Your Compliance Report Might Be Worthless
March 31, 2026
Reports of a widespread SOC 2 fraud scheme have exposed the dangerous gap between “compliance theater” and REAL security, forcing the industry to reckon with the cost of cutting corners. In the debut episode of the Trust Issues podcast, host Brandon Lecoq welcomes Joseph Candelario, Business Development, Partnerships and Marketing Executive at BEMO, to discuss an emerging fraud scheme involving a compliance automation platform and audit firms rubber-stamping identical SOC 2 reports without verification. Together, they explore why startups are pressured into fast, cheap compliance solutions, how market innovation is both creating and solving problems, and what SMBs should actually do when faced with unrealistic compliance timelines and too-good-to-be-true vendors.
There is a real cost to cutting compliance corners. In the debut episode of the Trust Issues podcast, host Brandon Lecoq welcomes Joseph Candelario, Business Development, Partnerships and Marketing Executive at BEMO, to discuss an emerging fraud scheme involving a compliance automation platform and audit firms rubber-stamping identical SOC 2 reports without verification.
What You’ll Learn:
- Why market pressure creates fraud and how to avoid it
- How to spot a fraudulent compliance vendor before engaging
- The real cost of due diligence and why legitimate vendors should demand deeper scrutiny
- Why open-source GRC platforms like GigaChad GRC are disrupting the market
- How to validate compliance readiness without falling into the trap
- The ripple effect of fraudulent reports
Tune in for actionable strategies to position your organization for the growth that 2026 promises to bring.
Episode Chapters:
00:00 Introduction
00:36 A widespread SOC 2 fraud scheme finally exposed
02:22 Why market pressure creates compliance shortcuts
07:37 What happens now?
12:51 Why open-source GRC platforms are price disruptors
19:23 Your due diligence = auditor attestation letters
22:35 Consult peers and advisors before committing to vendors
24:10 The “too good to be true” test
24:46 Key takeaways & final thoughts
Quotes:
- "I feel like a lot of people in the compliance space have thought that something like this was going on with some companies, and they didn't really know who it was or where it was happening, but it just seemed like there's a lot of, like, a gold rush happening right now."
- “There's a lot of startups who are trying to go mid-market enterprise really, really fast because they have a good product. And in order to do that, they're finding that they have pressure to get something like a SOC two in place. And because there's a strong need on the market for that, there are gonna be people and companies that are going to want to do that."
- "I had one conversation where the guy was spending three times what many other really, really good reputable firms that we work with charge. And the company is literally 20 people, but they're charging three times the amount for the audit for something that does not in any way need to be that thorough."
- “The people that actually care about the space or are passionate about the space will push back on you on certain aspects. You can go find people that would be happy to give their two cents about what your plan is."
- "If it sounds too good to be true, it probably is. It's kind of like a fitness analogy - if you see big signs that you should take a pill, you probably shouldn't take that pill. If you know that your IT is not up to par and something is very fast and very cheap, you should be very skeptical because it's probably not very good."
Trust Issues is handcrafted by our friends over at: fame.so