Categories
Blog

Returning to Venezuela: Part 1 – Bribery, Corruption and the Risks You Must Confront Before You Enter

When US energy companies talk about returning to Venezuela, the conversation almost always starts with opportunity. Yet the CEO of Exxon has said Venezuela is ‘uninvestible’. There is another set of problems that every corporate compliance team will face if their company decides to enter the Brazilian market. For the compliance professional, it must start with corruption. Not episodic corruption. Not bad actors at the margins. Systemic, embedded, institutionalized corruption that touches government agencies, state-owned enterprises, procurement systems, and the judiciary. This is not a theoretical risk. It is the operating environment.

The Department of Justice (DOJ) has made clear in the Evaluation of Corporate Compliance Programs (ECCP) that high-risk jurisdictions require tailored, well-resourced, and empowered compliance programs. Venezuela is the textbook example of why. Over the next several blog posts, we will explore key issues every company and CCO will face when considering whether to enter (or re-enter) Venezuela. In Parts 1 and 2, I will consider the top 10 anti-bribery/anti-corruption (ABC) risks a compliance professional will face. (Part 1, risks 1-5; Part 2, risks 6-10). We will then consider AML risk, export control and trade sanctions, security risks, and end with operational risks.

1. Systemic Corruption Is the Baseline Condition

Risk

Venezuela is not a market where corruption appears as an exception. It is the default condition against which all business activity must be measured. For compliance professionals, this means risk assessments cannot ask whether corruption exists. They must assume it does and ask where pressure will arise. Licensing, customs, inspections, labor issues, utilities, and currency all present opportunities for improper advantage. Boards must understand this upfront. Entering Venezuela without acknowledging systemic corruption is not optimism. It is a governance failure.

Compliance Framework Response

Before addressing individual risks, the compliance function must establish baseline principles governing how risk is assessed and managed in Venezuela.

  1. Assume corruption pressure exists. The risk assessment does not ask if corruption will arise, but where and how.
  2. Controls must be operational, not theoretical. Policies without authority, monitoring, and escalation are not controls.
  3. Risk ownership must be explicit. Every risk category has a business owner, a compliance owner, and a board oversight hook.
  4. Boards govern risk; they do not run operations. Oversight is mandatory. Tactical interference is prohibited.

2. PdVSA as a Prominent and Persistent Risk

Risk

Any discussion of bribery risk in Venezuela must begin with Petróleos de Venezuela S.A. (PdVSA), which has been at the center of some of the most significant corruption schemes in modern enforcement history, involving contracts, invoices, intermediaries, and payment routing. Indeed, 10 years ago, I wrote that it would cost a fortune to schedule and confirm a meeting. But companies make the mistake of treating PdVSA as a single risk node. In reality, it is a network risk. Joint ventures, service contracts, maintenance agreements, and procurement relationships all radiate outward, exposing the organization to corruption. If your counterparty touches PdVSA, you have inherited PdVSA risk.

Compliance Framework Response

The starting point is a Venezuela-specific bribery and corruption risk assessment, refreshed whenever business scope, counterparties, or operating conditions change.

This assessment must:

  • Map all government touchpoints.
  • Identify all third parties by function, not just by name;
  • Distinguish systemic risk from transactional risk; and
  • Flag PdVSA exposure explicitly.

Outputs are not static reports. They are control design inputs.

3. Joint Ventures and Service Contracts: Shared Risk, Shared Liability

Risk

Joint ventures are often framed as risk mitigation tools. In Venezuela, they frequently do the opposite. Local partners may be politically connected. Governance structures may be opaque. Control rights may be illusory. Compliance professionals must scrutinize who appoints management, who controls procurement, and who interacts with government officials. Under the ECCP, regulators ask whether compliance has authority commensurate with risk. In a Venezuelan JV, symbolic compliance oversight is not enough.

Compliance Framework Response

1. Assessment Controls

  • Government interaction mapping by function and frequency
  • Identification of pressure points where discretion exists
  • Historical analysis of delays, denials, or unexplained variability

2. Management Controls

  • Pre-approval requirements for all government-facing interactions
  • Clear prohibitions on facilitation payments
  • Mandatory escalation for any demand tied to speed, access, or discretion

Monitoring

  • Trend analysis of approvals and delays
  • Comparison of processing times across regions or projects

1. Board Oversight Questions

  • Where do we face the highest government discretion risk?
  • What interactions cannot proceed without a compliance sign-off?

4. Procurement as the First Corruption Flashpoint

Risk

Procurement is where corruption pressure materializes fastest. Vendors expect to be paid for access. Officials expect influence. Intermediaries promise to “make things happen.” This is even more true in Venezuela. This is where third parties begin to matter and where compliance must be in place before contracts are signed. Retrospective diligence does not cure a corrupted procurement process. Boards should demand visibility into how vendors are selected, not just who they are.

Compliance Framework Response

1. Assessment Controls

  • Explicit identification of direct and indirect PdVSA touchpoints
  • Mapping of PdVSA influence over pricing, approvals, and payments
  • Review of historical enforcement patterns tied to similar structures

2. Management Controls

  • Enhanced due diligence for any counterparty touching PdVSA
  • Compliance approval of all PdVSA-facing contract terms
  • Segregation of duties around invoicing and change orders

Monitoring

  • Continuous review of intermediaries interacting with PdVSA
  • Red flag monitoring for unusual invoice timing or routing
  1. Board Oversight Questions
  2. How are PdVSA’s risks different from those of other SOEs we engage with?
  3. What controls exist beyond standard third-party diligence?

5. The Illusion of “Routine” Government Interaction

Risk

Companies often underestimate corruption risk by labeling interactions as routine: inspections, permits, customs clearances, utilities, and labor approvals. And yes, the DOJ has said it will back off on enforcement of small payments, which may be traditionally made, but in Venezuela, routine functions are often monetized.  Compliance programs must draw hard lines early and firmly.

Compliance Framework Response

1. Assessment Controls

  • Governance and control-rights analysis
  • Identification of who appoints management and controls procurement
  • Mapping of partner government relationships

2. Management Controls

  • Contractual compliance rights with audit and termination authority
  • Compliance veto power over high-risk activities
  • Mandatory training for JV-appointed personnel

Monitoring

  • Periodic compliance audits of JV operations
  • Review of partner interactions with officials

1. Board Oversight Questions

  • Where do we lack real compliance leverage in our JVs?
  • Are control rights aligned with our risk exposure?

Join us tomorrow as we look at ABC risks 6-10, including third parties, extortion, organized crime, currency issues, and a weak rule of law.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 3 – Key Updates in the ECCP: Messaging Apps, Internal Controls, and Compensation

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s episode, Day 3, we delve into the significant updates in the evaluation of corporate compliance programs, focusing on messaging apps, internal controls, and adequate compensation.

Key highlights:

  • Messaging Apps and Compliance
  • Internal Controls and Risk Management
  • Adequate Compensation for Compliance Teams

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Navigating Uncertainty: Leading with Courage and Clarity with Jim Massey

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Jim Massey, who has recently released a new book, Risk in Action.

Jim Massey, an accomplished author and behaviorist practitioner, delves into the intricate dynamics of trust within leadership through his book “Risk in Action.” Drawing from his extensive experience in high-stakes boardrooms and executive sessions, Massey emphasizes the crucial role of trust as a foundation for effective action. He explores the interconnected nature of trust, risk, and fear, urging individuals to redefine risk as a prioritization tool that enables progress and bold decision-making. By addressing these themes, Massey aims to spark vital conversations and empower leaders to embrace uncertainty, ultimately encouraging them to take courageous actions that drive growth and innovation.

Key highlights:

  • Navigating Trust, Risk, and Fear in Leadership
  • Enhancing Business Outcomes through Proactive Risk Management
  • Cultivating Innovation Through Compliance Transformation
  • Embracing Fear for Innovative Growth
  • Dynamic Risk Assessment for Compliance Agility
  • Navigating Uncertainty: Leading with Courage and Clarity

Resources:

Risk in Action on Amazon

Jim Massey Website

Jim Massey on LinkedIn

Eastward.ai Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
SBR - Authors' Podcast

SBR-Authors Podcast: Risk is the Soundtrack of Life with Jim Massey

Welcome to the SBR-Authors Podcast! In this podcast series, Host Tom Fox visits with authors in the compliance arena and beyond. In this episode, Tom Fox welcomes back Jim Massey to discuss Jim’s latest book, ‘Risk in Action: A Leader’s Guide to Clarity.’

They take a deep dive into how the book builds on the themes outlined in ‘Trust in Action,’ focusing on the comprehensive approach to managing risk, trust, and fear. Jim shares insights on redefining risk not as a binary choice but as a polarity to be managed, offering actionable steps for business and compliance leaders. He also introduces his new AI-driven risk assessment tool, designed to provide real-time, actionable insights. Jim emphasizes the importance of embracing risk as an opportunity for innovation and shares his key leadership lessons for navigating the ever-changing business landscape.

Key highlights:

  • The Genesis of ‘Risk in Action’
  • Understanding Risk and Its Importance
  • The Role of Fear in Risk Management
  • Innovative Risk Management Strategies
  • Leadership and Risk
  • The Future of Risk Assessments

Resources:

Risk in Action on Amazon

Jim Massey Website

Jim Massey on LinkedIn

Eastward.ai Website

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
ACI FCPA Conference 2025

ACI-FCPA Conference Speaker Preview Series – Dan Kahn on the New DOJ Enforcement Priorities

In this episode of the ACI-FCPA and Global Anti-Corruption Conference Speaker Podcasts series, Dan Kahn discusses his panel at the event, “Unpacking the DOJ’s New FCPA Enforcement Guidelines and Priorities: Practical Takeaways for Updating Risk Management, Internal Investigations, and Compliance Strategies.”

Some of the issues the panel will discuss are:

  • How does the current DOJ guidance inform compliance?
  • How to recalibrate your compliance program based on the updated Guidance.
  • What does the DOJ FCPA Guidance say about enforcement priorities? 

I hope you can join me at the ACI–FCPA Conference. This year’s event will take place on December 3-4 at the Gaylord National Resort & Convention Center in National Harbor, Maryland, near Washington, D.C. The lineup of this year’s event is simply first-rate, featuring some of the top FCPA professionals, white-collar attorneys, and compliance practitioners in the field.

The 2025 program is being completely redesigned to help your organization stay agile, responsive, and ahead of the curve. Expect a dynamic agenda shaped by real-world priorities, practical takeaways, and the most cutting-edge thinking in compliance—led by a faculty of global practitioners with boots on the ground, encountering the very risks that come across your desk.

Please join me at the event. For information on the event, click here. Listeners of this podcast will receive a discount by using the code D10-999-CPN26.

Categories
Innovation in Compliance

Innovation in Compliance: Dare to Dream: Leveraging AI and Innovation

Innovation is present in many areas, and compliance professionals must not only be prepared for it but also actively embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Dr. Hemma Lomax from DocuSign, Chris Crowder from Airbus, and Vince Walden from konaAI to explore the future of compliance with AI and AgenticAI. This podcast was edited from a konaAI-sponsored webinar. For a link to the full webinar replay, see below.

Our discussion centers around the integration of AI, innovation, and compliance within corporate environments. Chris and Hemma share insights about their current data analytics efforts and the transformative role of AI in enhancing compliance processes. They discuss the importance of human judgment, exploring new technologies, and creating a forward-thinking compliance culture. Audience members are encouraged to think creatively about leveraging technology to address compliance challenges and prepare for a rapidly evolving business landscape.

Key highlights:

  • Current State of AI and Data Analytics in Compliance
  • Challenges and Opportunities in AI Implementation
  • The Role of AI in Risk Management
  • Human Judgment and AI: A Balanced Approach
  • Future of AI in Compliance and Business
  • Future of AI Agents in Compliance

Resources:

For a full replay of the Webinar, click here.

For the konaAI white paper on AgenticAI, click here.

To listen to the award-winning podcast Upping Your Game on the use of AI in a compliance program, click here.

Check out my latest book, Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.

Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

Categories
Compliance and AI

Compliance and AI: Automate the Noise Away – The Future of Financial Crime Detection with Oracle’s Jason Somrak

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are just three of the many we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance. In this insightful episode, Tom Fox interviews Jason Somrak, Chief of Product & Strategy – Financial Crime & Compliance at Oracle Financial Services Software Limited.

They delve into the evolving role of AI in combating financial crimes and the proactive potential of AI in compliance investigations. Highlighting the transformative power of AI, Jason explains its applications, ranging from detection to investigation, and its impact on regulatory practices. They also discuss future emerging challenges in risk management and the collaboration between humans and AI in enhancing financial crime detection and compliance.

Key highlights:

  • AI’s Role in Financial Crime Prevention
  • Proactive and Preventive Measures
  • AI in Investigations and Triage
  • Automating the Noise Away
  • Regulatory Interactions and Challenges
  • Emerging Challenges in Risk Management
  • Future of AI in Compliance
  • Corporate Culture and AI Adoption

Resources:

Jason Somrak on LinkedIn

Oracle Financial Services

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Sunday Book Review

Sunday Book Review: October 26, 2025, The Risk Management Edition

In the Sunday Book Review, Tom Fox considers books that would interest compliance professionals, business executives, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. Today, we review four top books on risk management.

  • How to be a Chief Risk Officer by Jennifer Geary
  • Fundamentals of Risk Management by Kate Boothroyd and Clive Thompson
  • The Failure of Risk Management by Douglas Hubbard
  • The Risk Management Handbook by David Hillson
Categories
Innovation in Compliance

Innovation in Compliance – AI in Financial Crime and Compliance: A Deep Dive with Oracle’s Jason Somrak

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox welcomes Jason Somrak, the Chief of Product and Strategy for Financial Crime and Compliance at Oracle.

Jason elaborates on his professional background and his decade-long journey at Oracle. He delves into the transformative role of AI in combating financial crimes, exploring how AI has evolved from predicting false positives to using behavioral models and generative AI to enhance investigation processes. Their discussion touches on AI’s potential to shift from detection to prevention, the impact of real-time AML, and the significance of automating noise in compliance investigations. They also discuss the importance of regulatory relationships and the emerging challenges in risk management. The episode concludes with insights into the future skills needed in compliance roles and the critical role of corporate culture in implementing AI solutions.

Key highlights:

  • AI’s Role in Financial Crime Prevention
  • Proactive vs. Reactive Approaches
  • AI in Investigations and Triage
  • Emerging Challenges in Risk Management
  • Future of AI in Compliance
  • Skills for Next-Gen Compliance Officers

Resources:

Jason Somrak on LinkedIn

Oracle Financial Services

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Popcorn and Compliance

Popcorn and Compliance: Episode 3 – Compliance in the Full Moonlight: Lessons from The Wolf Man

Welcome to a special series of Popcorn and Compliance. In this series, we will be looking at the Classic Universal Monster Movies from the 30s and 40s and mining them for compliance lessons. (Yes, it really is an excuse to rewatch them all.) In this series, we will look at Frankenstein, Dracula, The Wolf Man, The Mummy, and end with The Invisible Man. In this episode, Tom explores critical compliance insights drawn from Lon Chaney Jr.’s portrayal of The Wolf Man.

In this episode, we take a deep dive into my favorite Classic Universal Monster, The Wolf Man, to unpack five critical lessons, including the danger of ignoring warnings, the importance of timely intervention, and the challenges of recognizing risks in ordinary people under extraordinary circumstances. Listeners are encouraged to consider how these timeless themes apply to modern corporate compliance, emphasizing proactive measures to prevent potential catastrophes. Join Tom, along with AI hosts Fiona and Timothy, for a surprisingly relevant exploration of compliance through the eerie lens of Hollywood’s iconic monster movies.

Key highlights:

The Relevance of the Wolf Man to Modern Compliance

  • Lesson 1: Ordinary People Can Become Compliance Risks
  • Lesson 2: Warnings Ignored Become Disasters Realized
  • Lesson 3: The Curse of Silence and Stigma
  • Lesson 4: Risk is Cyclical and Predictable
  • Lesson 5: Tragedy Comes from a Lack of Intervention

Resources:

Compliance Lessons from Lon Chaney Jr.’s The Wolf Man on the FCPA Compliance and Ethics Blog

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn