Tag: compliance

Categories
Adventures in Compliance

Adventures in Compliance – Institutional Justice and Institutional Fairness Lessons from The Adventure of the Veiled Lodger

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case-Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider the story The Adventure of the Veiled Lodger.

Tom emphasizes the importance of fairness and transparency in compliance investigations, accountability without retaliation, encouraging whistleblowers, and addressing systemic failures. The episode also highlights how ethics and compliance must be ingrained in corporate culture, reflecting principles from the Department of Justice’s 2020 and 2024 updates to the Evaluation of Corporate Compliance Programs. Through Holmes’ empathetic approach, compliance professionals can learn the importance of contextual investigations and the pursuit of institutional justice. Tom invites Sherlock Holmes enthusiasts to engage in discussions about the stories and underscores the role of compliance in fostering a fair and ethical workplace.

Highlights include:

  • The Story of the Veiled Lodger
  • Lessons on Institutional Justice and Fairness
  • Lessons for CCOs

Resources:

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

 Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – National Security and Legal Perspectives with Kevin Carroll

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Kevin Carroll, now a partner at Fluet, to discuss national security issues to date under the Trump Administration.

Kevin Carroll discusses his move to Fluet Law, a national security law firm. He delves into the ongoing chaos in national security, ranging from employees’ concerns over legal processes at the Agency for International Development and the FBI to the unprecedented moves of the Trump administration in reprioritizing enforcement efforts. Kevin emphasizes the criticality of maintaining international alliances and intelligence-sharing, especially amidst controversial DOJ staffing and enforcement decisions. They also touch on the potential ramifications for U.S. companies engaged in foreign trade and anti-corruption enforcement. Don’t miss Kevin’s expert insights on the delicate balance of national security and legal frameworks in uncertain times.

Key highlights:

  • Kevin’s New Professional Chapter
  • National Security Concerns
  • Law Enforcement Priorities
  • International Relations and Security
  • Corporate Legal Risks Abroad
  • USAID and Export Control

Resources:

Kevin Carroll on LinkedIn

Fluet

Kevin Carroll on Fluet Law

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – CCM is Essential for 2025 Risk Management

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review Continuous Controls Monitoring (CCM), a requirement for the 2025 risk management professional.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Caremark as a Strategic Framework: Compliance Strategy for Business Executives

In a surprise to no one who has been watching, a group of institutional investors has filed suit against Boeing for another set of Caremark violations. I wrote about this eventuality back last summer around the court case the (then) Department of Justice (DOJ) brought against Boeing for violating its DPA around the 737Max crashes. I was therefore intrigued to see a new article looking at the Caremark Doctrine, entitled Caremark’s Fractured State by Itai Fiegenbaum.

The Caremark Doctrine has long been the bedrock of board-level oversight in corporate compliance, yet its application remains a subject of intense debate. Originally framed as a duty of care, Caremark obligations have since developed into a duty of loyalty, placing an increased burden on directors to monitor corporate compliance proactively. Through the 2018 ruling in Marchand v. Barnhill, the Delaware courts have reinforced that directors can be liable for failures in “mission-critical” areas. However, as this Fiegenbaum explores, the Caremark standard is far from universally applied across U.S. jurisdictions, leaving compliance officers and business executives with an uneven playing field.

Understanding the Caremark framework and its implications for corporate oversight is critical for compliance professionals. This article unpacked the evolution of Caremark, its inconsistent application outside Delaware, and how compliance strategies must adapt to varying levels of director accountability.

I. The Strategic Compliance Takeaways from Caremark’s Evolution

1. Compliance as a Board-Level Obligation

At its core, Caremark establishes that directors must ensure robust compliance systems are in place and actively monitored. This proactive duty means that corporate compliance is not just a legal safeguard but a strategic necessity. Boards that fail to implement adequate monitoring systems—or ignore known compliance risks—face potential liability. In today’s regulatory climate, companies cannot afford a passive approach to compliance oversight.

2. The Expanding Definition of Oversight Risk

Delaware courts have broadened their view of what constitutes a director’s duty under Caremark. The March decision, for example, held that directors overseeing “mission-critical” aspects of a business (such as food safety for an ice cream manufacturer) are presumed to have higher oversight obligations. This shift suggests that compliance programs must be tailored to each company’s core risks. Compliance officers should prioritize risk assessments that align with the company’s industry and regulatory landscape, ensuring that high-risk areas receive enhanced scrutiny.

3. Lessons from the Jurisdictional Divide

While Delaware leads in developing oversight liability, nearly half of U.S. jurisdictions provide directors with broader legal protection, making Caremark-based claims difficult to sustain. In many states, exculpation provisions shield directors from oversight liability unless they act intentionally. This discrepancy underscores the need for compliance teams to be well-versed in jurisdiction-specific director liability standards. Companies incorporated outside of Delaware should not assume they are insulated from oversight risk—regulators and investors are increasingly scrutinizing board-level compliance failures, regardless of legal precedent.

II. Strengthening Compliance Programs in Light of Caremark

1. Building a Proactive Compliance Framework.

Given the heightened expectations of board oversight, companies must establish rigorous compliance frameworks that extend beyond minimum regulatory requirements. A robust compliance strategy should include:

Board-Level Training. Directors must be educated on their Caremark duties and understand their personal liability risks. Compliance officers should facilitate ongoing training on emerging regulatory risks and enforcement trends.

Risk-Based Monitoring. Compliance should not be a one-size-fits-all approach. Companies must identify mission-critical areas and allocate resources accordingly.

Whistleblower and Incident Reporting Systems. Companies must ensure that directors receive timely, credible information on compliance failures. This means strengthening internal reporting mechanisms and providing whistleblower protections are in place.

2. Data-Driven Compliance Monitoring.

The Caremark Doctrine has also emphasized the importance of data-driven oversight. Boards cannot exercise proper oversight without access to meaningful compliance data. Companies must:

  • Leverage analytics to detect anomalies in high-risk areas, such as supply chain transactions, financial reporting, and regulatory disclosures.
  • Implement dashboards that provide directors with real-time compliance insights.
  • Internal audits should be conducted to assess compliance program effectiveness and identify gaps before they escalate into enforcement actions.

III. The Compliance-Board Partnership: Closing the Oversight Gap 

1. Integrating Compliance into Corporate Strategy

One of the most significant lessons from Caremark is that compliance must be embedded into overall business strategy. Boards and executives should move beyond viewing compliance as a reactive function and instead treat it as a key driver of business sustainability. Compliance teams should work closely with legal and operational leadership to ensure that:

  • Compliance is integrated into strategic decision-making, particularly in areas with heightened regulatory risk.
  • Board members actively engage in compliance discussions rather than relying solely on quarterly reports.
  • Directors have direct access to compliance officers and internal audit teams to stay informed about emerging risks.

IV. Mitigating Personal and Corporate Risk

For boards, compliance failures are not just a corporate risk but a personal liability risk. Directors and executives should take steps to protect both the company and themselves by:

  • Ensuring robust documentation of compliance efforts. Regulators and courts expect clear evidence of proactive compliance oversight.
  • Regularly reviewing and updating governance policies. Compliance obligations evolve with regulatory shifts, and boards must stay ahead of these changes.
  • Engaging external compliance experts when necessary. Outside counsel or compliance specialists can provide critical insights, particularly in highly regulated industries.

V. The Future of Caremark: Compliance in an Evolving Legal Landscape 

The Caremark standard will continue to evolve as courts and regulators refine expectations for board oversight. Companies should prepare for:

Stronger enforcement actions against directors for compliance failures in mission-critical areas. This trend is relevant to the healthcare, finance, and technology industries, where regulatory expectations are intensifying.

More aggressive shareholder litigation. Investors increasingly use Caremark claims to hold directors accountable for compliance missteps, particularly in ESG-related areas.

Greater emphasis on cybersecurity and data governance. As regulators focus on data privacy and cybersecurity breaches, boards must ensure they are actively monitoring these risks.

VI. Turning Compliance into a Strategic Asset

For business executives, Caremark should not be viewed solely as a legal doctrine but as a strategic framework for strengthening corporate oversight and resilience. Companies that proactively embrace compliance as a board-level priority will reduce regulatory risk and enhance investor confidence, corporate reputation, and long-term business sustainability.

The key takeaway? Compliance is no longer optional. It is a fundamental component of responsible corporate governance, and boards that fail to adapt face increasing legal, financial, and reputational consequences. Compliance professionals must take the lead in bridging the oversight gap, ensuring that directors are equipped to meet their evolving fiduciary responsibilities in a complex regulatory landscape.

Categories
Blog

The Critical Role of Internal Audit in Export Controls Compliance

Export control compliance is a high-stakes area that many companies overlook until it is too late. With regulatory frameworks such as the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC) sanctions programs, businesses must be vigilant. Internal audits have a key role in ensuring compliance and mitigating the significant risks of violations, ranging from hefty fines and reputational damage to potential debarment from government contracts.

Understanding Export Controls Compliance

Export controls govern the export, re-export, and transfer of goods, technology, and services across borders. They aim to protect national security, enforce foreign policy objectives, and prevent sensitive materials from reaching unauthorized parties.

Key U.S. Export Control Regulations

Several major regulatory frameworks govern export controls in the U.S.:

  • Export Administration Regulations (EAR) – Overseen by the Bureau of Industry and Security (BIS), the EAR covers dual-use goods items with both civilian and military applications.
  • International Traffic in Arms Regulations (ITAR) – Managed by the State Department, ITAR regulates defense-related exports.
  • Office of Foreign Assets Control (OFAC) – OFAC administers sanctions programs that restrict trade with specific countries, entities, and individuals.

Violating these regulations can cause severe legal, financial, and reputational consequences, including multi-billion-dollar penalties and exclusion from government contracting.

The Risks of Noncompliance

Export control noncompliance carries significant risks:

  • Legal and Financial Risks – Companies can face substantial fines, criminal charges, and debarment from government contracts. For some organizations, debarment can be a financial death sentence.
  • Reputational Risk – Failing to comply can lead to reputational damage, including negative press, loss of customer trust, and shareholder worries.
  • Operational Disruptions – Supply chain disruptions and market access restrictions can cripple a business, especially in industries such as aerospace, defense, and technology.
  • National Security Risks – The inadvertent transfer of technology with military applications to unauthorized parties can have serious geopolitical ramifications.
  • Cybersecurity Threats – Controlled data can be exploited to compromise national security if exposed to foreign adversaries.

Internal Audit’s Role in Export Controls Compliance

Given these risks, internal audits must proactively ensure robust compliance frameworks are in place. This includes:

1. Evaluating Compliance Frameworks

A strong compliance framework begins with clearly defined policies and procedures that align with export control regulations. Internal audits should assess whether these guidelines are well-documented, communicated, and consistently enforced across the organization. A key component of compliance is designated ownership, and organizations must assign clear responsibilities for managing export controls and ensuring accountability at every level. Without clear ownership, compliance efforts can become fragmented and ineffective. Additionally, internal audits should evaluate the effectiveness of training programs designed for employees who handle controlled items and data. Training should be comprehensive, regularly updated, and tailored to different roles within the company. Employees must understand their responsibilities, potential red flags, and the legal implications of noncompliance. An ongoing training program strengthens the organization’s culture of compliance and minimizes the risk of accidental violations.

2. Conducting Risk Assessments and Monitoring

Internal audit plays a critical role in identifying and mitigating risks associated with export controls. Auditors should conduct risk assessments to pinpoint high-risk transactions, products, and business units susceptible to violations. These assessments help organizations allocate resources effectively and focus on areas of greatest concern. Compliance gaps can expose organizations to significant risks, making it essential for auditors to assess whether existing controls are sufficient or improvements are needed. In addition, internal audits should monitor red flags that may show potential compliance breaches. Common red flags include shipments to embargoed countries, unusual customer requests related to product specifications or destinations, and sudden changes in routing or documentation. Proactive monitoring allows organizations to detect and address potential violations before they escalate into larger compliance issues.

3. Auditing and Testing Export Controls

Regular audits and testing of export controls are necessary to ensure regulatory compliance. Transaction testing is a fundamental internal audit practice verifying whether export licensing and classification rules are correctly followed. This process helps identify inconsistencies or errors that could lead to compliance failures. Another essential tool is data analytics, which can uncover anomalies in export transactions. Analyzing patterns, trends, and deviations allows auditors to flag suspicious activity and investigate further. However, data analytics is only effective if the organization understands the key risk indicators and integrates them into monitoring systems. Third-party due diligence is crucial in assessing compliance risks within supplier and distributor relationships. Auditors should evaluate whether third-party partners adhere to export regulations and implement adequate controls to prevent illicit activities. Failure to conduct due diligence can expose companies to liability for the actions of their business partners.

4. Strengthening Incident Response and Investigations

A strong incident response mechanism is a cornerstone of an effective export controls compliance program. Internal audits should evaluate whether the company has robust reporting mechanisms encouraging employees to report potential violations. A well-structured reporting system, such as an anonymous hotline, can help organizations detect issues early and address them promptly. Investigations must be handled efficiently, with a structured approach for triaging allegations and determining their severity. Internal audits should assess whether the organization follows best practices in conducting investigations and whether findings are documented appropriately. Corrective actions are another critical component—compliance gaps identified during investigations must be addressed promptly to prevent recurrence. Internal audits should ensure that corrective actions are implemented effectively and lead to lasting improvements in compliance practices.

5. Collaborating with Legal, Compliance, and Supply Chain Teams

Export compliance is a cross-functional responsibility, requiring collaboration between internal audit, legal, compliance, and supply chain teams. Internal audit should work closely with these departments to develop an integrated approach to managing export risks. Strong partnerships improve transparency and facilitate open communication, essential for identifying and addressing compliance challenges. Legal and compliance teams provide expertise on regulatory requirements, while supply chain teams play a crucial role in tracking the movement of controlled goods. Internal audits should ensure that all stakeholders are aligned in their efforts and that compliance initiatives are well-coordinated. Internal audits can enhance monitoring mechanisms by ensuring that information-sharing processes are efficient and potential compliance risks are escalated appropriately. A collaborative approach strengthens the organization’s overall compliance posture and minimizes regulatory exposure.

Red Flags That Demand Further Scrutiny

Export control violations often result from either negligence or intentional circumvention of regulations. Key warning signs include last-minute changes to product specifications, especially if such modifications appear designed to bypass regulatory restrictions. Altered shipment destinations should also raise concerns, particularly those involving high-risk or embargoed countries. Requests to route shipments through third countries may signal attempts to evade sanctions, while unusual payment methods or routing through non-traditional banks can indicate illicit activities. These red flags necessitate heightened due diligence and should be promptly escalated for further investigation. A proactive compliance approach that integrates continuous monitoring, effective auditing, and cross-department collaboration is essential in mitigating these risks and ensuring adherence to export control regulations.

Export control compliance is not just a regulatory obligation but a fundamental aspect of risk management and corporate integrity. Organizations that prioritize compliance through robust frameworks, continuous risk assessments, and proactive internal audit functions can avoid costly penalties and reputational damage. By fostering collaboration across departments and maintaining vigilance against red flags, companies can strengthen their compliance posture and build trust with regulators, partners, and customers. A proactive and integrated approach to export control compliance ensures business continuity and long-term success in an increasingly complex global trade environment.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using GenAI to Make Small Transformations

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we review how to begin using AI to make small transformations and build up to larger ones.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Blog

Right is Right/Wrong is Wrong: Trump, The FCPA and Effective Compliance

In a surprise to no one, President Trump said he was suspending Foreign Corrupt Practices Act (FCPA) enforcement. Why is it no surprise? Because the FCPA commits illegal bribery and corruption against foreign officials and employees of state-owned enterprises outside the US. Trump wants to make such business tactics legal for US companies, as he thinks US companies cannot compete with other international actors without engaging in such illegal conduct. But the reality is that Mark Twain was correct; ‘right is right and wrong is wrong,’ and Trump’s pronouncement of non-enforcement did not make bribery and corruption of foreign officials and employees of state-owned enterprises outside the US legal. This announcement also puts more US companies at risk for shakedowns by corrupt foreign officials.

For the compliance professional, this suspension of FCPA enforcement will make having an effective corporate compliance program even more important for the upcoming 3+ years of Trump’s final term. I want to break down the reasons for continued effective compliance into legal and business.

Criminal Reasons

A. 5-Year Statute

The FCPA is still the law of the US. Any company or person who now engages in bribery and corruption of foreign officials and employees of state-owned enterprises outside the US will violate the FCPA. There is a five-year statute of limitation on FCPA enforcement, so even if your organization decided to start bribing today, there would be a five-year window of potential liability. Moreover, it is five years from the discovery of the illegal conduct, so unless your organization affirmatively states via its books and records that it has engaged in illegal activities and violated the FCPA, there will be an even longer tail for investigation and prosecution.

B. SEC and Books and Records

Remember, the FCPA has two basic provisions. One, thou shalt not bribe foreign officials and employees of state-owned enterprises outside the US. Second, thou shalt have accurate books and records. The Securities and Exchange Commission (SEC) enforces this second component of the FCPA. It has two parts: (a) financial books and records that accurately reflect the financial condition of the organization and (b) effective internal controls that prevent bribery and corruption. Is the SEC now going to turn its back by allowing companies that engage in illegal actions to puff up their profits to defraud the American public?

C. Individual Prosecutions Outside the US

The stakes are even higher for the individual corporate employee doing business outside the US. NO country in the world says that bribing our government officials is legal. That makes any such bribe illegal. This is not about an extra-territorial law such as the FCPA, where China or Nigeria would come to the US and arrest a US citizen for actions in China or Nigeria. Instead, it is about China or Nigeria enforcing their domestic laws. Remember the GlaxoSmithKline PLC (GSK) bribery conviction in China in 2014. A Chinese court fined the company nearly $500 million dollars. Equally significant was the criminal conviction of the Country Manager and several of his direct reports. With the Trump Administration aiming more tariffs and other trade sanctions at China, does anyone not think the Chinese government may well open investigations, warranted or not, at US corporations doing business in China and US individuals working in China? (For a full discussion of the entire sordid affair of GSK in China, read my book on it, available on Amazon.com)

What about detaining US businesspersons on more trumped-up charges? Just look at what purported US ally Nigeria did to Binance compliance officer Tigran Gambaryan in 2024. According to the New York Times (NYT), the “Nigerian government charged Mr. Gambaryan and Binance itself with tax evasion and money laundering — effectively accusing the company and a midlevel employee of the same crimes.” He was held in custody for eight months in a Nigerian prison in Abuja. Both the GSK matter and Gambaryan’s case point to the real risks that US businesspersons may now well face if they engage in bribery and corruption outside the US. Wherever you want to be, a prison in China or Nigeria is not one of those places.

Business Reasons

A. The Bribery Tax

Paying bribes is a cost. Once you pay a bribe, corrupt officials have you in their collective back pockets. Multiple FCPA enforcement actions over the years have demonstrated that corruption officials are never shy about demanding more illegal payments during the life of a business relationship. Does an organization think a one-time bribe payment will secure your contract? Once corrupt government officials eat at the trough of a corrupt company, they always come back for more. Churchill said, ‘One, we have established your morals; now it’s just a question of the amount.’

Bribery can be a one-time payment or much more ongoing. Bribes are a percentage of the overall contract value and can go up or down. Who is going to keep those records, and how does an organization engage in such negotiations? It sounds like trying to negotiate with organized crime. The bottom line is that bribes are a tax that any organization subjects itself to when it engages in corruption.

B. Negative Impact on Revenue

Not only does paying bribes put an individual and organizations at criminal risk, but it can also be more costly and a less effective business strategy in the long run. A CFO.com article reported that George Serafeim and Paul Healy of Harvard Business School released a paper in the American Accounting Association journal The Accounting Review that the business impact of paying bribes “overall effect on a company’s finances is nil—a poor result, given that the practice could trigger damaging media. Yet bribes are costly. The low returns on equity on incremental sales in high-corruption markets for firms [that commit bribery] imply that the costs are not fully recovered through higher prices on corrupt contracts or through scale economies from increased sales.”

Statistically, the authors reviewed some “480 large multinational companies from 32 countries; those with strong anticorruption programs had average sales growth over three years of 2.6% in high-bribery countries or regions, far below the 14.1% achieved by anticorruption laggards. Yet, that didn’t translate to a greater gain in return on equity for the latter group compared with the former. “On average, the sales growth and ROE effects are offsetting.”

C. Department of Bribery and Corruption

Now, think about the business impact of how bribes might be paid. Will your organization go full Siemens or Odebrecht and create an entire department dedicated to bribery and corruption? Will your organization change its Code of Conduct to say that now that the Trump Administration has suspended FCPA enforcement, your company will engage in illegal acts? Are you going to try to hide your newfound business strategy? If so, what is the cost of announcing that your organization believes in unlawful acts to gain business? What business executive will lead this organization and put their head on the chopping block for directing illegal activity?

Your organization would be skewered in the court of public opinion. Just as consumers have no interest in purchasing clothing or other products created by slaves or forced labor, they would have zero interest in companies that pay bribes to garner business. Such actions could also lead to more civil actions for anti-competitive behavior brought by private parties.

But here, the greater risk is internal for companies. After 20 years of training on not paying bribes, how to spot a bribe, and who not to do business with, the Trump Administration expects US companies to change course. What will this do to a culture of doing business ethically and in compliance? If corporate execs set up a Department of Bribery and Corruption or try to hide it, what message does that send to employees? It sends the message that engaging in bribery, corruption, and fraud is acceptable in our organization.

This fraud component may be the most important business reason for robust compliance. Every ACFE Report to the Nations makes clear that corruption is a subset of fraud. Any company that supports bribery and corruption will be more susceptible to employees engaging in fraud. After all, if a company is willing to violate the law to make money, why shouldn’t employees do so as well?

III. Compliance is the Key

I have set out all of these scenarios to explain why compliance will become even more important during this second Trump administration. If doing ethics is doing the right thing when no one is looking, then compliance should be seen as the business process that follows up to ensure it is all happening. Going forward, the need for effective compliance will only increase, and the pressure on compliance professionals will intensify. An effective compliance program will make your business run more efficiently and more profitably. It will protect your organization from various woes brought on by the current administration.

Categories
Great Women in Compliance

Humans at the Center of Strategy with Patrícia Godoy Oliveira

In this week’s episode, Hemma sits down with Patrícia Godoy Oliveira to explore her remarkable journey in compliance, which has spanned leadership roles at Google and Uber to her current position as LatAm Compliance Officer at Gallagher.

Join us as Patricia shares how she keeps people at the heart of her compliance strategies, leveraging behavioral science and Trust and Inspire leadership to empower business partners. With practical insights, book recommendations, and a deep passion for ethics and compliance, Patricia offers a refreshing perspective on leading with purpose in this engaging and thought-provoking conversation.

Highlights include:

  • Navigating personal and professional transitions and reflecting on purpose
  • How to build trust with your regional business teams in a global company
  • Practical tips on incorporating behavioral science into your compliance program
  • Fabulous reading recommendations for thought leadership and continuous learning in compliance

Biography

“Patricia is the LatAm Compliance Officer for Gallagher. Her career encompasses senior leadership roles at prominent American and Brazilian companies, including her tenure as Regional Chief Compliance Officer at Google and Director of Ethics & Compliance at Uber. Patricia’s impactful contributions have garnered repeated recognition, including being named one of Brazil’s “Most Admired Professionals” in Compliance on multiple occasions.

A graduate of Instituto Presbiteriano Mackenzie (Law School, Brazil) with a Master’s degree (LL.M.) from the University of Chicago (US) and an MBA from Fundação Getúlio Vargas (CEAG, Brazil), Patricia complements her academic achievements with specialized courses in Insurance, Reinsurance, and Law. Her profound understanding of both mature and evolving regulatory environments is a testament to her 15 years of experience in the Insurance and Reinsurance industry and 5 years in the dynamic Tech sector.

Patricia’s pragmatic approach to legal and compliance is grounded in economic and behavioral principles. She empowers organizations to achieve their goals by translating complex challenges into sound business strategies. Her leadership has successfully implemented innovative programs and training initiatives that foster ethical conduct and drive sustainable growth.

A respected voice in the field, Patricia actively shapes industry standards as a lecturer and professor at the Compliance Committee of AMCHAM, Brazil Chapter. Her unwavering commitment to ethical business practices is evident in her extensive involvement in various professional organizations, including the Ethics Tribunal of the Bar Association in Sao Paulo and the Global Compact of the United Nations. Patricia’s journey exemplifies a dedication to building a more just and responsible business world.”

Resources:

Categories
All Things Investigations

All Things Investigations – DeepSeek’s AI Revolution: Implications for Compliance and Security

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, host Tom Fox is joined by HHR Partner Mike Huneke and Brent Carlson from the Berkeley Research Group.

Brent Carlson and Mike Huneke review the recent DeepSeek AI announcement, which has stirred significant debate in the business and compliance sectors. Brent views this development as a “Sputnik moment” in the technology space, highlighting both the exciting potential and the profound implications for national security and corporate strategy, particularly due to the dual-use nature of AI technologies. On the other hand, Mike has expressed concern over the contentious debates surrounding export controls, emphasizing the necessity for robust compliance frameworks to mitigate liability risks and adapt to the evolving AI landscape. Together, they stress the importance of incorporating high probability standards and reliable inputs into compliance programs to effectively navigate the complex challenges of advanced AI technologies like DeepSeek, ensuring corporate citizenship and strategic advantage in this new era.

Key highlights:

  • Groundbreaking AI Progress Raises National Security Concerns
  • AI Market Disruption by DeepSeek Technology
  • High Probability Standard in Export Control Compliance
  • Subjective Judgment in Compliance Risk Assessment Framework
  • Red Flag Detection with Data Analytics Tools

Resources:

Hughes Hubbard & Reed website

Brent Carlson on LinkedIn

A Fresh Look at US Export Controls and Sanctions

DeepSeek Finds US Export Controls at a New ‘Sputnik Moment’ in Bloomberg Law

Categories
Compliance Into the Weeds

Compliance into the Weeds: End of FCPA and CFPB?

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this Compliance into the Weeds episode, Tom Fox and Matt Kelly review the Trump Administration’s attempts to end enforcement by the CFPB and corruption under the FCPA.

Last week, significant alterations were made to enforcement policies related to the Foreign Corrupt Practices Act (FCPA) and the Consumer Financial Protection Bureau (CFPB), resulting in a noticeable reduction in enforcement efforts and a shift in focus towards issues like corporate bribery associated with drug cartels and human trafficking. These actions will create risks for U.S. businessmen in countries like China, who might face false charges due to the de-emphasis on traditional FCPA enforcement, and these policy shifts might expose U.S. companies to anti-corruption investigations leveraged by other countries in retaliation to Trump’s trade policies.

Matt Kelly emphasizes the need for businesses to maintain robust compliance programs despite the enforcement rollback, warning that legal risks remain due to the statute of limitations, and stresses the importance of upholding corporate compliance and ethical standards to prevent corruption. Through their extensive experiences in compliance and corporate governance, both Tom and Matt highlight the complexities and potential repercussions of these enforcement changes on global business operations.

Key highlights:

  • Introduction: Unpacking the Current Situation
  • Emphasis on Corporate Bribery in Enforcement Changes
  • Upholding Compliance Duties Amid Enforcement Changes
  • FCPA and CFPB Statute of Limitations
  • Global Business Impact of Trump’s Trade Policies

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn