Compliance into the Weeds

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss concerns that AI-driven automation may be weakening SOC 1 and SOC 2 audits used to assure vendor financial reporting controls and cybersecurity/privacy controls.  

They focus on allegations by an anonymous whistleblower (“Deep Delver”) that tech startup Delve fabricates audit documentation with AI and relies on audit firms to rubber-stamp reports, claims Delve denies, potentially undermining trust in hundreds of SOC reports. Beyond Delve, they warn that startups are “fracturing” the traditional SOC audit model, driving timelines and costs from months and tens of thousands of dollars to days and a few thousand, encouraging check-the-box, low-quality audits, sometimes via little-known overseas firms. They note regulators are unlikely to intervene, leaving companies to reassess due diligence and the real assurance value of SOC reports. 

Key Highlights 

·      Delve Whistleblower Claims

·      Red Flags in Audit Firms

·      How SOC Audits Work

·      Check the Box Trap

·      Regulatory Blind Spots

·      What Companies Should Do

 Resources

Delve accused of misleading customers with ‘fake compliance’ in YaHoo!Finance

Delve response

Promises of ‘fast and easy’ threaten SOC credibility in Journal of Accountancy

 Tom  

Instagram

Facebook

YouTube

Twitter

LinkedIn

 A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the Declination awarded to Balt SAS and the OFAC enforcement action involving TradeStation. 

First, they review a Corporate Enforcement Policy declination for French medical-equipment company BAL SAS and the company’s U.S. subsidiary after self-disclosing, cooperating and remediating misconduct involving a U.S. subsidiary executive and a Belgian consultant allegedly funneling about $600,000 in bribes to a French public hospital official using sham consulting agreements, invoices, and poor documentation; BAL disgorged about $1.21 million in profit on roughly $1.68 million in revenue and disclosed while its internal investigation was still ongoing, raising timing and high-margin red-flag issues.

Second, they cover OFAC’s $1.1 million settlement with TradeStation for accidentally disabling sanctions-screening controls for nearly a year, enabling hundreds of transactions from Iran, Syria, and Crimea; despite having layered tools on paper, IT changes and lapsed subscriptions undermined those controls, underscoring the need for ongoing monitoring, testing, and auditing.

 Key highlights:

Balt FCPA Case

Disclosure Timing

Profit Margin Red Flags

Controls and France Angle

TradeStation Overview

How Screening Failed

Monitoring and Accountability

Costs and OFAC Lessons

Resources:

Matt in ⁠Radical Compliance⁠

Tom in the ⁠FCPA Compliance Report⁠

Tom  

⁠Instagram⁠

⁠Facebook⁠

⁠YouTube⁠

⁠Twitter⁠

⁠LinkedIn⁠

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.
Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look the recent hack of McKinsey’s AI tool Lilli. 

Tom and Matt discuss a Financial Times report that a white-hat hacker, Paul Price of one-person firm Code Wall, exploited flaws in McKinsey’s internal AI tool “Lilli” to access millions of internal chat messages, view sensitive client-related file names, and see the model weights used to train the system; McKinsey patched the vulnerabilities after disclosure. They argue the incident highlights emerging AI risks beyond traditional cybersecurity, including AI agents autonomously scouting for targets, the possibility of attackers altering models to change outputs and create hard-to-detect “drift,” and confusion over who inside organizations owns AI security and governance. The episode also explores the messy, inconsistent disclosure landscape for AI-related incidents and urges compliance and GRC leaders to slow AI adoption, pressure-test systems, clarify accountability, ensure kill-switch/manual fallback capabilities, and consider reputational fallout.

 Key Highlights 

·      McKinsey AI Hack Overview

·      Three Big Implications

·      Model Drift and Tampering

·      GRC Playbook for AI Risk

·      Accountability and Kill Switches

 Resources

Matt in Radical Compliance

 

Tom  

Instagram

Facebook

YouTube

Twitter

LinkedIn

 

A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look two recent developments sending a common message to compliance teams.  

First, DOJ antitrust official Daniel Glad warns that a new Antitrust Whistleblower Awards program and increased pursuit of prison time for individuals compress companies’ timelines to investigate and self-disclose, because insiders may report first and cost those firms potential leniency. Second, Senate Democrats led by Elizabeth Warren propose the FCPA Reinforcement Act to extend the FCPA statute of limitations from five to 10 years for an eight-year window, aiming to preserve future enforcement capacity for misconduct occurring now. They connect these “sticks” with “carrots” such as fast declinations for self-disclosure, emphasizing the need for robust compliance programs, strong reporting culture, prompt investigations, and clear decisions on disclosure regardless of who controls Washington. 

Key Highlights 

·      Two Washington Signals

·      Antitrust Whistleblower Push

·      FCPA Reinforcement Act

·      Carrots Sticks and Culture

·      Why Internal Reporting Matters

·      Self Disclosure Through Line

 Resources

Matt in Radical Compliance here and here

 Tom  

Instagram

Facebook

YouTube

Twitter

LinkedIn

 A multi-award winning podcast, Compliance into the Weeds was most recently honored as one of a Top 25 Regulatory Compliance Podcast and a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, Communicator and w3 Award, all for podcast excellence. 
Learn more about your ad choices. Visit megaphone.fm/adchoices

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the recently announced new Southern District of New York standard for Declinations.

They look at SDNY U.S. Attorney Jay Clayton’s newly released self-disclosure/cooperation/declination policy and its implications for corporate compliance. While the core elements, prompt voluntary disclosure, cooperation, remediation, and restitution, mirror existing DOJ expectations, they highlight a significant change: SDNY now treats “aggravated circumstances” as certain categories of crimes that are categorically ineligible for declinations, including foreign corruption/FCPA, sanctions evasion, terrorism, sex trafficking with minors, smuggling, drug cartels, and forced labor, rather than focusing on offense traits such as senior management involvement or recidivism. They note potential inconsistencies with DOJ’s corporate enforcement approach, uncertainty about disclosure timing despite references to promptness and pre-investigation disclosure, broad discretion in enforcement, and the risk of forum shopping.

Key highlights:

Why SDNY Declinations Matter

Clayton Policy Key Changes

Aggravated Circumstances Redefined

FCPA Carve Out Confusion

Timing and Disclosure Pressure

Cooperation Restitution Disgorgement

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.
Learn more about your ad choices. Visit megaphone.fm/adchoices