Categories
Everything Compliance

Everything Compliance: Episode 150, The Musk On Edition

Welcome to this edition of the award-winning Everything Compliance. In this episode, Matt Kelly, Jonathan Armstrong, Jonathan Marks, Karen Woody, and Karen Moore join the full gang to examine various issues for compliance professionals under the incoming administration.

  1. Jonathan Armstrong looks at the car crash coming for DeepSeek in the EU. He shouts out to Peter Mandelson, the new UK Ambassador to the United States.
  2. Karen Moore looks at the reframing of DEI. She shouts out about the film on September 5.
  3. Matt Kelly considers the Bondi Memo on changes in DOJ enforcement focus and mentions Alexei Navalny’s memoir.
  4. Karen Woody examines the new SEC Crypto Taskforce and mentions the award-winning play Hadestown.
  5. Jonathan Marks provides a tutorial on the role of internal audit on export controls. He also shouts out to his hometown team, the Philadelphia Eagles (now the Super Bowl-winning Philadelphia Eagles).
  6. Tom Fox shouts out to (conspiracy) Bill Simmons for opining that the Dallas Maverick’s trade of Luka Doncic was a ploy to force the state of Texas to allow gambling in this state.

The members of Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, by clicking here.

Categories
Blog

From Sanctions to AI Disruption: How Compliance Officers Can Navigate the Rapid Pace of Change

The pace of change in today’s global business environment is breathtaking. Events that unfold over a weekend can have massive implications for corporate compliance professionals by Monday morning. When there is a business change, risks constantly change. Over the past week, this was demonstrated with two seemingly unrelated but equally impactful developments:

  • The U.S. is imposing sanctions on Colombia because of its alleged failure to take back migrants, including a 25% tariff on goods imported from the country.
  • The emergence of DeepSeek, a Chinese AI company that has developed a large language model rivaling OpenAI’s ChatGPT—at a fraction of the cost.

For the compliance professional, what do these risks mean for your organization? What do you think about a framework for assessing and managing these risks as they raise critical compliance concerns spanning sanctions enforcement, export controls, supply chain transparency, and regulatory readiness? In the most recent episode of the FCPA Compliance Report, I explored these issues with Jag Lamba, CEO at Certa.ai. We focused on the Department of Justice (DOJ) framework in its 2024 Update to the Evaluation of Corporate Compliance Programs (2024 Update) to make sense of and respond to these rapid developments.

The DOJ’s framework in the 2024 Update is broken down into three key components:

  1. Is the compliance program well-designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the compliance program work in practice?

We applied these elements to the recent developments and explored how compliance professionals can prepare for similar shocks in the future.

  • Is Your Compliance Program Well-Designed to Handle Rapidly Emerging Risks?

The first test of a compliance program is whether it is designed to assess, identify, and mitigate risks promptly. The DOJ has emphasized real-time risk assessment—a shift from static, once-a-year reviews to continuous monitoring.

Take the U.S. sanctions against Colombia. This was not a predictable, drawn-out regulatory action. It happened over a weekend, and by Monday, businesses importing Colombian goods faced a 25% tariff with little time to prepare. Compliance officers had to:

  1. Quickly identify how much of their supply chain relied on Colombian imports.
  2. Determine if alternatives existed to mitigate the cost impact.
  3. Communicate rapidly with leadership to ensure the company could pivot operations where needed.

A traditional, slow-moving risk assessment process would have left companies flat-footed. Instead, an agile risk management system, leveraging real-time data analytics and automated monitoring, can help companies proactively spot emerging risks before they become crises.

The same logic applies to export controls in the tech sector, especially in light of the DeepSeek development. Compliance officers at major AI and semiconductor companies must now be asking:

  1. Who are our customers in Singapore and neighboring markets?
  2. Are our chips being resold or rerouted to sanctioned entities in China?
  3. Do we have automated tools to track and verify shipments to ensure compliance with U.S. export control laws?

It may be too late to prevent regulatory scrutiny if a company relies on manual risk assessments and outdated compliance processes.

  • Is Your Compliance Program Adequately Resourced and Empowered?

The DOJ has clarified that a compliance program is only as good as the resources allocated to it. Ten years ago, the conversation centered around whether compliance officers had direct access to the board. The conversation then shifted to the quality of your Chief Compliance Officer (CCO) and compliance personnel. Today, the discussion is shifting to whether compliance has the technology, data, and personnel necessary to operate effectively.

Consider the situation with NVIDIA and its skyrocketing sales in Singapore—a market that, while business-friendly, is geographically close to countries facing strict U.S. export controls. Regulators are undoubtedly scrutinizing this data. The question for NVIDIA’s compliance team is:

  1. Do they have the visibility to track where these chips are ending up?
  2. Are they able to monitor sales intermediaries in real time?
  3. Can they preemptively flag anomalies—such as a single country purchasing a huge volume of restricted technology?

Without AI-driven compliance monitoring and data analytics, even the best compliance teams risk being overwhelmed by the sheer volume of transactions and regulatory changes.

Similarly, companies impacted by the Colombian tariffs must ensure their compliance programs have the right supply chain monitoring tools to:

  1. Identify impacted suppliers instantly.
  2. Assess alternative sourcing options without regulatory hurdles.
  3. Develop contingency plans to mitigate financial and operational risks.

This compliance function cannot be effectively run using spreadsheets and email chains. Companies must invest in data automation, AI-driven analytics, and cross-functional collaboration tools to avoid such fast-moving regulatory changes.

  • Does Your Compliance Program Work in Practice?

Finally, compliance programs must not exist solely on paper but must demonstrate real-world effectiveness. The DOJ’s 2024 Update mandates data-driven evidence to assess whether a compliance program is functional and effective.

This means compliance teams must be able to show:

  1. How many third-party vendors and intermediaries have been vetted and monitored?
  2. How export controls are enforced in practice—not just documented in policy.
  3. How quickly can the company respond to a sudden regulatory change, such as the Colombian sanctions?

One of the best ways to demonstrate effectiveness is through compliance storytelling. A compliance officer should be able to present:

  • This is a clear narrative backed by data showing how the company detected and addressed a regulatory risk before it became a crisis.
  • These are case studies of how compliance actions have improved business outcomes—for example, reducing onboarding time for sales intermediaries without compromising compliance integrity.
  • Tangible evidence includes video training logs, compliance dashboards, and documented decision-making trails.

A powerful example comes from a Fortune 100 company that secured five years of compliance funding in one go rather than having to renegotiate budgets annually. How? By presenting compliance in business terms:

  • Demonstrating how compliance efficiencies improved sales and reduced onboarding delays.
  • Showing the financial impact of proactive risk management.
  • Using data-driven evidence to justify long-term compliance investments.

This is the future of compliance: a function that prevents regulatory risk and actively contributes to business strategy and growth.

The CCO as a Strategic Risk Navigator

The recent developments with Colombian sanctions and DeepSeek’s AI breakthrough highlight how fast compliance risks can evolve. Sanctions, export controls, and regulatory enforcement actions are no longer slow-moving threats—they can materialize overnight.

The DOJ’s 2024 Update provides a clear roadmap for compliance professionals to navigate these challenges:

  1. Risk assessment must be dynamic and continuous. Compliance programs must be designed to identify risks in real-time, not just during annual reviews.
  2. Compliance must be adequately resourced. Companies must invest in technology, data analytics, and automation to meet regulatory changes.
  3. Compliance must demonstrate real-world effectiveness. Data-driven evidence, compelling narratives, and tangible business impact must back compliance programs.

Compliance professionals who embrace data-driven decision-making, automation, and proactive risk management will not only survive but thrive in this era of regulatory volatility. The question is: Is your compliance program ready for the next unexpected headline?

Categories
Daily Compliance News

Daily Compliance News: December 11, 2024 – The Atomic Make-Up Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Continued robust export control enforcement is predicted. (WSJ)
  • Patagonia fighting forced labor through exploring ‘atomic make-up’ of clothing. (WSJ)
  • PCAOB critic to oversee the agency. (WSJ)
  • SEC is keeping an eye on PE deals.  (WSJ)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the entire 3-book series, The Compliance Kids, on Amazon.com.

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance: Episode 31— AI, Compliance and Crypto

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

In this episode of 2 Gurus Talk Compliance Podcast, hosts Kristy Grant-Hart and Tom Fox discuss AI’s role in unmasking whistleblowers, the latest fallout from cryptocurrency firms under SEC scrutiny, advancements in tracking sanctioned commodities, and the humorous mishap involving a Florida man and laxatives. They also delve into the implications of workplace violence prevention laws, BP’s new office relationship rules, and check in on corruption and legal developments involving figures like Bob Menendez and Benny Steinmetz. Ending on a lighter note, a Florida man finds himself in trouble after substituting opioids with laxatives.

Stories Include:

  • Tyson Foods CFO was suspended for drunk driving. (Bloomberg)
  • 5 takeaways from Menendez trial.(CNN)
  • FAA says greater oversight needed over Boeing.(NYT)
  • Terraform settles with SEC for $4.5bn.(FT)
  • Beny Steinmetz profile.(OCCPR)
  • The Double-Edged Impact of AI Compliance Algorithms on Whistleblowing (National Law Review)
  • BP Tightens Rules Over Office Relationships in Wake of Former CEO’s Departure (WSJ)
  • Keeping Sanctioned Russian Timber Out of the EU Is Tricky. This Nonprofit Has a Solution (WSJ)
  • New York Bill Would Provide Protections Against Workplace Violence for Retail Employees (Seyfarth)
  • Florida Man Steals Constipation Drugs Thinking They Were Opioids (Florida has a right to know) 

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: May 24, 2024 – The Declination Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • First declination in a export control case. (WSJ)
  • Does the Constitution protect Menendez in delivering quo?  (Politico)
  • HSBC was fined for failing to help customers.  (BBC)
  • Cracks in the prosecution of Archegos. (Bloomberg)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Everything Compliance

Everything Compliance: The Perfect Attendance Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we have a quartet of commentators: Jonathan Marks, Matt Kelly, Jay Rosen, and Karen Woody, all hosted by Tom Fox.

1. Matt Kelly takes a deep dive into the seeming lack of corporate monitors in recent FCPA enforcement actions. He rants about yet another KPMG cheating scandal.

2. Karen Woody takes a deep dive into the Panuwat conviction for shadow insider trading.  She shouts out to Caitlin Clark for being the No. 1 pick in the WNBA Draft but rants about her paltry $76K first year salary.

3. Jonathan Marks talks about the current challenges facing Chief Audit Executives. He shouts out to Kevin Ford for working at Burger King for 27 years without missing a day of work.

4. Jay Rosen provides an update on export control. He has a mild  rant about CBS cutting off Billy Joel’s Piano Man encore to cut to local news about the Masters.

5. Host Tom Fox shouts out to Senator Robert Menendez for throwing his wife under the bus by announcing he will claim she is the one who engaged in bribery and corruption, not him.

The members of the Everything Compliance are:

• Jay Rosen – Jay can be reached at Jay.r.rosen@gmail.com

• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

• Jonathan Armstrong – is our UK colleague, who is an experienced data privacy/data protection lawyer in London.

• Jonathan Marks can be reached at jtmarks@gmail.com.

The host, producer, and ranter (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

Daily Compliance News: January 26, 2024 – The Bounty Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • US issues $15MM bounty for middleman on Iranian drone deal.  (WSJ)
  • Vietnam expands its corruption campaign. (Bloomberg)
  • A UK billionaire pleads guilty to insider trading. (FT)
  • More corruption in UFEA leadership. (NYT)
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 21 — Big Trouble in China Edition

What happens when two top compliance commentators get together? They talk about compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on a wide variety of topics, including the self-improvement of the Florida Man gone astray.

In the ever-evolving world of regulatory compliance and risk management, challenges are constant, and strategies must be dynamic. Tom highlights corruption in China, data privacy, the duty of oversight for officers and export control sanctions. Kristy highlights the ESG & DEI, Supply Chains and China, SAP, frequent flyer mile fraud and checks in on Florida Man. Join Tom Fox and Kristy Grant-Hart as they delve deeper into these issues in this episode of the 2 Gurus Talk Compliance podcast.

Highlights Include:

  1. First Shots Fired in 2024 Proxy Battle Over ESG, DEI: (Law.com)
  2. Enforcement of China’s Forced Import Ban Needs to Be Much Tougher, Say U.S. Lawmakers (WSJ)
  3. Lessons Learned from the SAP Enforcement Action: DOJ Changes Tack on FCPA Enforcement While SEC Digs into Third-Party Controls (Part III of III) (Corruption, Crime & Compliance)
  4. Frequent flyer miles helped authorities crack down on a $127 million money laundering scheme (The Street): HERE
  5. Analysis of failure to exercise duty of oversight by a corporate officer. (FCPA Compliance & Ethics Blog)
  6. McDonald’s Duty of Officer oversight. (Compliance and Enforcement)
  7. China and its fight against corruption.  (Reuters)
  8. Big penalties are coming for export control and sanctions enforcement. (WSJ)
  9. A federal data privacy law in 2024? (CCI)
  10. Florida man uses phone he found in Walmart bathroom to call in fake bomb threat, cites TikTok trend: deputies (FOX Orlando)

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Kitchen

The Compliance Kitchen Returns for 2023

The Compliance Kitchen is for those who want to “see what’s cooking” in the never-boring worlds of corporate compliance, white-collar crime, and global trade. We hope you will feel comfortable in the Kitchen and listen in and find it enjoyable.

OFAC issues preliminary guidance on upcoming price caps covering Russian-origin petroleum products to tag along with the existing guidance and price cap on Russian crude oil. UK’s Export Control Joint Unit publishes a compliance code of practice for export licensing to help exporters with their obligations.

Categories
Corruption, Crime and Compliance

Update on Export Controls and Sanctions: Interview with Alex Cotoia

In early October, the BIS announced two rules imposing significant export controls on semiconductor chips transactions for supercomputer end uses. This week’s show discusses recent developments in the sphere of export controls and sanctions. Alexander Cotoia, Regulatory Compliance Manager at the Volkov Law Group, joins Michael Volkov to explore the BIS’ ramping up of export control enforcement, including the new restrictions on China and Russia.

Some ideas you’ll hear them explore are:

  • The SQE route for experienced legal professionals aims to democratize the legal profession to include underrepresented minorities and other people who might not have access to the typical training contract required for being a solicitor. 
  • In early October, the BIS announced two rules imposing significant export controls on semiconductor chips transactions for supercomputer end uses. Their aim is to obstruct China’s ability to use these supercomputers to upgrade their military capabilities and the propagation of WMDs. Within these new rules, controls on the export of semiconductor manufacturing technology in certain transactions for integrated circuitry were also imposed.
  • Much of the dissent from professionals over these new restrictions stems from a fundamental disagreement in terms of policy rather than implementation, Alexander shares. Many professionals have become accustomed to the free-trade arrangement with China to export sophisticated technologies for integration end uses, and fear that the more stringent controls will compromise that arrangement.
  • The aftermath of Russia’s invasion into Ukraine saw coordinated efforts at the highest levels of US government designed to prevent Russia from acquiring assets and commodities that could be used for military purposes.
  • Alexander believes Matt Axelrod’s guidance about changing the way some administrative violations of EAR99 will be viewed was very instructive. One of the premises underlying that change was using non-monetary resolutions for less serious violations, but also imposing more stringent financial penalties on those who engage in culpable acts.
  • If you have government contracts, or are in the telecommunications industry, you’re not allowed to have Huawei products on your premises.

 

Resources

Bureau of Industry Security Ramping Up Export Control Enforcement

Alexander Cotoia on LinkedIn

Email Alex:  acotoia@volkovlaw.com

Email Michael: mvolkov@volkovlaw.com 

Volkov Law Group