Categories
Great Women in Compliance

Great Women in Compliance: Don’t Freak Out: Compliance from a Prosecutor-Defense Lens

Dive into the world of compliance and high-stakes investigations!

In this episode of #GWIC, Hemma Lomax talks with Jamie Hoxie Solano, Partner at Dynamis LLP and former federal prosecutor, about how compliance and legal teams can lead with precision when incidents become investigations—especially where cyber risk and digital assets raise the stakes and the speed.

We cover:

  • What prosecutors look for when assessing credibility and cooperation
  • The “first 72 hours” of an internal investigation: triage, scope, evidence, and governance
  • Why cyber and digital assets matter in changing the evidence trail and the decision timeline
  • How to protect privilege while still moving fast
  • Practical guidance for cross-functional leadership under pressure

Jamie’s Bio

Jamie Hoxie Solano is a Partner at Dynamis LLP and a former federal prosecutor. She represents individuals and companies in high-stakes matters spanning government and internal investigationswhite-collar and regulatory defense, and cybercrime and digital asset disputes.

Before returning to private practice, Jamie served as an Assistant U.S. Attorney in both the Northern District of Texas and the District of New Jersey, working in units including cybercrime and national security, and serving (among other leadership roles) as the Digital Asset Coordinator for the District of New Jersey

She is also an adjunct professor at Seton Hall Law School, where she teaches Persuasion and Advocacy.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 21 – Managing Third Parties

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 21 episode, we dive into the essential strategies for managing third-party relationships in a compliance program.

Key highlights:

  • Strategic Approach to Third-Party Relationships
  • Auditing and Ongoing Management
  • Key Takeaways

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Addressing Retaliation Against Compliance Officers: Strategies and Insights

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly look at the challenges of retaliation against Chief Compliance Officers (CCOs).

They highlight the need for ongoing communication between compliance officers and senior management and share strategies for CCOs to mitigate personal risk. The discussion includes real-world examples, the role of senior management in fostering a compliant culture, and the importance of scenario planning and training to prepare for potential issues. The episode emphasizes proactive measures such as charm offensives and preemptive remediation plans to navigate and defuse potential retaliatory scenarios.

Key highlights:

  • Real-Life Examples of Retaliation
  • Management’s Perception and Compliance Challenges
  • Building Relationships with Senior Management
  • Proactive Compliance Strategies to Prevent Retaliation
  • Framing Compliance Training Like Cybersecurity Drills

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.

Categories
Daily Compliance News

Daily Compliance News: January 21, 2026, The Excellence in Compliance Awards Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Delaware Supreme Court sides with Moelis. (Reuters)
  • CW entries for its Excellence in Compliance are now open. (CW)
  • The Philippines moves to shore up investor sentiment. (Bloomberg)
  • Goldman Sachs’ top lawyer and Epstein. (WSJ)
Categories
Blog

Returning to Venezuela: Part 3 – Export Controls and the Illusion of “Reopening”

We continue to explore what the ‘reopening’ of Venezuela to US energy companies means for the compliance professional. Over the last two days, we considered the corruption issues in Parts One and Two of this blog post series. Today in Part 3, we look at export control and trade sanction issues. I spoke with Brent Carlson, founder of Red Flags Rising Solutions LLC, for his insights.

When the White House announces that U.S. oil companies may be returning to Venezuela, the business press immediately begins talking about opportunities. Compliance professionals should be talking about risk. Not hypothetical risk. Not academic risk. Real, layered, enterprise-threatening risk that sits at the intersection of export controls, sanctions, geopolitics, corruption, security, and board oversight. The conversation I recently had with Carlson makes one thing abundantly clear: Venezuela is not “opening.” It is recalibrating. And compliance programs that treat this moment as a return to business as usual will fail.

Venezuela Remains a High-Risk Jurisdiction by Design

Let us start with first principles. Venezuela remains designated as a D:5 country under the Export Administration Regulations (EAR). That places it in the most restrictive category, alongside jurisdictions such as Iran and North Korea. Even the shipment of EAR99 items can be problematic under the current framework.

That legal reality did not change simply because the President met with U.S. energy executives. Carlson is clear on this point. Whatever policy adjustments may come will be sector-specific, narrowly tailored, and aligned with geopolitical priorities, particularly oil production. There will not be a wholesale rollback of export controls or sanctions. For compliance professionals, this means one thing: the law today is the law as it existed yesterday. Until the Bureau of Industry and Security (BIS) and OFAC issue formal guidance, licenses, or regulatory amendments, nothing has changed.

Regulatory Enforcement Follows Politics, but Law Follows Process

One of the most important compliance insights Carlson offers is that regulatory enforcement follows political drivers, which in turn follow geopolitical drivers. That is undoubtedly true. But it is also where companies get themselves into trouble. Political signaling is not legal authorization. Tweets, speeches, and press briefings do not override the Export Administration Regulations, OFAC sanctions, or anti-money laundering laws. Compliance programs must be built to withstand whiplash, not chase headlines.

This is especially critical in Venezuela, where any meaningful restart of oil production will require billions of dollars, long project timelines, complex infrastructure, and sustained government engagement. These are not quick deals. They are multi-year commitments that must be compliant from day one.

Start With the Business, but Do Not Stop There

Carlson emphasizes that compliance analysis must begin with the business opportunity itself. What is the company actually trying to do? What products or services will be provided? Who will operate them? Where will the equipment go? Who will maintain it? For compliance professionals, this requires operational fluency that goes far beyond policy review. You must understand the business process step by step. Not in the abstract. Literally, transaction by transaction.

This exercise does more than identify export control risks. It exposes corruption, diversion, money laundering, security, and reputational risks. Venezuela is not a jurisdiction where silos survive.

Dual-Use Risk Is Not Theoretical in Venezuela

Any company operating in the energy sector must assume heightened scrutiny around dual-use items. Control systems, industrial machinery, software, and communications technology can all be repurposed. Carlson makes an important point here. Companies that manufacture or deploy these items already know where the risks are. The issue is not ignorance. The problem is prioritization and escalation.

This is where proactive engagement with the BIS becomes essential. Unlike some areas of compliance, export controls encourage dialogue with regulators. Companies can and should engage BIS field offices early to discuss proposed transactions, licensing pathways, and regulatory obstacles. This is not lobbying. It is compliance.

One of the most powerful insights in our discussion is the call for compliance professionals to sit down with business operations and map every operational step. This is not busywork. It is risk triage. Too often, compliance reviews occur after a deal is already emotionally committed. At that point, compliance becomes the obstacle rather than the enabler. Carlson is explicit: sales and operations teams do not want to waste time on deals that will collapse under regulatory scrutiny. When compliance is embedded early, it improves deal quality. It filters out bad opportunities and strengthens good ones. That is value creation.

Siloed Compliance Will Fail in Venezuela

If there is one jurisdiction where compliance silos are fatal, it is Venezuela. Export controls intersect with sanctions. Sanctions intersect with AML. AML intersects with corruption. Corruption intersects with security. Security intersects with human rights and ESG. Carlson cites enforcement actions where companies failed because information did not flow across functions. Finance saw one risk. Operations saw another. Compliance saw a third. No one saw the whole picture.

For Venezuela, companies must adopt a non-siloed, enterprise-wide risk model. Export control specialists must talk to anti-corruption teams. Treasury must talk to security. Legal must talk to operations. This is not optional.

Board Oversight Must Evolve Beyond Periodic Updates

Boards of directors will play a decisive role in whether companies succeed or fail in Venezuela. Carlson is clear that boards must demand updated, transaction-specific risk assessments focused on central compliance risks, not generic program health. This is not about micromanagement. It is about governance. Boards must understand that Venezuela presents a dynamic risk environment where geopolitical shifts can occur overnight. The right board questions are not “Do we have a compliance program? ” They are:

  • What export control risks are central to this opportunity?
  • What sanctions exposure remains?
  • How are we monitoring changes in real time?
  • What is our exit strategy if conditions reverse?

The Case for a Standing Enterprise Risk Committee

Carlson raises a critical governance concept: the need for a standing, cross-functional risk committee empowered to act quickly. Not an ad hoc task force. Not an annual review. A permanent capability. We are no longer in a stable geopolitical environment. Long-trusted partners can become sanctioned entities within weeks. Supply chains built over decades can collapse overnight. For compliance professionals, this reinforces the need for real-time risk sensing, escalation protocols, and decision authority. Venezuela is simply the proving ground.

Enforcement Is Coming, Not Fading

The most sobering warning Carlson offers is about enforcement. The U.S. government has been signaling for some time that export control enforcement will increase. DOJ’s Trade Fraud Task Force, BIS outreach visits, and expanded definitions of “knowledge” under the EAR all point in the same direction. Compliance professionals should recognize the parallel to early FCPA enforcement. Policies alone are not enough. Programs must demonstrate that they identify high-probability risks, escalate them, and act. Testing matters. Documentation matters. Integration matters.

Final Thoughts

The prospect of renewed oil activity in Venezuela is not a green light for compliance. It is a stress test. Companies that approach this moment with discipline, humility, and integrated risk management can create value while protecting themselves. Companies that treat it as a political reopening will find themselves exposed on multiple fronts. For compliance professionals, this is a defining moment. The question is not whether Venezuela is open for business. The question is whether your compliance program is ready for the real world.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 20 – Third Party Risk Management Process

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 20 episode, we delve into third-party risk management, a crucial aspect of corporate compliance under the FCPA.

Key highlights:

  • Introduction to Third-Party Risk Management
  • The Five Steps of Third-Party Risk Management
  • Key Takeaways

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
AI Today in 5

AI Today in 5: January 20, 2026, The Extortion Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Moving from testing to implementation, in compliance. (CPI)
  2. An enterprise-grade Agentic AI. (IBM)
  3. Keep global AI compliance in mind. (FastCompany)
  4. Enterprise AI’s biggest risk. (TechCrunch)
  5. Will energy be the limiting factor for AI? (Green Matters)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: January 20, 2026, The First We Kill All the Lawyers Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Those fighting corruption are under attack. (NYT)
  • Lawyers are endangered in the US. (FT)
  • DOJ to eliminate lawyers’ recusals from conflicts. (MTN)
  • Trump attacks the legal profession in the 2025 review. (EFF)
Categories
Innovation in Compliance

Innovation in Compliance: Transforming from Hierarchy to High Performance: Governance and AI in 2026

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox welcomes guests Bill Sanders, Olivia Storelli, and Andrew Stevens to explore the theme ‘From Hierarchy to High Performance’ in the context of AI and corporate governance.

They take a deep dive into the critical role of AI governance, highlighting its importance for accountability and competitive advantage, and stress the need for decentralized, automated governance to ensure fair and unbiased outcomes. The discussion also covers the interplay between leadership, accountability, and culture in achieving AI success, and outlines the three primary functions of AI: customer relationships, operations, and business models. The episode emphasizes the need for execution over ambition for AI value creation and addresses how legal and compliance professionals can keep pace with the rapidly changing business environment through AI.

Key highlights:

  • The Importance of AI Governance
  • Distributed Governance and Compliance
  • AI’s Impact on Business Models and Operations
  • Decentralization and High Performance

Resources:

Download the AI Executive Whitepaper:

Text the word PLAYBOOK to 415.960.1161. 

or

Visit https://whitepaper.download/

  • Websites

https://roeblingstrauss.com/

https://www.sakurasky.com/

• LinkedIn 

LinkedIn: Bill Sanders

LinkedIn: Olivia Storelli

LinkedIn: Andrew Stevens

Books:

Innovation in Compliance was recently ranked 4th among Risk Management podcasts by 1,000,000 Podcasts.

Categories
Blog

Returning to Venezuela: Part 2 – Bribery, Corruption and the Risks You Must Confront Before You Enter

We continue our review of bribery and corruption issues (ABC) that you must address before you travel to Venezuela.  There is another set of problems that every compliance professional will face if their company decides to go into Venezuela. It is systemic corruption. Not episodic corruption. Not bad actors at the margins. Systemic, embedded, institutionalized corruption that touches government agencies, state-owned enterprises, procurement systems, and the judiciary. This is not a theoretical risk. It is the operating environment.

The Department of Justice (DOJ) has made clear in the Evaluation of Corporate Compliance Programs (ECCP) that high-risk jurisdictions require tailored, well-resourced, and empowered compliance programs. Venezuela is the textbook example of why. Over the next several blog posts, we will explore some of the key issues every company and every CCO will face when considering whether to enter (or re-enter) Venezuela. In Part 2, I will consider the second half of the 10 ABC risks a compliance professional will face. Later in this series, we will then consider AML risk, export control and trade sanctions, security risks, and end with operational risks.

In Part 1, we described the corruption environment. In Part 2, we consider what happens when companies actually try to operate inside it. This is where theory meets pressure. We begin our numbers with 6, picking up where we left off yesterday.

6. Extortion Is Not a Defense

In Venezuela, companies are often told, “You have no choice.” Payments are demanded to release cargo, protect personnel, or continue operations, sometimes thinly veiled as “fees” for expedited treatment. Venezuelan law itself recognizes extortion as a corruption offense, in which a public official abuses their position to demand an undue benefit. Under Venezuelan anti-corruption law, extortion (called concussion) carries criminal penalties and fines.

At the same time, U.S. enforcement views participation in extortion as a compliance red flag. While coercion can be a mitigating factor in narrow circumstances under the Foreign Corrupt Practices Act (FCPA) or the Foreign Extortion Prevention Act (FEPA), repeated payments, disguised invoices, or third-party routing create evidence of complicity. Deciding to pay from the field without escalation essentially decides for the company, and compliance will struggle to justify it under an ECCP review. Compliance professionals must define escalation paths, refusal protocols, and clear exit points before any signs of extortion arise. Waiting to decide “in the moment” is too late.

Compliance Response

1. Assessment Controls

  • Identify operational choke points where officials or intermediaries can halt operations, including ports, customs, checkpoints, utilities, and inspections.
  • Assess historical incidents involving detentions, delays, threats, or asset seizure tied to payment demands.
  • Map scenarios where employee safety or operational continuity could be leveraged for improper payments.

2. Management Controls

  • Establish a zero-tolerance policy for extortion payments, with narrowly defined emergency exceptions tied to imminent health or safety threats.
  • Implement pre-approved emergency response protocols for detentions, threats, or seizures.
  • Prohibit third-party routing, recharacterization, or retroactive approval of payments in the context of extortion scenarios.
  • Require contemporaneous documentation of all extortion-related incidents and decisions.

3. Monitoring

  • Track frequency, location, and duration of detentions or operational stoppages.
  • Review off-cycle, urgent, or cash payment requests for patterns.
  • Audit expense categories are commonly used to disguise extortion payments.

4. Board Oversight

  • Where are we most exposed to extortion pressure?
  • How often are emergency exceptions invoked, and are they increasing?
  • At what point do we pause or exit operations rather than continue under pressure?

7. Third Parties as the Primary Corruption Vector

In Venezuela, third parties are the everyday vectors through which corruption pressure crystallizes. Agents, customs brokers, logistics providers, security vendors, and even local fixers frequently serve as the conduit for improper value transfers. These intermediaries claim to navigate Venezuela’s opaque systems, but they also create liability if their actions result in bribery or improper advantage.

Pressure points are endemic and include:

  • Customs clearance: Goods may be held pending unofficial “service fees” or clearance bribes.
  • Port operations: Terminal operators or officials may demand payments for priority access.
  • Transportation: Toleration at checkpoints is often predicated on unofficial payments.
  • Security arrangements: Local guards or militia may demand fees for access or protection.
  • Licensing follow-up: Expediency “services” are offered at a premium.

Third parties promise solutions. They also create liability when their conduct crosses legal lines. Under the ECCP, regulators will ask whether the company understands and monitors how these third parties operate in practice, not just whether it has a diligence checklist. Paper diligence alone is insufficient where pressure is constant, and corruption vectors hide in plain sight.

Compliance Response

1. Assessment Controls

  • Classify third parties by function (customs, logistics, security, licensing), not by spend alone.
  • Identify third parties that interact directly with government officials.
  • Assess compensation structures for success fees, urgency premiums, or discretionary payments.

2. Management Controls

  • Apply enhanced due diligence to high-pressure third-party functions.
  • Require detailed, verifiable scopes of work tied to legitimate services.
  • Mandate compliance approval before onboarding or paying high-risk third parties.
  • Prohibit subcontracting or pass-through arrangements without prior written approval.

3. Monitoring

  • Conduct invoice analytics to identify duplications, rounding issues, urgency issues, or vague descriptions.
  • Monitor third-party performance against contractual scope and deliverables.
  • Review third parties involved in repeated government interactions or escalations.

4. Board Oversight

  • Which third-party functions create the greatest corruption pressure?
  • How do we verify what third parties do in practice?
  • When do we terminate a third-party relationship rather than attempt remediation?

8. Organized Crime and the Blurred Line of “Business”

In Venezuela, organized crime intersects with commerce, logistics, and even parts of the formal economy. Corruption and criminal networks often coalesce in sectors like mining, fuel distribution, and transport infrastructure, where armed groups and informal power structures exercise influence. Some of these networks are intertwined with state actors, and corruption and illicit activity can reinforce one another.

For compliance professionals, this means recognizing when business relationships drift into criminal entanglement. That drift is not always obvious at contract signing. Contracts negotiated under duress or through intermediaries with opaque ownership may conceal criminal activity. Continuous monitoring matters precisely because initial signals are subtle. The line between a vendor and a syndicate can be ecosystem-specific and may manifest in patterns of behavior, unexplained payments, or associations with known corrupt actors.

This is also where AML risk begins to dominate. When organized crime is part of the value network, it is present through smuggling rings, illicit fuel markets, or bribery conduits.  The controls for bribery, AML, sanctions, and export compliance must interlock to detect and escalate suspicious patterns.

1. Assessment Controls

  • Screen vendors and partners for criminal exposure, unusual affiliations, and opaque ownership.
  • Assess whether services operate in sectors known for illicit activity, including fuel distribution, logistics, or private security.
  • Review beneficial ownership structures and local power dynamics.

2. Management Controls

  • Integrate anti-bribery, AML, and sanctions screening for high-risk vendors.
  • Require certifications regarding lawful sourcing, operations, and subcontractors.
  • Prohibit informal arrangements, undocumented services, or side agreements.

3. Monitoring

  • Monitor for cash-intensive activity without commercial justification.
  • Track changes in ownership, management, or operational behavior.
  • Escalate associations with known illicit markets, actors, or criminal networks.

4. Board Oversight

  • How do we detect drift from legitimate commerce into criminal entanglement?
  • What triggers an immediate suspension or exit?
  • Are our controls sufficient to identify concealed criminal exposure?

9. Currency, Pricing, and Manipulation Pressure

Venezuela’s economic distortions, including exchange controls, multiple currency rates, and the scarcity of hard currency, create fertile ground for corruption. Access to U.S. dollars through official channels is tightly controlled, which historically has led companies and intermediaries to engage in schemes to secure foreign exchange at preferential rates. A notable U.S. enforcement action involved a major telecommunications subsidiary that allegedly bribed officials to gain access to a currency auction and disguised corrupt commissions through inflated equipment purchases.

These distortions become more than operational headaches. They create incentives for side payments and off-book arrangements on pricing and contracts. These practices are not just bribery issues. They implicate accounting integrity, financial reporting, AML vigilance, and sanctions exposure. Once money flows lose transparency, whether through inflated vendor invoices, opaque currency conversions, or third-party routing, compliance loses line-of-sight and control. This intersection reinforces why a compliance program must integrate transactional monitoring and financial controls alongside anti-bribery controls to detect anomalies that traditional gift/entertainment policies won’t reveal.

Compliance Response

1. Assessment Controls

  • Identify exposure to foreign exchange approvals, currency scarcity, and pricing discretion.
  • Review historical pricing anomalies or currency-related workarounds.
  • Map payment flows involving third-country or non-standard accounts.

2. Management Controls

  • Enforce strict controls over pricing adjustments and currency conversions.
  • Require joint Finance–Compliance approval for non-standard payment terms.
  • Prohibit side agreements, rebates, or off-book arrangements.

3. Monitoring

  • Monitor invoices for inconsistencies with market pricing.
  • Flag requests for alternative currencies or complex payment routing.
  • Conduct periodic reviews of foreign exchange transactions and pricing deviations.

4. Board Oversight

  • Where do currency controls create the strongest corruption incentives?
  • How do we maintain transparency in pricing and payments?
  • When does financial complexity cross into unacceptable risk?

10. Weak Rule of Law Raises the Stakes

Venezuela’s judiciary and law enforcement institutions are widely seen as politicized, under-resourced, and inconsistent in enforcing anti-corruption laws. Although the Venezuelan legal framework criminalizes extortion, passive and active bribery, and related offenses, enforcement is weak and selective. In practice, companies cannot rely on local remedies to resolve disputes or push back against corrupt demands.

This elevates the importance of internal compliance controls and pre-defined exit strategies. When there is no neutral referee, no reliable government adjudicator, and prevention becomes the only viable protection. It also means that compliance must internalize enforcement risk rather than outsource it to local authorities. A robust compliance program must include strict refusal protocols, incident documentation, real-time monitoring, and clear decision-making boundaries. Without these, companies are exposed to both local corruption risk and U.S. enforcement risk under the FCPA and allied statutes.

Compliance Response

1. Assessment Controls

  • Assume limited availability of neutral local legal remedies.
  • Identify areas where officials exercise unchecked discretion.
  • Assess reliance on informal dispute resolution mechanisms.

2. Management Controls

  • Strengthen internal documentation, approval, and escalation requirements.
  • Define clear walk-away criteria when disputes cannot be resolved lawfully.
  • Require Legal and Compliance review of all high-risk disputes and resolutions.

3. Monitoring

  • Track disputes resolved outside formal legal or contractual processes.
  • Review patterns of repeated “local solutions” or informal settlements.
  • Assess escalation timelines and resolution outcomes.

4. Board Oversight

  • Where are we relying on influence rather than process?
  • How quickly do disputes escalate to senior leadership?
  • When do we exit rather than attempt resolution?

Parts 1 and 2 of this series make clear that bribery and corruption are not peripheral risks in Venezuela. They are the entry conditions. From systemic corruption and PDVSA exposure to extortion, third-party involvement, currency manipulation, and a weak rule of law, each risk compounds the next. For compliance professionals, the lesson is not that Venezuela is impossible, but that it is unforgiving of informal controls, delayed escalation, and weak governance. Elevated risk can be managed only through disciplined assessment, operational controls, continuous monitoring, and engaged board oversight. When corruption becomes operational, however, another risk inevitably follows.

Next in Part 3 of this series, we turn to anti-money laundering, where improper value moves, hides, and metastasizes beyond corruption alone. Bribery is how improper value enters the system. Money laundering is how it moves and hides. Once corruption becomes operational, AML risk becomes unavoidable. Join us tomorrow for Part 3 in our series.