal time to determine if there is 50% ownership by a sanctioned individual or entity. Training is another common element and particularly important. Individuals involved in payments and account receivable need to be educated in sanctions risks and what to watch out for. Employees across the workforce also need to be sensitized to the issue. Europeans, for example, may see Cuba as just another exotic Caribbean vacation destination and not realize the risk. Of course, there are also different tools also used for sanctions compliance. Your bank, for one, may be an asset given that it may be keeping its own list of sanctioned entities. Geoblockling is a tool that can be used to determine what country someone is communicating to you from and can be used by you to block interactions. In short, there is a great deal of risk, but there are great similarities with other compliance efforts, enabling you to combine sanctions compliance with other compliance efforts. But, you’re still not likely to need that ten-foot pole. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub The current fee-for-services model in healthcare has challenges, to say the least. Value-based care, explains, Colleen Gianatasio, Vice President of Compliance, CoventBridge, takes a different approach by asking four questions: What are the needs for both patients and providers? What are the challenges and barriers to meeting them? What technology and other resources are available? How will providers be measured for success, and when will they be reimbursed? In answering these questions there is an underlying emphasis on a much more collaborative and transparent approach among patients, providers and payers. There is also a commitment to understanding the community as a whole. For those looking for advice on how to pursue value-based care, she offers several thoughts, including: Be thoughtful in your use of technology solutions Give all your stakeholders a seat and voice at the table Break down the silos, and communicate openly and frequently Listen in to more about the practice and promise of value-based care. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Recently Protiviti released an intriguing report: Top Compliance Priorities for U.S. Healthcare Organizations in 2025. In this podcast their Global Healthcare Compliance Leader, Leyla Erkan, shares some of the key priorities they revealed: Managing technology. This includes wearable devices, AI, telehealth platforms and more. All have great promise, but each comes with significant risk. Privacy and security. Many organizations are struggling with right of access issues, reproductive health data, and using data more effectively to deliver care. Not to mention the issues of data breaches and ransomware. Integrating quality and safety into compliance programs. As with value-based care, expectations have grown for compliance to play a key role in ensuring quality and safety. Billing and coding. Cloning of documentation remains a key risk area along with lack of documentation. New technologies hold great promise but there are challenges in areas such as using AI. Listen in to learn more about these issues and other identified as top compliance priorities for healthcare in 2025. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub How much is your cybersecurity program worth? Traditionally the thinking has kind of been: if we don’t have a breach it’s expensive but valuable, and if we do have one it’s both expensive and worthless. Eric Shoemaker of Genius GRC advocates for a different way to value cybersecurity efforts. Instead of just looking at what it prevents, also look at what it enables: your organization to do business with less friction. A good cybersecurity  program give customers the confidence that you are safe to do business with. It prevents business interruptions, and doesn’t get too much in the way of the business. So track things like deals successfully closed after reviewing the company’s cyber defenses. He also argues for using near misses as a way to demonstrate value. Each incident provides an opportunity to examine what could have gone wrong, what controls worked, and what enhancements could be made to strengthen them. Listen in to learn more about how you can establish the value of your cyber protection efforts. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub Virginia MacSuibhne is not your typical compliance officer. It’s not surprising then that this former global chief compliance at Agilent and Roche, who also has an Etsy shop selling irreverent, NSFW compliance merch, decided she wanted to do an atypical podcast. Rather than focusing on a brilliant idea she had or a huge success, she suggested we discuss the mistakes she has made. Each of them has an important lesson for others in compliance. Mistake #1: Do the code of conduct yourself. It’s far better to involve the business team both to gain their insights and get their buy in. Mistake #2: Think working inside a company is like working for their law firm. When you work in a company, even in the legal department, you need to focus on relationships and be less transactional. There’s no clock or timesheet to record billable hours. So spend the time getting to know your colleagues and building personal connections with them. Mistake #3: Disregard the rhythm of the business. Every business has its own rhythm, with busy and quiet times and its own processes for getting thing done. Take the time to learn them. Mistake #4: React immediately and strongly to evaluations. Sometimes it’s better to take a breath and understand the context as well as what drives you. Unofficial mistake #5: Not listening to this podcast. Listen now Sponsored by Case IQ, a global provider of whistleblowing, case management, and compliance solutions.

By Adam Turteltaub A good, juicy case study is great for compliance training. An artfully created scenario can also be remarkably effective, especially for ethics training. What makes them so appealing, and how do you use them best? Colin May, Adjunct Professor at Stevenson University, explains that problem-based learning is very effective for adults both for knowledge transfer and retention. It also helps people apply what they have learned. Case studies, which are based on actual incidents, and scenarios, which are fictional, also benefit from a human love of stories. When determining whether to use a case study, scenario or some other learning method, he advises first thinking about the outcome: what do you want people to take away from the training. Next, think about the debriefing after employees have had a chance to either read the case study or act out a scenario. That subsequent conversation may prove to be the most valuable part of the learning exercise. Be sure, too, to keep your case studies and scenarios current. They do have an expiration date. Even big, juicy ones can seem dated after a few years. Even something as big as Enron can get old: it happened 24 years ago, before a significant portion of your workforce was born. Finally, be sure to listen to the podcast and reach out to him through LinkedIn if you would like the tool that he referred to. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub There’s a lot of discussion about the relationship between compliance and the general counsel. Less words, though, have been dedicated to the important relationship between compliance and HR. Netherlands-based Asaf Shalev, Global Ethics, Risk & Compliance Lead for DLL rightly observes that maximizing synergy between the work of HR and compliance is a key for success of both the compliance program and the business. The departments share overlapping interests in a number of areas, including the code of conduct. He advocates both sides working closely together to ensure that it is human centric. When it comes to compensation, HR can help by building in compliance-related metrics. When it comes to discipline, HR can ensure that it is documented, consistent and fair. They can also be helpful for navigating local the labor laws that may apply. Listen in to learn more about how to make the compliance-HR relationship work from recruiting and onboarding through the entire employee lifecycle. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub Stress can be a good thing. Burnout, though, is something altogether different and very real for compliance professionals. Sarah Hadden (LinkedIn), CEO and Publisher of Corporate Compliance Insights shares in this podcast the not always encouraging data on stress and burnout from their 2025 Compliance Officer Working Conditions, Stress & Mental Health survey. The research did reveal some very good news. Compliance officers are generally happy with their work. They have a sense of purpose and feel that what they are doing is important. The findings also revealed a small but notable increase in the belief that the organization is supportive of compliance efforts. On the other side of the coin, though, only 7% said that job stress was not an issue. More concerning, 51% reported that they are experiencing burnout. What causes that burnout? A variety of factors are in play including the fast pace of regulations, personal liability fears, lack of time and resources and even AI. One of the greatest causes of stress, the survey revealed, is reporting structure, with those reporting to legal, rather than to leadership or the board, being the least satisfied and most stressed out. Listen in to learn more, unless, of course, it’s going to stress you out. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.

By Adam Turteltaub There is a tendency to think of risk assessment as one thing and demonstrating the value of the compliance program as another. In this podcast, Catherine Bruno, Assistant Director Office of Integrity and Compliance (OIC) at the FBI shows that the risk assessment process can also be a great way to demonstrate the value of a strong compliance program. So how do they make that happen?  First, the OIC ensures that individuals who are closer to the risk, the subject matter experts at each of the divisions at FBI headquarters, as well as each field office, are involved both from the start and on an ongoing basis. Every six months the OIC requires them to spend time assessing compliance risk and put forward at least one. This process ensures participation without demanding too much of the field’s time. In advance of that meeting, the OIC conducts a training session, provides a model agenda, and may do a presentation on a particular risk area. They also require that, at the meeting, the participants also spend time examining the tier 1 risks that the OIC has identified. In the future, she is looking to better spell out the cost of non-compliance and the savings of proactive measures. But, she cautions, quantifying the benefits does not have to be based on dollars exclusively. Reputational factors can and should also be considered. Each field office is also required to provide data on the risk areas that they are tracking. That data gets compiled and gives them an opportunity to compare themselves to each other. The information is also shared at higher-level branch meetings a month later, and it helps executive assistant directors understand where field offices are focused in terms of their risks. In sum, the process provides both a better understanding of risk and demonstrates the value of the compliance program. Listen in. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.