Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Interview with Tom Fox of the Compliance Podcast Network
Quick Take
On this episode of Compliance Unfiltered, the CU Guys are pleased to be joined by Tom Fox from the Compliance Podcast Network to delve into the intricate challenges of implementing compliance programs. They explore the common misconceptions at the executive level, the critical role of internal controls, and the necessity of integrating compliance into business operations. Tom shares his journey from law to becoming a compliance evangelist, emphasizing the importance of ethical business practices in combating global issues like bribery and corruption. All these insights and more on this week’s Compliance Unfiltered!
Connect with Tom and explore all the great shows on the Compliance Podcast Network, here:
www.compliancepodcastnetwork.net
Read The Transcript
So let’s face it, managing compliance sucks. It’s complicated. It’s so hard to keep organized and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less. Now here’s your host, Todd Coshow with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, alongside a man who is definitely invited to your compliance barbecue, Mr. Adam Goslin, how the heck are you, sir?
I’m doing great today, Todd. How about yourself?
That’s hard to argue, sir. I am doing fantastic as well. Today’s a special day here at Compliance Unfiltered as we have a guest. Today, we are proud to be joined by our special guest, Tom Fox of the Compliance Podcast Network. Tom, welcome to Compliance Unfiltered.
Now, I was hoping that you could give our listeners a little bit of background on yourself and on compliance and just overall, kind of let the people know who you are.
Sure. So I’m a lawyer by professional training, practiced law for now 40 plus years. Starting in 2004 or 5 or 6 in that time frame, I was introduced similar to Adam’s experience to a topic called compliance. Although my introduction was I went to work for a company that had, in 2007, violated the international anti-bribery law of the United States called the Foreign Correct Practices Act. I was part of the new management team. I was hired as general counsel, brought in to clean it up after the fine and penalty was assessed by the Department of Justice. And that’s where I learned about compliance. I did that for a few years, the company got sold, my job went away. And I decided, well, I took a little detour to race bicycles for a year and had great time.
Well, that’s pretty cool. What kind of bicycles did you race?
Just regular old 10 speed bikes on 20 and 40 Ks.
Man, that’s really cool.
Well, it was until the Saturday after Thanksgiving in 2009 when I met a Hummer and the Hummer won that event. So my cycling career ended. So I convalesced for about two months and then I realized I was going to have to go back to work. And I decided when you have one of those sort of life changing events, you think about, well, what do I really want to do? I was 50 and decided what I really enjoyed in my last position was building compliance programs, policies and procedures, et cetera, inside corporations. So it’s 2010 and there were very few lawyers at that time in private practice who did that. If they were in compliance, they usually did investigations or negotiated with the government. So I decided to be the nuts and bolts guy. And I had no clients, I had no work, and the only thing I had was time. I didn’t leave my house except to go to physical therapy. So I started exploring social media, Twitter when it was really a business platform, LinkedIn, all of those things, started blogging. And the blogging led to podcasting. I started podcasting in 2012 and 2017. I got the bright idea to put together a network of podcasts in the compliance space. So we have three big trade groups in my form of compliance. And so I went around and said, hey, let’s put together a network, we’ll form a joint venture, we’ll put together a network, we’ll corner the market on information in the podcast format. It will not take away from anything else you’re doing, it will only supplement it. And not that it would ever suggest anything in a competitive, we’ll corner the market on all advertising. It could get no interest. So I just said, bleep it, I’ll do it myself, I did. And putzed around for a couple of years. In 2019, I decided I had to either fully commit or move it to hobby status. So quit practicing law, bought all the cool toys you see, built this huge network. At the end of the year, I’d made about $10,000.And I thought, well, that was an interesting experiment. Guess we got to go back to practicing law, which I did in 2020 for three months until they shut the country down. On or about March 15. So I’m sitting around trying to figure out what I’m going to do going forward.
And starting about May 15 of that year, I got the same call from every product provider in compliance, which was the following. How long do you get access to your network? Because up until that time, almost all marketing was done in person, conferences, trade shows, breakfast roundtables, lunch meetings, you name it, city events, et cetera. And of course, that was not available. So I had the anomaly of people wanting to spend money who had money to spend, who didn’t have any place to spend it, except with me. So I was still the only podcasting in compliance, I had the only networking compliance. At that point, even then, I had the biggest social media presence in compliance. And the answer to the question I was posed was 24 hours. Because of all the work I’d done in 2019, it was just a drop and drag or a plug and play. My little world blew up. I went from 5,000 a month in income to 35,000 a month in income in one month. I went from a hundred thousand downloads a month across the entire network, not in any one show to 250,000 in two months. So since that time, I’ve just tried to, uh, um, manage the growth, the explosion of growth and turn the network into a viable ongoing business.
Love that.
Very cool. So Tom, let me ask you what are some of the topics that you’re seeing raised by practitioners in the security and compliance spaces seen through the the lens of interest by the audience of the compliance podcast network.
Well, it’s really interesting because the issues raised are as basic as you can ask, which is, what is this? How do I do it? How do I become compliant? Why should I do it? Where can I go to do it? I am a lawyer with X number of years. I’m incredibly proficient in everything I do, and I have no idea how to do this. What I tell people and why I love having guys like you come on, my network is, I want your people to talk to my people because my people don’t know anything about you people. The question that a compliance officer, he’s going to get a call, and it may be similar to your experience, Adam, he’s going to get a call from the CEO or maybe even the board and say, where are we on our data security compliance program? Someone like me is going to go, what? Where’s IT? I said, we’re not calling IT, we’re calling you, your compliance. I know you’re laughing, but that’s really the situation my peers find themselves in. They’re being given this task, they have no idea how to do it. They think it’s a foreign concept because they think it’s IT. They don’t speak IT, they speak either law or compliance, and so they really need someone like yourself who can sit down and explain to them, here’s the steps you need to take, and then here’s how you work through them to get to the point where you are compliant.
Right. Yeah, it’s it is. It is interesting, right? When you’re when you’re sitting there, you know, you’re talking to these organizations and when they when they truly believe that it is the, you know, is the group that needs to just go handle this well, you know, there’s a lot of things that are technical, right. But the, you know, part of my my early experience was just the lack of the kind of the lack of real security and compliance knowledge held within those it folks and it’s almost like the leadership doesn’t realize that these people that they have on their teams. Yeah, they’re experts at firewalls are experts experts at network administration, but that doesn’t necessarily translate to, you know, the world of security and compliance. So it’s it’s quite interesting to see that, you know, that kind of dichotomy, if you will.
Indeed.
Now, Tom, tell us about kind of what you’re passionate about in the world of compliance. So I’m incredibly passionate about compliance, and here’s the reason I’m passionate about compliance. The UN estimates that $3 trillion is lost annually to the world’s economy from the scourge of bribery and corruption, $2 billion more if you want to add money laundering into that. And I found that I can be on the front lines of the fight against bribery and corruption while working in a capitalist society, in the corporate world, and that everyone has a role in this fight. Obviously, governments have a role, the UN has a role, the United States government has a role, the legislators have a role, the prosecutors have a role, but I can have an equally important role in compliance in the corporate setting. And I tell people, if you’re going to read a due diligence report and make a decision on whether you’re going to hire this vendor or not, that’s doing compliance. And you may not think it is, but every time you do that, you are pushing the ball forward. Maybe it’s just a little bit, but it doesn’t matter. If we can get this momentum going and get people thinking about how do you do business ethically and in compliance, then we can move to fight this scourge. So I call myself the compliance evangelist because in ancient Greek, an evangelist was the bringer of the good news. Well, I don’t say compliance doesn’t suck. I say compliance is the good news. And here’s why, because I’m going to make your business more efficient and at the end of the day, more profitable by having an effective compliance program. And so I see my role is in the corporate setting, helping businesses do business more ethically and in compliance.
So Tom, let me ask you in terms of, you know, kind of gaps in knowledge as you’re, as you’re having these dialogues with, you know, with various stakeholders, whether they be subject to compliance or, you know, assisting those, those kind of compliant organizations, where are you seeing the biggest gaps in knowledge by those that face compliance today? Where’s the miss?
The myths is, I see it as twofold. One is at the senior executive level, which they don’t understand that effective compliance is largely internal controls. Internal controls are financial controls. Who doesn’t think they don’t need good financial controls in a company? And if you expand that out a little bit, if you have strong and robust financial controls, you’re going to be more robust from that perspective, and that’s why I say effective compliance equates to more efficient business operations, equates to greater ROI. But the flip side of that is the compliance professional who, when I started, we used the term Dr. No from the land of no, or the Department of Business Non-Development, whatever you want to call it, we were going to say no. And we can’t do that. I have a friend, and his first question as a chief compliance officer is, what’s the business value? What value am I bringing to the business by implementing this policy, this procedure, this piece of technology? And so we have to drive real business value, and compliance professionals, I think, are at an inflection point where we are either going to have to inculcate and integrate compliance directly into business operations, or compliance will be moved to a back office function like internal audit.
Yeah, well, in the the interesting part that I found with the, you know, with with those folks out there, I’ve said this before on our on our pod several times is that, you know, when I first started Total Compliance Tracking, what I did is I implemented a strong security and compliance program for the organization. And, uh, you know, one of the, one of the interesting, interesting parts is, as I said, somebody comes to me, puts a, you know, kind of puts the proverbial gun at the temple and says, you can either choose to drop your security and compliance program, or you can choose to drop your cyber liability insurance, which one goes, and I’m like, in an absolute heartbeat, cyber liability, see ya, you know, because the, the active controls that the organization has are, are a layer of compliance. A layer of active protection for the company, uh, you know, and that’s what, that’s what I see as a, as kind of a mess with the, with the organizations out there. They just, they don’t perceive that value from the multiple layers of those internal controls and how they, you know, kind of help to help to shield the organization.
So the other thing that really intrigued me, Adam, about your story and your company and the space you’re in is the following. I don’t think you’re regulated by a group of prosecutors. So in my space we’re regulated by a group of prosecutors who work for the Department of Justice because there’s a U.S. law called the Foreign Court Practices Act and that’s the law they enforce. So we have compliance driven by a regular or a legal requirement, not even a regulatory requirement, and a response to that. Houston, Texas, where I practiced law for 40 years in my hometown, is the FCPA, enforcement capital of the world. More enforcement actions involve Houston companies than any other city on Earth, and that’s for one reason, and that’s because we’re the energy capital of the world. All energy companies have had some sort of bribery and corruption problem, but the response was, okay, we’re going to take this burden on ourselves and Exxon, Chevron, Shell, BP have gold standard policies. The next level down are called the service companies. They do the work for the producers. If you want to do work for a service company, you have to have a compliance program. So it becomes a business differentiator, and that’s one of the things that intrigued me so much about your space. I don’t want to say it’s self-regulation, but from where I sit, I’m not seeing prosecutors coming down knocking on the doors. I’m seeing potential customers saying, are you compliant? Do you have a certificate? Are you SOC compliant? All of that, and so when I talk about being a compliance evangelist, I see corporations regulating themselves essentially in both of our areas of compliance by requiring anyone down the chain to be compliant in whatever space you’re in. So that was one of the other reasons I was really intrigued by your space and what you guys do.
Very cool.
Now, Adam had the opportunity to record a podcast on the Compliance Podcast Network regarding TCT. So, Tom, tell the listeners how they can find that recording.
Well, um, I’m probably going to cross post it because I found it such a great story, but it’s the first time it goes out. It will be on a podcast called innovation and compliance. And that podcast is about innovation largely, but it’s also about what I started with having your people talk to my people. So I wanted you to get exposure to anti-corruption compliance chief officers, because they need to understand what you guys do and what you guys bring to the table. So I don’t know when that’s going to go out. I haven’t produced it as yet, but when I do, I will let everyone know.
Excellent. And we will definitely do the same on our channels as well. Adam, additional pieces that you wanted to talk about when in regards to that podcast recording.
No, it was a it was a great opportunity to to get on and you know, kind of tell people a little bit about TCT it’s it’s funny Tom and I share the you know share that notion of kind of wanting to Wanting to help people wanting to you know wanting to show them the way You’re wanting to educate them It was fun because one of the one of the questions that Tom asked me was, you know Hey, you’ve got all of these resources up on your website and they’re freely available Basically, what why the hell’d you do that? It’s it’s simple I mean I got literally I got into this space because I like helping helping folks and To me it was just it was so startling You know when I started Just how little folks knew about security and compliance about the relative benefits about Those layers of controls that can you know actively shield the organization, you know How you know it some of those controls are proactive some of them are detective But in in combination You know all of the that suite of controls all act all work to you know To improve the posture and mitigate risk to the organization And it’s just something that there’s so many folks out there that that don’t understand You know kind of how that works and so, you know in responding to Tom about you know Why why do we have blogs out there since 2018 or pods out there since 21?It’s literally in an effort to try to help folks in the space and you know, one of the things I’m excited about and Tom I like the notion of you know You you the opportunity to expose you to folks that we know And folks the Austin folks that you know It’s just that it goes right in alignment with both of our you know Both of our objectives which is to try to help people in the space and and try to move the ball if you will
Absolutely.
Adam, additional parting shots and thoughts for the folks this week.
Well, Thomas, it’s been great having you on to compliance unfiltered, being able to kind of gain some insight. I very much related to your story about you were talking about how you just had decided to go back into law, and then three months later, the country shut down. As you were saying that, I actually was on a remote trip, and I was actually over in Europe. And this was days before they were going to shut down the US border. And I got back in, I think, with about a day clearance, if you will. When we started TCT, it was started as a full remote organization. So it was a fairly easy transition for TCT to continue doing what we do, because we’ve been a full remote organization from the start. But I definitely applaud your kind of hoops to go step back into and do the compliance podcast network. I think that that was brilliant. So I would encourage the compliance unfiltered listeners head on over to the compliance podcast network and check out the other pods that they have as part of their network, and be on the lookout for the recording that Tom and I put together just a little bit ago that will be coming, and I’m guessing in the coming weeks. So Tom, thanks very much for having us on.
Great, and thank you guys.
Absolutely, and that right there, that’s the good stuff. Thank you. Well, that’s all the time we have for this episode of Compliance Unfiltered. I’m Todd Coshow and I’m Adam Goslin, hope we helped to get you fired up to make your compliance suck less.
