Tag: FCPA

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 70 – The Ethics Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Stories this week include:

Resources:

Kristy Grant-Hart on LinkedIn

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

From Enforcement-Driven to Purpose-Driven Compliance

For more than two decades, corporate compliance programs have been built around one central organizing principle: enforcement. Where regulators go, compliance resources follow. When the Department of Justice prioritizes anticorruption, companies invest in FCPA controls. When regulators turn to privacy, cybersecurity, or AML, compliance budgets pivot accordingly. This enforcement-driven approach has shaped the modern compliance profession.

Yet, as Veronica Root Martinez persuasively argues in her recent working paper, Purpose-Driven Compliance, this dominant model may be fundamentally flawed, certainly in the era of Trump.  Despite unprecedented investments in compliance infrastructure, corporate misconduct persists. Repeat offenders remain common. Penalties grew larger, but behavior did not meaningfully improve. For compliance professionals, this raises an uncomfortable question: are we optimizing for the wrong objective?

Martinez’s answer is both challenging and clarifying. Compliance programs should not be primarily designed to satisfy enforcement authorities or to maximize mitigation credit after failure. Instead, they should be anchored in the organization’s own purpose, business risks, and ethical standards. In short, it is time to move from enforcement-driven compliance to purpose-driven compliance.

The Limits of Enforcement-Driven Compliance

The enforcement-driven model rests on two assumptions. First, that enforcement priorities reflect a company’s most significant risks. Second, that imperfect compliance is inevitable and acceptable so long as the organization can demonstrate good-faith efforts. Martinez brings both under scrutiny.

Regulatory priorities often lag behind real business risks. Enforcement agencies focus on certain categories of misconduct because they are visible, politically salient, or historically entrenched. But the risks that most threaten an organization’s mission may lie elsewhere. Martinez highlights how firms can become over-invested in compliance areas that attract enforcement attention while under-investing in mission-critical risks to their operations.

The second assumption, that some level of misconduct is acceptable, is even more troubling. Behavioral ethics research suggests that tolerating small violations creates conditions for larger ones. When leaders frame misconduct as statistically insignificant or “within expectations,” they risk normalizing behavior that undermines culture, trust, and ultimately performance. Wells Fargo’s infamous “1% problem” illustrates this danger. Senior leadership took comfort in the idea that only a small fraction of employees were engaging in misconduct, failing to appreciate that those numbers reflected only the misconduct that had been detected.

An enforcement-driven mindset encourages this type of thinking. If the organization is sanctioned, then low detection rates look like success. But if the question is whether the organization is living up to its own purpose and values, the same data tell a very different story. This is not the broken windows theory of enforcement, but something else.

The Cost of Treating Compliance as a Cost of Doing Business

Another weakness of enforcement-driven compliance is that it can turn sanctions into a predictable line item. As firms grow larger and penalties are discounted through cooperation credit, fines risk being internalized as a cost of doing business. Empirical work cited by Martinez suggests that large, repeat offenders often pay penalties that are small relative to their assets and revenues. In that environment, enforcement loses much of its deterrent effect.

For compliance professionals, this dynamic creates a structural tension. Programs may be technically “effective” under DOJ guidance while still failing to prevent misconduct that harms customers, employees, and communities. The distinction between standards of review and standards of conduct becomes critical. Meeting the government’s expectations for leniency is not the same as meeting the organization’s ethical obligations to itself and its stakeholders.

What Is Purpose-Driven Compliance?

Purpose-driven compliance begins with a simple but powerful shift in perspective. Instead of asking, “What does the regulator expect?” the organization asks, “What risks threaten our ability to achieve our purpose and what standards of conduct are required to address them?” Martinez defines purpose-driven compliance as programs directed by three elements: the firm’s purpose, the inherent risks associated with pursuing that purpose, and the ethical standards the organization sets for itself. This approach does not reject enforcement frameworks; rather, it treats them as a floor, not a ceiling.

In practical terms, purpose-driven compliance requires leadership to articulate why the organization exists and how misconduct undermines that mission. For a bank, this may mean focusing on customer trust and market integrity. For a pharmaceutical company, it may mean prioritizing patient safety and scientific integrity. For a university, it may mean safeguarding academic freedom and institutional trust. For a summer camp, it means protecting the campers from flash floods and other storms.

Once the purpose is clearly defined, compliance risk assessments become more meaningful. Risks are evaluated not only by enforcement exposure but by their potential to compromise the organization’s core objectives. This reframing helps compliance leaders resist the temptation to chase regulatory trends at the expense of mission-critical risks.

Moving Beyond Mitigation to Aspirational Standards

A key insight in Martinez’s work is that firms often confuse mitigation with excellence. Compliance programs are designed to minimize penalties rather than to maximize ethical performance. Purpose-driven compliance challenges that mindset by encouraging organizations to adopt high, ethical, and aspirational standards of conduct.

This does not mean pursuing perfection through draconian controls or internal criminalization. Martinez rightly warns against overdeterrence and strict liability regimes that incentivize concealment rather than transparency. Instead, purpose-driven compliance emphasizes ethical framing, employee voice, and organizational learning. Compliance should never be Dr. No, sitting in the Department of Business Non-Development.

The examples of Wells Fargo and Novartis are instructive. Both organizations suffered repeated compliance failures under enforcement-driven regimes. Their subsequent reforms went beyond addressing the specific violations that triggered enforcement. They re-examined culture, leadership incentives, and ethical expectations. In Novartis’s case, tying bonuses to ethical performance and co-creating a new code of ethics signaled a shift from box-checking to values anchored in purpose.

Why Purpose-Driven Compliance Matters for the Modern CCO

For today’s chief compliance officer, Martinez believes purpose-driven compliance offers three critical benefits.

First, it creates durability. Enforcement priorities shift with administrations. Indeed, this Administration has signaled a cutback in white-collar enforcement by offering essentially get-out-of-jail-free cards to companies that self-disclose early. This underscores the importance of compliance programs. A compliance program anchored solely in regulatory expectations will always be reactive. Purpose-driven programs are more stable because they are tied to the organization’s identity rather than external politics.

Second, it improves the quality of compliance metrics. Measuring effectiveness against internal standards allows organizations to ask harder questions about culture, decision-making, and root causes. Not every initiative will succeed, but a willingness to acknowledge failure is itself a sign of program maturity.

Third, it enhances credibility with boards and senior leadership. When compliance is framed as a strategic partner in achieving the organization’s mission, rather than as a defensive function, it earns a more meaningful seat at the table.

Conclusion

Compliance has never been more sophisticated, expensive, or visible. Yet sophistication alone does not guarantee effectiveness. Martinez’s Purpose-Driven Compliance challenges compliance professionals to rethink the foundations of their programs. Enforcement-driven compliance has taken us far, but it cannot take us far enough.

The next evolution of compliance requires organizations to define their own standards of conduct, grounded in purpose, risk, and ethics. That shift is not easy. It requires courage from compliance leaders and commitment from boards and executives. But if compliance is truly about preventing harm and sustaining trust, purpose-driven compliance is not optional. It is essential.

Categories
Daily Compliance News

Daily Compliance News: February 9, 2026, The Is Netflix a Monopoly Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Knock off obesity pill pulled from market. (NYT)
  • Former Norwegian Prime Minister under investigation over corruption from Epstein files. (Politico)
  • Jay Clayton promises a bigger get out of jail free card. (Reuters)
  • DOJ to investigate if Netflix is a monopoly. (WSJ)
Categories
Innovation in Compliance

Innovation in Compliance – Insights on FCPA and Anti-Corruption Enforcement Trends with Anik Shah

Innovation touches every part of the modern enterprise, and compliance professionals must be prepared not only to respond to change but to lead through it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators on the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Anik Shah, Global Director of Anti-Bribery and Anti-Corruption Compliance at Sandisk, for an insightful discussion on the pivotal shifts in FCPA enforcement during 2025 and what they signal for 2026.

Shah outlines his extensive professional background, including his prior roles at the SEC and DOJ. The conversation explores key developments from 2025, including the Executive Order pausing certain FCPA investigations, the Blanche Memo’s four criteria for opening FCPA cases, and the implications of revisions to the Corporate Enforcement Policy. He also analyzes the Communications Cellular enforcement action to highlight practical compliance lessons, focusing on strengthening AML controls, managing third-party risk, and deploying proactive compliance measures amid renewed anti-corruption scrutiny.

The episode concludes with a forward-looking discussion of emerging anti-corruption risks associated with advanced AI technologies, large AI construction projects, and related permitting activities, both in the United States and globally. Shah offers strategic recommendations for compliance professionals seeking to anticipate and manage these evolving risks.

Key highlights:

• 2025 as a Pivotal Year in FCPA Enforcement

• The Blanche Memo and Corporate Enforcement Policy Revisions

• Anti-Money Laundering and Third-Party Risk Management

• Large AI Construction Projects and Permitting Risks

• Global Anti-Corruption Laws and Compliance

• Key Takeaways for 2026

Resources:

Anik Shah on LinkedIn 

Sandisk

Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Blog

Is there a FEPA Future in Venezuela?

For U.S. compliance professionals, few jurisdictions raise as many red flags as Venezuela. Decades of entrenched corruption, state capture of key industries, economic collapse, weak rule of law, and the legacy of PdVSA have made the country a case study in what happens when corruption becomes systemic rather than episodic. Now that geopolitical and energy realities are shifting, some U.S. companies are again evaluating whether and how to reenter the Venezuelan market.

Against that backdrop, the passage of the Foreign Extortion Prevention Act (FEPA) represents one of the most significant developments in anti-corruption enforcement in nearly half a century. The question compliance officers are now asking is a practical one: can FEPA actually be used to prevent bribery and corruption for U.S. companies returning to Venezuela, or is it merely a symbolic addition to an already strained enforcement framework?

The answer, as with most compliance questions, is nuanced. FEPA is not a silver bullet. But when properly understood and operationalized, it can meaningfully change the risk calculus for companies operating in high-extortion environments like Venezuela.

The Historic Gap in the FCPA

For decades, the compliance community has lived with a fundamental asymmetry in U.S. anti-corruption law. The Foreign Corrupt Practices Act is a supply-side statute. It criminalizes the offering or payment of bribes by U.S. companies and individuals, but it does not criminalize the demand for those bribes by foreign officials. This gap has long distorted incentives on the ground.

In jurisdictions such as Venezuela, bribery is rarely framed as a voluntary transaction. It is far more often presented as a demand, a condition of doing business, or even a threat, as in the case of extortion. Officials do not ask politely. They delay permits, block shipments, threaten arrests, or endanger employee safety. Until FEPA, U.S. law largely treated this as background noise rather than a prosecutable offense.

FEPA directly addresses that gap by criminalizing the solicitation or acceptance of bribes by foreign officials from U.S. persons or companies. In doing so, it finally targets the demand side of corruption and aligns U.S. law more closely with how bribery actually operates in high-risk countries.

Why Venezuela Is the Ultimate Test Case

If FEPA can work anywhere, it should work in Venezuela. The country’s corruption ecosystem is characterized by pervasive extortion across customs, energy, transportation, security, immigration, and tax authorities. Payments are often demanded not to gain an advantage but to avoid harm. This distinction matters. In Venezuela, the compliance challenge is not simply rogue employees paying bribes. It is employees facing credible threats to liberty, safety, or health. FEPA explicitly recognizes this reality by treating extortion by a foreign official as a criminal act rather than merely a compliance failure by the company.

That framing gives compliance officers something they have long lacked: a legal backbone to support a firm refusal posture. Companies can now say, with credibility, that the demand itself is illegal under U.S. law and subject to DOJ enforcement, even if the official is located abroad.

Extortion, Facilitation, and the Compliance Trap

One of the most dangerous compliance traps in Venezuela has always been the mislabeling of extortion payments. Under the FCPA, facilitation payments occupy a narrow and controversial exception. Extortion payments, however, were never facilitation payments. They were survival payments. FEPA eliminates any lingering ambiguity. Extortion payments involving threats to life, liberty, or health are now clearly illegal, not merely discouraged. This forces compliance programs to confront uncomfortable operational realities.

Policies must explicitly distinguish facilitation from extortion. Employees must be trained that the company will support them if they are threatened, but that any such payment must be immediately documented, accurately recorded, and escalated. Book and record accuracy becomes critical. Mischaracterizing extortion as a routine expense is now a standalone risk under FEPA, not merely an FCPA accounting issue.

FEPA as a Deterrent Tool, Not Just an Enforcement Tool

One of the most overlooked aspects of FEPA is its potential deterrent effect. The statute introduces the possibility of DOJ investigations targeting foreign officials, including public naming and reporting requirements. For officials who interact with U.S. companies, this creates reputational and diplomatic risk that did not previously exist. In Venezuela, where many officials rely on international travel, financial access, and political legitimacy, even the threat of U.S. scrutiny can matter. FEPA does not require immediate extradition to have an impact. The mere existence of a credible enforcement pathway can alter behavior at the margins.

For compliance officers, this means FEPA can be used proactively. Risk assessments should explicitly incorporate FEPA exposure. Third-party due diligence should assess patterns of extortion, not just a history of bribery. Contractual language should reference the reporting obligations for extortion. Training should include scenario-based exercises where employees practice refusing demands and escalating threats.

The Limits of FEPA in Venezuela

None of this should be overstated. FEPA will not cleanse Venezuela of corruption. Extradition of Venezuelan officials is unlikely. Local enforcement cooperation will be minimal. Many officials operate with de facto immunity. But compliance effectiveness has never depended on perfect enforcement. It depends on shifting incentives, setting expectations, and protecting employees. FEPA strengthens all three. From a DOJ perspective, FEPA also changes cooperation dynamics. Companies that proactively document extortion demands, preserve evidence, and report credible threats may be viewed very differently from companies that quietly pay and rationalize. In a Venezuela reentry scenario, that distinction could be outcome-determinative.

What Compliance Officers Should Do Now

For companies considering Venezuela, FEPA must be embedded into program design from day one. This includes updating anti-corruption policies, revising travel and security protocols, enhancing incident reporting mechanisms, and briefing boards on the new enforcement landscape. Most importantly, compliance officers must be realistic. FEPA does not eliminate the need for robust internal controls. It heightens the consequences of getting them wrong. Venezuela will remain a high-risk jurisdiction regardless of statutory innovation.

Five Key Takeaways for the Compliance Professional

1. FEPA Changes the Risk Conversation, Not Just the Law

FEPA fundamentally alters how compliance officers should frame corruption risk in high-extortion jurisdictions like Venezuela. It is no longer only about preventing improper employee payments. It is now about recognizing, documenting, and escalating illegal demands by foreign officials. This allows compliance to move from a defensive posture to a principled refusal backed by U.S. law.

2. Extortion Must Be Explicitly Addressed in Policies and Training

Companies can no longer afford vague language that blurs the distinction between facilitation payments and extortion. Compliance programs must clearly define extortion as illegal, explain how it differs from facilitation payments, and provide step-by-step guidance for employees facing threats to health, safety, or liberty. Scenario-based training is no longer optional in Venezuela risk operations.

3. Books and Records Exposure Has Increased Under FEPA

Accurate documentation is now a frontline compliance control. Any payment made under duress must be recorded precisely and transparently. Mischaracterizing extortion payments as routine expenses or facilitation payments creates a separate and serious compliance failure. Accounting controls, escalation protocols, and audit reviews must be aligned accordingly.

4. FEPA Should Be Embedded in Risk Assessments and Third-Party Due Diligence

Venezuela reentry assessments should explicitly evaluate extortion risk, not merely bribery history. Third parties, customs brokers, security providers, and logistics partners are often the point of pressure. FEPA requires compliance officers to assess whether business partners operate in ways that expose the company to extortion demands and reporting failures.

5. FEPA Strengthens Compliance’s Role as a Strategic Advisor

FEPA gives compliance professionals a credible legal framework to advise management and the board on when and how business can be conducted safely. It reinforces the message that walking away from certain transactions is not risk aversion but risk management. In Venezuela, FEPA can help compliance professionals draw clearer red lines and protect both the company and its people.

The Bottom Line

So, could FEPA be used to prevent bribery and corruption for U.S. companies returning to Venezuela? Not entirely. But it can materially reduce risk, empower employees, and change how companies engage with corrupt systems. For the first time, U.S. law squarely acknowledges what compliance professionals have always known: bribery often begins with a demand. By criminalizing that demand, FEPA gives companies a stronger legal and ethical foundation to say no.

In a country like Venezuela, that may be the most important compliance tool of all.

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – The Corruption is Free Speech Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Stories This Week Include:

  • FirstEnergy defendants in Ohio say corruption is simply ‘free speech’. (Ohio Capitol Journal)
  • British national sentenced to 6 years in jail over Wirecard fraud. (FT)
  • Corruption led to the Hong Kong fire disaster. (Bloomberg)
  • Translations as a compliance issue. (BBN Times)
  • Will Trump suspend the FCPA in Venezuela? (FCPA Compliance and Ethics Report)
  • X Faces U.K. Probe Over Grok’s Sexualized Images (WSJ)
  • Six Compliance Events to Watch in 2026 (Radical Compliance)
  • Why Are Your Policies Yelling at Me? It’s Time to Rethink Tone in Rules (CCI)
  • 10 must-know workforce trends for 2026 (Dayforce)
  • Florida man arrested after trying to flee deputies on riding lawn mower (NBC News)

Connect with the Hosts:

Resources:

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report: Going into Venezuela, Navigating the Corruption Risks, a Conversation with Matt Ellis

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. We take a short break from our 2-part series with Mike Volkov to review the issues arising from the Trump Administration’s invasion of Venezuela. Matt Ellis joins Tom Fox to look at what all this means for companies looking to do business in Venezuela.

They discuss the complex landscape of doing business in Venezuela, focusing on the rampant corruption, security challenges, and the implications of U.S. sanctions. They explore the risks associated with engaging with the national oil company, PdVSA, and the broader implications for U.S. companies considering re-entry into the Venezuelan market. The conversation also touches on Cuba’s role, international organizations, and the potential for infrastructure rebuilding in Venezuela, emphasizing the need for long-term strategies and careful risk management.

Key highlights:

  • Navigating Corruption and Security Risks in Business
  • Banking and Money Laundering Concerns
  • Cuba’s Role and Sanctions Implications
  • International Organizations and Corruption Regulations
  • Infrastructure Rebuilding in Venezuela
  • Long-term Strategies for Companies

Resources:

Matt Ellis on LinkedIn

Miller & Chevalier LLC

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Will Trump Suspend FCPA Enforcement in Venezuela?

Now that I have your attention with this clickbait title, I want to explore today what the Venezuelan imbroglio may mean for compliance professionals and energy companies who are looking at either entering the Venezuelan market or, in many cases, re-entering it after the not invasion (since it was not a military action authorized by Congress); not a police action (that the Korean War takes the moniker); but the capture of President Maduro and his wife to purloin Venezuela’s oil. As noted by New York Times (NYT) columnist Thomas Friedman today, “It is now clear that Trump’s priority in capturing President Nicolás Maduro of Venezuela was not to make that country safe for the restoration of democracy but to make it safe for the restoration of American oil companies’ dominance over Venezuelan oil extraction.”

But there are multiple obstacles to the US getting to and removing Venezuelan oil. As the Wall Street Journal (WSJ) noted, “But getting foreign companies to flock back to Venezuela will be a massive challenge. Chevron is the only major U.S. oil company and the country’s largest foreign investor. Other oil executives will be forced to gauge the stability on the ground in a country where the industry has fallen into disarray after more than two decades of mismanagement and corruption.” Economically, it may make little to no sense.

Corruption and PDVSA

But from the compliance perspective, there is the issue of corruption. As I wrote back in 2017, “Of all the stench from corruption, not much is more odious than that from the Venezuelan state oil company Petróleos de Venezuela SA (PDVSA). Whether it is shaking down contractors for Rolex watches to schedule a meeting, requiring a bribe to get payments on outstanding invoices, or simply good old-fashioned cash to get on a bid list, PDVSA is perceived to be one of the most institutionally corrupt energy companies around.”

How President Trump plans to get the Venezuelan oil out of the country is not known at this point. But unless he orders US energy companies to put boots on the ground to rebuild PdVSA’s decrepit infrastructure, those same companies will have to deal with the same corrupt PdVSA officials.

In the context of Venezuela’s reopening to Western energy investment, President Trump’s decision to pause enforcement of the Foreign Corrupt Practices Act (FCPA) reflected a broader strategic pivot toward what his administration calls economic competitiveness and national security. His Executive Order issued in early 2025 directed the Department of Justice (DOJ) to halt new FCPA investigations for at least 180 days while it reviewed enforcement priorities on the premise that strict anti-bribery enforcement, as it has traditionally been applied, “impedes U.S. foreign policy objectives” and disadvantages American companies relative to global competitors. The policy rationale was that, in markets perceived as corrupt or opaque, rigorous FCPA enforcement has historically dissuaded US firms from competing effectively, particularly against foreign rivals who do not face the same legal constraints. This argument, which resonated with a strand of populist economic nationalism, frames FCPA enforcement as a barrier to energy companies securing strategic resources, such as Venezuelan oil, rather than as a purely ethical safeguard.

From a compliance professional’s lens, this recalibration had two implications. On one hand, it might reduce the immediacy of DOJ scrutiny for conduct in jurisdictions like Venezuela, where corruption risk is endemic. On the other hand, the suspension does not abolish the law; FCPA remains on the books, and enforcement priorities can flip with the political winds or through congressional action. Moreover, the suspension could embolden local partners or intermediaries to push for irregular payments under the assumption that US enforcement is weak, creating significant red-flag risks for energy companies seeking to operationalize robust controls aligned with the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) standards. Even under a relaxed enforcement regime, a strong compliance program grounded in the ECCP’s emphasis on risk-based design, continuous monitoring, and senior-management accountability remains a critical commercial and legal hedge.

Compliance Going Forward

One of the most important takeaways for compliance professionals confronting Venezuela is the necessary shift from reflexive risk avoidance to disciplined risk management. Mike DeBernardis told me that the modern compliance mandate “is no longer to say ‘no’ when risk is high; it is to say ‘yes, if’ the risk can be identified, structured, and controlled.” This is not a philosophical shift. It is explicitly embedded in the ECCP, which does not reward companies for avoiding difficult markets but instead evaluates how effectively they manage risk in precisely those environments.

In the Venezuelan energy context, this means compliance must be deeply embedded in the business strategy from the outset. Compliance professionals must fully understand the proposed energy project, including its commercial objectives, operational footprint, and timelines. They must map every anticipated interaction with the Venezuelan state, particularly with state-owned enterprises, regulators, customs authorities, and security services.

From there, compliance professionals must identify where corruption pressure is most likely to arise, not in theory but in practice, based on how the business will actually operate. Only then can bespoke controls be designed to address those specific risks. The ECCP repeatedly emphasizes that effective compliance programs are well-designed, adequately resourced, and genuinely empowered. This is where compliance earns its seat at the strategy table. If compliance is engaged only after contracts are signed and capital committed, its ability to influence outcomes is sharply diminished, and the program is far more likely to fail under real-world pressure.

If initial program design is the foundation, continuous monitoring is the load-bearing structure. Energy operations in Venezuela will not tolerate static compliance approaches built around annual certifications or periodic check-the-box reviews. The ECCP explicitly asks whether companies test the effectiveness of their controls and whether they respond promptly and meaningfully to issues as they arise. In a high-risk jurisdiction like Venezuela, corruption risk will evolve rapidly as political conditions, counterparties, and regulatory expectations shift. Compliance programs must therefore be dynamic.

This requires live monitoring of payments, invoices, and reimbursements, particularly those involving third parties and state-linked entities. It requires regular compliance check-ins with project teams operating on the ground and under real-time pressure. It also requires targeted audits that focus narrowly on high-risk transactions rather than broad, generic reviews that miss the point. When red flags appear, swift remediation is essential, including the authority to pause transactions or relationships when necessary. Friction with the business is inevitable in this environment. Under the ECCP, however, that friction is not evidence of failure. It is evidence of independence, effectiveness, and seriousness of purpose.

For energy companies, Venezuela may well be worth the risk. The size of the opportunity, particularly in hydrocarbons, may make disengagement an increasingly unrealistic option. For compliance professionals, however, the mandate is clear and unforgiving. Programs must be designed with the assumption that pressure will occur, that shortcuts will be suggested, and that local counterparts may view compliance as negotiable.

Effective programs anticipate misconduct rather than react to it, and they are built to withstand scrutiny not only from local stakeholders but also from US enforcement authorities looking back months or years later. This requires compliance professionals to think and act as strategic risk managers, not policy custodians. They must insist on visibility into business decisions, demand resources commensurate with risk, and maintain the authority to intervene when necessary.

In the Venezuelan context, success will not be defined by the absence of issues but by how quickly and credibly the organization detects and addresses them. That approach is not merely about satisfying regulatory expectations. It is about protecting the company’s people, assets, and reputation in one of the most challenging operating environments in the world. That is not just compliance. That is strategic risk management at its purest and most demanding.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Matt’s Key Compliance Issues and Trends to Watch in 2026

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore it more fully. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss key issues Matt is following in 2026.

They look into anticipated FCPA enforcement actions against Chinese telecom giant ZTE and the controversial indictment of SmartMatic, raising concerns about possible politicization of compliance enforcement. The conversation also covers the potential impact on whistleblower cases if key Qui Tam lawsuits under the False Claims Act are invalidated, as well as the ongoing federal-state conflict over AI regulations. Additionally, they touch on the financial complexities and risks associated with AI funding deals, drawing parallels to past financial crises. Compliance officers are advised to prepare for an uncertain and challenging regulatory landscape in the year ahead.

Key highlights:

  • FCPA Enforcement in 2026
  • The Future of Qui Tam Lawsuits
  • Federal Preemption of State AI Laws
  • AI Accounting and Financial Risks

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred a Davey, a Communicator Award, and a W3 Award, all for podcast excellence.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 6 – The M&A Safe Harbor Policy

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. Today, on Day 6, we delve into the DOJ’s Mergers and Acquisitions (M&A) Safe Harbor Policy.

Key highlights:

  • DOJ Mergers and Acquisitions Safe Harbor Policy
  • Key Requirements and Deadlines
  • Historical Context and Clarifications

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.