Categories
Blog

Beyond the Checklist: Dynamic Fraud Risk Assessments for the Failure to Prevent Fraud Offense

We continue our review of the Economic Crime and Corporate Transparency Act 2023, which has elevated the expectations for senior leadership and boards across large organizations. Fortunately, the UK government has put out a document entitled “Economic Crime and Corporate Transparency Act 2023: Guidance to organisations on the offence of failure to prevent fraud.” (The Guidance) Section 3.2 of the official guidance, titled “Top Level Commitment,” should be required reading for every compliance professional seeking to build a credible, defensible, and sustainable anti-fraud culture. Today, we take a deep dive into the requirement for a fraud risk assessment.

As compliance professionals eagerly anticipate the impending go-live of the UK’s Failure to Prevent Fraud Offense, it is paramount to revisit the foundational pillar of any anti-fraud strategy—the fraud risk assessment. The act of assessing fraud risk has always been critical, but in this new legislative context, its significance cannot be overstated. The comprehensive risk assessment outlined by guidance in section 3.2 provides a blueprint that can prepare your organization not only to meet compliance standards but also to strengthen your corporate defenses against fraud.

Risk assessments must be both dynamic and regularly updated. Static, outdated assessments leave your organization exposed, failing to capture evolving fraud techniques and risks introduced by changes in personnel, procedures, technology, or external environments. Organizations are now explicitly encouraged to leverage their existing risk assessment frameworks, extending them to encapsulate the broader scope of the Failure to Prevent Fraud Offense. This approach not only maximizes efficiency but also ensures thoroughness and cohesion within your risk management strategies.

Identifying Associated Persons

The term “associated persons” casts a wide net, and it is essential to thoroughly understand who within and outside your organization could potentially expose you to risk. This includes agents, contractors, and personnel in sensitive roles such as finance or procurement. Each category presents unique fraud risks, ranging from false representation and failure to disclose to false accounting and abuse of position. Properly categorizing and assessing these typologies enables targeted, efficient mitigation measures and preventive strategies tailored to specific vulnerabilities.

Leveraging the Fraud Triangle

Compliance professionals must use the Fraud Triangle. Opportunity, motive, and rationalization are foundational tools to structure their risk assessments. Each element provides a lens through which potential fraud scenarios can be systematically evaluated:

  1. Opportunity: Does your organization inadvertently offer avenues for fraudulent activity due to weak controls, insufficient oversight, or technological vulnerabilities? For instance, departments such as finance, procurement, and marketing often harbor increased opportunities for fraud due to their access to funds or sensitive information. It’s also crucial to consider external agents or contractors operating with minimal oversight.
  2. Motive: Financial incentives and operational pressures can drive individuals towards fraudulent activities. Compliance teams must critically assess whether reward systems such as bonuses or commissions could unintentionally incentivize fraud. Additionally, organizational pressures related to achieving financial targets, impending mergers, acquisitions, or regulatory deadlines must be closely monitored.
  3. Rationalization: The justification of fraudulent acts often stems from organizational culture and industry norms. A company that subtly tolerates fraud, perhaps viewing it as a necessary evil for winning business or reaching targets, sets the stage for rationalization. Ensuring a robust speak-up culture and providing effective whistleblowing channels can significantly mitigate this risk.

Using Diverse Sources and Preparing for Emergency Scenarios

Risk assessment is enriched by diverse sources, including data analytics, past audit findings, industry-specific information, regulatory enforcement actions, and publicly available prosecutions or DPAs. These resources not only help identify potential fraud scenarios but also benchmark your organization’s prevention measures against industry standards and practices.

Unexpected emergencies, from natural disasters to economic crises, inherently increase fraud risks. Organizations must proactively incorporate emergency scenarios into their risk assessments. Doing so not only complies with the statutory obligation to demonstrate reasonable fraud prevention measures but also practically prepares your organization to adapt and maintain integrity during challenging times swiftly.

Classification and Regular Review of Risks

A thorough risk assessment involves classifying inherent risks by their likelihood and impact. This classification is vital in prioritizing resources effectively, focusing efforts on mitigating high-impact, high-probability risks. Regular reviews of your risk assessment, typically every two years, or sooner if triggered by significant internal or external changes, ensure its continued relevance and effectiveness.

Failing to update and refine your risk assessment regularly can expose your organization to severe consequences. Courts may interpret outdated assessments as indicators of inadequate preventive measures, leaving your organization vulnerable to penalties and reputational harm.

Five Key Takeaways for the Compliance Professional

Here are five key takeaways for the compliance professional:

1. Dynamic and Regular Updates Are Essential:

Risk assessments must not be viewed as one-off or static exercises. Continuous monitoring, regular updating, and adaptation to emerging fraud threats are essential to maintain relevance and ensure comprehensive fraud prevention capabilities.

2. Comprehensive Identification of Associated Persons:

Given the expansive definition of “associated persons,” compliance professionals must carefully identify and categorize all internal and external parties capable of exposing the organization to fraud risks. Tailored fraud risk mitigation strategies should then be developed based on these typologies.

3. Utilize the Fraud Triangle Effectively:

Applying the fraud triangle’s elements, opportunity, motive, and rationalization, can provide structure and depth to fraud risk assessments. This systematic approach helps to uncover specific vulnerabilities and inform targeted preventive measures.

4. Broaden Your Sources of Risk Intelligence:

Compliance professionals must leverage multiple sources, including past audit reports, data analytics, regulatory enforcement actions, and publicly available case studies. Integrating this diverse intelligence enhances the effectiveness and breadth of fraud risk assessments.

5. Incorporate Emergency Scenario Planning:

Fraud risks escalate during emergencies. Preparing and integrating emergency scenarios into your fraud risk assessment framework helps ensure that robust fraud prevention measures remain effective during crises, aligning your risk management practices with statutory obligations and best practices.

The Time to Act is Now

The clock is ticking towards the implementation of the Failure to Prevent Fraud Offense, and complacency is not an option. Conducting and maintaining a dynamic, comprehensive fraud risk assessment is no longer just best practice. It is a statutory necessity. By rigorously identifying associated persons, leveraging the Fraud Triangle, drawing insights from diverse sources, preparing for emergency scenarios, and regularly reviewing your assessment, your organization can confidently demonstrate its commitment to fraud prevention. Proactive engagement in these activities not only fortifies your compliance posture but also significantly enhances your organization’s resilience against fraud. Compliance professionals must seize this opportunity to reinforce their strategic value, embedding effective anti-fraud measures into their organizational culture and operations as we move closer to this critical regulatory milestone.

Join us tomorrow as we consider the procedures to implement your fraud risk assessment.

Categories
Red Flags Rising

Red Flags Rising: S01 E22 – All-In on America’s AI Action Plan

Mike and Brent go All-In regarding America’s AI Action Plan, unveiled by the White House on Wednesday, July 23, 2025, and discussed in detail at a forum the same day co-sponsored by the All-In Podcast and the Hill & Valley Forum.

Mike and Brent discuss how these developments relate to the “Moment of Truth” discussed in Episode 20 (00:31), the Three Pillars of America’s AI Action Plan (01:07), how the Three Pillars relate to their recent BRG ThinkSet magazine article (01:45), the commercial opportunity presented by full-stack AI export privileges under the AI Action Plan and how the “stack sweeps” previewed on Episode 19 are the compliance corollary to this commercial opportunity (02:32), Secretary of Commerce Howard Lutnick’s remarks about where to draw the line between sensitive and non-sensitive exports from a national security perspective and how this relates back to their recent ThinkSet article (05:00), how Pillar Three—Lead in International AI Diplomacy & Security—relates to many ongoing bilateral trade negotiations (07:23), the importance of not making anyone look like a sucker or a fool (08:34), the AI Action Plan’s reference to secondary tariffs as a means to make sure other countries don’t “backfill” where U.S. export controls create opportunities (08:53), the potential impact of the Maintaining American Superiority by Improving Export Control Transparency Act that is on the President’s desk for signature into law (11:20), the continuing relevance of end-user and end-use controls and the “high probability” standard (14:10), how Pillar Three also focuses on strengthening AI compute export controls enforcement by the Department of Commerce with support from the U.S. intelligence community (15:23), updates on Department of Commerce political employees’ confirmation process and reference therein to the Bureau of Industry & Security’s “red flag” guidance to industry (16:21), and the fundamental “deal” between the U.S. government and the U.S. tech sector evident in the AI Action Plan (18:42). Mike and Brent then conclude with an “all-in” version of Brent Carlson’s “Managing Up” segment (24:46).

Resources:

America’s AI Action Plan

The White House’s Announcement of America’s AI Action Plan

The All-In Podcast

The Hill & Valley Forum

Brent LinkedIn

Mike LinkedIn

Mike & Brent’s “Fresh Looks” Series

Categories
The Ethics Experts

Episode 224 – Elena Kohn

In this episode of The Ethics Experts, Nick welcomes Elena Kohn.

After graduating from University College London and Stetson University College of Law (both with honors), Elena has been focusing her legal career in the healthcare space. She understands the challenges businesses face when navigating the ever-changing healthcare regulatory landscape. At AdventHealth, Elena is responsible for advice and counsel to several hospitals in the West Florida Division of the company in connection with healthcare legal issues, including medical staff issues, patient issues, physician contracts, practice acquisitions, Board advising, corporate matters, and federal and state laws. She has two children and loves fine-tuning her debate skills with her young daughter.For an extra challenge, she takes on her teenage son – and sometimes wins.

Connect with Elena on LinkedIn.

Categories
Corruption, Crime and Compliance

Update on False Claims Act and Customs Evasion Liability

A competitor could trigger a federal investigation against your company, just by filing a whistleblower complaint about your imports. In this episode, Michael Volkov explores how the Trump Administration is reshaping the enforcement landscape by linking trade compliance and the False Claims Act (FCA) in unprecedented ways. With “trade and customs fraud, including tariff evasion” now a DOJ national priority, companies engaged in international trade face growing legal and reputational risks. A recent Ninth Circuit ruling has only intensified the stakes.

You’ll hear him discuss:

  • Why DOJ is combining trade enforcement and FCA cases, and what that means for companies that import goods into the U.S.
  • How “reverse false claims” work in the trade context, and why import misclassification, undervaluation, or incorrect country-of-origin declarations are now high-risk areas.
  • Recent high-dollar settlements – including $45 million in one case – where companies paid the price for customs fraud violations.
  • The significance of the Ninth Circuit’s decision in Island Industries v. Sigma Corp., which confirmed DOJ’s ability to pursue customs fraud claims under the FCA in federal court.
  • How whistleblowers, including competitors, are using FCA claims as a strategic tool in the marketplace, leading to sealed complaints and increased litigation.
  • What companies should be doing now to evaluate and reinforce their trade compliance programs, from reviewing documentation and broker relationships to training and internal reporting.
  • Why ignoring tariff and duty obligations – or failing to investigate them thoroughly – could be seen as deliberate indifference, exposing companies to both civil and criminal liability.

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 57 – Leadership & Tone from the Top Lessons from “The Paradise Syndrome”

Few Star Trek episodes put Captain Kirk in as vulnerable or as revealing a position as “The Paradise Syndrome.” What begins as a routine mission to deflect an asteroid from a primitive planet spirals down into an exploration of leadership, identity, and the power of influence from the very top. For corporate compliance professionals, this story is a masterclass in how tone from the top and authentic leadership can either protect or imperil an entire organization.

Join me as we step through the wormhole and extract five vital leadership lessons for the modern compliance officer, each illustrated by scenes from this unforgettable episode.

1. Leadership Presence Is the First Line of Defense

Illustrated By:  As soon as Kirk disappears, Spock and McCoy sense something is amiss. The crew is uneasy, decision-making becomes muddled, and a lack of clear command amplifies the mission’s urgency.

Compliance Lesson: The tone set by leadership isn’t just about lofty statements or annual memos. It’s a daily, lived presence.

2. Values Must Be Internalized, Not Just Announced

Illustrated By: Despite not knowing who he is, Kirk’s instincts for fairness, curiosity, and protection shine through. He becomes a leader not by decree, but by action.

Compliance Lesson: True leadership is more than titles and speeches; it’s about internalized values that guide decisions, even under stress or uncertainty. Kirk’s ethical compass survives amnesia because it’s part of who he is.

3. Crisis Reveals the True Tone from the Top

Illustrated By: Spock makes tough, sometimes unpopular decisions, including pushing the engines to dangerous limits.

Compliance Lesson: In a crisis, all eyes turn to leadership. How leaders act or fail to act under stress defines the tone from the top far more than any code of conduct. Spock’s resolve and willingness to make hard choices keep the crew focused on their mission, even as doubt and tension rise.

4. Empathy and Communication Sustain Compliance

Illustrated By: While among the villagers, Kirk forms relationships based on empathy and service.

Compliance Lesson: Leadership is not just about command; it is about connection. In compliance, the ability to listen, understand, and respond to concerns is just as important as issuing directives. Empathy builds credibility and encourages a culture of speaking up, especially during times of change.

5. Sustainable Culture Requires Both Structure and Spirit

Illustrated By: When Kirk finally regains his memory and identity, he is torn between his love for Miramanee and his duty to the Enterprise.

Compliance Lesson: Tone from the top is sustained not just by systems and controls, but by the personal commitment of leaders to do what’s right, even when it’s difficult. The spirit of compliance must be aligned with the structure of compliance; one without the other is incomplete.

Final ComplianceLog Reflections

The Paradise Syndrome” is a cautionary tale and an inspiration. When leadership vanishes, even temporarily, an organization’s values, direction, and resilience are put to the test. Kirk’s journey reminds us that leadership is not just about the title on the door but about daily actions, internalized values, and the ability to connect authentically with those you lead.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Strategies for Embedding Compliance into your Organization

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, what are some key strategies for embedding compliance into your organization?

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Adventures in Compliance

Adventures in Compliance: The Novels – The Hound of the Baskervilles: Uncovering M&A Compliance Lessons

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into the Sherlock Holmes novels. Over the course of this season, Tom Fox will take a deep dive into each novel in a four-part series. The four novels we will consider from the ethics and compliance perspective are A Study in Scarlet, The Sign of Four, The Hound of the Baskervilles, and The Valley of Fear. For the month of July, we are considering lessons from The Hound of the Baskervilles. Today, Timothy and Fiona are back to consider the pre- and post-acquisition M&A lessons from the novel.

This episode explores the fascinating parallels between Sir Arthur Conan Doyle’s ‘The Hound of the Baskervilles‘ and modern corporate compliance. By examining Sherlock Holmes’ meticulous investigative methods, we gain critical insights into due diligence, compliance integration, and forensic investigations. Discover how to apply Sherlockian principles to proactively prevent corruption, foster an ethical corporate environment, and transform potential liabilities into assets. We break down these ideas into three stages: pre-acquisition due diligence, post-acquisition training and integration, and the handling of forensic investigations when issues arise.

Highlights include:

  • Pre-Acquisition Due Diligence: The Sherlockian Approach
  • Post-Acquisition Integration: Building a Baskerville Hall of Compliance
  • Forensic Investigations: Swift and Evidence-Based Responses
  • Conclusion: Applying Sherlockian Insights to Modern Compliance

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

Sherlock Holmes, The Novels with an introduction by Michael Dirda

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
All Things Investigations

All Things Investigations – Navigating Secondary Tariffs with Mike Huneke and Brent Carlson

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox is joined by HHR partner Mike Huneke and BRG Director Brent Carlson to discuss secondary tariffs.

Mike Huneke and Brent Carlson are leading experts in trade compliance, with a particular focus on the intricacies and impacts of tariffs and secondary tariffs within the global economic landscape. Huneke emphasizes the existential threats tariffs pose to businesses, stressing the importance of understanding their effects on countries with significant economic ties to Russia, such as China, and advising companies to reassess trade relationships with nations like China, Brazil, Russia, and Iran. Carlson emphasizes the need for trade compliance officers to adapt to the rapidly evolving geopolitical landscape, advising companies to assess their suppliers and consider potential indirect transactions through transshipment countries to navigate imposed tariffs effectively. Both experts emphasize the importance of businesses adopting a dynamic, risk-based approach to compliance, anticipating challenges, and making informed decisions to mitigate financial impacts and maintain shareholder value amid shifting trade patterns and geopolitical tensions.

Key highlights:

  • Geopolitical Impact of Secondary Tariffs
  • Global Trade Dynamics Amid Geopolitical Shifts
  • Trade Compliance Risks: False Claims & Tariff Evasion
  • Resilient Supply Chain Strategy Amid Global Trade Dynamics
  • Negotiating Tactics in Geopolitical Tariff Strategy

Resources:

Mike Huneke

Hughes Hubbard & Reed Website

Brent Carlson

BRG Website

Categories
Daily Compliance News

Daily Compliance News: July 28, 2025, The Where is Grasshopper When You Need Him Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including those related to compliance, ethics, risk management, leadership, or general interest, that are relevant to the compliance professional.

Top stories include:

  • Meta to end Political Ads in the EU. (NYT)
  • The EU cuts aid to Ukraine due to corruption issues. (NYT)
  • Was bribery involved in the Skydance-Paramount deal? (Deadline)
  • The head of the Shaolin Temple in China is in hot water over corruption allegations. (FT)

You can donate to flood relief for victims of the Kerr County flooding by going to the Hill Country Flood Relief here.

Categories
FCPA Compliance Report

FCPA Compliance Report – 10 Core Principles for Effective Internal Investigations with Michelle Peirce

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Michelle Peirce from Hinckley Allen, where she co-chairs the White Collar and Government Enforcement Group.

They take a deep dive into Michelle’s article on the 10 Core Principles Common to Internal Investigations, discussing topics such as the importance of understanding the investigation’s purpose, maintaining privilege, the role of an engagement letter, deciding between written reports and verbal summaries, and the significance of billing and internal communications. Michelle also shares her insights from her professional background, including her experience as a special assistant district attorney, and touches on current pressures on compliance tied to self-disclosure to the DOJ. The conversation offers a comprehensive guide for organizations on conducting successful internal investigations.

Key highlights:

  • Role and Challenges in Internal Investigations
  • Core Principles of Internal Investigations
  • Importance of Privilege and Engagement Letters
  • Written vs. Verbal Reports
  • Order and Structure of Investigations
  • Professionalism and Billing in Investigations

Resources:

Michelle Peirce on LinkedIn

Michelle Peirce at Hinckley Allen

10 Core Principles Common to Internal Investigations

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the use of AI in compliance programs, my new book is Upping Your Game. You can purchase a copy of the book on Amazon.com.