When US energy companies talk about returning to Venezuela, the conversation almost always starts with opportunity. Yet the CEO of Exxon has said Venezuela is ‘uninvestible’. There is another set of problems that every corporate compliance team will face if their company decides to enter the Brazilian market. For the compliance professional, it must start with corruption. Not episodic corruption. Not bad actors at the margins. Systemic, embedded, institutionalized corruption that touches government agencies, state-owned enterprises, procurement systems, and the judiciary. This is not a theoretical risk. It is the operating environment.

The Department of Justice (DOJ) has made clear in the Evaluation of Corporate Compliance Programs (ECCP) that high-risk jurisdictions require tailored, well-resourced, and empowered compliance programs. Venezuela is the textbook example of why. Over the next several blog posts, we will explore key issues every company and CCO will face when considering whether to enter (or re-enter) Venezuela. In Parts 1 and 2, I will consider the top 10 anti-bribery/anti-corruption (ABC) risks a compliance professional will face. (Part 1, risks 1-5; Part 2, risks 6-10). We will then consider AML risk, export control and trade sanctions, security risks, and end with operational risks.

1. Systemic Corruption Is the Baseline Condition

Risk

Venezuela is not a market where corruption appears as an exception. It is the default condition against which all business activity must be measured. For compliance professionals, this means risk assessments cannot ask whether corruption exists. They must assume it does and ask where pressure will arise. Licensing, customs, inspections, labor issues, utilities, and currency all present opportunities for improper advantage. Boards must understand this upfront. Entering Venezuela without acknowledging systemic corruption is not optimism. It is a governance failure.

Compliance Framework Response

Before addressing individual risks, the compliance function must establish baseline principles governing how risk is assessed and managed in Venezuela.

1. Assume corruption pressure exists. The risk assessment does not ask if corruption will arise, but where and how.
2. Controls must be operational, not theoretical. Policies without authority, monitoring, and escalation are not controls.
3. Risk ownership must be explicit. Every risk category has a business owner, a compliance owner, and a board oversight hook.
4. Boards govern risk; they do not run operations. Oversight is mandatory. Tactical interference is prohibited.

2. PdVSA as a Prominent and Persistent Risk

Risk

Any discussion of bribery risk in Venezuela must begin with Petróleos de Venezuela S.A. (PdVSA), which has been at the center of some of the most significant corruption schemes in modern enforcement history, involving contracts, invoices, intermediaries, and payment routing. Indeed, 10 years ago, I wrote that it would cost a fortune to schedule and confirm a meeting. But companies make the mistake of treating PdVSA as a single risk node. In reality, it is a network risk. Joint ventures, service contracts, maintenance agreements, and procurement relationships all radiate outward, exposing the organization to corruption. If your counterparty touches PdVSA, you have inherited PdVSA risk.

Compliance Framework Response

The starting point is a Venezuela-specific bribery and corruption risk assessment, refreshed whenever business scope, counterparties, or operating conditions change.

This assessment must:

• Map all government touchpoints.
• Identify all third parties by function, not just by name;
• Distinguish systemic risk from transactional risk; and
• Flag PdVSA exposure explicitly.

Outputs are not static reports. They are control design inputs.

3. Joint Ventures and Service Contracts: Shared Risk, Shared Liability

Risk

Joint ventures are often framed as risk mitigation tools. In Venezuela, they frequently do the opposite. Local partners may be politically connected. Governance structures may be opaque. Control rights may be illusory. Compliance professionals must scrutinize who appoints management, who controls procurement, and who interacts with government officials. Under the ECCP, regulators ask whether compliance has authority commensurate with risk. In a Venezuelan JV, symbolic compliance oversight is not enough.

Compliance Framework Response

1. Assessment Controls

• Government interaction mapping by function and frequency
• Identification of pressure points where discretion exists
• Historical analysis of delays, denials, or unexplained variability

2. Management Controls

• Pre-approval requirements for all government-facing interactions
• Clear prohibitions on facilitation payments
• Mandatory escalation for any demand tied to speed, access, or discretion

Monitoring

• Trend analysis of approvals and delays
• Comparison of processing times across regions or projects

1. Board Oversight Questions

• Where do we face the highest government discretion risk?
• What interactions cannot proceed without a compliance sign-off?

4. Procurement as the First Corruption Flashpoint

Risk

Procurement is where corruption pressure materializes fastest. Vendors expect to be paid for access. Officials expect influence. Intermediaries promise to “make things happen.” This is even more true in Venezuela. This is where third parties begin to matter and where compliance must be in place before contracts are signed. Retrospective diligence does not cure a corrupted procurement process. Boards should demand visibility into how vendors are selected, not just who they are.

Compliance Framework Response

1. Assessment Controls

• Explicit identification of direct and indirect PdVSA touchpoints
• Mapping of PdVSA influence over pricing, approvals, and payments
• Review of historical enforcement patterns tied to similar structures

2. Management Controls

• Enhanced due diligence for any counterparty touching PdVSA
• Compliance approval of all PdVSA-facing contract terms
• Segregation of duties around invoicing and change orders

Monitoring

• Continuous review of intermediaries interacting with PdVSA
• Red flag monitoring for unusual invoice timing or routing

1. Board Oversight Questions
2. How are PdVSA’s risks different from those of other SOEs we engage with?
3. What controls exist beyond standard third-party diligence?

5. The Illusion of “Routine” Government Interaction

Risk

Companies often underestimate corruption risk by labeling interactions as routine: inspections, permits, customs clearances, utilities, and labor approvals. And yes, the DOJ has said it will back off on enforcement of small payments, which may be traditionally made, but in Venezuela, routine functions are often monetized.  Compliance programs must draw hard lines early and firmly.

Compliance Framework Response

1. Assessment Controls

• Governance and control-rights analysis
• Identification of who appoints management and controls procurement
• Mapping of partner government relationships

2. Management Controls

• Contractual compliance rights with audit and termination authority
• Compliance veto power over high-risk activities
• Mandatory training for JV-appointed personnel

Monitoring

• Periodic compliance audits of JV operations
• Review of partner interactions with officials

1. Board Oversight Questions

• Where do we lack real compliance leverage in our JVs?
• Are control rights aligned with our risk exposure?

Join us tomorrow as we look at ABC risks 6-10, including third parties, extortion, organized crime, currency issues, and a weak rule of law.