Corruption Crime & Compliance

Discover how the Department of Justice is reshaping corporate compliance in light of emerging technologies like AI. Key updates focus on risk management and ethical practices, emphasizing the importance of interactive employee training. The podcast highlights the critical role of whistleblower protections and ongoing monitoring of third-party relationships. Learn about the value of data analytics, stronger compliance audits, and the need for companies to adapt their policies to reflect evolving risks. This discussion is essential for businesses aiming to stay compliant and ethical.

How prepared is your organization to handle the evolving landscape of sanctions compliance? In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.Cases discussed:British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupLinks to the four cases: British American Tobacco I Epsilon Electronics I Elf Cosmetics I Murad LLCA Framework for OFAC Compliance Commitments (May 2019)

The SEC's recent settlement with Deere & Company for $9.9 million for FCPA violations is another textbook example of bribery schemes, which revealed the absence of a culture of compliance, and the circumvention of basic entertainment, hospitality and travel expense controls. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the SEC’s $9.9 million settlement with Deere & Company following widespread FCPA violations by its subsidiary, Wirtgen Thailand. Michael discusses how the bribery schemes, involving government officials in Thailand, reveal significant failures in compliance oversight and corporate governance, while also highlighting the critical lessons for businesses aiming to avoid similar pitfalls.Key Insights:Deere’s subsidiary, Wirtgen Thailand, secured government tenders through cash bribes, entertainment at massage parlors, and lavish trips for officials from the Royal Thai Air Force (RTAF), Department of Highways (DOH), and Department of Rural Roads (DRR).Wirtgen disguised entertainment and bribe payments in expense reports with vague descriptions and round-number amounts, which were improperly approved by regional managers.Wirtgen organized extravagant trips disguised as factory visits for Thai officials, which included sightseeing and luxury hotels in Europe. These trips were arranged to win government tenders but involved no legitimate business activities.Bribes were also funneled through a third-party consultant via sham commission agreements. This consultant acted as a middleman, facilitating bribe payments to government officials to secure high-value tenders.Deere's failure to fully integrate Wirtgen into its compliance program after acquisition allowed the bribery schemes to continue. This highlights the risks of not harmonizing compliance protocols in newly acquired subsidiaries.In response to the SEC investigation, Deere terminated employees involved in the misconduct, revamped its compliance program, and introduced initiatives like a bi-monthly compliance newsletter and enhanced anti-bribery training.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.Listen in as Nicolas and Michael discuss:The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela’s decline.Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system’s integrity.Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.Resources:Nicolas Garcia on LinkedInNicolas Garcia on Email: Nicolas.Garcia@Orica.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What’s the real cost of keeping corporate misconduct hidden? In this episode of Corruption, Crime and Compliance, Michael Volkov explores how the DOJ's recent declinations highlight the risks and rewards of voluntary self-disclosure. By examining two key cases, Michael illustrates how companies can avoid prosecution through cooperation but still face significant penalties, like disgorgement. The episode underscores the importance of transparency and robust compliance programs in navigating DOJ enforcement strategies.Key Points Covered:Declinations Explained: While DOJ declinations allow companies to avoid criminal charges, they require disgorgement of illegal profits.Boston Consulting Group Case: BCG reported bribery violations related to securing contracts in Angola. The company earned a declination by cooperating with DOJ, firing involved employees, and enhancing compliance. Total disgorgement: $14.4 million.Hitachi Cable (Proterial) Case: Hitachi Cable disclosed fraudulent safety violations in its motorcycle brake hoses. The company’s proactive disclosure and internal reforms led to a declination. Disgorgement: $15.1 million, with partial credit for prior payments.The Risk of Concealment:  Companies that hide misconduct face higher penalties. Voluntary disclosure offers the potential for leniency through declinations.DOJ’s Corporate Compliance Focus: DOJ continues to push for transparency and proactive corporate compliance, using declinations as a tool to incentivize self-reporting and improve internal controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How will the DOJ's new corporate whistleblower pilot program reshape the enforcement of corporate criminal conduct? In this episode of Corruption, Crime, and Compliance, Michael Volkov explores the Department of Justice's (DOJ) new corporate whistleblower pilot program, highlighting its potential impact on corporate criminal enforcement. The program, which mirrors aspects of the SEC’s whistleblower program, is designed to incentivize individuals to report misconduct by offering financial rewards. The program is significant for privately held companies and financial institutions not covered by the SEC, marking a notable shift in DOJ's approach to corporate compliance and enforcement.You’ll hear him discuss:DOJ’s Whistleblower Pilot Program: The DOJ introduced a three-year whistleblower pilot program that offers financial rewards to individuals who provide original information leading to significant criminal or civil forfeitures. This program, effective from August 1, 2024, mirrors aspects of the SEC’s program but is specifically tailored to corporate criminal enforcement.Non-Appealable Rewards: Unlike the SEC’s program, decisions made under the DOJ’s whistleblower program are not appealable, minimizing litigation risks for the DOJ.Focus on Privately Held Companies: The program significantly impacts privately held companies and non-public financial institutions, areas previously not covered by the SEC’s whistleblower program. This shift increases risks for these entities, particularly in cases involving foreign bribery, money laundering, and healthcare fraud related to private insurers.Incentives for Internal Reporting: The program introduces a 120-day window for companies to act on internal reports of misconduct. If companies fail to take action within this period, whistleblowers can report directly to the DOJ, potentially earning financial rewards, while companies risk losing potential non-prosecution agreements.Implications for Corporate Compliance: The new whistleblower program pressures companies to enhance their ethics and compliance programs. Companies must now navigate the risks associated with delayed reporting and the potential for whistleblowers to bypass internal controls in favor of DOJ reporting.Impact on DOJ Enforcement: The program is expected to bolster DOJ’s corporate enforcement actions by encouraging more reports of misconduct, particularly in areas not previously covered by similar programs. However, the adequacy of the reward fund to incentivize significant whistleblower reporting remains uncertain.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupWhistleblower Awards Pilot Program

A New York federal district judge handed down a significant decision dismissing much of the SEC's securities fraud enforcement action against SolarWinds arising from its claims relating to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack against the SolarWinds' network. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses the significant dismissal of most of the SEC's securities fraud claims against SolarWinds by a New York federal district court. The case highlights the ongoing challenges in balancing cybersecurity disclosures with regulatory requirements, and the implications this ruling might have for future SEC enforcement actions.You’ll hear him discuss:Judge's Decision: The court ruled that the SEC's claims were overly reliant on hindsight and speculation, particularly regarding SolarWinds’ early-stage disclosure during the investigation of cyber incidents.Pre- and Post-Sunburst Disclosures: While the court upheld charges related to SolarWinds' pre-Sunburst cybersecurity statements, it dismissed the SEC’s claims about the company’s post-Sunburst disclosures, finding them not misleading under the circumstances.Internal Controls vs. Cybersecurity: The court rejected the SEC's attempt to apply internal accounting controls provisions to cybersecurity policies, marking a significant limitation on the SEC's enforcement scope.Implications for SEC's Approach: This decision contradicts the SEC's previous stance in cases like R.R. Donnelly, potentially influencing future SEC actions regarding cybersecurity and internal controls.Broader Impact: The ruling may affect how cybersecurity risks are reported and how companies manage their disclosure obligations, particularly in light of potential appeals and further litigation by the SEC.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing’s recent plea agreement and what it means for corporate compliance and accountability.You’ll hear him talk about:Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.Victims’ Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasanceCompliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.Ongoing Challenges: Boeing’s anti-fraud measures still have gaps, with broader implications for industries where safety is critical.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How does the SEC's recent settlement with R.R. Donnelly & Sons Company impact internal controls for cybersecurity incidents? In this episode of Corruption, Crime, and Compliance, Michael Volkow discusses a significant decision by the SEC involving a $2.1 million settlement with RR Donnelly & Sons Company (RRD) related to a 2021 ransomware attack. The SEC's decision marks the first time it applied its internal controls enforcement authority to cover cybersecurity policies and procedures, representing a substantial expansion of its enforcement reach.The SEC criticized RRD for failing to prioritize the review of security alerts and implement an effective workflow for escalating such reports. This oversight led to delayed detection and response to the cyber attack, during which hackers exfiltrated 70 gigabytes of data, including personal and financial information tied to 29 clients.You’ll hear him talk about:The importance of robust internal controls to ensure prompt investigation and escalation of potential cybersecurity incidents.The need for companies to allocate sufficient resources and personnel to monitor and respond to third-party security alerts.The SEC's critique of RRD's internal incident response policies, particularly the lack of clear lines of responsibility and efficient workflows.The dissenting opinions within the SEC regarding the broad application of internal controls to cybersecurity, highlighting the need for specific guidance on reasonable cybersecurity controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupSEC settlement

Is your HR department rolling their eyes at compliance? Does your company have a non-retaliation policy? The report, based on over 1,000 global responses, reveals growing maturity in compliance programs but notable gaps, such as only 61% having a hotline and 55% having a non-retaliation policy. Join us on this week’s Corruption Crime and Compliance to learn how cross-functional relationships are strong with data privacy and risk but weak with HR and finance. Michael Volkow highlights NavX's report, showing compliance's high engagement in processes like reputational harm and data breaches but often being involved late in mergers and acquisitions. Learn that common compliance issues include privacy, cybersecurity, and regulatory demands. The report also covers ESG programs and the need for better third-party risk management - tune in to hear more!You’ll hear him talk about:How compliance is often brought in late during mergers and acquisitions, with 20% of respondents noting no engagement in these processes.Notable gaps that include only 61% of organizations having a hotline or whistleblower internal reporting channel and only 55% having a non-retaliation policy.How the report shows progress in the maturity of compliance programs, with half of the respondents rating their programs in the top two tiers of maturity.Compliance having strong relationships with data privacy and risk functions, but experiencing significant resistance from HR and finance departments.Half of the organizations experiencing at least one compliance issue in the past three years, with privacy and cybersecurity being the most common issues.Two-thirds of boards receiving periodic compliance reports, but one-third do not, highlighting a need for improved board engagement in compliance matters.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupNavex State of Risk and Compliance Report