Innovation in Compliance with Tom Fox

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Nikunj Bajaj, Co-founder & CEO at TrueFoundry, about enterprise agentic AI infrastructure, governance, and hidden costs most organizations are not accounting for. Nikunj describes TrueFoundry’s platform as a single control plane for enterprises to build, ship, and govern agentic AI applications, inspired by Meta’s internal ML stack, which he says is about a decade ahead of the rest of the industry. He argues enterprises over-focus on model and tool selection when problem definition and effective use are the real constraints. On governance, he identifies two failure modes: avoiding meaningful use cases entirely to sidestep governance risk, or trying to solve all governance problems up front and never reaching ROI. Successful teams implement application-specific controls iteratively, starting with a few high-value use cases rather than hundreds of low-value ones. He highlights that model inference accounts for only about 20% of total generative AI spend, with the majority of spend concentrated in infrastructure, engineering, and debugging, creating cost-allocation and budget-control challenges for compliance teams. For auditability, he argues that an agent without full decision traces is “a liability with an API key,” and walks through how end-to-end tracing enables audit readiness, faster debugging, and proactive attack detection. He closes by advocating centralized control via a unified AI gateway while enabling federated development and tailoring guardrails to whether your exposure surface is external or internal. Key highlights: Stop Chasing Tools Governance vs Speed Hidden AI Costs Agent Auditability Board Level Priorities Resources: Connect with Nikunj Bajaj LinkedIn – Nikunj Bajaj Learn More About TrueFoundry TrueFoundry Website TrueFoundry on LinkedIn

Innovation spans many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Noor Aziz, a Saudi Arabia–based governance, risk, and compliance professional with extensive ISO lead auditor credentials, internal audit and controls experience, and a growing focus on AI governance. Noor argues that effective compliance must be practical and business-friendly—clear ownership, escalation, accountability, and evidence—so it still functions under operational pressure rather than becoming bypassed. She emphasizes leadership commitment, culture shaped by observed behavior, and integrated GRC to reduce silos that create duplication, inconsistent reporting, and “governance fatigue.” On AI, she frames governance as a board-level issue because adoption is outpacing accountability, creating future scrutiny around oversight, traceability, and defensibility; she notes, “capability without governance eventually creates instability.” She recommends change management, micro-learning, and ongoing communications, and concludes that governance is organizational infrastructure, not administrative overhead. Key highlights: Integrating Controls, Audit, and Risk Breaking Down GRC Silos Why AI Governance Is Board Level Culture When Nobody’s Watching Training That Actually Works: Microlearning and Ongoing Comms Why Frameworks Fail in Execution Maturing Governance for Business Value Resources: Connect with Noor Aziz on LinkedIn Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with George Tziahanas, VP of Compliance and Associate General Counsel at Archive360. Tom interviews George Tziahanas on why organizations must move beyond data storage to providing data integrity, lineage, and accountability as a foundation for AI readiness. George defines “data defensibility” as the ability to defend how AI systems were trained and operate when AI decisions are not easily explainable, such as in rules-based automation, emphasizing upstream data provenance, monitoring, and audit trails. They discuss increasing regulator and stakeholder focus on authority and accountability, and how litigation can shape compliance, citing early e-discovery practices influenced by the Zubulake v. UBS Warburg decision and enforcement context involving former New York AG Elliot Spitzer. George uses the Mercor breach to show supply-chain and confidentiality risks in AI training data and notes that regulators and plaintiffs may rely on existing laws. He highlights risks from weak data governance, dark data, and legacy archives. He recommends asset/data inventories, migrating data off insecure legacy systems, risk-tiering AI use cases, extending ISO/NIST frameworks, and building observability to enable faster, responsible AI adoption. Key highlights: What Data Defensibility Means Litigation Shapes Compliance Weak Data Governance Risks Managing Legacy Archive Data Governance Accelerates AI Dark Data Explained What Success Looks Like Resources: George Tziahanas on LinkedIn Archive360 Articles by George Tziahanas Beyond Retention: Why AI Governance in 2026 is a Defensibility Problem Keeping Data in Check: The Importance of Data Defensibility

Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Dr. Dennis Cummins to discuss his new book, “Invitational Selling: The Human Connection Advantage.” Dr. Dennis Cummins, a globally recognized authority on invitational selling, champions a sales approach that prioritizes building authentic connections over traditional hard-sell techniques. Rooted in his extensive experience selling from the stage, Dr. Cummins believes in the transformative power of meaningful conversations to understand and effectively meet customer needs. His philosophy is detailed in his new book, “Invitational Selling: The Human Connection Advantage,” which promotes inviting customers to engage rather than pressuring them into a purchase, fostering authentic relationships that extend beyond mere transactions. Proceeds from the book benefit the Make-A-Wish Foundation. His book also underscores the potential of invitational selling to inspire collaboration within organizations and families, reflecting his commitment to empowering others through shared skills and talents. Key highlights: Relationship-Driven Sales Approach Invitational Leadership for Employee Engagement Profitability through Open Communication Culture Humanizing AI to Build Trust and Connection Invitational Selling: Creating Authentic Business Connections Resources: Dr. Dennis Cummins on LinkedIn Dr. Dennis Cummins Website Invitational Selling: click here  Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Jeff Kushner, a compliance and IT security leader at Allgress. Jeff talks about “compliance drift,” where external obligations such as laws, frameworks like NIST/ISO/CIS, customer and licensing requirements, fall out of alignment with internal governance policies, procedures, and contracts, creating silent gaps that surface only during audits or incidents. They discuss the added volatility from business and geopolitical changes and identify industries most exposed to hidden compliance risks, including small and mid-sized businesses, AI-focused organizations, behavioral health clinics managing many frameworks across multiple sites with drop-in audits, and small DoD contractors facing CMMC. Jeff argues that traditional spreadsheet-based or audit-centric GRC is static and point-in-time. He describes Reg Watch as a complementary regulatory intelligence layer that continuously monitors 3,000+ global standards, provides real-time alerts, explains changes in plain English, and provides sample policies and implementation steps, along with supporting documentation and follow-up validation. Key highlights: Compliance Drift Explained Volatility Beyond Regulations Why Old GRC Fails Reg Watch Intelligence Layer Documenting Actions and Proof Resources: Jeff Kushner on LinkedIn Allgress Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.