Explore every episode of Corruption Crime & Compliance
Dive into the complete episode list for Corruption Crime & Compliance. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.
Rows per page:
50
1–50 of 365
Pub. Date
Title
Duration
17 Mar 2025
[Replay] Natalie Druckman from Certa on AI-Enhanced Third-Party Risk Management
00:31:18
This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.
How do you manage risk when the vulnerabilities are outside your organization aren’t in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckman, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.
Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers’ credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities.
Unlike the US, EU companies don’t benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG’s importance is on par with cyber security.
Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.
AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.
Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don’t need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.
Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.
Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.
Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.
In this eye-opening episode of Corruption, Crime and Compliance, Michael Volkov takes a deep dive into the world of healthcare compliance and fraud. He explores the history, the transformation, and the unique challenges of healthcare compliance. He also sheds light on the alarming rate of fraud in the healthcare industry and the efforts to combat it.
You’ll hear him discuss:
Compliance in healthcare traces back to the 1990s. Its rise is largely due to aggressive federal enforcement programs and increasing regulation.
Four significant trends in healthcare compliance include:
Rising consumer demand, escalating prices, and increasing regulation during the era of HMO controversies.
The DOJ's use of criminal tools and prosecutions to combat healthcare fraud and circumvent government regulations.
The growing importance of the False Claims Act as an enforcement tool.
The establishment of a robust regulatory enforcement regime through the Center for Medicare Services and the HHS-OIG.
As the healthcare industry comes increasingly under federal government regulation and control, the risks of healthcare fraud are escalating. Despite the development of proactive compliance programs, the industry struggles to keep pace with the level of fraud, waste, and abuse.
Beyond the traditional elements of compliance programs, the healthcare industry faces unique challenges. These include managing interactions with physicians, ensuring data privacy, avoiding the employment of ineligible persons, and navigating the complexities of billing, coding, and overpayments.
The False Claims Act poses a significant risk for healthcare providers, with nearly 99% of all cases each year immediately settled. The Act has been applied beyond billing and reimbursement issues to include false representations incorporated into a product or a drug.
The DOJ regularly conducts nationwide crackdowns on healthcare fraud, arresting numerous defendants involved in healthcare fraud and opioid abuse schemes. A growing area of concern is telemedicine fraud, which has seen a surge with the rise of remote work during the pandemic.
KEY QUOTES:
“Healthcare is becoming increasingly under federal government regulation and control. And as this occurs, the federal health care risks of fraud are going to be increasing significantly. Private insurance companies are also experiencing continuous growth of fraud and the healthcare industry is really developing proactive compliance programs, but they struggle to keep up with the level of fraud, waste and abuse that they sort of have to pursue.” - Michael Volkov
“…one of the most significant risk areas is physician interactions.” - Michael Vokov
“Nearly 99% of all False Claims Act cases each year where the government decides to intervene are immediately settled.” - Michael Volkov
Review of the EU Whistleblowing Directive with Alex Cotoia and Daniela Melendez
00:24:39
Directive 2019/1937 of the European Parliament and Council dated 23 October 2019 on the “protection of persons who report breaches of Union law” (the “Directive”) is currently being implemented by EU Member States. The directive has broad applicability to organizations operating in the EU internal market and applies to both public and private sector organizations alike. Whistleblowers are guaranteed legal protection to the extent: (1) they have reasonable grounds to believe that the information reported was true at the time of the report; and (2) the whistleblower reported either internally to the organization, externally to a competent authority, or publicly. Private sector organizations with 50 or more workers are legally required to establish channels and procedures for internal reporting of EU law breaches and conduct appropriate follow-up.
In this episode, Mike Volkov is joined by Daniela Melendez and Alex Cotoia from the Volkov Law Group, who bring their expertise to the table as they delve into the EU Directive and its implementation by several member states. Listen to this discussion to understand and navigate the complexities of the EU Whistleblowing Directive.
The EU Whistleblower Directive shifts the burden of proof on retaliatory actions to the person taking the detrimental action, requiring them to demonstrate it was not linked to reporting concerns.
Global companies are taking a proactive stance by increasingly focusing on robust ethics and compliance programs. This strategic move is aimed at mitigating risks and promoting positive corporate citizenship in today's economy, where adherence to legal and ethical standards is paramount.
France signed the EU Directive into law on March 21, 2022, outlining protocols for gathering and handling whistleblower reports, including a two-month deadline for imposing disciplinary sanctions.
Germany enacted the EU Directive on May 12, 2023, allowing anonymous reports and setting a three-month investigation deadline after receiving the report.
Spain addressed the EU Directive on February 2023 by covering additional topics like occupational health and safety breaches. The directive established a three-month deadline for investigations and allowed anonymous reports.
Italy transposed the EU Directive on August 4, 2022, including administrative, financial, civil, and criminal offenses not covered by the Directive, with a 30-day deadline to conduct investigations upon receipt of reports.
Companies are advised to make resources available to conduct investigations quickly due to the short timeframes set by various countries' whistleblower protection laws.
Is your company prepared for the compliance storm ahead? With tariffs shaking global trade, aggressive sanctions enforcement, and new risks from AI, businesses must rethink their strategies. Can your compliance program keep up, or will it be left scrambling?
In this episode of Corruption, Crime, and Compliance, Michael Volkov unpacks the rapidly shifting risk landscape facing businesses today. From trade compliance and supply chain disruptions to cybersecurity and government enforcement, he highlights the top legal and compliance challenges of the year and offers practical guidance on how companies can stay ahead. While the regulatory world is in flux, one thing remains certain—organizations that fail to adapt will face significant financial, legal, and reputational consequences.
You'll hear him discuss:
The evolving trade landscape, including tariff enforcement, import risks, and the potential economic fallout of aggressive trade policies
Why supply chain mapping is no longer optional, with companies needing to identify vulnerabilities, alternative sourcing strategies, and compliance risks to avoid costly disruptions
How businesses should approach the FCPA enforcement pause, what it signals about the government’s priorities, and why global companies remain committed to anti-corruption programs
Why compliance teams must elevate import control and export control programs, particularly as the US expands restrictions on advanced computing, AI, and semiconductor exports
How transnational criminal organizations are infiltrating legitimate supply chains for money laundering, and what companies must do to strengthen their due diligence efforts
The importance of a strong compliance culture in a time of regulatory uncertainty—how companies can remain flexible, proactive, and aligned with their core values despite the shifting landscape
DOJ and OFAC Sanctions Enforcement Review for 2023
00:20:12
The Justice Department and the Office of Foreign Assets Control had a big year in 2023. Criminal and civil enforcement continue to increase. The DOJ has warned corporations that aggressive sanctions enforcement actions are coming -- to that end, the DOJ assigned 25 new prosecutors to the National Security Division to execute on its promise. Meanwhile, OFAC had a record year in collecting $1.539 billion in penalties, largely the result of two blockbuster settlements -- British American Tobacco and Binance, the cryptocurrency exchange.
It's important for companies to ensure they have U.S. expertise to effectively address potential violations of U.S. sanctions laws, as unfamiliarity with these laws can hinder prompt identification and response. Having a strong compliance program based in the United States is a valuable lesson learned from OFAC.
Global companies are facing unprecedented risks and challenges in today's economy, leading them to prioritize robust ethics and compliance programs. These programs play a crucial role in promoting positive corporate citizenship and mitigating legal and economic risks.
In 2023, there was a significant increase in sanctions enforcement by the DOJ and OFAC, with plans for even more aggressive actions in the future. With 17 enforcement cases and $1.5 billion in penalties, it is evident that compliance areas such as third parties and internal controls are of utmost importance.
Various countries, including Russia, Cuba, and Iran, continue to be the focus of global sanction schemes. While Venezuela's sanctions were temporarily relaxed, companies must stay vigilant and monitor the upcoming election. The British American Tobacco case, with its $629 million settlement, serves as a model for future enforcement actions.
The Binance case, involving a $4.3 billion settlement, shed light on criminal violations in the cryptocurrency industry. This highlights the critical importance of compliance in this rapidly evolving sector.
Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
00:28:46
Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk, Compliance (GRC), and ESG space. She co-authored the book Governance in the Digital Age: A Guide for the Modern Corporate Board Director, co-hosts “The Corporate Director Podcast,” and co-created Diligent Institute’s Certification programs for directors and executives, including AI Ethics & Board Oversight. Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She graduated from the University of Pennsylvania and is a Fellow of the Salzburg Global Seminar Corporate Governance Forum. Diligent and Bitsight recently issued an important report on corporate board oversight of cybersecurity risks.
Dottie Schindlinger, Executive Director of Diligent Institute, joins Michael Volkov to discuss the important findings of Diligent's report.
You'll hear Dottie and Michael discuss:
Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders’ Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range.
Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650.
The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew toward the basic security performance range.
Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization’s performance.
Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Highly regulated industries tend to outperform other industries in terms of cybersecurity performance.
Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall was healthcare at 730.
Nearly a quarter (24%) of companies with basic security performance ratings came from the industrial sector.
The FTX Crypto Exchange Scandal -- Interview of Matt Stankiewicz from The Volkov Law Group
00:39:49
The cryptocurrency industry is a young and rapidly growing one fraught with legal and economic risks. These risks can be exploited by ill-intentioned parties to fill their pockets and fund their lavish lifestyles. One such party is the disgraced founder of FTX, Sam Bankman-Fried (commonly called “SBF”), former darling of Silicon Valley and Wall Street. The FTX exchange was hailed as the gold standard for cryptocurrency, but a series of events led to a bank run and exposed the fraudulent scheme behind-the-scenes. Matt Stankiewicz joins Michael Volkov to discuss the legal ramifications of the fall of FTX and SBF.
Matt Stankiewicz is Partner at the Volkov Law Group, specializing in anti-bribery & corruption controls and compliance programs. Recently, he was responsible for conducting a global anti-corruption compliance audit and testing of Fortune 100 medical device company's activities in ten countries.
Some ideas you’ll hear them explore are:
Having well over 100 subsidiaries across the globe, FTX was the go-to cryptocurrency exchange, even allowing users to trade various derivative products. At its height, the peak daily trading volume on FTX was over $20 billion.
As it turned out, FTX was closely linked to a crypto trading firm called Alameda Research, founded by SBF, who owned 90% of it when it collapsed. It was a crypto hedge fund, Matt comments.
Alameda used FTX to do all their trading and investments, and enjoyed special privileges that were not revealed to the public or to investors. One such privilege was exemption from FTX’s risk management software that required users to use some of their assets as collateral if they were trading on margin.
Lack of regulatory clarity is a major risk in the cryptocurrency industry. This lack of clarity creates opportunities for fraud, as well as challenges for companies trying to comply with regulations.
Companies that adopt strong ethics and compliance programs can mitigate the risks of cryptocurrency and be more successful than those who do not.
One of the biggest appeals of cryptocurrency is that you don't have to deal with an intermediary when transacting.
KEY QUOTE
“One of the benefits of cryptocurrency, which could have prevented a lot of this, is the fact that you can self-custody your assets.”
FCPA Catch UP: DOJ Corsa Declination and SEC Settlements with Flutter and Rio Tinto
00:15:26
The world of FCPA enforcement is always changing, and in this episode of Corruption, Crime and Compliance, Michael Volkov catches us up on three recent enforcement actions. From Corsa Coal's rare declination to SEC settlements with Flutter Entertainment and Rio Tinto, each case offers important insights into the current state of FCPA enforcement. He shares how voluntary self-disclosure, appropriate due diligence processes, and enhancements to compliance programs and accounting controls can help companies avoid penalties and strengthen their position.
You’ll hear Michael discuss these ideas:
Companies are encouraged to voluntarily self-disclose bad behavior to the DOJ, which may result in a declination and significant reductions in penalties.
Corsa Coal earned a rare declination from the DOJ after cooperating in the prosecution of two former executives and meeting their burden to establish inability to pay. Their disgorgement was significantly reduced from $31 million to $1.2 million.
Flutter Entertainment, which acquired PokerStars, was fined $4 million by the SEC for improper payments to Russian-based consultants made by Stars Group, its previous owner. Stars Group failed to conduct due diligence or maintain appropriate written contracts for third parties, leading to bribery violations.
Acquiring companies should conduct appropriate due diligence on the acquired company's FCPA compliance.
Rio Tinto paid $15 million to settle FCPA violations arising from a bribery scheme involving a senior Ghanaian government official. Despite red flags indicating that the consultant was advising the Ghanaian official and preserving Rio Tinto's ability to operate in Guinea, Rio Tinto eventually approved two lump sum payments totaling $10.5 million.
Companies should pay attention to red flags when paying high commissions to sales agents involved in extractive industries.
Rio Tinto implemented enhancements to their compliance programs and accounting controls after FCPA violations.
KEY QUOTES:
"As part of DOJ's push on voluntary self-disclosures in changes to its corporate enforcement policy, they really are encouraging companies to come in and voluntarily disclose when they find bad behavior." - Michael Volkov
"...when acquiring a company, you've got to conduct due diligence and make sure that you do not find any FCPA violations or any problems like that." - Michael Volkov
"Rio Tinto strengthened its ethics and compliance organization, enhanced its code of conduct, as well as its policies and procedures, gifts and hospitality, due diligence, and use of third parties. In addition, Rio Tinto enhanced its whistleblower program and improved its monitoring systems and internal controls related to payments to third parties. Finally, Rio Tinto enhanced its anti-corruption risk assessments and transactions testing and increased training of employees and third parties." - Michael Volkov
Over the last ten years, we have seen a marked shift from the Delaware Chancery Court chipping away at corporate board member liability claims. In a number of seminal cases involving Boeing airplane crashes (In re the Boeing Co. Derivative Litig., No. 2019-0907 (Del. Ch. Sept 7, 2021)), and deadly listeria outbreaks from tainted ice cream (Marchand v. Barnhill, 212 A.3d 805 (Del. 2019)), Delaware Courts have upheld plaintiffs' cases against claims of failing to adequately plead violations of the standards set forth in Caremark, 698 A.2d 959 (Del. Ch. 1996), (establishing basic pleading requirements to withstand motions to dismiss).
In this episode, Mike Volkov provides a comprehensive update on the recent Caremark decisions issued by the Delaware Chancery Court, underscoring their importance for accountability and governance in the corporate world.
Caremark oversight duties stem from the well-established duty of loyalty and its subsidiary duty of good faith. To plead a Caremark claim, a plaintiff is required to put forth adequate facts from which a factfinder can make a reasonable inference that the fiduciary acted in bad faith.
Under Caremark, bad faith can be established when a fiduciary: “(1) utterly fail[s] to implement any reporting or information system or controls," or (2) having implemented such a system or controls, consciously fail to monitor or oversee its operations, which results in a failure to act or attend to a risk or problem requiring their attention or response.
Last year, the Chancery Court made a groundbreaking decision, extending the so-called Caremark oversight obligations and governance requirements to senior management in the McDonald's case. In re McDonald’s Corp. S’holder Derivative Litig., 289 A.3d 343 (Del. Ch. 2023). This ruling is one of the most significant developments in recent years, advocating for increased accountability for oversight and governance failures.
Recent cases, such as the Boeing 737 MAX crashes and the Listeria outbreak from tainted Blue Bell ice cream, have highlighted failures in proper board governance and oversight responsibilities.
In a case involving Segway, the Chancery Court dismissed a motion against an officer for failing to detect financial discrepancies, emphasizing the need to demonstrate a lack of good faith in monitoring central compliance risks.
The trend in Delaware Chancery Court decisions is moving towards holding directors and officers accountable for failures to act in response to indications of potential illegal conduct, with a focus on bad faith actions.
The Boeing case exemplifies the consequences of board members ignoring safety concerns and focusing solely on the bottom line, leading to tragic outcomes that could have been prevented with proper oversight and accountability.
Deep Dive into HHS-OIG Compliance Program Guidance
00:17:18
In this week's episode of Corruption, Crime, and Compliance, we usher in the New Year with a deep dive into something that happened in November of last year. As we begin 2024, it's crucial to reflect on the substantial shifts in the healthcare industry's compliance framework. The HHS Office of Inspector General's Comprehensive Compliance Guidance, released late last year, has set a new standard for healthcare companies, reinforcing the importance of an independent compliance function and outlining a robust framework for effective compliance programs. Michael Volkov meticulously dissects the seven key elements of this groundbreaking guidance, emphasizing its relevance not just in healthcare, but across the spectrum of compliance practices.
You’ll hear Micheal discuss:
The HHS Office of Inspector General issued the Comprehensive Compliance Guidance (GCPG) in November 2023, a significant document for the healthcare industry, emphasizing the need for independent and robust compliance programs.
The guidance is structured around seven core elements: written policies and procedures, effective compliance leadership, training, open lines of communication, enforcing standards, risk assessment, and responsive corrective action for detected offenses.
The role of a Chief Compliance Officer is critical, and they should:
Report directly to the CEO or have independent access to the board,
Have sufficient stature within the entity equal to other leaders,
Demonstrate unimpeachable integrity, judgment, assertiveness and approachable demeanor, and
Have sufficient funding, resources and staff to operate the program.
Emphasizing the separation of legal and compliance functions, the GCPG recommends that compliance officers focus solely on compliance, avoiding roles in legal or financial departments.
The GCPG advises the establishment of a compliance committee, meeting quarterly, with responsibilities spanning legal regulation analysis, policy review, training effectiveness, and annual risk assessment.
The CEO should include a signed introduction in the code of conduct. The board should include a signed endorsement or similar written statement to support the compliance commitment, and entities should review their codes when a new CEO is hired.
Clear communication and board oversight is crucial, and they should be well-informed about compliance programs, and ensure that the compliance officer has sufficient access to them.
How compliance officers and boards should respond when compliance concerns are reported or discovered, and focus on the root causes of the misconduct to prevent recurrence.
How will the DOJ's new corporate whistleblower pilot program reshape the enforcement of corporate criminal conduct? In this episode of Corruption, Crime, and Compliance, Michael Volkov explores the Department of Justice's (DOJ) new corporate whistleblower pilot program, highlighting its potential impact on corporate criminal enforcement. The program, which mirrors aspects of the SEC’s whistleblower program, is designed to incentivize individuals to report misconduct by offering financial rewards. The program is significant for privately held companies and financial institutions not covered by the SEC, marking a notable shift in DOJ's approach to corporate compliance and enforcement.
You’ll hear him discuss:
DOJ’s Whistleblower Pilot Program: The DOJ introduced a three-year whistleblower pilot program that offers financial rewards to individuals who provide original information leading to significant criminal or civil forfeitures. This program, effective from August 1, 2024, mirrors aspects of the SEC’s program but is specifically tailored to corporate criminal enforcement.
Non-Appealable Rewards: Unlike the SEC’s program, decisions made under the DOJ’s whistleblower program are not appealable, minimizing litigation risks for the DOJ.
Focus on Privately Held Companies: The program significantly impacts privately held companies and non-public financial institutions, areas previously not covered by the SEC’s whistleblower program. This shift increases risks for these entities, particularly in cases involving foreign bribery, money laundering, and healthcare fraud related to private insurers.
Incentives for Internal Reporting: The program introduces a 120-day window for companies to act on internal reports of misconduct. If companies fail to take action within this period, whistleblowers can report directly to the DOJ, potentially earning financial rewards, while companies risk losing potential non-prosecution agreements.
Implications for Corporate Compliance: The new whistleblower program pressures companies to enhance their ethics and compliance programs. Companies must now navigate the risks associated with delayed reporting and the potential for whistleblowers to bypass internal controls in favor of DOJ reporting.
Impact on DOJ Enforcement: The program is expected to bolster DOJ’s corporate enforcement actions by encouraging more reports of misconduct, particularly in areas not previously covered by similar programs. However, the adequacy of the reward fund to incentivize significant whistleblower reporting remains uncertain.
How prepared is your organization to handle the evolving landscape of sanctions compliance? In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.
Cases discussed:
British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.
Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.
ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.
Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.
Lessons Learned from Recent FCPA Enforcement Actions -- Philips and Franks Int'l Settlements
00:15:23
Koninklijke Philips manipulated tender processes for medical imaging equipment in China, which resulted in a substantial $62 million fine. On the other hand, Frank's International paid an $8 million settlement for its FCPA violations in Angola, involving questionable commissions to a sales agent. These two cases serve as potent reminders of the risks and challenges that global companies encounter in today's globalized economy, especially when dealing with high-risk countries such as China and Angola. They underline the need for robust ethics and compliance programs, vigilance against bribery and corruption, and strict adherence to local and international laws. In this episode of Corruption, Crime and Compliance, Michael Volkov uncovers the details of these cases that underline the risks and challenges faced by global companies in the contemporary economy.
You’ll hear Michael talk about:
Koninklijke Philips, a Dutch multinational corporation, was penalized with a $62 million fine for contriving multiple schemes to manipulate tender processes for medical imaging equipment in China.
These schemes included strategies like the manipulation of technical specifications, creation of counterfeit bids, and direct payments to state-owned hospital officials in China to restrict competition.
Frank's International, an oil and gas company, paid an $8 million settlement for FCPA violations in Angola. The company had been paying commissions to a sales agent in Angola, knowing there was a high likelihood that these funds would be used to bribe government officials.
Frank's International exhibited a lack of adequate internal accounting controls during this time period. This oversight permitted corrupt practices to proceed undetected.
Angola requires international companies to engage with local businesses. In Frank's case, this was used as a cover to facilitate bribery payments.
Frank's International was informed by a senior Sonangola executive that a restriction against them could be lifted if Frank's established a separate consulting company benefiting a high-ranking Sonangola official and offered 5% of the contract value to this company.
The cases highlight how crucial it is for companies operating in high-risk countries, such as Angola and China, to have comprehensive ethics and compliance programs in place.
These programs must be able to detect and prevent bribery schemes, manipulation of tender processes, and similar malpractices.
The financial records of these companies must accurately represent all transactions and should be reviewed regularly to detect and rectify discrepancies.
Companies should maintain a cooperative attitude with regulatory authorities, report potential violations, and take remedial actions for any identified issues.
KEY QUOTES:
"Koninklijke Philips played a dangerous game manipulating tender processes in China. The $62 million fine they paid is a stark reminder of the consequences." - Michael Volkov
"Frank's International's $8 million settlement is a potent example of what can happen when companies ignore the necessity of robust internal accounting controls." - Michael Volkov
"Operating in high-risk countries demands more than just good business sense. It requires stringent ethics and compliance programs to prevent disastrous legal and economic consequences." - Michael Volkov
DOJ Updates Evaluation of Corporate Compliance Programs
00:13:20
How prepared is your company to handle the evolving risks of artificial intelligence and other emerging technologies in its compliance program? In this episode of Corruption, Crime and Compliance, Michael Volkov delves into the Department of Justice's 2024 updates to its evaluation of corporate compliance programs. As the DOJ continues to set global standards, Michael discusses key updates related to risk management, especially around AI and other technologies. He also covers important shifts in training, whistleblower protections, third-party management, and data analytics, offering a comprehensive overview of what businesses need to consider for effective compliance.
You’ll hear him discuss:
The DOJ raises the bar for corporate compliance, including technology risk management through their updated Compliance Guidance (2024).
Companies must evaluate AI in both business and compliance contexts, ensuring controls for trustworthiness and legal alignment.
Firms need to incorporate lessons from other companies and adapt policies and procedures to reflect emerging tech.
Employee training must now be interactive, tailored, and measured for effectiveness.
With their focus on whistleblower protection, the DOJ emphasizes tracking employee comfort in reporting issues and ensuring protection from retaliation.
Companies are encouraged to continuously monitor third-party relationships beyond the onboarding phase.
Stronger processes are needed for compliance audits and integration after mergers.
DOJ pushes for the use of data analytics tools in compliance and better coordination between HR and compliance teams.
When operations span across borders, navigating local regulations and ethical standards becomes even more crucial. As evidenced by Corficolombiana's case, neglecting these measures can lead to hefty legal ramifications and significant economic repercussions. In this episode of Corruption, Crime and Compliance, Michael Volkov unravels the Corficolombiana and Group Aval scandal, shedding light on the importance of implementing and maintaining robust ethics and compliance programs for global companies.
You’ll hear Michael talk about:
Corfico is a subsidiary of the Colombian financial behemoth, Grupo Aval. The two entities agreed to substantial settlements with both the DOJ and SEC, stemming from allegations of a bribery scheme in Colombia.
It emerged that Corfico had conspired with Odebrecht, a Brazilian construction firm, to pay around $23 million in bribes to influential Colombian government officials to clinch the project. The DOJ's settlement with Odebrecht throws more light on the matter.
Corfico's forthcoming cooperation with both DOJ and Colombian authorities demonstrated their intent to amend their ways.
Corfico embarked on extensive remedial measures, which the DOJ acknowledged and appreciated. This included a comprehensive root cause analysis and subsequent enhancements to their corporate governance and controls.
Corfico also revamped its compliance program, introducing improved reporting, investigation, and disciplinary procedures and revisited its anti-corruption compliance program.
The DOJ extended a 30% fine reduction to Corfico, a significant reprieve. What stood out, however, was the decision against appointing an independent compliance monitor in this case.
Such international scandals accentuate the risks that large projects in foreign lands pose. Drawing parallels with the ABB case, it’s clear that ethics and compliance are non-negotiables for global firms.
KEY QUOTES
“The DOJ credited Corfico's cooperation, citing its production of facts obtained through the company's internal investigation, making numerous detailed factual presentations that distilled certain key factual information producing documents that the government may not have been able to get access to because of foreign data privacy laws providing sworn testimony from Columbia.” - Michael Volkov
“Corfico promptly engaged in extensive remedial measures, including, among other things, conducting a root cause analysis of the bribery scheme identified during the internal investigation. Promptly took the actions to enhance its corporate governance and controls and joint venture entities as well as improved its oversight of noncontrolled joint ventures and investments, overhauled its compliance program… As a result of this, the DOJ awarded Corfico a 30% reduction off the bottom of the applicable guidelines fine range.” - Michael Volkov
“It's always good to look at the underlying conduct, and imagine: If you're working in a company, with your compliance program, would you have been able to detect this? How would your compliance program have prevented this from occurring?” - Michael Volkov
Deep Dive into the Telefonica DOJ Enforcement Action
00:20:11
What does it take for a global telecom giant to get caught up in a bribery scheme involving over $85 million—and what can we learn from their mistakes? How do companies like Telefónica Venezolana manage to conceal millions in bribes through inflated contracts and shell companies, and why do these schemes so often fly under the radar?
This episode dives into Telefónica Venezolana's $85.2 million settlement with the DOJ for bribery violations under the FCPA. Michael Volkov unpacks how the Venezuelan subsidiary exploited a government-controlled currency auction system, paid nearly $29 million in bribes, and concealed it through inflated equipment purchases. The case reveals systemic flaws and offers essential lessons on preventing corporate misconduct.
You’ll hear him discuss:
How Telefónica Venezuela used inflated supplier contracts to fund $28.9 million in bribes
The role of shell companies and intermediaries in concealing bribery schemes
How bribery enabled access to $110 million in undervalued U.S. currency
DOJ's assessment of cooperation, compliance efforts, and penalty reductions
Telefónica’s failure to address red flags in its financial controls and due diligence processes
The importance of vetting third parties and managing high-risk transactions
How Telefónica implemented compliance reforms, including anti-corruption measures and internal audits
Lessons for compliance professionals on detecting and preventing similar schemes
Deep Dive into DOJ and SEC's SAP FCPA Enforcement Action
00:19:31
Bribery is rampant in many countries around the world, and in this episode of Corruption, Crime, and Compliance, we take a look at a recent FCPA case involving SAP, a global software company. SAP’s violations spanned multiple countries, including South Africa and Indonesia, and resulted in prosecution and a hefty $220 million dollar penalty. However, many people were baffled with the resolution of this case. The DOJ lacked aggressiveness and failed to impose an independent compliance monitor. Join the host, Michael Volkov, as he analyzes the intricacies of this case and the implications for FCPA enforcement in the coming years.
The SAP is a recidivist company, but DOJ’s enforcement action against them did not seem to take that into account when holding them accountable for instances of bribery that spanned the globe.
As the DOJ seemed to take a step back, the SEC made an aggressive push to hold companies accountable for violating internal controls, which is what happened in the SAP case.
SAP's repeated failure to follow internal control requirements governing third parties serves as a cautionary tale for companies to ensure that their procedures are not only in place but also actively implemented and monitored.
Clear Channel's former Chinese subsidiary, Clear Media, engaged in deceptive practices to fund illegal payments, including creating false invoices and tax records, but even after internal audits, Clear Channel failed to take aggressive remedial actions.
Clear Channel demonstrated a clear commitment to addressing the issues in the investigation that followed, highlighting the importance of cooperation, as it can lead to more favorable outcomes and potentially mitigate the severity of penalties imposed.
KEY QUOTES
"DOJ is turning its focus and pulling back on FCPA enforcement." - Michael Volkov
"The SAP resolution, which totals only $220 million, was far below the amount that a recidivist should have paid for its global bribery operations stretching into multiple countries." - Michael Volkov
"The SEC's approach demonstrates a more aggressive application of internal control enforcement." - Michael Volkov
"If a company is going to craft these internal controls, the company has to enforce those controls or face serious enforcement risks." - Speaker: Michael Volkov
Matt Stankiewicz on Ripple Decision and Indictment Against Celsius Networks’ CEO
00:27:12
According to critics, there are a lot of gray areas surrounding compliance and the SEC's position on cryptocurrency regulations. Such uncertainty poses challenges for legitimate crypto projects and creates room for fraudulent activities to thrive. Such is the case for Ripple and Celsius, two recent controversies making waves in the crypto world.
Matt Stankiewicz is a Managing Counsel at The Volkov Law Group. His expertise includes financial regulation and compliance, with a focus on securities, anti-money laundering (AML), and cryptocurrency regulation. Given his professional background and interest in crypto regulations, he is a frequent speaker on legal matters concerning cryptocurrency exchanges and the SEC.
You’ll hear Michael and Matt discuss:
The SEC faces criticism for its unclear stance on cryptocurrency regulations. Such uncertainty poses challenges for legitimate crypto projects and creates room for fraudulent activities to thrive.
The Ripple case offers a complex view into how cryptocurrencies are perceived legally. While some sales of XRP tokens were considered securities, others weren't, a distinction that has sent ripples through the crypto world. The case's broader implications, especially with the SEC's decision being appealed, hold immense importance for other companies in similar situations.
Bad actors can exploit innovative technologies and make things worse for everyone else. With the CEO and CRO of Celsius charged with fraud and numerous questionable practices coming to light, the importance of stringent regulations and monitoring becomes abundantly clear.
Strong compliance programs serve as bulwarks against fraudsters and those under sanctions, ultimately safeguarding both the platform and its users. However, regulating an asset as novel and dynamic as cryptocurrency is no easy feat. Critics claim the SEC's approach leans more toward enforcement than establishing clear rules.
Matt underscores the importance of erecting a sturdy compliance structure within the cryptocurrency industry. He emphasizes that such programs are not just regulatory measures but critical tools to ward off fraudsters and maintain the industry's reputation.
KEY QUOTES
“[Crypto] is a brand new asset. It’s virtually impossible to pigeonhole it to any other kind of real-world asset right now.” - Matt Stankiewicz
“Don't cripple the good projects because there’s some bad people out there.” - Matt Stankiewicz
“The SEC just says, well, ‘You should know. You’ve got to figure it out; we're not your attorneys.’ Which is fair in some regard, right? But that said, it's not helpful. The SEC needs to provide some kind of guidance here.” - Matt Stankiewicz
Trade Compliance Trends and Expectations with Gabrielle Griffith
00:33:50
Gabrielle Griffith, Director BPE Global, is an expert in trade compliance issues. Gabrielle assists clients in implementing effective trade compliance programs by addressing improvements within organizations’ people, processes, and systems. In the area of U.S. export controls, she advises clients on compliance with the International Traffic in Arms Regulations, the U.S. Export Administration Regulations, and the various embargo and sanctions programs administered by the Office of Foreign Asset Controls. On import compliance matters, she advises on classification, country of origin, special duty programs such as USMCA, focused assessments, C-TPAT, antidumping/countervailing duty as well as Section 232 and 301 matters. Gabrielle joins Michael to discuss current trade compliance trends and expectations for 2024.
The increase in national security risk has heightened the need for creative thinking to identify potential threats that may not be designated within regulations. This means that companies must go beyond traditional compliance measures and think outside the box to proactively address emerging risks to national security.
Global companies are facing unprecedented risks and challenges in today's economy, leading to a greater emphasis on robust ethics and compliance programs. These programs are essential for promoting positive corporate citizenship and mitigating legal and economic risks associated with corruption and crime.
Trade compliance is no longer a silo within a compliance department but must be integrated into the entire operation of a company. This means that trade compliance considerations should be incorporated into all aspects of a company's business processes, from product development to supply chain management.
The Department of Justice is ramping up efforts to prosecute companies for trade compliance violations, particularly in relation to national security. This increased focus on enforcement means that companies need to be proactive in ensuring compliance with export control regulations and other trade compliance requirements.
Over-controlling trade compliance can hinder business operations while under-controlling can lead to violations. Finding the right balance is crucial. Companies should strive to implement effective trade compliance measures that align with their specific business needs, avoiding unnecessary restrictions while still ensuring compliance with applicable regulations.
The government should collaborate more with industry consultants to bridge the gap between enforcement agencies and companies, ensuring effective communication and guidance. This collaboration can help companies navigate the complex landscape of trade compliance and provide valuable insights to regulators on emerging technologies and industry practices.
DOJ Issues New Compliance Guidance and Focus on Corporate Compliance Systems
00:20:09
The Justice Department is raising the bar on corporate compliance, and Michael Volkov believes we are witnessing a watershed moment. In this episode of Corruption, Crime and Compliance, he explains the significant revisions to the evaluation of corporate compliance programs, the new corporate enforcement policy, and the criminal division's three-year pilot program on compensation incentives and clawbacks.
Some of the ideas discussed in this episode include:
DOJ is raising expectations for corporate compliance programs and incentivizing ethical behavior.
Companies must implement effective employee reporting systems, conduct timely internal investigations, and hold bad actors and weak supervisors accountable for their failures.
DOJ is frustrated with the lack of cooperation between HR and compliance departments and seeks to promote a new era of compliance cooperation and operationalization.
The evaluation of corporate compliance programs now includes a new section entitled Compensation Structures and Consequence Management, which mandates the design and implementation of compensation schemes to foster a compliance culture.
DOJ's three-year pilot program for corporate compensation systems and clawbacks aims to reduce the burden on corporate shareholders and punish individual wrongdoers.
Companies need to bring together senior leadership, business leaders, legal and compliance, and human resources to build together a set of incentives, disincentives and other structural changes to promote an ethical culture of compliance.
DOJ expects companies to implement an effective employee reporting system. The updated guidelines provide specific guidance on how that reporting system ties into the overall advancement of the corporate culture, timely internal investigations, careful root cause analyses, and a new term consequence management.
Companies can earn a fine reduction when they seek to recoup compensation from culpable employees, and prosecutors will have discretion in how to fashion the requirements for the compliance-related compensation and bonus systems.
DOJ's new policy includes important requirements for preservation of data from messaging applications and texting systems, and companies need to tailor communications data preservation policies to the specific risk, profile, and needs of their business.
KEY QUOTES:
"DOJ's intent here is just unmistakable. Companies have to monitor, detect, and prevent future wrongdoing, and they have to hold bad actors and weak supervisors accountable for their failures." - Michael Volkov
"To the extent that compliance and HR departments fail to coordinate and fight over turf, companies will face increased risks of a defective ethics and compliance program, employee misconduct rates will rise, and government investigation risks will rise as well." - Michael Volkov
"Finally, with respect to risk management, companies have to ensure that they are appropriate consequences to executives and employees who fail to comply with communications and data preservation requirements. " - Michael Volkov
Deep Dive into SCG Plastics' $20 Million Settlement with OFAC to Resolve Violations of Iran Sanctions Program
00:13:07
OFAC is capable of extending a long arm of enforcement, reaching sometimes non-U.S. companies that may "cause" another company to violate U.S. Sanctions laws. If you need to find an example of this long reach, look no further than OFAC's recent settlement with SCG Plastics ("SCG"). In this settlement, SCG, a Thai company that sells plastic resins, agreed to pay $20 million for violations of the Iran Sanctions Program.
In this episode, Michael Volkov explores the series of actions that led to that $20 million dollar settlement, and the consequences.
In a recent enforcement action, SCG Plastics paid OFAC $20 million to resolve violations of the Iran sanctions program, showcasing OFAC's far-reaching jurisdiction.
SCG Plastics caused U.S. financial institutions to process $291 million in wire transfer sales of High-Density Polyethylene Resin (HDPE) of Iranian origin from 2017 to 2018, which violated the Iran sanctions program.
SCG Plastics voluntarily disclosed 10 violations but did not disclose 457, which led to OFAC determining all 467 violations as egregious.
The size of the settlement was due to multiple aggravating factors: SCG Plastics willingly engaged in a multi-year pattern of conduct designed to circumvent the Iran sanctions program, causing significant harm to OFAC sanction policy objectives while earning substantial revenues.
Importantly, commercial activity that may fall outside the jurisdiction of OFAC sanctions can still result in a violation when the financial transactions related to the activity are processed through or involve U.S. financial institutions.
OFAC emphasized the risks for non-U.S. companies engaging in conduct that causes U.S. persons to violate sanctions, in this case processing the transactions, which would not have been done with adequate disclosure, highlighting the importance of compliance with U.S. sanctions and export control laws.
Crypto Conundrum: Coinbase vs. SEC - A Deep Dive with Matt Stankiewicz
00:27:34
The complex relationship between digital currencies and global financial regulations is highlighted yet again with the SEC’s recent crack down on major crypto exchanges Binance and Coinbase. Michael Volkov welcomes Matt Stankiewicz, also known as Crypto Max, to share his insight on these ongoing cases. He discusses the implications these enforcement actions might have on the industry, the securities law-related legal issues, and the internal mechanics of these exchanges.
Matt Stankiewicz is a Managing Counsel at The Volkov Law Group. His expertise includes financial regulation and compliance, with a focus on securities, anti-money laundering (AML), and cryptocurrency regulation. Given his professional background and interest in crypto regulations, he is a frequent speaker on legal matters concerning cryptocurrency exchanges and the SEC.
You’ll hear Michael and Matt discuss:
The SEC's enforcement actions hinge on their assertion that Binance was serving US customers without the proper registration, thereby violating securities laws. They allege that Binance knowingly allowed and even encouraged US customers to utilize their offshore platform, enhancing their profits and trading volumes but breaching US regulations in the process.
Rather than directly challenging the status of specific tokens, the SEC is targeting exchanges like Binance and Coinbase. By regulating these exchanges, the SEC could effectively control the access points to the crypto industry, thus having a broader impact.
Binance is preparing for a legal fight with the SEC over these compliance issues, including allegations of wash trading to artificially inflate trading volume. The platform's potential troubles are linked to similar issues faced by FTX and their trading arm, Alimator Research.
Given the recent pattern of the SEC bringing complaints without the DOJ pursuing criminal cases, it’s unlikely that the DOJ will bring a criminal case against Binance.
Coinbase's IPO was approved by the SEC despite allegations that the company had engaged in illegal activities related to the trading of unregistered securities. The SEC argues that the approval of an IPO doesn't guarantee the legality of the company's underlying operations, but this could be seen as contradictory to the SEC's stated role of protecting investors.
Coinbase, in attempting to comply with securities regulations and being continuously rebuffed by the SEC, is the most compliant cryptocurrency exchange. However, should the SEC crack down on Coinbase and other major U.S. exchanges, it could push investors to offshore exchanges where the SEC has limited jurisdiction and where there is a higher risk of fraud.
KEY QUOTES
“The SEC is taking obvious actions to show that they are very aggressive in their enforcement actions.” - Matt Stankiewicz
“This is a perfect reminder for everyone listening, whether you're into crypto or not. If you are working internally with your email or you're in [a] corporate chat, that can all be discoverable in future litigation. And you need to be careful what you say.” - Matt Staniewicz
“It is a very poor look in the court of public opinion for the SEC to stand on the ground of saying, ‘We are here to protect investors,’ but [avoid] stopping this before investors have a chance to throw all their money in that IPO.” - Matt Stankiewicz
2024 DOJ and OFAC Sanctions Enforcement and Compliance Review
00:21:49
How will your company withstand the heat of aggressive sanctions enforcement? Are you ready for the DOJ’s new priorities and OFAC’s expanding reach in 2025? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the major sanctions enforcement trends from 2024 and the road ahead under the new Trump administration. From record-breaking DOJ prosecutions to OFAC’s innovative enforcement approaches, Michael explains how sanctions compliance is more critical than ever. He highlights the biggest cases of the year, uncovers common pitfalls that led to costly penalties, and outlines how businesses can navigate shifting regulatory priorities. Whether it’s integrating compliance in M&A or addressing the risks of evolving China and Iran sanctions, this episode delivers actionable insights for staying ahead of enforcement risks.
You’ll hear him discuss:
The DOJ’s record-breaking prosecution of 70 individuals in 2024 and predictions for a surge in enforcement in 2025.
OFAC’s evolving enforcement strategy, including secondary sanctions tied to U.S. dollar transactions and new compliance commitments.
Key lessons from major enforcement actions like SCG Plastics, Aotech, and MondoTV, which paid millions for sanctions violations.
The consequences of neglecting sanctions compliance during mergers and acquisitions, including inherited liabilities and enforcement risks.
Predictions for heightened scrutiny on trade with China, aggressive tariffs, and evolving Iran sanctions under the new administration.
How emerging issues like advanced computing, AI, and dual-use technologies are becoming focal points for sanctions enforcement.
The role of voluntary self-disclosure in mitigating penalties, with examples of companies that uncovered and corrected compliance gaps.
DOJ Charges Visa with Monopolization and Exclusionary Conduct in the Debit Card Market
00:10:49
What happens when a single company dominates a crucial segment of the financial market? In this episode, Michael Volkov explores the Justice Department's recent antitrust lawsuit against Visa, highlighting allegations of monopolization and exclusionary practices in the debit card market. With Visa controlling over 60% of debit transactions in the U.S., the DOJ aims to restore competition and prevent further stifling of innovation in this vital financial sector. Tune in as Michael breaks down the case details, Visa’s strategic responses, and the implications for the broader financial landscape.
Listen in as Michael discusses:
The DOJ has charged Visa with monopolization and exclusionary conduct under Sections 1 and 2 of the Sherman Act.
Visa holds over 60% of the U.S. debit transaction market, with MasterCard as its closest competitor at 25%.
The complaint alleges Visa engages in exclusionary agreements that penalize banks and merchants for using alternative debit networks.
The 2010 Durbin Amendment aimed to increase competition but has had minimal effect on Visa’s dominance, leading to ongoing scrutiny.
Visa's strategies include partnering with potential competitors while leveraging significant market power to suppress competition.
Following successes in technology sector enforcement, the DOJ is now expanding its scrutiny into financial markets, indicating a potential shift in antitrust enforcement dynamics.
What’s the real cost of keeping corporate misconduct hidden? In this episode of Corruption, Crime and Compliance, Michael Volkov explores how the DOJ's recent declinations highlight the risks and rewards of voluntary self-disclosure. By examining two key cases, Michael illustrates how companies can avoid prosecution through cooperation but still face significant penalties, like disgorgement. The episode underscores the importance of transparency and robust compliance programs in navigating DOJ enforcement strategies.
Key Points Covered:
Declinations Explained: While DOJ declinations allow companies to avoid criminal charges, they require disgorgement of illegal profits.
Boston Consulting Group Case: BCG reported bribery violations related to securing contracts in Angola. The company earned a declination by cooperating with DOJ, firing involved employees, and enhancing compliance. Total disgorgement: $14.4 million.
Hitachi Cable (Proterial) Case: Hitachi Cable disclosed fraudulent safety violations in its motorcycle brake hoses. The company’s proactive disclosure and internal reforms led to a declination. Disgorgement: $15.1 million, with partial credit for prior payments.
The Risk of Concealment: Companies that hide misconduct face higher penalties. Voluntary disclosure offers the potential for leniency through declinations.
DOJ’s Corporate Compliance Focus: DOJ continues to push for transparency and proactive corporate compliance, using declinations as a tool to incentivize self-reporting and improve internal controls.
McKinsey & Company Pays $122 Million to Resolve FCPA Violations in South Africa
00:14:45
What went wrong when McKinsey paid bribes to secure consulting contracts with South Africa's state-owned enterprises? In this episode, Michael Volkov dives into the December 2024 DOJ settlement with McKinsey & Company, which paid $122 million after being found guilty of paying bribes to officials at Transnet and Eskom to secure valuable consulting contracts. The case involved significant violations of the Foreign Corrupt Practices Act (FCPA) and highlights the risks companies face when failing to implement effective compliance programs.
You’ll hear him discuss:
The details of McKinsey's settlement with the DOJ for $122 million, including the 35% discount and the cooperation credits granted by the government.
The role of Vikas Sagar, McKinsey's former senior partner, and his guilty plea in 2022 for orchestrating bribery payments.
How McKinsey Africa used sensitive, non-public information obtained through bribes to secure multi-million dollar contracts with Transnet and Eskom.
The ongoing issue of engaging third-party intermediaries and the importance of conducting thorough due diligence before entering into business relationships.
The lessons learned from McKinsey’s lack of proper oversight and controls that allowed a small group of corrupt executives to facilitate bribery schemes.
The broader impact of local content requirements in international business and the associated risks of partnering with unqualified entities that have ties to corrupt government officials.
In this episode of the Crime, Corruption, and Compliance podcast, Michael Volkov forecasts the compliance and ethics trends that will be significant in 2023. He emphasizes the crucial role ethics and compliance play in the corporate governance landscape, the increasing relevance of ESG, and highlights the need for robust ethics and compliance programs even in the C suite.
Key ideas in this episode:
The need for robust ethics and compliance programs with adequate resources.
Boards and CEOs who fail to understand the importance of these programs are “doomed”.
Culture and ethics will be top priority in 2023.
The importance of C suite risk assessments and third-party risk management. “CCOs need to reach out to internal audit and their CFOs to enlist their support for a simple proposition, and that is that we need to design and implement financial controls applicable to the C Suite that are tailored to the relevant risks,” Michael says.
The evolution of third-party risk management to become a more holistic concept. “The ability to address, monitor and collect data on your third parties also with the evolving risk landscape led to this transformation,” Michael points out. “The fast pace of this transformation is going to continue.”
CCOs and compliance officers need to ask questions surrounding internal controls and accounting controls.
Compliance professionals will participate more deeply in financial control review and responsibility.
KEY QUOTES:
“CCOs need to reach out to internal audit and their CFOs to enlist their support for a simple proposition, and that is that we need to design and implement financial controls applicable to the C Suite that are tailored to the relevant risks.” - Michael Volkov
Person of the Year: The Trade Compliance Officer Featuring Alex Cotoia
00:18:32
Trade compliance officers were recognized as the "Person of the Year" in 2022. Michael Volkov welcomes Alex Cotoia, Regulatory Manager, to discuss this development. Alex sheds light on the challenges faced by these professionals over the past year: from navigating the global pandemic to ensuring compliance with sanctions regulations, trade compliance officers have done it all.
Alex Cotoia, Regulatory Manager at The Volkov Law Group, is a seasoned trade compliance expert with extensive knowledge across ITAR compliance, BIS compliance of commerce, and opacity sanctions. She brings valuable insights on the crucial role of compliance in the world's rapidly changing landscape.
Key ideas you’ll hear Michael and Alex discuss:
The unprecedented challenges faced by trade compliance professionals. The global pandemic and the rapid and constant changes in the regulatory climate had a major impact on trade compliance professionals.
The importance of trade compliance professionals was demonstrated this year, as they were seen as unsung heroes who played a crucial role in ensuring compliance with regulations.
The invasion of Ukraine by Russia led to a more fulsome political response compared to the invasion of Crimea in 2014, which further highlights the significance of trade compliance in today's world.
The recommended approach for trade compliance is to consider the market exposure to sanctions risk and adopt measures that are reasonably designed to deter and detect infractions.
Increased importance of end-user certificates: The use of end-user certificates became more important in ensuring compliance with regulations in exports to Russia.
Michael and Alex emphasize the need for verifying the end use of products purchased from a third party to ensure it's for a permissible purpose.
Alex stresses the need for international organizations with broad exposure to invest heavily in trade compliance, including having a trade compliance officer and choosing the right tools. Michael highlights the importance of integrating the overall trade compliance function into the overall ethics and compliance function. This requires a strategic approach for trade compliance and sanctions risks, including education, internal controls, and technology solutions that integrate sanction screening, third-party risk management, incident reporting, and trade compliance.
The responsibility for internal controls lies with the leadership team and the board of directors.
Trade compliance should be part of compliance education.
Trade compliance is an industry that's here to stay.
KEY QUOTES:
“Consider where the greatest sanction risk lies from a market exposure perspective and then adopt measures that are reasonably designed to deter and detect inflections.” - Alex Cotoia
Justice, Commerce and Treasury Departments Issue Comprehensive Tri-Party Voluntary Disclosure Guidelines for Sanctions and Export Control Violations
00:13:49
Companies must take a proactive approach to sanctions and export control compliance to mitigate potential risks. This includes implementing rigorous compliance programs, cooperating with the DOJ, and promptly disclosing and remedying violations. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the latest joint compliance notice issued by the DOJ, Department of Commerce, and Department of the Treasury. This notice provides crucial guidelines on voluntary disclosure for sanctions and export control violations, shedding light on the increasing enforcement of such controls. He discusses the intricate relationship between sanctions enforcement and the FCPA and offers a keen understanding of how businesses can safeguard their interests and comply with global standards.
You’ll hear Michael talk about:
The landscape of sanctions enforcement is rapidly evolving, with the Department of Justice (DOJ) and the National Security Division designating 25 prosecutors to handle sanctions compliance violations.
Corporate resolutions are becoming the driving force behind settlement processes, and these resolutions could become significant revenue streams for the DOJ. In light of these developments, companies must prioritize sanctions and export control compliance to mitigate potential risks.
The DOJ's Joint Criminal Enterprise (JCE) Guidance provides a detailed guideline for voluntary disclosures of possible violations. The JCE Guidance emphasizes the importance of prompt disclosure and swift remediation after uncovering potential violations.
Generally, the DOJ will not seek prosecution if a company fully discloses a violation, cooperates wholeheartedly, and takes remedial actions. However, this is not a blanket assurance; aggravating factors such as widespread criminal activity or attempts by upper management to conceal violations can influence this stance.
Voluntary self-disclosure is not merely a bureaucratic step; it can potentially be a shield, allowing companies to significantly reduce or even bypass criminal liability.
Full cooperation entails timely preservation of pertinent documents, streamlined witness interviews, and proactive identification of avenues for in-depth DOJ investigation.
Implementation of rigorous compliance programs, complemented by suitable disciplinary actions, can tilt the scales in favor of companies during evaluations.
The JCE Guidance underscores recent modifications to the disclosure and enforcement policies adopted by the Bureau of Industry and Security (BIS) and the Office of Foreign Assets Control (OFAC). Notably, the BIS has ramped up penalties for companies that remain tight-lipped about significant potential violations.
The efficacy of a compliance program, particularly its prowess in identifying and rectifying compliance gaps, plays a monumental role in BIS case resolutions.
KEY QUOTES
“Companies are about to face aggressive, coordinated prosecutions for sanctions and export control violations.” - Michael Volkov
“[The] DOJ noted that a prompt, voluntary self disclosure provides a means for a company to reduce, and in some cases, avoid altogether, the potential for criminal liability moving forward, where a company voluntarily self discloses potentially criminal violations, fully cooperates, and timely and appropriately remediates the violations.” - Michael Volkov
“The existence, nature, and adequacy of a company's compliance program, including its success at self identifying and rectifying compliance gaps, is itself considered a factor under settlement guidelines.” - Michael Volkov
The SEC's recent settlement with Deere & Company for $9.9 million for FCPA violations is another textbook example of bribery schemes, which revealed the absence of a culture of compliance, and the circumvention of basic entertainment, hospitality and travel expense controls. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the SEC’s $9.9 million settlement with Deere & Company following widespread FCPA violations by its subsidiary, Wirtgen Thailand. Michael discusses how the bribery schemes, involving government officials in Thailand, reveal significant failures in compliance oversight and corporate governance, while also highlighting the critical lessons for businesses aiming to avoid similar pitfalls.
Key Insights:
Deere’s subsidiary, Wirtgen Thailand, secured government tenders through cash bribes, entertainment at massage parlors, and lavish trips for officials from the Royal Thai Air Force (RTAF), Department of Highways (DOH), and Department of Rural Roads (DRR).
Wirtgen disguised entertainment and bribe payments in expense reports with vague descriptions and round-number amounts, which were improperly approved by regional managers.
Wirtgen organized extravagant trips disguised as factory visits for Thai officials, which included sightseeing and luxury hotels in Europe. These trips were arranged to win government tenders but involved no legitimate business activities.
Bribes were also funneled through a third-party consultant via sham commission agreements. This consultant acted as a middleman, facilitating bribe payments to government officials to secure high-value tenders.
Deere's failure to fully integrate Wirtgen into its compliance program after acquisition allowed the bribery schemes to continue. This highlights the risks of not harmonizing compliance protocols in newly acquired subsidiaries.
In response to the SEC investigation, Deere terminated employees involved in the misconduct, revamped its compliance program, and introduced initiatives like a bi-monthly compliance newsletter and enhanced anti-bribery training.
The Murad OFAC Settlement and Sanctions Compliance Lessons Learned
00:14:30
“This [Murad OFAC] enforcement action reflects the fact that OFAC, in recognition of the increasing seriousness of sanctions enforcement, is taking more time to provide guidance through some of their enforcement actions,” Michael Volkov tells listeners. In this episode of Corruption, Crime and Compliance, Michael unpacks the recent enforcement action by OFAC against California-based cosmetics company, Murad. He offers detailed insight into the case, going beyond the headlines and examining the underlying issues that led to the violations, and drawing out key compliance lessons.
You’ll hear Michael talk about:
The Murad enforcement action is significant because it highlights OFAC's increasing focus on sanctions enforcement and the need for global sanctions compliance organizations to have strong local oversight.
Over an eight-year period, Murad illegally exported goods and services to Iran in 62 transactions worth approximately $11 million. The company and a former senior executive were penalized, paying $3.3 million and $175,000 respectively.
OFAC acknowledged Murad's voluntary disclosure of the conduct but still categorized the violations as egregious.
The conspiracy involved an exclusive agreement to sell Murad's products in the Middle East, including Iran, and continued even after Murad's acquisition by Unilever.
The key compliance deficiencies cited by OFAC: These include absence of a specific sanctions compliance program, participation of high-level executives in illegal conduct, and lack of understanding of OFAC sanctions by staff based in the United Kingdom.
OFAC emphasizes the need for senior management to commit to a culture of compliance and advises against placing a U.S. entity under the compliance structure of a non-U.S. entity that may lack familiarity with U.S. sanctions.
Unilever's failure to uncover Murad's ongoing contracts with Iran demonstrates the need for robust due diligence and integration processes during acquisitions.
KEY QUOTES:
“OFAC specifically cited that, ‘In some circumstances, placement of a US entity under the compliance structure of a non-US entity that may lack familiarity with US sanctions could prevent prompt identification of and response to potentially prohibited conduct’. In other words, you have to have local boots on the ground, you have to have sanctions expertise in your US operations even though you're owned by a foreign global company." - Michael Volkov
"It's important to have people dedicated to the OFAC sanctions compliance process and to make sure that expertise is available to the business within the United States." - Michael Volkov
"To this end, OFAC stated that senior executives with managerial responsibilities should take particular care to ensure awareness of applicable prohibitions and refrain themselves from engaging in sanctions violations. " - Michael Volkov
Bobby Butler on the Compliance Profession and the Future of Compliance
00:28:24
Bobby Butler joins Michael Volkov on this episode of Corruption, Crime and Compliance, to explore the evolution of compliance over 20 years. While enforcement actions sparked major progress, Bobby contends compliance is moving firmly into the realm of competitive advantage and performance multiplier. Millennials and younger generations ‘vote with their feet’, demanding ethical cultures, so compliance may increasingly drive talent retention as well.
Bobby Butler has over 20 years of experience building world-class ethics and compliance programs. In his early career, he investigated export control issues and quickly became passionate about compliance. Known for his persistence and commitment to finding solutions, he is a pioneer who helped elevate compliance from an ad hoc function to a strategic asset.
You’ll hear Michael and Bobby discuss:
In the early 2000s, compliance programs were sparked by reactions to major DOJ enforcements rather than proactive investments. Companies finally dedicated ample resources when faced with "shock and awe" consequences.
Bobby got his start investigating export controls issues at Conoco after unlawful server exports to Syria. He quickly became passionate about trade compliance and then FCPA compliance during the explosion of enforcements in the mid-2000s.
Working at ground zero compliance teams at Vetco and Baker Hughes during monitorships gave Bobby deep experience with elements of gold standard compliance programs long before codified evaluation criteria.
Bobby argues justifying significant resources without an enforcement action catalyst remains extremely challenging. Compliance fights for a seat at the table and has to insert compliance considerations into business meetings.
Persistence and consistency in messaging are critical for credibility and influence as a compliance officer. Strong yet flexible personalities tend to thrive compared to introverts.
Compliance has to focus on finding creative solutions to enable opportunities: frame compliance as a competitive advantage and performance multiplier.
Tactics Bobby used to persuade executives include tying bonuses to compliance training completion, positioning compliance in sales materials and constant insertion into business meetings.
The compliance skill set has grown into a dedicated career path with specialized education channels, not just a secondary legal role.
Bobby sees government enforcements continuing to increase given complex technologies and geopolitics.
KEY QUOTES
“...we have to find ways for the business to grow. We've got to be sitting there at the table with them thinking of solutions. The more brain power you put at problem solving and doing it in a compliant way, that's how you build trust with people.” - Bobby Butler
“And every day that goes by, when there's not a compliance issue and you can certify that controls have passed and the elements are there and you have outside counsel come in and do an assessment of your program and you continuously improve and each day goes by and you don't have an issue. Well, there's another positive impact to the investment and the return on shareholder value and more importantly, the company brand.” - Bobby Butler
“...we're out there preaching the good news that compliance can be a good thing. Because at the end of the day, when the company does get in trouble, compliance sets policy, sets voluntary boundaries where the law sets mandatory boundaries.” - Bobby Butler
Cryptocurrency and Sanctions Compliance with Matt Stankiewicz
00:22:53
Cryptocurrency has become a popular way to invest and transact, but with that comes the need for sanctions compliance. In this episode, Michael Volkov and Matt Stankiewicz discuss the recent enforcement actions against Poloniex, Bittrex, and Kraken for violating US sanctions regulations with cryptocurrency transactions. Matt is a Partner at Volkov Law and a leading cryptocurrency expert. He and Michael dive into the common themes and basic failures that led to these enforcement actions, including IP blocking, transaction monitoring, and the use of screening tools. They also explore the challenges of compliance when dealing with regions like Crimea and Ukraine, as well as the importance of voluntary disclosure.
You’ll hear Michael and Matt talk about:
Cryptocurrency companies are struggling to implement KYC and geo-blocking controls, which is leading to violations involving sanctioned jurisdictions.
OFAC is taking an aggressive stance against cryptocurrency companies. Companies in the cryptocurrency industry need to implement effective sanctions compliance programs to avoid hefty fines and enforcement actions from regulatory authorities.
There is no materiality requirement for sanctions violations, and even small transactions can result in multimillion-dollar fines.
Retroactively applying controls to existing customers is important, and failing to do so can lead to violations.
Companies need to have a comprehensive and automated system in place to detect and prevent violations.
Companies need to be vigilant about screening individuals and transactions against the relevant sanctions lists, including screening field text, addresses, and ID cards.
Geo-blocking for IP addresses is a crucial compliance control, but it is not perfect and can be circumvented by VPNs.
Voluntary disclosure of violations can lead to more favorable outcomes and lower fines from regulatory authorities.
OFAC and other regulatory authorities are using analytical tools to monitor transactions and flag potential violations, so cryptocurrency companies should not assume they can go under the radar.
Companies can use the public blockchain to monitor transactions and identify potential sanctions risks.
Sanctions compliance programs should be regularly reviewed and updated to address new risks and changes in regulations.
KEY QUOTES
"There are a lot of tools available to these companies to monitor transactions, maybe better than in the traditional finance world, just because everything on the blockchain is public record essentially." - Matt Stankiewicz
"It's just interesting to see OFAC go so aggressively against these companies. Not too surprising considering the extreme sanctions risk that cryptocurrency poses. Very importantly, there's still a lot of takeaways that really any industry can take away from these enforcement actions." - Matt Stankiewicz
"If you find problems, obviously you want to remediate them, but figure out what you need to do in terms of voluntary disclosures, because typically you'll be much better off than if OFAC figures it out on their own, which they usually do." - Matt Stankiewicz
Eddie Green, CEO of SnippetSentry, on Communications Preservation Risks
00:23:38
Companies have a vested interest in preserving internal communications for a variety of reasons -- to hold actors accountable and to protect the organization from potential private and government claims or investigations that may have serious direct or collateral consequences. Companies that want to use ephemeral messaging systems can do so, but they have to understand the risks involved and tailor appropriate controls and procedures to avoid potential damage.
DOJ's Evaluation of Corporate Compliance Programs ("ECCP") released in March 2023 authorized companies to use ephemeral messaging but emphasized several important risk considerations and controls needed to preserve robust record-keeping requirements. DOJ's ECCP identifies three significant areas for consideration: employee use of personal devices, availability of communications platforms (e.g., Jabber, Slack, Teams, Google, Zoom), and messaging applications, including ephemeral messaging. DOJ's ECCP noted that a company's policies governing messaging applications "should be tailored to the corporation's risk profile and specific business needs and ensure that, as appropriate and to the greatest extent possible, business-related electronic data and communications are accessible and amenable to preservation by the company.")
In this podcast, Michael Volkov and Eddie Green, CEO of SnippetSentry, discuss current communications preservation requirements and technical solutions to meet them.
You’ll hear them discuss:
Companies are rapidly embracing and elevating the importance of robust ethics and compliance programs to promote positive corporate citizenship. This shift reflects a growing awareness of the significance of ethical practices in today's business landscape.
Eddie discusses the significance of preserving communications data in today's business landscape, given the evolving nature of communication technologies and the need for proactive data preservation strategies.
SnippetSentry's service allows users to seamlessly connect their phones to ensure all texts are archived without altering their day-to-day operations, allowing integration of compliance measures seamlessly into existing workflows.
The evolution of email preservation serves as a blueprint for understanding the importance of preserving text messages in modern business communication. Reflecting on past practices can provide valuable lessons for adapting to the changing landscape of communication data preservation.
Compliance mandates, such as those set by the SEC, emphasize the necessity of preserving text records to ensure regulatory adherence and mitigate risks, underscoring the critical role of data preservation in maintaining transparency and accountability in business operations.
The collaboration between compliance, IT, and information security professionals is crucial in developing policies and procedures to safeguard data and mitigate communication risks.
Financial institutions and other industries are increasingly adopting sophisticated data preservation strategies to protect intellectual property and ensure regulatory compliance. This proactive stance reflects a growing recognition of the importance of data security and compliance in safeguarding business interests.
You have to give the Justice Department credit - after two slow enforcement years, DOJ is starting off 2024 with a relative "bang;" first, DOJ reached a large settlement with SAP in January, and now, DOJ has reached a blockbuster settlement with Gunvor S.A. for $661 million. Gunvor is one of the world's largest commodities trading companies. DOJ's settlement represents a "return" to its long-standing aggressive approach to FCPA enforcement. DOJ did not permit Gunvor to enter into a deferred or non-prosecution agreement. Instead, DOJ required Gunvor to plead guilty to one count of FCPA conspiracy. Following the plea agreement, the court sentenced Gunvor to pay a criminal monetary penalty of $374,560,071 and to forfeit $287,138,444 in ill-gotten gains. The sentence includes credits of up to one-quarter of the criminal fine each for amounts Gunvor pays to resolve investigations by Swiss and Ecuadorean authorities into the same misconduct so long as the payments are made within one year. The Office of the Attorney General of Switzerland simultaneously announced a parallel resolution of its investigation into Gunvor’s misconduct that involved the payment of approximately $98 million by Gunvor to Swiss authorities. Gunvor's conduct stretched over nearly a decade and involved systemic bribery payments to officials of the Ecuadorian Ministry of Hydrocarbons and Petroecuador, the Ecuadorian state-owned oil company, in exchange for valuable contracts to acquire oil products. In total, Gunvor earned more than $384 million in profits from the business it corruptly obtained related to Petroecuador. In this episode, Michael Volkov reviews the Gunvor FCPA settlement.
Gunvor's recent $661 million FCPA settlement with DOJ for bribery in Ecuador signifies a return to aggressive enforcement. The plea agreement and forfeiture highlight the consequences of anti-corruption violations for global companies.
Prior individual enforcement actions preceded Gunvor's corporate resolution, showcasing a pattern in FCPA cases. The company's cooperation, including document production and internal investigation, played a crucial role in the resolution.
Gunvor's implementation of remedial measures post-bribery scheme reflects a commitment to compliance. Enhancements to ethics programs and controls demonstrate a proactive approach to mitigating risks and ensuring regulatory compliance.
The bribery scheme involving corrupt third parties and shell companies underscores the importance of robust monitoring and due diligence. Gunvor's delayed response to red flags highlights the need for swift action in high-risk activities.
Gunvor's cooperation with the investigation, including sharing facts and facilitating interviews, showcases a commitment to transparency and accountability. Collaboration with authorities is essential in resolving compliance issues and maintaining credibility.
SEC Suffers Dismissal of Claims in Solarwinds Securities Fraud Case
00:12:22
A New York federal district judge handed down a significant decision dismissing much of the SEC's securities fraud enforcement action against SolarWinds arising from its claims relating to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack against the SolarWinds' network. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses the significant dismissal of most of the SEC's securities fraud claims against SolarWinds by a New York federal district court. The case highlights the ongoing challenges in balancing cybersecurity disclosures with regulatory requirements, and the implications this ruling might have for future SEC enforcement actions.
You’ll hear him discuss:
Judge's Decision: The court ruled that the SEC's claims were overly reliant on hindsight and speculation, particularly regarding SolarWinds’ early-stage disclosure during the investigation of cyber incidents.
Pre- and Post-Sunburst Disclosures: While the court upheld charges related to SolarWinds' pre-Sunburst cybersecurity statements, it dismissed the SEC’s claims about the company’s post-Sunburst disclosures, finding them not misleading under the circumstances.
Internal Controls vs. Cybersecurity: The court rejected the SEC's attempt to apply internal accounting controls provisions to cybersecurity policies, marking a significant limitation on the SEC's enforcement scope.
Implications for SEC's Approach: This decision contradicts the SEC's previous stance in cases like R.R. Donnelly, potentially influencing future SEC actions regarding cybersecurity and internal controls.
Broader Impact: The ruling may affect how cybersecurity risks are reported and how companies manage their disclosure obligations, particularly in light of potential appeals and further litigation by the SEC.
Updating Your Risk Priorities for the New Trump Administration
00:15:04
Are You Ready for the Next Wave of Corporate Risk? Corporate risks are shifting, and every board, C-suite, and compliance team must take a fresh look at their risk landscape. While some risks like cybersecurity, data privacy, and artificial intelligence remain high priorities, others—such as anti-corruption and antitrust enforcement—are evolving in unexpected ways. With regulatory changes and new enforcement priorities emerging, businesses must stay ahead of the curve to avoid costly missteps. In this episode of Corruption, Crime & Compliance, Michael Volkov unpacks the latest updates in FCPA enforcement, antitrust scrutiny, and trade compliance. With the DOJ shifting its focus, companies need to prepare for the new compliance reality.
You'll Hear Him Discuss:
Why companies must reassess their risk priorities in today’s unpredictable business environment, as corporate risks continue to shift in response to new regulatory and enforcement trends.
The impact of the FCPA enforcement pause, what it really means for global businesses, and why companies cannot afford to dismantle their anti-corruption programs despite the temporary halt in enforcement.
How the DOJ is shifting its focus toward prosecuting criminal cartels and transnational organizations, and what that means for businesses operating in high-risk regions or industries.
The evolving landscape of antitrust enforcement, including key takeaways from Gail Slater’s confirmation hearing and how the administration’s new approach may impact high-tech competition cases.
How businesses should prepare for heightened tariffs, trade compliance risks, and increased customs enforcement, particularly as the U.S. targets imports from China, Southeast Asia, Mexico, and Canada.
Why workplace immigration enforcement is becoming a bigger concern, with the government ramping up workplace raids, audits, and compliance checks for companies employing immigrant workers.
The growing scrutiny around government grants, the potential for fraud investigations, and how businesses receiving federal funds must ensure strict compliance with evolving regulatory requirements.
2022 saw higher numbers of FCPA enforcement actions, settlements, and criminal prosecutions of individuals. One of the most important developments was the update of policy in the Monaco Doctrine, which was elaborated on in the Monaco Memo, providing important guidance for compliance professionals. Tom Fox joins Michael Volkov to discuss some of the more interesting cases from the past year.
Tom Fox is hailed as the Voice of Compliance, serving and evangelizing for the compliance community for over 15 years. He is the founder and creator of the Compliance Podcast Network where he hosts various podcasts, such as Innovation In Compliance and the ESG Report, and the Executive Leader at the C-Suite Network.
Some ideas you’ll hear them explore are:
The DOJ is getting better at communicating with the compliance community through resolution documents like DPA, NPA, and, occasionally, declinations. These documents provide insight into the DOJ's thinking and approach to cases, which compliance professionals can use to gain a better understanding of how to approach compliance issues.
In Tom’s upcoming book, “FCPA Year in Review 2022,” he highlights the KT Corp bribery case, which went back to the basics in its old-school rendition of corruption: bags of cash money. The lesson here is that bribery can be as simple as a $50 slipped into a handshake.
In the curious case of Glencore, the FCPA enforcement action taken against them reflects the DOJ’s focus on defective cultures within companies. This case involved multiple enforcement agencies across multiple countries and multiple bribery schemes, rounding up fines and penalties totalling up to $1.1 billion, with $700M for FCPA violations, and $441M for price and market manipulation. Glencore had a culture that was committed to profit at any cost, and the company paid over $100M to third parties knowing that some of the money would be used to bribe officials in various countries.
The Oracle case involving bribery and corruption involving gifts, travel, and entertainment should serve as a reminder to companies to review their gift, travel, and entertainment policies and ensure they are aware of how their business officials are spending their travel, per diem, and entertainment money.
Avoid hiring third-parties recommended by or at the direction of a state-owned official or executive.
The Lisa Monaco memorandum emphasizes the need for effective compliance programs and the benefits of voluntary disclosure, full cooperation, and timely and appropriate remediation.
KEY QUOTE
“Internal controls are not simply due diligence, distributors, et cetera. It goes down to your payments, schemes and how you pay your vendors should all be a part of your internal controls.” - Tom Fox
DOJ Adopts New Whistleblower Bounty Program and Encourages Voluntary Self-Disclosure
00:12:27
In a recent speech on March 7, 2024, Deputy Attorney General Monaco announced that, in the next 90 days, DOJ would implement a new whistleblower program to reward reporting of criminal misconduct at public and private companies. In particular, DOJ will encourage reporting of potential violations of the Foreign Corrupt Practices Act ("FCPA") and the recently enacted Foreign Extortion Prevention Act ("FEPA"). AAG Monaco noted that DOJ will be particularly interested in "foreign corruption cases" involving "non-issuers and violations of the recently enacted FEPA," along with criminal abuses of the United States financial system and domestic corruption cases.
DAG Monaco also reiterated the importance of voluntary self-disclosures. DOJ employs a "mix of carrots and sticks" to incentivize companies to build stronger compliance programs that proactively mitigate risks and disclose misconduct to DOJ when appropriate. DAG Monaco underscored the fact that a corporate resolution "will always be more favorable with voluntary self-disclosure."
In this episode, Michael Volkov discusses DOJ's new initiatives on whistleblowing and encouraging voluntary self-disclosures.
DOJ's planned whistleblower program will significantly impact individual incentives to report financial misconduct and corporate decisions regarding voluntary self-disclosures.
The program's focus extends beyond FCPA violations, encompassing other significant financial abuse schemes and potential reporting against non-issuer companies.
Global companies are facing unprecedented risks and challenges in today's economy, leading them to prioritize robust ethics and compliance programs to promote positive corporate citizenship.
The SEC whistleblower program has been successful, resulting in serious prosecutions and the derailment of fraudulent schemes. However, only around 10% of reports involve FCPA anti-bribery allegations.
The Department of Justice recently announced its plan to create a whistleblower bounty program, which would fill gaps in existing programs and coordinate with voluntary self-disclosure policies.
DOJ's whistleblower program will reward reporting of criminal misconduct at both public and private companies, encouraging reporting of potential violations of the FCPA and the Foreign Extortion Prevention Act.
Companies are urged to disclose misconduct to earn valuable benefits, and the DOJ emphasizes the benefits of voluntary self-disclosure and cooperation to mitigate risks and maximize financial performance.
Halyna Senyk, from the CEELI on Anti-Corruption Progress in Ukraine
00:31:29
Is the progress itself enough to consider the battle won? Are the ongoing scandals casting a shadow over the hard work against corruption? Despite challenges (such as limited resources due to the ongoing war) and recent scandals (such as overpriced eggs for the military), Ukraine maintains multiple institutions committed to transparency and integrity, crucially supported by international partnerships aimed at enhancing its anti-corruption infrastructure.
Listen to this conversation between Michael Volkov and Halyna Senyk in which they focus on Ukraine's anti-corruption efforts amidst the backdrop of its ongoing war with Russia. Halyna Senyk, an expert from the CEELI Institute, details Ukraine's progress since 2014, highlighting the establishment of key anti-corruption agencies and reforms and how, over 10 years, it moved from 144 to 104 place in the Transparency International Corruption Perception Index.
You can listen to how, despite these advancements, Senyk acknowledges persistent challenges, including recent setbacks and scandals that have tested the country's resolve.
You’ll hear them discuss:
Historically pervasive and deeply rooted corruption at various levels of government and the reality of society that remains a critical challenge. Despite reforms and the establishment of anti-corruption agencies, the implementation and effectiveness of these measures are often undermined by systemic issues.
The conflict with Russia that started in 2014 leading to military, economic, and social destabilization. This conflict has strained Ukraine's resources and governance capabilities, posing obstacles to effective governance and reform efforts.
The volatile political landscape in Ukraine is characterized by frequent changes in leadership and political alliances that hamper consistent policy implementation and reform progress.
The ongoing conflict and systemic corruption and how they contribute to economic challenges, including reduced investor confidence, economic uncertainty, and financial strain on public institutions.
Ukraine's geopolitical position and how relations with neighboring countries and international allies, particularly with regard to Russia and the European Union, influence its ability to implement reforms and receive international support effectively.
Matt Stankiewicz on the Groundbreaking Binance Criminal Settlement for $4.3 Billion
00:32:28
What is the cost of ignoring compliance? For the world’s largest cryptocurrency exchange, it’s $4.3 billion dollars. In this episode of Corruption, Crime and Compliance, Michael Volkov and his guest, Matt Stankiewicz, delve into one of the most significant financial crime prosecutions in the history of the Justice Department: Binance Holdings. Under the direction of its CEO, Changpeng Zhao, Binance blatantly disregarded compliance, had no AML programs, and willfully put growth over regulations. Now, they must pay out a settlement split among various agencies, including the DOJ, OFAC, FinCEN, and CFTC. In addition to the settlement, Binance has destroyed their reputation at a time when customers are demanding companies they can trust.
Matt Stankiewicz is a compliance consultant, and currently a partner at The Volkov Law Group, specializing in anti-bribery, corruptions controls, and compliance programs. He previously served as a member of the Ethics and Compliance Monitoring Team, appointed by the DOJ and EPA, and his casework has included global audits of Fortune 100 companies, sanction violations investigations, risk-assessment for third party distributors, and much more.
You’ll hear Michael and Matt discuss:
Cryptocurrency companies allow customers to exchange government-backed currency for cryptocurrency, such as Bitcoin. Several major crypto companies, including FTX, Celsius, and BlockFi, have faced bankruptcy and legal issues due to non-compliance and shady practices, resulting in customers losing money.
Binance, the world's largest cryptocurrency exchange, recently settled with multiple agencies in the Justice Department for over $4 billion, with penalties split between forfeiture and criminal fines.
As part of the agreement, Binance’s main exchange is barred from operating in the US market, which accounts for a third of their revenue, and they also face increased scrutiny by two separate compliance monitors over the next several years.
Their circumvention of laws and regulations include violations of the Bank Secrecy Act, failure to register as a money transmitting business, and multiple sanctions transgressions.
Binance's founder and CEO, Changpeng Zhao (CZ), pled guilty to his own set of similar charges, including a failure to maintain an effective AML program, and is facing a multi-million penalty and a potential prison sentence of up to 18 months.
Binance was established in China, but regularly moved their headquarters from country to country to avoid regulations. Their lack of compliance was driven from the top, with senior leadership actively prioritizing growth over compliance.
Binance created its US-based exchange as “window dressing” to avoid regulations, and the customer service department assisted its customers in circumventing its own compliance controls, like using a VPN to get past IP blocking technology.
Though Binance is large enough to continue operating despite the fines, this settlement has sent a strong message to the crypto industry about the importance of reputation, compliance, and customer trust.
The cryptocurrency industry is currently lacking a “culture of compliance,” but it has reached an inflection point where lawlessness and shady practices are no longer acceptable. In addition to regulators cracking down on them, customers are also applying pressure for these companies to reform.
The use of blockchain technology in the crypto industry provides unique tools for transaction monitoring and tracking funds, which can help ensure compliance with AML regulations and detect suspicious activities.
Rogue countries like North Korea are experts in leveraging cryptocurrency in a way that threatens US National Security, so the DOJ must become more adept in investigating and taking action against those that violate US law.
As companies rapidly adopt artificial intelligence (AI), it becomes paramount to have robust governance frameworks in place. Not only can AI bring about vast business benefits, but it also carries significant risks—such as spreading disinformation, racial discrimination, and potential privacy invasions. In this episode of Corruption, Crime and Compliance, Michael Volkov dives deep into the urgent need for corporate boards to monitor, address, and incorporate AI into their compliance programs, and the many facets that this entails.
You’ll hear Michael talk about:
AI is spreading like wildfire across industries, and with it comes a whole new set of risks. Many boards don’t fully understand these risks. It's important to make sure that boards are educated about the potential and pitfalls of AI, and that they actively oversee the risks. This includes understanding their obligations under Caremark, which requires them to exercise diligent oversight and monitoring.
AI is a tantalizing prospect for businesses: faster, more accurate processes that can revolutionize operations. But with great power comes great responsibility. AI also comes with risks, like disinformation, bias, privacy invasion, and even mass layoffs. It's a delicate balancing act that businesses need to get right.
Companies can't just use AI, they have to be ready for it. That means adjusting their compliance policies and procedures to their specific AI risk profile, actively identifying and assessing those risks, and staying up-to-date on potential regulatory changes related to AI. As AI grows, the need for strong risk mitigation strategies before implementation becomes even more important.
The Caremark framework requires corporate boards to ensure that their companies comply with AI regulations. Recent cases, such as the Boeing safety oversight, demonstrate the severity of the consequences when boards fail to fulfill their responsibilities. As a result, boards must be proactive: ensure that board members have the technical expertise necessary, brief them on AI deployments, designate senior executives to be responsible for AI compliance, and ensure that there are clear channels for individuals to report issues.
KEY QUOTES
“Board members usually ask the Chief Information Security Officer or whoever is responsible for technology [at board meetings], ‘Are we doing okay?’ They don't want to hear or get into all of the details, and then they move on. That model has got to change.”
“In this uncertain environment, stakeholders are quickly discovering the real and significant risks generated by artificial intelligence, and companies have to develop risk mitigation strategies before implementing artificial intelligence tools and solutions.”
“Board members should be briefed on existing and planned artificial intelligence deployments to support the company's business and or support functions. In other words, they've got to be notified, brought along that this is going to be a new tool that we're using, ‘Here are the risks, here are the mitigation techniques.’”
The New FCPA": Sanctions and Export Control Enforcement and Compliance
00:21:54
Unprecedented changes are imminent in sanctions and export control enforcement, as the U.S. government amplifies its focus on national security and corporate compliance. On this episode of Corruption, Crime and Compliance, Michael Volkov discusses the potential consequences of these developments. He dissects the “new FCPA”, the Department of Justice’s (DOJ) strategic approach, the critical role of sanctions and export control enforcement, and the intricacies of voluntary disclosure programs.
You’ll hear Michael talk about:
A significant shift is occurring in the DOJ's enforcement focus, with 75% of criminal cases against corporations now related to national security matters, including sanctions enforcement, money laundering, and terrorism.
The DOJ will collaborate with OFAC and BIS in a similar manner to the relationship between the DOJ and the SEC during FCPA enforcement.
Corporate resolutions are set to increase drastically, with steep penalties, deferred prosecution agreements, guilty pleas, and a surge in individual prosecutions. Heightened compliance expectations around export controls and sanctions compliance will necessitate a ramp-up of relevant compliance programs.
The enforcement actions will serve as guidance, similar to the initial stages of FCPA enforcement, providing cues about the DOJ's view on compliance and their expectations from compliance programs.
The DOJ plans to ramp up enforcement against global banks, investing heavily in the Bank Integrity Unit which is part of the anti money laundering operations for global banks, and sanctions enforcement.
The DOJ has forewarned corporations about the enforcement emphasis on sanctions and export controls. DOJ has ongoing investigations in various sectors including transportation, fintech, banking, defense, and agriculture.
Voluntary disclosure programs, such as those from OFAC and the National Security Division, play a significant role in mitigating enforcement actions. However, choosing between OFAC and DOJ disclosure can present a nuanced dilemma for corporations, hinging on whether a violation is willful. The number of voluntary disclosures involving both is expected to increase as corporate enforcement actions rise.
The case against British American Tobacco by DOJ and OFAC for illegal sales of cigarettes to North Korea, resulted in a combined penalty of $629M. This is a significant instance of enforcement action against a non-financial institution.
The Bureau of Industry and Security (BIS) and the Department of Commerce brought a case against Seagate Technology, resulting in a $300 million settlement. The DOJ seems to be investigating this matter further due to Seagate's blatant violations.
A case against Murad, a cosmetics company, was brought by OFAC for Iran sanctions violations worth approximately $11 million. Murad ended up paying a $3.3M fine. Murad's actions highlight the importance of sanctions compliance guidance and the significance of due diligence, especially during acquisition processes.
OFAC's enforcement action against Murad also emphasized the importance of having a local compliance structure when a foreign parent company is involved.
OFAC also stressed on the importance of pre- and post- acquisition due diligence and audits when acquiring companies. The failure to perform such activities may lead to unidentified sanctions issues, as illustrated in the Murad-Unilever case.
We may see larger fines against non-financial institutions in the near future, surpassing the current record of $508 million, indicating an uptick in enforcement actions.
KEY QUOTE:
"OFAC announced a separate civil settlement for $508M, which is the largest fine against a non-financial institution in OFAC's history. And that's what we're going to be seeing. Largest fines against the non-financial institution will eclipse $508M probably in the next couple of years." - Michael Volkov
This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.
Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing’s recent plea agreement and what it means for corporate compliance and accountability.
You’ll hear him talk about:
Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.
DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.
Victims’ Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasance
Compliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.
Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.
Ongoing Challenges: Boeing’s anti-fraud measures still have gaps, with broader implications for industries where safety is critical.
Susan Divers on LRN's 2023 Compliance Program Effectiveness Report
00:26:38
Is your company's compliance program truly effective, or is it just ticking boxes? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives deep into LRN's PEI survey with Susan Divers. Susan sheds light on the global nature of ethics and compliance programs, challenging the misconception that they are solely US-centric. They discuss the power of values, the shift from a cop to a coach approach, and the revolutionary trends in employee-centric training, especially in the age of remote work.
Susan Divers is the Director of Thought, Leadership, and Best Practices at LRN. She has a wealth of experience as a former Chief Compliance Officer, and her emphasis on values over rules in compliance programs has made her a trailblazer in the industry.
You’ll hear Michael and Susan discuss:
The LRN PEI survey challenges the perception that ethics and compliance are US-centric; many programs worldwide share common features such as codes of conduct, training policies, and audits.
Examining a decade of data, the report delves into how ethics and compliance programs responded to the disruptions caused by the pandemic.
LRN's data reinforces the idea that ethics and compliance programs relying on values and ethical cultures are more effective than those solely based on rules. Shifting from a cop approach to a coach approach enhances program effectiveness.
Ethical companies experience lower employee misconduct rates, higher employee satisfaction and productivity, and achieve greater sustainable financial performance.
The pandemic prompted a shift in focus from content-driven training to employee-centric, relevant, and mobile-friendly modules. Shorter modules, just-in-time training, and tailored approaches are emerging as best practices.
Ensuring accessibility through web-based policies and procedures, coupled with interactive capabilities and data analytics, becomes crucial in bridging the gap between remote workers and compliance initiatives.
Gathering data on employee interactions provides insights into the effectiveness of compliance programs. Metrics such as completion times, pass rates, and group performance allow for targeted efforts to enhance the program's impact.
Michael emphasizes the challenge for compliance officers in handling the plethora of available data. Choosing the right metrics, setting standards, and ensuring the usability of metrics over time are crucial considerations.
The report highlights that high-performing ethics and compliance programs are integral to the decision-making processes of companies. 70% of respondents reported modifying or abandoning a business initiative due to an ethics and compliance risk assessment.
Susan introduces the concept of embedding a short Ethical Culture survey at the end of training courses. This real-time survey, known as the Ethical Pulse Culture survey, serves as a powerful tool to gauge and improve the ethical culture within organizations.
The Ethical Pulse Culture survey becomes a game-changer, operationalizing compliance by offering a moving average of data insights. This survey, incorporated into scorecards, provides business managers with valuable insights into their business unit's ethical culture over time.
LRN's Latest Report Underscores Importance of Ethical Culture and Values-Based Leadership
00:13:11
LRN continues to set the standard for ethics and compliance program research. Volkov Law is a supporter of, and advocate for, LRN’s research because it has consistently confirmed what we all know and believe - ethical companies perform better in the marketplace over the long run. It is an intuitive fact that employees respond better to values-based leadership than a rules-based environment and culture. Volkov Law is committed to that mission with our clients, colleagues, partners, and thought leadership.
LRN's 2024 Program Effectiveness Report highlights the importance of corporate values, culture, and accountability in mitigating risks and maximizing financial performance.
The report is based on a survey of over 1,400 ethics and compliance professionals from 19 countries and 26 industries.
60% of organizations now incorporate ethical behavior into performance management, hiring decisions, promotions, and bonuses to elevate ethical conduct incentives.
Top priorities for 2024 include training content, measuring ethical culture, improving web-based compliance resources, internal controls, and audit and compliance monitoring plans.
Companies are adapting compliance programs to include remote and hybrid employees post-COVID-19, reflecting changing workplace needs.
Senior management engagement in risk mitigation controls and company values is crucial, with 52% of respondents confirming actions over words in fulfilling ethics and compliance responsibilities.
Nearly two-thirds of respondents stated their boards actively address misconduct by senior executives or excellent performers, relying on values to ensure ethical behavior.
Joint Compliance Notice on Sanctions Evasion Issued by Justice, Treasury and Commerce Departments
00:14:31
In this insightful solo episode of Crime, Corruption, and Compliance, host Michael Volkov delves into the details of the first-of-its-kind Joint Compliance Note (JCN) regarding the evasion of Russia sanctions and export controls. This noteworthy document has been jointly issued by the United States Justice Department, the Department of Commerce, and the Treasury Department, highlighting its significance in the world of compliance.
Throughout the episode, Michael explores the critical red flag lists, government expectations, and alerts to common high-risk scenarios provided by the JCN, emphasizing the crucial role it plays in guiding organizations through potential compliance challenges. With the U.S. Russia Sanctions and Export Control Program being unprecedented in its scope and complexity, Michael sheds light on the challenges faced by trade compliance officers and the steps organizations can take to mitigate risks.
Key ideas you’ll hear in this episode:
The JCN is an essential resource for compliance professionals, detailing red flags and tactics used by organizations and individuals to evade applicable sanctions and export controls.
The joint issuance of this document by DOJ, OFAC, and BIS highlights the importance placed on organizations to implement and maintain risk-based compliance programs.
Third-party intermediaries and transshipment points are often exploited to disguise the involvement of specially designated nationals (SDNs) or parties on the BIS entity list in transactions, obscuring the true identities of end-users.
The JCN provides an invaluable list of red flags to watch for if a company suspects that a customer is using a third party to evade sanctions or export controls, with real-world examples for context. Some of the red flags to watch out for include:
Use of corporate vehicles, such as shell companies, to obscure ownership, source of funds, or countries involved.
A customer's reluctance to share information about the end use of a product.
Use of shell companies for international wire transfers.
Declining customary installation, training, or maintenance services.
Mismatched IP addresses that do not correspond to a customer's reported location data.
Last-minute changes to shipping instructions contrary to customer history or business practices.
Payments coming from a third-party country or business not listed on the end-user statement.
Use of personal email accounts instead of company email addresses.
Operation of complex and/or international businesses using residential addresses or addresses common to multiple closely held corporate entities.
Changes to standard letters of engagement that obscure the ultimate customer.
Transactions involving a change in shipments or payments previously scheduled for Russia or Belarus.
Transactions involving entities with little or no web presence.
Routing purchases through certain transshipment points commonly used to illegally redirect restricted items to Russia or Belarus.
In the face of potential violations, companies are encouraged to utilize voluntary disclosure programs maintained by DOJ, OFAC, and BIS.
Compliance and trade compliance professionals should review the JCN thoroughly to ensure overall trade compliance and be ready to conduct additional due diligence when confronted with any red flags.
KEY QUOTES:
"When multiple red flags come up, organizations are expected to screen the entities and persons involved and then conduct additional risk-based due diligence on customers, intermediaries, and counterparties." - Michael Volkov
"In other words, not only do you need to screen, but they're going to require you, and they're going to second guess you on the issue of whether you should have done additional due diligence. And that's important." - Michael Volkov
Interview of Mary Shirley on Her New Book -- Living Your Best Compliance Life
00:30:55
CEOs play a pivotal role in shaping an organization's commitment to ethical practices. Involving CEOs in compliance training, having them share their experiences, and demonstrating a personal commitment to compliance initiatives sets a strong tone from the top. This engagement fosters a culture of ethics and compliance throughout the organization, reinforcing the importance of ethical conduct at all levels.
Mary Shirley is a highly regarded authority in the field of ethics, compliance, and corporate governance. She is widely recognized for her expertise in helping organizations navigate the complex landscape of compliance, mitigate risks, and promote ethical practices. With a wealth of experience and insights, Mary Shirley has become a sought-after thought leader, speaker, and author. Her book, Living Your Best Compliance Life: 65 Hacks and Cheat Codes to Level Up Your Ethics and Compliance Program, has earned acclaim for bridging gaps in existing literature on compliance programs.
You’ll hear Michael and Mary discuss:
Organizations can promote ethics and compliance by recognizing and rewarding individuals or teams who exhibit ethical behaviors. This creates a positive atmosphere throughout the company, as employees are more likely to behave ethically if they see that it is valued and rewarded. Additionally, recognizing and rewarding ethical behavior can help to set a good example for other employees and encourage them to behave ethically as well.
Engaging leaders from different regions and departments in compliance training programs ensures diverse perspectives and reinforces the importance of compliance at all levels. Leaders from different regions and departments will have different experiences and understanding of compliance issues. By engaging them in training programs, organizations can gain a more holistic view of compliance risks and how to mitigate them.
Practical solutions and problem-solving are essential for compliance initiatives. For example, shortening documentation requirements or providing training for HR on investigation best practices can be effective solutions. These solutions can help to reduce the burden of compliance on employees and make it easier for businesses to comply with regulations.
One of the critical elements Mary discusses is the significance of building strong relationships within the company. Collaboration and idea implementation are key to success in the compliance world.
Collaboration between legal, compliance, and HR teams, along with training for HR on investigation best practices, helps streamline compliance efforts.
CEOs play a critical role in setting the tone for compliance within an organization. They are the ones who set the example for their employees, and their actions and words can have a significant impact on whether or not employees comply with regulations. When CEOs are involved in compliance training, it demonstrates that they are committed to ethical practices and that they take compliance seriously.
Mary recommends forming task forces to validate compliance ideas at an early stage, fostering a culture of innovation and problem-solving.
Encouraging employees to share personal anecdotes related to compliance principles humanizes the process and fosters a culture of ethical work. When employees feel like they can share their own experiences with compliance, it helps them to understand the principles on a deeper level. It also helps to create a sense of community and belonging, as employees see that they are not alone in their commitment to ethical behavior.
KEY QUOTE
“One of the things that I learned way later that I wish I had was that when you involve people in the conceptualizing aspect [of] building a compliance initiative… and they feel [like they are] part of it… you’re in a much better position to get buy-in when you [implement].” - Mary Shirley
NAVEX's 2024 Whistleblower Report -- More Reports, Higher Substantiation Rates
00:11:28
NAVEX continues to produce high-quality compliance reports, many of which are a must-read in the compliance industry. Its annual Whistleblower Report is of particular note -- NAVEX is the leading provider of hotline services in the world, and its data is invaluable as a source of trends in this industry. This year --2024 -- is no exception. NAVEX combed through the data from 3784 organizations for 2023. Its headline conclusion -- 2023 was a busy year, with a record level of use and the substantiation rate reaching an eleven-year high. More reports came in, and more were found to be true.
Listen in as Michael discusses the findings of these reports and why the increase is a good sign, not a bad sign. It means that employees trust their respective hotline reporting systems to produce results.
NAVX's 2024 Whistleblower Report revealed a record level of use and an 11-year high substantiation rate, indicating increased trust in employee reporting systems.
Accounting-related reports, comprising approximately 4.3% of all reports in 2023, had a significant impact. With a median substantiation rate of 50%, these reports often led to employment separation events, underscoring the seriousness of the issues raised.
Third-party reports were more likely to focus on business integrity and financial misconduct issues, accounting for 50% of reports compared to employees' 17%.
Reports of imminent threats had a high substantiation rate in 2023, with nearly 9 out of 10 reports proven to be substantiated, highlighting the seriousness of such issues.
Workplace civility complaints increased to 18% of reported cases, reflecting a growing concern within organizations about maintaining a respectful work environment and culture.
HR issues, a significant portion of all reports in 2023, accounted for 55% of the total. This underscores the importance of addressing internal workplace issues, such as workplace discord, discrimination, harassment, and retaliation, to maintain a healthy and productive work environment.
Clear Channel's extensive cooperation with the investigation, prompt sharing of facts, document production, and employee interviews demonstrated a commitment to transparency and accountability in addressing compliance issues.
How to Conduct an Internal Compliance Site Visit and Review
00:15:50
How can companies ensure that their compliance programs are robust enough to handle today’s complex ethical challenges? In this episode, Michael Volkov dives into the critical components of conducting an internal compliance site visit and review. He highlights the significance of these visits in understanding operational risks and compliance culture. With real-world examples, Michael emphasizes the need for a proactive approach to compliance, ensuring that organizations are not only following regulations but also fostering an ethical environment.
Listen in as Michael talks about:
Conducting personal interviews with key staff to assess the compliance culture and operational challenges.
Reviewing and testing transactions across various vendor categories to ensure compliance with protocols.
Evaluating the effectiveness of training programs and employee understanding of ethical standards and compliance awareness.
Verifying compliance with internal policies and conduct due diligence on charitable contributions.
Assessing the compliance processes surrounding sponsorships and their alignment with company policies.
Implementing thorough due diligence practices for third-party vendors to mitigate risks.
Reviewing employee expense reports to ensure proper documentation and compliance with gift, meals, entertainment, and hospitality policies.
Trump Administration Hits Pause on FCPA Enforcement
00:17:23
What happens when an entire era of anti-corruption enforcement is put on pause? Is this a strategic move to bolster American businesses or a dangerous rollback of corporate accountability? In an unprecedented move, the Trump administration has hit the brakes on FCPA enforcement for at least 180 days, citing concerns over U.S. economic competitiveness and national security. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the implications of this game-changing executive order. The executive order claims that FCPA enforcement has been stretched beyond its original intent, harming American businesses while benefiting foreign competitors. With the Department of Justice now ordered to reassess its approach to anti-bribery enforcement, the business and legal communities are left wondering—what happens next? Will companies adjust their compliance strategies, or will global enforcement trends keep them in check?
You'll hear him discuss:
The Trump administration’s rationale for halting FCPA enforcement and why the decision was both surprising and expected
The executive order’s directive to the Attorney General to reassess FCPA investigations and enforcement priorities
The shift in DOJ focus from corporate bribery cases to prosecuting cartels and transnational criminal organizations
The potential impact on global anti-corruption efforts, as countries like the UK, France, and Brazil continue enforcing their own bribery laws
The uncertainty surrounding DOJ’s forthcoming guidance and what companies should anticipate in the next 180 days
The broader implications for corporate compliance programs, risk assessments, and international business strategy
The historical context of past efforts to reform the FCPA and why similar arguments were made over a decade ago
The potential for companies to seek remedial measures for past FCPA enforcement actions and the challenges in implementing such a policy
How this shift in enforcement priorities may affect corporate ethics, internal investigations, and global compliance expectations
Making a Culture of Ethics and Compliance a Reality
00:18:04
Corporate culture is the most valuable intangible asset that a company owns. In this week's episode of Corruption, Crime and Compliance, Michael Volkov discusses the importance of corporate culture for ethics and compliance programs. He emphasizes the need for business leaders to understand the significance of corporate culture on the ground level and outlines steps and tasks needed to build and maintain a positive culture.
You’ll hear Michael discuss:
Corporate culture is an embodiment of a company's values and interactions with key stakeholders. Every company has a distinct culture that defines its purpose and motivations.
Senior leadership plays a critical role in embedding the culture and enforcing the message. Managers and employees take their cues from corporate leaders.
Companies have to hold leaders accountable for wrongdoing or failure to supervise. Leaders who promote ethical cultures should be rewarded, while those who engage in misconduct should suffer discipline up to termination and recoupment of financial benefits.
Transparency and publicizing corporate rewards and discipline are crucial to building trust, increasing employee engagement, and promoting a positive culture. A company's most significant reflection of its culture is employee perception and rates of misconduct.
CCOs have to redefine their media tasks and responsibilities to reflect the emphasis on corporate culture. They have to define specific ways to measure a company's culture, regularly report on these measures, and monitor indicators of culture misconduct, reporting issues, financial concerns, and HR issues.
Monitoring, intervention, and remediation require a real-time focus and constant questioning of trends, interventions, and measurement of results.
Working collaboratively with HR, legal, and finance can bring about real culture improvements with a joint mission focused on ethics and compliance.
KEY QUOTES
"Your corporate culture, your culture of ethics and compliance is your best control. It's your most effective and most important control, and it's your most valuable intangible asset." - Michael Volkov
"A robust reporting system with active participation is a positive, not a negative, reflection of a company's culture." - Michael Volkov
"Companies that wait for a scandal to occur before acting have failed to do their job. Proactive compliance means prevention and focusing on your company's culture." - Michael Volkov
Steve Naughton on Compliance and Compliance Education Program at Loyola School of Law
00:30:43
How can we build a culture that motivates people to do the right thing? In this episode of Corruption, Crime and Compliance, Michael Volkov and guest Steve Naughton, explore crucial questions about fostering ethical cultures within companies and practical steps compliance leaders can take to transform performance. Steve shares insights from his journey, detailing the evolution of compliance leadership roles and offering a glimpse into PepsiCo's growth in this area during his tenure as Chief Compliance Officer. For those considering careers in compliance, he emphasizes that expertise in this field can be developed without a law degree.
Steve Naughton currently oversees Compliance and Enterprise Risk Management programs at Loyola University Law School. He previously served as Pepsi's Chief Compliance Officer, guiding the growth of their compliance program over 8 years. He is passionate about making sure compliance functions can work independently.
You’ll hear Michael and Steve discuss:
Steve began his career at major law firms before going in-house to manage litigation and M&A deals during pivotal moments at Quaker Oats and Snapple.
PepsiCo’s iconic GC Larry Thompson asked Steve to build a new compliance program starting with just 3 people. Over 8 years, Steve grew Pepsi’s program from 3 to over 40 employees with global reach.
Larry saw compliance as preventative and empowered Steve with independent reporting to the Board. Steve remarks, “[Larry] viewed [compliance] as much more preventative than reactionary … his take on compliance has always been, to the extent that we can prevent something or to the extent that as soon as we detect it, we'll go in and check it out instead of waiting till everything was fully investigated.”
Pepsi has been on the World's Most Ethical Companies list for 15 years in a row, showcasing its success in following ethical practices.
Pepsi has never faced serious enforcement actions, and this is attributed to turning ethical practices into a value-add for the business.
Not every company has the resources or leadership seen at Pepsi, making it challenging to bring others along in the compliance profession.
Steve emphasizes the importance of a risk-based approach in compliance and recommends developing a strategic five-year plan to address top risks progressively.
He encourages companies to be disciplined and follow a plan, citing the Department of Justice's emphasis on showing work prospectively, not retroactively, to defend actions and maintain a strategic plan.
Michael and Steve discuss the challenges of implementing change in compliance programs, emphasizing the importance of building a team and garnering support from other functions.They recommend a realistic 3 to 5 year timeframe for implementing changes.
Cultures where people feel safe speaking up are foundational to compliance. This can aid in preventing and addressing ethical lapses and compliance challenges.
Steve cites examples from Wells Fargo, Volkswagen, General Motors, and Boeing. In these organizations, where you would expect people to be skilled and ethical, employees often didn't speak up. This was because they thought their concerns wouldn't be listened to, or the culture didn't encourage open communication.
Compliance is not just about following rules; it's about changing the culture in companies. We need to think differently and work towards making a culture where doing the right thing is not just accepted but encouraged.
Steve runs a highly respected compliance curriculum at Loyola University which has prepared many future Chief Compliance Officers. However, compliance expertise doesn’t strictly require legal training.
TD Bank Agrees to Pay Over $3 Billion for Systemic Violations of Bank Secrecy Act and Money Laundering Violations
00:16:10
How does a respected financial institution turn into a criminal operation? In this episode of Corruption, Crime, and Compliance, host Michael Volkov dives into the record-breaking $3 billion settlement between TD Bank and the Department of Justice over pervasive violations of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws. Highlighting TD Bank's systemic failures, Michael explores how the bank's compliance and oversight lapses led to criminal conduct within its operations, making it a case study on the dangers of prioritizing growth over legal compliance. From failed AML programs to enabling money laundering on a massive scale, this episode sheds light on the regulatory crackdown TD Bank now faces.
Hear him discuss:
TD Bank’s $3 billion penalty sets a new high for banking compliance cases. In yet another reminder of the scope of Justice Department enforcement powers, and an important demonstration of the risks of non-compliance, the Justice Department and relevant banking agencies announced a $3 billion settlement with TD Bank companies to resolve systemic and pervasive Bank Secrecy Act ("BSA") and money laundering violations.
TD Bank’s internal culture sidelined AML compliance, leading to massive oversights, including unmonitored transactions worth $18.3 trillion from 2018 to 2024.
TD Bank enforced a “flat-cost paradigm,” restricting the compliance budget, which prevented updates and adaptations needed to meet new risk levels.
TDBUSH pleaded guilty to causing TDBNA to fail to maintain an AML program that complies with the BSA and to fail to file accurate Currency Transaction Reports ("CTRs").
Despite multiple warnings from internal audits and third-party consultants, the bank maintained its flawed AML protocols without significant action.
TD Bank earned the ignominious record: TD Bank is the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures, and the first US bank in history to plead guilty to conspiracy to commit money laundering.
With this settlement, TD Bank joins a list of high-profile compliance failures alongside companies like Wells Fargo and Wirecard, furthering the call for financial institutions to prioritize ethical compliance in their growth models.
Whatever the cause, criminal sanctions enforcement will be an interesting area in 2024. The DOJ's planned aggressive push against companies and individuals for sanctions violations is about to be unleashed. There is no question that DOJ's enforcement initiative is coming—it is just a question of when.
We have already seen several examples of what aggressive sanctions enforcement will look like -- as the new "FCPA," we can expect several standard elements:
Large Penalties -- multi hundreds of millions, even reaching billions in more egregious cases.
Reward for Voluntary Disclosures
Criminal Indictments, Deferred or Non-Prosecution Agreements
Independent Compliance Monitors
Parallel Regulatory Resolutions with OFAC, BIS, and or DDTC
Enhanced Compliance Remediation Requirements
Individual Criminal Enforcement
In this episode, Michael Volkov reviews the soon-to-arrive sanctions enforcement regime, and steps companies should take to protect against enforcement actions. Hear him discuss:
The Department of Justice (DOJ) is signaling a shift towards aggressive corporate sanctions and export control enforcement, particularly focusing on national security issues like sanctions and export controls.
Recent cases, such as the British-American Tobacco and SAP cases, serve as examples of how the DOJ's sanctions-focused enforcement strategy is likely to unfold, including potential penalties and consequences that companies may face.
Companies are facing risks from various sources in the realm of sanctions and export control enforcement, including regulatory referrals from agencies like OFAC, BIS, and DDTC, as well as international intelligence relationships and whistleblowers.
Seagate's blatant violation of Huawei export controls could be a significant indicator of the DOJ's enforcement initiative in the sanctions arena. This case demonstrates the potential consequences of willful violations and the importance of compliance with export control regulations.
Common deficiencies in sanctions compliance programs, including corporate boards' lack of understanding, failure to address third-party risks, inadequate supply chain audits, weak internal controls, and insufficient training, highlight areas where companies need to improve to ensure compliance with sanctions regulations.
Transparency, ethics, and compliance are more than just corporate buzzwords; they're foundational to building trust in today's global organizations. Consequence management systems encompass elements like transparency, robust employee reporting, protective measures for whistleblowers, and effective internal investigations. These are all essential for maintaining organizational justice, trust, and integrity. In this episode of Corruption, Crime and Compliance, Michael Volkov underscores the value of collecting and analyzing employee reports, the pivotal role of Chief Compliance Officers, and the integration of compliance compensation with consequence management.
You’ll hear Michael talk about:
Global companies now recognize the significance of robust consequence management systems, which encompass vital processes from internal investigations to disciplinary actions. A pivotal aspect of these systems is transparency, especially when designing and implementing employee reporting.
When it comes to effective employee reporting, a system is more than just a hotline; it involves tracking and addressing concerns in real-time. To foster trust, such systems must operate promptly, fairly, and consistently, ensuring that reporters are protected against obstruction and/or retaliation.
Key components of an effective reporting system include:
Clear internal communication, which ensures employees feel heard.
Foundational support, which bolsters efficiency.
Collated reports from diverse sources, which offers insights into the company's culture and potential risks.
Transparency and consistency, as sporadic disclosure can negatively influence employees' perceptions of a company's intentions.
A CCO’s commitment is reflected when issues are investigated and addressed swiftly and justly. They play a crucial role in collecting and analyzing employee reporting data, as well as educating senior management and boards on the significance of employee reports.
Companies need to establish written protocols for internal investigations to ensure that they are conducted fairly and impartially. These protocols should outline the steps that will be taken during an investigation, as well as the rights of the employees involved. The protection of employees and whistleblowers is paramount.
An internal oversight committee should be responsible for overseeing internal investigations. Regular reviews ensure that procedures are followed consistently and that there is a focus on quality. Additionally, all investigations should be properly documented and resolved in order to maintain integrity.
Compliance and consequence management systems should work together to meet the expectations of the DOJ, promoting corporate citizenship and financial success.
KEY QUOTES
“A true employee reporting system includes reports to supervisors, walk-ins to human resources, walk-ins to legal and compliance, and an automated reporting system.” - Michael Volkov
“The real question is whether the company backs up its statement through specific actions. This cannot be accomplished through words, but really only through deeds, through actions. All too often, companies get ahead of themselves. They make these broad pronouncements. They sound good, they pat each other on the back, and they don't build the essential foundations and infrastructure needed to establish an effective employee reporting system.” - Michael Volkov
“As a basic initial requirement, every company should adopt a written internal investigation protocol that is published internally, promoted internally to demonstrate a commitment to transparency, and those protocols and procedures should be followed to the T.” - Michael Volkov
Alex Cotoia on Compliance with the Uyghur Forced Labor Prevention Act
00:17:28
On December 31, 2021, President Joseph R. Biden, Jr. signed the the Uyghur Forced Labor Prevention Act (“UFLPA”) into law to address the ongoing exploitation of the ethnic minority Uyghur population by the government of the People’s Republic of China (“PRC”). Among other things, the UFLPA creates a rebuttable presumption that all goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part in Xinjiang, or by entities designated for inclusion on the UFLPA Entity List, are prohibited from entry into the United States. To overcome the presumption, entities are required to demonstrate, by “clear and convincing evidence,” that such imports were not mined, produced, or manufactured in whole or in part by forced labor.
In this episode, Mike and Alex discuss practical steps to comply with the UFLPA.
The Uyghur Forced Labor Prevention Act, enacted by Congress, establishes a presumption that goods from Xinjiang are tied to forced labor. Importers must prove otherwise by providing extensive documentation, such as invoices, packing slips, and billing information, to demonstrate the origin of the goods and ensure compliance with the law.
The UFLPA has led to a significant increase in enforcement by CBP, resulting in the detention of billions of dollars worth of commodities. This heightened scrutiny has prompted global companies to prioritize robust ethics and compliance programs to mitigate legal and economic risks associated with forced labor.
Compliance with the UFLPA requires importers of record to furnish CBP with clear and convincing evidence that their goods were not produced using forced labor. This evidence includes supply chain tracing information, wage and payment records, credible audits, and attestations from every entity involved in the production process.
Chinese entities have been known to employ deceptive practices to avoid detection and documentation requirements. This includes creating separate companies outside the Uyghur area and providing misleading information to purchasers. Due diligence and thorough investigation of beneficial ownership are crucial to ensure compliance.
CBP's operational guidance for importers, published in 2022, provides essential information on navigating the complexities of the UFLPA. Importers should familiarize themselves with this guidance and engage in one-on-one discussions with their suppliers to communicate expectations and ensure compliance.
The UFLPA places a significant burden on organizations relying on imports from China, as they must provide extensive documentation and meet the clear and convincing evidence standard. Failure to meet these requirements can result in the detention of goods, leading to supply chain disruptions and potential financial losses.
Clear Channel, the former Chinese subsidiary of Clear Media, faced charges related to bribery violations. The bribes included expensive gifts, entertainment, and travel given to influence contract renewal negotiations with Chinese government officials. Clear Media engaged in deceptive practices, including falsifying payments and creating false invoices, to fund these illegal payments.
Susan Divers on LRN's 2023 Ethics and Compliance Program Effectiveness Report
00:27:29
LRN's 2023 Ethics and Compliance Program Effectiveness Report provides valuable insights into the state of ethics and compliance programs in companies around the world, highlighting the importance of commitment, investment, and promotion of corporate ethics and compliance, especially during times of economic and geopolitical turbulence. Michael Volkov welcomes Susan Divers of LRN to discuss the implications of recent court decisions and DOJ regulations on corporate compliance programs. She also explores how these developments have increased the responsibility of senior management and boards, as well as the importance of data collection and analysis in order to ensure that a company is effectively managing its risks.
Susan Divers is a well-known lawyer and expert in the field of ethics and compliance. She currently serves as the Director of Thought Leadership at LRN, a leading ethics and compliance training and advisory firm. Prior to joining LRN, she was the Senior Advisor for Global Compliance at Baker Hughes, a GE Company. She has also worked as an Assistant Chief Counsel in the Division of Enforcement at the U.S. Securities and Exchange Commission, and as a litigator at several major law firms. Susan has extensive experience in designing and implementing effective ethics and compliance programs for organizations of all sizes and industries. She is a frequent speaker and author on topics related to ethics and compliance, and is widely respected as a thought leader in the field.
Key ideas you’ll hear Michael and Susan discuss:
Strengthening ethical culture during the pandemic. According to LRN, 82% of respondents reported that their ethical cultures had strengthened as a result of the challenges faced during the pandemic. This is the third year in a row that the survey has asked this question and received positive responses, indicating that the trend is not a fluke.
Values-based leadership. The report highlights the importance of values-based leadership and programs in meeting challenges effectively. Almost the same percentage of respondents reported that their companies operated based on values as opposed to a rules-based compliance program, emphasizing the critical role a company's values play in shaping its ethics and compliance culture.
Trade compliance. Trade compliance is an area of concern, with only 25% of respondents enhancing their trade control compliance and training. Due to increased export and sanctions regulations, this area poses a significant risk, especially in light of the Russia sanctions.
Inadequate internal systems, staff shortages, budget constraints, and employee disengagement are common challenges faced by ethics and compliance professionals.
The importance of data analytics. As the report points out, data analytics is essential for measuring ethics and compliance programs' effectiveness and addressing areas of concern. Data analytics can provide insights on how a program is actually doing today, not yesterday, and can point towards hotspot thoughts that need to be addressed. A good internal system is necessary for good data analytics.
The importance of investing in appropriate training and risk controls to stay up-to-date with the latest regulations. The regulatory environment is constantly evolving, and new risks are emerging all the time. Investing in appropriate training and risk controls enables organizations to identify and mitigate risks proactively, reducing the likelihood of a compliance breach or other negative event.
KEY QUOTE
"If you don't have a good internal system, you're not going to be able to get good data analytics which tell you how your program is actually doing today, not yesterday, and which point towards hot spots or areas of concern that you really need to address." - Susan Divers
Nicolas Garcia, GC at Orica, on Compliance Trends and Challenges in Latin America
00:32:24
How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.
Listen in as Nicolas and Michael discuss:
The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.
Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela’s decline.
Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.
Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.
Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system’s integrity.
Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.
Five Steps to Enhance Your Sanctions Compliance Program
00:16:53
Is your business prepared to effectively manage and mitigate the risks associated with sanctions compliance in today's global economic landscape? In today's increasingly interconnected global economy, sanctions compliance is more critical than ever. Companies around the world face complex regulatory environments and unprecedented risks, requiring a comprehensive and proactive approach to sanctions compliance. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the pressing need to elevate corporate sanctions compliance programs, as well as the renewed focus on enforcement by the Department of Justice, and the practical steps every company must take to meet these evolving challenges head-on.
You’ll hear Michael talk about:
Companies must enhance their sanctions compliance programs. Basic programs that simply rely on screening tools are no longer sufficient. Companies need to incorporate comprehensive measures to ensure compliance with evolving sanctions laws.
The Department of Justice (DOJ) has escalated the enforcement of national security crimes, demonstrating a renewed focus on sanctions compliance. This shift necessitates a proactive response from companies to mitigate potential risks.
The OFAC has outlined five crucial elements for an effective sanctions compliance program: management commitment, risk assessment, internal controls, testing and audit, and training. Companies should familiarize themselves with these elements and incorporate them into their existing compliance programs.
Risk assessment is a crucial first step in compliance. Companies must review their operations holistically, assessing all touchpoints with international markets to identify potential vulnerabilities and risks.
Geoblocking technology is a valuable tool in sanctions compliance. Working with IT departments to develop comprehensive geoblocking capabilities can help prevent interactions with prohibited individuals or entities.
Thorough screening and due diligence processes are imperative, moving beyond just the results of screening tools. This ensures that companies identify and mitigate potential risks associated with sanctioned entities or countries.
Companies must implement effective escalation controls to ensure that any red flags identified through screening or due diligence are properly addressed and resolved.
End-user verifications and documentation are critical components of a robust sanctions compliance program. These procedures help ensure that the company's products or services are not being used by sanctioned entities.
Annual training for employees and personnel is essential. Tailoring this training to the company's specific risk profile ensures that all staff understand their responsibilities and the potential risks associated with non-compliance.
KEY QUOTES:
"Your company's survival may depend on your ability to navigate sanctions compliance in an increasingly complex global economy." - Michael Volkov
"It's not just about checking boxes. We have to understand our touchpoints to the international markets and assess the potential risks. That's the foundation of an effective compliance program." - Michael Volkov
"Training isn't a one-and-done task. It's an ongoing commitment to ensure our personnel understand and can navigate the complex world of sanctions compliance." - Michael Volkov
British American Tobacco's $629 Settlement for Violation of North Korean Sanctions
00:14:46
British American Tobacco (BAT) recently settled for $629 million for violating North Korea sanctions. This sends a clear message from the Department of Justice that enforcement against companies is the new FCPA. The settlement resulted from BAT's continued control of a joint venture in North Korea through a third-party company and its subsidiary's willful conspiracy to transfer hundreds of millions of dollars through US banks, which were aware that the transfers were blocked by US sanctions. In this week's episode of Corruption, Crime and Compliance, Michael Volkov delves into the facts of this important enforcement action and discusses the elaborate use of front companies and attempts to disguise North Korean connections, confirming the DOJ's new aggressive approach to sanctions and export enforcement.
You’ll hear Michael discuss:
Compliance professionals should review the BAT scheme for its elaborate use of front companies and attempts to disguise North Korean connections.
BAT controlled a joint venture in North Korea through a third-party company. Its subsidiary willfully conspired to transfer hundreds of millions of dollars through US banks while being aware that the transfers were blocked by US sanctions. This resulted in a $629 million settlement.
OFAC imposed a $508 million penalty against BAT, the largest fine against a non-financial institution in OFAC's history. This is equal to the statutory maximum that they would have been allowed to collect.
Cigarette trafficking generates significant revenue for North Korea's WMD program. Smuggled tobacco products generate a profit of 1900%.
Senior management needs to drive a culture of compliance and put relevant policies and controls in place to reduce the risk of engaging in violative conduct.
BAT's senior management decisions to approve or support arrangements that obscure dealings with sanctioned countries and parties were reflected throughout the organization, compounding sanctions risks and increasing the likelihood of committing potential violations.
KEY QUOTES:
"British American Tobacco's deceit and elevation of business over compliance permeates this blockbuster settlement for $629,000,000. The BAT settlement really confirms DOJ's new, aggressive approach to sanctions and export enforcement." - Mike Volkov
"Cigarette trafficking generates significant revenue for North Korea's WMD program. In addition, counterfeit cigarettes are a major source of income to the North Korean regime, since smuggled tobacco products generate revenue of up to $20 for every dollar spent in cost." - Mike Volkov
"OFAC noted that this enforcement matter demonstrates that without a culture of compliance driven by senior management and attendant policies and controls, firms increase the risk that they may engage in apparently violative conduct." - Mike Volkov
Natalie Druckman from Certa on AI-Enhanced Third-Party Risk Management
00:31:04
How do you manage risk when the vulnerabilities are outside your organization’t in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckmann, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.
Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers’ credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities.
Unlike the US, EU companies don’t benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG’s importance is on par with cyber security.
Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.
AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.
Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don’t need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.
Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.
Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.
Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.
KEY QUOTE
“I think there is a very strong drive here for companies and stakeholders, not just to do the right thing… but doing the good thing as well.” - Natalie Druckman
Matt Stankiewicz on the Bittrex OFAC and FinCEN Enforcement Action
00:29:30
In this episode, cryptocurrency expert Matt Stankiewicz discusses why sanctions and AML compliance need to be taken seriously in the cryptocurrency industry.
Matt Stankiewicz, a Partner at Volkov Law, is a leading industry expert on cryptocurrency. Bittrex, a leading cryptocurrency exchange, suffered twin enforcement actions for AML and Sanctions Compliance deficiencies. Matt takes a deep dive on the enforcement actions and outlines practical compliance steps that every cryptocurrency exchange should implement.
Join us as we discuss:
The enforcement action on Bittrex led by OFAC and FinCEN
Why compliance risks are increasing in the cryptocurrency industry
Practical steps that all cryptocurrency exchanges should implement
On the heels of the Gunvor FCPA settlement for $661 million, DOJ announced its settlement with Trafigura, the latest commodities trading company to fall under DOJ's FCPA Sweep against the industry. Trafigura joined the list of international commodity trading companies to suffer FCPA enforcement actions like Vitol, Sargeant Marine, Glencore, Freepoint, and Gunvor.
DOJ's corporate resolutions are connected to individual prosecutions and guilty pleas of 19 individuals, including six government officials, eight corrupt intermediaries, and five trading companies.
Trafigura Beheer B.V. ("Trafigura"), based in Switzerland, plead guilty and agreed to pay $126 million as part of a plea agreement to resolve FCPA violations in Brazil. Trafigura pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA and agreed to pay a fine of over $80 million and forfeiture of $46 million. DOJ agreed to credit up to $26 million of the fine against the amounts Trafigura pays to resolve an ongoing Brazil investigation.
Trafigura, a global commodity trading company, pled guilty and agreed to pay $126 million to resolve FCPA violations in Brazil, involving a corrupt scheme to pay bribes to Brazilian officials to secure business with Petrobras.
DOJ cited Trafigura's cooperation and acceptance of responsibility, including providing timely updates, facilitating employee interviews, and producing relevant documents, but criticized their failure to preserve and produce certain evidence in a timely manner.
Trafigura's bribery scheme involved paying bribes to Petrobras officials from 2003 to 2014 to obtain and retain business, with payments ranging from 5 to 20 cents per barrel for oil transactions.
The bribery payments were facilitated through offshore bank accounts, U.S. banks, and coded language in emails, with Trafigura entities earning approximately $51 million in profits from the scheme.
DOJ's successful sweep of the commodities trading industry resulted in six corporate resolutions and 20 individual convictions, totaling over $1.7 billion in penalties, emphasizing the importance of robust compliance and surveillance strategies.
Trafigura's lack of compliance oversight and failure to maintain proper third-party due diligence or risk management programs allowed the bribery scheme to operate with impunity, highlighting the need for enhanced controls and monitoring in high-risk industries.
Despite the challenges faced during the investigation, Trafigura's guilty plea and cooperation with DOJ demonstrate a commitment to addressing corruption and compliance issues in the global commodity trading sector.
Five Strategies to Mitigate a New Risk Environment
00:13:25
What do you do when the headlines shift faster than your risk matrix can keep up? In this episode, Michael Volkov dives into the challenge of adapting compliance programs in the face of volatile and fast-changing global risks—from tariffs and trade controls to supply chain disruptions and third-party exposures. While the pressure to react is constant, the real key is staying anchored in your company’s values while making smart, timely adjustments.
Legal and compliance officers are used to adjustments and continuous improvement of their compliance programs. Building and maintaining an effective ethics and compliance program never ends — it is a continuous process. In a climate of rapid change, the strategies may feel familiar, but the risks themselves are taking new shape. To that end, Michael outlines five specific strategies for evolving your compliance program without losing your footing.
You'll hear him discuss:
Why culture isn't just a buzzword—it's the first and most critical line of defense in volatile times
How to run a quick-turn, focused risk assessment to identify new hotspots like sanctions, tariffs, and supply chain gaps
The rising danger of indirect exposure to foreign terrorist organizations and cartels through third parties
What companies need to know about tariff classification, scope, and enforcement to avoid legal and economic penalties
Why sanctions and export controls enforcement is heating up—and what that means for your global operations
How to recalibrate third-party risk management to account for trade-based threats and hidden ownership structures
In 2020, Asante Berko settled a case with the SEC by agreeing to pay $329,000. A criminal indictment was filed in Brooklyn, New York shortly after the settlement. In November of 2022, Berko arrived in London at Heathrow Airport and was then arrested; charged with conspiring with two Ghanaian officials and four other individuals to benefit Goldman Sachs, himself, and a Turkish energy company. The scheme began to unravel when Goldman Sachs discovered the payments. Join Michael Volkov as he examines the recidivist case of Asante Berko’s FCPA violations.
Berko orchestrated the bribery scheme between 2014 and 2017 to secure an electrical power contract from the Ghanaian government for the Turkish energy company. They were attempting to secure a power purchase agreement (PPA) or an emergency power agreement (EPA) with Ghana, which required the approval of certain Ghanian officials and entities, including a senior Ghanaian official as well as the Executive Cabinet and Parliament.
In seeking reimbursement for the bribes paid out by Berko and his conspirators, he falsified invoices for consulting services allegedly provided by a Ghanian consulting company, which were then paid by the Turkish energy company. The payments were routed through correspondent banks in the US.
Violators of FCPA often act with flagrant disregard of the laws and delusions that their obvious crimes will remain undiscovered and uninvestigated, Michael comments.
Goldman Sachs officials began questioning the Turkish energy company about the payments to the Ghana consulting Company that appeared in their financial analysis. Despite the reassurance of Co-conspirator Number 3, Goldman Sachs conducted a due diligence review of the transaction and various email accounts and communications, including personal accounts used by Berko and others for incriminating conversations.
DOJ Mandates Increased HR and Compliance Cooperation
00:13:52
The relationship between compliance and HR can make or break a company's culture of ethics and integrity. The DOJ’s revised Evaluation of Corporate Compliance Program requirements are pushing for greater cooperation and coordination between these two departments to create a robust and effective consequence management system. In this episode, Michael Volkov discusses the implications of these new requirements and emphasizes the need for HR and compliance to work together to achieve a culture of compliance and ethics.
Here are some key ideas you’ll hear Michael discuss in this episode:
The Justice Department is taking a prescriptive approach to mandating greater cooperation between compliance and HR, as there have been too many problems between these departments in the past.
HR and Compliance have joint responsibilities and obligations to achieve a culture of compliance and ethics.
An effective HR and compliance partnership can leverage resources to ensure the overall advancement and success of the company.
Companies must comply with the DOJ's revised Evaluation of Corporate Compliance Programs and provide compliance with access to data generated across the organization. This is necessary to improve the effectiveness of the company's compliance program.
DOJ is now requiring companies to maintain a robust and enhanced investigation root cause system to address the specific elements required for a culture of ethics and integrity.
An effective consequence management system can only occur when there is active cooperation and effective coordination between HR and compliance.
The new consequence management system includes financial penalties resulting from clawbacks and deferred compensation schemes that are tied to compliance behaviors and requirements.
DOJ is focusing on incentives and disincentives to enhance individual compliant conduct and overall accountability. Positive incentives include promotions, rewards, and bonuses and disincentives include deferment or escrow of compensation. CCOs need to champion the creation of this system.
CCOs must be seated at the senior executive level of business operations to fulfill DOJ's expectations for overall consequence management in the disciplinary area.
Companies should consider cross-assignments of business managers to compliance and vice versa to promote career opportunities.
“I have always advocated on behalf of a committee approach or some kind of independent, objective reviewer or the institution that metes out disciplinary actions to ensure consistency,” Michael says.
Senior management must establish a framework for effective coordination and cooperation between HR, senior sales executives, legal, and compliance to achieve a culture of ethics and integrity.
This framework should be empowered to work on behalf of the company to establish organizational justice.
KEY QUOTES:
"The Justice Department is now taking on the role of marriage counselor, not with individual couples, but with the critical corporate relationship - Ethics and Compliance and Human Resources." - Michael Volkov
"With regard to disciplinary actions, there's nothing worse, folks, than a disciplinary system that treats similarly situated employees and executives in different ways based upon where they sit or what their sales performance is… Justice has to be blind and consistent here." - Michael Volkov
"Organizations that throw large contingent payouts for lucrative business contracts or for hitting specific targets should consider the impact of these incentives on sales employees and their ability and incentive to adhere to ethical requirements." - Michael Volkov
Cybersecurity Risks Increase for FInancial Institutions Relying on the Cloud: A Discussion with Carlo Massimo
00:27:14
Financial institutions are rapidly moving their operations to the cloud. In response to this development, and the increasing risks of cyber breaches, legislators and regulators are gearing up to impose significant cybersecurity requirements.
Carlo Massimo is a journalist who covers Cyber Security and International Tech Policy. Carlo was a former contributing editor at the Wilson Center's Quarterly, writes Citizen Techs information week monthly policy column, and contributes to the Dark readings profile as a Features Writer.
In this episode, Carlo talks about the implications of financial institutions moving to the cloud, and the response by lawmakers and regulators to this significant trend.
Join us as we discuss:
Carlos's perspective on possible designation of financial institutions operating in the cloud as "critical infrastructure"
Are global financial institutions ready for new cybersecurity regulations aimed at mitigating the risks of a data breach
The perspective from both the United States and the European Union on this important issue
In this episode, host Michael Volkov takes a closer look at the Honeywell FCPA case. The Justice Department and the FCC had a strong year in FCPA enforcement; they closed out the year with two important cases, ABB and Honeywell. Last week's episode covered the ABB case, and this episode will focus on the Honeywell UOP case, which resulted in a $160,000,000 settlement.
Honeywell was involved in a bribery scheme in Brazil and Algeria to secure contracts with state-owned oil companies.
Honeywell conspired to offer a $4 million bribe to a high-ranking executive of Petrobras in Brazil in an attempt to secure a valuable $425 million contract to design and build a refinery.
Honeywell's use of third-party agents, such as sales agents, to facilitate bribery payments was done without proper controls and oversight, leading to a lack of proper invoicing, description of services, and confirmation of payment arrangements which facilitated illegal payments.
Honeywell's senior management was complicit in the scheme and there was a lack of commitment to corporate ethics and compliance culture within the company.
The case serves as a reminder of the risks to companies of engaging in bribery and the importance of having a strong compliance culture and third-party risk management program.
KEY QUOTE:
"Honeywell's actions occurred in an environment where no one raised a question about the bribery scheme. The … narrow focus on winning the project through whatever means possible was clear." - Michael Volkov
How did a high-stakes bribery scheme involving insider deals, Airbus planes, and secret payments bring down a global aviation giant? In this episode, Michael Volkov dives deep into the AAR Corporation FCPA case—a cautionary tale of bribery, insider deals, and compliance failures in high-risk sectors. The DOJ and the Securities and Exchange Commission (SEC) closed 2024 with a major coordinated settlement with AAR Corporation, a provider of aviation products and services. The case involved criminal and civil FCPA charges related to bribery schemes in Nepal and South Africa. Deepak Sharma, the CEO of an AAR subsidiary, orchestrated the schemes, securing insider information and paying bribes to government officials to win lucrative contracts. Despite AAR's late self-reporting, the DOJ credited the company for its cooperation and remediation efforts. The case highlights ongoing corruption risks in the aviation industry, especially where state-owned enterprises and third-party agents are involved.
You’ll hear him discuss:
The details of the Illinois-based provider of aviation products AAR Corporation FCPA settlement with the DOJ and SEC.
How Deepak Sharma orchestrated bribery schemes in Nepal and South Africa.
The separate civil resolution with Deepak Sharma under which Sharma agreed to pay a disgorgement of $130,835 plus prejudgment interest of $53,762.
The role of third-party agents in facilitating corrupt practices.
Julian Aires, a former third-party agent of AAR, pleaded guilty in the District of Columbia on July 15, 2024 to a conspiracy to violate the FCPA for his role in the South Africa scheme.
Why insider information from government officials is a "kiss of death" in compliance.
How bribes were disguised through sham invoices and shell companies.
The importance of robust compliance programs in high-risk industries like aviation.
Red flags to watch for in industries dealing with state-owned enterprises.
How the DOJ and SEC weigh cooperation and remediation in enforcement actions.
Key takeaways for compliance professionals from the AAR case.
DOJ's Shifting Approach to Recidivism and Self-Disclosure
00:37:14
In this special episode of Corruption, Crime, and Compliance, Michael Volkov joins colleague and long-time friend Tom Fox as they delve into the intricacies of recent FCPA enforcement actions, shedding light on the evolving landscape of corporate compliance. From the ABB case to the SAP settlement, Michael and Tom dissect the nuances of voluntary disclosure, extensive remediation, and the shifting priorities of the Department of Justice. Join them as they navigate the complexities of recidivism, cooperation, and the pivotal role of self-disclosure in today's compliance environment.
You’ll hear them discuss:
The Department of Justice (DOJ) faced a challenging situation with ABB, a three-time FCPA recidivist, raising questions about their enforcement actions and policies.
ABB's case highlighted the importance of voluntary disclosure, extensive cooperation, and remediation in mitigating penalties and demonstrating commitment to compliance.
The shift in DOJ's approach towards recidivism and self-disclosure signaled a new emphasis on data-driven compliance and the use of evidence to support remediation efforts.
Albemarle and SAP cases showcased the significance of data-driven compliance programs and proactive measures to address compliance deficiencies.
DOJ's focus on self-disclosure as a key factor in enforcement actions underscores the importance of transparency, cooperation, and timely reporting in compliance efforts.
The evolution of DOJ's policies and enforcement strategies in 2023 reflected a balance between tough enforcement on recidivism and incentivizing self-disclosure through reduced penalties.
The role of voluntary disclosure, remediation, and cooperation is critical in navigating FCPA enforcement actions and achieving favorable outcomes with the DOJ.
The DOJ is advocating for increased consequences for individuals who engage in misconduct or fail to exercise proper oversight, via the implementation of compliance compensation programs that include financial penalties. Companies need to develop incentives and penalties in a balanced manner to maintain ethical performance, while ensuring the potential for accountability. A crucial aspect of enforcing these policies is the execution of robust clawback provisions as part of the executive's contract and bonus terms. These clawbacks can act as a deterrent for misconduct, and their enforceability largely depends on the clarity of their language, among other things. In this episode of Corruption, Crime and Compliance, Michael Volkov explores compliance compensation systems and their role in corporate governance in detail.
You’ll hear Michael talk about:
Clawback provisions are important rules that determine how executives' contracts and bonus terms can be enforced. Companies have a responsibility to execute robust clawback provisions to ensure accountability and deter misconduct.
Compliance programs are becoming increasingly vital to global companies as they grapple with complex legal and economic risks. These programs are crucial in reinforcing compliant behavior and promoting positive corporate citizenship.
The DOJ has emphasized the importance of compensation systems and consequence management in corporate compliance programs. Not being proactive in reviewing these systems is considered a serious mistake that requires urgent attention and correction.
DOJ's focus has expanded towards consequence management, seeking to escalate penalties for those involved in misconduct. Companies are required to implement compliance compensation programs focusing primarily on clawbacks.
Clawback policies, often limited to senior executives and specific conduct, need to be broadened in their scope and applicability. Notably, the Dodd-Frank Act mandates listed companies to have a written clawback policy for financial restatements resulting from accounting misconduct.
Compliance rewards act as a significant incentive for ethical behavior and compliance. Executives and managers who fulfill specific compliance requirements may become eligible for performance-related rewards.
Compliance compensation systems must be designed to hold individuals accountable for misconduct. Penalties, including retroactive discipline and financial penalties like clawbacks or deferred compensation systems, can be potent deterrents.
A comprehensive compliance compensation system requires careful crafting to minimize litigation and defense possibilities. It involves identifying the executives and managers to be included in the penalty system and determining the corresponding percentage penalties.
A company must balance its incentive structure, considering factors like large contingent payouts to executives and ethical performance requirements. Clarity in written policies and employment agreements fortify clawback provisions.
Collaboration between business, finance, legal, and HR is pivotal in the design and implementation of effective compliance reward and penalty systems.
KEY QUOTE:
“The DOJ wants to add to their risk calculation, and that's requiring companies to implement compliance compensation programs that include financial penalties against those actors who engage in misconduct, or supervisors that fail to rein in their underlings or conduct proper oversight to ensure compliance.” - Michael Volkov
Carlos Villagran Discusses Rebuilding a Corporate Culture After a Corporate Crisis
00:48:24
Carlos Villagrán is the Director of Compliance at CMPC, a 100-year-old Chilean-based holding company, one of the worldwide leading pulp, paper, packaging, personal care, and other forest products manufacturers. With more than 20,000 employees, CMPC has industrial operations in 9 countries (LatAm and the US) and commercial offices in the US, Europe, and China, selling and distributing its products to more than 45 countries around the world. Carlos joined CMPC to remediate and rebuild CMPC's culture and compliance program after a devastating scandal -- CMPC was prosecuted for its involvement in a decade-long conspiracy to fix prices in Peru and Chile for consumer paper products. Carlos discusses the challenges he faced in rebuilding CMPA's culture and commitment to compliance. His story is an inspiration to all legal and compliance professionals and provides important instructive lessons to corporate leaders and compliance professionals.
You'll hear Michael and Carlos discuss:
The importance of rebuilding and rediscovering the values and purpose of CMPC after a major corporate crisis.
The effects on market share quotas and sales prices when CMPC faced an investigation and found to be the leader of a cartel in Chile and Peru.
How the crisis significantly impacted CMPC's reputation, leading to public protests and consumer backlash in Chile and Peru.
CMPC’s compliance team addressed the company’s complex nature because of its diverse workforce, including data analytics experts, IT professionals, and engineers.
How the compliance program at CMPC shifted from a traditional approach to a more cultural and system-thinking perspective, aligning with the company's values and operations.
Success for the compliance program at CMPC is defined by the number of critical tables the team is seated on, indicating their value and integration within the business operations.
The New Era of Compliance -- Generative AI, Data and Innovation
00:16:02
The 1990s saw the explosion of the internet, transforming the global economy and social development in ways we could have never imagined. But will AI truly have the same impact? While its potential is undeniable, the road ahead is full of risks, challenges, and ethical concerns. Will AI drive efficiency and innovation, or will it create new vulnerabilities that companies must scramble to control?
In this episode of Corruption, Crime, and Compliance, Michael Volkov dives deep into the legal, ethical, and compliance challenges surrounding AI. He explores how businesses are navigating AI adoption, the risks they face, and the safeguards they must implement to protect themselves.
You’ll hear him discuss:
Why AI’s economic impact, while significant, may not match the transformative power of the internet
Goldman Sachs’ prediction that AI could add $7 trillion to global GDP over the next decade
The massive investments required to scale AI, from semiconductors and data centers to energy and infrastructure
How generative AI is reshaping industries by creating human-like content with limitless applications
The hidden dangers of AI, including misinformation, deepfakes, fraud, and identity theft risks
Why businesses are cautiously adopting AI while grappling with privacy, copyright, and security concerns
The importance of AI compliance programs to mitigate legal, ethical, and reputational risks
Best practices for companies to ensure AI-generated content is accurate, transparent, and responsibly used
[Replay] Review of the EU Whistleblowing Directive with Alex Cotoia and Daniela Melendez
00:25:00
This week, we bring you a replay of one of our most impactful podcasts from last year, featuring Alex Cotoia and Daniela Melendez. Listen in as we discuss the EU Whistleblower Directive of October 2019. We'll return next week with one of our regular updates.
Directive 2019/1937 of the European Parliament and Council dated 23 October 2019 on the “protection of persons who report breaches of Union law” (the “Directive”) is currently being implemented by EU Member States. The directive has broad applicability to organizations operating in the EU internal market and applies to both public and private sector organizations alike. Whistleblowers are guaranteed legal protection to the extent: (1) they have reasonable grounds to believe that the information reported was true at the time of the report; and (2) the whistleblower reported either internally to the organization, externally to a competent authority, or publicly. Private sector organizations with 50 or more workers are legally required to establish channels and procedures for internal reporting of EU law breaches and conduct appropriate follow-up.
In this episode, Mike Volkov is joined by Daniela Melendez and Alex Cotoia from the Volkov Law Group, who bring their expertise to the table as they delve into the EU Directive and its implementation by several member states. Listen to this discussion to understand and navigate the complexities of the EU Whistleblowing Directive.
The EU Whistleblower Directive shifts the burden of proof on retaliatory actions to the person taking the detrimental action, requiring them to demonstrate it was not linked to reporting concerns.
Global companies are taking a proactive stance by increasingly focusing on robust ethics and compliance programs. This strategic move is aimed at mitigating risks and promoting positive corporate citizenship in today's economy, where adherence to legal and ethical standards is paramount.
France signed the EU Directive into law on March 21, 2022, outlining protocols for gathering and handling whistleblower reports, including a two-month deadline for imposing disciplinary sanctions.
Germany enacted the EU Directive on May 12, 2023, allowing anonymous reports and setting a three-month investigation deadline after receiving the report.
Spain addressed the EU Directive on February 2023 by covering additional topics like occupational health and safety breaches. The directive established a three-month deadline for investigations and allowed anonymous reports.
Italy transposed the EU Directive on August 4, 2022, including administrative, financial, civil, and criminal offenses not covered by the Directive, with a 30-day deadline to conduct investigations upon receipt of reports.
Companies are advised to make resources available to conduct investigations quickly due to the short timeframes set by various countries' whistleblower protection laws.
[Replay] Nicolas Garcia, GC at Orica, on Compliance Trends and Challenges in Latin America
00:32:36
This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.
How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.
Listen in as Nicolas and Mike discuss:
The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.
Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela’s decline.
Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.
Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.
Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system’s integrity.
Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.
Bryn Sedlacek, Vice President at Aravo, on Holistic Third-Party Risk Management and Unitary Visibility
00:28:05
Bryn Sedlacek, Vice President and Product Manager at Aravo, joins us on the podcast to discuss third-party risk management focusing on holistic risks and unified visibility. In a wide-ranging discussion, Mike Volkov and Bryn Sedlacek discuss the challenges in implementing a third-party risk management program that captures holistic risks and maintains a consistent, unified line of sight across the organization's risk profile. They focus on sanctions, capturing the source and ultimate destination of products/services and including those in screening, leveraging how to handle conflict minerals as a model, and how data intelligence providers can help. Additionally, Bryn discusses unified visibility, which provides comprehensive visibility to executives and decision-makers across risk domains and performance. Finally, they discuss InfoSec risk with third parties, where to start, and the future of risk - technology and alternative risk strategies. Join Michael and Bryn as they navigate the complexities of compliance in today's corporate landscape.
Bryn discusses how crucial it is to start with a realistic approach to building a compliance program and continually improve compliance programs to mitigate risks effectively.
Having a platform like Arvao’s is valuable for companies as it is highly configurable and tailored to meet the unique needs of each client’s business structure and risk management requirements.
The partnership between IT and cyber security in a compliance program is vital for addressing cybersecurity risks effectively within organizations.
It is a growing trend for IT and cyber security to focus on collaboration and meeting the unique needs of each department.
Unified visibility across different risk domains and third-party activities is essential for making informed decisions and managing risks effectively.
Continuous monitoring and auditing are crucial in compliance programs, with a risk-based approach to optimize resources and ensure proactive risk management.
Sanctions compliance is a growing area of focus, requiring proactive monitoring, risk-based approaches, and continuous updates to mitigate risks effectively.
A Deep Dive into Clear Channel's SEC FCPA Settlement
00:11:18
Clear Channel, a San Antonio based advertising company, is settling with the SEC for $26 million, for bribery violations committed by its former Chinese subsidiary, Clear Media. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the details of this case, from covert cash funds to internal audit challenges, shedding light on the issues that led to this notable settlement.
You’ll hear him discuss:
The charges stemmed from bribery violations committed by Clear Channel’s former Chinese subsidiary, Clear Media. The bribes included expensive gifts, entertainment and travel, given to influence contract renewal negotiations with Chinese government officials.
Clear Media engaged in deceptive practices, falsely documenting payments to cleaning and maintenance companies to fund illegal payments. They cautioned employees to omit gift recipients and disguised payments through oral agreements. False invoices and tax records were created to justify cash payments to shell company intermediaries that provided no actual services.
Internal audits from 2012 to 2017 highlighted deficiencies, red flags, and indicators of bribery. Despite this, Clear Channel failed to pursue aggressive remedial actions.
Internal auditors faced resistance from Clear Media and even reported false information provided by them. The lack of diligence and follow-up allowed the issues to persist.
Clear Channel, however, cooperated extensively with the investigation. They promptly shared facts, produced relevant documents, and facilitated interviews with current and former employees.
Remediation efforts included disposing of Clear Media, enhancing anti-corruption compliance policies, and increasing resources for compliance.
The settlement serves as a cautionary tale, emphasizing the importance of robust internal audits and proactive remediation.
KEY QUOTES:
“Clear Channel received credit for its cooperation and remediation. Its cooperation included promptly sharing facts, proactively producing relevant documents, producing in real time documentation of audits of Clear Media's internal controls during the course of the investigation...” - Michael Volkov
“So from 2012 to 2017, Clear Channel auditors regularly cited Clear Media's deficiencies, red flags, indicators of bribery, and inadequate internal controls. The auditors cited numerous remedial measures, but Clear Channel failed to ensure that appropriate remedial steps were taken.” - Michael Vokov
“But given the level of resistance and the failure of the internal audit function to operate properly and to follow up specifically on the issues that they were uncovering, the resolution has to be viewed in a positive light and was only counterbalanced by the fact that what Clear Channel did was cooperate and provide extensive remediation and ultimately sold its Chinese subsidiary...” - Michael Volkov
Cybersecurity and Compliance: The Growing Partnership of CISOs and CCOs
00:20:57
In today’s world data is the new gold, and protecting it has become imperative for businesses worldwide. On this week's episode of Corruption, Crime and Compliance, Michael Volkov navigates the cybersecurity landscape, unpacking the key threats haunting businesses and the elements of a robust cybersecurity compliance program. He underscores the importance of proactively managing these digital threats, to ensure your business remains protected.
You’ll hear him discuss:
The growing partnership between compliance and cybersecurity is a rapidly emerging issue in compliance, affecting companies and their risk management strategies. Cyber threats are not only external but also internal, resulting from employee behavior and cybersecurity hygiene.
Chief Information Security Officers (CISOs) are increasingly collaborating with Chief Compliance Officers (CCOs), leveraging the latter's expertise in governance, risk management, and training. This collaboration enables better education and training for employees on cybersecurity risks and the importance of good cybersecurity hygiene.
Approximately 50% of cyber or data breaches are the result of internal actors, either intentionally or through negligence. Thus, CCOs can play a crucial role in designing controls, conducting training, and monitoring employee behavior to mitigate such risks.
Major cybersecurity risks today include ransomware, cloud security, work from home security, phishing schemes, supply chain security, and identity and access management (IAM).
The rise of cyber threats: The digital landscape is rife with cybersecurity threats, including insider threats, DoS and DDoS attacks, AI and machine learning attacks, and cyber espionage.
Organizations need to be vigilant against disgruntled employees with access privileges who could intentionally or unintentionally harm systems. This emphasizes the need for robust access controls, regular monitoring, and comprehensive employee training.
While AI and machine learning can enhance cyber defenses, they can also be weaponized by cybercriminals to automate and scale their attacks.
A robust cybersecurity compliance program is necessary to protect a company's IT infrastructure and includes:
Application Security: Familiarity with cloud security policies and the implementation of multifactor controls and administration privileges can help strengthen application security.
Information Security: Companies must adhere to strict security standards and employ encryption among other strategies to protect data from possible breaches.
Disaster Recovery Planning: This requires implementing backup and recovery systems, incident response drills, and endpoint protections.
Network Security: Most companies use firewalls to monitor traffic for cyber threats and attacks. Companies must also secure their wireless networks and ensure that remote connections are encrypted.
End User Security: Since hackers often gain unauthorized access through endpoints, companies must ensure that devices are updated with security programs and antivirus applications.
Operational Security: This involves identifying any potential vulnerabilities that could be exploited by a hacker.
Given the prevalence of phishing attacks and insider threats, cyber training for employees is of paramount importance for an organization's cybersecurity.
KEY QUOTE:
“In the end, cybersecurity fails when there's a lack of adequate controls and security readiness, and companies have to make smart strategic decisions when developing their controls and cybersecurity protections; and always focus on the human element, common mistakes, effectiveness of controls and vulnerabilities to hacker strategies to exploit any weaknesses.” - Michael Volkov
Have you ever wondered how different cultures and generations engage with a company's code of conduct? Do employees across the globe really follow ethical guidelines in the same way, or are there stark contrasts depending on where they are and what they do? In this episode of Corruption, Crime & Compliance, Michael Volkov explores LRN's latest Code of Conduct Report, which reveals vital benchmarks and trends that can help companies strengthen their ethics and compliance programs. As LRN consistently provides high-quality insights on ethics and compliance, this episode dives deep into the findings that highlight how the code of conduct can serve as the cornerstone of a company's ethics culture—if used effectively.
You’ll hear him discuss:
How the usage of codes of conduct differs across geographic regions, with India, China, and Australia showing the highest engagement rates.
The surprising statistic that 35% of employees in the Netherlands reported never consulting their company’s code of conduct.
The impact of training, with countries like China and India seeing the highest percentage of employees trained on their code of conduct.
The generational divide, with Gen Z employees consulting their codes of conduct more than Baby Boomers, despite prior reports suggesting Gen Z's tendency to bend rules.
The significant gap in perceptions of code usage between senior leaders, middle managers, and frontline employees.
The role of hybrid work in fostering higher engagement with codes of conduct, contrary to the common assumption that remote work leads to disengagement.
Financial Controls: Contract/Purchase Order to Invoice to Payment Procedures
00:19:09
The contract to invoice to payment process may seem like a small part of a larger process, but it's at the core of many enforcement issues, particularly when it comes to the FCPA. In fact, we've seen some important cases that have highlighted the critical nature of this process, including the Oracle case from last year. This episode of Crime, Corruption and Compliance is not just a review of the FCPA, but rather an in-depth exploration of how companies can implement effective internal controls around their financial operations, and avoid potential problems that can arise from breakdowns in this process. I dive into the details of this important topic so you can learn how to build an effective control environment for your company's financial operations.
These are some key ideas I discuss in this episode:
Internal controls are critical to preventing fraud and corruption and must be established and maintained to ensure the proper use of corporate assets.
The accounting provisions of the FCPA include the books and records provision and the internal controls provision, which require issuers to keep accurate and detailed records of their transactions and maintain a system of internal accounting controls.
The contract to invoice to payment process is a key area where breakdowns in internal controls can occur, leading to illegal payments and bribery risks.
A robust due diligence process is required to confirm the ownership, legal compliance, reputation, and other important factors of potential vendors and suppliers.
Accounts payable and accounts receivable personnel are critical frontline actors in the procurement to pay process and should be trained in compliance to mitigate risks and elevate red flags when necessary.
The coordination and communication between finance, procurement, and compliance functions is crucial to establishing effective controls and preventing potential high-risk situations.
Contract and purchase order management systems should be established to link the contracting and purchasing process with invoicing and payment, ensuring proper review and verification of invoices and payments.
Invoicing and payment processes should be closely monitored and authorized in accordance with contractual and purchase order terms to avoid unauthorized use of corporate assets and reduce bribery risks.
Compliance programs should include a monitoring program and transaction testing program to regularly review and test the effectiveness of internal controls in the procurement to pay process.
KEY QUOTES:
“Compliance has to push their way into the environment here and start to take some responsibility for transaction testing, for monitoring, for partnerships related to high value or high-risk third parties, to make sure that we're monitoring and addressing that risk.” - Michael Volkov
“One of the things that has to go along with your third party due diligence program is what I would call a contract management system.” - Michael Volkov
“Accounts payable personnel should always be relied on in terms of natural allies and open communications. Having them elevate red flags to the business and the compliance functions has to be a key priority here because they are on the front lines.” - Michael Volkov
NAVEX's 2023 State of Risk and Compliance Programs
00:15:35
Dare we imagine a world where companies are driven by their compliance obligations as much as they are by their financial performance? In a progressively interconnected and fast-paced digital world, compliance matters more than ever. Non-compliance can swiftly result in reputational damage, punitive fines, and compromised stakeholder trust. As such, more organizations are beginning to embrace the importance of having mature, robust compliance programs. This episode of Corruption, Crime, and Compliance with Michael Volkov dives into NAVEX's 2023 State of Risk and Compliance report. The report delivers a comprehensive overview of the global compliance landscape and sheds light on critical trends that are reshaping the field.
You’ll hear him discuss:
We've seen a substantial increase in organizations with mature compliance programs - 53% in 2023, compared to 38% in 2022. This is a testament to organizations worldwide waking up to the importance of compliance in their everyday operations.
The power of leadership: robust leadership support is crucial when it comes to fostering a thriving compliance program. Strong board and executive-level engagement have proven instrumental in driving these changes.
As the world becomes more digitized, cybersecurity threats have increased exponentially. Consequently, cybersecurity has skyrocketed to the top of compliance concerns, indicating how cyber threats and breaches have a far-reaching impact on organizations.
Compliance and information security professionals are coming together like never before. This internal partnership proves crucial in managing cybersecurity risks and ensuring the safety of organizational data.
The NAVEX report identified five high-stake risks that organizations should keep on their radar: cybersecurity, regulatory compliance, harassment and discrimination, anti-bribery and corruption, and diversity, equity, and inclusion. Addressing these will require diligence and strategic planning.
There has been a decline in middle management's commitment to compliance compared to 2022. This dip stresses the need for targeted interventions to maintain the integrity of the compliance culture.
From HR to IT, effective compliance necessitates collaboration across all levels and departments.
With growing compliance demands, organizations are realizing the importance of purpose-built solutions. These platforms help manage third-party risks, policy management, and provide ethics and compliance training, making them indispensable in the modern compliance toolkit.
KEY QUOTES:
“So 53% stated that their organization had a mature compliance program and risk management program and that was compared to only 38% in 2022. Now that to me is a really welcome sign.” - Michael Volkov
“I think perhaps the most significant finding in this area to me was that in recognition of the rising threat level from cybersecurity attacks, ransomware, data privacy ethics and compliance professionals are forging new and lasting internal partnerships with information security professionals.” - Michael Vokov
“Three quarters of respondents reported that senior leaders encourage compliance in the organization, and nearly as many report that senior leaders demonstrate their commitment to compliance to employees. So it's not just words, but it's words and actions. However, there was one troubling concern, and that was with respect to middle management. …So NAVEX reported a lower commitment compared to the 2022 report with regard to middle management commitment to compliance.” - Michael Volkov
Catch up on OFAC Enforcement -- 3M and Emigrant Banks Cases
00:12:54
3M faced a dual settlement, first with the SEC and then with OFAC, over alleged Iranian sanctions violations stemming from misconceptions and oversights in a license plate deal with a German intermediary. Despite the gravity of the case, 3M took proactive remedial actions, including voluntary disclosure and internal changes. Similarly, Emigrant Bank maintained a CD account for two Iranian residents for over two decades without proper screening, leading to a $31,000 settlement. In this episode of Corruption, Crime and Compliance, Michael Volkov shares details of both cases, underscoring the complexities of navigating sanctions regulations, the consequences of compliance failures, and the pivotal role of voluntary disclosure and proactive remediation in mitigating penalties.
You’ll hear Michael talk about:
3M settled with the Securities and Exchange Commission (SEC) for $6.5 million and with the Office of Foreign Assets Control (OFAC) for $9.6 million over alleged violations of Iranian sanctions. 3M's Dubai-based subsidiary entered into a deal to manufacture reflective license plate sheeting for a German company, but it misunderstood the end user, believing it was a reseller when it was actually Iran.
Between 2016 and 2018, 3M sent 43 shipments to the German intermediary, who resold them to Iran, violating OFAC regulations. This led to 54 violations of the Iran sanctions program. 3M's compliance team approved the deal without realizing the true end user was in Iran. Suggestions to review the deal were ignored, and steps were taken to conceal its true nature.
3M took remedial steps, including voluntary disclosure, termination or discipline of involved employees, leadership changes, revamped sanctions compliance training, and discontinuation of business with the German reseller.
In another case, Emigrant Bank maintained a certificate of deposit (CD) account for two Iranian residents from 1995 until 2021 without properly screening it for sanctions issues. In 2016, when the account holders requested a wire transfer, Emigrant became aware of potential sanctions issues but still approved the transfer.
In 2019, Emigrant's upgraded screening software flagged the account, but the compliance team overrode the alert based on erroneous guidance from the 2016 wire transfer. Emigrant recognized the account's status in 2021, closed it, and took steps to remediate compliance program shortcomings.
Emigrant settled the matter for $31,000, significantly lower than the maximum penalty applicable ($9.9 million), with voluntary disclosure and proactive remediation efforts considered mitigating factors by OFAC.
KEY QUOTES
“In the course of setting up this agreement, numerous managers at 3M suggested that trade compliance reviewed the deal. But these 60 suggestions were ignored by the deal's proponents. Even worse, a 3M subsidiary received an outside due diligence report, flagging the connection to Iranian law enforcement, and closed the matter without further investigation.” - Michael Volkov
“On September 21 of this year, OFAC announced that Emigrant agreed to pay $31,867 to resolve 30 violations of the Iran Sanctions Program. The violations all relate to a single CD account that Emigrant maintained for two Iranian residents from 1995 until it closed the account in 2021.” - Michael Volkov
“In 2019, Emigrant upgraded its screening software, sanctioned screening, and the new program flagged the account as problematic due to the account holder's Iranian residency. However, software is only effective as its operator. Upon review, Emigrant's compliance team overrode the alert, basing their decision on erroneous guidance from the 2016 wire transfer. Now, Emigrant finally recognized the account status in 2021 and took steps to remediate its compliance program shortcomings.” - Michael Volkov
DOJ Settles FCPA Cases with Two UK-Based Reinsurance Companies
00:17:19
In the 300th episode of Crime, Corruption and Compliance, Michael Volkov examines the recent FCPA settlements with two major UK reinsurance brokers - Tysers and H.W. Wood - for their involvement in a bribery scheme in Ecuador. The DOJ took an unorthodox approach by going after individual people before the companies. This helped them get cooperation and gather evidence, resulting in over $36 million in fines and forfeited money. However, it also highlights common issues in FCPA cases, such as a lack of supervision and effective controls that let corruption happen.
You’ll hear Michael discuss:
The settlements with Tysers ($36M fine + $10.5M forfeiture) and Wood ($508K fine + $2.3M forfeiture) resolve a multi-year FCPA investigation in Ecuador.
Several individuals were prosecuted first, including the chairman of two state-owned Ecuadorian insurance firms who pleaded guilty in 2020. This allowed the DOJ to build up cooperators and evidence.
A third-party intermediary played an instrumental role, serving as the "glue" that coordinated all aspects of the scheme in exchange for significant profits.
Neither Tysers nor Wood voluntarily disclosed. Tysers received a 25% discount for cooperation and remediation; Wood's fine was reduced to $508K based on inability to pay.
The intermediary demanded a large split of commissions to funnel payments to officials, which Tysers and Wood accepted, triggering disputes among Tysers' own employees.
The parties used coded language and fake investment contracts to disguise corrupt payments to officials' offshore accounts.
The lack of financial controls and oversight of third-party payment allocations enabled suspicious activity to occur unchecked. Massive "commissions" paid to intermediaries raised obvious red flags that went unheeded.
Going after individuals first and securing a declination for one company yielded major penalties for Tysers and Wood, proving the DOJ's strategy highly effective.
The facts underscore the need for vigorous third-party due diligence and monitoring controls to detect and halt potential corruption.
KEY QUOTES
“DOJ has had a slow year in FCPA enforcement. Everybody knows that we may see a few more coming in the next few weeks before the end of the year…” - Michael Volkov
“Unlike most third party FCPA cases, where a third party may be enlisted to further a bribery scheme by funneling payments directly to a foreign official, the intermediary in the Tysers and Wood cases played an instrumental role in arranging, managing and overseeing the bribery payments and overall scheme. The intermediary company truly operated as the glue that put together a large bribery operation from which it earned significant profits.” - Michael Volkov
“...the timing of the corporate individual resolutions is certainly a unique pattern for DOJ to execute on and certainly raises the prospect that we may see other cases where individuals get prosecuted first and then you see a corporate resolution coming towards the end. So DOJ clearly here built up a reservoir of cooperators and information and intelligence that resulted in them being able to impose significant penalties against Tysers and Wood.” - Michael Volkov
Oracle Corporation settled its second FCPA case in ten years. It agreed to pay the SEC $23 million to resolve allegations that its subsidiaries in Turkey, India and the United Arab Emirates maintained slush funds to bribe foreign officials. Ten years ago in 2012, Oracle paid the SEC $2 million for creating millions of dollars in off-the-books accounts at its India subsidiary. Join Michael Volkov as he takes a deep dive in the Oracle case and provides valuable lessons for managing third-party corruption risks.
In the SEC’s mind, Oracle is a recidivist, having its second enforcement action case in 10 years.
The settlement for $23 million underscored the power of the FCPA provisions, which mandate effective internal controls and accurate books and records, and can be applied to a wide range of conduct beyond foreign bribery, Michael remarks.
The controls that Oracle put in place to prevent improper use of discounts and marketing reimbursements were not effective because there was a lack of compliance culture within the business.
The Oracle case is one that should be studied by compliance professionals, Michael believes. It reminds you to look at your own controls that surround discounting and ensure that the necessary documentation is carried out. “No matter what controls you have in place, they still have to be adhered to with a true culture of compliance underneath it as a foundation,” he adds.
Microsoft Pays OFAC and BIS Over $3.3 Million to Settle OFAC Sanctions Violations
00:17:04
Microsoft recently paid over $3 million for multiple sanctions violations involving illegal exports of services and software to sanctioned jurisdictions. The violations spanned seven years and involved prohibited Russian entities or persons located in the Crimea region of Ukraine. However, what makes this case particularly intriguing is the remedial actions taken by Microsoft, which offer best practices and insights into what can be done when resources are available. In this week's episode of Corruption, Crime, and Compliance, Michael Volkov takes a deep dive into the Microsoft OFAC enforcement action.
He discusses these ideas:
Microsoft committed 1339 transactions in violation of multiple sanctions programs over seven years, totaling over $12 million worth of sales and services.
Violations included the sale of software licenses and the provision of related services from servers and systems located in the US and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.
The violations were due to Microsoft's failure to obtain complete or accurate information on the identities of end customers and shortcomings in its restricted party screening. At times, Microsoft Russia employees intentionally circumvented Microsoft screening controls to prevent other Microsoft affiliates from knowing the identity of the ultimate end customers.
Microsoft's significant remedial measures included enhancing its trade compliance program, improving its governance structure and screening resources, adopting a new three lines of defense model, and conducting a holistic risk assessment to identify and remediate instances of prohibited engagements.
Microsoft deployed a multidisciplinary internal investigation team proficient in 16 foreign languages, modified its procedures to respond to matches, and expanded the scope and volume of data screened.
“Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with risk.”
Companies should consider conducting a holistic risk assessment to identify and remediate prohibited engagements and ensure that employees adhere to the sanctions compliance program.
OFAC emphasized that companies conducting business through foreign-based subsidiaries, distributors, and resellers should have sufficient visibility into their end-users, including through the provision of services after an initial sale.
KEY QUOTES:
"Now, when Microsoft supported these third-party sales to prohibited parties, they provided prohibited software and services to SDNs and end customers in sanctioned jurisdictions, and the violations occurred. The root cause really was because Microsoft did not have complete or accurate information on the identities of the end customers for Microsoft's products." - Michael Volkov
"Companies with sophisticated technology operations and a global customer base should ensure that their sanctions compliance controls remain commensurate with that risk and leverage in appropriate technological compliance solutions." - Michael Volkov
"Testing or auditing, whether conducted on a specific element of a compliance program or enterprise-wide level, are important tools to ensure that the program is working as designed and weaknesses are promptly remediated." - Michael Volkov
Can the DOJ’s commitment to holding individuals and corporations accountable under the FCPA survive the changing political climate in 2025? Will the push for innovation in corporate compliance programs be enough to maintain momentum, especially with emerging technologies like artificial intelligence? In this episode of Corruption, Crime and Compliance, Michael Volkov dives deep into the FCPA enforcement landscape of 2024, outlining key cases, changes in DOJ policies, and the evolving role of compliance programs. He highlights the significant rise in penalties and individual criminal prosecutions, as well as the continuation of major corporate settlements such as Raytheon, Trafigura, Gunvor, and SAP. The episode also explores DOJ's new whistleblower program and its continued push for companies to enhance their compliance frameworks.
You'll hear him discuss:
Key FCPA enforcement matters in 2024 including the Raytheon, Trafigura, Gunvor, and SAP cases.
The shift in DOJ’s approach, where individual prosecutions now play a larger role than ever before.
The rise in penalties: 2024 saw a significant jump, with a total of $1.7 billion in fines.
The return of travel, hospitality, and gifts as common bribery techniques, despite increased focus on compliance.
DOJ's major industry sweeps, particularly targeting the energy commodity trading industry.
The emergence of new compliance challenges with a focus on artificial intelligence and emerging technologies in corporate settings.
The controversial SAP settlement and the DOJ’s approach to a lack of voluntary disclosure.
The impact of mergers and acquisitions on compliance processes and the integration of acquired companies.
DOJ’s new whistleblower program designed to incentivize individuals to report misconduct.
How companies should approach merger and acquisition integration to ensure compliance and prevent risks.
Albemarle, a prominent specialty chemicals company, recently settled a case for $218 million, unraveling a web of bribery payments across Vietnam, Indonesia, and India. The repercussions of this case extend beyond the financial penalty, encompassing a three-year non-prosecution agreement and the application of the Compensation, Incentives, and Clawbacks pilot program. In this episode of Corruption, Crime and Compliance, Michael Volkov shares details of Albemarle’s FCPA settlement with the DOJ and SEC, exploring Albemarle’s voluntary disclosure, extensive remediation efforts, and a transformative shift in its business model.
You’ll hear Michael talk about:
Albemarle agreed to pay over $218 million to settle investigations conducted by the DOJ and the SEC. This substantial financial penalty is a consequence of alleged bribery payments made by the company in multiple countries.
The investigations focused on bribery payments related to various business transactions and dealings made by Albemarle in Vietnam, Indonesia, and India.
As part of the settlement, Albemarle entered into a three-year non-prosecution agreement. While the company acknowledges certain wrongdoing, it avoids facing formal prosecution during the specified period if it complies with the agreed-upon terms and conditions.
The settlement includes the application of the Compensation, Incentives, and Clawbacks pilot program. This program outlines mechanisms to ensure that executives and employees involved in wrongdoing face appropriate consequences, including clawing back certain incentives and compensation.
Albemarle voluntarily disclosed information related to the potential FCPA violations. This proactive step is often a mitigating factor in settlements and reflects a willingness to cooperate with authorities.
Albemarle undertook extensive remediation efforts in response to the allegations. This included disciplining employees involved in the wrongdoing, strengthening its anti-corruption program, and making significant changes to its business model and risk management processes.
The investigations highlighted Albemarle's use of sales agents in Vietnam, Indonesia, and India. Control deficiencies with third parties in China and the United Arab Emirates (UAE) were also noted, raising concerns about the oversight and due diligence processes related to these external entities.
Michael shares details about specific bribery schemes involving state-owned entities such as Petro Vietnam in Vietnam, Pertamina in Indonesia, and IOCL in India. These schemes included practices like modifying tender requirements, providing nonpublic information, and directing agents not to include details in invoices concerning tips to foreign officials.
The case underscores the risks of relying on third-party agents to secure contracts, particularly through the example of Albemarle's failure to conduct due diligence on an agent in the UAE. The agent's close ties to the UAE government and royal family contradicted representations made during the due diligence process.
KEY QUOTES
“And in this case, they rewarded Albemarle with an NPA as opposed to a deferred prosecution agreement. So it's a three-year non-prosecution agreement, and doesn't get filed with the court. There's no information that's filed. And they agreed to pay a penalty of approximately $98.2 million and an administrative forfeiture of $98.5 million. Also, this is the first FCPA settlement where we applied the Compensation, Incentives, and Clawbacks pilot program, which the DOJ had announced in March of 2023.” - Michael Volkov
“With respect to remediation efforts, the DOJ cited Albemarle's extensive remedial measures, including that they started the remediation prior to the beginning of the DOJ's investigation. In other words, they started to remediate quickly upon starting their own internal investigation.” - Michael Volkov
ABB is a three-time loser in foreign bribery enforcement, but still agreed to pay $315 million to settle FCPA charges. The company also resolved SEC charges for $75 million.
ABB's criminal history includes bid rigging and bribery violations in multiple countries. However, the DOJ cited ABB's extraordinary cooperation and extensive remediation when they announced the settlement. Michael Volkov explores ABB’s history of FCPA violations, leading up to their most recent, in this week’s show.
ABB paid a settlement of $315,000,000 for its extensive criminal history record, including multiple violations of the Foreign Corrupt Practices Act and a prior conviction for price fixing. The settlement raised questions about the effectiveness of the Justice Department's new FCPA enforcement program, which is designed to prevent benefits for recidivists.
The case involved two ABB subsidiaries in South Africa and Switzerland, and the parent company agreed to a three-year deferred prosecution agreement. The company also resolved SEC charges for $75 million and faced foreign prosecutions in South Africa, Switzerland, and Germany.
ABB was also involved in a bribery scheme between 2014 and 2017 to obtain confidential information and win lucrative contracts with South Korea's state-owned energy company, ESCOM Holdings. They engaged multiple subcontractors who were linked to a high-ranking ESCOM official and made payments to these subcontractors despite their poor qualifications and lack of experience. In exchange for these bribery payments, ABB secured improper confidential information needed for the bidding process and securing the valuable contracts.
ABB established a relationship with an additional subcontractor. This subcontractor failed various portions of the ABB due diligence process, including its financial stability and qualifications. ABB required a specific waiver of due diligence requirements to be approved, which they did. On its face, the approval of a waiver creates significant red flags.
ABB took important first steps on learning about the potential violation by immediately scheduling a meeting with the DOJ and committing to change. However, the settlement papers did not give any detail as to what made ABB's cooperation extraordinary.
KEY QUOTE
“For companies that have to decide whether to disclose and may hesitate because of their criminal histories, the answer now is fairly clear that it is a better idea in many cases to voluntarily disclose, remediate and cooperate.” - Michael Volkov
BIT Mining Resolves FCPA Case for $10 Million and CEO Pan Indicted
00:19:14
What happens when a Chief Executive Officer becomes the architect of a global bribery scheme? In this episode of Corruption, Crime, and Compliance, Michael Volkov delivers an in-depth analysis of the BIT Mining FCPA case — a landmark matter that underscores the severe consequences of C-suite misconduct. With CEO Zhengmin Pan at the center of the conspiracy, BIT Mining’s efforts to infiltrate Japan’s emerging casino market were built on fraudulent payments, sham contracts, and falsified financial records.
Michael examines the tactics used to conceal illicit payments, the role of Japanese authorities in uncovering the misconduct, and the broader implications for corporate compliance and executive accountability.
You’ll hear him discuss:
How BIT Mining’s former CEO, Zhengming Pan, supervised a $2 million bribery scheme targeting Japanese government officials to secure entry into Japan’s integrated resort (IR) market.
The specific tactics used to launder bribe payments, including the use of sham consulting agreements, inflated lecture fees, and misclassification of bribes as "management advisory fees" and "travel expenses" in company records.
The DOJ’s charges against Pan, which included conspiracy to violate the anti-bribery and books-and-records provisions of the FCPA, as well as multiple counts of books-and-records violations and substantive anti-bribery offenses.
The terms of Bit Mining’s three-year Deferred Prosecution Agreement (DPA) with the DOJ, which included an agreed-upon $10 million criminal penalty, reduced from an initial $54 million based on the company’s inability to pay.
The SEC’s parallel enforcement action, which resulted in a $4 million civil penalty, later credited against the DOJ’s settlement amount.
How Japanese enforcement authorities played a crucial role in uncovering the scheme and what ultimately led to Bit Mining’s failure to win the integrated resort bid.
Practical compliance takeaways for corporate boards and executive teams, including the importance of strong third-party due diligence, financial control safeguards, and executive oversight to prevent and detect misconduct at the top.
Deep Dive into the SEC's Settlement with R&R Donnelly on Cybersecurity Controls
00:12:15
How does the SEC's recent settlement with R.R. Donnelly & Sons Company impact internal controls for cybersecurity incidents? In this episode of Corruption, Crime, and Compliance, Michael Volkow discusses a significant decision by the SEC involving a $2.1 million settlement with RR Donnelly & Sons Company (RRD) related to a 2021 ransomware attack. The SEC's decision marks the first time it applied its internal controls enforcement authority to cover cybersecurity policies and procedures, representing a substantial expansion of its enforcement reach.
The SEC criticized RRD for failing to prioritize the review of security alerts and implement an effective workflow for escalating such reports. This oversight led to delayed detection and response to the cyber attack, during which hackers exfiltrated 70 gigabytes of data, including personal and financial information tied to 29 clients.
You’ll hear him talk about:
The importance of robust internal controls to ensure prompt investigation and escalation of potential cybersecurity incidents.
The need for companies to allocate sufficient resources and personnel to monitor and respond to third-party security alerts.
The SEC's critique of RRD's internal incident response policies, particularly the lack of clear lines of responsibility and efficient workflows.
The dissenting opinions within the SEC regarding the broad application of internal controls to cybersecurity, highlighting the need for specific guidance on reasonable cybersecurity controls.
For the Justice Department and the SEC, 2023 was a slow year in FCPA enforcement. Despite promises of aggressive enforcement, DOJ and the SEC failed to achieve increases in FCPA enforcement. DOJ and the SEC issued no blockbuster enforcement actions or settlements. The SEC's number of enforcement actions was steady and eclipsed its 2022 number by one. Equally significant was DOJ's reduction in individual criminal prosecutions, thereby raising legitimate questions as to its ability to deliver on its promise of aggressive enforcement against individual FCPA violators. Despite a slower enforcement year, DOJ dedicated significant resources to issuance of new policy statements encouraging voluntary disclosures, incentivizing clawbacks, elevating compliance programs and offering new safe harbors for mergers and acquisitions.
In this episode, Michael Volkov reviews FCPA enforcement in 2023 and outlines new compliance trends in the anti-corruption field.
Clear Channel's former Chinese subsidiary, Clear Media, was charged with bribery violations involving expensive gifts, entertainment, and travel given to influence contract renewal negotiations with Chinese government officials.
Clear Media engaged in deceptive practices, such as falsely documenting payments to cleaning and maintenance companies to fund illegal payments. They used oral agreements, omitted gift recipients, and created false invoices and tax records to disguise payments through shell company intermediaries.
Senior executive complicity was another trend observed in the cases discussed. In some instances, senior executives were aware of the bribery schemes but either turned a blind eye or actively participated in the misconduct.
Internal audits conducted from 2012 to 2017 identified deficiencies, red flags, and indicators of bribery within Clear Channel. However, the company failed to take aggressive remedial actions to address these issues.
Clear Media resisted internal auditors and even provided false information, hindering the detection and resolution of bribery-related problems.
Despite these challenges, Clear Channel cooperated extensively with the investigation. They promptly shared relevant facts, produced necessary documents, and facilitated interviews with current and former employees.
Family International and Owner Pay $1.07 Million to Settle Violations of Russia Sanctions Program
00:10:41
How do sanctioned Russian oligarchs continue to move their wealth despite international restrictions? The answer lies in real estate, shell companies, and complicit gatekeepers. In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into one of the latest OFAC enforcement actions against Family International and its owner, Roman Sinyavsky, for facilitating sanctions evasion on behalf of Russian oligarchs. Through complex real estate transactions, Sinyavsky helped conceal luxury properties owned by Valeri Abramov and Viktor Perevalov, allowing them to continue generating revenue despite U.S. sanctions. This case highlights the growing risk of financial crime in the real estate sector and the increasing scrutiny on those who enable it.
You'll hear him discuss:
The $1.07 million OFAC settlement and the criminal charges against Roman Sinyavsky for sanctions evasion and money laundering
How sanctioned Russian oligarchs used non-sanctioned family members and shell companies to obscure their ownership of U.S. properties
The key role of real estate professionals, lawyers, and financial advisors in facilitating these schemes and why they should have raised red flags
The use of text messages as critical evidence proving intent and knowledge of sanctions violations
The specific techniques used to transfer property ownership and avoid detection by authorities
The increasing enforcement focus on commercial and residential real estate transactions as a high-risk area for financial crime
Predictions for 2024, including tighter sanctions enforcement on Russia and Iran and what it means for businesses and compliance professionals
The Trump Administration's Expected Impact on Enforcement and Compliance
00:18:48
What does the new Trump administration mean for ethics, compliance, and enforcement? As the dust settles on the U.S. election, companies are evaluating the implications of President Trump’s return to the White House. With priorities such as spurring economic growth, reducing inflation, imposing stringent trade sanctions, and reforming the Department of Justice, businesses must prepare for significant changes. How will these initiatives impact compliance programs and enforcement priorities?
You’ll hear Michael discuss:
Key enforcement priorities under the second Trump administration, including changes to DOJ oversight and trade compliance.
The implications of aggressive foreign policy shifts, including potential changes to sanctions on Russia, Iran, and China.
The focus on immigration enforcement, workplace audits, and I-9 compliance.
The anticipated reduction in environmental and workplace safety enforcement.
Trends in corporate criminal enforcement, including a steady focus on healthcare fraud but limited activity in other areas.
Strategies for companies to enhance trade compliance and prepare for expanded tariffs and sanctions.
Catching Up with California and State Data Privacy Laws
00:11:48
California's data privacy regulations, primarily embodied in the California Consumer Privacy Act (CCPA) and its extension through the California Privacy Rights Act (CPRA), constitute a pioneering and influential framework. These regulations, effective from 2018 and further strengthened in 2020, set a standard for data protection not only within the state but also across the national and global economy. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the nuances of the CCPA and CPRA, and the evolving data privacy landscape.
You’ll hear Michael talk about:
The lack of a federal data privacy law in the United States has led to a complex patchwork of state laws. Businesses are faced with the challenge of navigating these varied regulations, which contributes to compliance complexities.
California, through the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), is a leader in data privacy regulation in the United States, with implications for both the national and global economy. The CPRA, enacted in 2020, establishes the California Privacy Protection Agency (CPPA) to enforce the law robustly.
The CPRA introduces critical changes, including:
Protection of employee and business-to-business personal information, which is now subject to the same privacy protections as consumer personal information.
Enhanced consumer rights, such as the right to access, delete, and correct their personal information, and the right to opt out of the sale of their personal information.
Companies are now obligated to implement reasonable security precautions and undergo annual cybersecurity audits and risk assessments.
In addition to California, other states such as Virginia, Colorado, Utah, Iowa, and Connecticut have also enacted data privacy laws that echo the GDPR. Businesses must stay up-to-date on evolving compliance requirements and adapt their systems accordingly.
Compliance issues comprise risk assessments, impact assessments, adherence to data breach requirements, and compliance with notification standards. Companies are developing systems based on the most stringent set of laws to guarantee compliance.
KEY QUOTES
“We have a patchwork of laws that apply in the United States. Unfortunately, we continue to suffer from the absence of a federal data privacy and breach notification law. Congress has tried for years to broker a deal here, but it has never been able to overcome strong lobbying forces. Whether it's high tech trial lawyers, law enforcement, or other gadflies, the public continues to suffer.” - Michael Volkov
“Many commentators have suggested that California's data privacy laws and regulations are starting to look closer and closer to the EU's GDPR regime.” - Michael Volkov
“To me, we're getting into a more strict regulation. We already have, under the California Consumer Privacy Act, a requirement to have on your website: an ‘opt out’ in terms of any information that you may provide to a website, that it can't be used by the entity for sharing or selling or whatever consumer products purposes. So keep tabs on the California events.” - Michael Volkov
Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing’s recent plea agreement and what it means for corporate compliance and accountability.
You’ll hear him talk about:
Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.
DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.
Victims’ Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasance
Compliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.
Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.
Ongoing Challenges: Boeing’s anti-fraud measures still have gaps, with broader implications for industries where safety is critical.
Christian Focacci, Founder and CEO, Threat.Digital, on Artificial Intelligence and Compliance
00:31:26
Christian Focacci is a leader in the artificial intelligence world and harnesses the capabilities for risk management. He is the founder and CEO of Threat.Digital, which has launched a new product DiligenAI. Threat.Digital is leveraging large language models and real-time data feeds to empower organizations to identify risk information confidently and efficiently, setting a new standard in risk intelligence. Mike and Christian discuss AI and its use in compliance third-party risk management.
You'll hear them discuss:
AI should be viewed as a tool to enhance decision-making processes rather than a replacement for human judgment. It highlights the importance of leveraging AI to process vast amounts of data efficiently.
Organizations must strike a balance between recognizing the risks associated with AI, such as generative AI, and harnessing its potential benefits to improve productivity and decision-making within organizations.
Advancements in language models, particularly large language models like Chat GPT, have revolutionized the processing and understanding of unstructured text data, enabling more accurate and context-aware analysis.
Companies can use AI to significantly enhance due diligence processes, risk assessment, and compliance efforts by efficiently summarizing and analyzing vast amounts of information to support decision-making.
The use of AI in due diligence and compliance is a tool meant to empower human decision-makers by providing them with comprehensive and distilled information, allowing them to focus on critical analysis and decision-making rather than mundane tasks.
One major strength of AI, particularly large language models, is to improve monitoring processes by reducing false positives and providing real-time alerts based on predefined criteria, enabling more efficient risk identification and management.
AI has a bright future, including the expansion of context windows in language models, the rise of open-source models, and the potential for running AI models on personal devices, indicating a shift towards decentralized and accessible AI technology.
Another Look at the Importance of Corporate Culture
00:14:38
LRN has issued another important report. In its latest report, The 2024 Benchmark of Ethical Culture Report, LRN has focused on the critical issue of corporate culture. LRN is a pacesetter and the leader in reliable studies on complex ethics and compliance issues. If not properly promoted or maintained, a defective culture can lead to serious misconduct, government investigation, reputational damage, and collateral harm. On the other hand, a positive and effective culture is a company's most valuable intangible asset, as it is tied directly to increased financial performance and sustainable growth. Over the past few years, business leaders have embraced what compliance and governance professionals already knew: companies with strong ethical cultures outperform other companies with weaker cultures. Employees at ethical companies are more productive, more satisfied, less likely to seek a new job, and more committed to the company's mission.
Hear Michael discuss:
LRN's 2024 Benchmark of Ethical Culture Report underscores the importance of ethical culture in driving financial performance and reducing misconduct rates.
Generation Z shows a higher tolerance for unethical conduct, with nearly a quarter admitting to engaging in such behavior to get the job done.
Hybrid workers who alternate between working from home and the office exhibit lower rates of misconduct and are more likely to report observed misconduct due to increased job satisfaction.
Organizations with strong ethical cultures outperform those with moderate to weak cultures by at least 50% across various business performance measures.
Employees at companies with strong ethical cultures are 1.5 times more likely to report observed misconduct, emphasizing the value of a positive work environment.
Senior leaders often have more favorable perceptions of their organization's culture than middle management and frontline workers, highlighting the need for consistent messaging.
LRN's research shows that nearly 70% of the variance in business performance is linked to an organization's ethical culture, emphasizing the critical role of culture in success.
Raytheon Pays $950 Million to Resolve Fraud, FCPA, ITAR and False Claims Act Violations
00:16:46
What happens when a major defense contractor faces scrutiny for ethics and compliance violations? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the high-stakes world of corporate accountability, exploring Raytheon's recent $428 million settlement with the U.S. Department of Justice. From fraudulent pricing to bribery and compliance lapses, we uncover the impact of these violations and the tough questions they raise about corporate governance, oversight, and ethical responsibility in high-stakes industries.
Hear Michael talk about:
Raytheon Company (Raytheon) -- a subsidiary of defense contractor, RTX (formerly known as Raytheon Technologies Corporation) — agreed to pay over $950 million to resolve the Justice Department’s investigations into three areas of violation.
The settlement addresses three main issues:
A major government fraud scheme involving defective pricing on certain government contracts
Violations of the Foreign Corrupt Practices Act (FCPA)
the Arms Export Control Act (AECA) and its implementing regulations, the International Traffic in Arms Regulations (ITAR)
As part of the settlement, Raytheon entered into a three-year deferred prosecution agreement (DPA) and agreed to the filing of criminal information in the District of Massachusetts charging Raytheon with two counts of major fraud against the United States. Raytheon admitted to engaging in two separate schemes to defraud the Department of Defense (DOD) relating to the provision of defense articles and services, including PATRIOT missile systems and a radar system.
Separately, Raytheon entered into a three-year DPA in connection with a criminal information in the Eastern District of New York charging Raytheon with two counts: conspiracy to violate the anti-bribery provision of the FCPA for a scheme to bribe a government official in Qatar and conspiracy to violate the AECA for willfully failing to disclose the bribes in export licensing applications with the Department of State as required by part 130 of ITAR.
The Justice Department’s FCPA and ITAR resolution is coordinated with the Securities and Exchange Commission (SEC). Both DPAs require that Raytheon retain an independent compliance monitor for three years, enhance its internal compliance program, report evidence of additional misconduct to the Justice Department, and cooperate in any ongoing or future criminal investigations. Raytheon also reached a separate False Claims Act settlement with the Justice Department relating to the defective pricing schemes.
In this episode of the Crime, Corruption, and Compliance podcast, host Michael Volkov dives into the Ericsson FCPA Deferred Prosecution Agreement breach settlement. The case highlights important issues with conducting internal investigations, corporate culture, and dealing with the Justice Department in the event of a breach. The episode delves into the details of the case, discussing the lessons learned from this massive failure and nightmare scenario with regard to disclosures, and how it serves as a cautionary tale for all investigators, whether conducted by internal staff or outside counsel.
Here are some key ideas discussed in this episode:
Ericsson, the Swedish telecom company, breached its 2019 Deferred Prosecution Agreement and agreed to enter a guilty plea to the original charges in the DPA and pay a $206M penalty.
The breach was primarily due to Ericsson's failure to disclose its bribery payments or potential bribery payments to ISIS to facilitate transportation of telecom equipment in Iraq.
Ericsson used third-party agents and consultants to pay bribes to government officials in a number of countries to manage slush funds.
Ericsson's failures have undermined the integrity of its corporate commitment to compliance and ethical culture, damaged its reputation, and threatened its relationship with the Justice Department and overall government regulators.
The breach prevented the DOJ from bringing criminal charges against certain individuals and harmed the US's ongoing criminal investigation.
Ericsson's breach presents a laundry list of internal investigation errors, such as a failure to produce responsive documents for many years, omitting key details related to its investigative findings, and a lack of fundamental culture improvements.
Ericsson has significantly enhanced its compliance program and internal accounting controls through structural and leadership changes, including hiring a new Chief Legal Officer and Head of Corporate and Government Investigations.
The DOJ's calculation of the criminal penalty was for just over $727,000,000, reflecting the midpoint of the applicable guideline range, and Ericsson will be required to serve a term of probation, which can be revoked for further violations found.
Ericsson agreed to continue to enhance its program and to test these enhancements for effectiveness.
Ericsson's violations were pervasive and systemic, reflecting a rotten culture that promoted bribery as a means to make money.
Failures to disclose by outside counsel partially reflect failures of senior leadership responsible for oversight and direction of outside counsel.
Outside counsel must establish an effective working relationship with transparency, coordination, and full disclosure.
Senior executives must engage with outside counsel at each and every step of the investigation to check on the overall process.
The failure to produce certain documents underscores the need for a document retention policy.
KEY QUOTES:
"This breach really presents a laundry list of internal investigation errors. ...It is a cautionary tale for all investigators, whether conducted by internal staff or outside counsel." - Michael Volkov
"The failures to disclose, in my view, partially reflect failures of various actors, including outside counsel, but also senior leadership." - Michael Volkov
"Its culture was rotten, and it promoted bribery as a means to an important end that is just making money." - Michael Volkov
Enhance your understanding of Corruption Crime & Compliance with My Podcast Data
At My Podcast Data, we strive to provide in-depth, data-driven insights into the world of podcasts. Whether you're an avid listener, a podcast creator, or a researcher, the detailed statistics and analyses we offer can help you better understand the performance and trends of Corruption Crime & Compliance. From episode frequency and shared links to RSS feed health, our goal is to empower you with the knowledge you need to stay informed and make the most of your podcasting experience. Explore more shows and discover the data that drives the podcast industry.
