Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Thirteen years after the GSK China scandal exploded onto the global stage, its lessons remain as urgent as ever for compliance professionals and business leaders. In this podcast series, we revisit the case not simply as corporate history, but as a living cautionary tale about culture, incentives, third parties, investigations, and governance. Each episode explores what went wrong, why it went wrong, and how those failures still echo in today’s compliance and ethics landscape. Join me as we unpack the scandal and draw practical lessons for building stronger, more resilient organizations. In this inaugural episode, we take a deep dive into the 2013 GSK China bribery scandal and examine why it remains one of the most important case studies in corporate compliance, governance, and culture. Our hosts are Timothy and Fiona.
We unpack how a global pharmaceutical giant was alleged to have used travel agencies, fake conferences, false VAT receipts, and targeted marketing programs to channel illicit payments to doctors, officials, and other intermediaries, all while an internal whistleblower warning and a four-month internal investigation failed to detect the misconduct. The episode also explores the tension between polished global compliance structures and compromised local execution, showing how incentives, third-party relationships, and regional sales pressure can overwhelm formal controls. Most importantly, it asks a question that remains urgent today: are corporate compliance systems truly designed to find the truth, or can they create a false sense of security that allows misconduct to flourish undetected?
Key highlights:
Resources:
GSK in China: A Game Changer for Compliance on Amazon.com
GSK in China: Anti-Bribery Enforcement Goes Global on Amazon.com
Tom Fox
Ed. Note: The Notebook LM created notes, the voices of the hosts, Timothy and Fiona, based upon text written by Tom Fox
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!
Stories this week include:
Resources:
Kristy Grant-Hart on LinkedIn
Tom
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
This week, I want to pay tribute to my former Compliance Week colleague, Aly McDevitt, who announced on LinkedIn that she was retiring from CW to become a full-time mother. I wrote a tribute to Aly, which appeared in CW last week. To prepare to write that piece, I re-read her long-form case studies, which she wrote over the years for CW. They are as compelling today as when she wrote them. This week, I will be paying tribute to Aly by reviewing five of her pieces. The schedule for this week is:
Monday: A Tale of Two Storms
Tuesday: Coming Clean
Wednesday: Inside a Dark Pact
Thursday: Reaching Into the Value Chain
Friday: Ransomware Attack: An immersive case study of a cyber event based on real-life scenarios
In this case study, Aly took a scandal that could easily be reduced to a shocking headline and showed how misconduct often grows incrementally, decision by decision, concession by concession, until a company crosses a line it can no longer explain away. As McDevitt framed it, Lafarge’s collapse into criminal conduct was not sudden. What began as “local concessions” in a war zone ended in terrorist financing, a guilty plea, and a historic compliance disaster.
For the corporate compliance professional, that is where this story starts. Not with ISIS. Not with the guilty plea. Not even with Syria’s descent into civil war. It starts with a corporate mindset that treats business continuity as a value higher than legal and ethical boundaries.
McDevitt lays out the core facts with devastating clarity. Lafarge built a $680 million cement plant in the Jalabiyeh region of Syria in 2010, just as the Arab Spring began to reshape the region. The plant, Lafarge Cement Syria, was strategically important, but it also operated in an increasingly unstable environment. By 2011, political unrest in Syria had become a violent conflict. By 2012, the area around the plant was plagued by kidnappings, hijackings, and the killing of a contractor at a checkpoint. Most companies would view those developments as bright red stop signs. Lafarge saw them as obstacles to manage.
That is the first major lesson of the case study. The most dangerous compliance failures often arise not from ignorance of risk but from a conscious decision to keep operating despite it. McDevitt shows that while other companies pulled out of Syria, Lafarge kept the plant running and shifted management of Syrian operations to Cairo after evacuating European employees. That decision set the stage for the next step: negotiating through intermediaries with armed factions to permit continued operations. By then, the moral and legal slope was already slippery. The question was no longer whether the company faced risk. The question was how much compromise leadership was willing to tolerate to avoid writing off a major investment.
McDevitt’s reporting is especially effective because it captures the gradualism of the wrongdoing. She writes that Lafarge executives did not wake up one day and decide to fund terrorists. It happened slowly, one deal after another, as the company tried to preserve operations in a deteriorating war zone. This is a point every compliance professional should sit with. Catastrophic misconduct often results from the accumulation of rationalized, smaller acts. Each one is framed as temporary, practical, or necessary. Each one moves the line. Eventually, there is no line left.
The Justice Department ultimately found that Lafarge routed about $5.92 million in illicit payments to the al-Nusra Front and ISIS. In 2022, Lafarge pleaded guilty in the United States to providing material support to terrorist organizations, the first case of its kind against a corporation in the U.S. Former Deputy Attorney General Lisa Monaco said the company “paid millions of dollars to both terrorist groups and benefited from their brutality to the tune of $70 million in revenue,” and the company paid $778 million in fines and forfeitures as part of the plea agreement.
That number alone should command the attention of boards and executive teams. Lafarge tried to avoid the business pain of shutting down a troubled asset and ended up paying more than the original investment in penalties, while also suffering deep reputational damage, legal exposure in multiple jurisdictions, and criminal proceedings against former executives. There is a brutal irony in that outcome. The Syrian plant accounted for less than 1% of Lafarge’s total sales at the time of the Holcim merger, yet the consequences of non-compliance proved vastly disproportionate to the asset’s commercial importance. That is the second lesson. The smaller the business rationale, the less defensible the compliance compromise.
McDevitt also explains why the U.S. Department of Justice had jurisdiction. Lafarge used U.S.-based email services to avoid using company email addresses, and some payments linked to terrorist groups were made in U.S. dollars through New York banks. This should resonate with every multinational company. Jurisdiction in modern enforcement is not limited by headquarters location. It is created through systems, currency flows, communications infrastructure, and business touchpoints. In a global company, you can be hauled into a U.S. enforcement action because you used the plumbing of U.S. commerce.
McDevitt’s account also reveals something even more troubling. By September 2013, Lafarge executives were already acknowledging the reality in their own meeting minutes, stating that it was becoming harder and harder to operate without directly or indirectly negotiating with networks designated as terrorists by international organizations and the United States. That line should stop every compliance officer in their tracks. At that moment, the risk was no longer ambiguous. It was known, articulated, and documented. The failure thereafter was not one of detection. It was one of the decision-making processes.
And that brings us to the heart of the compliance lesson. Once a company understands the legal and ethical nature of the risk, the compliance function is not merely to record the issue. The job is to create a decision architecture that can force the right outcome, even when business leadership hates it.
McDevitt reinforces this through the voice of Marcia Narine Weldon, who said, “business continuity can’t be an excuse for abandoning core legal and ethical principles” and even more pointedly, “When you’re dealing with potential terrorism financing, neutrality isn’t an option. You either stop it or you become complicit”. That is exactly right. There are categories of risk where compromise is not prudent; balancing is complicity. Terrorist financing sits squarely in that category.
Another important aspect of McDevitt’s case study is the timeline of internal response. Holcim, after its merger with Lafarge, became aware in 2016 of allegations that Lafarge had negotiated with ISIS and made payments to it. The head of compliance informed the Chief Legal and Compliance Officer that outside counsel had been engaged for legal analysis, and the board’s finance and audit committee directed an investigation. This sequence shows what a post-discovery escalation should look like. But it also highlights a painful truth: escalation after the fact is not the same as prevention. The best board briefing in 2016 could not undo the wrong choices made years earlier.
For compliance leaders, the Lafarge matter is therefore a case study in the limits of retrospective governance. Once the organization has crossed the line into criminal conduct, the role of compliance shifts from prevention to damage containment.
McDevitt weaves this throughout the piece with precision. She does not sensationalize the conduct. She shows how a company operating in a volatile, high-risk environment allowed ethics and compliance to take a back seat to business survival. That is what makes the article so valuable. It reminds us that in high-pressure environments, compliance is not a support function sitting politely on the sidelines. It is the adult in the room. Sometimes that means telling management to shut down an operation. Sometimes it means escalating to the board. Sometimes it means resigning rather than participating in the unambiguously wrong.
In the end, Inside a Dark Pact is one of Aly McDevitt’s strongest cautionary tales because it strips away comforting myths. It tells us that smart people can rationalize the indefensible. It tells us that local concessions can become global crimes. And it tells us that when a company places asset preservation above values, it may preserve neither.
Join us tomorrow when we review Aly’s piece on Flex and its ESG journey. I am a columnist for Compliance Week.
