Compliance Advisory

Knowledge plus experience equals wisdom.

Most compliance programs were built for a regulatory environment that no longer exists. The policy manual is on the intranet. The training calendar produces completion certificates. The board is asking questions about AI governance, synthetic workforce risk, and business and human rights obligations that the program was not designed to answer.

The gap between what a compliance program says it does and what it would withstand under current regulatory scrutiny is not a small gap. It is structural. And it grows every quarter that the program does not evolve.

This work is designed to help organizations assess, build, strengthen, and deliver compliance programs that function under real regulatory pressure, not just under favorable conditions. That includes organizations preparing for a capital raise, a board governance conversation, or a regulatory question that is already overdue.

I have been the compliance officer in the room with the skeptical CFO who sees this function as a cost center. I understand what it takes to move compliance from cost center to business enabler, and that is exactly what this work is designed to do. I have also been the person who knows what that room costs. The years of defending the function to people who see it as overhead, watching boards defer the hard question because nobody had a clean answer, and carrying governance and risk obligations that had no clean home inside the organization. This work is built from that understanding.

If you have ever been the most credible person in the room and still the one who had to justify why the room exists, this work was built with that experience in mind.

How compliance risk actually shows up now

AI disclosure and governance obligations that most programs have not yet mapped.

Synthetic workforce questions, including AI agents and autonomous systems making consequential decisions, that employment policies were not written to address.

Business and human rights due diligence moving from voluntary frameworks to mandatory legal requirements in certain jurisdictions and industries.

Whistleblower programs designed years ago that have not been audited against current regulatory guidance.

Third-party and vendor relationships carrying compliance exposure that nobody has formally assessed.

Training that produces completion rates but does not change behavior on Monday.

Boards that ask AI governance questions that current outside relationships cannot answer.

Supply chain and logistics risk sitting in the gap between procurement and compliance.

Stakeholder mapping gaps that cause new programs to fail at rollout, not at design.

Senior leaders who remain the prime drivers of misconduct because the incentive structures shaping their behavior have never been examined by the compliance function.

Old programs that were designed for a different regulatory era and have not kept pace with what enforcement agencies, institutional investors, and regulators now expect to see.

Who this work is for

This work is designed for the people who retain responsibility when something goes wrong.

Chief Compliance Officers and Chief Ethics and Compliance Officers

who own a program built for a different era and need an outside voice with enforcement credibility, legislative experience, and the applied neuroscience and behavioral economics to make training actually transfer.

General Counsel

carrying compliance, governance, and risk obligations alongside everything else the legal department governs, and who need infrastructure and a credible outside voice, not another framework document.

CEOs and Founders

who have outgrown the absence of a compliance program and need the function built correctly before the next board meeting, the next capital raise, or the next regulatory question.

Boards and audit committees

that need to demonstrate adequate oversight of compliance programs, AI governance, and whistleblower protections.

Nonprofit organizations

navigating governance requirements, Form 990 obligations, conflicts of interest policies, and the compliance demands that funders and regulators increasingly impose.

Organizations with supply chain, logistics, or international operations

that require compliance infrastructure beyond what the domestic program was designed to provide.

Services

Compliance Program Gap Analysis

Compliance Training

AI Governance and Synthetic Workforce Compliance

Whistleblower Program Audit

Board and Investor Preparation

Stakeholder Mapping for New Program Rollouts

Fractional CCO Engagement

Nonprofit Compliance

Background

This work is built on the combination of having held the compliance function inside a publicly traded organization, adjudicated ethics violations as an appointed commissioner, engaged with the legal framework at the legislative level, taught compliance and governance to law students and working professionals for fifteen years, and delivered training and risk assessments under real regulatory pressure across industries and jurisdictions.

Representative Engagements and Presentations

Former Chief Compliance Officer and Chief Privacy Officer, publicly traded Fortune 500 company. Responsible for compliance program design, board reporting, regulatory risk management, and the governance of privacy and compliance functions at the enterprise level.

Member, Whistleblower Protection Advisory Committee, U.S. Department of Labor, appointed by the Obama administration. Served for five years as part of a management and labor working group examining whistleblower rules across more than a dozen federal agencies. Co-produced Best Practices for Protecting Whistleblowers and Preventing and Addressing Retaliation, transmitted to OSHA in April 2015. The recommendations were never disseminated to employers following a change in administration.

Testified before Congress on Dodd-Frank and compliance program effectiveness.

Commissioner, Miami-Dade Commission on Ethics and Public Trust. Adjudicated ethics violations for one of the largest county governments in the United States.

General Counsel, three nonprofit organizations. Active engagement with governance requirements, funder expectations, Form 990 obligations, and the compliance demands that nonprofit boards and regulators impose.

Consulting engagement, compliance program buildout for a small medical device company under active federal investigation. Designed compliance infrastructure under regulatory scrutiny and time pressure.

Risk assessments and compliance training delivered in over a dozen countries across the Americas, Asia, and Europe, including multinational corporations, public companies, and small businesses.

Faculty, law school and professional education, fifteen years. Courses in compliance, governance, and business and human rights for law students and working professionals.

Speaker, Compliance Week Ethics and Compliance Summit, 2025. Panel using interactive exercises, real-world case studies, and regulatory guidance to address high-pressure environments and human-centered compliance cultures.

Speaker, 12th International Legal, Ethics and Compliance Congress, Latin America's largest compliance conference, 2025. Co-presented on neuroscience and behavior change in compliance.

Expert source, Compliance Week, 2025. Cited in analysis of the Lafarge terrorist funding prosecution and its compliance implications.

Featured expert, New York City Bar Association podcast, 2025. Addressed synthetic employees, AI governance, employment law implications, and multi-stakeholder governance frameworks for organizations deploying AI agents and autonomous systems.

What this is not

This is not a platform. There is no software to implement, no dashboard to maintain, and no annual license to renew.

This is not shelfware. The deliverable is not a binder. It is a program, a training, an audit, or a governance framework designed to function under real pressure, the kind that surfaces when a regulator arrives, an investor asks the hard question, or an employee needs the whistleblower program to actually work.

This is not check-the-box compliance. If the appearance of a program is what the organization needs, this is not the right engagement. If what the organization needs is a program built to withstand the scrutiny it will eventually face, this is exactly the right engagement.

The entry point

The natural starting point is a gap analysis. It is a defined scope, a named deliverable, and a way to understand what the organization is working with before committing to a fuller engagement.

If you are a CCO preparing for a board conversation, a GC carrying the compliance function alone, or a founder whose next capital raise will include a compliance question you are not ready to answer, the gap analysis is where this begins.

Schedule a Conversation

Knowledge plus experience equals wisdom.

The gap between what a compliance program says it does and what it would withstand under current regulatory scrutiny is not a small gap. It is structural. And it grows every quarter that the program does not evolve.

If you have ever been the most credible person in the room and still the one who had to justify why the room exists, this work was built with that experience in mind.

How compliance risk actually shows up now

AI disclosure and governance obligations that most programs have not yet mapped.

Synthetic workforce questions, including AI agents and autonomous systems making consequential decisions, that employment policies were not written to address.

Business and human rights due diligence moving from voluntary frameworks to mandatory legal requirements in certain jurisdictions and industries.

Whistleblower programs designed years ago that have not been audited against current regulatory guidance.

Third-party and vendor relationships carrying compliance exposure that nobody has formally assessed.

Training that produces completion rates but does not change behavior on Monday.

Boards that ask AI governance questions that current outside relationships cannot answer.

Supply chain and logistics risk sitting in the gap between procurement and compliance.

Stakeholder mapping gaps that cause new programs to fail at rollout, not at design.

Senior leaders who remain the prime drivers of misconduct because the incentive structures shaping their behavior have never been examined by the compliance function.

Old programs that were designed for a different regulatory era and have not kept pace with what enforcement agencies, institutional investors, and regulators now expect to see.

Who this work is for

This work is designed for the people who retain responsibility when something goes wrong.

Chief Compliance Officers and Chief Ethics and Compliance Officers

who own a program built for a different era and need an outside voice with enforcement credibility, legislative experience, and the applied neuroscience and behavioral economics to make training actually transfer.

General Counsel

carrying compliance, governance, and risk obligations alongside everything else the legal department governs, and who need infrastructure and a credible outside voice, not another framework document.

CEOs and Founders

who have outgrown the absence of a compliance program and need the function built correctly before the next board meeting, the next capital raise, or the next regulatory question.

Boards and audit committees

that need to demonstrate adequate oversight of compliance programs, AI governance, and whistleblower protections.

Nonprofit organizations

navigating governance requirements, Form 990 obligations, conflicts of interest policies, and the compliance demands that funders and regulators increasingly impose.

Organizations with supply chain, logistics, or international operations

that require compliance infrastructure beyond what the domestic program was designed to provide.

Services

Compliance Program Gap Analysis

Compliance Training

This approach to compliance training is grounded in fifteen years of teaching law students and working professionals in compliance, governance, and business and human rights. The curriculum design, the case methodology, and the application to real organizational behavior are built from that depth.

AI Governance and Synthetic Workforce Compliance

Whistleblower Program Audit

Board and Investor Preparation

Stakeholder Mapping for New Program Rollouts

Fractional CCO Engagement

Nonprofit Compliance

Background

Representative Engagements and Presentations

Former Chief Compliance Officer and Chief Privacy Officer, publicly traded Fortune 500 company. Responsible for compliance program design, board reporting, regulatory risk management, and the governance of privacy and compliance functions at the enterprise level.

Testified before Congress on Dodd-Frank and compliance program effectiveness.

Commissioner, Miami-Dade Commission on Ethics and Public Trust. Adjudicated ethics violations for one of the largest county governments in the United States.

General Counsel, three nonprofit organizations. Active engagement with governance requirements, funder expectations, Form 990 obligations, and the compliance demands that nonprofit boards and regulators impose.

Consulting engagement, compliance program buildout for a small medical device company under active federal investigation. Designed compliance infrastructure under regulatory scrutiny and time pressure.

Risk assessments and compliance training delivered in over a dozen countries across the Americas, Asia, and Europe, including multinational corporations, public companies, and small businesses.

Faculty, law school and professional education, fifteen years. Courses in compliance, governance, and business and human rights for law students and working professionals.

Speaker, Compliance Week Ethics and Compliance Summit, 2025. Panel using interactive exercises, real-world case studies, and regulatory guidance to address high-pressure environments and human-centered compliance cultures.

Speaker, 12th International Legal, Ethics and Compliance Congress, Latin America's largest compliance conference, 2025. Co-presented on neuroscience and behavior change in compliance.

Expert source, Compliance Week, 2025. Cited in analysis of the Lafarge terrorist funding prosecution and its compliance implications.

Featured expert, New York City Bar Association podcast, 2025. Addressed synthetic employees, AI governance, employment law implications, and multi-stakeholder governance frameworks for organizations deploying AI agents and autonomous systems.

What this is not

This is not a platform. There is no software to implement, no dashboard to maintain, and no annual license to renew.

This is not check-the-box compliance. If the appearance of a program is what the organization needs, this is not the right engagement. If what the organization needs is a program built to withstand the scrutiny it will eventually face, this is exactly the right engagement.

The entry point

The natural starting point is a gap analysis. It is a defined scope, a named deliverable, and a way to understand what the organization is working with before committing to a fuller engagement.

If you are a CCO preparing for a board conversation, a GC carrying the compliance function alone, or a founder whose next capital raise will include a compliance question you are not ready to answer, the gap analysis is where this begins.

Join my mailing list to receive tips and insights to help you go further faster in your personal and professional life!