Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
Innovation touches every part of the modern enterprise, and compliance professionals must be prepared not only to respond to change but to lead through it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators on the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Anik Shah, Global Director of Anti-Bribery and Anti-Corruption Compliance at Sandisk, for an insightful discussion on the pivotal shifts in FCPA enforcement during 2025 and what they signal for 2026.
Shah outlines his extensive professional background, including his prior roles at the SEC and DOJ. The conversation explores key developments from 2025, including the Executive Order pausing certain FCPA investigations, the Blanche Memo’s four criteria for opening FCPA cases, and the implications of revisions to the Corporate Enforcement Policy. He also analyzes the Communications Cellular enforcement action to highlight practical compliance lessons, focusing on strengthening AML controls, managing third-party risk, and deploying proactive compliance measures amid renewed anti-corruption scrutiny.
The episode concludes with a forward-looking discussion of emerging anti-corruption risks associated with advanced AI technologies, large AI construction projects, and related permitting activities, both in the United States and globally. Shah offers strategic recommendations for compliance professionals seeking to anticipate and manage these evolving risks.
Key highlights:
• 2025 as a Pivotal Year in FCPA Enforcement
• The Blanche Memo and Corporate Enforcement Policy Revisions
• Anti-Money Laundering and Third-Party Risk Management
• Large AI Construction Projects and Permitting Risks
• Global Anti-Corruption Laws and Compliance
• Key Takeaways for 2026
Resources:
Anik Shah on LinkedIn
Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.
For U.S. compliance professionals, few jurisdictions raise as many red flags as Venezuela. Decades of entrenched corruption, state capture of key industries, economic collapse, weak rule of law, and the legacy of PdVSA have made the country a case study in what happens when corruption becomes systemic rather than episodic. Now that geopolitical and energy realities are shifting, some U.S. companies are again evaluating whether and how to reenter the Venezuelan market.
Against that backdrop, the passage of the Foreign Extortion Prevention Act (FEPA) represents one of the most significant developments in anti-corruption enforcement in nearly half a century. The question compliance officers are now asking is a practical one: can FEPA actually be used to prevent bribery and corruption for U.S. companies returning to Venezuela, or is it merely a symbolic addition to an already strained enforcement framework?
The answer, as with most compliance questions, is nuanced. FEPA is not a silver bullet. But when properly understood and operationalized, it can meaningfully change the risk calculus for companies operating in high-extortion environments like Venezuela.
The Historic Gap in the FCPA
For decades, the compliance community has lived with a fundamental asymmetry in U.S. anti-corruption law. The Foreign Corrupt Practices Act is a supply-side statute. It criminalizes the offering or payment of bribes by U.S. companies and individuals, but it does not criminalize the demand for those bribes by foreign officials. This gap has long distorted incentives on the ground.
In jurisdictions such as Venezuela, bribery is rarely framed as a voluntary transaction. It is far more often presented as a demand, a condition of doing business, or even a threat, as in the case of extortion. Officials do not ask politely. They delay permits, block shipments, threaten arrests, or endanger employee safety. Until FEPA, U.S. law largely treated this as background noise rather than a prosecutable offense.
FEPA directly addresses that gap by criminalizing the solicitation or acceptance of bribes by foreign officials from U.S. persons or companies. In doing so, it finally targets the demand side of corruption and aligns U.S. law more closely with how bribery actually operates in high-risk countries.
Why Venezuela Is the Ultimate Test Case
If FEPA can work anywhere, it should work in Venezuela. The country’s corruption ecosystem is characterized by pervasive extortion across customs, energy, transportation, security, immigration, and tax authorities. Payments are often demanded not to gain an advantage but to avoid harm. This distinction matters. In Venezuela, the compliance challenge is not simply rogue employees paying bribes. It is employees facing credible threats to liberty, safety, or health. FEPA explicitly recognizes this reality by treating extortion by a foreign official as a criminal act rather than merely a compliance failure by the company.
That framing gives compliance officers something they have long lacked: a legal backbone to support a firm refusal posture. Companies can now say, with credibility, that the demand itself is illegal under U.S. law and subject to DOJ enforcement, even if the official is located abroad.
Extortion, Facilitation, and the Compliance Trap
One of the most dangerous compliance traps in Venezuela has always been the mislabeling of extortion payments. Under the FCPA, facilitation payments occupy a narrow and controversial exception. Extortion payments, however, were never facilitation payments. They were survival payments. FEPA eliminates any lingering ambiguity. Extortion payments involving threats to life, liberty, or health are now clearly illegal, not merely discouraged. This forces compliance programs to confront uncomfortable operational realities.
Policies must explicitly distinguish facilitation from extortion. Employees must be trained that the company will support them if they are threatened, but that any such payment must be immediately documented, accurately recorded, and escalated. Book and record accuracy becomes critical. Mischaracterizing extortion as a routine expense is now a standalone risk under FEPA, not merely an FCPA accounting issue.
FEPA as a Deterrent Tool, Not Just an Enforcement Tool
One of the most overlooked aspects of FEPA is its potential deterrent effect. The statute introduces the possibility of DOJ investigations targeting foreign officials, including public naming and reporting requirements. For officials who interact with U.S. companies, this creates reputational and diplomatic risk that did not previously exist. In Venezuela, where many officials rely on international travel, financial access, and political legitimacy, even the threat of U.S. scrutiny can matter. FEPA does not require immediate extradition to have an impact. The mere existence of a credible enforcement pathway can alter behavior at the margins.
For compliance officers, this means FEPA can be used proactively. Risk assessments should explicitly incorporate FEPA exposure. Third-party due diligence should assess patterns of extortion, not just a history of bribery. Contractual language should reference the reporting obligations for extortion. Training should include scenario-based exercises where employees practice refusing demands and escalating threats.
The Limits of FEPA in Venezuela
None of this should be overstated. FEPA will not cleanse Venezuela of corruption. Extradition of Venezuelan officials is unlikely. Local enforcement cooperation will be minimal. Many officials operate with de facto immunity. But compliance effectiveness has never depended on perfect enforcement. It depends on shifting incentives, setting expectations, and protecting employees. FEPA strengthens all three. From a DOJ perspective, FEPA also changes cooperation dynamics. Companies that proactively document extortion demands, preserve evidence, and report credible threats may be viewed very differently from companies that quietly pay and rationalize. In a Venezuela reentry scenario, that distinction could be outcome-determinative.
What Compliance Officers Should Do Now
For companies considering Venezuela, FEPA must be embedded into program design from day one. This includes updating anti-corruption policies, revising travel and security protocols, enhancing incident reporting mechanisms, and briefing boards on the new enforcement landscape. Most importantly, compliance officers must be realistic. FEPA does not eliminate the need for robust internal controls. It heightens the consequences of getting them wrong. Venezuela will remain a high-risk jurisdiction regardless of statutory innovation.
Five Key Takeaways for the Compliance Professional
1. FEPA Changes the Risk Conversation, Not Just the Law
FEPA fundamentally alters how compliance officers should frame corruption risk in high-extortion jurisdictions like Venezuela. It is no longer only about preventing improper employee payments. It is now about recognizing, documenting, and escalating illegal demands by foreign officials. This allows compliance to move from a defensive posture to a principled refusal backed by U.S. law.
2. Extortion Must Be Explicitly Addressed in Policies and Training
Companies can no longer afford vague language that blurs the distinction between facilitation payments and extortion. Compliance programs must clearly define extortion as illegal, explain how it differs from facilitation payments, and provide step-by-step guidance for employees facing threats to health, safety, or liberty. Scenario-based training is no longer optional in Venezuela risk operations.
3. Books and Records Exposure Has Increased Under FEPA
Accurate documentation is now a frontline compliance control. Any payment made under duress must be recorded precisely and transparently. Mischaracterizing extortion payments as routine expenses or facilitation payments creates a separate and serious compliance failure. Accounting controls, escalation protocols, and audit reviews must be aligned accordingly.
4. FEPA Should Be Embedded in Risk Assessments and Third-Party Due Diligence
Venezuela reentry assessments should explicitly evaluate extortion risk, not merely bribery history. Third parties, customs brokers, security providers, and logistics partners are often the point of pressure. FEPA requires compliance officers to assess whether business partners operate in ways that expose the company to extortion demands and reporting failures.
5. FEPA Strengthens Compliance’s Role as a Strategic Advisor
FEPA gives compliance professionals a credible legal framework to advise management and the board on when and how business can be conducted safely. It reinforces the message that walking away from certain transactions is not risk aversion but risk management. In Venezuela, FEPA can help compliance professionals draw clearer red lines and protect both the company and its people.
The Bottom Line
So, could FEPA be used to prevent bribery and corruption for U.S. companies returning to Venezuela? Not entirely. But it can materially reduce risk, empower employees, and change how companies engage with corrupt systems. For the first time, U.S. law squarely acknowledges what compliance professionals have always known: bribery often begins with a demand. By criminalizing that demand, FEPA gives companies a stronger legal and ethical foundation to say no.
In a country like Venezuela, that may be the most important compliance tool of all.
What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!
Stories This Week Include:
Connect with the Hosts:
Resources:
Tom
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. We take a short break from our 2-part series with Mike Volkov to review the issues arising from the Trump Administration’s invasion of Venezuela. Matt Ellis joins Tom Fox to look at what all this means for companies looking to do business in Venezuela.
They discuss the complex landscape of doing business in Venezuela, focusing on the rampant corruption, security challenges, and the implications of U.S. sanctions. They explore the risks associated with engaging with the national oil company, PdVSA, and the broader implications for U.S. companies considering re-entry into the Venezuelan market. The conversation also touches on Cuba’s role, international organizations, and the potential for infrastructure rebuilding in Venezuela, emphasizing the need for long-term strategies and careful risk management.
Key highlights:
Resources:
Matt Ellis on LinkedIn
Tom Fox
Now that I have your attention with this clickbait title, I want to explore today what the Venezuelan imbroglio may mean for compliance professionals and energy companies who are looking at either entering the Venezuelan market or, in many cases, re-entering it after the not invasion (since it was not a military action authorized by Congress); not a police action (that the Korean War takes the moniker); but the capture of President Maduro and his wife to purloin Venezuela’s oil. As noted by New York Times (NYT) columnist Thomas Friedman today, “It is now clear that Trump’s priority in capturing President Nicolás Maduro of Venezuela was not to make that country safe for the restoration of democracy but to make it safe for the restoration of American oil companies’ dominance over Venezuelan oil extraction.”
But there are multiple obstacles to the US getting to and removing Venezuelan oil. As the Wall Street Journal (WSJ) noted, “But getting foreign companies to flock back to Venezuela will be a massive challenge. Chevron is the only major U.S. oil company and the country’s largest foreign investor. Other oil executives will be forced to gauge the stability on the ground in a country where the industry has fallen into disarray after more than two decades of mismanagement and corruption.” Economically, it may make little to no sense.
Corruption and PDVSA
But from the compliance perspective, there is the issue of corruption. As I wrote back in 2017, “Of all the stench from corruption, not much is more odious than that from the Venezuelan state oil company Petróleos de Venezuela SA (PDVSA). Whether it is shaking down contractors for Rolex watches to schedule a meeting, requiring a bribe to get payments on outstanding invoices, or simply good old-fashioned cash to get on a bid list, PDVSA is perceived to be one of the most institutionally corrupt energy companies around.”
How President Trump plans to get the Venezuelan oil out of the country is not known at this point. But unless he orders US energy companies to put boots on the ground to rebuild PdVSA’s decrepit infrastructure, those same companies will have to deal with the same corrupt PdVSA officials.
In the context of Venezuela’s reopening to Western energy investment, President Trump’s decision to pause enforcement of the Foreign Corrupt Practices Act (FCPA) reflected a broader strategic pivot toward what his administration calls economic competitiveness and national security. His Executive Order issued in early 2025 directed the Department of Justice (DOJ) to halt new FCPA investigations for at least 180 days while it reviewed enforcement priorities on the premise that strict anti-bribery enforcement, as it has traditionally been applied, “impedes U.S. foreign policy objectives” and disadvantages American companies relative to global competitors. The policy rationale was that, in markets perceived as corrupt or opaque, rigorous FCPA enforcement has historically dissuaded US firms from competing effectively, particularly against foreign rivals who do not face the same legal constraints. This argument, which resonated with a strand of populist economic nationalism, frames FCPA enforcement as a barrier to energy companies securing strategic resources, such as Venezuelan oil, rather than as a purely ethical safeguard.
From a compliance professional’s lens, this recalibration had two implications. On one hand, it might reduce the immediacy of DOJ scrutiny for conduct in jurisdictions like Venezuela, where corruption risk is endemic. On the other hand, the suspension does not abolish the law; FCPA remains on the books, and enforcement priorities can flip with the political winds or through congressional action. Moreover, the suspension could embolden local partners or intermediaries to push for irregular payments under the assumption that US enforcement is weak, creating significant red-flag risks for energy companies seeking to operationalize robust controls aligned with the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) standards. Even under a relaxed enforcement regime, a strong compliance program grounded in the ECCP’s emphasis on risk-based design, continuous monitoring, and senior-management accountability remains a critical commercial and legal hedge.
Compliance Going Forward
One of the most important takeaways for compliance professionals confronting Venezuela is the necessary shift from reflexive risk avoidance to disciplined risk management. Mike DeBernardis told me that the modern compliance mandate “is no longer to say ‘no’ when risk is high; it is to say ‘yes, if’ the risk can be identified, structured, and controlled.” This is not a philosophical shift. It is explicitly embedded in the ECCP, which does not reward companies for avoiding difficult markets but instead evaluates how effectively they manage risk in precisely those environments.
In the Venezuelan energy context, this means compliance must be deeply embedded in the business strategy from the outset. Compliance professionals must fully understand the proposed energy project, including its commercial objectives, operational footprint, and timelines. They must map every anticipated interaction with the Venezuelan state, particularly with state-owned enterprises, regulators, customs authorities, and security services.
From there, compliance professionals must identify where corruption pressure is most likely to arise, not in theory but in practice, based on how the business will actually operate. Only then can bespoke controls be designed to address those specific risks. The ECCP repeatedly emphasizes that effective compliance programs are well-designed, adequately resourced, and genuinely empowered. This is where compliance earns its seat at the strategy table. If compliance is engaged only after contracts are signed and capital committed, its ability to influence outcomes is sharply diminished, and the program is far more likely to fail under real-world pressure.
If initial program design is the foundation, continuous monitoring is the load-bearing structure. Energy operations in Venezuela will not tolerate static compliance approaches built around annual certifications or periodic check-the-box reviews. The ECCP explicitly asks whether companies test the effectiveness of their controls and whether they respond promptly and meaningfully to issues as they arise. In a high-risk jurisdiction like Venezuela, corruption risk will evolve rapidly as political conditions, counterparties, and regulatory expectations shift. Compliance programs must therefore be dynamic.
This requires live monitoring of payments, invoices, and reimbursements, particularly those involving third parties and state-linked entities. It requires regular compliance check-ins with project teams operating on the ground and under real-time pressure. It also requires targeted audits that focus narrowly on high-risk transactions rather than broad, generic reviews that miss the point. When red flags appear, swift remediation is essential, including the authority to pause transactions or relationships when necessary. Friction with the business is inevitable in this environment. Under the ECCP, however, that friction is not evidence of failure. It is evidence of independence, effectiveness, and seriousness of purpose.
For energy companies, Venezuela may well be worth the risk. The size of the opportunity, particularly in hydrocarbons, may make disengagement an increasingly unrealistic option. For compliance professionals, however, the mandate is clear and unforgiving. Programs must be designed with the assumption that pressure will occur, that shortcuts will be suggested, and that local counterparts may view compliance as negotiable.
Effective programs anticipate misconduct rather than react to it, and they are built to withstand scrutiny not only from local stakeholders but also from US enforcement authorities looking back months or years later. This requires compliance professionals to think and act as strategic risk managers, not policy custodians. They must insist on visibility into business decisions, demand resources commensurate with risk, and maintain the authority to intervene when necessary.
In the Venezuelan context, success will not be defined by the absence of issues but by how quickly and credibly the organization detects and addresses them. That approach is not merely about satisfying regulatory expectations. It is about protecting the company’s people, assets, and reputation in one of the most challenging operating environments in the world. That is not just compliance. That is strategic risk management at its purest and most demanding.
The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss key issues Matt is following in 2026.
They look into anticipated FCPA enforcement actions against Chinese telecom giant ZTE and the controversial indictment of SmartMatic, raising concerns about possible politicization of compliance enforcement. The conversation also covers the potential impact on whistleblower cases if key Qui Tam lawsuits under the False Claims Act are invalidated, as well as the ongoing federal-state conflict over AI regulations. Additionally, they touch on the financial complexities and risks associated with AI funding deals, drawing parallels to past financial crises. Compliance officers are advised to prepare for an uncertain and challenging regulatory landscape in the year ahead.
Key highlights:
Resources:
Matt in Radical Compliance
Tom
A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.
Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, on Day 6, we delve into the DOJ’s Mergers and Acquisitions (M&A) Safe Harbor Policy.
Key highlights:
Resources:
Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.
Mike and Brent welcome author and compliance professional Severin Wirz to the pod to discuss his first book, Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act. They discuss with Severin his inspiration for writing the book (02:44), the book’s focus on the people and personalities involved in the events between 1975 and the 1977 passage of the FCPA (05:50), the political and geopolitical scandals that kept up the momentum for a law banning overseas bribery (06:59), what his research uncovered beyond the traditional FCPA origin story (10:49), the relevance of the Cold War to the FCPA’s passage—specifically how corruption by capitalists fed into Communist propaganda (12:39), how the political “sausage” was made (16:33), stories of personal courage and risk-taking that made the FCPA possible (18:27), the use of the phrase “post-Watergate morality” as a critique of the FCPA and other reform efforts (21:48), how anti-corruption laws actually help American companies competing for business overseas (29:21), where the FCPA stands today (31:17), and how corruption is a social construct that, to paraphrase former federal appellate judge and author himself John Noonan, to exist as a legal concept must first exist in the minds of everyday people (35:40).
Mike and Brent then conclude with another installment of Brent Carlson’s “Managing Up” (38:14).
Resources:
Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act—
Learn more at Corporate Compliance Insights
Brent’s email: brent@redflagsrising.com
Mike’s email: michael.huneke@morganlewis.com
Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom welcomes, Daniel Zmak, Senior Director of Product Marketing at Diligent to discuss the evolving landscape of compliance.
They explore the importance of modernizing compliance practices, addressing challenges like fragmentation and fatigue, and leveraging AI and technology to enhance efficiency. Key topics include the compliance maturity journey, connected compliance, and strategies for improving governance and oversight. With actionable insights and practical advice, this session aims to guide compliance professionals through the dynamic changes in the field.
Highlights Include
Resources
Daniel Zmak on LinkedIn
Diligent Website
Tom Fox
