Categories
Compliance Into the Weeds

Compliance into the Weeds: The DOJ in Crisis

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this Compliance into the Weeds episode, Tom Fox and Matt Kelly review the recent astonishing developments at the Justice Department involving the indictment and subsequent attempted dismissal of charges against New York City Mayor Eric Adams.

Tom and Matt explore the implications for corporate compliance professionals and the broader message this dysfunction sends about ethics and the role of compliance programs under the current administration. They consider the possible repercussions for future corporate enforcement, drawing important parallels between the Justice Department’s actions and the expectations for corporate compliance. They emphasize the necessity of disentailing the ethical dysfunction at the department from the practical guidelines for compliance programs. The episode critically analyzes how political maneuvers affect the justice system and corporate compliance standards.

Key highlights:

  • The Eric Adams Indictment
  • Resignations and Internal Conflict
  • Separating DOJ Integrity from Compliance Guidance
  • Tone at the Top vs. Mood at the Middle
  • Future of Compliance Guidelines

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Compliance into the Weeds was recently honored as one of the Top 25 Regulatory Compliance Podcast.

Categories
Daily Compliance News

Daily Compliance News: February 17, 2025, The Cancel The Leases Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Retaliation? Musk and DOGE want to cancel federal judiciary leases. (Reuters)
  • DOJ guts bringing of corruption cases. (CNN)
  • Barclay faces a money-laundering investigation. (WSJ)
  • Is settling litigation paying a bribe? (WSJ)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the FCPA Survival Guide on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report – National Security and Legal Perspectives with Kevin Carroll

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Kevin Carroll, now a partner at Fluet, to discuss national security issues to date under the Trump Administration.

Kevin Carroll discusses his move to Fluet Law, a national security law firm. He delves into the ongoing chaos in national security, ranging from employees’ concerns over legal processes at the Agency for International Development and the FBI to the unprecedented moves of the Trump administration in reprioritizing enforcement efforts. Kevin emphasizes the criticality of maintaining international alliances and intelligence-sharing, especially amidst controversial DOJ staffing and enforcement decisions. They also touch on the potential ramifications for U.S. companies engaged in foreign trade and anti-corruption enforcement. Don’t miss Kevin’s expert insights on the delicate balance of national security and legal frameworks in uncertain times.

Key highlights:

  • Kevin’s New Professional Chapter
  • National Security Concerns
  • Law Enforcement Priorities
  • International Relations and Security
  • Corporate Legal Risks Abroad
  • USAID and Export Control

Resources:

Kevin Carroll on LinkedIn

Fluet

Kevin Carroll on Fluet Law

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Categories
Everything Compliance

Everything Compliance: Episode 150, The Musk On Edition

Welcome to this edition of the award-winning Everything Compliance. In this episode, Matt Kelly, Jonathan Armstrong, Jonathan Marks, Karen Woody, and Karen Moore join the full gang to examine various issues for compliance professionals under the incoming administration.

  1. Jonathan Armstrong looks at the car crash coming for DeepSeek in the EU. He shouts out to Peter Mandelson, the new UK Ambassador to the United States.
  2. Karen Moore looks at the reframing of DEI. She shouts out about the film on September 5.
  3. Matt Kelly considers the Bondi Memo on changes in DOJ enforcement focus and mentions Alexei Navalny’s memoir.
  4. Karen Woody examines the new SEC Crypto Taskforce and mentions the award-winning play Hadestown.
  5. Jonathan Marks provides a tutorial on the role of internal audit on export controls. He also shouts out to his hometown team, the Philadelphia Eagles (now the Super Bowl-winning Philadelphia Eagles).
  6. Tom Fox shouts out to (conspiracy) Bill Simmons for opining that the Dallas Maverick’s trade of Luka Doncic was a ploy to force the state of Texas to allow gambling in this state.

The members of Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, by clicking here.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending February 8, 2025

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings you the compliance professional and the compliance stories you need to know to end your busy week. Sit back, and in 10 minutes, hear the stories every compliance professional should know from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Fay Vincent warned MLB of the corruption from gambling. (NYT)
  • Do we need eyes on compliance gatekeepers? (The Regulatory Review)
  • MLB fires ump for shared betting accounts. (ESPN)
  • WVU replaces DEI with “Dept. of Engagement and Compliance”. (12WBOY)
  • Will Trump DOJ drop corruption charges against NYC Mayor? (Reuters)
  • Shien IPO runs into Uyghur issues. (Reuters)
  • Top SEC crypto lawyer reassigned to IT. (WSJ)
  • Pam Bondi confirmed as new AG. (Bloomberg)
  • Bondi cuts back on FCPA enforcement. (Radical Compliance)
  • Is the Rooney Rule still legal? (Bloomberg)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

You can check out the Daily Compliance News, which features four curated compliance and ethics stories each day here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: February 3, 2025, The Division of Engagement and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Congress says Nvidia chip flow to China should be stopped. (WSJ)
  • The CCO Departure Bonus. (Cosmos)
  • WVU replaces DEI with “Dept. of Engagement and Compliance”. (12WBOY)
  • Will Trump DOJ drop corruption charges against NYC Mayor? (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
Daily Compliance News

Daily Compliance News: January 29, 2025, The End to Black History Month Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • State Department prohibited from celebrating Black History Month. (WSJ)
  • Is DeepSeek real? (FT)
  • DOJ Public Corruption Unit Chief resigns. (Bloomberg)
  • Using AI agents requires trust and compliance. (Bloomberg)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 24 – Internal Reporting and Triage

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 24, we look into the critical internal reporting process and triaging of FCPA claims. As the CCO, you will oversee the initial steps when suspicious activities are reported. Jonathan Marks’ five-step process on early assessment of incoming information is explored, providing a structured approach for evaluating the severity of allegations from low-threat level to crisis management mode. Moreover, this episode emphasizes the necessity of effective hotlines, trained managers, and a culture of listening to employees to foster a safe reporting environment. Key takeaways include the DOJ and SEC’s emphasis on internal reporting lines, regularly testing hotlines, and the triage of claims to ensure appropriate investigation levels.

Key highlights:

  • Guidelines for Effective Compliance Programs
  • Jonathan Marks’ Five-Step Process for Early Assessment
  • Key Takeaways

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Blog

The Boeing Monitorship – The Saga Continues

The case of Boeing and its contentious negotiations with the U.S. Department of Justice (DOJ) over compliance, monitorship, and accountability offers a gripping narrative of corporate responsibility, regulatory oversight, and the implications of public trust in justice. Today, we take up the saga surrounding Boeing’s attempts to secure a plea agreement in the aftermath of its 737 Max tragedies to get a Corporate Monitor, and the subsequent judicial rejection of that deal, illuminating critical lessons for corporate compliance professionals.

Background 

Boeing’s troubles began with two catastrophic crashes of its 737 Max aircraft: Lion Air Flight 610 in 2018 and Ethiopian Airlines Flight 302 in 2019. These incidents claimed 346 lives and exposed grave flaws in the Maneuvering Characteristics Augmentation System (MCAS), a flight control feature vulnerable to erroneous sensor readings. Investigations revealed that Boeing employees had concealed the system’s novelty to avoid a more rigorous Federal Aviation Administration (FAA) review.

Under a deferred prosecution agreement (DPA) in 2021, Boeing committed to paying $2.5 billion in penalties, compensation, and crash victim funds. However, further scrutiny, including a January 2024 midair crisis with a 737 Max 9, led the DOJ to assert that Boeing had breached the DPA, triggering new negotiations.

The Contested Plea Agreement 

The DOJ and Boeing’s revised plea deal proposed a guilty plea for conspiracy to defraud regulators, alongside a $243 million fine and $455 million for compliance and safety enhancements. Boeing would also face a three-year monitorship by an independent compliance monitor selected under DOJ protocols, but with some limited Boeing participation in the process. Most critically, the DOJ wanted almost total control of the selection process but demanded total control after the Monitor was selected and was the sole authority to determine if Boeing met its obligations under the Plea Agreement.

This proposal sparked fierce opposition. Families of crash victims, represented by high-profile attorneys, called the deal “morally reprehensible,” accusing it of inadequately addressing Boeing’s culpability. These critics pointed to misleading sentencing guidelines, opaque monitoring processes, and insufficient remedial measures.

The Court 

a.        October Hearing

However, the Court overseeing prosecutors’ criminal case went in a different direction, saying it needed more information on a provision of the proposed plea deal regarding how the DOJ would select an independent monitor in compliance with the agency’s diversity and inclusion policies. As reported by Hailey Konnath, writing in Law360, at an October hearing, the Court said it “wanted information on the DOJ’s diversity and inclusion policy it referenced during a hearing last week, plus definitions for the terms “diversity” and “inclusion.” Judge O’Connor also instructed the DOJ to put together filings “explaining how the provision furthers compliance and ethics efforts” and “how it will use the provision in selecting a proposed monitor.”

The Judge stated, “The court needs additional information to consider whether the agreement should be accepted adequately.”. Konnath reported that “Judge O’Connor continued, “Specifically, it is important to know how the provision promotes safety and compliance efforts as a result of Boeing’s fraudulent misconduct; what role Boeing’s internal focus on DEI impacts its compliance and ethics obligations; how the government will use the provision to process applications from proposed monitors; and how Boeing will use the provision and its own internal DEI commitment to exercise its right to strike a monitor applicant.”

b.       DOJ Response

The DOJ responded to the Court’s request for information. As reported by Linda Chiem in Law360, the DOJ said it would “conduct an “open-minded and rigorous assessment of the specific competencies and suitability of each candidate for the position while avoiding conflicts of interest and unlawful discrimination.” The DOJ defined ‘Diversity’ as encompassing its “commitment to considering the many ways that an individual candidate can demonstrate his or her unique abilities, experiences, and qualifications as a member of the monitor candidate pool—including with a professional background other than as a former department official.”

The DOJ defined ‘Inclusion’ as reflecting “the department’s openness to how these various abilities, experiences, and qualifications may inform the candidate’s capacity to serve effectively as the monitor of Boeing’s compliance and ethics program.” The DOJ also noted that “What diversity and inclusion do not mean—and what the department will not permit—is affording preference to a candidate based on their membership or non-membership in a protected class.” The Justice Department explained that it would follow its “longstanding and unbroken commitment to a merit-based monitor selection process.” It will conduct an open solicitation of monitor candidates. Vet candidates based on how their specific background, skills, and experiences might be “best suited to address the facts and circumstances of the company’s criminal conduct and the scope of the monitorship, all while avoiding conflicts of interest and unlawful discrimination based on race, gender, or any other protected class.”

c.        Court Ruling

In December, the Court rejected the Plea Agreement. Once again, Linda Chiem, reporting in Law360, said the Court found “flaws in how the DOJ intended to use race and diversity to select an independent compliance monitor to oversee Boeing and how the court was cut out of that process.” Specifically, the Court noted the “government’s shifting and contradictory explanations of how the plea agreement’s diversity-and-inclusion provision will practically operate in this case,” expressing skepticism that the government would choose an independent compliance monitor based on merit and talent instead of race and ethnicity, among other things.

The Court concluded by stating, “In a case of this magnitude, it is in the utmost interest of justice that the public is confident this monitor selection is based solely on competency. The parties’ DEI efforts undermine this confidence in the government and Boeing’s ethics and antifraud efforts. Accordingly, the diversity-and-inclusion provision renders the plea agreement against the public interest.” Equally important was the Court’s completed rejection of the DOJ position that it had the final say on the Monitor selection and Boeing’s progress (or not) under the Plea Agreement. The Judge said, “Marginalizing the court in the selection and monitoring of the independent monitor as the plea agreement undermines public confidence in Boeing’s probation, fails to promote respect for the law, and is therefore not in the public interest.”

Moving Forward 

Boeing and the DOJ now face a February 2025 deadline to renegotiate their plea agreement. This extension reflects the challenges of balancing corporate accountability with public and legal expectations. The upcoming resolution, shaped by shifting political dynamics and judicial scrutiny, will likely redefine standards for corporate compliance agreements involving catastrophic failures. Obviously, this means a new DOJ administration will be involved. Some key questions will need to be considered and answered.

It will start with what the new DOJ will do going forward.

·       Will the DOJ walk back its claim that Boeing violated the original settlement agreement?

·       Will the DOJ continue to communicate with the families of the victims?

·       Will the new DOJ reject its own DEI language, which might ameliorate some of the Court’s concerns?

·       Will the new DOJ concede the Court is correct and move to a position that some court oversight in the selection and oversight of the Monitor?

The Boeing-DOJ saga serves as a cautionary tale about the complexities of reconciling corporate malfeasance, public accountability, and regulatory frameworks. For compliance professionals, it underscores the criticality of transparency, stakeholder engagement, and merit-based selection of compliance monitors. Above all, it affirms that corporate accountability cannot be relegated to expedient backroom deals but must withstand rigorous judicial and public scrutiny.

This story is more than a corporate compliance case study; it is a wake-up call for all industries to prioritize ethics, integrity, and transparency at every operational level. For the DOJ and Boeing, the path forward will determine whether they can rebuild trust and serve as a beacon or cautionary example for future responses to corporate conduct.