Categories
Compliance Tip of the Day

Compliance Tip of the Day – Compliance, Ethics and Your Supply Chain

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we will consider how compliance can improve your supply chain.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Upping Your Compliance Game, Part 2 – Compliance, Ethics and Your Supply Chain

The Trump Administration has suspended FCPA enforcement for the foreseeable future. What does that mean for compliance professionals? Hui Chen has suggested this should be seen as an opportunity for compliance, but to do so, “It’s time to up your game . . . Instead of selling insurance for FCPA enforcement, become leaders that help your organizations perform.” Based on this challenge by perhaps the most imminent compliance commentator around, I am going to devote the next several blog posts to ways in which compliance professionals can indeed up their collective game and demonstrate the importance of not simply compliance but ethics and compliance. Today, it is in your Supply Chain.

Have you ever stopped to consider the human rights abuses at the root of the products you use daily? From solar panels to computer screens, the exploitation of the Uyghur minority in China is a painful reality that has been hidden from Western consumers for far too long. Compliance professionals must now confront this issue head-on, ensuring their organizations meet regulatory requirements and uphold ethical business practices.

The global supply chain, long enabled by forced labor and geopolitical complexities, faces a reckoning. The Uyghur Forced Labor Prevention Act (UFLPA), the shifting dynamics of global trade post-COVID-19, and increasing tensions with China all underscore the urgent need for corporations to re-evaluate their sourcing strategies. Let’s explore the key measures compliance professionals must take to mitigate these risks and establish a more ethical and resilient supply chain.

UFLPA represents a turning point in corporate responsibility. This legislation prohibits goods made wholly or partly in Xinjiang from entering the U.S. unless companies can provide clear and convincing evidence that their products are free from forced labor. Given the widespread exploitation in this region, achieving compliance is no small feat.

Xinjiang, home to the oppressed Uyghur population, is a major hub for materials like neon, steel, lithium, and silica, which are critical components in many industries. These industries, controlled by paramilitary organizations, thrive on forced labor, driving down production costs while manipulating global markets.

For compliance professionals, this presents a major challenge. Companies must:

  • Conduct thorough supply chain audits.
  • Require suppliers to provide clear documentation proving ethical sourcing.
  • Leverage technology, such as blockchain, to improve transparency.
  • Engage with third-party investigators to conduct independent assessments.

Taking UFLPA compliance seriously is not just a legal obligation but a moral one. Companies that fail to act risk hefty fines and irreparable reputational damage.

Diversifying the Supply Chain: A Risk Management Necessity

Over-reliance on China has long been a vulnerability, and recent geopolitical tensions have only magnified this risk. A diversified supply chain is an ethical imperative and a strategic advantage. Companies can mitigate supply chain disruptions and regulatory exposure by expanding sourcing beyond China.

Compliance professionals should advocate for:

  • Investment in Southeast Asia. Vietnam, Malaysia, and Cambodia offer alternative sourcing opportunities with fewer ethical concerns and growing industrial capabilities.
  • Nearshoring to North America. Mexico presents an interesting alternative because of its proximity to the U.S. and its established manufacturing sector.
  • Enhanced supplier due diligence. Companies must ensure that alternative suppliers comply with international labor and human rights standards.

The ability to pivot away from forced labor-dependent supply chains will help companies meet compliance requirements and enhance long-term business continuity.

Investing in Alternative Sources of Supply

Beyond geographic diversification, businesses must rethink their sourcing strategies to ensure sustainability and security. Investing in alternative materials and innovative technologies can reduce dependence on high-risk supply chains.

Key actions include:

  • Developing alternative raw material sources. Lithium, silica, and other key materials can be sourced outside of Xinjiang, reducing exposure to forced labor risks.
  • Strengthening partnerships with ethical suppliers. Vetting and fostering long-term relationships with suppliers in ethical jurisdictions ensures compliance and reliability.
  • Investing in R&D for alternative technologies, such as researching new production methods and materials, can help reduce dependence on unethical sources.

Compliance officers must take the lead in integrating these strategies into corporate supply chain policies, ensuring that ethical considerations are embedded in procurement decisions.

Reshoring Manufacturing: Enhancing Security and Compliance

Reshoring, bringing manufacturing back to stable, free-market economies, presents an interesting solution to supply chain vulnerabilities. Companies that invest in domestic or nearshore production benefit from:

  • Greater regulatory oversight and labor protections.
  • Reduced risks of tariffs, sanctions, and trade restrictions.
  • Shorter, more resilient supply chains.

The U.S. and UK, in particular, offer untapped manufacturing potential with over 525,000 underutilized manufacturers in the U.S. alone. Reshoring can help companies mitigate the risks associated with China while bolstering domestic economies.

For compliance professionals, reshoring initiatives should be integrated into long-term corporate strategy discussions. While the initial costs may be higher, the long-term benefits—ethical assurance, reduced risk exposure, and supply chain resilience—far outweigh the challenges.

The Case for Investing in U.S. Manufacturing

Beyond reshoring, direct investment in U.S. manufacturing presents an opportunity to ensure both ethical and economic stability. Compliance professionals should advocate for:

  • Incentives for domestic production. Lobbying for tax incentives and subsidies can help make U.S. manufacturing cost-competitive.
  • Strengthening workforce training programs. Investing in a skilled domestic workforce ensures long-term manufacturing sustainability.
  • Leveraging technology to enhance efficiency. Automation and advanced manufacturing techniques can offset higher labor costs, making U.S. production more viable.

With 525,000 manufacturers in the U.S. currently underutilized, the potential for strengthening domestic supply chains is immense. Businesses willing to make this investment will gain ethical credibility and a long-term competitive advantage.

The Compliance Mandate for Ethical Supply Chains

The Uyghur Forced Labor Prevention Act, geopolitical tensions with China, and the need for supply chain diversification are not just news headlines but corporate compliance imperatives. Companies that fail to address these challenges risk legal consequences, operational disruptions, and reputational harm.

To navigate this evolving landscape, compliance professionals must:

  • Ensure rigorous UFLPA compliance through enhanced audits and documentation requirements.
  • Advocate for supply chain diversification to mitigate reliance on high-risk regions.
  • Invest in alternative sourcing and ethical suppliers to ensure business continuity.
  • Consider reshoring manufacturing to enhance oversight and security.
  • Champion investment in U.S. manufacturing as a long-term compliance and business strategy.

By taking these steps, companies can move beyond reactive compliance and become proactive leaders in ethical business practices. The future of corporate supply chains must be built on transparency, sustainability, and respect for human rights. Compliance professionals are uniquely positioned to drive this change, ensuring regulatory adherence and a more just and equitable global marketplace.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – How Ethics and Compliance Drive ROI

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider how effective compliance equates to a more efficient business process and greater ROI.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Adventures in Compliance

Adventures in Compliance – Institutional Justice and Institutional Fairness Lessons from The Adventure of the Veiled Lodger

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case-Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider the story The Adventure of the Veiled Lodger.

Tom emphasizes the importance of fairness and transparency in compliance investigations, accountability without retaliation, encouraging whistleblowers, and addressing systemic failures. The episode also highlights how ethics and compliance must be ingrained in corporate culture, reflecting principles from the Department of Justice’s 2020 and 2024 updates to the Evaluation of Corporate Compliance Programs. Through Holmes’ empathetic approach, compliance professionals can learn the importance of contextual investigations and the pursuit of institutional justice. Tom invites Sherlock Holmes enthusiasts to engage in discussions about the stories and underscores the role of compliance in fostering a fair and ethical workplace.

Highlights include:

  • The Story of the Veiled Lodger
  • Lessons on Institutional Justice and Fairness
  • Lessons for CCOs

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

 Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – National Security and Legal Perspectives with Kevin Carroll

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Kevin Carroll, now a partner at Fluet, to discuss national security issues to date under the Trump Administration.

Kevin Carroll discusses his move to Fluet Law, a national security law firm. He delves into the ongoing chaos in national security, ranging from employees’ concerns over legal processes at the Agency for International Development and the FBI to the unprecedented moves of the Trump administration in reprioritizing enforcement efforts. Kevin emphasizes the criticality of maintaining international alliances and intelligence-sharing, especially amidst controversial DOJ staffing and enforcement decisions. They also touch on the potential ramifications for U.S. companies engaged in foreign trade and anti-corruption enforcement. Don’t miss Kevin’s expert insights on the delicate balance of national security and legal frameworks in uncertain times.

Key highlights:

  • Kevin’s New Professional Chapter
  • National Security Concerns
  • Law Enforcement Priorities
  • International Relations and Security
  • Corporate Legal Risks Abroad
  • USAID and Export Control

Resources:

Kevin Carroll on LinkedIn

Fluet

Kevin Carroll on Fluet Law

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – CCM is Essential for 2025 Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review Continuous Controls Monitoring (CCM), a requirement for the 2025 risk management professional.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Caremark as a Strategic Framework: Compliance Strategy for Business Executives

In a surprise to no one who has been watching, a group of institutional investors has filed suit against Boeing for another set of Caremark violations. I wrote about this eventuality back last summer around the court case the (then) Department of Justice (DOJ) brought against Boeing for violating its DPA around the 737Max crashes. I was therefore intrigued to see a new article looking at the Caremark Doctrine, entitled Caremark’s Fractured State by Itai Fiegenbaum.

The Caremark Doctrine has long been the bedrock of board-level oversight in corporate compliance, yet its application remains a subject of intense debate. Originally framed as a duty of care, Caremark obligations have since developed into a duty of loyalty, placing an increased burden on directors to monitor corporate compliance proactively. Through the 2018 ruling in Marchand v. Barnhill, the Delaware courts have reinforced that directors can be liable for failures in “mission-critical” areas. However, as this Fiegenbaum explores, the Caremark standard is far from universally applied across U.S. jurisdictions, leaving compliance officers and business executives with an uneven playing field.

Understanding the Caremark framework and its implications for corporate oversight is critical for compliance professionals. This article unpacked the evolution of Caremark, its inconsistent application outside Delaware, and how compliance strategies must adapt to varying levels of director accountability.

I. The Strategic Compliance Takeaways from Caremark’s Evolution

1. Compliance as a Board-Level Obligation

At its core, Caremark establishes that directors must ensure robust compliance systems are in place and actively monitored. This proactive duty means that corporate compliance is not just a legal safeguard but a strategic necessity. Boards that fail to implement adequate monitoring systems—or ignore known compliance risks—face potential liability. In today’s regulatory climate, companies cannot afford a passive approach to compliance oversight.

2. The Expanding Definition of Oversight Risk

Delaware courts have broadened their view of what constitutes a director’s duty under Caremark. The March decision, for example, held that directors overseeing “mission-critical” aspects of a business (such as food safety for an ice cream manufacturer) are presumed to have higher oversight obligations. This shift suggests that compliance programs must be tailored to each company’s core risks. Compliance officers should prioritize risk assessments that align with the company’s industry and regulatory landscape, ensuring that high-risk areas receive enhanced scrutiny.

3. Lessons from the Jurisdictional Divide

While Delaware leads in developing oversight liability, nearly half of U.S. jurisdictions provide directors with broader legal protection, making Caremark-based claims difficult to sustain. In many states, exculpation provisions shield directors from oversight liability unless they act intentionally. This discrepancy underscores the need for compliance teams to be well-versed in jurisdiction-specific director liability standards. Companies incorporated outside of Delaware should not assume they are insulated from oversight risk—regulators and investors are increasingly scrutinizing board-level compliance failures, regardless of legal precedent.

II. Strengthening Compliance Programs in Light of Caremark

1. Building a Proactive Compliance Framework.

Given the heightened expectations of board oversight, companies must establish rigorous compliance frameworks that extend beyond minimum regulatory requirements. A robust compliance strategy should include:

Board-Level Training. Directors must be educated on their Caremark duties and understand their personal liability risks. Compliance officers should facilitate ongoing training on emerging regulatory risks and enforcement trends.

Risk-Based Monitoring. Compliance should not be a one-size-fits-all approach. Companies must identify mission-critical areas and allocate resources accordingly.

Whistleblower and Incident Reporting Systems. Companies must ensure that directors receive timely, credible information on compliance failures. This means strengthening internal reporting mechanisms and providing whistleblower protections are in place.

2. Data-Driven Compliance Monitoring.

The Caremark Doctrine has also emphasized the importance of data-driven oversight. Boards cannot exercise proper oversight without access to meaningful compliance data. Companies must:

  • Leverage analytics to detect anomalies in high-risk areas, such as supply chain transactions, financial reporting, and regulatory disclosures.
  • Implement dashboards that provide directors with real-time compliance insights.
  • Internal audits should be conducted to assess compliance program effectiveness and identify gaps before they escalate into enforcement actions.

III. The Compliance-Board Partnership: Closing the Oversight Gap 

1. Integrating Compliance into Corporate Strategy

One of the most significant lessons from Caremark is that compliance must be embedded into overall business strategy. Boards and executives should move beyond viewing compliance as a reactive function and instead treat it as a key driver of business sustainability. Compliance teams should work closely with legal and operational leadership to ensure that:

  • Compliance is integrated into strategic decision-making, particularly in areas with heightened regulatory risk.
  • Board members actively engage in compliance discussions rather than relying solely on quarterly reports.
  • Directors have direct access to compliance officers and internal audit teams to stay informed about emerging risks.

IV. Mitigating Personal and Corporate Risk

For boards, compliance failures are not just a corporate risk but a personal liability risk. Directors and executives should take steps to protect both the company and themselves by:

  • Ensuring robust documentation of compliance efforts. Regulators and courts expect clear evidence of proactive compliance oversight.
  • Regularly reviewing and updating governance policies. Compliance obligations evolve with regulatory shifts, and boards must stay ahead of these changes.
  • Engaging external compliance experts when necessary. Outside counsel or compliance specialists can provide critical insights, particularly in highly regulated industries.

V. The Future of Caremark: Compliance in an Evolving Legal Landscape 

The Caremark standard will continue to evolve as courts and regulators refine expectations for board oversight. Companies should prepare for:

Stronger enforcement actions against directors for compliance failures in mission-critical areas. This trend is relevant to the healthcare, finance, and technology industries, where regulatory expectations are intensifying.

More aggressive shareholder litigation. Investors increasingly use Caremark claims to hold directors accountable for compliance missteps, particularly in ESG-related areas.

Greater emphasis on cybersecurity and data governance. As regulators focus on data privacy and cybersecurity breaches, boards must ensure they are actively monitoring these risks.

VI. Turning Compliance into a Strategic Asset

For business executives, Caremark should not be viewed solely as a legal doctrine but as a strategic framework for strengthening corporate oversight and resilience. Companies that proactively embrace compliance as a board-level priority will reduce regulatory risk and enhance investor confidence, corporate reputation, and long-term business sustainability.

The key takeaway? Compliance is no longer optional. It is a fundamental component of responsible corporate governance, and boards that fail to adapt face increasing legal, financial, and reputational consequences. Compliance professionals must take the lead in bridging the oversight gap, ensuring that directors are equipped to meet their evolving fiduciary responsibilities in a complex regulatory landscape.

Categories
Blog

The Critical Role of Internal Audit in Export Controls Compliance

Export control compliance is a high-stakes area that many companies overlook until it is too late. With regulatory frameworks such as the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC) sanctions programs, businesses must be vigilant. Internal audits have a key role in ensuring compliance and mitigating the significant risks of violations, ranging from hefty fines and reputational damage to potential debarment from government contracts.

Understanding Export Controls Compliance

Export controls govern the export, re-export, and transfer of goods, technology, and services across borders. They aim to protect national security, enforce foreign policy objectives, and prevent sensitive materials from reaching unauthorized parties.

Key U.S. Export Control Regulations

Several major regulatory frameworks govern export controls in the U.S.:

  • Export Administration Regulations (EAR) – Overseen by the Bureau of Industry and Security (BIS), the EAR covers dual-use goods items with both civilian and military applications.
  • International Traffic in Arms Regulations (ITAR) – Managed by the State Department, ITAR regulates defense-related exports.
  • Office of Foreign Assets Control (OFAC) – OFAC administers sanctions programs that restrict trade with specific countries, entities, and individuals.

Violating these regulations can cause severe legal, financial, and reputational consequences, including multi-billion-dollar penalties and exclusion from government contracting.

The Risks of Noncompliance

Export control noncompliance carries significant risks:

  • Legal and Financial Risks – Companies can face substantial fines, criminal charges, and debarment from government contracts. For some organizations, debarment can be a financial death sentence.
  • Reputational Risk – Failing to comply can lead to reputational damage, including negative press, loss of customer trust, and shareholder worries.
  • Operational Disruptions – Supply chain disruptions and market access restrictions can cripple a business, especially in industries such as aerospace, defense, and technology.
  • National Security Risks – The inadvertent transfer of technology with military applications to unauthorized parties can have serious geopolitical ramifications.
  • Cybersecurity Threats – Controlled data can be exploited to compromise national security if exposed to foreign adversaries.

Internal Audit’s Role in Export Controls Compliance

Given these risks, internal audits must proactively ensure robust compliance frameworks are in place. This includes:

1. Evaluating Compliance Frameworks

A strong compliance framework begins with clearly defined policies and procedures that align with export control regulations. Internal audits should assess whether these guidelines are well-documented, communicated, and consistently enforced across the organization. A key component of compliance is designated ownership, and organizations must assign clear responsibilities for managing export controls and ensuring accountability at every level. Without clear ownership, compliance efforts can become fragmented and ineffective. Additionally, internal audits should evaluate the effectiveness of training programs designed for employees who handle controlled items and data. Training should be comprehensive, regularly updated, and tailored to different roles within the company. Employees must understand their responsibilities, potential red flags, and the legal implications of noncompliance. An ongoing training program strengthens the organization’s culture of compliance and minimizes the risk of accidental violations.

2. Conducting Risk Assessments and Monitoring

Internal audit plays a critical role in identifying and mitigating risks associated with export controls. Auditors should conduct risk assessments to pinpoint high-risk transactions, products, and business units susceptible to violations. These assessments help organizations allocate resources effectively and focus on areas of greatest concern. Compliance gaps can expose organizations to significant risks, making it essential for auditors to assess whether existing controls are sufficient or improvements are needed. In addition, internal audits should monitor red flags that may show potential compliance breaches. Common red flags include shipments to embargoed countries, unusual customer requests related to product specifications or destinations, and sudden changes in routing or documentation. Proactive monitoring allows organizations to detect and address potential violations before they escalate into larger compliance issues.

3. Auditing and Testing Export Controls

Regular audits and testing of export controls are necessary to ensure regulatory compliance. Transaction testing is a fundamental internal audit practice verifying whether export licensing and classification rules are correctly followed. This process helps identify inconsistencies or errors that could lead to compliance failures. Another essential tool is data analytics, which can uncover anomalies in export transactions. Analyzing patterns, trends, and deviations allows auditors to flag suspicious activity and investigate further. However, data analytics is only effective if the organization understands the key risk indicators and integrates them into monitoring systems. Third-party due diligence is crucial in assessing compliance risks within supplier and distributor relationships. Auditors should evaluate whether third-party partners adhere to export regulations and implement adequate controls to prevent illicit activities. Failure to conduct due diligence can expose companies to liability for the actions of their business partners.

4. Strengthening Incident Response and Investigations

A strong incident response mechanism is a cornerstone of an effective export controls compliance program. Internal audits should evaluate whether the company has robust reporting mechanisms encouraging employees to report potential violations. A well-structured reporting system, such as an anonymous hotline, can help organizations detect issues early and address them promptly. Investigations must be handled efficiently, with a structured approach for triaging allegations and determining their severity. Internal audits should assess whether the organization follows best practices in conducting investigations and whether findings are documented appropriately. Corrective actions are another critical component—compliance gaps identified during investigations must be addressed promptly to prevent recurrence. Internal audits should ensure that corrective actions are implemented effectively and lead to lasting improvements in compliance practices.

5. Collaborating with Legal, Compliance, and Supply Chain Teams

Export compliance is a cross-functional responsibility, requiring collaboration between internal audit, legal, compliance, and supply chain teams. Internal audit should work closely with these departments to develop an integrated approach to managing export risks. Strong partnerships improve transparency and facilitate open communication, essential for identifying and addressing compliance challenges. Legal and compliance teams provide expertise on regulatory requirements, while supply chain teams play a crucial role in tracking the movement of controlled goods. Internal audits should ensure that all stakeholders are aligned in their efforts and that compliance initiatives are well-coordinated. Internal audits can enhance monitoring mechanisms by ensuring that information-sharing processes are efficient and potential compliance risks are escalated appropriately. A collaborative approach strengthens the organization’s overall compliance posture and minimizes regulatory exposure.

Red Flags That Demand Further Scrutiny

Export control violations often result from either negligence or intentional circumvention of regulations. Key warning signs include last-minute changes to product specifications, especially if such modifications appear designed to bypass regulatory restrictions. Altered shipment destinations should also raise concerns, particularly those involving high-risk or embargoed countries. Requests to route shipments through third countries may signal attempts to evade sanctions, while unusual payment methods or routing through non-traditional banks can indicate illicit activities. These red flags necessitate heightened due diligence and should be promptly escalated for further investigation. A proactive compliance approach that integrates continuous monitoring, effective auditing, and cross-department collaboration is essential in mitigating these risks and ensuring adherence to export control regulations.

Export control compliance is not just a regulatory obligation but a fundamental aspect of risk management and corporate integrity. Organizations that prioritize compliance through robust frameworks, continuous risk assessments, and proactive internal audit functions can avoid costly penalties and reputational damage. By fostering collaboration across departments and maintaining vigilance against red flags, companies can strengthen their compliance posture and build trust with regulators, partners, and customers. A proactive and integrated approach to export control compliance ensures business continuity and long-term success in an increasingly complex global trade environment.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using GenAI to Make Small Transformations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review how to begin using AI to make small transformations and build up to larger ones.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Right is Right/Wrong is Wrong: Trump, The FCPA and Effective Compliance

In a surprise to no one, President Trump said he was suspending Foreign Corrupt Practices Act (FCPA) enforcement. Why is it no surprise? Because the FCPA commits illegal bribery and corruption against foreign officials and employees of state-owned enterprises outside the US. Trump wants to make such business tactics legal for US companies, as he thinks US companies cannot compete with other international actors without engaging in such illegal conduct. But the reality is that Mark Twain was correct; ‘right is right and wrong is wrong,’ and Trump’s pronouncement of non-enforcement did not make bribery and corruption of foreign officials and employees of state-owned enterprises outside the US legal. This announcement also puts more US companies at risk for shakedowns by corrupt foreign officials.

For the compliance professional, this suspension of FCPA enforcement will make having an effective corporate compliance program even more important for the upcoming 3+ years of Trump’s final term. I want to break down the reasons for continued effective compliance into legal and business.

Criminal Reasons

A. 5-Year Statute

The FCPA is still the law of the US. Any company or person who now engages in bribery and corruption of foreign officials and employees of state-owned enterprises outside the US will violate the FCPA. There is a five-year statute of limitation on FCPA enforcement, so even if your organization decided to start bribing today, there would be a five-year window of potential liability. Moreover, it is five years from the discovery of the illegal conduct, so unless your organization affirmatively states via its books and records that it has engaged in illegal activities and violated the FCPA, there will be an even longer tail for investigation and prosecution.

B. SEC and Books and Records

Remember, the FCPA has two basic provisions. One, thou shalt not bribe foreign officials and employees of state-owned enterprises outside the US. Second, thou shalt have accurate books and records. The Securities and Exchange Commission (SEC) enforces this second component of the FCPA. It has two parts: (a) financial books and records that accurately reflect the financial condition of the organization and (b) effective internal controls that prevent bribery and corruption. Is the SEC now going to turn its back by allowing companies that engage in illegal actions to puff up their profits to defraud the American public?

C. Individual Prosecutions Outside the US

The stakes are even higher for the individual corporate employee doing business outside the US. NO country in the world says that bribing our government officials is legal. That makes any such bribe illegal. This is not about an extra-territorial law such as the FCPA, where China or Nigeria would come to the US and arrest a US citizen for actions in China or Nigeria. Instead, it is about China or Nigeria enforcing their domestic laws. Remember the GlaxoSmithKline PLC (GSK) bribery conviction in China in 2014. A Chinese court fined the company nearly $500 million dollars. Equally significant was the criminal conviction of the Country Manager and several of his direct reports. With the Trump Administration aiming more tariffs and other trade sanctions at China, does anyone not think the Chinese government may well open investigations, warranted or not, at US corporations doing business in China and US individuals working in China? (For a full discussion of the entire sordid affair of GSK in China, read my book on it, available on Amazon.com)

What about detaining US businesspersons on more trumped-up charges? Just look at what purported US ally Nigeria did to Binance compliance officer Tigran Gambaryan in 2024. According to the New York Times (NYT), the “Nigerian government charged Mr. Gambaryan and Binance itself with tax evasion and money laundering — effectively accusing the company and a midlevel employee of the same crimes.” He was held in custody for eight months in a Nigerian prison in Abuja. Both the GSK matter and Gambaryan’s case point to the real risks that US businesspersons may now well face if they engage in bribery and corruption outside the US. Wherever you want to be, a prison in China or Nigeria is not one of those places.

Business Reasons

A. The Bribery Tax

Paying bribes is a cost. Once you pay a bribe, corrupt officials have you in their collective back pockets. Multiple FCPA enforcement actions over the years have demonstrated that corruption officials are never shy about demanding more illegal payments during the life of a business relationship. Does an organization think a one-time bribe payment will secure your contract? Once corrupt government officials eat at the trough of a corrupt company, they always come back for more. Churchill said, ‘One, we have established your morals; now it’s just a question of the amount.’

Bribery can be a one-time payment or much more ongoing. Bribes are a percentage of the overall contract value and can go up or down. Who is going to keep those records, and how does an organization engage in such negotiations? It sounds like trying to negotiate with organized crime. The bottom line is that bribes are a tax that any organization subjects itself to when it engages in corruption.

B. Negative Impact on Revenue

Not only does paying bribes put an individual and organizations at criminal risk, but it can also be more costly and a less effective business strategy in the long run. A CFO.com article reported that George Serafeim and Paul Healy of Harvard Business School released a paper in the American Accounting Association journal The Accounting Review that the business impact of paying bribes “overall effect on a company’s finances is nil—a poor result, given that the practice could trigger damaging media. Yet bribes are costly. The low returns on equity on incremental sales in high-corruption markets for firms [that commit bribery] imply that the costs are not fully recovered through higher prices on corrupt contracts or through scale economies from increased sales.”

Statistically, the authors reviewed some “480 large multinational companies from 32 countries; those with strong anticorruption programs had average sales growth over three years of 2.6% in high-bribery countries or regions, far below the 14.1% achieved by anticorruption laggards. Yet, that didn’t translate to a greater gain in return on equity for the latter group compared with the former. “On average, the sales growth and ROE effects are offsetting.”

C. Department of Bribery and Corruption

Now, think about the business impact of how bribes might be paid. Will your organization go full Siemens or Odebrecht and create an entire department dedicated to bribery and corruption? Will your organization change its Code of Conduct to say that now that the Trump Administration has suspended FCPA enforcement, your company will engage in illegal acts? Are you going to try to hide your newfound business strategy? If so, what is the cost of announcing that your organization believes in unlawful acts to gain business? What business executive will lead this organization and put their head on the chopping block for directing illegal activity?

Your organization would be skewered in the court of public opinion. Just as consumers have no interest in purchasing clothing or other products created by slaves or forced labor, they would have zero interest in companies that pay bribes to garner business. Such actions could also lead to more civil actions for anti-competitive behavior brought by private parties.

But here, the greater risk is internal for companies. After 20 years of training on not paying bribes, how to spot a bribe, and who not to do business with, the Trump Administration expects US companies to change course. What will this do to a culture of doing business ethically and in compliance? If corporate execs set up a Department of Bribery and Corruption or try to hide it, what message does that send to employees? It sends the message that engaging in bribery, corruption, and fraud is acceptable in our organization.

This fraud component may be the most important business reason for robust compliance. Every ACFE Report to the Nations makes clear that corruption is a subset of fraud. Any company that supports bribery and corruption will be more susceptible to employees engaging in fraud. After all, if a company is willing to violate the law to make money, why shouldn’t employees do so as well?

III. Compliance is the Key

I have set out all of these scenarios to explain why compliance will become even more important during this second Trump administration. If doing ethics is doing the right thing when no one is looking, then compliance should be seen as the business process that follows up to ensure it is all happening. Going forward, the need for effective compliance will only increase, and the pressure on compliance professionals will intensify. An effective compliance program will make your business run more efficiently and more profitably. It will protect your organization from various woes brought on by the current administration.