Info

FCPA Compliance Report

Tom Fox has practiced law in Houston for 30 years and now brings you the FCPA Compliance and Ethics Report. Learn the latest in anti-corruption and anti-bribery compliance and international transaction issues, as well as business solutions to compliance problems.
RSS Feed Subscribe in Apple Podcasts
FCPA Compliance Report
2018
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
March
February


2015
December


Categories

All Episodes
Archives
Categories
Now displaying: Category: compliance commentary
Feb 19, 2018

In this episode, podcast favorite James Koukios returns to discuss highlights from international anti-corruption efforts, enforcement actions and developments highlighted in Morrison and Foerster’s December report. We highlight five developments: 

  1. The Keppel Offshore FCPA enforcement action and the attendant fallout in Singapore, where the country has announced it is investigation possible criminal charges against the company’s senior executives. We also highlight the new Singaporean initiative for a type of Deferred Prosecution Agreement. We explore how countries in the Far East are ramping up anti-corruption investigations and their continuing cooperation with the United States in investigations.
  2. The Trump Administration reaffirms fight against international corruption as a top priority. We discuss the December release by the Administration of its first National Security Strategy paper, detailing the administration’s top foreign policy priorities. Among five “Priority Actions,” the paper pledges that the U.S. will “continue to target corrupt foreign officials and work with countries to improve their ability to fight corruption. . . .” We explore how the administration see corruption as a threat to American companies’ ability to compete fairly abroad and also asserts that corruption and weak government allow terrorists and criminal networks to prosper and how vigorous anti-corruption enforcement is seen as one of several “economic tools” the U.S. will use “to deter, coerce, and constrain adversaries.”
  3. The public call by Attorney General Sessions greater cooperation in international criminal cases. We note how this follows several other public comments by political appointees of the Administration on the need for not only robust anti-corruption enforcement but also enhanced international cooperation in investigations and enforcement.
  4. United Kingdom Sets Course for Long-Term Anti-Corruption Strategy; and 
  5. The warnings issued by the Chinese government officials and employees of state-owned enterprises. We consider how this fits into the Chinese anti-corruption campaign and whether it will be inward or outwardly focused. We conclude with what it may mean for DOJ prosecutions under the FCPA and what US companies doing business in China may expect going forward.

 

For more information read the full Morrison & Foerster white paper Top Ten International Anti-Corruption Developments for December 2017

Feb 16, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. A very interesting article by T. Markus Funk and Andrew Boutros entitled, “The Evolution and Status of ‘Carbon Copy”. For the full copy go to Bloomberg White Collar Report.
  2. Time to go back to college and take that Econ course as John Bray explores the intersection of sunk costs and third party bribery payments, in the FCPA Blog.
  3. Bill Coffin really nails it this week. He opines that compliance officers are the conscious of a company in his Compliance Week (sub req’d)
  4. Dick Cassin notes that the Justice Department ends its investigation of Core Labs the company’s relationship to Unaoil (here) and Juniper Networks gets a Declination (here). Henry Cutter explains both the WSJ Risk and Compliance Journal.
  5. The PdVSA ‘management team’ in charge of bribes are all indicted over money-laundering based on FCPA violations. Sam Rubenfeld leads the coverage in the WSJ Risk and Compliance Journal.
  6. Sally Afonso explains why you need to get out of our compliance conference comfort zone, in the SCCE Compliance and Ethics Blog.
  7. Joe Mont explores whether businesses misuse NDAs in his article, “Companies twist and abuse non-disclosure agreements”. See article in Compliance Week (sub req’d)
  8. Ethisphere announces its 2018 World’s Most Ethical Companies Awards, see Press Release Matt Kelly explores some of the key similarities in Radical Compliance.
  9. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
Feb 12, 2018

In this episode I visit with Carlos Ayres, partner at Medea, Ayres and Sarubbi in Sao Paulo. We visit on the past year in anti-corruption enforcement in Brazil and where it may lead in 2018. Carlos discusses the continued fallout from the Odebrecht corruption scandal, across the continent of Latin America with the new anti-corruption laws being implemented in Argentina, Peru and Chile. We also discuss what US and UK companies need to do if they are doing business in those countries to protect themselves.

For more on Carlos Ayres and his firm Meada, Ayres and Sarubbi, check out their website by clicking here

Feb 10, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week. 

  1. What do Steve Wynn’s resignation and Wells Fargo’s continuing problems tell us about corporate governance? Matt Kelly takes a look at Wynn on Radical Compliance. Tom explores the Fed’s penalty levied on Wells Fargo and its Board on the FCPA Compliance Report. They explore the intersection of both on Compliance into the Weeds.
  2. Bill Coffin asks why Wells Fargo, Volkswagen and Samsung are on Fortune’s World’s Most Admired Companies list in his Compliance Week (sub req’d)
  3. Japan is offering leniency deals for companies which provide information on other violations. Michael Griffiths reports in GIR. (sub req’d)
  4. Banks behaving badly. Dick Cassin on Rabobank’s guilty plea, $369MM forfeit for laundering Mexico drug money. Jessica Tillipman and Samantha Bland ask if $4.8bn in penalties has deterred HSBC? Both articles appear in the FCPA Blog. Sam Rubenfeld weighs in on Rabobank in the WSJ Risk and Compliance Journal.
  5. Both the UKSerious Fraud Office and US Justice Dept. and SEC reopen their investigations into allegations of GSK corruption in China. Henry Cutter reports on the UK reopening in the Wall Street Journal Risk and Compliance Report. Dick Cassin considers the US reopening in the FCPA Blog.
  6. Why does the ABA oppose transparency in anti-money laundering law reform? Matthew Stephenson ask in Global Anti-Corruption Blog.
  7. The Pentagon loses some money ($$millions really). Brian Bender reports in Politico.  
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
  9. Join Tom and Jonathan Marks at his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  10. The lads reflect on the Super Bowl win by the Eagles over the Patriots.
Feb 2, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week, including:

  1. Justice Department Escalates Inquiry on Global Sports Corruption. Rebecca Ruiz reports in the New York Times. Andy Spalding comments in the FCPA Blog.
  2. On his Conflicts of Interest Blog, Jeff Kaplan discusses a new review of the Wells Fargo scandal.
  3. COSO gets and new chairman and may consider internal controls guidance. Tammy Whitehouse reports in Compliance Week (sub req’d). Matt Kelly details in Radical Compliance.
  4. Jonathan Marks considers whether the roles of the GC and CCO should be split, in his Board and Fraud
  5. US becomes second largest home of tax havens (although Trump says we’re No. 1). Sam Rubenfeld reports in the Wall Street Journal Risk and Compliance Report. The issue is impacting home sales in Houston. See article in Houston Chronicle.
  6. Ben DiPietro considers when a company should use its CEO as a point spokesperson during a crisis in the WSJ Risk and Compliance Report.
  7. An article in GIR reviews SFO Director David Green’s called for the UK defence bar to embrace artificial intelligence and said the authority will use the newly-enacted unexplained wealth orders in corruption case. See article by Waithera Junghae (sub req’d).
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. You can find out more on his website by clicking here.
  9. Join Tom and Jonathan Marks at his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  10. Tom announces his new podcast series Countdown to GDPR with Jonathan Armstrong. It will be a monthly series for the US compliance practitioner about how to prepare for the upcoming go live of GDPR in May, 2018.
  11. Tom and Jay announce their Super Bowl predictions.
Jan 31, 2018

In this episode Matt Kelly and myself take a deep dive into the weeds of the recent remarks by Neomi Rao, head of the Office for Information and Regulatory Affairs (OIRA), the Administration’s top regulatory review office outlining ambitious plans for more deregulation in 2018 — including efforts to sweep independent federal agencies into her purview and to crack down on the “sub-regulatory” guidance that corporate compliance professionals consume all the time. The talk was given before the Brookings Institute and she touted the 2 for 1 kill order for new regulations the Administration heralded last year and claimed that over 1500 planned regulations had been pulled from review.

For the compliance practitioner, this may all be much ado about nothing or more simply Rao and the Administration is simply Waiting for Godot to arrive as both the SEC and regulations relevant to military, national security, or foreign policy are exempt. New regulations required by statute are exempt.is exempt from the guillotine of which Rao speaks. However, it does cause one to ponder if the 2012 FCPA Guidance and 2017 Evaluation of Corporate Compliance Programs would have been released under this new system of hari-kari.

Matt and I explore the differences be proposing to repeal two rules but not actually repeal them as those proposed repeals must go through the usual public comment and review process. We also discuss how the Administration approach hurts businesses by removing a source of practical guidance from the general public. Think about how the business community clamored prior to 2012 for specific guidance from both the SEC and Justice Department on what constituted a best practices compliance program. Finally, we consider if there is a positive effect at all for business and the American public not be given guidance by the government.

For more information see Matt Kelly’s post Regulatory Czar Eyes Agency Guidance

Jan 27, 2018

In this special Supplemental edition Jay Rosen reports on Friday’s SCCE Southern California Regional Compliance and Ethics Conference. The topics he highlights are: 

  1. GDPR update by Megan Duffy and Dominique Shelton.
  2. Engaging your Board of Directors by Malissia Clinton and Dixie Johnson.
  3. How compliance training has morphed, and marketing and communication are now more impactful than training alone by Marsh Ershaghi-Hames.
  4. High risk FCPA Markets by Brian Michael, Tedra Foster and Julie Myers Wood.
  5. The networking and breadth of the attendees.
  6. Jay gives a full report on LinkedIn, review by clicking here.
Jan 26, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. The government indicts 5 KPMG partners and one former PCAOB professional for tipping the firm off from upcoming reviews of KPMG audits. Matt Kelly discusses in Radical Compliance. Francine McKenna reports in MarketWatch. Tom considers the matter in the FCPA Compliance Blog. Tammy Whitehouse asks if audit results should be restated in Compliance Week. Finally go into the weeds with Tom and Matt Kelly in Compliance into the Weeds, Episode 67.
  2. Mike Volkov suggests that CCOs renew Corporate Vows to the Chief Compliance Offi
  3. Dick Cassin considers whether employees are measuring up to the aspirations set in their corporate Code of Conduct, in the FCPA Blog. Taking a AI angle, Sam Rubenfeld reports how Accenture uses bots to bring it Code of Conduct to employees, in the WSJ Risk and Compliance Journal.
  4. Jonathan Marks write about the Board of Directors Guide to FCPA Compliance, in his Board and Fraud
  5. Is your compliance function a part of your pre-acquisition M&A team? Henry Cutter explores this issue in the Wall Street Journal Risk and Compliance Report.
  6. Eric Newcomer and Brad Stone have a terrifying yet story you cannot put down about the fall of Travis Kalanick. They report in Bloomberg Business Week.
  7. Vince Walden writes about preventing fraud, enhancing compliance using digital twins. His article appears in Fraud-Magazine.com.
  8. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program, sponsored this month by Convercent. In January, I bring together the entire year of compliance program best practices with 31 days to a more effective compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  9. Tom announces his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  10. Join Tom at the SCCE Utilities and Energy Conference in DC on February 4-7. For registration and information click
Jan 24, 2018

In this episode Matt Kelly and I take a deep dive into the absolutely stunning indictment of five former partners or employees of KPMG and one former employee at the Public Company Oversight Accounting Board (PCAOB). Last spring, KPMG dismissed the following: David Middendorf, KPMG’s then-national managing partner for audit quality and professional practice, Thomas Whittle, KPMG’s then-national partner-in-charge for inspections and David Britt, KPMG’s banking and capital markets group for lured the following former professionals from the PCAOB: Brian Sweet, Cynthia Holder and Jeffrey Wada, all certified public accountants with promises of jobs at the accounting firm in exchange for stolen information. Sweet did not make the cut was not hired.

Apparently these three were offered jobs if they provided KPMG with information on the PCAOB’s planned reviews of certain KMPG audits of specific public companies. The six were charged with conspiracy and wire fraud, alleging they repeatedly used stolen confidential regulator information to subvert KPMG’s regulatory inspection process. Even more troubling is the report that Middendorf, Whittle and Britt pressured Holder and Wada to continue providing the information or their jobs were in jeopardy.

All of these six are now facing criminal indictments. We explore what all of this might mean for KPMG, the PCAOB and the SEC. Can KPMG audits be trusted going forward? What type of culture existed that allowed this type of behavior to occur and continue for over two years before it was internally reported. Who else at KPMG knew or should have known about this conduct? What audits are now suspect? What happens if KPMG is found guilty at trial or accepts a guilty plea? Can it continue to perform audits?

Turning to the PCAOB, does it have a revolving door problem? Should it prevent its professionals from going to auditors? How does it assure such confidential information does not walk about the door? For SEC, what is the appropriate sanction against KPMG given the senior partner involvement? Is the SEC investigating other audit firms?

For more reading see Matt Kelly’s blog post Six Charged in PCAOB Inspections Leak

For additional reading see Francine McKenna’s article in MarketWatch KPMG indictment suggests many who weren’t charged knew regulator data was stolen

Jan 23, 2018

In this episode I visit with Damon Brenner, partner at Control Risks on the 2018 Control Risk Map. He details some of the company’s findings in the document entitled RiskMap 2018. Jonathan Wood, Director at Control Risks will present to the Greater Houston Business and Ethics Roundtable on the Risk Map this coming Thursday, 25th January, from 8-10 AM at the offices of Marathon Oil, here in Houston. For more information click here.

It is one of the definitive forecast of political and security risk across the globe in the coming year. The top five listed risks for 2018 were: 

  1. North Korea - While Control Risks believes war on the Korean peninsula is unlikely, the paths of escalation are clear, de-escalation is harder to plot. The search is on for the least bad option, but it’s not clear what that is. The risks of miscalculation and accidental escalation are the highest they’ve been since North Korean leader Kim Jong-un assumed power.
  2. Large scale cyber-attacks targeting infrastructure - 2017 was the year of large-scale but random disruptive attacks. Control Risks believes that 2018 will see the likes of WannaCry, NotPetya and BadRabbit recur, but in a more powerful, targeted and disruptive manner. National infrastructure systems are particularly at risk.
  3. Protectionism policy of the Republican administration - Control Risks believes there is a low likelihood but if does occur, it will likely be a high impact, but the threat is there: in a year of mid-term elections, NAFTA negotiations fail to make enough headway, the administration pulls the US out of NAFTA and the WTO, and goes after China on trade, causing profound disruption to international commerce.
  4. The big power rivalry in the Middle East - Control Risks believes that across the region, the combination of an ambitious Saudi Arabia and assertive Iran informs and inflames conflicts and enmities in Syria, Lebanon, Iraq and Yemen and between Israel and the Palestinian Territories. Control Risks does not believe these two countries will go to war.
  5. Personalized leadership - Astride the business risk landscape is a collection of assertive world leaders who rely on nationalism and, to varying degrees, populism. Prone to capricious decision-making, they find foreign companies convenient targets. More than ever, knowing the mind of the person at the top is essential.

Each of these areas has full reports dedicated to them and available for download. Further, the Risk Map is broken down by region. The main map covers the countries of the world and provides regional nuance within and across national borders. The Maritime, Kidnap and Travel Risk maps give further insights into Control Risks areas of specialist expertise. In short all of this information is available for any compliance professional for use in helping to assess your annual risks going forward. It is a visual, data and information feast for anyone interested in global risk, in a wide variety of areas.

If you are in the Houston area, the Greater Houston Business and Ethics Roundtable (GHBER) is privileged to have Control Risks present its 2018 Risk Map at our first meeting of the year, this coming Thursday, 25th January, from 8-10 AM at the offices of Marathon Oil, here in Houston. Our presenter will be Control Risks Director, Jonathan Wood, the author of the White Paper on the Number 1 listed risk of the Global Powder Keg, including North Korea. Wood leads Control Risks’ Global Issues practice, on global political, operational, security and integrity risks to multinational organizations in the oil and gas, mining, insurance, financial services, retail, construction and technology sectors. His subject matter expertise encompasses geopolitics, global governance, economic development and transnational security issues. He leads Control Risks’ analysis of transnational terrorism, single-issue direct action, and geopolitics. In short, Wood knows his stuff and he can further educate all who attend the GHBER meeting.

If you are in Houston, I hope you can join us. The information Control Risks makes available is worth it. For more information on the GHBER meetings, featuring Jonathan Wood of Control Risks, go the GBHER website.

Jan 19, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Are CCOs at risk? Indeed is should the entire compliance industry be running for cover. Adam Dobrik explores explore in GIR. Court Golumbic explores in “The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers” in the NYU Compliance and Enforcement Blog.
  2. Tom and Mike Volkov argue the new FCPA Corporate Enforcement Policy has ended, once and for all, the debate around amending the FCPA to add a compliance defense. See Tom’s article in Compliance Week Magazine and listen to Mike Volkov’s podcast.
  3. The FCPA will be with us for years to come, argues Jaclyn Jaeger in her Compliance Week piece, “How the FCPA withstands the test of time
  4. Teva Pharmaceuticals resolves bribery case with Israel authorities. Chiam Gelfand reports in a guest post on the FCPA Blog.
  5. Ben DiPietro considers whether AI will have machine executable rules, in the Wall Street Journal Risk and Compliance Report.
  6. Roy Snell publishes a heartfelt letter to retiring Pat Kelly, the FBI Integrity and Compliance Officer in the SCCE Blog.
  7. Matt Kelly explore the salary misconduct penalty in two posts on his Radical Compliance blog, The Salary Penalty for Misconduct and More Thoughts. Matt & I explored the issue on the most recent episode of Compliance into the Weeds.
  8. Jonathan Marks explains why skepticism is an auditor friend in Skepticism – a Weapon to Fight Fraud in his Board and Fraud blog.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program, sponsored this month by Convercent. In January, I bring together the entire year of compliance program best practices with 31 days to a more effective compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces his next Compliance Master Class, sponsored by Marcum LLP. It will be held on February 12 & 13 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
  11. Join Tom and Dun & Bradstreet CCO Louis Sapirman for a SCCE Webinar on 360-Degrees of Compliance Communication. Registration and information is available here.
  12. Jay is too worried about Tom Brady’s hand to get out a weekend report. Should he be? Jacob Feldman reports in Sports Illustrated.
  13. We preview this week’s NFL playoffs.
Jan 18, 2018

In this episode, the top compliance roundtable podcast is back with a look at some of the top FCPA, compliance and data privacy/data security issues from 2017 and how they inform what will be the top such issues in 2018. 

  1. Jay Rosen considers the new Justice Department FCPA Corporate Enforcement Policy and what it will mean for compliance practitioners and compliance programs in 2018 and beyond. 

For Jay Rosen’s post on the new FCPA Corporate Enforcement Policy, see the following:

Jay Rosen’s Most Significant FCPA Event from 2017 - FCPA Corporate Enforcement Policy (or a 5 Min History of How We Got From There to Here)

  1. Jonathan Armstrong looks a fascinating couple of cases working their way through the English courts, the Morrison and Carphone Warehouse cases. They each have very interesting angles including the reliability of audit staff, liability of the employer for an employee’s criminal and individual criminal liability in the data breach situation.

For Cordery Compliance’s posts touching on these cases, see the following:

Client Alert: Morrisons Data Breach Litigation Succeeds

Client Alert: Carphone Warehouse fined under data breach

  1. Matt Kelly returns to his vendor management soapbox to explore the intersection of FCPA compliance and data security. He considers some of the top data security breaches of 2017, the SEC response from the regulator perspective and most importantly the business response, both up and down the Supply Chain.

For Matt Kelly’s post on this topic, see the following:

Microchip Meltdowns and Vendor Risk

  1. Tom Fox sits in for Mike Volkov this week. Tom discusses the continued internationalization of anti-corruption investigations and enforcement which began in earnest in 2016. He details some of the notable cases, including the Rolls-Royce matter, Keppel Offshore, SBM Offshore and the Telia case and explores what these enforcement actions may portend for compliance practitioners and compliance programs going forward. 

For Tom Fox’s post on the continued internationalization of anti-bribery/anti-corruption enforcement, see the following: 

DOJ-Aggressive International Anti-Corruption Enforcement to Continue

Rants follow at the end. 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Jan 10, 2018

In this episode Matt Kelly and I take deep dive into the issue of non-GAAP metrics and its implications. We were inspired an article in this quarter's MIT Sloan Management Review entitled, "The Pitfalls of Non-GAAP Metrics" by H. David Sherman and S. David Young. It is fascinating review of this topic, which as the authors note "Lurking within the financial statements and communications of public companies is a troubling trend. Alternative metrics, once used sparingly, have become increasingly ubiquitous and more detached from reality." 

Jan 5, 2018

In this episode, Jay Rosen and myself take a look at some of the top compliance stories over the past week. Jonathan Marks joins us to discuss his new Board and Fraud blog. 

  1. More fallout from the Keppel Offshore FCPA enforcement action. See articles by Dick Cassin in the FCPA Blog on the in-house lawyer who pled guilty and the systemic nature of the corruption.
  2. Rick Messick considers risk assessments in the Global Anti-Corruption Blog.
  3. Well know anti-fraud specialist Jonathan Marks starts a new blog Board and Fraud, focusing on corporate governance and fraud issues. He begins by telling auditors to be skeptical. Check it out here.
  4. Is the purpose of corporate enforcement deterrence or punishment? Mihailis E. Diamantis considers this question with a preview of his upcoming article “Clockwork Corporations: A Character Theory of Corporate Punishment”. The preview is posting in NYU’s Crime and Enforcement blog.
  5. Former Och Ziff hedge fund executive, Michael Cohn indicted for fraud in Africa investment scheme. See article in Bloomberg.
  6. A banker From Turkey Convicted in plot to evade Iran sanctions. See article by Benjamin Weiser and Carlotta Gall in the New York Times. See DOJ Press Release.
  7. Petrobras Settles U.S. Securities Suit Based on Corruption-Related Allegations for $2.95 Billion. Kevin LaCroix reports from the D&O Diary. Henry Cutter reports from the WSJ Risk and Compliance Journal.
  8. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In January, I bring together the entire year of compliance program best practices with 31 days to a more effective compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  9. Tom announces his next Compliance Master Class, sponsored by Marcum LLC. It will be held on February 11 & 12 at Marcum’s offices in Miami, FL. More information or a copy of the agenda, or to register, will be available on my website, FCPA Compliance Report or at Marcum LLP.
Jan 3, 2018

In this episode, Matt Kelly and I take a look at some of the more intriguing issues in compliance and ethics, FCPA and greater GRC issues in the new year of 2018.

  1. The upcoming SEC Guidance on cybersecurity, which is an issue the SEC has struggled upon. The SEC claims its new guidance will focus more about internal escalation procedures and controls to prevent insider trading ahead of disclosure. The new Revenue Recognition standard which went into effect in December 2017.
  2. We consider how will companies manage consequences of the new standard and some of the ancillary issues: new accounting policies, new procedures for auditors, new assessments of internal control, and even changes to business practices and disclosures in quarterly filings.
  3. The upcoming US Supreme Court decision on whistleblower protection under Dodd-Frank, which centers on whether whistleblower protections under the Dodd-Frank Act extend to employees who only report misconduct internally.
  4. The new FCPA Corporate Enforcement Policy, which was announced in November. How it will be used going forward?
  5. In one of the most public series of scandal, the continued fallout from sexual harassment scandal, including changes to anti-harassment programs in the wake of the Harvey Weinstein scandal, #MeToo and associated corporate and government scandals.
  6. The maturity of vendor risk management programs, both in compliance and in greater business processes. Compliance and audit executives have worried about slices of vendor risk, too. How will audit, risk, and compliance functions work together to tame vendor risk in a more systematic, intelligent way in 2018?
  7. A bustling GRC vendor world is expanding. If risks to the large enterprise are undergoing a digital transformation, so too are the tools and systems enterprises use to manage those risks. How will the GRC software vendors respond to it?
  8. Will the SEC reform SOX? If so what might it look like.

For more on these topics see Matt Kelly’s blog post “Eight Compliance Events to Watch in 2018

Jan 2, 2018

In this episode, I visit with SCCE incoming President Gerry Zack about his new role with the organization. Some of our topics include: his new role with the SCCE, why he took on the challenge of running the world’s largest compliance professionals’ organization; some of his initial observations of SCCE; where the organization will be headed in 2018 and ways for a compliance professional to become involved in SCCE going forward.

Dec 28, 2017

In Part II of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy. 

  1. Jay Rosen considers the take the compliance program additions found in the “Timely and Appropriate Remediation in FCPA Matters” section. He highlights the new parts from the Evaluation of Corporate Compliance Programs, root cause analysis and parts from the 2016 FCPA Pilot Program, Part III on remediation. What does this new information mean for the compliance practitioner? From an assessment perspective what would a monitor look at more closely or even differently than under the 10 Hallmarks?
  1. Jonathan Armstrong looks the new Policy from a UK/EU angle. He explores the following issues from the Policy (1) where national blocking statutes prevent disclosure of information, what does the Policy require; (2) does the requirement for “Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records” conflict with the “right to be forgotten”. He also considers the difficulties a UK or EU company might face when dealing the US authorities and other relevant UK or EU authorities if they agreed to self-disclose. For instance, can they meet the extensive cooperation requirement in turning over information on persons and making them available for interview? Finally, and in a fascinating extrapolation, he explores whether the imposition of this law could actually negatively impact international anti-corruption enforcement.

For Jonathan Armstrong’s posts touching on these issues, see the following:

For some of Cordery Compliance’s writings on these topics, please see:

Rolls-Royce case sends a strong signal

Cease Processing Data Judgment

Mike, Jay and Jonathan are back with rants which follow the discussions. 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

In Part II, the top compliance roundtable podcast reviews the new DOJ FCPA Corporate Enforcement Policy. 

Dec 27, 2017

In this episode, I visit with Keith Read, Advisor to Convercent and Angus Robertson, Senior Vice President for Convercent on some of the key trends they observed in the marketplace in 2017, from the vendor perspective. I found this an interesting perspective as both of these gents spend quite a bit of time listening to compliance practitioner on what their needs are for their organizations. Some of the key trends they observed included: 

Data Privacy

A hugely increased focus on data privacy, partly driven by GDPR and partly driven by the increasing size and global reach of our customer base.

Whistle-blowing & Social Media

A genuine recognition of the importance of effective whistle-blowing programs, given that social media now means that people are far more prepared to speak out if they are not happy to speak up. This also brings with it the need for active retaliation prevention, not just a passive ‘shelf’ policy.

Global legislation around ABC

Increasing global compliance-related legislation – new and updated laws such as Sapin II, the UK’s Criminal Finances Act, the Brazilian Clean Companies Act, all utilize similar approaches to the enforcement of anticorruption legislation. This makes developing and implementing a common response strategy can be far more effective, and less costly; moreover, drawing disparate sources of data together - often for the first time - can be eye-opening.

Big Data and Analytics

Companies are focused more than ever on data, reporting and benchmarking. How do I as an ethics and compliance leader get the data I need to understand the health of my organization and the effectiveness of my program? How do I show how well I’m performing and the business value?

Delineation of Compliance vs. Ethics

Consumers and employees focused more on ethics causes organizations to shift. This is especially true in B2C and industries led by technology or the shared economy.

Employee engagement and nudge programs

Providing the just-in-time information that is context aware relative to business process and communication, so that employees can make the right decision at the right time to support their company values.

 

The FCPA Compliance Report is proud to have Convercent sponsor this episode. Convercent works to drive ethics to the center of business through Enterprise Ethics & Compliance Software

that invites users to share, listen and learn to help build a more ethical corporate culture. For more information go to Convercent.com.

Dec 22, 2017

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, including:

  1. A former Embraer employee cops a guilty plea for his role in bribery in Saudi Arabia. Dick Cassin reports in the FCPA Blog.
  2. A host of luminaries pen an article entitled, “Oral Downloads of Interview Memoranda to Government Regulators Waive Work Product Protection” on NYU’s Compliance and Enforcement Blog. This is scary stuff if you care about privilege.
  3. An Italian judge orders ENI and Shell to a criminal trial for their alleged role in a massive bribery scandal in Nigeria over payment to obtain concession rights. Scott Tong reports in NPR’s Marketplace.
  4. The German company Bilfinger seeks a comeback after a disastrous bribery and corruption scandal and sustaining a FCPA violation. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  5. Sam Rubenfeld explains that compliance with the Magnitsky Act is easy in the WSJ Risk and Compliance Journal.
  6. George “Ren” McEachern, with the FBI’s international corruption unit, will retire and become a managing director at Exiger. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal.
  7. The former heads of the Paraguayan and Brazilian soccer associations guilty of racketeering conspiracy and other charges. Zachary Zagger and Sindhu Sundar report in Law360 (sub req’d)
  8. Jay Rosen previews the Jay Rosen Weekend Report, What's in a Number and Are You More than a Just a Link Collector?
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In December, I conclude my discussion of written standards in a best practices compliance program. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Mike Volkov has published a new eBook, Pointing the Finger — How Corporate Boards Are Dodging Accountability and What CCOs Can Do About It. It was published by Corporate Compliance Insights and is available here.
  11. Check out May the Podcast Be With You-the intersection of Star Wars and Compliance. The five-part series premiered on December 11. Episode 1-what is risk?, Episode 2-due diligence, Episode 3-effective training, Episode 4-disruption in compliance and Episode 5-myth of the rogue employee. The series is sponsored by Affiliated Monitors.

 

Dec 22, 2017

Welcome to the Part V and our final entry of this five-part podcast series Jay Rosen and I produced in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I reviewed a In this final entry, we consider Rogue One and the myth of the rogue employee. 

Today we consider the only stand-alone entry in the Star War series, Rogue One. This movie tells the tale of the spies who stole the schematics from the original Death Star and transmitted it to Princess Leia and thereby the Rebel Alliance. Rogue One is the first film in the Star Wars Anthology series, a series of stand-alone spin-off films in the Star Wars franchise. It is not clear where the name of the movie came from; although my personal nomination is that in the attack led by Luke on the original Death Star, his squadron was Rogue Two so the movie title is a tribute to those Rebel Alliance X-wing fighters and their pilots.

As long as 24 years ago, Lynn S. Paine wrote about the myth of the rogue employee in the Harvard Business Review (HBR), in an article entitled “Managing for Organizational Integrity. In this article she wrote, “executives are quick to describe any wrongdoing as an isolated incident, the work of a rogue employee. The thought that the company could bear any responsibility for an individual’s misdeeds never enters their minds. Ethics, after all, has nothing to do with management. In fact, ethics has everything to do with management.” How prescient she was in her article.

For it is management who sets the tone throughout the organization, whether that is something along the lines of a wink and a nod towards ethics and compliance or the more ubiquitous miss your numbers for two quarters and you will be history, Paine noted, “More typically, unethical business practice involves the tacit, if not explicit, cooperation of others and reflects the values, attitudes, beliefs, language, and behavioral patterns that define an organization’s operating culture. Ethics, then, is as much an organizational as a personal issue.”

However, a company’s responsibility is more than simply to set the right tone then sit back and do nothing. The drafters of the Foreign Corrupt Practices Act (FCPA) recognized this when they included the requirement for internal controls to be included in the law. For, as Paine said, “Managers who fail to provide proper leadership and to institute systems that facilitate ethical conduct share responsibility with those who conceive, execute, and knowingly benefit from corporate misdeeds.”

Yet the myth of the rogue employee is more than a simple myth. It is also a dangerous myth. It is dangerous because it excuses negligent or intentional corporate behavior. Mike Volkov, in a blog post entitled “The Myth of the Rogue Employee, noted that illegal conduct such as that under the FCPA does not occur “in a vacuum.” He explained “There are other employees with whom the person interacts, there are financial controls in place to protect against such misconduct, there are reporting mechanisms for employees to report suspicious activity, and there is likely to be someone in the organization who is close enough to the bad actor, or responsible for the conduct of the bad actor, and who suspected or should have suspected that the actor was engaged in misconduct.” Moreover, the more sophisticated the scheme, the more actors are involved and the more controls are overridden or disregarded as he explained, “As the misconduct becomes more complicated, like in the case of bribery or antitrust violations, where such schemes require additional actors or raise red flags or where others are in a position to know or suspect that misconduct may have occurred”.

The three basic tenets of a best practices compliance program are to prevent, detect and remedy. By claiming employees who engage in bribery and corruption have ‘gone rogue’; companies are attempting to divest themselves of responsibility for actions from which they benefit, particularly if the bribery and corruption generated business sales and revenue. 

We hope you have enjoyed our five-part podcast series on the intersection of Star Wars and compliance as much as we enjoyed producing it. Always remember the storytelling component of compliance. Reciting rules, regulations, policies and procedures is the way to engage effectively in compliance.

May the podcast be with you this holiday season.

Dec 21, 2017

In Part I of a two-part series, the top compliance roundtable podcast is back with a review of the new Justice Department’s FCPA Corporate Enforcement Policy. 

  1. Mike Volkov sets the stage with background on this new DOJ policy regarding FCPA enforcement going forward, considering what this means from the DOJ/ prosecutorial perspective. He explores why would the DOJ would start with a presumption of a declination when there is arguably a criminal violation? What does this new Policy mean for SEC enforcement? Does this extend any of the concepts we saw as far back as the Yates Memo? 

For Mike Volkov’s post on the new FCPA Corporate Enforcement Policy, see the following: 

Five Key Takeaways from DOJ’s New FCPA Corporate Enforcement Policy 

  1. Matt Kelly considers how might the Justice Department prosecute a case (1) where the company doesn’t meet all the FCPA Program criteria; and (2) how vigorously will prosecutors evaluate a company’s compliance program as part of its investigation? Is this Policy something new or more in the line of a continuation/clarification? Does this new Policy create a real incentive or not for companies to self-disclose? Finally, does this create a true partnership between the DOJ and Business to fight bribery and corruption? 

For Matt Kelly’s post on the new FCPA Corporate Enforcement Policy, see the following: 

DOJ Expands FCPA Pilot Program 

The gang is back with rants which follow the discussions. 

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
Dec 21, 2017

Welcome to the Day 4 of the five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode VII, The Force Awakens and disruption in compliance.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

Today I consider the first ‘new’ Star Wars movie entry, Episode VII – The Force Awakens. I say it is a new Star Wars movie as it was the first one not created by LucasFilms, as George Lucas had sold his company to Disney, which produced the 2016 entry into the Star Wars oeuvre. It was directed by JJ Abrams and told the story of the Star Wars universe some 30 years after the destruction of the last Death Star.  It is this disruptive nature of the Star Wars franchise that I will focus on today as it relates to disruption innovation in compliance.

The film introduced several new characters: Rey, Finn and Poe Dameron, Kylo Ren and the First Order, a successor to the Galactic Empire. The film was largely one giant search for Luke Skywalker who had gone into isolation after his failure to re-establish the Jedi order. In addition to introducing the new characters, we are reunited with Han, Chewbacca and Princess Leia, who is now General Leia Organa. The First Order has developed new weapon, Starkiller, a deliciously worthy successor to the Death Star; the Rebel Alliance majorly disrupts the weapon and the First Order by destroying it, in the film’s climactic battle.  

One of the key things the Department of Justice (DOJ) has communicated over the past few months is the importance of doing compliance rather than having a paper compliance program in place. In releasing the new Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, the DOJ emphasized the clear delineation of factors they will consider in determining if a company has an operationalized best practices compliance program in place in the context of a FCPA enforcement action. All of this has required disruptive innovation in compliance beyond the simple paper compliance program which until recently was seen as the norm.

Compliance is a process. Compliance programs should evolve as business risks change. Just as disruptive innovation tends to focus on process, your compliance program should focus on your overall business process to be successful.

Compliance 3.0 is very different from compliance programs of the past decade. Compliance is moving from a solutions shop where all compliance functions are centered in the legal or compliance department to a process function where the front-line business team can use technology and other tools to operationalize compliance. The 2017 Evaluation of Corporate Compliance Programs focused on how well a company operationalizes compliance into the business functions. The authors point to new business models as disruptive and I think this concept translates into how compliance can be burned into the DNA of an organization rather than simply sitting in the corporate office in the US.

Not all disruptive innovations succeed as disruption is only one step in both the creative and growth process. The key concept is what former SCCE President Roy Snell says are the three goals of any compliance program; to prevent, find and fix issues. This is how compliance differs from legal, whose job is to protect the company; from compliance whose mission is to monitor, obtain the data and then use the data as a feedback loop back into the company.

As many compliance practitioners are lawyers, we are naturally reticent to embrace such change, however I think the pronouncements of the DOJ throughout the year have made even clearer the need for continued evolution of anti-corruption compliance going forward. In The Force Awakens, there were numerous disruptions. We saw the death of one of the most beloved characters in the series, Han Solo, the growing awareness by Rey of her powers and the return of Luke Skywalker. It totally disrupted the First Order and destroyed its most lethal weapon.  

Join us tomorrow where we consider Rogue One and the myth of the rogue employee.

May the podcast be with you this holiday season.

Dec 20, 2017

Welcome to the Day 3 of the five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode VI, Return of the Jedi and effective training.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

In this final movie from the original three, the good guys win in the end after overcoming incredible odds. Many fans and critics panned it for including the incredibly cute and furry Ewoks on the moon named Endor as a part of the storyline. Many thought one very tall Wookie was enough cuteness for the series. This movie’s big reveal was that Luke and Princess Leia were twins and that she was now free to unabashedly pursue bad boy Han Solo. While Episode VI was the lowest grossing film of the original three, coming in at only $572MM worldwide, it was still a great ride and visually stunning. George Lucas’ in-house organ, Industrial Light & Magic (ILM), certainly earned their title for their special effects in the movie. The Sarlacc battle sequence was great, the speeder bike chase on the Endor moon was way cool and the space battle between Rebel and Imperial pilots was a great ride.

I have adapted an approach from Joel Smith on his Inhouse Owl website to help determine compliance training effectiveness.

1.What you want to measure. Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In compliance, you want them to avoid non-ethical and non-compliant actions that would lead to compliance violations. The goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures so you avoid liability related to actions.

2. What is employee engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. You can get data on employee engagement through a quick post-training survey, which will help you isolate and qualify the training benefit.

3. Did employees actually learn anything? A critical part of any employee training is the assessment. If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre-and post-training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.

4. Are employees applying your training? You need to conduct a survey to determine employee application and their implementation of the training topics. To do so, you must conduct employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective. 

Join us tomorrow where we consider The Force Awakens and disruptive innovation in compliance.

May the podcast be with you this holiday season.

Dec 19, 2017

Welcome to the Day 2 of a five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode V, The Empire Strikes Back and due diligence.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

This movie is my personal favorite of the initial trilogy. During the climactic battle between Luke Skywalker and Darth Vader, there is the BIG REVEAL where Vadar utters the immortal line, “I AM YOUR FATHER”. In the context of knowing who you are doing business with under the Foreign Corrupt Practices Act or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this company President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof.

There are three levels of due diligence and you must make a determination which is appropriate for the entity or person you are investigating. If a red flag appears it must be cleared or a risk management strategy articulated to allow moving forward.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. Level I due diligence addresses such basic issues as whether the third party actually exists, the identities of management, officers, directors and shareholders and whether such persons are on regulators’ watch lists. It can also provide some basic information on whether there are politically exposed persons (PEPs) involved in the third party. Finally, if there are any media reports linking the company to corruption.

Level II

Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. Level II can give you information on adverse litigation, any bankruptcy proceedings, overt signs of financial difficulty. More generally it will also provide local online information such as corporate filings, regulatory filings, lawsuits and locally archived materials. You also be able to determine if there were any in-country investigations or sanctions from regulatory entities.

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation and is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.

Now imagine if Luke had performed a more robust level of due diligence on Darth Vadar? Would he have been able to find out Darth Vadar was his father? Perhaps not but then again, we might not have heard that seminal line “I AM YOUR FATHER”.

Join us tomorrow where we consider Return of the Jedi and effective training.

May the podcast be with you this holiday season.

Dec 18, 2017

Welcome to the first day of a five-day podcast series Jay Rosen and I are producing in honor of the latest Star Wars movie The Last Jedi. Each day over this week, Jay and I will review a Star Wars movie and discuss it from the compliance perspective. Today, we consider Episode IV, A New Hope and risk.

The full series schedule is:

Monday, December 18, Part I- IV-a New Hope and risk.

Tuesday, December 19, Part II- V-The Empire Strikes Back and due diligence.

Wednesday, December 20, Part III- VI-Return of the Jedi and effective training.

Thursday, December 21, Part IV- VII-The Force Awakens and disruptive innovation in compliance.

Friday, December 22, Part V-Rogue One and the myth of the rogue employee.

One of the plotlines is that the Galactic Empire has created a Death Star with enough firepower to destroy a planet. The Rebel Alliance is determined to destroy the Death Star and has blueprints detailing the defensive posture of the Death Star. A computer analysis determines a weakness in the Death Star’s defensive shield. At one point, the Death Star’s commander, Grand Moff Tarkin, played by Peter Cushing, is told there is a ‘risk’ in the Rebel’s plan of attack. Tarkin dismisses this risk as insignificant. Of course, Luke Skywalker then proceeds to exploit this risk and destroy the Death Star.

Tarkin’s incorrect assessment of this risk was lethal. Today I want this part of the story to introduce the subject of how you evaluate compliance risk under the Foreign Corrupt Practices Act (FCPA) or an economic sanctions regime. Failure to appreciate risk can lead to some very serious and perhaps lethal consequences.

Whether you utilize one approach or another, analyzing the results of your risk assessment is as important as doing the risk assessment. With the recent Department of Justice (DOJ) remarks around how they will review the effectiveness of compliance programs during an enforcement action to determine potential credit or even granting a declination, the stakes have never been higher. Of course, for Grand Moff Tarkin, his refusal to analyze the risk assessment presented to him was fatal.

Join us tomorrow where we consider The Empire Strikes Back and due diligence.

May the podcast be with you this holiday season.

1 2 3 4 5 6 7 Next » 8