Skip to content

Compliance Thought Leaders You Should Be Following

Compiling a list of thought leaders in ethics and compliance is fun, but so challenging. There are simply too many thoughtful people in this field — which is itself enormous and wide-ranging — to call out everyone worth following. So below is a small slice of the thinkers in corporate ethics and compliance that I try to follow.

How should we define a thought leader, exactly? I define it literally. First, someone who thinks about corporate compliance issues, and puts those thoughts into words. Some bloggers and tweeters, for example, do a superb job passing along what happened, but not why or how it happened.

Second, thought leaders lead. They raise questions about what should or could happen in ethics and compliance, even if practical obstacles today make achieving those goals difficult right now. Thought leaders provide context around the events of today to suggest what might be possible tomorrow.

Compliance Thought Leaders You Should Be Following

Without further delay (and in no particular order), here are a handful who fit that description.

Hui Chen, the former Justice Department compliance counsel who left that role in 2017. Since then Chen has been a consultant and prolific thinker about how compliance programs should work. For example, Chen often says a modern compliance function should have data analysts, auditors, and organizational behavior experts, rather than a fleet of lawyers. Does that make logical sense? Yes. Is it the case in most companies, with budgets of maybe $1 million tops? No. But should compliance officers ponder how to achieve that by, say, 2025, given the way business risk are evolving? Absolutely.

Kristy Grant-Hart, a former compliance officer now hanging her own shingle at Spark Compliance Consulting, who gives great career advice for compliance officers. Grant-Hart has written three books on how to succeed both in your job and in your career — and all of her advice hinges upon time management, building alliances, considering new options. Over the long course of a career, that’s much more valuable wisdom than news of the latest FCPA enforcement action.

John Reed Stark, the Securities and Exchange Commission’s first cybersecurity enforcement specialist in the 1990s, who now runs his own consulting firm on all things cybersecurity and compliance. He writes and talks often about incident response plans, disclosing cybersecurity risks, regulatory enforcement around cybersecurity issues, and the like. Even when you disagree with his analysis (as I sometimes do), Stark always makes you think.

Cydney Posner, special counsel at the Cooley law firm and author of the firm’s Cooley PubCo blog. Posner does a great job watching corporate governance and securities issues: everything from reform of proxy advisory firms to climate change disclosure, to trends in SOX compliance reporting. Her posts can sometimes run long, but they are worth it. The “Sidebar” posts within larger posts are worth your time, too.

Jonathan Marks, a partner in the forensics practice at Baker Tilly and superb thinker on issues around fraud, internal control, and financial reporting. Let’s be honest: most compliance officers are lawyers, so they know the law and investigations; but few are auditors, and even fewer understand the forensics involved in tracing financial misconduct through bogus invoices, shoddy corporate payment systems, poor whistleblower hotlines, and they like. Marks, who is not a lawyer, does make those connections. He shares his thoughts on his own blog, BoardAndFraud.com, several times a week.

Tom Fox, long-time FCPA commentator and author of the FCPA Compliance & Ethics Report blog. Honestly, however, these days Fox churns out more content, on more issues, through the Compliance Podcast Network that he runs. That’s where you can get a weekly run-down on FCPA compliance issues; discussion of good board governance practices; analysis of innovation in compliance, and more. (Disclosure: Fox and I host a “Compliance Into the Weeds” podcast weekly where we take deep dives into compliance news of the day.)

Francine McKenna, a writer for Marketwatch about financial reporting and corporate governance news, and tweeter extraordinaire on the same subjects. After a first career in auditing, McKenna began a second career in the 2000s writing about the audit industry, which eventually brought her to Marketwatch. She does an outstanding job showing exactly how corporate or regulatory moves connect to financial reporting, and vice-versa.

And while I am reluctant to place myself among such esteemed company, some people do praise my own blog at RadicalCompliance.com and my Twitter feed as pretty thoughtful. I just think I’m very funny.

CCO's Are True Thought Leaders

Of course, this list is by no means comprehensive. I excluded anyone from compliance vendors to avoid the appearance of playing favorites, but some astonishingly bright minds work in the vendor world. The intellectual wattage among audit firms, law firms, and consulting firms is amazing. Most firms run their own blogs; I follow those too.

And so many in-house compliance officers are true thought leaders as well; they simply can’t speak too publicly or too freely due to company policy. But get them going in person, and the ideas start flying. They are what makes ethics and compliance so endlessly fascinating. 

gan integrity compliance

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Implement a tailored Third-Party Risk Management solution