Now that I have your attention with this clickbait title, I want to explore today what the Venezuelan imbroglio may mean for compliance professionals and energy companies who are looking at either entering the Venezuelan market or, in many cases, re-entering it after the not invasion (since it was not a military action authorized by Congress); not a police action (that the Korean War takes the moniker); but the capture of President Maduro and his wife to purloin Venezuela’s oil. As noted by New York Times (NYT) columnist Thomas Friedman today, “It is now clear that Trump’s priority in capturing President Nicolás Maduro of Venezuela was not to make that country safe for the restoration of democracy but to make it safe for the restoration of American oil companies’ dominance over Venezuelan oil extraction.”
But there are multiple obstacles to the US getting to and removing Venezuelan oil. As the Wall Street Journal (WSJ) noted, “But getting foreign companies to flock back to Venezuela will be a massive challenge. Chevron is the only major U.S. oil company and the country’s largest foreign investor. Other oil executives will be forced to gauge the stability on the ground in a country where the industry has fallen into disarray after more than two decades of mismanagement and corruption.” Economically, it may make little to no sense.
Corruption and PDVSA
But from the compliance perspective, there is the issue of corruption. As I wrote back in 2017, “Of all the stench from corruption, not much is more odious than that from the Venezuelan state oil company Petróleos de Venezuela SA (PDVSA). Whether it is shaking down contractors for Rolex watches to schedule a meeting, requiring a bribe to get payments on outstanding invoices, or simply good old-fashioned cash to get on a bid list, PDVSA is perceived to be one of the most institutionally corrupt energy companies around.”
How President Trump plans to get the Venezuelan oil out of the country is not known at this point. But unless he orders US energy companies to put boots on the ground to rebuild PdVSA’s decrepit infrastructure, those same companies will have to deal with the same corrupt PdVSA officials.
In the context of Venezuela’s reopening to Western energy investment, President Trump’s decision to pause enforcement of the Foreign Corrupt Practices Act (FCPA) reflected a broader strategic pivot toward what his administration calls economic competitiveness and national security. His Executive Order issued in early 2025 directed the Department of Justice (DOJ) to halt new FCPA investigations for at least 180 days while it reviewed enforcement priorities on the premise that strict anti-bribery enforcement, as it has traditionally been applied, “impedes U.S. foreign policy objectives” and disadvantages American companies relative to global competitors. The policy rationale was that, in markets perceived as corrupt or opaque, rigorous FCPA enforcement has historically dissuaded US firms from competing effectively, particularly against foreign rivals who do not face the same legal constraints. This argument, which resonated with a strand of populist economic nationalism, frames FCPA enforcement as a barrier to energy companies securing strategic resources, such as Venezuelan oil, rather than as a purely ethical safeguard.
From a compliance professional’s lens, this recalibration had two implications. On one hand, it might reduce the immediacy of DOJ scrutiny for conduct in jurisdictions like Venezuela, where corruption risk is endemic. On the other hand, the suspension does not abolish the law; FCPA remains on the books, and enforcement priorities can flip with the political winds or through congressional action. Moreover, the suspension could embolden local partners or intermediaries to push for irregular payments under the assumption that US enforcement is weak, creating significant red-flag risks for energy companies seeking to operationalize robust controls aligned with the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) standards. Even under a relaxed enforcement regime, a strong compliance program grounded in the ECCP’s emphasis on risk-based design, continuous monitoring, and senior-management accountability remains a critical commercial and legal hedge.
Compliance Going Forward
One of the most important takeaways for compliance professionals confronting Venezuela is the necessary shift from reflexive risk avoidance to disciplined risk management. Mike DeBernardis told me that the modern compliance mandate “is no longer to say ‘no’ when risk is high; it is to say ‘yes, if’ the risk can be identified, structured, and controlled.” This is not a philosophical shift. It is explicitly embedded in the ECCP, which does not reward companies for avoiding difficult markets but instead evaluates how effectively they manage risk in precisely those environments.
In the Venezuelan energy context, this means compliance must be deeply embedded in the business strategy from the outset. Compliance professionals must fully understand the proposed energy project, including its commercial objectives, operational footprint, and timelines. They must map every anticipated interaction with the Venezuelan state, particularly with state-owned enterprises, regulators, customs authorities, and security services.
From there, compliance professionals must identify where corruption pressure is most likely to arise, not in theory but in practice, based on how the business will actually operate. Only then can bespoke controls be designed to address those specific risks. The ECCP repeatedly emphasizes that effective compliance programs are well-designed, adequately resourced, and genuinely empowered. This is where compliance earns its seat at the strategy table. If compliance is engaged only after contracts are signed and capital committed, its ability to influence outcomes is sharply diminished, and the program is far more likely to fail under real-world pressure.
If initial program design is the foundation, continuous monitoring is the load-bearing structure. Energy operations in Venezuela will not tolerate static compliance approaches built around annual certifications or periodic check-the-box reviews. The ECCP explicitly asks whether companies test the effectiveness of their controls and whether they respond promptly and meaningfully to issues as they arise. In a high-risk jurisdiction like Venezuela, corruption risk will evolve rapidly as political conditions, counterparties, and regulatory expectations shift. Compliance programs must therefore be dynamic.
This requires live monitoring of payments, invoices, and reimbursements, particularly those involving third parties and state-linked entities. It requires regular compliance check-ins with project teams operating on the ground and under real-time pressure. It also requires targeted audits that focus narrowly on high-risk transactions rather than broad, generic reviews that miss the point. When red flags appear, swift remediation is essential, including the authority to pause transactions or relationships when necessary. Friction with the business is inevitable in this environment. Under the ECCP, however, that friction is not evidence of failure. It is evidence of independence, effectiveness, and seriousness of purpose.
For energy companies, Venezuela may well be worth the risk. The size of the opportunity, particularly in hydrocarbons, may make disengagement an increasingly unrealistic option. For compliance professionals, however, the mandate is clear and unforgiving. Programs must be designed with the assumption that pressure will occur, that shortcuts will be suggested, and that local counterparts may view compliance as negotiable.
Effective programs anticipate misconduct rather than react to it, and they are built to withstand scrutiny not only from local stakeholders but also from US enforcement authorities looking back months or years later. This requires compliance professionals to think and act as strategic risk managers, not policy custodians. They must insist on visibility into business decisions, demand resources commensurate with risk, and maintain the authority to intervene when necessary.
In the Venezuelan context, success will not be defined by the absence of issues but by how quickly and credibly the organization detects and addresses them. That approach is not merely about satisfying regulatory expectations. It is about protecting the company’s people, assets, and reputation in one of the most challenging operating environments in the world. That is not just compliance. That is strategic risk management at its purest and most demanding.
