My old adage – when it comes to enforcement initiatives, the government always tells you what they are going to do and then they do it.  It is always baffles me when targets of enforcement actions complain that they did not know the government was going to launch an investigation or enforce the law in a particular manner. 

The Justice Department is fairly transparent in this area, especially when it comes to FCPA enforcement.  DOJ has made it clear how they interpret the law, and how they intend to enforce it.  DOJ should be commended for its transparency.

This same approach is being adopted by the Department of Commerce’s Bureau of Industry Standards (“BIS”).

Let me provide two important data points.

Matthew Axelrod Nomination as Assistant Secretary of Office of Export Enforcement

First, President Biden nominated Matt Axelrod to serve as the Assistant Secretary of BIS’ Office of Export Enforcement.  Matt is a highly-regarded former federal prosecutor I have had the honor of working with Matt.  At his Senate confirmation hearing, Matt explained that his background as a federal prosecutor will ensure that he carries out his duties aggressively and fairly.

Matt Axelrod’s nomination send an important message.  The Office of Export Enforcement has not had a Senate-confirmed leader for five years.  This Administration intends to elevate the importance of the Office of Export Enforcement, and Matt Axelrod’s nomination sends a strong signal of its commitment.  At his confirmation hearing, Matt Axelrod noted that he intends to “raise the profile of export enforcement” as a means to incentivize compliance programs and deter potential violations.

Mr. Axelrod further noted the importance of BIS’ export enforcement program as a vital national security program.  In his view, large penalties and aggressive enforcement is an important way to stop U.S. adversaries from illegally exporting sensitive, dual-use, technologies.

As Mr. Axelrod stated,

“We must impose significant penalties against those who break the law, while at the same time incentivizing companies to play by the rules.  That way we’re not only punishing export violators, but also deterring those violations from occurring in the first place.”

BIS Enforcement Action Against VTA Telecom

In a recent enforcement action, BIS fined a U.S. based telecommunications company $1.87 million for violation of export controls involving the export of goods to Vietnam.

VTA Telecom is a subsidiary of a Vietnam state-owned telecom company, made a number of false statements in its export applications to disguise the true end users of the export equipment. Starting in 2016, VTA made false statements as part of its application for export licenses to Vietnam for certain “power amplifiers/JFET transistors.”  This equipment is classified under the Export Administration Regulations for national security (NS), regional stability (RS) and anti-terrorism reasons (AT).  VTA’s intended use of this equipment was not for civil purposes but as part of defense end uses. 

BIS approved the license to ship 100 transistors and two development tools.  A VTA shipment of 12 transistors and two development tools was detained by Customs and Border patrol when it requested verified end use statements.  VTA provided false end use statements and Customs released the shipment. 

VTA exported several additional shipments including certain actuators that were controlled for NS, RS, AT and Missile Technology (MT).  VTA provided false end user statements to the manufacturer, which the vendor submitted to BIS.  In another violation, VTA provided false end user statements for “mass properties instrument and related equipment,” which were controlled for NS, RS, AT and a United Nations embargo.

BIS agreed to suspend $200,000 of the $1.87 million penalty if VTA successfully completes a two-year probationary period. VTA agreed to spend $25k to improve its export compliance program and hire a trade compliance director for two years.

The post An Aggressive Export Control Enforcement Program: The Department of Commerce’s Bureau of Industry and Security appeared first on Corruption, Crime & Compliance.

The Delaware Chancery Court is continuing its trend of permitting Caremark claims against corporate board members who fail to exercise proper oversight and monitoring of compliance programs.  The Delaware Court’s latest decision involving the Boeing board and its failure to conduct proper oversight of the 737 MAX safety scandal is yet another example.  At bottom, the Chancery Court is raising the stakes on board member accountability.

The Boeing 737 MAX scandal is a troublesome and disturbing case where corporate board oversight and responsibility was lacking.  The implications of the board’s failure resulted in the killing of innocent passengers and the grounding of Boeing’s 737 MAX.  Add to that a $2.5 billion settlement, a criminal case against a Chief Technical Pilot, and continuing safety and technical problems, and you have recipe for continuing disaster at Boeing.

The implications of these recent cases have to be understood – the Delaware Court is not altering the well-ingrained Caremark standard. Instead, the Court  is applying the Caremark standard to reject motions to dismiss thereby allowing cases to proceed to discovery and litigation.  The risks for corporate board members are increasing and the Delaware Court is clearly sending a message – board members have to attend to compliance programs and relevant risks or face the risk of personal liability.

The Delaware Court has provided another important decision relating to Boeing’s 737 MAX safety scandal. The Boeing case stems from the Lion Air crash in October 2018 and the Ethiopian Airlines crash in March 2019.  The crashes were the direct result of a lack of pilot training on the Maneuvering Characteristics Augmentation System (“MCAS”).

In the Delaware Chancery Court, several plaintiffs made books and records demands and filed derivative lawsuits in 2019. Plaintiffs asserted breach of fiduciary duty claims against Boeing’s directors, specifically (i) Boeing did not implement a reporting system to monitor the safety of Boeing’s airplanes; (ii) Boeing ignored red flags and its duty to investigate; and (iii) the Board terminated the CEO and allowed the CEO to cash out his equity compensation.

The Caremark standard requires plaintiffs to allege facts that either: (1) the directors utterly failed to implement any reporting or information system or controls; or (2) having implemented such a system or controls, [the directors] consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”

On the first prong, board oversight for “mission critical” issues must be “rigorously exercised,” which involves “sensitivity to compliance issues intrinsically critical to the company.” The Court ruled that the plaintiffs had adequately alleged claims against the director defendants.

In support of its finding, the Court cited the fact that the board had no committee charged with direct responsibility to monitor airplane safety, and the Board at large was not formally monitoring or discussing safety on a regular basis. The Court cited the fact that, following the Lion Air crash, the Board meeting agenda did not include a specific discussion of safety but instead focused on restoring profits and efficiency.  In particular, the Court cited Board discussions of 737 MAX issues were “passive invocations of quality and safety . . . [that] fall short of the rigorous oversight [Caremark] contemplates.”

Second, the Court explained that the Board did not require management to deliver regular reports on safety issues.  Specifically, the Court cited Boeing’s defective reporting structure and management communicated with the board only on an ad hoc basis concerning safety issues.  The Court noted that the board was “passively accepting management’s assurances and opinions.”

Finally, the Court noted documentary evidence indicating that board members were aware of the importance of safety issues and that the board knew that its safety oversight procedures needed to be improved. 

The Court also ruled that the plaintiffs stated a claim under prong two of Caremark, based on allegations that the Board “passively accepted” management’s assurances that the 737 Max was safe, and that it did not take action in the face of red flags – most significantly, the Lion Air crash of the 737 MAX.

The post Delaware Court Rejects Motion to Dismiss Lawsuit Against Boeing Board Members for Failure to Conduct Proper Compliance Oversight (Part III of III) appeared first on Corruption, Crime & Compliance.

Mark Forkner, a former Chief Technical Pilot, was indicted  on two counts of fraud involving aircraft parts in interstate commerce and four counts of wire fraud.  If convicted, he faces a maximum penalty of 20 years in prison on each count of wire fraud and 10 years in prison on each count of fraud involving aircraft parts in interstate commerce.

Boeing began to develop the 737 MAX in June 2011.  In order to operate the 737 MAX, the FAA was required to approve the airplane for commercial use.  To make this decision, the FAA had to determine (i) whether the airplane met U.S. federal airworthiness standards; and (ii) what minimum level of pilot training would be required for a pilot to fly the airplane for a U.S.-based airline. These two determinations were made by entirely different groups within the FAA.

The FAA Aircraft Evaluation Group (“AEG”) was principally responsible for determining the minimum level of pilot training required for a pilot to fly the airplane for a U.S.-based airline. To make that determination, the FAA AEG compared the new version of the 737 MAX to a prior version of the airplane to determine what level of training would be required for pilots to operate the new 737 MAX. 

The FAA AEG assigned a specific training range from “Level A” through “Level E,” with Level A being the least intensive and costly and Level E being the most intensive and costly.  For example, Level B training required computer-based training, which could be completed from any laptop anywhere, and Level D training required flight-simulator training, which required buying multi-million dollar equipment and required pilots to take time from flying to train on costly flight simulator equipment.

The FAA’s evaluation of the new airplane training requirements published in a Flight Standardization Board Report (“FSB Report”).  The FSB Report contained relevant information about certain airplane systems and parts that had to be incorporated into manuals and pilot-training materials.

Boeing’s 737 MAX Flight Technical team was responsible for identifying and providing the FAA AEG all relevant information in connection with the publication of the 737 MAX FSB Report.  This group was separate from the Boeing group that provided information to the FAA to determine airworthiness.

The 737 MAX was designed to be more fuel efficient than the prior version of the 737 Next Generation.  To achieve this fuel efficiency, the 737 MAX included larger engines situated differently under the wings, which altered the aerodynamics of the plane.

The different aerodynamics caused the 737 MAX to pitch up during a flight maneuver called a high-speed, wind-up turn, which involved sharply turning the plane at a high-speed (Mach 0.6 to 0.8) in a corkscrew pattern and outside  the limits of how a pilot would fly a 737 MAX during a normal commercial flight.  If unaddressed, Boeing’s 737 MAX would not have met FAA airworthiness standards.

To fix this issue, Boeing installed the MCAS as a new part of the flight controls for the 737 MAX. The MCAS caused the 737 MAX nose to pitch down by adjusting the horizontal stabilizer located near the airplane’s tail. The MCAS, as originally designed, would only operate when the airplane was in a high-speed, wind-up turn.

Forkner joined Boeing as a Technical Pilot for the 737 MAX Flight Technical Team in 2012. In 2014, Forkner became Boeing’s Chief Technical Pilot for the 737 MAX.

Forkner knew that he had to provide the FAA with true, accurate and complete information about the 737 MAX and the differences between the 737 MAX and the prior model 737 NG.  As part of this, he knew the 737 MAX FSB Report and its differences-training determination was critical.  Forkner alo interacted with airline customers and was required to provide true and accurate information so that their pilots received complete information needed to fly the 737 MAX.

Forkner knew that Boeing’s objective was to receive a training determination no greater than Level B so that the 737 MAX would not increase costs for pilot training.  If additional training was required, Boeing’s airline customers would be entitled to financial compensation.

In an email sent around December 2014, Forkner stated “If we lose Level B [it] will be thrown squarely on my shoulders.  It was Mark, yes Mark! Who cost Boeing tens of millions of dollars!”

During a 2015 briefing of the FAA AEG, Boeing employees told the FAA that MCAS was only needed in high-speed turns of Mach 0.7 to 0.8.  Forkner told an FAA employee that MCAS was designed to operate during high-speed, wind-up turns.in August 2016, the FAA AEG issued a provisional determination Level B differences-training determination.

In November 2016, Forkner learned from a simulated test flight that MCAS operated at significantly lower speeds (Mach 0.2) than had previously been told to the FAA.  Forkner knew that low speeds around 0.2 Mach were common at low altitude commercial flights in and around takeoff and landing.

After the simulated test flight, Forkner wrote to his colleague, a 737 MAX Flight Technical Pilot (Employee 1)

Forkner: Oh shocker alerT! [sic] / MCAS is now active down to [Mach] .2 / It’s running rampant in the sim on me / at least that’s what [a Boeing simulator engineer] thinks is happening

Employee-1: Oh great, that means we have to update the speed trim description in vol 2

Forkner: so I basically lied to the regulators (unknowingly)

Employee-1: it wasn’t a lie, no one told us that was the case

Forkner contacted a Boeing senior engineer who confirmed to Forkner that MCAS had a broader operational scope (down to Mach 0.2).

Shortly after learning this information, Forkner met with FAA Employee 1 to discuss the flight simulator results, and Forkner did not inform FAA Employee 1 that MCAS could now operate during the entire speed range of the 737 MAX.

Two days later, Forkner and Boeing Employee 1 received a draft of the 737 MAX FSB Report, which included inaccurate information about the MCAS and the training level determination.  Forkner provided edits to the Report and deleted any reference to MCAS or to correct the FAA’s incorrect understanding that the MCAS was limited to operation at the Mach 0.7 to 0.8 level.  He reiterated this false understanding in subsequent edits in 2017 to the FSB Report.  The final FSB Report omitted any reference to the MCAS and adopted a Level B differences training determination.

On October 29, 2018, the Lion Air Flight 610 crashed after takeoff into the Java Sea killing all 189 passengers and crew.  Following the crash, the FAA AEG learned that MCAS activated during the flight and may have caused the crash.  The FAA AEG learned for the first time about the change to the MCAS, including the information Forkner concealed from the FAA. 

Forkner and Boeing Employee 1 continued to mislead others at Boeing and the FAA about their prior knowledge of the change to MCAS.

Five months later, on March 10, 2019, Ethiopian Airlines Flight 302 crashed shortly after takeoff, killing all 157 passengers and crew on board.  The FAA AEG learned that MCAS was activated during the flight.  Three days later, Boeing’s 737 MAX was grounded.

The post The Forkner Indictment for the Tragic Boeing 737 MAX Fraud and Crashes (Part II of III) appeared first on Corruption, Crime & Compliance.

The Justice Department announced the indictment of Mark Forkner, a former Chief Technical Pilot for Boeing for his role in the 737 MAX scandal.  Specifically, Forkner is charged with deceiving the FAA’s Aircraft Evaluation Group (“FAA AEG”) relating to Boeing’s 737 MAX airplane and defrauding Boeings U.S.-based airline customers to earn millions of dollars for Boeing.

Boeing’s 737 MAX scandal is tragic and disturbing. In January 2021, Boeing settled with the Justice Department and agreed to enter into a Deferred Prosecution Agreement in exchange for total payments of $2.5 billion.  As you will recall, Boeing’s 737 Max was involved in two crashes in 2018 and 2019 before being grounded. 

In October 2018, Lion Air flight 610 crashed in the Java Sea, killing 189 people, and in March 2019, Ethiopian Airlines flight 302 crashed shortly after takeoff, killing 157 people.  The United States ordered the planes grounded shortly after the Ethiopian Airlines crash.

As part of the settlement, Boeing admitted that it withheld critical information about the 737 MAX’s Maneuvering Characteristics Augmentation System and the impact it had on the plane’s flight control system.  DOJ did not impose an independent compliance monitor, citing Boeing’s remediation efforts, including (1) creation of a permanent aerospace safety committee of the Board of Directors to oversee Boeing’s policies and procedures governing safety and its interactions with the FAA and other government agencies and regulators; (2) creation of a Product and Services Safety organization to strengthen and centralize the safety-related functions that were previously located across the Company; (3) reorganization of Boeing’s engineering function to have all Boeing engineers, as well as the Company’s Flight Technical Team, report through the Company’s chief engineer rather than to the business units; and (4) implementing structural changes to Boeing’s Flight Technical Team to increase the supervision, effectiveness, and professionalism of the Company’s Flight Technical Pilots, including moving the Company’s Flight Technical Team under the same organizational umbrella as the Company’s Flight Test Team, and adopting new policies and procedures and conducting training to clarify expectations and requirements governing communications between the Company’s Flight Technical Pilots and regulatory authorities, including specifically the FAA.

The central misconduct surrounded Boeings 737 MAX MCAS and the misconduct of Forkner and another Flight Technical Pilots who deceived the FAA about the Maneuvering Characteristics Augmentation System (“MCAS”) that impacted the flight control system of the 737 MAX.

Because of their deception, a critical document published by the FAA lacked information about MCAS, and in turn, airplane manuals and pilot-training materials omitted information about MCAS.  The two tragic plane crashes were the result of the MCAS system and the failure to ensure awareness of and training for use of the MCAS in certain flight situations.

In prior posts about this case, I noted that the two Technical Pilots had not been criminally charged and begged the question of when they would be indicted.  DOJ has now answered this question. 

Forkner has been charged.  His colleague who participated in the same scheme has probably pleaded guilty and agreed to cooperate against Forkner in the pending criminal prosecution.

In my prior postings and podcasts on this case, I have reviewed the facts and highlighted the strong evidence surrounding their criminal liability. I will do so again in part of the postings on this important case.

The post Boeing Technical Pilot Indicted for Fraud in 737 MAX Scandal (Part I of III) appeared first on Corruption, Crime & Compliance.

The Justice Department’s Antitrust Division has targeted collusion in labor markets for criminal prosecution. This was not unexpected. Indeed, the Antitrust Division gave plenty of warning to the high-tech industry and other companies that criminal prosecutions were on the horizon.

DOJ handled initial prosecutions of labor market collusion in the high-tech sector by civil prosecutions and resolutions. Out of an abundance of caution, DOJ recognized that it wanted to provide “fair warning” of its intention.  DOJ reached the conclusion that collusion, wage-fixing and agreements not to compete were illegal collusion agreements. It is hard (if not impossible) to identify pro-competitive justifications for such blatant anti-competitive conduct. 

In this Episode, Michael Volkov outlines antitrust risks and compliance strategies to avoid DOJ enforcement actions in the labor market.

The post Episode 210 — HR and CCOs Watch Out!! DOJ’s Aggressive Antitrust Enforcement in Labor Markets appeared first on Corruption, Crime & Compliance.

The new Anti-Money Laundering laws and regulations continue to roll out with new risks, liabilities and compliance requirements.  There is a coming AML enforcement storm, fueled by a new AML whistleblower program that will operate in a manner similar to the SEC’s successful whistleblower program.  The AML Act of 2020 increased penalties for AML offenses, adopted investigative improvements to expand the reach of AML investigations and subpoenas, allocated additional resources, and set the table for a new and more aggressive AML/CFT enforcement regime. 

In June 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued the first memorandum outlining expectations and priorities for AML and countering the financing of terrorism policy.  FinCEN also released guidance for non-bank financial institutions (“NBIFs”), including broker-dealers.

Following up on FinCEN’s Guidance, FINRA released its own Regulatory Statement to encourage broker-dealers to incorporate the new AML requirements and priorities into their own AML compliance programs.

The AML priorities focus on threats to the U.S. financial system and national security, including: (1) corruption; (2) cybercrime, including relevant cybersecurity and virtual currency considerations; (3) foreign and domestic terrorist financing; (4) fraud (including securities and investment fraud and internet-enabled fraud); (5) transnational criminal organization activity; (6) drug trafficking organization activity; (7) human trafficking and human smuggling; and (8) proliferation financing.

The Bank Secrecy Act, as amended by the AML Act, requires financial institutions to incorporate these priorities as appropriate to a risk-based AML program.  For financial institutions, FinCEN emphasized that these priorities should be included as a measure on which a financial institution is supervised and examined for compliance.

With respect to NBIFs, such as broker-dealers, FinCEN clarified that the change in BSA requirements did not alter the BSA requirements on supervisor expectations for covered broker-dealers.  However, FinCEN explained that it would impose certain requirements on broker-dealers as part of new regulations 180 days after it adopts new regulations implementing the AML Act. FinCEN noted that broker-dealers may not be required to incorporate all of the listed AML Act priorities into their own AML risk-based programs.

FinCEN has encouraged broker-dealers to begin the risk assessment process to determine how much, if any, relevance thew priorities will have.  To this end, covered NBFIs should assess the potential risks associated with the products and services they offer, the customers they serve and the geographic areas in which they operate.

Building on this FinCEN direction, FINRA Rule 3310 requires every member firm to develop and implement a written AML program reasonably designed to achieve and monitor for compliance with the requirements of the BSA.  While FinCEN noted that NBIFs were not required to update their compliance priorities in response to the AML Act and revised AML/CFT Priorities, FINRA has encouraged member firms to begin to evaluate how they will incorporate and document the new Priorities into their respective risk-based AML/CFT programs.  s.

Member firms that are beginning to evaluate how they will do so may wish to begin considering potential updates to the red flags that they have incorporated into their risk-based AML compliance programs in light of the risks presented by factors such as their business activities, size, the geographic locations in which they operate, the types of accounts they maintain, and the types of transactions in which they and their customers engage.

Broker-dealers should also focus on technological changes that may be needed to update their AML programs, particularly with respect to monitoring and investigating suspicious activities.  AML compliance has moved light years into the future based on automated solutions and enhanced computer capabilities.  Broker-dealers need to review these advances and upgrade their existing operations.

The post FINRA Reminds Broker-Dealers on Importance of Compliance with New AML Rules appeared first on Corruption, Crime & Compliance.

If you follow my blog, you know that I am passionate about the compliance profession.  Chief compliance officers have unique talents, expertise and leadership qualities.  CCOs are committed ethics warriors.  No one else can claim that same mission.

CCOs are the natural stewards of a company’s ethical culture.  Of course, a company can appoint a separate chief ethics officer to distinguish between the ethics and compliance functions.  There is nothing wrong with that so long as responsibilities are made clear. 

If the CCO is also responsible for ethics, the CCO title should be transformed into Chief Ethics and Compliance Officer (“See-Co”).  And ethics should always be listed before compliance.  A company’s program should be an “ethics and compliance” program. I know that sounds like a trivial detail, but I think the symbolism is significant.

CECOs have significant responsibilities and a unique vision across the organization.  The success of a CECO turns on his/her ability to lead on ethical decision-making, line-of-sight across the organization, and a mission to embed and promote ethical conduct in every aspect of the business.  This latter point places CECOs in the role of a problem solver.

Perhaps most importantly, CECOs are familiar with the design and implementation of company-wide controls that have to be owned, managed and maintained by the business.  Ethics and compliance, by definition, has to be the responsibility of the business.  CECOs do not have enough resources, time and authority to supervise every employee, every activity, every transaction.  CECOs are experts in building a team effort to ensure corporate ethics and compliance.  They have the expertise needed to lead the business in taking responsibility for ethics and compliance.  It is their job and they know how to do it.

When an organization faces real operational challenges, CECOs can provide effective leadership, given their unique role and perspective across the organization.

ESG is a new and important challenge for every company.  It is gaining steam because it links together two important but interdependent trends – the need for corporations to adopt a broader vision of success and the desire for corporate action and accountability. Naturally, companies are looking to CECOs to play a significant role in ESG. Again, that makes sense.

CCOs have to contribute to ESG and can leverage their own roles to gain resources and improve their own ethics and compliance programs.  But CECOs cannot take on full responsibility for ESG.  It is too large a responsibility and would only dilute a CECO’s ability to manage and maintain an effective ethics and compliance program. CECOs have the skillset to help a company achieve ESG objectives.  While that may be true, CECOs have to preserve their position in the corporate governance world.

The post CCOs: Expert Problem Solvers appeared first on Corruption, Crime & Compliance.

David Friedman, an expert in workforce culture, joins us for a guest posting on the impact of the pandemic and workforce culture. David can be reached at www.culturewise.com. David is the author of Culture by Design: How to Build a High-Performing Culture Even in the New Remote Work Environment.

As many workers flee their current jobs, burnout and lack of growth opportunities are being cited as two of the biggest reasons. 

These changing work dynamics and employee perspectives, caused by the COVID-19 pandemic, are highlighting the importance of having a strong work culture that’s sustainable.  

But unfortunately, while business leaders often talk about culture, many don’t have a systematic process in place to build and maintain that culture as they do for other important aspects of their business.

Leaders should be as process-oriented about their culture as they are about their sales, finances, and operations. Leaders have a responsibility to be intentional and systematic about designing the culture they want, rather than settling for the culture that is created by chance.

Here is a list of suggested strategies to design and drive company culture:

1. Define employee behaviors that drive company success. Driving a culture is mostly a teaching function. It requires building a curriculum around the specific behaviors, or fundamentals, the leadership team wants to teach daily, such as blameless problem-solving, honoring commitments and being a fanatic about response times. Behaviors, because they’re action-oriented, are clearer than values, which tend to be abstract.
2. Ritualize the practice of your fundamentals. How many new initiatives have we started at work and in our personal lives, only to see them fall by the wayside as we got busy? Those failures at work feed employee cynicism.But by creating a structured, systematic way to teach winning behaviors repeatedly, they become ingrained in your people. Without repetition, nothing lasts.
3. Select people who are the right fit for your culture. A new hire’s value system isn’t likely to change, so it’s vital they have the right values to fulfill the behaviors leadership wants to drive the company.
4. Integrate new hires into your culture. A person’s first week on the job is hugely important in the context of culture. It’s their first impression, and that tends to be lasting and difficult to change. It’s remarkable how few companies spend appropriate time and resources orchestrating every aspect of a new hire’s early experience.
5. Communicate your culture throughout the organization. Too often, Friedman says, company leadership displays inspirational messages and posters on the office walls that are inconsistent with the way people behave in the work culture. We talk about teamwork, but then people work and think in silos. Or we talk about quality, but our people are forced to produce at warp speed and without the proper tools. If our culture is authentic, the more we see images and reminders of it all around us, the better.
6. Coach to reinforce your culture. Coaching sessions by managers and supervisors are critical opportunities to teach and reinforce your culture,. Using the specific language of the culture in the coaching session shows staff that the words on the wall are meaningful.

Most leaders think of culture as something that happens on its own. It’s never occurred to them that they can be as intentional and systematic about culture as they can about the rest of their business. And in these changing, challenging times, more are beginning to see how important it is.

The post The Impact of the Pandemic on Corporate Work Culture appeared first on Corruption, Crime & Compliance.

Third-party risk management is a favorite topic for compliance professionals.  And for good reason.  Third parties create significant risks.  To state the obvious, companies have less control over third parties than employees. But for many reasons companies engage third parties as a more effective solution than hiring employees.  In this situation, risk multiplies exponentially.

The third-party risk issue, however, has multiplied exponentially for a number of important reasons.  Years ago (as a long-time attorney in this field, the landscape has definitely changed and is continuing to evolve) the focus of third-party risk management was limited to anti-corruption, sanctions and reputational risks.  This was a focus that made sense at the time. 

Third-party risk, however, like life has evolved.  And this evolution has been rapid.  Compliance has to be nimble and even more so in this ever-changing marketplace. 

Do not get me wrong – anti-corruption, sanctions, anti-money laundering and reputational risks are significant and should be a continuing priority. But the landscape has been altered in two significant ways.

COVID-19 Pandemic: The impact of the pandemic on all businesses cannot be underestimated.  The pandemic and the economic impact revealed the importance of crisis management, business continuity planning and supply chain economics and operational risks. Companies experienced an “awakening” of business risks that has resulted in a hyper-focus on risk management issues.  Companies do not like to be “blind-sided” by events outside their control and the pandemic exposed significant deficiencies in risk planning, supply chain operations and ultimately third-party risk management. 

The pandemic revealed the importance of third-party risk management and the importance of understanding operational risks. Many companies had to scramble when certain third parties were unable to supply needed goods and supplies or were unable to distribute products for the company.  Under this economic pressure, companies had to identify and assess alternative third parties – compliance was tested to work closely with the business to conduct appropriate onboard of critical third parties.  Risk management, due diligence and other procedures had to be done quickly and efficiently under the pressure of significant business needs.

In the aftermath, companies realized that third-party risks management has to encompass a broader focus beyond reputational issues but to business continuity issues that could impact the company in the event of a serious pandemic, act of God  or other comparable issues.

ESG (Environment, Social and Governance) Principles: Companies have experienced a tidal wave of interest from investors and stakeholders focused on the importance of ESG issues.  As a result, companies have to broaden their focus to include ESG issues – these can be significant.  For example, for some companies, environmental compliance can be a significant risk that requires scrutiny of third parties on environmental compliance issue.

The broad ESG focus translates into a broad risk analysis for third parties.  Reputational risks have to be viewed as broader than prior analyses of this issue, especially given the range of social issues that are of concern to the consumers and communities.  A third party with risky reputational concerns, potential labor issues for example, while cost-effective, would be too risky for certain companies that promote a culture of ethics, sustainability and social justice.

The combination of the COVID-19 pandemic and ESG issues is overwhelming at first glance.  It is difficult to address these risks and the impact they could have on a company’s third-party risk profile.  A company has to identify these risks, assess the risks and develop practical approaches to managing these risks.  It is easy to get lost in an infinite analysis of risk.  With focus, however, companies should apply practical approaches and strategies.

The post The Evolution of Third-Party Risk Management appeared first on Corruption, Crime & Compliance.

This has been  an interesting enforcement year.  The Biden Administration promised a renewal of aggressive enforcement. The difficult transition from the last administration and political resistance to confirmation of political appointees has delayed the transition process.  Consequently, enforcement has gotten off to a slow start.  But companies would make a big mistake in embracing complacency or just waiting for enforcement to pick up before elevating compliance initiatives.

I would shorthand this period as the calm before the storm. DOJ’s FCPA enforcement is in a lull, probably because of coordination issues with the Administrations global anti-corruption initiative.  The cases are in the pipeline and everyone should anticipate a significant uptick in FCPA enforcement, as well as other areas like antitrust and AML compliance.

The enforcement story in 2021 centers on OFAC sanctions.  OFAC has been a steady force in enforcement.  OFAC has brought 16 enforcement actions with a total of $20.6 million.  DOJ brought the SAP sanctions enforcement action as a major complement to OFAC. In addition, DOJ has brought two significant sanctions enforcement actions involving violations of the North Korean sanctions program. 

Organizations have to elevate the importance of sanctions compliance.  In 2019, OFAC released its Framework for a Sanctions Compliance Program.  OFAC’s guidance was comprehensive and raised expectations for OFAC compliance.  Unfortunately, it does not appear that companies have understood the message – OFAC compliance has to be a priority and companies that ignore such expectations do so at their own peril.

OFAC has done a great service for compliance.  Its Framework sets forth five basic requirements for an effective sanctions compliance program, including: (1) senior management commitment; (2) risk assessment; (3) internal controls; (4) testing, audits and continuous monitoring; and (5) training.  OFAC’s Guidance is concise and clear.  Companies have no excuse for ignoring OFAC’s guidance.

Many companies face significant sanctions risks. Some appear to stall because of what they perceive as the “enormity” of the task.  In reality, however, designing a n effective sanctions compliance program turns on a careful assessment of risks, allocation of compliance resources based on risk-ranking principles, and tinkering with controls based on experience on a continuing basis.

In other words, sanctions compliance is not as hard as companies think.  Two issues, however, require careful analysis – first, OFAC’s Guidance requires an assessment of supply chain risks; and second, third-party risks pose significant issues relating to re-distribution and trans-shipment of goods to prohibited countries.  Trade compliance professionals understand these risks and know how to address these issues.

In the face of OFAC enforcement and a continuing commitment by this Administration, organizations have to devote adequate attention and resources to OFAC compliance.  Automated platforms present significant synergies for companies – they provide anti-corruption, sanctions and AML risk management. 

Organizations however have to do more than just buy an automated platform. Companies have to commit to building appropriate policies, procedures and internal controls surrounding the automated platform to ensure success.

Additionally, OFAC mandates that companies conduct annual training of relevant personal on sanctions compliance.  This is a significant requirement that many companies have either ignored or misunderstood.

The post The Elevation of Sanctions Compliance appeared first on Corruption, Crime & Compliance.