Categories
FCPA Compliance Report

FCPA Compliance Report: Episode 815 – AI in Compliance and Eastward AI’s Continuous Risk “Reality Check”

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes back Gerry Zack, and they discuss the growing use of AI in compliance and the launch of Eastward AI.

Zack says many organizations are uncertain and paralyzed, while others range from using ChatGPT at a basic level to building or buying specialized tools rather than seeking a “big machine.” AI is now embedded across compliance functions, from hotline chatbots and policy/control mapping to monitoring, investigations (which Zack cautions against over-automating), and behavioral analytics. Eastward AI began as a CSRD double-materiality assessment tool but expanded to encompass broader enterprise and compliance risk management, aligned with frameworks including COSO ERM, DOJ expectations, ISO 37301, and ISO 31000. Zack describes development with a skilled programming team, beta “design partners,” and a “Reality Check” feature that rapidly scans global information to update risk assessments and support scenario modeling continuously. This combination has drawn interest from CCOs, CROs, GCs, and strategy leaders. Eastward.ai is now publicly available.

Key highlights:

  • AI in Compliance Today
  • Eastward AI Origin Story
  • MVP and Design Partners
  • Reality Check Feature
  • Scenario Modeling and Strategy
  • Expanding Compliance Remit

Resources:

Gerry Zack on LinkedIn

RiskTrek

Eastward AI

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

The FCPA Compliance Report was recently named the world’s Best Business Ethics Podcast by FeedSpot.

Categories
Blog

Cartels, Extortion, and the New FCPA Risk: Lessons from Millicom

For years, many companies treated cartel risk as a security issue rather than a compliance issue. That view is no longer sufficient. In Mexico, Central America, and Brazil, organized criminal groups do not simply threaten operations from outside the company. They can infiltrate markets through corrupted officials, cartel-linked intermediaries, compromised law enforcement, logistics providers, bankers, community leaders, and local political actors. This will be a significant topic at the upcoming ACI Cartels, TCOs & Compliance Conference in Latin America next month in Washington, D.C.

That is why the Millicom Cellular FCPA enforcement action is such an important enforcement lesson. The case was not simply about bribes paid to government officials. It was about the convergence of bribery, cartel money, cash controls, joint venture governance failures, political influence, money laundering, and accounting controls. The DOJ stated that TIGO Guatemala paid more than $118 million to resolve a long-running bribery investigation involving monthly cash bribes to Guatemalan members of Congress and that some cash used for bribe payments came from laundered narcotrafficking proceeds.

The Crossover Risk: When Cartel Risk Becomes FCPA Risk

The most dangerous risk is not always the obvious cartel member with a gun. It may be the official who is cartel-affiliated, cartel-controlled, cartel-compromised, or operating in a cartel-controlled territory. That person may hold a municipal permit, customs role, police function, legislative position, procurement seat, or regulatory gatekeeper role. For the company, the question is not only whether the demand comes from a public official. It is about whether the demand sits within a criminal ecosystem that can convert ordinary business activity into FCPA, AML, sanctions, books-and-records, internal controls, and even material support risks.

Mexico shows the point clearly. OSAC has warned that several Mexican transnational criminal organizations were designated as Foreign Terrorist Organizations and Specially Designated Global Terrorists and that paying extortion demands, including derecho de piso, can create material support concerns for U.S. organizations. Brazil presents a different but equally serious model. The U.K. Home Office reported that Brazil has more than 80 organized criminal groups, including the PCC and Comando Vermelho (CV), and that militia groups made up of current and former state agents extort populations under their control.

The US Treasury Department has described PCC as one of the largest organized crime groups in Latin America, involved in money laundering, extortion, murder-for-hire, and drug debt collection. Indeed, in May 2026, the US State Department designated both the PCC and CV as Foreign Terrorist Organizations.

Central America adds another layer. In a regional Extortion Report, the Global Initiative Against Transnational Organized Crime noted that corruption within state institutions is pervasive and that security officials may use institutional power to extort, while collusion by corrupt officials sustains extortion markets. That is the crossover risk for companies: the same demand can be an extortion event, a corruption event, and an accounting controls event.

Bribery Versus Extortion

The difference between a bribe and extortion is not always intuitive, but it is critical. A bribe is a corrupt payment made to obtain or retain business, secure an improper advantage, influence an official act, or induce the misuse of an official position. The payment can be requested by the official first. The fact that the official demanded the payment does not automatically make it extortion under the FCPA. The FCPA Resource Guide, 2nd edition, explains that corrupt intent exists when a payment is intended to induce the recipient to misuse an official position, including to obtain preferential legislation or regulations.

True extortion or duress is different. The FCPA Resource Guide states that payments made in response to true extortionate demands under imminent threat of physical harm do not give rise to FCPA liability because they are not made with corrupt intent or for the purpose of obtaining or retaining business. But the same guidance draws a hard line: mere economic coercion does not amount to extortion. A payment demanded as the price of market entry or contract award remains a bribery risk because the company can decide not to pay.

That distinction matters in cartel-heavy environments. A payment to stop an immediate threat to employees may be a duress-driven safety response. A payment to obtain a permit, avoid a regulatory delay, secure customs clearance, influence a municipal inspection, or win a contract is not transformed into lawful conduct merely because the official made the demand aggressively.

Derecho de Piso and Derecho de Paso

Derecho de Piso is generally understood as a criminal “floor tax” or protection payment required to operate in a territory. It may be demanded from retailers, agricultural producers, logistics companies, construction firms, miners, energy operators, or local distributors. Derecho de Paso means a “right of passage” payment, often framed as a toll to move people, trucks, cargo, or goods through a controlled area.

Both are dangerous because they blur lines. A company may believe it is facing a security threat. In reality, it may be funding a designated organization, recording a false business expense, using a third party as a payment conduit, or allowing a cartel-linked official to convert extortion into a corrupt advantage. The compliance lesson is not that employee safety should take a back seat. It should not. The lesson is that safety-driven decisions must still be documented truthfully, escalated appropriately, and controlled through legal, compliance, security, finance, and senior management.

Millicom as the Centerpiece

The Millicom FCPA enforcement action demonstrates how these risks manifest in practice. TIGO Guatemala’s scheme ran from at least 2012 to 2018 and involved efforts to influence Guatemalan legislators, including support for radiofrequency renewals and “Ley TIGO,” a telecommunications law that benefited the company. The company earned at least $58 million in profits from the schemes.

The mechanics were extraordinary. Cash was delivered by helicopter to the TIGO Guatemala helipad in duffel bags. A $15 million put-call execution fee was used as part of a bribery slush fund. A $12 million inflated contract and backdated invoices created the appearance of legitimate services. Most troubling, a banker laundered narcotrafficking proceeds and funneled cash to support TIGO Guatemala bribe payments.

This is the compliance lesson. The company did not face a single bad invoice. It faced a criminal infrastructure. Cash, shell companies, backdated contracts, cartel-linked funds, compromised governance, and political influence worked together. That is the modern FCPA risk environment in cartel-affected markets.

The Accounting Provisions Cannot Be an Afterthought

The FCPA accounting provisions are where many companies will face their hardest questions. The FCPA Resource Guide explains that issuers must keep books and records that accurately and fairly reflect transactions and maintain internal accounting controls sufficient to provide reasonable assurances over authorization, recording, accountability, and access to assets. It also states that it is never appropriate to mischaracterize transactions and that bribes are often hidden as consulting fees, commissions, petty cash withdrawals, vendor payments, or miscellaneous expenses.

This is especially important for extortion. A payment made under duress should never be hidden as a logistics fee, community relations expense, consulting payment, security charge, donation, customs support fee, or facilitation-style cost. Even where the anti-bribery analysis turns on duress, the books-and-records analysis turns on accuracy. The internal controls analysis turns on whether the company had reasonable controls over cash, third parties, approvals, documentation, payment channels, escalation, and post-event review.

Millicom’s remediation shows what DOJ expects after such a failure. DOJ credited remediation that included root cause analysis, termination of involved personnel, new management and compliance personnel, enhanced third-party onboarding and transaction monitoring, data analytics, testing of more than 250 transactions, an ephemeral messaging policy, training, a direct compliance reporting line, and an 800 percent increase in dedicated compliance headcount. The attached analysis rightly frames this as organizational reinvention rather than ordinary remediation.

The Cartels, TCOs & Compliance in Latin American conference will feature these topics and many more. For information and registration, click here. For a complete list of the agenda, click here. You can receive 10% off the price by using the Discount Code D10-999-CPN26.

ACI is the sponsor of today’s blog.

Categories
FCPA Compliance Report

FCPA Compliance Report: Managing Compliance and National Security Risks When Doing Business in the DRC, Part 2

In this episode, Tom Fox welcomes David Simon, Partner at Foley & Lardner; Jack Korba, Of Counsel at Foley & Lardner; and Olivier Bustin, a Partner at Pinsent Masons, to discuss doing business in and with the Democratic Republic of the Congo (DRC). This is the second part of a two-part series on this topic, which presents a detailed approach to evaluating and managing travel to a high-risk country or region.

They discuss how companies investing in high-risk jurisdictions like the Democratic Republic of the Congo should treat diligence as ongoing risk management, using tailored controls, audits, and continuous monitoring informed by geopolitical developments and government/regulatory priorities (including signals such as announcements and sector focus, such as critical minerals). The speakers emphasize pragmatism: accepting some ambiguity while designing jurisdiction-specific compliance frameworks, rather than placing standard programs on “autopilot” and maintaining active C-suite and board engagement. They stress building and documenting a rational, risk-tolerant decision process that can be explained to regulators (e.g., DOJ/SEC), including knowing counterparties and local dynamics, implementing real controls, and escalating decisions appropriately. Key pitfalls to avoid include overcommitting to projects beyond risk tolerance and entering transactions without sufficient preparation. The panel also urges compliance leaders not to be paralyzed by fear, to shape opportunities early, and to note market opportunities and signals of U.S. engagement, such as financing for the Lobito railway corridor.

Key highlights:

  • Ongoing Risk Controls
  • Pragmatism In High Risk
  • Regulator Ready Diligence
  • Mistakes To Avoid
  • Where To Start

Resources:

David Simon

Jack Korba

Olivier Bustin

Foley & Lardner

Pinsent Masons

The Democratic Republic of the Congo as a Near-Term Strategic Opportunity for U.S. Companies Part 1

Part 2

Part 3

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
FCPA Compliance Report

FCPA Compliance Report: Managing Compliance and National Security Risks When Doing Business in the DRC, Part 1

In this episode, Tom Fox welcomes David Simon, Partner at Foley & Lardner; Jack Korba, Of Counsel at Foley & Lardner; and Olivier Bustin, a Partner at Pinsent Masons, to talk about doing business in and with the Democratic Republic of the Congo (DRC). This is the first part of a two-part series on this topic. The guests present a detailed approach to evaluating and managing travel into a high-risk country or region.

The three argue that while governance and logistics risks remain, improved infrastructure and heightened strategic importance of the DRC’s critical minerals (including cobalt, coltan, lithium, manganese, and rare earths) make risks more manageable and the market more relevant, with noted U.S. government continuity across administrations. They discuss opportunities beyond mining, including power, logistics, banking/insurance, tech, entertainment, and education, while emphasizing infrastructure and bankability constraints. Korba outlines national security, sanctions/export controls, and supply chain “adjacency” risks, as well as the need for sector-specific analysis. The panel highlights “choke points” stemming from concentrated power and weak institutions, and Bustin explains why local content/ownership rules and patronage dynamics require diligence that goes beyond nominal ownership. They conclude by applying a risk-based compliance approach, devoting enhanced resources to higher-risk projects and counterparties.

Key highlights:

  • Why DRC Now
  • Beyond Mining Opportunities
  • National Security Risks
  • Choke Points Explained
  • Local Ownership Diligence
  • Risk-Based Compliance

Resources:

David Simon

Jack Korba

Olivier Bustin

Foley & Lardner

Pinsent Masons

The Democratic Republic of the Congo as a Near-Term Strategic Opportunity for U.S. Companies Part 1

Part 2

Part 3

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
From the Editor's Desk

From the Editor’s Desk: Aaron Nicodemus on the May and June in Compliance Week

In this episode of ‘From the Editor’s Desk,’ Tom Fox visits with Aaron Nicodemus to discuss highlights from Compliance Week in May, review the National Conference, which concluded in May and take a look at what is coming down the pike in June in Compliance Week.

They report that federal enforcement is not receding but shifting, with heightened risk from Foreign Terrorist Organization (FTO) designations affecting companies operating in Mexico, Latin America, and Brazil; increased and novel use of the False Claims Act, including actions targeting DEI programs, referencing IBM and PayPal settlements; and growing enforcement roles for states, FINRA, and divergent ESG regimes in the UK and Europe. Guidance to compliance leaders is to “stay the course,” strengthen third-party risk management, and document enhanced due diligence around potential FTO ties. They note AI discussions moving from governance frameworks toward scaling practical compliance use cases. June will feature “Inside the Mind of the CCO” survey results, DEI-related findings, and two webcasts. They also recognize former Compliance Week journalist Allie McDevitt’s ASBE national Gold Award for her Lafarge series, which is cited as a roadmap for FTO-related risk, alongside DOJ messaging on self-reporting to seek declination.

Resources:

Aaron Nicodemus on LinkedIn

Compliance Week

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 77 – The Bullying Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Stories This Week Include:

  • End of SEC Gag Rule – Radical Compliance
  • Binance, Monitorship and Funding Iran – Bloomberg
  • Running an Effective Meeting – FT
  • Of big law and insider trading – Reuters
  • Adani case dropped – NYT
  • How I Choose Which Cloudflare Employees to Replace With AI – WSJ
  • BP ousts Chair Albert Manifold citing governance standards, oversight and conduct – Reuters
  • Four Big Takeaways From the FBI’s Report on Internet Crime – WSJ
  • Too Much Work to Do? Have Your Digital Twin Handle It – WSJ
  • Florida woman tries to eat counterfeit cash during arrest for Walmart scam, police say – FOX35 Orlando

Resources:

Kristy

Kristy Grant-Hart on LinkedIn

Order Kristy’s updated, at 10-years, new edition of How to Be a Wildly Effective Compliance Officer by clicking here.

Tom

Check out the top compliance handbook, The Compliance Handbook, 7th edition, published by LexisNexis. Visit the LexisNexis® Store at https://lexisnexis.com/fox20

To save 20% on The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, please reference or enter promotion code: FOX20.

Offer expires December 31, 2026. Offer applies to new orders only, before shipping and taxes are calculated, and shipped to a U.S. address. Discount will be applied to each applicable product after code FOX20 is entered. Discount does not apply to current subscriptions, renewals or updates. Certain exclusions and other restrictions may apply. Void where prohibited. View full terms here.

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

Compliance into the Weeds: The DOJ Trainwreck and the Rising Risk Calculus for Compliance and Self-Disclosure

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss how internal dysfunction at the U.S. Department of Justice is creating uncertainty for corporate compliance teams and corporations more generally.

Focusing on a reported turf battle between the long-standing Fraud Section in the Criminal Division, established in 1955 and central to FCPA enforcement and compliance guidance, and a newly created national Fraud Division, which was initially framed as targeting government benefits fraud. They argue the reorganization could drain expertise, reduce future DOJ guidance, and distort enforcement into politically selective actions, citing IBM’s $17 million settlement and an EEOC case involving The New York Times and Smartmatic’s experience. They also highlight DOJ staffing losses with a net 20% fewer lawyers, loss of experienced attorneys, reliance on inexperienced hires and bonuses, and warn that the volatility may chill voluntary self-disclosure despite DOJ messaging encouraging it.

Key highlights:

  • DOJ Train Wreck Overview
  • Fraud Section vs Fraud Division
  • Political Enforcement Reality
  • Self-Disclosure Gets Riskier
  • What Companies Should Do Now

Resources:

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.

Categories
Daily Compliance News

Daily Compliance News: April 15, 2026, The Decoupling Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

To learn about the intersection of Sherlock Holmes and the modern compliance professional, check out my latest book, The Game is Afoot-What Sherlock Holmes Teaches About Risk, Ethics and Investigations on Amazon.com.

Categories
SBR - Authors' Podcast

SBR-Author’s Podcast: Bribery Beyond Borders: The Hidden History and Future of the FCPA with Severin Wirz

Welcome to the SBR-Author’s Podcast! In this podcast series, Host Tom Fox visits with authors in the compliance arena and beyond. In this episode, Tom Fox welcomes Severin Wirz, Senior Director for Ethics and Compliance at Applied Materials and author of “Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act.”

The book is about the origins, narrative approach, and future of FCPA enforcement. Severin explains he used storytelling to challenge conventional views that the FCPA was merely post-Watergate morality or the product of Stanley Sporkin alone, tracing a longer lineage of U.S. anti-corruption laws (Federal Corrupt Practices Act, Travel Act, Hobbs Act, RICO, Bank Secrecy Act) instead. He recounts the United Brands/Eli Black scandal, Wall Street Journal reporting that broke key bribery revelations, Stanley Sporkin’s role at the SEC, and the legislative influence of Frank Church and William Proxmire amid debates over disclosure, criminalization, and books-and-records provisions. Severin discusses shifting geopolitical drivers of enforcement and recommends related reading and contact options.

Key highlights:

  • Severin’s Compliance Journey
  • Writing FCPA as a Thriller
  • Eli Black Scandal Breaks
  • Sporkin and SEC Momentum
  • Journalists Connect the Dots
  • Frank Church and Cold War Stakes
  • Proxmire Gets It Passed
  • Three Visions of the FCPA
  • Future Enforcement and Geopolitics

Resources:

Severin Wirz on LinkedIn

Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act on CCI and Amazon.

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: April 9, 2026, The FCPA Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Federal judge to dismiss FCPA conviction. (National Today)
  • Smartmatic FCPA prosecution. (Law Fare Media)
  • Top 10 International ABC developments from March. (MOFO)
  • AI goes on charm offensive. (WSJ)