After navigating a year of high-volume sanctions, labor shortages, economic turmoil, daunting policy proposals, and remote/in-person work tension, compliance departments deserve an added helping of praise.

After all, 2023 doesn’t figure to get any easier. Before the calendar turns over, it’s worth taking a step back and reflecting on the strong compliance- and ethics-minded choices businesses and regulators made over the course of the past 12 months.

I’ll include my yearly disclaimer: This list does not represent the compliance achievements that happen behind closed doors. No news is often good news in this profession. Instead, it calls attention to what I feel are strong examples of the right decisions being made for the right reasons and hopefully offers others in the industry something to benchmark their own efforts against.

Here are five compliance-oriented triumphs from 2022:



Like it or not, the public spotlight on environmental, social, and governance (ESG) is here to stay. You can either embrace it or fall behind.

Mastercard dedicated its commitment to the former when it announced in April it would tie all its employees’ bonus calculations to the company’s ESG goals. The financial services giant implemented a similar compensation model for its top executives in 2021.

“While our global efforts go much broader and deeper, we’re tying compensation to emissions, financial inclusion, and the gender pay gap because we have a substantial impact in these areas and because they closely align with our vision,” said Mastercard Chief Executive Michael Miebach in a news release. “Making personal, financial, and environmental success attainable for everyone—that’s how we power economies and empower people.”

The best way to get employees to buy into any initiative is to make them feel like they have a stake in it. For a company like Mastercard, which has made a series of public environmental commitments to reduce its emissions and ultimately reach net zero by 2040, the work will be that much easier knowing the entire workforce is personally invested in the cause.



Compliance professionals I’ve spoken to have noted conflictions when a big business boasts its achievements in the space.

On the one hand, the sharing of knowledge is always welcome among practitioners. On the other, big businesses might not wrestle with the same budget constraints other compliance departments have, meaning their way of doing things can be alienating and unrelatable.

Even still, it catches my eye when a company goes out of its way to share what it’s doing with its peers instead of hiding behind the veil of trade secrets. So, I was encouraged when I saw Microsoft in June release its framework for building responsible artificial intelligence (AI) systems to the public.

“We are releasing our latest Responsible AI Standard to share what we have learned, invite feedback from others, and contribute to the discussion about building better norms and practices around AI,” wrote the company’s chief responsible AI officer in a blog. At least those ideals are relatable.

Given many in compliance are still struggling with responsible use of AI and machine learning in the face of increasing regulatory scrutiny on the area, I say more potential guidance is a good thing.

RiverSource Distributors compliance department

Stop vector2

This Minnesota-based broker-dealer has perhaps the most straightforward case of a compliance triumph.

RiverSource agreed to pay $5 million in May as part of a settlement with the Securities and Exchange Commission (SEC) for improper switching of variable annuities carried out by certain of its employees. The reason it’s on this list: The firm’s compliance department uncovered the alleged scheme and shut it down.

The compliance department “conducted an investigation, and as a result of the investigation, wholesalers who were involved in the conduct and/or those who supervised individuals involved in the conduct received letters of reprimand/caution,” the SEC stated in its order. RiverSource’s chief compliance officer engaged in a training program with wholesalers to ensure they understood how the alleged misconduct violated Section 11 of the Investment Company Act.

This action by compliance coincided with the end of the relevant period set out in the SEC’s enforcement action. Had compliance not done its job and intervened, the penalty would no doubt have been much higher for RiverSource.

SEC Commissioner Hester Peirce


Our fourth annual “Inside the Mind of the CCO” survey asked respondents whether they feel the SEC should publish its own CCO liability framework. Nearly three-quarters (74 percent) of the 206 practitioners to answer the question said yes.

While the SEC has done little as an agency to demonstrate it’s mulling a framework, Peirce has kept the conversation going with multiple public statements on the subject. Her latest came in July, when she went as far as to weigh the New York City Bar Association’s proposed CCO framework against a case the agency settled with the CCO of a formerly registered investment adviser.

“In this instance … the CCO had the opportunity to improve the compliance program but did not do so despite frequently recurring reminders that the program was not working effectively to cover outside business activities,” she wrote. “… I believe the order lays out a sound basis for concluding that this CCO’s conduct here fell materially short.”

Some commentators disagreed with her assessment in the case, but the fact Peirce was willing to offer her unsolicited take deserves a shoutout.


Handshake vector

If a big part of a compliance department’s job is reading the tea leaves on regulator expectations, these businesses set an example for others to follow.

Agricultural cooperative CHS and Canadian cannabis company Cronos Group each avoided fines as part of settlements with the SEC during the past year regarding alleged accounting fraud. The similarity in the firms’ cases: They each promptly self-reported to the agency, cooperated with their respective investigations, and undertook extensive remedial efforts.

The Treasury Department’s Office of Foreign Assets Control oversaw two similar cases regarding alleged sanctions violations, where MidFirst Bank and Puerto Rico-based Nodus International Bank were each not penalized by the regulator because of their cooperation and remedial efforts.

With the Department of Justice highlighting voluntary self-disclosure among its updated corporate crime enforcement priorities as part of September’s “Monaco Memo,” the tea leaves read clear that regulators are ready to make positive examples out of firms that meet their expectations.