Tag: DOJ

Categories
Daily Compliance News

Daily Compliance News: February 3, 2025, The Division of Engagement and Compliance Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Congress says Nvidia chip flow to China should be stopped. (WSJ)
  • The CCO Departure Bonus. (Cosmos)
  • WVU replaces DEI with “Dept. of Engagement and Compliance”. (12WBOY)
  • Will Trump DOJ drop corruption charges against NYC Mayor? (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
Daily Compliance News

Daily Compliance News: January 29, 2025, The End to Black History Month Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • State Department prohibited from celebrating Black History Month. (WSJ)
  • Is DeepSeek real? (FT)
  • DOJ Public Corruption Unit Chief resigns. (Bloomberg)
  • Using AI agents requires trust and compliance. (Bloomberg)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 24 – Internal Reporting and Triage

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 24, we look into the critical internal reporting process and triaging of FCPA claims. As the CCO, you will oversee the initial steps when suspicious activities are reported. Jonathan Marks’ five-step process on early assessment of incoming information is explored, providing a structured approach for evaluating the severity of allegations from low-threat level to crisis management mode. Moreover, this episode emphasizes the necessity of effective hotlines, trained managers, and a culture of listening to employees to foster a safe reporting environment. Key takeaways include the DOJ and SEC’s emphasis on internal reporting lines, regularly testing hotlines, and the triage of claims to ensure appropriate investigation levels.

Key highlights:

  • Guidelines for Effective Compliance Programs
  • Jonathan Marks’ Five-Step Process for Early Assessment
  • Key Takeaways

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Blog

The Boeing Monitorship – The Saga Continues

The case of Boeing and its contentious negotiations with the U.S. Department of Justice (DOJ) over compliance, monitorship, and accountability offers a gripping narrative of corporate responsibility, regulatory oversight, and the implications of public trust in justice. Today, we take up the saga surrounding Boeing’s attempts to secure a plea agreement in the aftermath of its 737 Max tragedies to get a Corporate Monitor, and the subsequent judicial rejection of that deal, illuminating critical lessons for corporate compliance professionals.

Background 

Boeing’s troubles began with two catastrophic crashes of its 737 Max aircraft: Lion Air Flight 610 in 2018 and Ethiopian Airlines Flight 302 in 2019. These incidents claimed 346 lives and exposed grave flaws in the Maneuvering Characteristics Augmentation System (MCAS), a flight control feature vulnerable to erroneous sensor readings. Investigations revealed that Boeing employees had concealed the system’s novelty to avoid a more rigorous Federal Aviation Administration (FAA) review.

Under a deferred prosecution agreement (DPA) in 2021, Boeing committed to paying $2.5 billion in penalties, compensation, and crash victim funds. However, further scrutiny, including a January 2024 midair crisis with a 737 Max 9, led the DOJ to assert that Boeing had breached the DPA, triggering new negotiations.

The Contested Plea Agreement 

The DOJ and Boeing’s revised plea deal proposed a guilty plea for conspiracy to defraud regulators, alongside a $243 million fine and $455 million for compliance and safety enhancements. Boeing would also face a three-year monitorship by an independent compliance monitor selected under DOJ protocols, but with some limited Boeing participation in the process. Most critically, the DOJ wanted almost total control of the selection process but demanded total control after the Monitor was selected and was the sole authority to determine if Boeing met its obligations under the Plea Agreement.

This proposal sparked fierce opposition. Families of crash victims, represented by high-profile attorneys, called the deal “morally reprehensible,” accusing it of inadequately addressing Boeing’s culpability. These critics pointed to misleading sentencing guidelines, opaque monitoring processes, and insufficient remedial measures.

The Court 

a.        October Hearing

However, the Court overseeing prosecutors’ criminal case went in a different direction, saying it needed more information on a provision of the proposed plea deal regarding how the DOJ would select an independent monitor in compliance with the agency’s diversity and inclusion policies. As reported by Hailey Konnath, writing in Law360, at an October hearing, the Court said it “wanted information on the DOJ’s diversity and inclusion policy it referenced during a hearing last week, plus definitions for the terms “diversity” and “inclusion.” Judge O’Connor also instructed the DOJ to put together filings “explaining how the provision furthers compliance and ethics efforts” and “how it will use the provision in selecting a proposed monitor.”

The Judge stated, “The court needs additional information to consider whether the agreement should be accepted adequately.”. Konnath reported that “Judge O’Connor continued, “Specifically, it is important to know how the provision promotes safety and compliance efforts as a result of Boeing’s fraudulent misconduct; what role Boeing’s internal focus on DEI impacts its compliance and ethics obligations; how the government will use the provision to process applications from proposed monitors; and how Boeing will use the provision and its own internal DEI commitment to exercise its right to strike a monitor applicant.”

b.       DOJ Response

The DOJ responded to the Court’s request for information. As reported by Linda Chiem in Law360, the DOJ said it would “conduct an “open-minded and rigorous assessment of the specific competencies and suitability of each candidate for the position while avoiding conflicts of interest and unlawful discrimination.” The DOJ defined ‘Diversity’ as encompassing its “commitment to considering the many ways that an individual candidate can demonstrate his or her unique abilities, experiences, and qualifications as a member of the monitor candidate pool—including with a professional background other than as a former department official.”

The DOJ defined ‘Inclusion’ as reflecting “the department’s openness to how these various abilities, experiences, and qualifications may inform the candidate’s capacity to serve effectively as the monitor of Boeing’s compliance and ethics program.” The DOJ also noted that “What diversity and inclusion do not mean—and what the department will not permit—is affording preference to a candidate based on their membership or non-membership in a protected class.” The Justice Department explained that it would follow its “longstanding and unbroken commitment to a merit-based monitor selection process.” It will conduct an open solicitation of monitor candidates. Vet candidates based on how their specific background, skills, and experiences might be “best suited to address the facts and circumstances of the company’s criminal conduct and the scope of the monitorship, all while avoiding conflicts of interest and unlawful discrimination based on race, gender, or any other protected class.”

c.        Court Ruling

In December, the Court rejected the Plea Agreement. Once again, Linda Chiem, reporting in Law360, said the Court found “flaws in how the DOJ intended to use race and diversity to select an independent compliance monitor to oversee Boeing and how the court was cut out of that process.” Specifically, the Court noted the “government’s shifting and contradictory explanations of how the plea agreement’s diversity-and-inclusion provision will practically operate in this case,” expressing skepticism that the government would choose an independent compliance monitor based on merit and talent instead of race and ethnicity, among other things.

The Court concluded by stating, “In a case of this magnitude, it is in the utmost interest of justice that the public is confident this monitor selection is based solely on competency. The parties’ DEI efforts undermine this confidence in the government and Boeing’s ethics and antifraud efforts. Accordingly, the diversity-and-inclusion provision renders the plea agreement against the public interest.” Equally important was the Court’s completed rejection of the DOJ position that it had the final say on the Monitor selection and Boeing’s progress (or not) under the Plea Agreement. The Judge said, “Marginalizing the court in the selection and monitoring of the independent monitor as the plea agreement undermines public confidence in Boeing’s probation, fails to promote respect for the law, and is therefore not in the public interest.”

Moving Forward 

Boeing and the DOJ now face a February 2025 deadline to renegotiate their plea agreement. This extension reflects the challenges of balancing corporate accountability with public and legal expectations. The upcoming resolution, shaped by shifting political dynamics and judicial scrutiny, will likely redefine standards for corporate compliance agreements involving catastrophic failures. Obviously, this means a new DOJ administration will be involved. Some key questions will need to be considered and answered.

It will start with what the new DOJ will do going forward.

·       Will the DOJ walk back its claim that Boeing violated the original settlement agreement?

·       Will the DOJ continue to communicate with the families of the victims?

·       Will the new DOJ reject its own DEI language, which might ameliorate some of the Court’s concerns?

·       Will the new DOJ concede the Court is correct and move to a position that some court oversight in the selection and oversight of the Monitor?

The Boeing-DOJ saga serves as a cautionary tale about the complexities of reconciling corporate malfeasance, public accountability, and regulatory frameworks. For compliance professionals, it underscores the criticality of transparency, stakeholder engagement, and merit-based selection of compliance monitors. Above all, it affirms that corporate accountability cannot be relegated to expedient backroom deals but must withstand rigorous judicial and public scrutiny.

This story is more than a corporate compliance case study; it is a wake-up call for all industries to prioritize ethics, integrity, and transparency at every operational level. For the DOJ and Boeing, the path forward will determine whether they can rebuild trust and serve as a beacon or cautionary example for future responses to corporate conduct.

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending January 11, 2025

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings you the compliance professional and the compliance stories you need to know to end your busy week. Sit back, and in 10 minutes, hear the stories every compliance professional should know from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Bayview Asset Management settles cyber weakness case. (WSJ)
  • Corruption at the Supreme Court. (Reuters)
  • Enron is back. What could go wrong? (NYT)
  • UBS to settle Credit Suisse tax fraud case. (Bloomberg)
  • Tribute to Jimmy Carter in the fight against corruption. (FT)
  • Former MoviePass CEO pleads guilty to fraud. (NYT)
  • OIG issues Nursing Home compliance guidance. (National Review)
  • China will deepen the corruption fight in areas such as finance and energy. (Bloomberg)
  • Boeing and DOJ get another month on a plea deal. (Law360) sub req’d
  • Corruption is the biggest threat to the Chinese Communist Party. (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: January 8, 2025 – The How Corruption Works Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • US sanctions Orban Chief of Staff for corruption. (FT)
  • How corruption works at FIFA. (BI)
  • Boeing and DOJ get another month on a plea deal. (Law360) subscription req’d
  • No secret recordings in Oregon. (Reuters)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 7 – Argentieri on Clawbacks and Holdbacks

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

In this episode, we explore the critical insights from the DOJ Clawback Program for compliance professionals. It emphasizes integrating compliance into the compensation structure as an effective strategy to promote ethical behavior and prevent misconduct. We also delve into the significance of financial accountability, noting the DOJ’s practice of reducing fines for firms that reclaim compensation from responsible employees. Finally, the episode highlights the necessity of continuously evaluating and enhancing compliance-linked compensation systems, urging companies to regularly assess their effectiveness, gather feedback, and make necessary adjustments. This iterative process reinforces the idea that compliance programs must be dynamic and proactive rather than static operational checklists.

Key highlights:

  • Integrating Compliance into Compensation
  • Financial Accountability Emphasis
  • DOJ’s Commitment to Individual Accountability
  • Continuous Evaluation and Improvement

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 6 – M&A Safe Harbor Policy

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

This episode delves into the Department of Justice’s mergers and acquisitions (M&A) Safe Harbor Policy, as Deputy Attorney General Lisa Monaco explained. This policy encourages companies to voluntarily self-disclose criminal conduct discovered during acquisition. If a company promptly discloses such misconduct, cooperates with the ensuing investigation, and engages in appropriate remediation, restitution, and disgorgement, it can receive a presumption of a criminal declination. Key deadlines include disclosing misconduct within six months of the closing date and fully remediating within one year. The DOJ aims to incentivize acquiring companies to perform robust pre- and post-acquisition due diligence and self-disclosure to mitigate risks and de-risk transactions effectively.

Key highlights:

  • New DOJ Mergers and Acquisitions Safe Harbor Policy
  • Key Requirements and Deadlines
  • Historical Context and Clarifications

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Blog

The McKinsey $650 Million Settlement: Compliance Lessons from the Opioid Crisis

Last week, McKinsey & Company resolved civil and criminal matters with the Department of Justice (DOJ). This settlement represents a seismic shift in corporate accountability. For the first time, a management consulting firm has been held criminally liable for advice that contributed to a client’s commission of a crime. This $650 million resolution with the DOJ offers profound lessons for industry compliance professionals. This should be coupled with the previous Foreign Corrupt Practices Act (FCPA) resolution for $122 million with the DOJ over the company’s bribery and corruption in South Africa. From failures in risk management to the imperative of ethical decision-making, McKinsey’s cases are a masterclass in how compliance missteps can lead to devastating consequences.

A Timeline of Ethical Erosion  

Between 2004 and 2019, McKinsey worked on 75 engagements with Purdue Pharma, a key player in the opioid epidemic. In 2013, McKinsey spearheaded a project to “turbocharge” OxyContin sales despite growing awareness of the drug’s role in the crisis. This “Evolve to Excellence” initiative targeted high-prescribing physicians, some already under scrutiny for unsafe practices. Despite Purdue’s 2007 guilty plea for misbranding OxyContin, McKinsey continued advising the company, prioritizing profits over public health.

The fallout included a criminal charge for obstruction of justice against a former senior partner, allegations of advising on fraudulent claims to federal healthcare programs, and revelations of conflicts of interest in dealings with the FDA. The penalties include a $231 million fine, $93 million in forfeitures, and $323 million under the False Claims Act. McKinsey also agreed to a Deferred Prosecution Agreement (DPA), mandating significant compliance reforms.

Key Compliance Takeaways  

1. Risk Assessment and Client Selection: The First Line of Defense

McKinsey’s failure to assess its work’s reputational and legal risks with Purdue underscores the importance of robust risk evaluation processes. Like any organization, consulting firms must consider client histories and engagement scopes. Purdue’s 2007 plea and ongoing controversies should have triggered heightened scrutiny, yet McKinsey continued its relationship unabated. One key lesson is to establish a formalized client diligence framework. Identify high-risk clients and engagements, factoring in legal histories, industry regulations, and reputational implications.

2. The Ethical Perils of Aggressive Strategy

The directive to “turbocharge” OxyContin sales illustrates the ethical blind spots that arise when profit-driven goals overshadow public welfare. McKinsey’s PowerPoint presentations and marketing strategies directly influenced Purdue’s ability to sustain OxyContin sales, exacerbating the opioid crisis. Every organization must build ethics into strategic decision-making. Compliance officers should collaborate with business units to ensure strategies align with ethical standards and regulatory requirements.

3. Document Retention and the Dangers of Obstruction

The case against former senior partner Martin Elling reveals how internal actions can escalate legal risks. Elling’s directive to “eliminate all our documents and emails” and his subsequent obstruction charge illustrates the severe consequences of tampering with evidence during investigations. Every company must develop and enforce strict document retention policies. Provide training to employees on legal holds and the dangers of obstructing investigations.

4. Conflict of Interest Management

McKinsey’s simultaneous work with Purdue and the FDA highlights a blatant disregard for conflict-of-interest policies. Misleading the FDA undermined trust and compounded McKinsey’s liability. Your organization must institute robust conflict-of-interest protocols. Regularly audit engagements to identify overlapping or competing interests and disclose conflicts proactively.

5. Deferred Prosecution Agreements: A Path to Reform

As part of the DPA, McKinsey committed to implementing significant compliance reforms, including a risk evaluation process, quality review programs, and new document retention procedures. These measures are designed to prevent a repeat of past mistakes. Indeed, no company wants to be under a DPA, but the conduct of McKinsey, both in this case and in its FCPA matter in South Africa, were both so egregious that the company should view its DPA as an opportunity for transformation. Compliance leaders should use such agreements to rebuild trust, enhance internal controls, and foster a culture of accountability.

Culture as a Compliance Imperative  

The most striking lesson from the McKinsey case is the absence of a culture of accountability. McKinsey’s actions were not the result of one rogue employee; they reflected systemic failings within the organization. From top executives to client teams, the firm consistently prioritized financial gain over ethical responsibility.

Building an ethical culture requires multiple steps. It all begins with Tone from the Top—a commitment from top leadership to demonstrate an unwavering commitment to compliance and ethics. A company must empower its corporate compliance functions with the authority and resources to challenge decisions that pose ethical risks. Through training, communication, and employee awareness, there must be awareness throughout the organization of this commitment to business ethically and in compliance. Organizations must regularly train employees on ethical decision-making, risk identification, and reporting mechanisms.

Looking Ahead: The Compliance Professional’s Role  

The McKinsey settlements are a wake-up call for compliance professionals. They challenge us to rethink our roles as rule enforcers and stewards of ethical integrity. This case underscores the importance of proactive measures to identify risks, implement controls, and foster a culture where doing the right thing is non-negotiable.

The DOJ’s message is clear: no entity is above the law. Consulting firms, financial advisors, and other service providers must now grapple with the reality that their advice carries legal and ethical implications. For compliance officers, this means doubling down on preventive measures, promoting transparency, and ensuring accountability at every level.