Summary5 min read

The Corporate Director Podcast

Episode: Compliance Risks: The Board Perspective
Host: Diligent (Dottie Schindlinger & Megan Day)
Guest: Christy Grant Hart, VP and Head of Advisory Services, Spark Compliance (A Diligent Brand)
Date: April 2, 2025

Episode Overview

This episode dives into the evolving landscape of corporate compliance from a board perspective. With Christy Grant Hart (acclaimed compliance expert, author, and executive) joining the hosts, the discussion spans the latest regulatory risks, the cultural dimensions of compliance, why compliance must be a C-suite and board priority—even in turbulent times, and practical strategies for board oversight. The show blends strategic advice and grounded anecdotes to support modern governance.

Key Discussion Points & Insights

1. The Realities of Digital Communication and Security Risks

Prompted by recent news: The episode opens with Dottie and Megan musing on US defense leaders’ reliance on consumer messaging apps (e.g., Signal), exposing "imminently hackable" communication (“Use the right app. Use Diligent messenger, for crying out loud.” — Dottie, 02:12).
Risks: Off-the-shelf, unsecure digital communication poses risks even at the highest levels—reminding boards that secure messaging isn’t optional.

2. Christy Grant Hart’s Compliance Journey

Background: Former FCPA defense attorney, held chief compliance roles (overseeing 65–100 countries), founded and led Spark Compliance, now acquired by Diligent (05:41–06:26).
Global Experience: Christy’s international lens frames much of her advice for complex, multinational regulatory realities.

3. Emerging and Underappreciated Compliance Risks

3.1 Fast-Changing Regulatory Environment

“Biggest risk right now is just the uncertainty and the chronic changing that is happening constantly. It's very difficult to execute a well thought out plan.” — Christy (06:48)
Rapid, frequent changes in regulations make long-term compliance strategies difficult; organizations need to be agile and well-resourced.

3.2 Modern Slavery, Human Trafficking, and Supply Chain Due Diligence

Increasing transparency laws (“Canada with $250,000 fines if you get it wrong…”; also, the EU Forced Labor Prevention Act) (07:00)
Many boards and compliance teams not focused enough here; significant legal, reputational risk.

3.3 Proliferating Local AI Regulations

Not just EU AI Act — “States and even cities [in the US] jumping in. …all these various requirements for disclosure…there can be individual fines for not.” (07:29)
Boards must track not only major legislation but also granular, local developments, especially around AI in HR/recruitment.

4. Compliance as a Board Priority: The Disconnect

Survey data (What Directors Think report): Regulatory compliance ranks low on board agendas and company priorities. (08:23)
Christy’s Take:
- Directors may be narrowly defining “regulatory compliance” (as recurring, sector-specific rules) and missing the broader, bigger picture—particularly ethical culture and global risks.
- “Culture is a major driver of business profitability and talent retention.” (09:34)
Warning: Ignoring compliance—especially as it relates to culture and ethics—is short-sighted.

5. Bribery & Corruption: The Supply Chain Conundrum

Survey finding: Only 65% of companies had ethics/employee training; 22% of directors didn’t know what was in place. (09:57)
Christy’s Reaction:
- “The training number is what's baffling to me…anti-bribery training is really pretty basic for most companies.” (10:33)
- Not providing basic anti-bribery training is “indefensible…to a prosecutor, regulator, somebody looking at your program, even…your customers.”
Notable Warning: Training is “ground zero” for compliance programs.

6. Elevating the Compliance Officer Voice in the Boardroom

Survey finding: Chief compliance officer ranks low as a desired board presenter (12:22)
Christy’s Advice to Directors:
- Remember your personal legal and reputational exposure.
- Don’t just hear about compliance activities; demand forward-looking, strategic risk analysis. (13:15–14:18)
Advice to Compliance Officers:
- “There is a tendency in our industry to report on what you are doing, which is your activities. No one cares what your activities are. …They want to understand forward looking risk, not just backwards looking risk.”
- Engage boards with strategic risk insights and compelling narratives.

7. Board Oversight of Organizational Culture

Challenge: Boards are responsible for culture but are physically and contextually removed.
Best Practices:
- Use a blend of objective and subjective data: exit interviews, culture surveys, whistleblower stats, focus groups.
- “Tell me what the trends are. …Compliance officers can do a great service for the board by putting together a plan and monitoring how these different metrics are behaving.” (14:30–15:43)
Resource: Christy has written a white paper on this process.

8. Final Insights & Looking to the Future

Crucial reminder: “Compliance doesn’t seem important until it’s the only thing when you’re responding to big problems.” (15:48)
Modern Boardrooms (2025 vs. 2035):
- Future: Real-time dashboards and live metrics will replace thick, static board books. (16:26)
Governance Inspiration: Christy finds comedy “Silicon Valley” illuminating for board dynamics and director responsibilities. (16:55)
Passion Project: Christy’s aerial silks hobby—an example of balance and stress relief for compliance practitioners. (17:46)

Notable Quotes & Memorable Moments

“Off-the-shelf apps that are not meant to be secured…are just so imminently hackable. …Guys, get your act together.”
— Dottie Schindlinger [02:12]
“Biggest risk right now is just the uncertainty and the chronic changing that is happening constantly.”
— Christy Grant Hart [06:48]
“…If you aren't paying attention to what's going on in the compliance world…, that's not a great way of approaching things from a director or C-suite member.”
— Christy Grant Hart [09:34]
“Not having training is just baffling. …It truly is, it's indefensible.”
— Christy Grant Hart [11:29]
“No one cares what your activities are. …[Boards] want to understand forward looking risk, not just backwards looking risk.”
— Christy Grant Hart [13:45]
“Compliance doesn’t seem important until it’s the only thing.”
— Christy Grant Hart [15:48]

Timestamps for Key Segments

[05:41] — Christy’s background and Spark Compliance
[06:48] — Top compliance risks in 2025: regulatory flux, modern slavery, AI laws
[08:23] — Boards’ low prioritization of compliance—and why this is dangerous
[09:57] — Bribery & corruption: survey shocks, the case for basic training
[12:22] — The marginalized compliance officer and board engagement advice
[14:30] — How boards can better oversee and measure culture
[15:48] — Final compliance reminders and long-term outlook
[16:26] — The future boardroom: dynamic, dashboard-driven governance

Takeaways for Listeners

Secure communication and proactive, tech-driven risk management are imperative for boards.
Compliance risks now include fast-evolving local AI and modern slavery regulations—not just legacy sector rules.
Boards must treat ethics, culture, and compliance as strategic levers, not administrative burdens.
The compliance officer’s seat at the board table is essential—provided they bring strategic, forward-looking insights.
Oversight of culture requires aggregation and trend analysis of multiple data points, not hunches or hearsay.
In governance, as in compliance, an ounce of prevention (and training) is worth a pound of cure.

For a deeper dive on culture oversight: Christy Grant Hart’s white paper is recommended.

Hosts:

Dottie Schindlinger
Megan Day

Guest:

Christy Grant Hart, Spark Compliance

Loading summary

Transcript52 lines

[00:00]
Christy Grant Hart
Foreign.
[00:09]
Podcast Announcer
Welcome to the Corporate Director Podcast where we discuss the experiences and ideas behind what's working in corporate board governance in our digital tech fueled world. Here you'll discover new insights from corporate leaders and governance researchers with compelling stories about corporate governance strategy, board culture, risk management, digital transformation and more.
[00:33]
Dottie Schindlinger
Hi everybody and welcome back to the Corporate Director Podcast, the voice of modern governance. My name is Dottie Schindlinger, executive director of the Diligent Institute, and I'm joined once again by my amazing co host, Megan Day, strategy leader here at Diligent. Megan, how are you today?
[00:50]
Megan Day
I am doing well, Dottie. Happy, happy spring. Hopefully, you know, we're not going into nuclear winter given what's happening around the world, but, you know, all good.
[01:04]
Dottie Schindlinger
Okay, so, so I feel like we would be. Listen, folks, we know this is not a political show. We will continue not to be a political show. But honestly, we here at Diligent care deeply about secured messaging. And I don't think that we can possibly not talk about the fact that we have, you know, the, the, oh my gosh, like all the leaders in defense of the US Using signal. Why are they using signal?
[01:31]
Megan Day
Megan? Well, I was going to say the New York Times had a great little write up in their daily newsletter that they do this morning about the secure rooms, if you will. Some of these folks have access to. And that put a lot into perspective for me. But you can't undersell it. I was laughing at the context. It's like you can't scroll Instagram and also, you know, do this communication, the way that we have all gotten used to, like the phone has become attached to our souls in a lot of ways. And it's how we all operate. It's an extension of ourselves for most people. And so sometimes you don't give that a second thought.
[02:13]
Dottie Schindlinger
That's it. I mean, and like, not to mention the fact that they're using this app, you know, they've agreed to whatever the user agreement is. It's a free app and quite frankly, they don't know who's listening in. I mean, they certainly know that there was Air reporter from the Atlantic listening in. Now they know. But frankly, China's probably listening in, Russia's probably listening in. I mean, these, these apps, these, you know, off the shelf apps that are not meant to be secured. They're not designed to be locked down. They are just so imminently hackable. And that's the part that really chills me is, you know, guys, get your act together. Use the right app. Use Diligent messenger, for crying out loud. Like, use something that is secured and purpose built to, to keep your messages away from people you don't want reading them. I mean, goodness grief. I mean, what, you just don't have enough emojis in those apps? What's the issue here? I don't understand, Megan. Sorry I'm off my soapbox, people, but I just can't let that one go.
[03:11]
Megan Day
It just brings up a lot of questions. I mean, we are used to instant feedback, sending things. When it comes to us, you want to have that type of conversation and that flow when you are discussing important things. Like we live in this very mobile, disconnected or decentralized world, I should say. And so it's hard to get everybody in the same room together to have those conversations. Not to defend their choices by any stretch of the imagination. But yeah, I could see this happening a lot. There's a lot we don't know about probably.
[03:46]
Dottie Schindlinger
Well, there's a lot we clearly are going to be knowing about because if they keep, if they keep accidentally including reporters, we're going to learn everything. Listen, this relates so beautifully to the conversation that you had for our podcast today. Megan, you had the opportunity to speak to one of our newest colleagues, Christy Grant Hart, who's the vice president and head of advisory services at Spark Compliance, which is now a diligent brand. We're delighted to have her on board. And you had the opportunity to talk to her about the way the compliance profession is changing and talk about compliance. Talk about not being in compliance.
[04:17]
Megan Day
Well, Johnny, it just like you talk. You saying that right now just has me almost in stitches because I am envisioning like senior members of our government going through like the little compliance training widgets that like we all have to.
[04:31]
Dottie Schindlinger
Go to on a regular basis and just hitting ignore.
[04:35]
Christy Grant Hart
Yes.
[04:36]
Megan Day
I don't know, it just, it makes me laugh. I should might be not be laughing.
[04:42]
Dottie Schindlinger
But laughing, sort of like gallows humor style of laughing I think is really.
[04:47]
Megan Day
Where we are right now.
[04:48]
Dottie Schindlinger
Well, listen, before we get to Defcon 3, let's listen to your interview with Kristy Granthart and maybe we can come back and talk a little bit about how to apply some of the lessons she shared with members of our federal government.
[05:07]
Megan Day
Joining us on the corporate director podcast today is Kristy Grant Hart. Kristy is the vice president and head of advisory services at Spark Compliance, a diligent brand. Christy is also an author and former CEO and cco. Christy, welcome to the show and welcome to the diligent team.
[05:27]
Christy Grant Hart
Thank you. Could I be More excited? I don't think so. It's so much fun. We're about seven weeks in now to our diligent relationship and I couldn't be happier with it.
[05:37]
Megan Day
Love it. Well, let's find out a little bit more about yourself, about Spark Compliance.
[05:42]
Christy Grant Hart
Sure. So I am a former FCPA defense attorney. Worked on a couple of corporate monitorships with the law firm of Gibson Dunn. 2011 they moved me to London to work on a LIBOR financial services investigation. Ended up marrying a Brit and staying. So I became a director of compliance for Europe, the Middle east and Africa, handled 100 countries and then became a chief compliance officer at the joint venture of Paramount and universal pictures, again 65 countries managing that and then nine years ago started Smart Compliance. We're a consulting and training company that seven or eight weeks ago was acquired by Diligence. So I couldn't be more pleased to be part of this diligent journey.
[06:27]
Megan Day
Well, I feel like we could probably have a whole episode on FCPA and what is happening there. But want to open up the lens a little bit and, and talk about what you think are some of the biggest compliance risks facing businesses today. You know, what are some things they might be think, not be thinking about at the company level. What can we be doing to better wrap our arms around compliance risk?
[06:48]
Christy Grant Hart
Well, I think that the biggest risk right now is just the uncertainty and the chronic changing that is happening constantly. It's very difficult to execute a well thought out plan when those plans get jumped out the window every 24 hours. But in terms of things that I think people aren't paying enough attention to besides putting out those fires and responding to them, I don't think that there's enough focus on what's happening in the modern slavery, human trafficking, due diligence space. There are more and more transparency requirements. If we're looking at, you know, Canada with $250,000 fines, if you get it wrong, there's also all the things happening in Europe with the different transparency directives as well as the Forced Labor Prevention act. That's going to stop products going in to Europe, the European Union if there's forced labor thought that may be part of their supply chain. So huge amounts there. And the second thing I think is really under the radar is the local AI regulations. So people know about the EU AI act typically, but because the federal U.S. government isn't jumping in and is unlikely to, what we're actually seeing is states and even cities jumping in. And so you end up with all of these various requirements for disclosure, including things like I believe it's Chicago. If you use AI in human resources recruiting, you have to post about it and tell everyone and there can be individual fines for not. So I think that trying to get your head around not just the big, but the small AI regulation pieces is incredibly challenging right now.
[08:23]
Megan Day
Well, that certainly gives us a lot to talk about. And tied into that, we, we recently published a survey of U.S. public Company Board directors, our what Directors Think report, which we do in partnership with Corporate Board Member and FTI Consulting. And in that survey we noticed though, that regulatory compliance ranked relatively low on the list of company priorities for this year and also low on the list of items directors wanted to discuss at their next board meeting. Where is the love for compliance? What is your take on this, Kristie?
[08:54]
Christy Grant Hart
Well, I think the first question mark is what do they mean by regulatory compliance? Because if you're looking at the same types of regulations that you've been complying with for year on year, say you're in financial services or insurance or in healthcare, then maybe that isn't as important as the more global compliance and ethics. That includes things like culture, investigations, those types of pieces, conflicts of interest, management, where they can actually be very, very problematic if you're not paying attention to them because of what they tell you about the culture and how your company is going. And I mean, look, to a certain degree it makes sense, right? But the middle, the minute you get those executive orders in and suddenly people are responding to chaos, then I think that might have changed. The answer is perhaps depending on when you had this survey done. But ultimately, you know, culture is a major driver of business profitability and talent retention. So if you aren't paying attention to what's going on in the compliance world and certainly how it affects your own company, I think that that's not a great way of approaching things from a director or C suite member.
[09:58]
Megan Day
In that same survey, we also asked directors about mitigating bribery and corruption risk in their supply chain. Only 65% of respondents said their company had implemented ethics and and employee training. 60% had regular audits, and almost a quarter, 22% said they didn't know whether their company had any action in this regard. What is your reaction on this? How can boards really ensure their company is mitigating bribery and corruption in their supply chain and heck, in their organization, given the state of the United States right now?
[10:33]
Christy Grant Hart
Oh my. So look, I, I think part of this is the word supply chain. So if we're talking about the whole breadth of the supply chain, there frequently aren't a lot of high risk suppliers. And so to a certain degree, if you're just looking and using a risk based approach throughout the whole supply chain, it might not be necessary. Now if those companies aren't vetting distributors, resellers, consultants that are opening new markets, then that's crazy. So I think to a certain degree it depends on what you're actually looking at. But the training number is what's baffling to me because anti bribery training is really pretty basic for most companies. And especially if even if it's stuffed into the code of conduct training that you get, that's five minutes of that is dealing with bribery or anti bribery, that is a shockingly low number to me in terms of what I would tell companies that that training, if you don't have any of it, it truly is, it's indefensible. So even if at this, and by indefensible, I mean to a prosecutor, regulator, somebody looking at your program, even to potentially your customers or the people that you're serving, that it will be indefensible to them as well. The fact of the matter is training is pretty much ground zero. So the fact that you have as many people doing regular audits, that 60% is actually higher than I would anticipate because a lot of companies don't put that kind of money and effort in. But not having training is just baffling. I mean we just saw that despite what's happening in the federal government, US, the state AGs are enforcing bribery laws. And recently UK, France and Switzerland announced a joint task force for anti bribery. So not doing the training is very, very short sighted.
[12:22]
Megan Day
At the least it seems like that is something you can easily tick the box for. Not that compliance is a check the box exercise, but as you said it, this is such a foundational piece of having a strong program and practice inside your organization. So we also asked directors which Personas outside the CEO and CFO they wanted to hear from more in board meetings. And Christy, unfortunately chief compliance officer ranked pretty low on that list. You know this, this aligns what we hear from compliance leaders anecdotally too, that they sometimes feel neglected by their boards or not given the time or resources they need. What advice would you give to directors to ensure that compliance leaders are heard? And in reverse, what would you give advice to compliance leaders to advocate for themselves?
[13:15]
Christy Grant Hart
I would advocate that this survey is very sad in terms of the outcomes of it. I would remind directors of their personal responsibilities under many laws as well as the Reputational issues that come if they face compliance meltdowns on their watch from. I think a lot of the challenge though does come from that second question, which is what can compliance officers do better? There is a tendency in our industry to report on what you are doing, which is your activities. No one cares what your activities are. And especially boards of directors, you know, they don't want a litany of what you've been up to. They want to understand forward looking risk, not just backwards looking risk. So the more that people can be that strategic partner, which I think is an. It's an overused phrase, but it's a real one. If you can get into forward facing risk and storytelling about what's happening and what's coming, that makes you much more interesting to listen to than if you are backwards looking and reporting on activities.
[14:18]
Dottie Schindlinger
That's great advice.
[14:20]
Megan Day
We also tend to hear from board members that they struggle to oversee culture in their organizations. Any tips for directors on improving their oversight in this area?
[14:31]
Christy Grant Hart
Yeah, absolutely. I think the doj, when it came out with its update to the evaluation guidelines for corporate compliance programs, it really upped the bar in saying that boards need to understand culture. And that's a really hard ask to be fair. Right. These people don't go to work every day on the ground and see what everyone is saying, but they're responsible for it regardless. And so, by the way, I've written a white paper about this topic if you want to link to it. Happy to have you have it. Because there isn't one specific input that tells you what's happening in culture. What it really is is a mix of subjective and objective points of view. So it can be things like exit interview data, it can be culture surveys, whistleblower statistics, focus groups. There's all sorts of ways of understanding what's happening with the culture. So if I were the board, the directors, I would tell the compliance officer, go get that information, synthesize it and tell me what the trends are. Because I don't have time to look at all these data points, nor can I put them all in context. So compliance officers can do a great service for the board by putting together a plan and monitoring how these different metrics are behaving.
[15:43]
Megan Day
Love that idea. Any best and final thoughts for our audience?
[15:48]
Christy Grant Hart
Yeah, I mean, look, compliance doesn't seem important until it's the only thing when you're responding to big problems. Right? And that sometimes happens with investigations, whether that's a regulatory investigation or whether it's an internal investigation. But the thing is, compliance does still matter even in this environment. Fines and statute of limitations, reputational damage, they're all still out there. So please make sure you're still paying attention.
[16:15]
Megan Day
Definitely. Well, Kristi, before we wrap, we have a couple of questions that we ask all of our guests. The first is what do you believe will be the biggest difference between boardrooms today and 10 years from now?
[16:27]
Christy Grant Hart
I think it's going to be how information is synthesized. So live dashboards, live monitoring, live metrics, I think will be much more part of the conversation. So it's less of big board books with lots of different pieces of information that they're reading in PDF format or something like that, and actually looking at more live data to talk about what's happening in real time.
[16:48]
Megan Day
Love that. What was the last thing you read, watched or listened to that made you think about governance in a new light?
[16:56]
Christy Grant Hart
So I don't know if everyone listening has seen the HBO Max program, Silicon Valley.
[17:02]
Megan Day
Absolutely.
[17:04]
Christy Grant Hart
It's fantastic. But I'm rewatching it now partially as with the viewpoint of being a former CEO of a small company, now part of a big one, and just how scrappy they are, but how much they need real CEO leadership when you become a bigger company and the directors being a couple of sort of, you know, hangers on, versus actually having big directors who understand what they're doing and have a background in it. Really watching it again from that perspective has been pretty fascinating to say. We really do need, you know, the adults in the room, as it were, to be running the ship because it matters.
[17:41]
Megan Day
I love that. Well, Christie, what is your current passion project?
[17:46]
Christy Grant Hart
So two years ago, I took up the aerial silks. Oh, wow. So hanging. Hanging from the ceiling like a circus performer, Cirque du Soleil style. I go three times a week. I did my first performance at a recital. I had 12 people come support me. It is the best. When you're hanging upside down 6, 16ft in the air, you can't think about anything else. And that is a really good way of being.
[18:12]
Megan Day
I love that. That sounds like a welcome distraction right now for sure. Well, Christy, thank you so much for joining us on the show today.
[18:21]
Christy Grant Hart
Thanks for having.
[18:21]
Dottie Schindlinger
Megan, thank you so much for that interview with Christy. First of all, how much do you just love Christy's energy? She's just so phenomenal. Yeah, I mean, she's just the best.
[18:37]
Christy Grant Hart
You know what?
[18:38]
Megan Day
I think it flips on its head a little bit. The average expectation for a compliance executive, a chief compliance officer. She brings a lot of energy. She brings a lot of strategic thinking. And I think to some of the things that we talked about, a lot of people overlook that that is hugely valuable for your compliance leadership.
[19:01]
Dottie Schindlinger
Hugely valuable. And also from a strategic lens, looking at compliance as a strategic asset for the company. I think too often boards and audit committees kind of look at compliance as the people we must bring in a few times a year to check some boxes or if something goes wrong, that we drag them in to help us figure out how to get out of the mess. But frankly, there's a lot of ways to sort of look at compliance through a different lens. And Christie's a really good example of people who are doing that. You know, she's kind of looking out across the landscape to understand what are some of the things that are coming up next and how do we need to make sure that the company is positioned well to address them and to deal with them, and how do we just make sure that we keep everybody safe and doing the right things? I mean, that's really, you know, at the end of the day, that's sort of the name of the game of compliance. But also, I have to say, Megan Christie's a perfect example. Every time I would go to our annual user conference, I would find myself gravitating to the compliance sessions. And you might think, why aren't they the driest? Oh, no. Oh, no, no, no. These people have the best stories because they have the stories of the people who do the wrong things and how they got it cleaned up and what came as a result. And it's like walking into a Grisham novel, into every one of those sessions. It is so fun. And they are often some of the people with the best senses of humor.
[20:20]
Megan Day
That's been a theme in this episode. I feel like sometimes that sense of humor carries us through these tough situations.
[20:26]
Dottie Schindlinger
I think it's got to.
[20:27]
Megan Day
I was going to say, maybe hanging upside down is part of the trick too. Maybe we all need to embrace some aerial yoga. Aerial gymnastics.
[20:37]
Dottie Schindlinger
Aerial yoga. Yes, I know. I really wanted to say to her, like, Pixar, it didn't happen. I gotta see the aerial yoga. I mean, it sounds incredible. It sounds incredible. Well, that wraps up another episode of the Corporate Director Podcast, the voice of modern governance. Like to say a few special thank yous. First and foremost to our brilliant compliance expert, Christy Grant Hart, podcast producers Kira Ciccarelli, Steve Clayton and Laura Klein, our sponsors for the show, PwC, KPMG, Wilson Sonsini and Meridian Compensation Partners. And most especially, thank you to Diligent for continuing to sponsor this show. If you like our show, please be sure to give us a rating on your podcast. Player of choice. Five stars only, please. You can also listen to our episodes and see more from the Diligent Institute by going to diligent.com resources thank you so much for listening.
[21:26]
Podcast Announcer
You've been listening to the Corporate Director Podcast. To ensure that you never miss an episode, subscribe to the show in your favorite podcast player. If you'd like to learn more about corporate governance and tools to help directors do their job better, visit www.digent.com. thank you so much for listening. Until next time.