Day: May 12, 2025

Categories
The Ethics Experts

Episode 213 – Betty Tierney

In this episode of The Ethics Experts, Nick welcomes Betty Tierney.

Betty Thorne Tierney is the Vice President, Litigation for a nationwide retailer. Betty leads the company’s in-house litigation team which actively defends the company’s uninsured litigation across the country. In this role, she has tried cases and arbitrations in numerous jurisdictions. Betty has also argued appeals in several federal districts and before the Missouri Supreme Court. In fulfilling this not so traditional in-house litigation role, Betty works closely with local counsel in the jurisdictions where her cases are pending. A 1990 graduate of Washington University School of Law, Betty spent her first two years of practice in a local law firm and has spent the remaining 33 years of her practice in-house.

Connect with Betty on LinkedIn

Categories
Corruption, Crime and Compliance

LRN’s 2025 Compliance Program Effectiveness Report

Are you running a compliance program that’s making a real impact—or just checking the boxes? In this episode, Michael Volkov dives into LRN’s 2025 Program Effectiveness Report, an annual benchmark that separates the truly impactful compliance programs from those that are merely operational. Based on insights from 1,500 global ethics and compliance professionals, this year’s report draws a clear line between high-impact and medium-impact programs—and what it takes to bridge the gap. The conversation highlights urgent risks, cultural disconnects, and the strategic value of automation, data, and leadership alignment in shaping tomorrow’s compliance functions.

You’ll hear him discuss:

  • How high-impact programs are defined by their strategic use of automation, data analytics, and benchmarking tools to drive measurable compliance outcomes
  • Why third-party risk management—including due diligence and supply chain oversight—is a defining trait of the most effective programs today
  • The growing trust gap between Gen Z employees and middle managers, and why this generational shift poses a cultural red flag
  • The continued dominance of outdated internal systems, regulatory complexity, and budget pressure as top operational challenges facing compliance leaders
  • How high-impact programs are integrating AI into both their codes of conduct and employee training, preparing teams for emerging tech risks
  • What medium-impact programs can do to evolve: focus on training, automation, and peer collaboration to elevate impact and resilience

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
All Things Investigations

All Things Investigations – Task Force Strategies: Addressing New Government Priorities

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox is joined by HHR lawyers Mike DeBernardis and Sean Reilly to discuss the new HHR Task Force.

In this award-winning All Things Investigations podcast episode, host Tom Fox converses with Hughes Hubbard and Reed partners Mike De Bernardis and Sean Reilly about the firm’s strategic reorganization. Responding to the U.S. administration’s fresh focus on cartels and foreign terrorist organizations, Hughes Hubbard has built a cross-disciplinary task force. This team combines expertise from compliance, sanctions, and dispute resolution practices to address companies’ heightened risks and compliance obligations, particularly in Mexico and Latin America. The discussion also covers implications for multinational corporations, the importance of reassessing risk, how the administration’s prioritization of certain enforcement actions can influence corporate strategies, and the emerging dangers surrounding tariffs and the False Claims Act.

Key highlights:

  • Hughes Hubbard’s New Task Force
  • Implications of Cartel Designations
  • National Security and Voluntary Disclosure
  • Cross-Functional Task Force Benefits
  • Tariff Evasion and False Claims Act

Resources:

Mike DeBernardis

Hughes Hubbard & Reed website

Sean Reilly

Categories
Adventures in Compliance

Adventures in Compliance: Investigate Lessons from A Study in Scarlet

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Throughout this season, Tom will thoroughly explore each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear. We begin with A Study in Scarlet for our new season’s first offering. In Part 3, Tom deeply dives into the investigative lessons learned from the story.

When Sir Arthur Conan Doyle introduced the world to Sherlock Holmes in A Study in Scarlet, he didn’t just give us the greatest fictional detective of all time—he gave compliance professionals a master class in investigative methods. Through his cool logic, careful observation, and constant search for the truth, Holmes modeled what every corporate investigator should aspire to emulate. From his crime scene analysis to using deceptive tactics to expose a suspect, Holmes’s first published case offers lessons relevant to modern compliance programs, especially when dealing with internal investigations, whistleblower reports, and root cause analysis. Here are five enduring investigative lessons, grounded in the facts of A Study in Scarlet, that today’s compliance professionals can apply in their work.

Highlights include:

  • Let the Evidence Speak First—Not the Theory
  • Small Clues Are Often the Most Telling
  • Reconstruct the Incident with Logic and Imagination
  • Use Deception Strategically to Draw Out the Truth
  • Motive Often Lies in the Past—Not Just in the Present Crime

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance tip of the Day – Communication Through Persuasion

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to ensure your organization remains compliant with the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to improve your communication and relationship skills using persuasion.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Daily Compliance News

Daily Compliance News: May 12, 2025, The Corruption in the Broad Daylight Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Senator Mark Kelly calls out corruption in the Trump Administration. (AZ Central)
  • Google faces a massive antitrust lawsuit in Italy. (WSJ)
  • Apple says the punishment for its illegal acts is unfair. (BBC)
  • Insurance coverage for chatbot-based losses. (FT)
Categories
FCPA Compliance Report

FCPA Compliance Report – Upping Your Game in Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. This is a very special episode. This podcast comes from a webinar hosted by KonaAI on Tom Fox’s latest book, Ûpping Your Game. On this webinar, Tom is joined by Vince Walden, CEO of konaAI; Hemma Lomax, Deputy General Counsel, Vice President, Global Head of Ethics and Compliance at Docusign; and Carl Hahn and Matt Galvin, both from Gentic Global Advisors PLLC.

The discussion revolves around compliance, with thought leaders delving into how organizations can enhance their performance by utilizing emerging technologies and compliance strategies. The conversation begins with a focus on the transformative role of AI in compliance, highlighting its ability to support continuous monitoring, predictive analytics, and embedding compliance into day-to-day business operations. The panel emphasizes the rise of “compliance as a service” and the growing need to prioritize user experience, particularly in third-party risk management and digital transformations. The panel addresses key challenges, such as overcoming resistance from business process owners, and emphasizes the importance of using data strategically to drive better compliance outcomes. The panel introduces the concept of the “Office of Unlock” as a collaborative model to break down silos and promote agility. They also discuss change management, AI governance, and tailoring compliance communications to specific audiences. The episode concludes with practical advice for compliance officers and a forward-looking discussion on aligning compliance programs with evolving organizational and regulatory landscapes.

Key highlights:

  • Upping Your Game
  • Embedded Compliance
  • What’s the business value?
  • What steps should you take right now

Resources:

Hemma Lomax on LinkedIn

Vince Walden on LinkedIn

Matt Galvin on LinkedIn

Carl Hahn on LinkedIn

KonaAI

Gentic Global Advisors

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in compliance programs, see Tom Fox’s new book, Upping Your Game. You can purchase a copy of the book on Amazon.com.

Categories
Blog

A Textbook Declination: Lessons Learned from the USRA Declination

In the fast-moving world of enforcement actions and corporate misconduct, we rarely get an actual “bottle episode” of compliance—a neatly wrapped case that functions almost like a compliance case study come to life. That is precisely what we see in the recent declination issued to the Universities Space Research Association (USRA), a nonprofit organization working with NASA on advanced scientific research. The Declination is found here.

This declination tells us as much about what to do right as it does about what went wrong. USRA’s prompt and resolute response to employee misconduct provides a blueprint for companies, regardless of size, to attain the ideal result: a DOJ declination. This decline in the Trump Administration’s second term provided crucial lessons for compliance professionals.

The Story: Export Controls and a Rogue Employee

The facts are obvious. Between April 2017 and September 2020, USRA employee Jonathan Soong used his position to oversee export compliance and sell restricted software and source code to Beihang University in China. Mr. Soong did not simply mishandle sensitive materials; he willfully bypassed export laws, concealed his actions, and even embezzled from USRA in the process. Soong pleaded guilty to violating export control laws in connection with secretly funneling sensitive aeronautics software to a Beijing university.

But here is the key takeaway: once USRA learned of the misconduct, they acted fast. They alerted NASA. They conducted an internal investigation. They self-reported to the Department of Justice within days. They cooperated fully. And in the end, the DOJ rewarded them, not with a fine, but with a complete declination.

The Power of Prompt Self-Disclosure

USRA’s leadership did not wait to see if the issue would disappear or downplay it internally. Instead, they engaged with enforcement agencies early and often. This fits squarely within the DOJ’s National Security Division Guidance, which outlines how voluntary self-disclosure, cooperation, and timely remediation can mitigate or eliminate penalties.

Let’s be clear: this was a national security matter, not just a regulatory breach. The software involved may have had potential military applications, making USRA’s response all the more commendable and critical.

Internal Controls and Oversight: Where the Breakdown Happened

As much as this is a story of compliance success, it is also a reminder that internal controls must work in practice, not just on paper. There were three key control failures:

  1. Export compliance oversight was left to the same employee who committed the fraud.
  2. Internal monitoring failed to detect red flags.
  3. Supervisory negligence enabled the misconduct to continue for three years.

One of Mr. Soong’s supervisors was eventually disciplined or terminated. However, the lesson is that even well-designed controls fail when not executed or appropriately monitored.

What Made This Declination Possible?

  1. Voluntary, timely self-disclosure within days of learning of the misconduct.
  2. When the USRA discovered potential wrongdoing, they didn’t hesitate; they immediately self-reported the issue to NASA and the Department of Justice. This type of proactive disclosure is precisely what the DOJ expects when evaluating a company’s response to misconduct. The timeliness demonstrates a functioning internal control system and an ethical culture prioritizing transparency. Rather than hiding behind bureaucracy or launching a months-long internal cover-up, USRA made the call within days. That decision set the tone for everything that followed and paved the way for trust-based engagement with enforcement authorities.
  3. Full cooperation, including sharing internal findings and offering access to witnesses.
  4. USRA didn’t just make a phone call and then sit back. They actively cooperated with investigators at every stage. Their actions included providing access to key internal documents, conducting an internal investigation, and turning over their findings to the DOJ. Equally important, they facilitated interviews with relevant employees, supported the legal process, and ensured that authorities had all the resources necessary to pursue the case against the wrongdoer. In short, USRA became a partner to the government, not an adversary. Comprehensive, good-faith cooperation carries tremendous weight in a declination decision.
  5. Swift and meaningful remediation, including terminating the wrongdoer and disciplining supervisors.
  6. USRA didn’t stop at self-reporting. They took tangible steps to clean the house. Mr. Soong, the employee at the center of the misconduct, was promptly terminated. However, the company didn’t stop there; USRA also reviewed its supervisors’ actions (or inactions). At least one supervisor was disciplined or let go for failing to oversee export control responsibilities properly. The move sends a strong message internally and externally, emphasizing that accountability extends throughout the entire chain of command. This swift and meaningful remediation satisfies DOJ expectations and helps rebuild trust with business partners, regulators, and the broader public.
  7. Strong risk awareness of their role in handling sensitive, export-controlled material.
  8. USRA operates in a field where national security risks are inherent. As a NASA contractor handling sensitive aerospace research, they were well aware of the dangers posed by improper exports of data and source codes. The incident wasn’t just a case of a company claiming ignorance, as they were aware of the potential consequences. Their compliance failures came down to one rogue actor and a breakdown in oversight, not a lack of awareness. When problems surfaced, they acted with the urgency such risks demand. This situational awareness, recognizing how export control violations could ripple across global security, played a major role in helping the DOJ see them as a responsible actor.
  9. Responsiveness to the DOJ and NASA, including prompt answers and evidence production.
  10. Throughout the investigation, USRA maintained consistent and open lines of communication with both NASA and the DOJ. They promptly responded to any questions posed. They delivered the requested documents promptly and in excellent order. Such responsiveness isn’t just about meeting deadlines; it is about demonstrating respect for the investigative process and showing that the company values ethical resolution over self-preservation. By staying accessible, professional, and efficient throughout the inquiry, USRA signaled to prosecutors that they were committed to helping resolve the matter fairly and thoroughly. That level of responsiveness is precisely what the DOJ wants to see.

Lessons Learned for Compliance Professionals

  1. Speed Matters
  2. In the world of corporate enforcement, timing can be everything. Companies do not always receive declinations for self-reporting, but it often makes a significant difference when they do.  USRA moved within days to notify NASA and the DOJ of serious misconduct. That speed demonstrated a culture of integrity, robust internal reporting, and a commitment to doing the right thing even under pressure. Quick action also preserves evidence, signals accountability, and allows enforcement agencies to act more efficiently. The faster a company responds, the more credible its leadership appears and the more likely it is to be viewed as a trusted partner.
  3. Controls Must Work in Real Life
  4. Too often, compliance programs look good on paper but fail in execution. A policy isn’t controllable or effective unless it’s well-designed and implemented correctly. In the USRA case, while policies existed, execution faltered, and an employee responsible for oversight violated the law. That’s a stark reminder: your controls must work in the real world. We must regularly evaluate the effectiveness of supervisory review, dual controls, cross-checks, and audit testing. Failure to test a control could result in liability, enforcement, or worse.
  5. Know Your Risk Profile
  6. USRA dealt with export-controlled scientific software, which is a high-risk domain. Their failure wasn’t in identifying risk but in adequately mitigating and monitoring it. For every company, the starting point must be understanding your unique risk profile. Is it corruption and bribery? Data privacy? Sanctions exposure? What are the ethics of the supply chain? Compliance officers must align risk assessment, control design, and resource allocation accordingly. Implementing a universally applicable compliance program can lead to failure. Regulators expect a risk-based approach that demonstrates thoughtfulness and proportionality. You can’t mitigate what you don’t understand or defend a program that overlooks its most critical vulnerabilities.
  7. Use the Right Tone from the Top
  8. When the misconduct came to light, USRA leadership did not equivocate. They acted decisively, demonstrating a tone from the top that prioritizes ethical behavior and transparency. That tone matters. It influences how quickly issues are escalated, how freely employees speak up, and how credible regulators perceive your organization. Leadership must consistently communicate that compliance is not just a legal necessity but a core business priority. Words are important, but so is behavior: executives who support investigations, invest in controls, and respond to crises with accountability send a powerful message. That tone sets the cultural foundation for the entire compliance program.
  9. Partner with Enforcement, Don’t Oppose Them
  10. USRA’s interaction with NASA and the DOJ reflected a cooperative mindset. They partnered; they didn’t stonewall, delay, or obscure the facts. That approach is increasingly essential in today’s enforcement environment. Regulators are clear: they are looking for good-faith actors. A company that cooperates, provides relevant data promptly, and engages constructively in dialogue is far more likely to receive credit, whether in a declination, reduced penalties, or favorable settlement terms. Fighting regulators at every turn rarely results in positive outcomes. Instead, view enforcement as an opportunity to demonstrate integrity and operational maturity. Compliance should be a bridge, not a barricade.

Final Thoughts: Don’t Wait for the Crisis

USRA did not plan to become a compliance case study. However, they were ready when the time arrived. And preparation, coupled with integrity, made all the difference. This declination was not granted out of charity. We earned it. It resulted from a well-executed compliance framework, fast action, and an unrelenting drive to do the right thing. If your company faced a similar incident tomorrow, would you be ready to act like USRA? That’s the benchmark. And that’s the challenge for every compliance officer reading this.

So, take this as more than a good news story. Take it as your Monday morning prompt: check your controls, reassess your key risks, and remind your leadership that compliance isn’t about fear but readiness.