Corruption Crime & Compliance

Is your company ready to bet its future on whether it can outpace a whistleblower to the DOJ's door? In this episode, Michael Volkov takes a deep dive into the Department of Justice's newly announced strategy to reshape corporate enforcement. With promises of greater clarity, reduced penalties, and fewer monitors, the DOJ wants companies to see voluntary disclosure as a smart and safe move - not a leap of faith. But behind the incentives lies a sharper edge: whistleblowers, shortened timelines, and a more assertive DOJ ready to move fast. Whether you're in-house counsel, a compliance officer, or just trying to stay ahead of enforcement trends, this is a must-listen breakdown of what's changed, why it matters, and what companies need to do now to avoid being caught off guard.You'll hear him discuss:How companies that voluntarily disclose, cooperate, and remediate can now qualify for a declination, even with aggravating circumstancesWhy the DOJ is promising greater transparency and fairness in enforcement to reduce fear and uncertainty around self-reportingWhat changes have been made to limit when corporate monitors are imposed, and how DOJ will control their cost and scopeHow the whistleblower program has been significantly expanded to include sanctions, tariffs, trade violations, and federal program fraudWhat benefits may still be available for companies that report after DOJ has begun an investigation, including reduced fines and no monitorshipWhy DOJ is pushing prosecutors to shorten the length of corporate investigations and avoid drawn-out resolutionsWhat's at stake if a whistleblower reports first, and how companies could lose access to key benefits by waiting too longResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when the world's most influential anti-bribery law is abruptly paused? Is transparency merely a compliance box-tick—or the most powerful tool we have against global threats like kleptocracy, sanctions evasion, and illicit finance? In this eye-opening episode of Corruption, Crime, and Compliance, Michael Volkov is joined by two powerhouse experts in the global fight against corruption: Scott Greytak and Josh Birenbaum (*see ‘'About Guests below). Together, they break down the sweeping implications of the U.S. government's pause on Foreign Corrupt Practices Act (FCPA)enforcement, the gutting of the Corporate Transparency Act (CTA), and what all of this means for business leaders, policymakers, and the international community.When the United States hit pause on FCPA enforcement, the global anti-corruption landscape shifted. Scott and Josh explore how companies are reacting, how allies are stepping up enforcement, and why transparency is emerging as a national security imperative. They offer a forward-looking conversation filled with insights for compliance professionals, risk officers, and anyone committed to ethical business in a volatile world.You'll hear them discuss:Why the U.S. government's pause on FCPA enforcement shocked the global anti-corruption community—and why companies should still stay the course with compliance regardless of political signals.How the Corporate Transparency Act, once seen as the most significant U.S. anti-money laundering law in a generation, has been quietly gutted—leaving a dangerous gap in the fight against shell companies and financial crime.What it means that U.S. companies are now incentivized to form anonymously domestically to avoid ownership disclosure—inviting kleptocrats, traffickers, and foreign adversaries to hide in plain sight.Why global businesses must prepare for a sharp rise in trade compliance enforcement, as tariffs, export controls, and sanctions take center stage in economic security—and why transparency is essential to managing these risks.How foreign enforcers, especially in Europe, are beginning to step up—but why no alliance or coalition can truly fill the vacuum left by a retreating United States.What makes transparency not just a compliance tool, but a weapon against geopolitical threats—from Xinjiang's forced labor camps to Russian shadow fleets and fentanyl trafficking.How transparency can be hardwired into foreign aid policy to protect U.S. taxpayer money, prevent narco-state development, and give American businesses a fair shot abroad.Why there's still hope—from new bipartisan support for anti-corruption measures to the emergence of a national security lens on transparency across Congress, federal agencies, and the private sector.About GuestsScott Greytak is an anticorruption attorney and the Director of Advocacy for TI US. His work focuses on designing anticorruption laws and policies, organizing and leading ideologically inclusive coalitions, and lobbying the U.S. Congress and administration. Greytak was named a Top Lobbyist in 2021, 2023, and 2024 by the National Institute for Lobbying & Ethics. Josh Birenbaum is the deputy director of FDD's Center on Economic and Financial Power, focusing on illicit finance risks and global corruption. Previously, Josh was the research and policy analyst at TRACE International, producing articles, book chapters, op-eds, model policies, industry reports, and speeches on sanctions, export controls, corruption, conflict minerals, money laundering, human rights, illicit finance, and other topics. ResourcesScott Greytak on LinkedIn | Email - sgreytak@us.transparency.orgJosh Birenbaum on LinkedIn | Email - jbirenbaum@fdd.orgMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What if your next import shipment becomes the centre of a federal enforcement action — not because of criminal intent, but because of a mistake? In today's episode, Michael Volkov breaks down the expanding power and reach of U.S. Customs and Border Protection (CPB) and what it means for businesses navigating an increasingly aggressive trade enforcement landscape. With the Trump Administration's re-defined objective of fair trade, companies across all sectors need to brace for scrutiny, adapt to evolving risks, and rethink their compliance strategies.You'll hear him discuss:The Trump Administration's focus on fair trade and why CPB has become a central enforcement agency under this new agendaHow CPB exercises its authority to impose regulatory penalties, seize goods, and refer serious cases for civil or criminal prosecutionThe legal standards that determine the severity of violations — fraud, gross negligence, or negligence — and how each carries different penalty thresholdsWhy the materiality of a false statement or omission is a key factor in determining whether a violation has occurredThe importance of voluntary disclosure and how it can significantly reduce potential penalties and protect company reputationThe step-by-step process of CPB administrative enforcement, including investigations, pre-penalty notices, appeals, and mitigation optionsThe expanding impact of the Enforce and Protect Act (EAPA), and how companies can be held accountable for evading anti-dumping and countervailing dutiesWhy businesses must now take a closer look at their import documentation, supply chain practices, and overall trade compliance postureResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Are you running a compliance program that's making a real impact—or just checking the boxes? In this episode, Michael Volkov dives into LRN's 2025 Program Effectiveness Report, an annual benchmark that separates the truly impactful compliance programs from those that are merely operational. Based on insights from 1,500 global ethics and compliance professionals, this year's report draws a clear line between high-impact and medium-impact programs—and what it takes to bridge the gap. The conversation highlights urgent risks, cultural disconnects, and the strategic value of automation, data, and leadership alignment in shaping tomorrow's compliance functions.You'll hear him discuss:How high-impact programs are defined by their strategic use of automation, data analytics, and benchmarking tools to drive measurable compliance outcomesWhy third-party risk management—including due diligence and supply chain oversight—is a defining trait of the most effective programs todayThe growing trust gap between Gen Z employees and middle managers, and why this generational shift poses a cultural red flagThe continued dominance of outdated internal systems, regulatory complexity, and budget pressure as top operational challenges facing compliance leadersHow high-impact programs are integrating AI into both their codes of conduct and employee training, preparing teams for emerging tech risksWhat medium-impact programs can do to evolve: focus on training, automation, and peer collaboration to elevate impact and resilienceResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

When The United States has hit pause on Foreign Corrupt Practices Act (FCPA) enforcement—it left many asking whether Europe will now be stepping up to lead the global anti-corruption charge. In this episode of Corruption, Crime and Compliance, Michael Volkov explores how European prosecutors are responding to the enforcement gap, why multinational companies can't afford to slow down their compliance efforts, and how both state-level and international initiatives are reshaping the future of anti-bribery law.You'll hear him talk about:The launch of a new International Anti-Corruption Prosecutorial Task Force formed by the UK, France, and Switzerland, designed to intensify cross-border enforcement and cooperation in bribery and corruption cases.The task force's formation as a direct response to the U.S. enforcement pause, signaling that European agencies are prepared to take a more prominent role in prosecuting international corruption, especially involving multinational corporations.California's bold move to pursue foreign bribery under its Unfair Competition Law (UCL), reinforcing that FCPA violations remain prosecutable at the state level despite federal hesitation.A continued commitment by global companies to maintain strong compliance programs, reflecting awareness that international and local enforcement can still pose serious legal and financial risks.The unexpected dismissal of the long-running FCPA case against Cognizant executives, contrasted with the DOJ's decision to move forward with prosecutions in other high-profile cases, suggesting a selective enforcement pattern under current policy shifts.A landmark case by the UK Serious Fraud Office (SFO), charging a company with failure to prevent bribery—a first for the SFO to bring such a case before a jury, potentially setting a new standard for corporate liability in the UK.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Could your routine data transfers now violate federal law? The DOJ's new Data Security Program (DSP) targets the flow of U.S. sensitive personal and government data to foreign adversaries — and the clock is ticking. In this episode of Corruption, Crime and Compliance, Michael Volkov breaks down the Justice Department's sweeping new Data Security Program, enacted under Executive Order 14117 and finalized in January 2025.You'll hear him discuss:The origins of the DSP, created through Executive Order 14117 under the Trump Administration, and the key national security concerns it addresses.What constitutes a “covered data transaction” and the thresholds for U.S. personal and government data that trigger compliance obligations.The list of “countries of concern” and what it means for companies doing business with entities tied to these regions.The types of U.S. data covered by the DSP, including biometric, genomic, financial, and geolocation data, and the specific quantity thresholds that trigger restrictions.Why data brokerage and bulk human genomic data transactions are prohibited outright, raising new compliance challenges for affected industries.How “restricted transactions” like cloud computing services and vendor agreements are subject to conditional exceptions under the DSP.The critical actions U.S. companies must take during the 90-day enforcement hiatus, including vendor assessments, renegotiations, and compliance system updates before the July 8th deadline.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How prepared is your organization to handle the evolving landscape of sanctions compliance? In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.Cases discussed:British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupLinks to the four cases: British American Tobacco | Epsilon Electronics I Elf Cosmetics | Murad LLCA Framework for OFAC Compliance Commitments (May 2019)

What do you do when the headlines shift faster than your risk matrix can keep up? In this episode, Michael Volkov dives into the challenge of adapting compliance programs in the face of volatile and fast-changing global risks—from tariffs and trade controls to supply chain disruptions and third-party exposures. While the pressure to react is constant, the real key is staying anchored in your company's values while making smart, timely adjustments.Legal and compliance officers are used to adjustments and continuous improvement of their compliance programs. Building and maintaining an effective ethics and compliance program never ends — it is a continuous process. In a climate of rapid change, the strategies may feel familiar, but the risks themselves are taking new shape. To that end, Michael outlines five specific strategies for evolving your compliance program without losing your footing.You'll hear him discuss:Why culture isn't just a buzzword—it's the first and most critical line of defense in volatile timesHow to run a quick-turn, focused risk assessment to identify new hotspots like sanctions, tariffs, and supply chain gapsThe rising danger of indirect exposure to foreign terrorist organizations and cartels through third partiesWhat companies need to know about tariff classification, scope, and enforcement to avoid legal and economic penaltiesWhy sanctions and export controls enforcement is heating up—and what that means for your global operationsHow to recalibrate third-party risk management to account for trade-based threats and hidden ownership structuresResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.Listen in as Nicolas and Mike discuss:The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela's decline.Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system's integrity.Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.Resources:Nicolas Garcia on LinkedInNicolas Garcia on Email: Nicolas.Garcia@Orica.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

This week, we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.Carlos Villagrán is the Director of Compliance at CMPC, a 100-year-old Chilean-based holding company, one of the worldwide leading pulp, paper, packaging, personal care, and other forest products manufacturers. With more than 20,000 employees, CMPC has industrial operations in 9 countries (LatAm and the US) and commercial offices in the US, Europe, and China, selling and distributing its products to more than 45 countries around the world. Carlos joined CMPC to remediate and rebuild CMPC's culture and compliance program after a devastating scandal -- CMPC was prosecuted for its involvement in a decade-long conspiracy to fix prices in Peru and Chile for consumer paper products. Carlos discusses the challenges he faced in rebuilding CMPA's culture and commitment to compliance. His story is an inspiration to all legal and compliance professionals and provides important instructive lessons to corporate leaders and compliance professionals.You'll hear Michael and Carlos discuss:The importance of rebuilding and rediscovering the values and purpose of CMPC after a major corporate crisis.The effects on market share quotas and sales prices when CMPC faced an investigation and found to be the leader of a cartel in Chile and Peru.How the crisis significantly impacted CMPC's reputation, leading to public protests and consumer backlash in Chile and Peru.CMPC's compliance team addressed the company's complex nature because of its diverse workforce, including data analytics experts, IT professionals, and engineers.How the compliance program at CMPC shifted from a traditional approach to a more cultural and system-thinking perspective, aligning with the company's values and operations.Success for the compliance program at CMPC is defined by the number of critical tables the team is seated on, indicating their value and integration within the business operations.ResourcesCarlos Villagran on the Web | LinkedInEmail: carlos.villagran@cmpc.cl or cfvillagran@gmail.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing's recent plea agreement and what it means for corporate compliance and accountability.You'll hear him talk about:Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.Victims' Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasanceCompliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.Ongoing Challenges: Boeing's anti-fraud measures still have gaps, with broader implications for industries where safety is critical.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

This week we are pleased to bring you one of our most popular episodes of 2024. Please enjoy, and we will be back next week with more insights from the Corruption, Crime, and Compliance podcast.How do you manage risk when the vulnerabilities are outside your organization aren't in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckman, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers' credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities. Unlike the US, EU companies don't benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG's importance is on par with cyber security.Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don't need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupNatalie Druckman on LinkedInCertaEmail Natalie: nat@certa.ai

This week, we bring you a replay of one of our most impactful podcasts from last year, featuring Alex Cotoia and Daniela Melendez. Listen in as we discuss the EU Whistleblower Directive of October 2019. We'll return next week with one of our regular updates.Directive 2019/1937 of the European Parliament and Council dated 23 October 2019 on the “protection of persons who report breaches of Union law” (the “Directive”) is currently being implemented by EU Member States. The directive has broad applicability to organizations operating in the EU internal market and applies to both public and private sector organizations alike. Whistleblowers are guaranteed legal protection to the extent: (1) they have reasonable grounds to believe that the information reported was true at the time of the report; and (2) the whistleblower reported either internally to the organization, externally to a competent authority, or publicly. Private sector organizations with 50 or more workers are legally required to establish channels and procedures for internal reporting of EU law breaches and conduct appropriate follow-up. In this episode, Mike Volkov is joined by Daniela Melendez and Alex Cotoia from the Volkov Law Group, who bring their expertise to the table as they delve into the EU Directive and its implementation by several member states. Listen to this discussion to understand and navigate the complexities of the EU Whistleblowing Directive.The EU Whistleblower Directive shifts the burden of proof on retaliatory actions to the person taking the detrimental action, requiring them to demonstrate it was not linked to reporting concerns.Global companies are taking a proactive stance by increasingly focusing on robust ethics and compliance programs. This strategic move is aimed at mitigating risks and promoting positive corporate citizenship in today's economy, where adherence to legal and ethical standards is paramount.France signed the EU Directive into law on March 21, 2022, outlining protocols for gathering and handling whistleblower reports, including a two-month deadline for imposing disciplinary sanctions.Germany enacted the EU Directive on May 12, 2023, allowing anonymous reports and setting a three-month investigation deadline after receiving the report.Spain addressed the EU Directive on February 2023 by covering additional topics like occupational health and safety breaches. The directive established a three-month deadline for investigations and allowed anonymous reports.Italy transposed the EU Directive on August 4, 2022, including administrative, financial, civil, and criminal offenses not covered by the Directive, with a 30-day deadline to conduct investigations upon receipt of reports.Companies are advised to make resources available to conduct investigations quickly due to the short timeframes set by various countries' whistleblower protection laws.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupAlex Cotoia on LinkedIn Email: acotoia@volkovlaw.comDaniela Melendez on LinkedInEmail: dmelendez@volkovlaw.com

Is your company prepared for the compliance storm ahead? With tariffs shaking global trade, aggressive sanctions enforcement, and new risks from AI, businesses must rethink their strategies. Can your compliance program keep up, or will it be left scrambling?In this episode of Corruption, Crime, and Compliance, Michael Volkov unpacks the rapidly shifting risk landscape facing businesses today. From trade compliance and supply chain disruptions to cybersecurity and government enforcement, he highlights the top legal and compliance challenges of the year and offers practical guidance on how companies can stay ahead. While the regulatory world is in flux, one thing remains certain—organizations that fail to adapt will face significant financial, legal, and reputational consequences.You'll hear him discuss:The evolving trade landscape, including tariff enforcement, import risks, and the potential economic fallout of aggressive trade policiesWhy supply chain mapping is no longer optional, with companies needing to identify vulnerabilities, alternative sourcing strategies, and compliance risks to avoid costly disruptionsHow businesses should approach the FCPA enforcement pause, what it signals about the government's priorities, and why global companies remain committed to anti-corruption programsWhy compliance teams must elevate import control and export control programs, particularly as the US expands restrictions on advanced computing, AI, and semiconductor exportsHow transnational criminal organizations are infiltrating legitimate supply chains for money laundering, and what companies must do to strengthen their due diligence effortsThe importance of a strong compliance culture in a time of regulatory uncertainty—how companies can remain flexible, proactive, and aligned with their core values despite the shifting landscapeResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Are You Ready for the Next Wave of Corporate Risk? Corporate risks are shifting, and every board, C-suite, and compliance team must take a fresh look at their risk landscape. While some risks like cybersecurity, data privacy, and artificial intelligence remain high priorities, others—such as anti-corruption and antitrust enforcement—are evolving in unexpected ways. With regulatory changes and new enforcement priorities emerging, businesses must stay ahead of the curve to avoid costly missteps. In this episode of Corruption, Crime & Compliance, Michael Volkov unpacks the latest updates in FCPA enforcement, antitrust scrutiny, and trade compliance. With the DOJ shifting its focus, companies need to prepare for the new compliance reality.You'll Hear Him Discuss:Why companies must reassess their risk priorities in today's unpredictable business environment, as corporate risks continue to shift in response to new regulatory and enforcement trends.The impact of the FCPA enforcement pause, what it really means for global businesses, and why companies cannot afford to dismantle their anti-corruption programs despite the temporary halt in enforcement.How the DOJ is shifting its focus toward prosecuting criminal cartels and transnational organizations, and what that means for businesses operating in high-risk regions or industries.The evolving landscape of antitrust enforcement, including key takeaways from Gail Slater's confirmation hearing and how the administration's new approach may impact high-tech competition cases.How businesses should prepare for heightened tariffs, trade compliance risks, and increased customs enforcement, particularly as the U.S. targets imports from China, Southeast Asia, Mexico, and Canada.Why workplace immigration enforcement is becoming a bigger concern, with the government ramping up workplace raids, audits, and compliance checks for companies employing immigrant workers.The growing scrutiny around government grants, the potential for fraud investigations, and how businesses receiving federal funds must ensure strict compliance with evolving regulatory requirements.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when an entire era of anti-corruption enforcement is put on pause? Is this a strategic move to bolster American businesses or a dangerous rollback of corporate accountability? In an unprecedented move, the Trump administration has hit the brakes on FCPA enforcement for at least 180 days, citing concerns over U.S. economic competitiveness and national security. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the implications of this game-changing executive order. The executive order claims that FCPA enforcement has been stretched beyond its original intent, harming American businesses while benefiting foreign competitors. With the Department of Justice now ordered to reassess its approach to anti-bribery enforcement, the business and legal communities are left wondering—what happens next? Will companies adjust their compliance strategies, or will global enforcement trends keep them in check?You'll hear him discuss:The Trump administration's rationale for halting FCPA enforcement and why the decision was both surprising and expectedThe executive order's directive to the Attorney General to reassess FCPA investigations and enforcement prioritiesThe shift in DOJ focus from corporate bribery cases to prosecuting cartels and transnational criminal organizationsThe potential impact on global anti-corruption efforts, as countries like the UK, France, and Brazil continue enforcing their own bribery lawsThe uncertainty surrounding DOJ's forthcoming guidance and what companies should anticipate in the next 180 daysThe broader implications for corporate compliance programs, risk assessments, and international business strategyThe historical context of past efforts to reform the FCPA and why similar arguments were made over a decade agoThe potential for companies to seek remedial measures for past FCPA enforcement actions and the challenges in implementing such a policyHow this shift in enforcement priorities may affect corporate ethics, internal investigations, and global compliance expectationsResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How do sanctioned Russian oligarchs continue to move their wealth despite international restrictions? The answer lies in real estate, shell companies, and complicit gatekeepers. In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into one of the latest OFAC enforcement actions against Family International and its owner, Roman Sinyavsky, for facilitating sanctions evasion on behalf of Russian oligarchs. Through complex real estate transactions, Sinyavsky helped conceal luxury properties owned by Valeri Abramov and Viktor Perevalov, allowing them to continue generating revenue despite U.S. sanctions. This case highlights the growing risk of financial crime in the real estate sector and the increasing scrutiny on those who enable it.You'll hear him discuss:The $1.07 million OFAC settlement and the criminal charges against Roman Sinyavsky for sanctions evasion and money launderingHow sanctioned Russian oligarchs used non-sanctioned family members and shell companies to obscure their ownership of U.S. propertiesThe key role of real estate professionals, lawyers, and financial advisors in facilitating these schemes and why they should have raised red flagsThe use of text messages as critical evidence proving intent and knowledge of sanctions violationsThe specific techniques used to transfer property ownership and avoid detection by authoritiesThe increasing enforcement focus on commercial and residential real estate transactions as a high-risk area for financial crimePredictions for 2024, including tighter sanctions enforcement on Russia and Iran and what it means for businesses and compliance professionalsResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

The 1990s saw the explosion of the internet, transforming the global economy and social development in ways we could have never imagined. But will AI truly have the same impact? While its potential is undeniable, the road ahead is full of risks, challenges, and ethical concerns. Will AI drive efficiency and innovation, or will it create new vulnerabilities that companies must scramble to control?In this episode of Corruption, Crime, and Compliance, Michael Volkov dives deep into the legal, ethical, and compliance challenges surrounding AI. He explores how businesses are navigating AI adoption, the risks they face, and the safeguards they must implement to protect themselves.You'll hear him discuss:Why AI's economic impact, while significant, may not match the transformative power of the internetGoldman Sachs' prediction that AI could add $7 trillion to global GDP over the next decadeThe massive investments required to scale AI, from semiconductors and data centers to energy and infrastructureHow generative AI is reshaping industries by creating human-like content with limitless applicationsThe hidden dangers of AI, including misinformation, deepfakes, fraud, and identity theft risksWhy businesses are cautiously adopting AI while grappling with privacy, copyright, and security concernsThe importance of AI compliance programs to mitigate legal, ethical, and reputational risksBest practices for companies to ensure AI-generated content is accurate, transparent, and responsibly usedResourcesMichael Volkov on LinkedIn | X (Twitter)The Volkov Law Group

Can the DOJ's commitment to holding individuals and corporations accountable under the FCPA survive the changing political climate in 2025? Will the push for innovation in corporate compliance programs be enough to maintain momentum, especially with emerging technologies like artificial intelligence? In this episode of Corruption, Crime and Compliance, Michael Volkov dives deep into the FCPA enforcement landscape of 2024, outlining key cases, changes in DOJ policies, and the evolving role of compliance programs. He highlights the significant rise in penalties and individual criminal prosecutions, as well as the continuation of major corporate settlements such as Raytheon, Trafigura, Gunvor, and SAP. The episode also explores DOJ's new whistleblower program and its continued push for companies to enhance their compliance frameworks.You'll hear him discuss:Key FCPA enforcement matters in 2024 including the Raytheon, Trafigura, Gunvor, and SAP cases.The shift in DOJ's approach, where individual prosecutions now play a larger role than ever before.The rise in penalties: 2024 saw a significant jump, with a total of $1.7 billion in fines.The return of travel, hospitality, and gifts as common bribery techniques, despite increased focus on compliance.DOJ's major industry sweeps, particularly targeting the energy commodity trading industry.The emergence of new compliance challenges with a focus on artificial intelligence and emerging technologies in corporate settings.The controversial SAP settlement and the DOJ's approach to a lack of voluntary disclosure.The impact of mergers and acquisitions on compliance processes and the integration of acquired companies.DOJ's new whistleblower program designed to incentivize individuals to report misconduct.How companies should approach merger and acquisition integration to ensure compliance and prevent risks.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How will your company withstand the heat of aggressive sanctions enforcement? Are you ready for the DOJ's new priorities and OFAC's expanding reach in 2025? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the major sanctions enforcement trends from 2024 and the road ahead under the new Trump administration. From record-breaking DOJ prosecutions to OFAC's innovative enforcement approaches, Michael explains how sanctions compliance is more critical than ever. He highlights the biggest cases of the year, uncovers common pitfalls that led to costly penalties, and outlines how businesses can navigate shifting regulatory priorities. Whether it's integrating compliance in M&A or addressing the risks of evolving China and Iran sanctions, this episode delivers actionable insights for staying ahead of enforcement risks.You'll hear him discuss:The DOJ's record-breaking prosecution of 70 individuals in 2024 and predictions for a surge in enforcement in 2025.OFAC's evolving enforcement strategy, including secondary sanctions tied to U.S. dollar transactions and new compliance commitments.Key lessons from major enforcement actions like SCG Plastics, Aotech, and MondoTV, which paid millions for sanctions violations.The consequences of neglecting sanctions compliance during mergers and acquisitions, including inherited liabilities and enforcement risks.Predictions for heightened scrutiny on trade with China, aggressive tariffs, and evolving Iran sanctions under the new administration.How emerging issues like advanced computing, AI, and dual-use technologies are becoming focal points for sanctions enforcement.The role of voluntary self-disclosure in mitigating penalties, with examples of companies that uncovered and corrected compliance gaps.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How did a high-stakes bribery scheme involving insider deals, Airbus planes, and secret payments bring down a global aviation giant? In this episode, Michael Volkov dives deep into the AAR Corporation FCPA case—a cautionary tale of bribery, insider deals, and compliance failures in high-risk sectors. The DOJ and the Securities and Exchange Commission (SEC) closed 2024 with a major coordinated settlement with AAR Corporation, a provider of aviation products and services. The case involved criminal and civil FCPA charges related to bribery schemes in Nepal and South Africa. Deepak Sharma, the CEO of an AAR subsidiary, orchestrated the schemes, securing insider information and paying bribes to government officials to win lucrative contracts. Despite AAR's late self-reporting, the DOJ credited the company for its cooperation and remediation efforts. The case highlights ongoing corruption risks in the aviation industry, especially where state-owned enterprises and third-party agents are involved.You'll hear him discuss:The details of the Illinois-based provider of aviation products AAR Corporation FCPA settlement with the DOJ and SEC.How Deepak Sharma orchestrated bribery schemes in Nepal and South Africa.The separate civil resolution with Deepak Sharma under which Sharma agreed to pay a disgorgement of $130,835 plus prejudgment interest of $53,762.The role of third-party agents in facilitating corrupt practices.Julian Aires, a former third-party agent of AAR, pleaded guilty in the District of Columbia on July 15, 2024 to a conspiracy to violate the FCPA for his role in the South Africa scheme.Why insider information from government officials is a "kiss of death" in compliance.How bribes were disguised through sham invoices and shell companies.The importance of robust compliance programs in high-risk industries like aviation.Red flags to watch for in industries dealing with state-owned enterprises.How the DOJ and SEC weigh cooperation and remediation in enforcement actions.Key takeaways for compliance professionals from the AAR case.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What went wrong when McKinsey paid bribes to secure consulting contracts with South Africa's state-owned enterprises? In this episode, Michael Volkov dives into the December 2024 DOJ settlement with McKinsey & Company, which paid $122 million after being found guilty of paying bribes to officials at Transnet and Eskom to secure valuable consulting contracts. The case involved significant violations of the Foreign Corrupt Practices Act (FCPA) and highlights the risks companies face when failing to implement effective compliance programs.You'll hear him discuss:The details of McKinsey's settlement with the DOJ for $122 million, including the 35% discount and the cooperation credits granted by the government.The role of Vikas Sagar, McKinsey's former senior partner, and his guilty plea in 2022 for orchestrating bribery payments.How McKinsey Africa used sensitive, non-public information obtained through bribes to secure multi-million dollar contracts with Transnet and Eskom.The ongoing issue of engaging third-party intermediaries and the importance of conducting thorough due diligence before entering into business relationships.The lessons learned from McKinsey's lack of proper oversight and controls that allowed a small group of corrupt executives to facilitate bribery schemes.The broader impact of local content requirements in international business and the associated risks of partnering with unqualified entities that have ties to corrupt government officials.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when a Chief Executive Officer becomes the architect of a global bribery scheme? In this episode of Corruption, Crime, and Compliance, Michael Volkov delivers an in-depth analysis of the BIT Mining FCPA case — a landmark matter that underscores the severe consequences of C-suite misconduct. With CEO Zhengmin Pan at the center of the conspiracy, BIT Mining's efforts to infiltrate Japan's emerging casino market were built on fraudulent payments, sham contracts, and falsified financial records.Michael examines the tactics used to conceal illicit payments, the role of Japanese authorities in uncovering the misconduct, and the broader implications for corporate compliance and executive accountability.You'll hear him discuss:How BIT Mining's former CEO, Zhengming Pan, supervised a $2 million bribery scheme targeting Japanese government officials to secure entry into Japan's integrated resort (IR) market.The specific tactics used to launder bribe payments, including the use of sham consulting agreements, inflated lecture fees, and misclassification of bribes as "management advisory fees" and "travel expenses" in company records.The DOJ's charges against Pan, which included conspiracy to violate the anti-bribery and books-and-records provisions of the FCPA, as well as multiple counts of books-and-records violations and substantive anti-bribery offenses.The terms of Bit Mining's three-year Deferred Prosecution Agreement (DPA) with the DOJ, which included an agreed-upon $10 million criminal penalty, reduced from an initial $54 million based on the company's inability to pay.The SEC's parallel enforcement action, which resulted in a $4 million civil penalty, later credited against the DOJ's settlement amount.How Japanese enforcement authorities played a crucial role in uncovering the scheme and what ultimately led to Bit Mining's failure to win the integrated resort bid.Practical compliance takeaways for corporate boards and executive teams, including the importance of strong third-party due diligence, financial control safeguards, and executive oversight to prevent and detect misconduct at the top.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What does it take for a global telecom giant to get caught up in a bribery scheme involving over $85 million—and what can we learn from their mistakes? How do companies like Telefónica Venezolana manage to conceal millions in bribes through inflated contracts and shell companies, and why do these schemes so often fly under the radar?This episode dives into Telefónica Venezolana's $85.2 million settlement with the DOJ for bribery violations under the FCPA. Michael Volkov unpacks how the Venezuelan subsidiary exploited a government-controlled currency auction system, paid nearly $29 million in bribes, and concealed it through inflated equipment purchases. The case reveals systemic flaws and offers essential lessons on preventing corporate misconduct.You'll hear him discuss:How Telefónica Venezuela used inflated supplier contracts to fund $28.9 million in bribesThe role of shell companies and intermediaries in concealing bribery schemesHow bribery enabled access to $110 million in undervalued U.S. currencyDOJ's assessment of cooperation, compliance efforts, and penalty reductionsTelefónica's failure to address red flags in its financial controls and due diligence processesThe importance of vetting third parties and managing high-risk transactionsHow Telefónica implemented compliance reforms, including anti-corruption measures and internal auditsLessons for compliance professionals on detecting and preventing similar schemesResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Have you ever wondered how different cultures and generations engage with a company's code of conduct? Do employees across the globe really follow ethical guidelines in the same way, or are there stark contrasts depending on where they are and what they do? In this episode of Corruption, Crime & Compliance, Michael Volkov explores LRN's latest Code of Conduct Report, which reveals vital benchmarks and trends that can help companies strengthen their ethics and compliance programs. As LRN consistently provides high-quality insights on ethics and compliance, this episode dives deep into the findings that highlight how the code of conduct can serve as the cornerstone of a company's ethics culture—if used effectively.You'll hear him discuss:How the usage of codes of conduct differs across geographic regions, with India, China, and Australia showing the highest engagement rates.The surprising statistic that 35% of employees in the Netherlands reported never consulting their company's code of conduct.The impact of training, with countries like China and India seeing the highest percentage of employees trained on their code of conduct.The generational divide, with Gen Z employees consulting their codes of conduct more than Baby Boomers, despite prior reports suggesting Gen Z's tendency to bend rules.The significant gap in perceptions of code usage between senior leaders, middle managers, and frontline employees.The role of hybrid work in fostering higher engagement with codes of conduct, contrary to the common assumption that remote work leads to disengagement.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What does the new Trump administration mean for ethics, compliance, and enforcement? As the dust settles on the U.S. election, companies are evaluating the implications of President Trump's return to the White House. With priorities such as spurring economic growth, reducing inflation, imposing stringent trade sanctions, and reforming the Department of Justice, businesses must prepare for significant changes. How will these initiatives impact compliance programs and enforcement priorities?You'll hear Michael discuss:Key enforcement priorities under the second Trump administration, including changes to DOJ oversight and trade compliance.The implications of aggressive foreign policy shifts, including potential changes to sanctions on Russia, Iran, and China.The focus on immigration enforcement, workplace audits, and I-9 compliance.The anticipated reduction in environmental and workplace safety enforcement.Trends in corporate criminal enforcement, including a steady focus on healthcare fraud but limited activity in other areas.Strategies for companies to enhance trade compliance and prepare for expanded tariffs and sanctions.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when a major defense contractor faces scrutiny for ethics and compliance violations? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the high-stakes world of corporate accountability, exploring Raytheon's recent $428 million settlement with the U.S. Department of Justice. From fraudulent pricing to bribery and compliance lapses, we uncover the impact of these violations and the tough questions they raise about corporate governance, oversight, and ethical responsibility in high-stakes industries.Hear Michael talk about:Raytheon Company (Raytheon) -- a subsidiary of defense contractor, RTX (formerly known as Raytheon Technologies Corporation) — agreed to pay over $950 million to resolve the Justice Department's investigations into three areas of violation. The settlement addresses three main issues:A major government fraud scheme involving defective pricing on certain government contractsViolations of the Foreign Corrupt Practices Act (FCPA) the Arms Export Control Act (AECA) and its implementing regulations, the International Traffic in Arms Regulations (ITAR)As part of the settlement, Raytheon entered into a three-year deferred prosecution agreement (DPA) and agreed to the filing of criminal information in the District of Massachusetts charging Raytheon with two counts of major fraud against the United States. Raytheon admitted to engaging in two separate schemes to defraud the Department of Defense (DOD) relating to the provision of defense articles and services, including PATRIOT missile systems and a radar system. Separately, Raytheon entered into a three-year DPA in connection with a criminal information in the Eastern District of New York charging Raytheon with two counts: conspiracy to violate the anti-bribery provision of the FCPA for a scheme to bribe a government official in Qatar and conspiracy to violate the AECA for willfully failing to disclose the bribes in export licensing applications with the Department of State as required by part 130 of ITAR.The Justice Department's FCPA and ITAR resolution is coordinated with the Securities and Exchange Commission (SEC). Both DPAs require that Raytheon retain an independent compliance monitor for three years, enhance its internal compliance program, report evidence of additional misconduct to the Justice Department, and cooperate in any ongoing or future criminal investigations. Raytheon also reached a separate False Claims Act settlement with the Justice Department relating to the defective pricing schemes.ResourcesMichael Volkov on LinkedIn | X (Twitter)The Volkov Law Group

The SEC notched another FCPA settlement, continuing its steady pursuit and resolution of FCPA cases. In the meantime, the Justice Department has been silent in the FCPA enforcement arena. In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the SEC's recent FCPA settlement with Moog, a global manufacturer that faced severe bribery allegations within its Indian subsidiary. From navigating India's complex tender processes to revealing corrupt practices and hefty penalties, Michael dissects Moog's compliance failures and highlights the critical role of ethics in international business dealings.Listen in as he discusses:Moog, Inc. ("Moog"), a New York-based global manufacturer of motion controls systems for aerospace, defense, industrial, and medical markets, agreed to pay a civil penalty of $1.1 million and disgorge nearly $600,000 for a total of $1.7 million, to resolve FCPA charges arising out of bribes paid by its wholly owned Indian subsidiary, Moog Motion Controls Private Limited (Moog Motion Controls).Moog India allegedly bribed officials from the South Central Railway (SCR) and Hindustan Aeronautics Limited (HAL) to influence tender processes and exclude competitors. These bribes were often disguised as “contractor services.”From 2020 to 2022, Moog employees bribed various Indian officials to win business. Also, they used a variety of schemes to make improper payments, including funneling them through third-party agents and distributors. These same Moog employees also offered cash bribes to Indian officials in an attempt to cause public tenders in India to favor Moog's products and exclude competitors.The case highlights significant gaps in Moog's internal controls, including improper invoice recording, inadequate oversight of third-party agents, and a lack of compliance training.Moog self-reported the misconduct, terminated those involved, enhanced its compliance program, and strengthened accounting controls and auditing procedures for third-party interactions.ResourcesMichael Volkov on LinkedIn | X (Twitter)The Volkov Law Group

How does a respected financial institution turn into a criminal operation? In this episode of Corruption, Crime, and Compliance, host Michael Volkov dives into the record-breaking $3 billion settlement between TD Bank and the Department of Justice over pervasive violations of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws. Highlighting TD Bank's systemic failures, Michael explores how the bank's compliance and oversight lapses led to criminal conduct within its operations, making it a case study on the dangers of prioritizing growth over legal compliance. From failed AML programs to enabling money laundering on a massive scale, this episode sheds light on the regulatory crackdown TD Bank now faces.Hear him discuss: TD Bank's $3 billion penalty sets a new high for banking compliance cases. In yet another reminder of the scope of Justice Department enforcement powers, and an important demonstration of the risks of non-compliance, the Justice Department and relevant banking agencies announced a $3 billion settlement with TD Bank companies to resolve systemic and pervasive Bank Secrecy Act ("BSA") and money laundering violations.TD Bank's internal culture sidelined AML compliance, leading to massive oversights, including unmonitored transactions worth $18.3 trillion from 2018 to 2024. TD Bank enforced a “flat-cost paradigm,” restricting the compliance budget, which prevented updates and adaptations needed to meet new risk levels.TDBUSH pleaded guilty to causing TDBNA to fail to maintain an AML program that complies with the BSA and to fail to file accurate Currency Transaction Reports ("CTRs").Despite multiple warnings from internal audits and third-party consultants, the bank maintained its flawed AML protocols without significant action.TD Bank earned the ignominious record: TD Bank is the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures, and the first US bank in history to plead guilty to conspiracy to commit money laundering. With this settlement, TD Bank joins a list of high-profile compliance failures alongside companies like Wells Fargo and Wirecard, furthering the call for financial institutions to prioritize ethical compliance in their growth models.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How can companies ensure that their compliance programs are robust enough to handle today's complex ethical challenges? In this episode, Michael Volkov dives into the critical components of conducting an internal compliance site visit and review. He highlights the significance of these visits in understanding operational risks and compliance culture. With real-world examples, Michael emphasizes the need for a proactive approach to compliance, ensuring that organizations are not only following regulations but also fostering an ethical environment.Listen in as Michael talks about:Conducting personal interviews with key staff to assess the compliance culture and operational challenges.Reviewing and testing transactions across various vendor categories to ensure compliance with protocols.Evaluating the effectiveness of training programs and employee understanding of ethical standards and compliance awareness.Verifying compliance with internal policies and conduct due diligence on charitable contributions.Assessing the compliance processes surrounding sponsorships and their alignment with company policies.Implementing thorough due diligence practices for third-party vendors to mitigate risks.Reviewing employee expense reports to ensure proper documentation and compliance with gift, meals, entertainment, and hospitality policies.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when a single company dominates a crucial segment of the financial market? In this episode, Michael Volkov explores the Justice Department's recent antitrust lawsuit against Visa, highlighting allegations of monopolization and exclusionary practices in the debit card market. With Visa controlling over 60% of debit transactions in the U.S., the DOJ aims to restore competition and prevent further stifling of innovation in this vital financial sector. Tune in as Michael breaks down the case details, Visa's strategic responses, and the implications for the broader financial landscape.Listen in as Michael discusses:The DOJ has charged Visa with monopolization and exclusionary conduct under Sections 1 and 2 of the Sherman Act.Visa holds over 60% of the U.S. debit transaction market, with MasterCard as its closest competitor at 25%.The complaint alleges Visa engages in exclusionary agreements that penalize banks and merchants for using alternative debit networks.The 2010 Durbin Amendment aimed to increase competition but has had minimal effect on Visa's dominance, leading to ongoing scrutiny.Visa's strategies include partnering with potential competitors while leveraging significant market power to suppress competition.Following successes in technology sector enforcement, the DOJ is now expanding its scrutiny into financial markets, indicating a potential shift in antitrust enforcement dynamics.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How prepared is your company to handle the evolving risks of artificial intelligence and other emerging technologies in its compliance program? In this episode of Corruption, Crime and Compliance, Michael Volkov delves into the Department of Justice's 2024 updates to its evaluation of corporate compliance programs. As the DOJ continues to set global standards, Michael discusses key updates related to risk management, especially around AI and other technologies. He also covers important shifts in training, whistleblower protections, third-party management, and data analytics, offering a comprehensive overview of what businesses need to consider for effective compliance.You'll hear him discuss:The DOJ raises the bar for corporate compliance, including technology risk management through their updated Compliance Guidance (2024).Companies must evaluate AI in both business and compliance contexts, ensuring controls for trustworthiness and legal alignment.Firms need to incorporate lessons from other companies and adapt policies and procedures to reflect emerging tech.Employee training must now be interactive, tailored, and measured for effectiveness.With their focus on whistleblower protection, the DOJ emphasizes tracking employee comfort in reporting issues and ensuring protection from retaliation.Companies are encouraged to continuously monitor third-party relationships beyond the onboarding phase.Stronger processes are needed for compliance audits and integration after mergers.DOJ pushes for the use of data analytics tools in compliance and better coordination between HR and compliance teams.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupDOJ Evaluation of Corporate Compliance Programs

How prepared is your organization to handle the evolving landscape of sanctions compliance? In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.Cases discussed:British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupLinks to the four cases: British American Tobacco I Epsilon Electronics I Elf Cosmetics I Murad LLCA Framework for OFAC Compliance Commitments (May 2019)

The SEC's recent settlement with Deere & Company for $9.9 million for FCPA violations is another textbook example of bribery schemes, which revealed the absence of a culture of compliance, and the circumvention of basic entertainment, hospitality and travel expense controls. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the SEC's $9.9 million settlement with Deere & Company following widespread FCPA violations by its subsidiary, Wirtgen Thailand. Michael discusses how the bribery schemes, involving government officials in Thailand, reveal significant failures in compliance oversight and corporate governance, while also highlighting the critical lessons for businesses aiming to avoid similar pitfalls.Key Insights:Deere's subsidiary, Wirtgen Thailand, secured government tenders through cash bribes, entertainment at massage parlors, and lavish trips for officials from the Royal Thai Air Force (RTAF), Department of Highways (DOH), and Department of Rural Roads (DRR).Wirtgen disguised entertainment and bribe payments in expense reports with vague descriptions and round-number amounts, which were improperly approved by regional managers.Wirtgen organized extravagant trips disguised as factory visits for Thai officials, which included sightseeing and luxury hotels in Europe. These trips were arranged to win government tenders but involved no legitimate business activities.Bribes were also funneled through a third-party consultant via sham commission agreements. This consultant acted as a middleman, facilitating bribe payments to government officials to secure high-value tenders.Deere's failure to fully integrate Wirtgen into its compliance program after acquisition allowed the bribery schemes to continue. This highlights the risks of not harmonizing compliance protocols in newly acquired subsidiaries.In response to the SEC investigation, Deere terminated employees involved in the misconduct, revamped its compliance program, and introduced initiatives like a bi-monthly compliance newsletter and enhanced anti-bribery training.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.Listen in as Nicolas and Michael discuss:The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela's decline.Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system's integrity.Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.Resources:Nicolas Garcia on LinkedInNicolas Garcia on Email: Nicolas.Garcia@Orica.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What's the real cost of keeping corporate misconduct hidden? In this episode of Corruption, Crime and Compliance, Michael Volkov explores how the DOJ's recent declinations highlight the risks and rewards of voluntary self-disclosure. By examining two key cases, Michael illustrates how companies can avoid prosecution through cooperation but still face significant penalties, like disgorgement. The episode underscores the importance of transparency and robust compliance programs in navigating DOJ enforcement strategies.Key Points Covered:Declinations Explained: While DOJ declinations allow companies to avoid criminal charges, they require disgorgement of illegal profits.Boston Consulting Group Case: BCG reported bribery violations related to securing contracts in Angola. The company earned a declination by cooperating with DOJ, firing involved employees, and enhancing compliance. Total disgorgement: $14.4 million.Hitachi Cable (Proterial) Case: Hitachi Cable disclosed fraudulent safety violations in its motorcycle brake hoses. The company's proactive disclosure and internal reforms led to a declination. Disgorgement: $15.1 million, with partial credit for prior payments.The Risk of Concealment: Companies that hide misconduct face higher penalties. Voluntary disclosure offers the potential for leniency through declinations.DOJ's Corporate Compliance Focus: DOJ continues to push for transparency and proactive corporate compliance, using declinations as a tool to incentivize self-reporting and improve internal controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How will the DOJ's new corporate whistleblower pilot program reshape the enforcement of corporate criminal conduct? In this episode of Corruption, Crime, and Compliance, Michael Volkov explores the Department of Justice's (DOJ) new corporate whistleblower pilot program, highlighting its potential impact on corporate criminal enforcement. The program, which mirrors aspects of the SEC's whistleblower program, is designed to incentivize individuals to report misconduct by offering financial rewards. The program is significant for privately held companies and financial institutions not covered by the SEC, marking a notable shift in DOJ's approach to corporate compliance and enforcement.You'll hear him discuss:DOJ's Whistleblower Pilot Program: The DOJ introduced a three-year whistleblower pilot program that offers financial rewards to individuals who provide original information leading to significant criminal or civil forfeitures. This program, effective from August 1, 2024, mirrors aspects of the SEC's program but is specifically tailored to corporate criminal enforcement.Non-Appealable Rewards: Unlike the SEC's program, decisions made under the DOJ's whistleblower program are not appealable, minimizing litigation risks for the DOJ.Focus on Privately Held Companies: The program significantly impacts privately held companies and non-public financial institutions, areas previously not covered by the SEC's whistleblower program. This shift increases risks for these entities, particularly in cases involving foreign bribery, money laundering, and healthcare fraud related to private insurers.Incentives for Internal Reporting: The program introduces a 120-day window for companies to act on internal reports of misconduct. If companies fail to take action within this period, whistleblowers can report directly to the DOJ, potentially earning financial rewards, while companies risk losing potential non-prosecution agreements.Implications for Corporate Compliance: The new whistleblower program pressures companies to enhance their ethics and compliance programs. Companies must now navigate the risks associated with delayed reporting and the potential for whistleblowers to bypass internal controls in favor of DOJ reporting.Impact on DOJ Enforcement: The program is expected to bolster DOJ's corporate enforcement actions by encouraging more reports of misconduct, particularly in areas not previously covered by similar programs. However, the adequacy of the reward fund to incentivize significant whistleblower reporting remains uncertain.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupWhistleblower Awards Pilot Program

A New York federal district judge handed down a significant decision dismissing much of the SEC's securities fraud enforcement action against SolarWinds arising from its claims relating to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack against the SolarWinds' network. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses the significant dismissal of most of the SEC's securities fraud claims against SolarWinds by a New York federal district court. The case highlights the ongoing challenges in balancing cybersecurity disclosures with regulatory requirements, and the implications this ruling might have for future SEC enforcement actions.You'll hear him discuss:Judge's Decision: The court ruled that the SEC's claims were overly reliant on hindsight and speculation, particularly regarding SolarWinds' early-stage disclosure during the investigation of cyber incidents.Pre- and Post-Sunburst Disclosures: While the court upheld charges related to SolarWinds' pre-Sunburst cybersecurity statements, it dismissed the SEC's claims about the company's post-Sunburst disclosures, finding them not misleading under the circumstances.Internal Controls vs. Cybersecurity: The court rejected the SEC's attempt to apply internal accounting controls provisions to cybersecurity policies, marking a significant limitation on the SEC's enforcement scope.Implications for SEC's Approach: This decision contradicts the SEC's previous stance in cases like R.R. Donnelly, potentially influencing future SEC actions regarding cybersecurity and internal controls.Broader Impact: The ruling may affect how cybersecurity risks are reported and how companies manage their disclosure obligations, particularly in light of potential appeals and further litigation by the SEC.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing's recent plea agreement and what it means for corporate compliance and accountability.You'll hear him talk about:Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.Victims' Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasanceCompliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.Ongoing Challenges: Boeing's anti-fraud measures still have gaps, with broader implications for industries where safety is critical.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How does the SEC's recent settlement with R.R. Donnelly & Sons Company impact internal controls for cybersecurity incidents? In this episode of Corruption, Crime, and Compliance, Michael Volkow discusses a significant decision by the SEC involving a $2.1 million settlement with RR Donnelly & Sons Company (RRD) related to a 2021 ransomware attack. The SEC's decision marks the first time it applied its internal controls enforcement authority to cover cybersecurity policies and procedures, representing a substantial expansion of its enforcement reach.The SEC criticized RRD for failing to prioritize the review of security alerts and implement an effective workflow for escalating such reports. This oversight led to delayed detection and response to the cyber attack, during which hackers exfiltrated 70 gigabytes of data, including personal and financial information tied to 29 clients.You'll hear him talk about:The importance of robust internal controls to ensure prompt investigation and escalation of potential cybersecurity incidents.The need for companies to allocate sufficient resources and personnel to monitor and respond to third-party security alerts.The SEC's critique of RRD's internal incident response policies, particularly the lack of clear lines of responsibility and efficient workflows.The dissenting opinions within the SEC regarding the broad application of internal controls to cybersecurity, highlighting the need for specific guidance on reasonable cybersecurity controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupSEC settlement

Is your HR department rolling their eyes at compliance? Does your company have a non-retaliation policy? The report, based on over 1,000 global responses, reveals growing maturity in compliance programs but notable gaps, such as only 61% having a hotline and 55% having a non-retaliation policy. Join us on this week's Corruption Crime and Compliance to learn how cross-functional relationships are strong with data privacy and risk but weak with HR and finance. Michael Volkow highlights NavX's report, showing compliance's high engagement in processes like reputational harm and data breaches but often being involved late in mergers and acquisitions. Learn that common compliance issues include privacy, cybersecurity, and regulatory demands. The report also covers ESG programs and the need for better third-party risk management - tune in to hear more!You'll hear him talk about:How compliance is often brought in late during mergers and acquisitions, with 20% of respondents noting no engagement in these processes.Notable gaps that include only 61% of organizations having a hotline or whistleblower internal reporting channel and only 55% having a non-retaliation policy.How the report shows progress in the maturity of compliance programs, with half of the respondents rating their programs in the top two tiers of maturity.Compliance having strong relationships with data privacy and risk functions, but experiencing significant resistance from HR and finance departments.Half of the organizations experiencing at least one compliance issue in the past three years, with privacy and cybersecurity being the most common issues.Two-thirds of boards receiving periodic compliance reports, but one-third do not, highlighting a need for improved board engagement in compliance matters.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupNavex State of Risk and Compliance Report

Is the progress itself enough to consider the battle won? Are the ongoing scandals casting a shadow over the hard work against corruption? Despite challenges (such as limited resources due to the ongoing war) and recent scandals (such as overpriced eggs for the military), Ukraine maintains multiple institutions committed to transparency and integrity, crucially supported by international partnerships aimed at enhancing its anti-corruption infrastructure.Listen to this conversation between Michael Volkov and Halyna Senyk in which they focus on Ukraine's anti-corruption efforts amidst the backdrop of its ongoing war with Russia. Halyna Senyk, an expert from the CEELI Institute, details Ukraine's progress since 2014, highlighting the establishment of key anti-corruption agencies and reforms and how, over 10 years, it moved from 144 to 104 place in the Transparency International Corruption Perception Index.You can listen to how, despite these advancements, Senyk acknowledges persistent challenges, including recent setbacks and scandals that have tested the country's resolve.You'll hear them discuss:Historically pervasive and deeply rooted corruption at various levels of government and the reality of society that remains a critical challenge. Despite reforms and the establishment of anti-corruption agencies, the implementation and effectiveness of these measures are often undermined by systemic issues.The conflict with Russia that started in 2014 leading to military, economic, and social destabilization. This conflict has strained Ukraine's resources and governance capabilities, posing obstacles to effective governance and reform efforts.The volatile political landscape in Ukraine is characterized by frequent changes in leadership and political alliances that hamper consistent policy implementation and reform progress.The ongoing conflict and systemic corruption and how they contribute to economic challenges, including reduced investor confidence, economic uncertainty, and financial strain on public institutions.Ukraine's geopolitical position and how relations with neighboring countries and international allies, particularly with regard to Russia and the European Union, influence its ability to implement reforms and receive international support effectively.ResourcesHalyna Senyk on LinkedInEmail: Halyna.Senyk@ceeli.euCEELI Institute (Central and Eastern European Law Initiative)Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

Bryn Sedlacek, Vice President and Product Manager at Aravo, joins us on the podcast to discuss third-party risk management focusing on holistic risks and unified visibility. In a wide-ranging discussion, Mike Volkov and Bryn Sedlacek discuss the challenges in implementing a third-party risk management program that captures holistic risks and maintains a consistent, unified line of sight across the organization's risk profile. They focus on sanctions, capturing the source and ultimate destination of products/services and including those in screening, leveraging how to handle conflict minerals as a model, and how data intelligence providers can help. Additionally, Bryn discusses unified visibility, which provides comprehensive visibility to executives and decision-makers across risk domains and performance. Finally, they discuss InfoSec risk with third parties, where to start, and the future of risk - technology and alternative risk strategies. Join Michael and Bryn as they navigate the complexities of compliance in today's corporate landscape.Bryn discusses how crucial it is to start with a realistic approach to building a compliance program and continually improve compliance programs to mitigate risks effectively.Having a platform like Arvao's is valuable for companies as it is highly configurable and tailored to meet the unique needs of each client's business structure and risk management requirements.The partnership between IT and cyber security in a compliance program is vital for addressing cybersecurity risks effectively within organizations. It is a growing trend for IT and cyber security to focus on collaboration and meeting the unique needs of each department.Unified visibility across different risk domains and third-party activities is essential for making informed decisions and managing risks effectively. Continuous monitoring and auditing are crucial in compliance programs, with a risk-based approach to optimize resources and ensure proactive risk management.Sanctions compliance is a growing area of focus, requiring proactive monitoring, risk-based approaches, and continuous updates to mitigate risks effectively.ResourcesBryn Sedlaceck on the WebEmail: bsedlacek@arvavo.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

In this episode of Corruption, Crime and Compliance, we delve into the complex world of sanctions compliance and enforcement. In this new era of aggressive sanctions enforcement, companies have to understand the red lines that define where criminal and civil enforcement risk increases. In contrast to the history of FCPA enforcement, DOJ and OFAC have provided helpful guidance to alert companies where risks are likely to increase. Join host Michael Volkov as he navigates the intricate landscape of voluntary disclosures, criminal and civil enforcement risks, and the evolving strategies of regulatory agencies like OFAC and the Department of Justice.Hear Michael discuss:Sanctions enforcement involves a mix of civil and criminal line drawing.On the civil side, OFAC has explained that sanctions violations can be found based on strict liability with aggravating factors that turn the actor's state of mind. Third-party liability for distributors extends to situations where a principal company knew or reasonably should have known that products sold to a third party were intended for shipment to a prohibited entity or individual or a prohibited country. Third-party liability for violations occurring in a company's supply chain requires companies to break down its supply chain and learn the sourcing for all companies in its supply chain. It is clear that a failure to examine and assess your supply chain can lead to civil liability. In defining where criminal enforcement picks up on the culpability spectrum, DOJ and OFAC have defined potential criminal conduct based on the term "willful," meaning when an actor knew that its conduct was wrong but did not necessarily know the specific law that her/she was violating. Applying the "you know it when you see it" standard, companies have to weigh the evidence of surrounding circumstances to determine if an individual actor or actors possessed the requisite intent. Criminal enforcement determination will turn on the attribution of individual conduct to a company based on respondeat superior principles -- that is, whether the conduct was committed in the course of an individual's duties and in furtherance of a legitimate business purpose. Enforcement examples to track where the precise line falls between criminal and civil are few—a good start is by reviewing a meaningful record of DOJ enforcement actions against sanctions violations. The situation is akin to the early days of aggressive FCPA enforcement, where enforcement and settlement cases were reviewed for important precedents and explanations. DOJ's record here is about to be defined and companies, commentators and trade compliance professionals will be reading tea leaves and looking for patterns.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

LRN has issued another important report. In its latest report, The 2024 Benchmark of Ethical Culture Report, LRN has focused on the critical issue of corporate culture. LRN is a pacesetter and the leader in reliable studies on complex ethics and compliance issues. If not properly promoted or maintained, a defective culture can lead to serious misconduct, government investigation, reputational damage, and collateral harm. On the other hand, a positive and effective culture is a company's most valuable intangible asset, as it is tied directly to increased financial performance and sustainable growth. Over the past few years, business leaders have embraced what compliance and governance professionals already knew: companies with strong ethical cultures outperform other companies with weaker cultures. Employees at ethical companies are more productive, more satisfied, less likely to seek a new job, and more committed to the company's mission.Hear Michael discuss:LRN's 2024 Benchmark of Ethical Culture Report underscores the importance of ethical culture in driving financial performance and reducing misconduct rates.Generation Z shows a higher tolerance for unethical conduct, with nearly a quarter admitting to engaging in such behavior to get the job done.Hybrid workers who alternate between working from home and the office exhibit lower rates of misconduct and are more likely to report observed misconduct due to increased job satisfaction.Organizations with strong ethical cultures outperform those with moderate to weak cultures by at least 50% across various business performance measures.Employees at companies with strong ethical cultures are 1.5 times more likely to report observed misconduct, emphasizing the value of a positive work environment.Senior leaders often have more favorable perceptions of their organization's culture than middle management and frontline workers, highlighting the need for consistent messaging.LRN's research shows that nearly 70% of the variance in business performance is linked to an organization's ethical culture, emphasizing the critical role of culture in success.ResourcesLRN's 2024 Benchmark of Ethical Culture ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk, Compliance (GRC), and ESG space. She co-authored the book Governance in the Digital Age: A Guide for the Modern Corporate Board Director, co-hosts “The Corporate Director Podcast,” and co-created Diligent Institute's Certification programs for directors and executives, including AI Ethics & Board Oversight. Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She graduated from the University of Pennsylvania and is a Fellow of the Salzburg Global Seminar Corporate Governance Forum. Diligent and Bitsight recently issued an important report on corporate board oversight of cybersecurity risks. Dottie Schindlinger, Executive Director of Diligent Institute, joins Michael Volkov to discuss the important findings of Diligent's report.You'll hear Dottie and Michael discuss:Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders' Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range.Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650.The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew toward the basic security performance range.Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization's performance.Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Highly regulated industries tend to outperform other industries in terms of cybersecurity performance. Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall was healthcare at 730. Nearly a quarter (24%) of companies with basic security performance ratings came from the industrial sector. ResourcesDottie Schindlinger on LinkedInDiligent Institute | Diligent | Board EffectThe Report can be downloaded at: Cybersecurity, Audit and the Board ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

A new compliance cottage industry surrounds artificial intelligence. We are at such an early stage of AI development, and companies are still figuring out how they can employ the technology. However, some industries, such as financial institutions, have been using AI for fraud detection and other issues. These early adopters will likely set the tone for AI compliance practices. There is no question that AI holds terrific promise. The hype surrounding AI is just that -- hype. Until there is more certainty surrounding AI technology, we will witness a lot of bloviating. But this aside, corporate boards, senior executives, and business developers need to pay attention until the dust settles. The AI industry is moving so fast that the sooner we start to focus, the nimbler our response will be.Luckily, ethics and compliance principles are easily adaptable to AI risks. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses how the compliance profession is more than capable of building effective compliance programs around AI operations.Financial institutions have been using AI for fraud detection and other issues. They are at the forefront of developing compliance practices around AI.Companies need to embrace AI's promise and not get overwhelmed by all the hype. Corporate boards, senior executives, and business developers must pay attention until the dust settles.The AI industry is moving fast, and companies need to focus on what's happening. Compliance has to be nimble and quick, just like the technology.Like every aspect of a business, any new technology presents risks, and AI certainly presents risks that need to be mitigated. This, in turn, leads to the necessary question: How should a company structure its AI risk and compliance program?AI can be a very productive tool. It can easily end up reducing costs and increasing efficiency. More efficient companies can help the economy expand and create new opportunities for growth.Financial institutions, tech companies, pharmaceutical, medical device and transportation logistics industries are likely to be significant users of AI technology.Generative AI use may increase the risk of fraud and will need to incorporate risk mitigation costs and capabilities.Compliance professionals have the intelligence, professional capabilities, and integrity to rise to the challenge of AI technology and onboard a third party.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

With the beginning of the “New FCPA” era coined by DOJ's Deputy Attorney General Lisa Monaco, we now need to focus on third-party risk and sanctions enforcement. The law, the practice, and the risks are important and not just the same as FCPA legal requirements. As we embark on a new criminal enforcement era surrounding sanctions violations, companies have to address this issue and do it correctly. In this episode, Michael Volkov takes a comprehensive look at third-party risks from the distribution and supply sides and outlines appropriate strategies to manage these risks.Epsilon Electronics serves as a stark reminder of the financial consequences of non-compliance. The company faced an OFAC enforcement action due to a shipment to Iran, resulting in a staggering penalty of over $4 million.Apollo Aviation Group settled with OFAC for $210,600 for leasing aircraft engines which ultimately ended up being placed in to aircraft of a prohibited entity, Sudan Airways, violating sanctions regulations.ELF Cosmetics settled with OFAC for $996,000 for importing false eyelash kits containing materials sourced from North Korea, highlighting supply chain due diligence failures.The ELF Cosmetics case underscores the crucial role of supply chain due diligence in preventing sanctions violations. Instead of sticking their heads in the sand, companies must undertake basic supply chain due diligence when sourcing products from regions close to high-risk countries or regions.“Reason to know” is now the key phrase guiding the New FCPA era. OFAC does not need to prove goods ultimately end up in a sanctioned country. When you see red flags, you must resolve them or they could be considered a “reason to know” in OFAC's eyes.Seven essential elements to boost your compliance program and effectively mitigate third-party sanctions risks include risk assessment, varying levels of due diligence, end-user documentation, monitoring, training, and red flag identification.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Carlos Villagrán is the Director of Compliance at CMPC, a 100-year-old Chilean-based holding company, one of the worldwide leading pulp, paper, packaging, personal care, and other forest products manufacturers. With more than 20,000 employees, CMPC has industrial operations in 9 countries (LatAm and the US) and commercial offices in the US, Europe, and China, selling and distributing its products to more than 45 countries around the world. Carlos joined CMPC to remediate and rebuild CMPC's culture and compliance program after a devastating scandal -- CMPC was prosecuted for its involvement in a decade-long conspiracy to fix prices in Peru and Chile for consumer paper products. Carlos discusses the challenges he faced in rebuilding CMPA's culture and commitment to compliance. His story is an inspiration to all legal and compliance professionals and provides important instructive lessons to corporate leaders and compliance professionals.You'll hear Michael and Carlos discuss:The importance of rebuilding and rediscovering the values and purpose of CNPC after a major corporate crisis.The effects on market share quotas and sales prices when CNPC faced an investigation and found to be the leader of a cartel in Chile and Peru.How the crisis significantly impacted CNPC's reputation, leading to public protests and consumer backlash in Chile and Peru.CNPC's compliance team addressed the company's complex nature because of its diverse workforce, including data analytics experts, IT professionals, and engineers.How the compliance program at CNPC shifted from a traditional approach to a more cultural and system-thinking perspective, aligning with the company's values and operations.Success for the compliance program at CNPC is defined by the number of critical tables the team is seated on, indicating their value and integration within the business operations.ResourcesCarlos Villagran on the Web | LinkedInEmail: carlos.villagran@cmpc.cl or cfvillagran@gmail.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Over the last ten years, we have seen a marked shift from the Delaware Chancery Court chipping away at corporate board member liability claims. In a number of seminal cases involving Boeing airplane crashes (In re the Boeing Co. Derivative Litig., No. 2019-0907 (Del. Ch. Sept 7, 2021)), and deadly listeria outbreaks from tainted ice cream (Marchand v. Barnhill, 212 A.3d 805 (Del. 2019)), Delaware Courts have upheld plaintiffs' cases against claims of failing to adequately plead violations of the standards set forth in Caremark, 698 A.2d 959 (Del. Ch. 1996), (establishing basic pleading requirements to withstand motions to dismiss). In this episode, Mike Volkov provides a comprehensive update on the recent Caremark decisions issued by the Delaware Chancery Court, underscoring their importance for accountability and governance in the corporate world.Caremark oversight duties stem from the well-established duty of loyalty and its subsidiary duty of good faith. To plead a Caremark claim, a plaintiff is required to put forth adequate facts from which a factfinder can make a reasonable inference that the fiduciary acted in bad faith. Under Caremark, bad faith can be established when a fiduciary: “(1) utterly fail[s] to implement any reporting or information system or controls," or (2) having implemented such a system or controls, consciously fail to monitor or oversee its operations, which results in a failure to act or attend to a risk or problem requiring their attention or response. Last year, the Chancery Court made a groundbreaking decision, extending the so-called Caremark oversight obligations and governance requirements to senior management in the McDonald's case. In re McDonald's Corp. S'holder Derivative Litig., 289 A.3d 343 (Del. Ch. 2023). This ruling is one of the most significant developments in recent years, advocating for increased accountability for oversight and governance failures.Recent cases, such as the Boeing 737 MAX crashes and the Listeria outbreak from tainted Blue Bell ice cream, have highlighted failures in proper board governance and oversight responsibilities.In a case involving Segway, the Chancery Court dismissed a motion against an officer for failing to detect financial discrepancies, emphasizing the need to demonstrate a lack of good faith in monitoring central compliance risks.The trend in Delaware Chancery Court decisions is moving towards holding directors and officers accountable for failures to act in response to indications of potential illegal conduct, with a focus on bad faith actions.The Boeing case exemplifies the consequences of board members ignoring safety concerns and focusing solely on the bottom line, leading to tragic outcomes that could have been prevented with proper oversight and accountability.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Directive 2019/1937 of the European Parliament and Council dated 23 October 2019 on the “protection of persons who report breaches of Union law” (the “Directive”) is currently being implemented by EU Member States. The directive has broad applicability to organizations operating in the EU internal market and applies to both public and private sector organizations alike. Whistleblowers are guaranteed legal protection to the extent: (1) they have reasonable grounds to believe that the information reported was true at the time of the report; and (2) the whistleblower reported either internally to the organization, externally to a competent authority, or publicly. Private sector organizations with 50 or more workers are legally required to establish channels and procedures for internal reporting of EU law breaches and conduct appropriate follow-up. In this episode, Mike Volkov is joined by Daniela Melendez and Alex Cotoia from the Volkov Law Group, who bring their expertise to the table as they delve into the EU Directive and its implementation by several member states. Listen to this discussion to understand and navigate the complexities of the EU Whistleblowing Directive.The EU Whistleblower Directive shifts the burden of proof on retaliatory actions to the person taking the detrimental action, requiring them to demonstrate it was not linked to reporting concerns.Global companies are taking a proactive stance by increasingly focusing on robust ethics and compliance programs. This strategic move is aimed at mitigating risks and promoting positive corporate citizenship in today's economy, where adherence to legal and ethical standards is paramount.France signed the EU Directive into law on March 21, 2022, outlining protocols for gathering and handling whistleblower reports, including a two-month deadline for imposing disciplinary sanctions.Germany enacted the EU Directive on May 12, 2023, allowing anonymous reports and setting a three-month investigation deadline after receiving the report.Spain addressed the EU Directive on February 2023 by covering additional topics like occupational health and safety breaches. The directive established a three-month deadline for investigations and allowed anonymous reports.Italy transposed the EU Directive on August 4, 2022, including administrative, financial, civil, and criminal offenses not covered by the Directive, with a 30-day deadline to conduct investigations upon receipt of reports.Companies are advised to make resources available to conduct investigations quickly due to the short timeframes set by various countries' whistleblower protection laws.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupAlex Cotoia on LinkedIn Email: acotoia@volkovlaw.comDaniela Melendez on LinkedInEmail: dmelendez@volkovlaw.com