Corruption Crime & Compliance

Christian Focacci is a leader in the artificial intelligence world and harnesses the capabilities for risk management. He is the founder and CEO of Threat.Digital, which has launched a new product DiligenAI.  Threat.Digital is leveraging large language models and real-time data feeds to empower organizations to identify risk information confidently and efficiently, setting a new standard in risk intelligence. Mike and Christian discuss AI and its use in compliance third-party risk management.You'll hear them discuss:AI should be viewed as a tool to enhance decision-making processes rather than a replacement for human judgment. It highlights the importance of leveraging AI to process vast amounts of data efficiently.Organizations must strike a balance between recognizing the risks associated with AI, such as generative AI, and harnessing its potential benefits to improve productivity and decision-making within organizations.Advancements in language models, particularly large language models like Chat GPT, have revolutionized the processing and understanding of unstructured text data, enabling more accurate and context-aware analysis.Companies can use AI to significantly enhance due diligence processes, risk assessment, and compliance efforts by efficiently summarizing and analyzing vast amounts of information to support decision-making.The use of AI in due diligence and compliance is a tool meant to empower human decision-makers by providing them with comprehensive and distilled information, allowing them to focus on critical analysis and decision-making rather than mundane tasks.One major strength of AI, particularly large language models, is to improve monitoring processes by reducing false positives and providing real-time alerts based on predefined criteria, enabling more efficient risk identification and management.AI has a bright future, including the expansion of context windows in language models, the rise of open-source models, and the potential for running AI models on personal devices, indicating a shift towards decentralized and accessible AI technology.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupChristian Focacci on LinkedIn | Threat.Digital

On December 31, 2021, President Joseph R. Biden, Jr. signed the the Uyghur Forced Labor Prevention Act (“UFLPA”) into law to address the ongoing exploitation of the ethnic minority Uyghur population by the government of the People’s Republic of China (“PRC”). Among other things, the UFLPA creates a rebuttable presumption that all goods, wares, articles, and merchandise mined, produced, or manufactured wholly or in part in Xinjiang, or by entities designated for inclusion on the UFLPA Entity List, are prohibited from entry into the United States. To overcome the presumption, entities are required to demonstrate, by “clear and convincing evidence,” that such imports were not mined, produced, or manufactured in whole or in part by forced labor.In this episode, Mike and Alex discuss practical steps to comply with the UFLPA.The Uyghur Forced Labor Prevention Act, enacted by Congress, establishes a presumption that goods from Xinjiang are tied to forced labor. Importers must prove otherwise by providing extensive documentation, such as invoices, packing slips, and billing information, to demonstrate the origin of the goods and ensure compliance with the law.The UFLPA has led to a significant increase in enforcement by CBP, resulting in the detention of billions of dollars worth of commodities. This heightened scrutiny has prompted global companies to prioritize robust ethics and compliance programs to mitigate legal and economic risks associated with forced labor.Compliance with the UFLPA requires importers of record to furnish CBP with clear and convincing evidence that their goods were not produced using forced labor. This evidence includes supply chain tracing information, wage and payment records, credible audits, and attestations from every entity involved in the production process.Chinese entities have been known to employ deceptive practices to avoid detection and documentation requirements. This includes creating separate companies outside the Uyghur area and providing misleading information to purchasers. Due diligence and thorough investigation of beneficial ownership are crucial to ensure compliance.CBP's operational guidance for importers, published in 2022, provides essential information on navigating the complexities of the UFLPA. Importers should familiarize themselves with this guidance and engage in one-on-one discussions with their suppliers to communicate expectations and ensure compliance.The UFLPA places a significant burden on organizations relying on imports from China, as they must provide extensive documentation and meet the clear and convincing evidence standard. Failure to meet these requirements can result in the detention of goods, leading to supply chain disruptions and potential financial losses.Clear Channel, the former Chinese subsidiary of Clear Media, faced charges related to bribery violations. The bribes included expensive gifts, entertainment, and travel given to influence contract renewal negotiations with Chinese government officials. Clear Media engaged in deceptive practices, including falsifying payments and creating false invoices, to fund these illegal payments.ResourcesAlex Cotoia on LinkedIn | EmailMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Gabrielle Griffith, Director BPE Global, is an expert in trade compliance issues. Gabrielle assists clients in implementing effective trade compliance programs by addressing improvements within organizations’ people, processes, and systems. In the area of U.S. export controls, she advises clients on compliance with the International Traffic in Arms Regulations, the U.S. Export Administration Regulations, and the various embargo and sanctions programs administered by the Office of Foreign Asset Controls. On import compliance matters, she advises on classification, country of origin, special duty programs such as USMCA, focused assessments, C-TPAT, antidumping/countervailing duty as well as Section 232 and 301 matters. Gabrielle joins Michael to discuss current trade compliance trends and expectations for 2024.The increase in national security risk has heightened the need for creative thinking to identify potential threats that may not be designated within regulations. This means that companies must go beyond traditional compliance measures and think outside the box to proactively address emerging risks to national security.Global companies are facing unprecedented risks and challenges in today's economy, leading to a greater emphasis on robust ethics and compliance programs. These programs are essential for promoting positive corporate citizenship and mitigating legal and economic risks associated with corruption and crime.Trade compliance is no longer a silo within a compliance department but must be integrated into the entire operation of a company. This means that trade compliance considerations should be incorporated into all aspects of a company's business processes, from product development to supply chain management.The Department of Justice is ramping up efforts to prosecute companies for trade compliance violations, particularly in relation to national security. This increased focus on enforcement means that companies need to be proactive in ensuring compliance with export control regulations and other trade compliance requirements.Over-controlling trade compliance can hinder business operations while under-controlling can lead to violations. Finding the right balance is crucial. Companies should strive to implement effective trade compliance measures that align with their specific business needs, avoiding unnecessary restrictions while still ensuring compliance with applicable regulations.The government should collaborate more with industry consultants to bridge the gap between enforcement agencies and companies, ensuring effective communication and guidance. This collaboration can help companies navigate the complex landscape of trade compliance and provide valuable insights to regulators on emerging technologies and industry practices.ResourcesMichael Volkov on LinkedIn | X(Twitter)The Volkov Law GroupGabrielle Griffith on LinkedInBPE Global

The Justice Department and the Office of Foreign Assets Control had a big year in 2023. Criminal and civil enforcement continue to increase. The DOJ has warned corporations that aggressive sanctions enforcement actions are coming -- to that end, the DOJ assigned 25 new prosecutors to the National Security Division to execute on its promise. Meanwhile, OFAC had a record year in collecting $1.539 billion in penalties, largely the result of two blockbuster settlements -- British American Tobacco and Binance, the cryptocurrency exchange.It's important for companies to ensure they have U.S. expertise to effectively address potential violations of U.S. sanctions laws, as unfamiliarity with these laws can hinder prompt identification and response. Having a strong compliance program based in the United States is a valuable lesson learned from OFAC.Global companies are facing unprecedented risks and challenges in today's economy, leading them to prioritize robust ethics and compliance programs. These programs play a crucial role in promoting positive corporate citizenship and mitigating legal and economic risks.In 2023, there was a significant increase in sanctions enforcement by the DOJ and OFAC, with plans for even more aggressive actions in the future. With 17 enforcement cases and $1.5 billion in penalties, it is evident that compliance areas such as third parties and internal controls are of utmost importance.Various countries, including Russia, Cuba, and Iran, continue to be the focus of global sanction schemes. While Venezuela's sanctions were temporarily relaxed, companies must stay vigilant and monitor the upcoming election. The British American Tobacco case, with its $629 million settlement, serves as a model for future enforcement actions.The Binance case, involving a $4.3 billion settlement, shed light on criminal violations in the cryptocurrency industry. This highlights the critical importance of compliance in this rapidly evolving sector.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

For the Justice Department and the SEC, 2023 was a slow year in FCPA enforcement. Despite promises of aggressive enforcement, DOJ and the SEC failed to achieve increases in FCPA enforcement. DOJ and the SEC issued no blockbuster enforcement actions or settlements. The SEC's number of enforcement actions was steady and eclipsed its 2022 number by one. Equally significant was DOJ's reduction in individual criminal prosecutions, thereby raising legitimate questions as to its ability to deliver on its promise of aggressive enforcement against individual FCPA violators. Despite a slower enforcement year, DOJ dedicated significant resources to issuance of new policy statements encouraging voluntary disclosures, incentivizing clawbacks, elevating compliance programs and offering new safe harbors for mergers and acquisitions.In this episode, Michael Volkov reviews FCPA enforcement in 2023 and outlines new compliance trends in the anti-corruption field.Clear Channel's former Chinese subsidiary, Clear Media, was charged with bribery violations involving expensive gifts, entertainment, and travel given to influence contract renewal negotiations with Chinese government officials.Clear Media engaged in deceptive practices, such as falsely documenting payments to cleaning and maintenance companies to fund illegal payments. They used oral agreements, omitted gift recipients, and created false invoices and tax records to disguise payments through shell company intermediaries.Senior executive complicity was another trend observed in the cases discussed. In some instances, senior executives were aware of the bribery schemes but either turned a blind eye or actively participated in the misconduct.Internal audits conducted from 2012 to 2017 identified deficiencies, red flags, and indicators of bribery within Clear Channel. However, the company failed to take aggressive remedial actions to address these issues.Clear Media resisted internal auditors and even provided false information, hindering the detection and resolution of bribery-related problems.Despite these challenges, Clear Channel cooperated extensively with the investigation. They promptly shared relevant facts, produced necessary documents, and facilitated interviews with current and former employees.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Bribery is rampant in many countries around the world, and in this episode of Corruption, Crime, and Compliance, we take a look at a recent FCPA case involving SAP, a global software company. SAP’s violations spanned multiple countries, including South Africa and Indonesia, and resulted in prosecution and a hefty $220 million dollar penalty. However, many people were baffled with the resolution of this case. The DOJ lacked aggressiveness and failed to impose an independent compliance monitor. Join the host, Michael Volkov, as he analyzes the intricacies of this case and the implications for FCPA enforcement in the coming years.The SAP is a recidivist company, but DOJ’s enforcement action against them did not seem to take that into account when holding them accountable for instances of bribery that spanned the globe.As the DOJ seemed to take a step back, the SEC made an aggressive push to hold companies accountable for violating internal controls, which is what happened in the SAP case.SAP's repeated failure to follow internal control requirements governing third parties serves as a cautionary tale for companies to ensure that their procedures are not only in place but also actively implemented and monitored.Clear Channel's former Chinese subsidiary, Clear Media, engaged in deceptive practices to fund illegal payments, including creating false invoices and tax records, but even after internal audits, Clear Channel failed to take aggressive remedial actions.Clear Channel demonstrated a clear commitment to addressing the issues in the investigation that followed, highlighting the importance of cooperation, as it can lead to more favorable outcomes and potentially mitigate the severity of penalties imposed.KEY QUOTES"DOJ is turning its focus and pulling back on FCPA enforcement." - Michael Volkov"The SAP resolution, which totals only $220 million, was far below the amount that a recidivist should have paid for its global bribery operations stretching into multiple countries." - Michael Volkov"The SEC's approach demonstrates a more aggressive application of internal control enforcement." - Michael Volkov"If a company is going to craft these internal controls, the company has to enforce those controls or face serious enforcement risks." - Speaker: Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How do you manage risk when the vulnerabilities are outside your organization’t in your hands? In this episode of Corruption, Crime, and Compliance, we delve into the world of third-party risk management with our guest, Natalie Druckmann, from Certa. As we discuss the regulatory landscape in EMEA and the US, Natalie highlights the higher regulatory burden faced by companies in EMEA, and how Certa uses AI to streamline workflows, provide intuitive data visualization, and enhance risk forecasting capabilities. AI is the future of third-party risk management, now and in the future.Cybersecurity has become one of the top concerns for organizations. In 2012, Target worked with a third-party vendor and, as a result, suffered an attack that exposed their customers’ credit data. Since then, compliance departments have started working closely with IT to prevent such vulnerabilities. Unlike the US, EU companies don’t benefit from gaps created between state and federal regulations. EMEA faces a mandatory and substantial regulatory burden, particularly in areas like ESG and compliance. A forced labor scandal can sink a company, so ESG’s importance is on par with cyber security.Global companies are increasingly recognizing the importance of addressing ESG topics alongside cybersecurity and financial risks. ESG considerations, such as diversity, modern slavery, and gender pay gaps, have significant reputational and revenue impacts.AI is changing the world in many ways, including compliance. Certa aims to provide a comprehensive solution for third-party risk management, compliance, and operational risks by streamlining processes and incorporating AI capabilities to enhance efficiency and effectiveness.Certa utilizes various AI capabilities, including design AI, which allows users to create workflows using plain language. They don’t need to know anything about tech; they can simply dictate the process, and AI generates the necessary code and infrastructure for it. This allows the company to remain flexible and able to quickly adapt to change.Insights AI is another capability that collects and analyzes data, making it far more accessible and efficient in managing up-to-the-minute risks and developments. This technology also uses design AI, allowing for plain language inputs to immediately create actionable, detailed reports.Recall AI allows companies to guarantee rapid and consistent responses from suppliers and customers by recalling past interactions to create surveys, forms, workflows, and processes. This removes the back-and-forth burden on all parties while still retaining the human touch.Smaller and midsize companies should prioritize their risk management processes and consider automated solutions like Certa. These companies can benefit from the efficiency and effectiveness of an automated platform, regardless of their industry or size.KEY QUOTE“I think there is a very strong drive here for companies and stakeholders, not just to do the right thing… but doing the good thing as well.” - Natalie DruckmanResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law GroupNatalie Druckman on LinkedInCertaEmail Natalie: nat@certa.ai

In this week's episode of Corruption, Crime, and Compliance, we usher in the New Year with a deep dive into something that happened in November of last year. As we begin 2024, it's crucial to reflect on the substantial shifts in the healthcare industry's compliance framework. The HHS Office of Inspector General's Comprehensive Compliance Guidance, released late last year, has set a new standard for healthcare companies, reinforcing the importance of an independent compliance function and outlining a robust framework for effective compliance programs. Michael Volkov meticulously dissects the seven key elements of this groundbreaking guidance, emphasizing its relevance not just in healthcare, but across the spectrum of compliance practices. You’ll hear Micheal discuss:The HHS Office of Inspector General issued the Comprehensive Compliance Guidance (GCPG) in November 2023, a significant document for the healthcare industry, emphasizing the need for independent and robust compliance programs.The guidance is structured around seven core elements: written policies and procedures, effective compliance leadership, training, open lines of communication, enforcing standards, risk assessment, and responsive corrective action for detected offenses.The role of a Chief Compliance Officer is critical, and they should:Report directly to the CEO or have independent access to the board,Have sufficient stature within the entity equal to other leaders,Demonstrate unimpeachable integrity, judgment, assertiveness and approachable demeanor, andHave sufficient funding, resources and staff to operate the program. Emphasizing the separation of legal and compliance functions, the GCPG recommends that compliance officers focus solely on compliance, avoiding roles in legal or financial departments.The GCPG advises the establishment of a compliance committee, meeting quarterly, with responsibilities spanning legal regulation analysis, policy review, training effectiveness, and annual risk assessment.The CEO should include a signed introduction in the code of conduct. The board should include a signed endorsement or similar written statement to support the compliance commitment, and entities should review their codes when a new CEO is hired.Clear communication and board oversight is crucial, and they should be well-informed about compliance programs, and ensure that the compliance officer has sufficient access to them.How compliance officers and boards should respond when compliance concerns are reported or discovered, and focus on the root causes of the misconduct to prevent recurrence.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What is the cost of ignoring compliance? For the world’s largest cryptocurrency exchange, it’s $4.3 billion dollars. In this episode of Corruption, Crime and Compliance, Michael Volkov and his guest, Matt Stankiewicz, delve into one of the most significant financial crime prosecutions in the history of the Justice Department: Binance Holdings. Under the direction of its CEO, Changpeng Zhao, Binance blatantly disregarded compliance, had no AML programs, and willfully put growth over regulations. Now, they must pay out a settlement split among various agencies, including the DOJ, OFAC, FinCEN, and CFTC. In addition to the settlement, Binance has destroyed their reputation at a time when customers are demanding companies they can trust.Matt Stankiewicz is a compliance consultant, and currently a partner at The Volkov Law Group, specializing in anti-bribery, corruptions controls, and compliance programs. He previously served as a member of the Ethics and Compliance Monitoring Team, appointed by the DOJ and EPA, and his casework has included global audits of Fortune 100 companies, sanction violations investigations, risk-assessment for third party distributors, and much more.You’ll hear Michael and Matt discuss:Cryptocurrency companies allow customers to exchange government-backed currency for cryptocurrency, such as Bitcoin. Several major crypto companies, including FTX, Celsius, and BlockFi, have faced bankruptcy and legal issues due to non-compliance and shady practices, resulting in customers losing money.Binance, the world's largest cryptocurrency exchange, recently settled with multiple agencies in the Justice Department for over $4 billion, with penalties split between forfeiture and criminal fines.As part of the agreement, Binance’s main exchange is barred from operating in the US market, which accounts for a third of their revenue, and they also face increased scrutiny by two separate compliance monitors over the next several years.Their circumvention of laws and regulations include violations of the Bank Secrecy Act, failure to register as a money transmitting business, and multiple sanctions transgressions.Binance's founder and CEO, Changpeng Zhao (CZ), pled guilty to his own set of similar charges, including a failure to maintain an effective AML program, and is facing a multi-million penalty and a potential prison sentence of up to 18 months.Binance was established in China, but regularly moved their headquarters from country to country to avoid regulations. Their lack of compliance was driven from the top, with senior leadership actively prioritizing growth over compliance.Binance created its US-based exchange as “window dressing” to avoid regulations, and the customer service department assisted its customers in circumventing its own compliance controls, like using a VPN to get past IP blocking technology.Though Binance is large enough to continue operating despite the fines, this settlement has sent a strong message to the crypto industry about the importance of reputation, compliance, and customer trust.The cryptocurrency industry is currently lacking a “culture of compliance,” but it has reached an inflection point where lawlessness and shady practices are no longer acceptable. In addition to regulators cracking down on them, customers are also applying pressure for these companies to reform.The use of blockchain technology in the crypto industry provides unique tools for transaction monitoring and tracking funds, which can help ensure compliance with AML regulations and detect suspicious activities.Rogue countries like North Korea are experts in leveraging cryptocurrency in a way that threatens US National Security, so the DOJ must become more adept in investigating and taking action against those that violate US law.ResourcesMatt Stankiewicz on LinkedIn | X (Twitter)Michael Volkov on LinkedIn | X (Twitter)The Volkov Law Group

How can we build a culture that motivates people to do the right thing? In this episode of Corruption, Crime and Compliance, Michael Volkov and guest Steve Naughton, explore crucial questions about fostering ethical cultures within companies and practical steps compliance leaders can take to transform performance. Steve shares insights from his journey, detailing the evolution of compliance leadership roles and offering a glimpse into PepsiCo's growth in this area during his tenure as Chief Compliance Officer. For those considering careers in compliance, he emphasizes that expertise in this field can be developed without a law degree. Steve Naughton currently oversees Compliance and Enterprise Risk Management programs at Loyola University Law School. He previously served as Pepsi's Chief Compliance Officer, guiding the growth of their compliance program over 8 years. He is passionate about making sure compliance functions can work independently.You’ll hear Michael and Steve discuss:Steve began his career at major law firms before going in-house to manage litigation and M&A deals during pivotal moments at Quaker Oats and Snapple.PepsiCo’s iconic GC Larry Thompson asked Steve to build a new compliance program starting with just 3 people. Over 8 years, Steve grew Pepsi’s program from 3 to over 40 employees with global reach.Larry saw compliance as preventative and empowered Steve with independent reporting to the Board. Steve remarks, “[Larry] viewed [compliance] as much more preventative than reactionary … his take on compliance has always been, to the extent that we can prevent something or to the extent that as soon as we detect it, we'll go in and check it out instead of waiting till everything was fully investigated.”Pepsi has been on the World's Most Ethical Companies list for 15 years in a row, showcasing its success in following ethical practices.Pepsi has never faced serious enforcement actions, and this is attributed to turning ethical practices into a value-add for the business.Not every company has the resources or leadership seen at Pepsi, making it challenging to bring others along in the compliance profession.Steve emphasizes the importance of a risk-based approach in compliance and recommends developing a strategic five-year plan to address top risks progressively.He encourages companies to be disciplined and follow a plan, citing the Department of Justice's emphasis on showing work prospectively, not retroactively, to defend actions and maintain a strategic plan.Michael and Steve discuss the challenges of implementing change in compliance programs, emphasizing the importance of building a team and garnering support from other functions.They recommend a realistic 3 to 5 year timeframe for implementing changes.Cultures where people feel safe speaking up are foundational to compliance. This can aid in preventing and addressing ethical lapses and compliance challenges.Steve cites examples from Wells Fargo, Volkswagen, General Motors, and Boeing. In these organizations, where you would expect people to be skilled and ethical, employees often didn't speak up. This was because they thought their concerns wouldn't be listened to, or the culture didn't encourage open communication.Compliance is not just about following rules; it's about changing the culture in companies. We need to think differently and work towards making a culture where doing the right thing is not just accepted but encouraged. Steve runs a highly respected compliance curriculum at Loyola University which has prepared many future Chief Compliance Officers. However, compliance expertise doesn’t strictly require legal training.ResourcesSteve Naughton on LinkedIn | Loyola School of Law | EmailMichael Volkov on LinkedIn | TwitterThe Volkov Law Group