Corruption Crime & Compliance

The relationship between compliance and HR can make or break a company's culture of ethics and integrity. The DOJ’s revised Evaluation of Corporate Compliance Program requirements are pushing for greater cooperation and coordination between these two departments to create a robust and effective consequence management system. In this episode, Michael Volkov discusses the implications of these new requirements and emphasizes the need for HR and compliance to work together to achieve a culture of compliance and ethics. Here are some key ideas you’ll hear Michael discuss in this episode:The Justice Department is taking a prescriptive approach to mandating greater cooperation between compliance and HR, as there have been too many problems between these departments in the past.HR and Compliance have joint responsibilities and obligations to achieve a culture of compliance and ethics.An effective HR and compliance partnership can leverage resources to ensure the overall advancement and success of the company.Companies must comply with the DOJ's revised Evaluation of Corporate Compliance Programs and provide compliance with access to data generated across the organization. This is necessary to improve the effectiveness of the company's compliance program.DOJ is now requiring companies to maintain a robust and enhanced investigation root cause system to address the specific elements required for a culture of ethics and integrity.An effective consequence management system can only occur when there is active cooperation and effective coordination between HR and compliance.The new consequence management system includes financial penalties resulting from clawbacks and deferred compensation schemes that are tied to compliance behaviors and requirements.DOJ is focusing on incentives and disincentives to enhance individual compliant conduct and overall accountability. Positive incentives include promotions, rewards, and bonuses and disincentives include deferment or escrow of compensation. CCOs need to champion the creation of this system.CCOs must be seated at the senior executive level of business operations to fulfill DOJ's expectations for overall consequence management in the disciplinary area.Companies should consider cross-assignments of business managers to compliance and vice versa to promote career opportunities.“I have always advocated on behalf of a committee approach or some kind of independent, objective reviewer or the institution that metes out disciplinary actions to ensure consistency,” Michael says.Senior management must establish a framework for effective coordination and cooperation between HR, senior sales executives, legal, and compliance to achieve a culture of ethics and integrity.This framework should be empowered to work on behalf of the company to establish organizational justice.KEY QUOTES:"The Justice Department is now taking on the role of marriage counselor, not with individual couples, but with the critical corporate relationship - Ethics and Compliance and Human Resources." - Michael Volkov"With regard to disciplinary actions, there's nothing worse, folks, than a disciplinary system that treats similarly situated employees and executives in different ways based upon where they sit or what their sales performance is… Justice has to be blind and consistent here." - Michael Volkov"Organizations that throw large contingent payouts for lucrative business contracts or for hitting specific targets should consider the impact of these incentives on sales employees and their ability and incentive to adhere to ethical requirements." - Michael VolkovResources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupEvaluation of Corporate Compliance Programs

Wells Fargo has settled with OFAC for $30 million for sanctions violations that occurred during a seven-year period from 2008 to 2015. The violations stemmed from its acquisition of Wachovia Bank, which had a trade relationship with a European bank that conducted transactions involving sanctioned entities and individuals. Despite concerns raised internally, Wells Fargo failed to exercise caution or care in identifying and preventing such transactions. The case serves as a reminder of the importance of corporate culture of ethics and compliance. In this episode of Corruption, Crime, and Compliance, Michael Volkov takes a deeper dive into the issue and outlines the missteps that occurred; he also gives practical advice for companies to avoid the same mistakes. You’ll hear him discuss these key ideas in this episode:Wells Fargo has a lengthy record of misconduct and failures to remediate. Its latest enforcement action involves a $30 million settlement with OFAC for sanctions violations that occurred from 2008 to 2015. These violations include three separate OFAC sanctions involving Iran, Sudan, and Syria.Wells Fargo provided the European bank with trade finance software that was customized and used to conduct transactions that involved sanctioned entities and individuals, despite concerns raised internally on several occasions.OFAC found that “Wells Fargo demonstrated reckless disregard for US sanctions requirements …and failed to exercise a minimal degree of caution or care in failing to identify and prevent such transactions for seven years after it acquired Wachovia…”Wells Fargo's conduct highlights the importance of corporate culture of ethics and compliance.Companies must have proper oversight when pursuing new business opportunities or preserving existing business relationships, and must promptly investigate and address sanctions compliance risks when raised internally, even in non-core business lines.Comprehensive due diligence regarding potential sanctions risks is necessary when one entity acquires another through merger or acquisition.Aside from this part of Wells Fargo's operations, the overall bank had a strong sanctions compliance program.If Wells Fargo had invested in a culture of compliance, it could have turned around its organization with wholesale change and a real commitment to embedding, monitoring, and remediating its culture as needed.The case serves as a reminder that companies must have a speak-up culture and respond to concerns as they are raised, as well as the importance of corporate culture, ethics, and compliance.KEY QUOTES:"If Wells Fargo had reduced its outside legal consulting and professional expenditures by half and took the money to invest and implement a culture of compliance, you can rest assured that Wells Fargo would be able to turn around its organization." - Michael Volkov"Moreover, when sanctions compliance risks are raised internally, including concerns arising from smaller, non-core business lines, companies should promptly seek to thoroughly investigate and address those risks." - Michael Volkov"Wells Fargo's conduct here, when exposed and considered, is not just inexplicable, but reminds all of us on the importance of corporate culture of ethics and compliance." - Michael VolkovResources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

The world of FCPA enforcement is always changing, and in this episode of Corruption, Crime and Compliance, Michael Volkov catches us up on three recent enforcement actions. From Corsa Coal's rare declination to SEC settlements with Flutter Entertainment and Rio Tinto, each case offers important insights into the current state of FCPA enforcement. He shares how voluntary self-disclosure, appropriate due diligence processes, and enhancements to compliance programs and accounting controls can help companies avoid penalties and strengthen their position.You’ll hear Michael discuss these ideas:Companies are encouraged to voluntarily self-disclose bad behavior to the DOJ, which may result in a declination and significant reductions in penalties.Corsa Coal earned a rare declination from the DOJ after cooperating in the prosecution of two former executives and meeting their burden to establish inability to pay. Their disgorgement was significantly reduced from $31 million to $1.2 million.Flutter Entertainment, which acquired PokerStars, was fined $4 million by the SEC for improper payments to Russian-based consultants made by Stars Group, its previous owner. Stars Group failed to conduct due diligence or maintain appropriate written contracts for third parties, leading to bribery violations.Acquiring companies should conduct appropriate due diligence on the acquired company's FCPA compliance.Rio Tinto paid $15 million to settle FCPA violations arising from a bribery scheme involving a senior Ghanaian government official. Despite red flags indicating that the consultant was advising the Ghanaian official and preserving Rio Tinto's ability to operate in Guinea, Rio Tinto eventually approved two lump sum payments totaling $10.5 million.Companies should pay attention to red flags when paying high commissions to sales agents involved in extractive industries.Rio Tinto implemented enhancements to their compliance programs and accounting controls after FCPA violations.KEY QUOTES:"As part of DOJ's push on voluntary self-disclosures in changes to its corporate enforcement policy, they really are encouraging companies to come in and voluntarily disclose when they find bad behavior." - Michael Volkov"...when acquiring a company, you've got to conduct due diligence and make sure that you do not find any FCPA violations or any problems like that." - Michael Volkov"Rio Tinto strengthened its ethics and compliance organization, enhanced its code of conduct, as well as its policies and procedures, gifts and hospitality, due diligence, and use of third parties. In addition, Rio Tinto enhanced its whistleblower program and improved its monitoring systems and internal controls related to payments to third parties. Finally, Rio Tinto enhanced its anti-corruption risk assessments and transactions testing and increased training of employees and third parties." - Michael VolkovResources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

The Justice Department is raising the bar on corporate compliance, and Michael Volkov believes we are witnessing a watershed moment. In this episode of Corruption, Crime and Compliance, he explains the significant revisions to the evaluation of corporate compliance programs, the new corporate enforcement policy, and the criminal division's three-year pilot program on compensation incentives and clawbacks. Some of the ideas discussed in this episode include:DOJ is raising expectations for corporate compliance programs and incentivizing ethical behavior.Companies must implement effective employee reporting systems, conduct timely internal investigations, and hold bad actors and weak supervisors accountable for their failures.DOJ is frustrated with the lack of cooperation between HR and compliance departments and seeks to promote a new era of compliance cooperation and operationalization.The evaluation of corporate compliance programs now includes a new section entitled Compensation Structures and Consequence Management, which mandates the design and implementation of compensation schemes to foster a compliance culture.DOJ's three-year pilot program for corporate compensation systems and clawbacks aims to reduce the burden on corporate shareholders and punish individual wrongdoers.Companies need to bring together senior leadership, business leaders, legal and compliance, and human resources to build together a set of incentives, disincentives and other structural changes to promote an ethical culture of compliance.DOJ expects companies to implement an effective employee reporting system. The updated guidelines provide specific guidance on how that reporting system ties into the overall advancement of the corporate culture, timely internal investigations, careful root cause analyses, and a new term consequence management.Companies can earn a fine reduction when they seek to recoup compensation from culpable employees, and prosecutors will have discretion in how to fashion the requirements for the compliance-related compensation and bonus systems.DOJ's new policy includes important requirements for preservation of data from messaging applications and texting systems, and companies need to tailor communications data preservation policies to the specific risk, profile, and needs of their business.KEY QUOTES:"DOJ's intent here is just unmistakable. Companies have to monitor, detect, and prevent future wrongdoing, and they have to hold bad actors and weak supervisors accountable for their failures." - Michael Volkov"To the extent that compliance and HR departments fail to coordinate and fight over turf, companies will face increased risks of a defective ethics and compliance program, employee misconduct rates will rise, and government investigation risks will rise as well." - Michael Volkov"Finally, with respect to risk management, companies have to ensure that they are appropriate consequences to executives and employees who fail to comply with communications and data preservation requirements. " - Michael VolkovResources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

In this insightful solo episode of Crime, Corruption, and Compliance, host Michael Volkov delves into the details of the first-of-its-kind Joint Compliance Note (JCN) regarding the evasion of Russia sanctions and export controls. This noteworthy document has been jointly issued by the United States Justice Department, the Department of Commerce, and the Treasury Department, highlighting its significance in the world of compliance.Throughout the episode, Michael explores the critical red flag lists, government expectations, and alerts to common high-risk scenarios provided by the JCN, emphasizing the crucial role it plays in guiding organizations through potential compliance challenges. With the U.S. Russia Sanctions and Export Control Program being unprecedented in its scope and complexity, Michael sheds light on the challenges faced by trade compliance officers and the steps organizations can take to mitigate risks.Key ideas you’ll hear in this episode:The JCN is an essential resource for compliance professionals, detailing red flags and tactics used by organizations and individuals to evade applicable sanctions and export controls.The joint issuance of this document by DOJ, OFAC, and BIS highlights the importance placed on organizations to implement and maintain risk-based compliance programs.Third-party intermediaries and transshipment points are often exploited to disguise the involvement of specially designated nationals (SDNs) or parties on the BIS entity list in transactions, obscuring the true identities of end-users.The JCN provides an invaluable list of red flags to watch for if a company suspects that a customer is using a third party to evade sanctions or export controls, with real-world examples for context. Some of the red flags to watch out for include:Use of corporate vehicles, such as shell companies, to obscure ownership, source of funds, or countries involved.A customer's reluctance to share information about the end use of a product.Use of shell companies for international wire transfers.Declining customary installation, training, or maintenance services.Mismatched IP addresses that do not correspond to a customer's reported location data.Last-minute changes to shipping instructions contrary to customer history or business practices.Payments coming from a third-party country or business not listed on the end-user statement.Use of personal email accounts instead of company email addresses.Operation of complex and/or international businesses using residential addresses or addresses common to multiple closely held corporate entities.Changes to standard letters of engagement that obscure the ultimate customer.Transactions involving a change in shipments or payments previously scheduled for Russia or Belarus.Transactions involving entities with little or no web presence.Routing purchases through certain transshipment points commonly used to illegally redirect restricted items to Russia or Belarus.In the face of potential violations, companies are encouraged to utilize voluntary disclosure programs maintained by DOJ, OFAC, and BIS.Compliance and trade compliance professionals should review the JCN thoroughly to ensure overall trade compliance and be ready to conduct additional due diligence when confronted with any red flags.KEY QUOTES:"When multiple red flags come up, organizations are expected to screen the entities and persons involved and then conduct additional risk-based due diligence on customers, intermediaries, and counterparties." - Michael Volkov"In other words, not only do you need to screen, but they're going to require you, and they're going to second guess you on the issue of whether you should have done additional due diligence. And that's important." - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

In this episode of the Crime, Corruption, and Compliance podcast, host Michael Volkov dives into the Ericsson FCPA Deferred Prosecution Agreement breach settlement. The case highlights important issues with conducting internal investigations, corporate culture, and dealing with the Justice Department in the event of a breach. The episode delves into the details of the case, discussing the lessons learned from this massive failure and nightmare scenario with regard to disclosures, and how it serves as a cautionary tale for all investigators, whether conducted by internal staff or outside counsel.Here are some key ideas discussed in this episode:Ericsson, the Swedish telecom company, breached its 2019 Deferred Prosecution Agreement and agreed to enter a guilty plea to the original charges in the DPA and pay a $206M penalty.The breach was primarily due to Ericsson's failure to disclose its bribery payments or potential bribery payments to ISIS to facilitate transportation of telecom equipment in Iraq.Ericsson used third-party agents and consultants to pay bribes to government officials in a number of countries to manage slush funds.Ericsson's failures have undermined the integrity of its corporate commitment to compliance and ethical culture, damaged its reputation, and threatened its relationship with the Justice Department and overall government regulators.The breach prevented the DOJ from bringing criminal charges against certain individuals and harmed the US's ongoing criminal investigation.Ericsson's breach presents a laundry list of internal investigation errors, such as a failure to produce responsive documents for many years, omitting key details related to its investigative findings, and a lack of fundamental culture improvements.Ericsson has significantly enhanced its compliance program and internal accounting controls through structural and leadership changes, including hiring a new Chief Legal Officer and Head of Corporate and Government Investigations.The DOJ's calculation of the criminal penalty was for just over $727,000,000, reflecting the midpoint of the applicable guideline range, and Ericsson will be required to serve a term of probation, which can be revoked for further violations found.Ericsson agreed to continue to enhance its program and to test these enhancements for effectiveness.Ericsson's violations were pervasive and systemic, reflecting a rotten culture that promoted bribery as a means to make money.Failures to disclose by outside counsel partially reflect failures of senior leadership responsible for oversight and direction of outside counsel.Outside counsel must establish an effective working relationship with transparency, coordination, and full disclosure.Senior executives must engage with outside counsel at each and every step of the investigation to check on the overall process.The failure to produce certain documents underscores the need for a document retention policy.KEY QUOTES:"This breach really presents a laundry list of internal investigation errors. ...It is a cautionary tale for all investigators, whether conducted by internal staff or outside counsel." - Michael Volkov"The failures to disclose, in my view, partially reflect failures of various actors, including outside counsel, but also senior leadership." - Michael Volkov"Its culture was rotten, and it promoted bribery as a means to an important end that is just making money." - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

The contract to invoice to payment process may seem like a small part of a larger process, but it's at the core of many enforcement issues, particularly when it comes to the FCPA. In fact, we've seen some important cases that have highlighted the critical nature of this process, including the Oracle case from last year. This episode of Crime, Corruption and Compliance is not just a review of the FCPA, but rather an in-depth exploration of how companies can implement effective internal controls around their financial operations, and avoid potential problems that can arise from breakdowns in this process. I dive into the details of this important topic so you can learn how to build an effective control environment for your company's financial operations.These are some key ideas I discuss in this episode:Internal controls are critical to preventing fraud and corruption and must be established and maintained to ensure the proper use of corporate assets.The accounting provisions of the FCPA include the books and records provision and the internal controls provision, which require issuers to keep accurate and detailed records of their transactions and maintain a system of internal accounting controls.The contract to invoice to payment process is a key area where breakdowns in internal controls can occur, leading to illegal payments and bribery risks.A robust due diligence process is required to confirm the ownership, legal compliance, reputation, and other important factors of potential vendors and suppliers.Accounts payable and accounts receivable personnel are critical frontline actors in the procurement to pay process and should be trained in compliance to mitigate risks and elevate red flags when necessary.The coordination and communication between finance, procurement, and compliance functions is crucial to establishing effective controls and preventing potential high-risk situations.Contract and purchase order management systems should be established to link the contracting and purchasing process with invoicing and payment, ensuring proper review and verification of invoices and payments.Invoicing and payment processes should be closely monitored and authorized in accordance with contractual and purchase order terms to avoid unauthorized use of corporate assets and reduce bribery risks.Compliance programs should include a monitoring program and transaction testing program to regularly review and test the effectiveness of internal controls in the procurement to pay process.KEY QUOTES:“Compliance has to push their way into the environment here and start to take some responsibility for transaction testing, for monitoring, for partnerships related to high value or high-risk third parties, to make sure that we're monitoring and addressing that risk.” - Michael Volkov“One of the things that has to go along with your third party due diligence program is what I would call a contract management system.” - Michael Volkov“Accounts payable personnel should always be relied on in terms of natural allies and open communications. Having them elevate red flags to the business and the compliance functions has to be a key priority here because they are on the front lines.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

LRN's 2023 Ethics and Compliance Program Effectiveness Report provides valuable insights into the state of ethics and compliance programs in companies around the world, highlighting the importance of commitment, investment, and promotion of corporate ethics and compliance, especially during times of economic and geopolitical turbulence. Michael Volkov welcomes Susan Divers of LRN to discuss the implications of recent court decisions and DOJ regulations on corporate compliance programs. She also explores how these developments have increased the responsibility of senior management and boards, as well as the importance of data collection and analysis in order to ensure that a company is effectively managing its risks. Susan Divers is a well-known lawyer and expert in the field of ethics and compliance. She currently serves as the Director of Thought Leadership at LRN, a leading ethics and compliance training and advisory firm. Prior to joining LRN, she was the Senior Advisor for Global Compliance at Baker Hughes, a GE Company. She has also worked as an Assistant Chief Counsel in the Division of Enforcement at the U.S. Securities and Exchange Commission, and as a litigator at several major law firms. Susan has extensive experience in designing and implementing effective ethics and compliance programs for organizations of all sizes and industries. She is a frequent speaker and author on topics related to ethics and compliance, and is widely respected as a thought leader in the field.Key ideas you’ll hear Michael and Susan discuss:Strengthening ethical culture during the pandemic. According to LRN, 82% of respondents reported that their ethical cultures had strengthened as a result of the challenges faced during the pandemic. This is the third year in a row that the survey has asked this question and received positive responses, indicating that the trend is not a fluke.Values-based leadership. The report highlights the importance of values-based leadership and programs in meeting challenges effectively. Almost the same percentage of respondents reported that their companies operated based on values as opposed to a rules-based compliance program, emphasizing the critical role a company's values play in shaping its ethics and compliance culture.Trade compliance. Trade compliance is an area of concern, with only 25% of respondents enhancing their trade control compliance and training. Due to increased export and sanctions regulations, this area poses a significant risk, especially in light of the Russia sanctions.Inadequate internal systems, staff shortages, budget constraints, and employee disengagement are common challenges faced by ethics and compliance professionals.The importance of data analytics. As the report points out, data analytics is essential for measuring ethics and compliance programs' effectiveness and addressing areas of concern. Data analytics can provide insights on how a program is actually doing today, not yesterday, and can point towards hotspot thoughts that need to be addressed. A good internal system is necessary for good data analytics.The importance of investing in appropriate training and risk controls to stay up-to-date with the latest regulations. The regulatory environment is constantly evolving, and new risks are emerging all the time. Investing in appropriate training and risk controls enables organizations to identify and mitigate risks proactively, reducing the likelihood of a compliance breach or other negative event.KEY QUOTE"If you don't have a good internal system, you're not going to be able to get good data analytics which tell you how your program is actually doing today, not yesterday, and which point towards hot spots or areas of concern that you really need to address." - Susan DiversResourcesSusan Divers on LinkedIn Email: susan.divers@lrn.com LRN 2023 PEI Report

On this episode of the Crime, Corruption and Compliance podcast, host Michael Volkov discusses the Department of Justice’s recent focus on incentives and disincentives as part of an effective ethics and compliance program. This includes awards for ethical conduct, clawbacks, and deferred payment schemes to hold officers and employees accountable for misconduct, and requirements for executives to be evaluated on their compliance with laws and regulations. Michael also talks about how companies can create appropriate policies and procedures to incentivize and monitor compliance and how to design and implement a compensation system that ensures compliance. Key ideas you’ll hear in this episode: DOJ stresses the need for positive incentives for ethical conduct, including awards and annual employee performance reviews.Companies already have a strong disincentive for engaging in misconduct, which is termination.Recent enforcement actions against companies like Novartis and Wells Fargo have highlighted the gap in the incentive-disincentive framework.DOJ is examining the efficacy of clawbacks and deferred payment schemes as an important alternative to massive criminal fines against companies. This will hold the bad actors accountable, as well as those who had supervisory responsibilities and failed to act.Clawbacks and punishments for bad actors will need to be incorporated into settlements and terminations. Company policies will need to include more protections and discretion to pull back benefits from bad actors.There are a number of issues to consider when implementing a clawback program, including who it applies to, how it is triggered, and how much of the company's bonus payments should be subject to clawback.DOJ anticipates requiring a wide clawback program that extends to senior management level. Crafting these measures will require a collaborative process within the company involving legal and business representatives, human resources, ethics and compliance, senior management, and potentially union representatives or work councils.Danske Bank is the first to implement a compliance compensation requirement in their settlement papers with the Justice Department. The settlement includes a provision that executives will be evaluated on their compliance efforts and a failing score will make them ineligible for bonuses.Companies need to design and implement compensation systems to incentivize compliance behavior and create disincentives for non-compliant conduct.KEY QUOTES:“Your company policies are going to have to incorporate more protections and more discretion for the company to pull back on benefits to bad actors. Bad actors here, I mean not just the actual bribe payer or scheme designer, but also those people who failed to conduct proper oversight and monitoring of the department that engaged in the misconduct.” - Michael Volkov “In practice, companies need to formulate appropriate policies and procedures, document their system, and demonstrate commitment to enforcement of the policies to incentivize compliance behavior and create clear disincentives for noncompliant conduct.” - Michael Volkov“A compliance-oriented compensation system has to be implemented along with other clawback and deferred payment systems.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

In this episode of the Crime, Corruption, and Compliance podcast, Michael Volkov forecasts the compliance and ethics trends that will be significant in 2023. He emphasizes the crucial role ethics and compliance play in the corporate governance landscape, the increasing relevance of ESG, and highlights the need for robust ethics and compliance programs even in the C suite. Key ideas in this episode:The need for robust ethics and compliance programs with adequate resources.Boards and CEOs who fail to understand the importance of these programs are “doomed”.Culture and ethics will be top priority in 2023.The importance of C suite risk assessments and third-party risk management. “CCOs need to reach out to internal audit and their CFOs to enlist their support for a simple proposition, and that is that we need to design and implement financial controls applicable to the C Suite that are tailored to the relevant risks,” Michael says.The evolution of third-party risk management to become a more holistic concept. “The ability to address, monitor and collect data on your third parties also with the evolving risk landscape led to this transformation,” Michael points out. “The fast pace of this transformation is going to continue.” CCOs and compliance officers need to ask questions surrounding internal controls and accounting controls.Compliance professionals will participate more deeply in financial control review and responsibility. KEY QUOTES:“CCOs need to reach out to internal audit and their CFOs to enlist their support for a simple proposition, and that is that we need to design and implement financial controls applicable to the C Suite that are tailored to the relevant risks.” - Michael VolkovResources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group