Corruption Crime & Compliance

In this week's episode of Corruption, Crime, and Compliance, we usher in the New Year with a deep dive into something that happened in November of last year. As we begin 2024, it's crucial to reflect on the substantial shifts in the healthcare industry's compliance framework. The HHS Office of Inspector General's Comprehensive Compliance Guidance, released late last year, has set a new standard for healthcare companies, reinforcing the importance of an independent compliance function and outlining a robust framework for effective compliance programs. Michael Volkov meticulously dissects the seven key elements of this groundbreaking guidance, emphasizing its relevance not just in healthcare, but across the spectrum of compliance practices. You’ll hear Micheal discuss:The HHS Office of Inspector General issued the Comprehensive Compliance Guidance (GCPG) in November 2023, a significant document for the healthcare industry, emphasizing the need for independent and robust compliance programs.The guidance is structured around seven core elements: written policies and procedures, effective compliance leadership, training, open lines of communication, enforcing standards, risk assessment, and responsive corrective action for detected offenses.The role of a Chief Compliance Officer is critical, and they should:Report directly to the CEO or have independent access to the board,Have sufficient stature within the entity equal to other leaders,Demonstrate unimpeachable integrity, judgment, assertiveness and approachable demeanor, andHave sufficient funding, resources and staff to operate the program. Emphasizing the separation of legal and compliance functions, the GCPG recommends that compliance officers focus solely on compliance, avoiding roles in legal or financial departments.The GCPG advises the establishment of a compliance committee, meeting quarterly, with responsibilities spanning legal regulation analysis, policy review, training effectiveness, and annual risk assessment.The CEO should include a signed introduction in the code of conduct. The board should include a signed endorsement or similar written statement to support the compliance commitment, and entities should review their codes when a new CEO is hired.Clear communication and board oversight is crucial, and they should be well-informed about compliance programs, and ensure that the compliance officer has sufficient access to them.How compliance officers and boards should respond when compliance concerns are reported or discovered, and focus on the root causes of the misconduct to prevent recurrence.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What is the cost of ignoring compliance? For the world’s largest cryptocurrency exchange, it’s $4.3 billion dollars. In this episode of Corruption, Crime and Compliance, Michael Volkov and his guest, Matt Stankiewicz, delve into one of the most significant financial crime prosecutions in the history of the Justice Department: Binance Holdings. Under the direction of its CEO, Changpeng Zhao, Binance blatantly disregarded compliance, had no AML programs, and willfully put growth over regulations. Now, they must pay out a settlement split among various agencies, including the DOJ, OFAC, FinCEN, and CFTC. In addition to the settlement, Binance has destroyed their reputation at a time when customers are demanding companies they can trust.Matt Stankiewicz is a compliance consultant, and currently a partner at The Volkov Law Group, specializing in anti-bribery, corruptions controls, and compliance programs. He previously served as a member of the Ethics and Compliance Monitoring Team, appointed by the DOJ and EPA, and his casework has included global audits of Fortune 100 companies, sanction violations investigations, risk-assessment for third party distributors, and much more.You’ll hear Michael and Matt discuss:Cryptocurrency companies allow customers to exchange government-backed currency for cryptocurrency, such as Bitcoin. Several major crypto companies, including FTX, Celsius, and BlockFi, have faced bankruptcy and legal issues due to non-compliance and shady practices, resulting in customers losing money.Binance, the world's largest cryptocurrency exchange, recently settled with multiple agencies in the Justice Department for over $4 billion, with penalties split between forfeiture and criminal fines.As part of the agreement, Binance’s main exchange is barred from operating in the US market, which accounts for a third of their revenue, and they also face increased scrutiny by two separate compliance monitors over the next several years.Their circumvention of laws and regulations include violations of the Bank Secrecy Act, failure to register as a money transmitting business, and multiple sanctions transgressions.Binance's founder and CEO, Changpeng Zhao (CZ), pled guilty to his own set of similar charges, including a failure to maintain an effective AML program, and is facing a multi-million penalty and a potential prison sentence of up to 18 months.Binance was established in China, but regularly moved their headquarters from country to country to avoid regulations. Their lack of compliance was driven from the top, with senior leadership actively prioritizing growth over compliance.Binance created its US-based exchange as “window dressing” to avoid regulations, and the customer service department assisted its customers in circumventing its own compliance controls, like using a VPN to get past IP blocking technology.Though Binance is large enough to continue operating despite the fines, this settlement has sent a strong message to the crypto industry about the importance of reputation, compliance, and customer trust.The cryptocurrency industry is currently lacking a “culture of compliance,” but it has reached an inflection point where lawlessness and shady practices are no longer acceptable. In addition to regulators cracking down on them, customers are also applying pressure for these companies to reform.The use of blockchain technology in the crypto industry provides unique tools for transaction monitoring and tracking funds, which can help ensure compliance with AML regulations and detect suspicious activities.Rogue countries like North Korea are experts in leveraging cryptocurrency in a way that threatens US National Security, so the DOJ must become more adept in investigating and taking action against those that violate US law.ResourcesMatt Stankiewicz on LinkedIn | X (Twitter)Michael Volkov on LinkedIn | X (Twitter)The Volkov Law Group

How can we build a culture that motivates people to do the right thing? In this episode of Corruption, Crime and Compliance, Michael Volkov and guest Steve Naughton, explore crucial questions about fostering ethical cultures within companies and practical steps compliance leaders can take to transform performance. Steve shares insights from his journey, detailing the evolution of compliance leadership roles and offering a glimpse into PepsiCo's growth in this area during his tenure as Chief Compliance Officer. For those considering careers in compliance, he emphasizes that expertise in this field can be developed without a law degree. Steve Naughton currently oversees Compliance and Enterprise Risk Management programs at Loyola University Law School. He previously served as Pepsi's Chief Compliance Officer, guiding the growth of their compliance program over 8 years. He is passionate about making sure compliance functions can work independently.You’ll hear Michael and Steve discuss:Steve began his career at major law firms before going in-house to manage litigation and M&A deals during pivotal moments at Quaker Oats and Snapple.PepsiCo’s iconic GC Larry Thompson asked Steve to build a new compliance program starting with just 3 people. Over 8 years, Steve grew Pepsi’s program from 3 to over 40 employees with global reach.Larry saw compliance as preventative and empowered Steve with independent reporting to the Board. Steve remarks, “[Larry] viewed [compliance] as much more preventative than reactionary … his take on compliance has always been, to the extent that we can prevent something or to the extent that as soon as we detect it, we'll go in and check it out instead of waiting till everything was fully investigated.”Pepsi has been on the World's Most Ethical Companies list for 15 years in a row, showcasing its success in following ethical practices.Pepsi has never faced serious enforcement actions, and this is attributed to turning ethical practices into a value-add for the business.Not every company has the resources or leadership seen at Pepsi, making it challenging to bring others along in the compliance profession.Steve emphasizes the importance of a risk-based approach in compliance and recommends developing a strategic five-year plan to address top risks progressively.He encourages companies to be disciplined and follow a plan, citing the Department of Justice's emphasis on showing work prospectively, not retroactively, to defend actions and maintain a strategic plan.Michael and Steve discuss the challenges of implementing change in compliance programs, emphasizing the importance of building a team and garnering support from other functions.They recommend a realistic 3 to 5 year timeframe for implementing changes.Cultures where people feel safe speaking up are foundational to compliance. This can aid in preventing and addressing ethical lapses and compliance challenges.Steve cites examples from Wells Fargo, Volkswagen, General Motors, and Boeing. In these organizations, where you would expect people to be skilled and ethical, employees often didn't speak up. This was because they thought their concerns wouldn't be listened to, or the culture didn't encourage open communication.Compliance is not just about following rules; it's about changing the culture in companies. We need to think differently and work towards making a culture where doing the right thing is not just accepted but encouraged. Steve runs a highly respected compliance curriculum at Loyola University which has prepared many future Chief Compliance Officers. However, compliance expertise doesn’t strictly require legal training.ResourcesSteve Naughton on LinkedIn | Loyola School of Law | EmailMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

In the 300th episode of Crime, Corruption and Compliance, Michael Volkov examines the recent FCPA settlements with two major UK reinsurance brokers - Tysers and H.W. Wood - for their involvement in a bribery scheme in Ecuador. The DOJ took an unorthodox approach by going after individual people before the companies. This helped them get cooperation and gather evidence, resulting in over $36 million in fines and forfeited money. However, it also highlights common issues in FCPA cases, such as a lack of supervision and effective controls that let corruption happen.You’ll hear Michael discuss:The settlements with Tysers ($36M fine + $10.5M forfeiture) and Wood ($508K fine + $2.3M forfeiture) resolve a multi-year FCPA investigation in Ecuador.Several individuals were prosecuted first, including the chairman of two state-owned Ecuadorian insurance firms who pleaded guilty in 2020. This allowed the DOJ to build up cooperators and evidence.  A third-party intermediary played an instrumental role, serving as the "glue" that coordinated all aspects of the scheme in exchange for significant profits.Neither Tysers nor Wood voluntarily disclosed. Tysers received a 25% discount for cooperation and remediation; Wood's fine was reduced to $508K based on inability to pay.  The intermediary demanded a large split of commissions to funnel payments to officials, which Tysers and Wood accepted, triggering disputes among Tysers' own employees. The parties used coded language and fake investment contracts to disguise corrupt payments to officials' offshore accounts.The lack of financial controls and oversight of third-party payment allocations enabled suspicious activity to occur unchecked. Massive "commissions" paid to intermediaries raised obvious red flags that went unheeded.Going after individuals first and securing a declination for one company yielded major penalties for Tysers and Wood, proving the DOJ's strategy highly effective.The facts underscore the need for vigorous third-party due diligence and monitoring controls to detect and halt potential corruption.KEY QUOTES“DOJ has had a slow year in FCPA enforcement. Everybody knows that we may see a few more coming in the next few weeks before the end of the year…” - Michael Volkov“Unlike most third party FCPA cases, where a third party may be enlisted to further a bribery scheme by funneling payments directly to a foreign official, the intermediary in the Tysers and Wood cases played an instrumental role in arranging, managing and overseeing the bribery payments and overall scheme. The intermediary company truly operated as the glue that put together a large bribery operation from which it earned significant profits.” - Michael Volkov“...the timing of the corporate individual resolutions is certainly a unique pattern for DOJ to execute on and certainly raises the prospect that we may see other cases where individuals get prosecuted first and then you see a corporate resolution coming towards the end. So DOJ clearly here built up a reservoir of cooperators and information and intelligence that resulted in them being able to impose significant penalties against Tysers and Wood.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Bobby Butler joins Michael Volkov on this episode of Corruption, Crime and Compliance, to explore the evolution of compliance over 20 years. While enforcement actions sparked major progress, Bobby contends compliance is moving firmly into the realm of competitive advantage and performance multiplier. Millennials and younger generations ‘vote with their feet’, demanding ethical cultures, so compliance may increasingly drive talent retention as well.  Bobby Butler has over 20 years of experience building world-class ethics and compliance programs. In his early career, he investigated export control issues and quickly became passionate about compliance. Known for his persistence and commitment to finding solutions, he is a pioneer who helped elevate compliance from an ad hoc function to a strategic asset.You’ll hear Michael and Bobby discuss:In the early 2000s, compliance programs were sparked by reactions to major DOJ enforcements rather than proactive investments. Companies finally dedicated ample resources when faced with "shock and awe" consequences.Bobby got his start investigating export controls issues at Conoco after unlawful server exports to Syria. He quickly became passionate about trade compliance and then FCPA compliance during the explosion of enforcements in the mid-2000s.Working at ground zero compliance teams at Vetco and Baker Hughes during monitorships gave Bobby deep experience with elements of gold standard compliance programs long before codified evaluation criteria.Bobby argues justifying significant resources without an enforcement action catalyst remains extremely challenging. Compliance fights for a seat at the table and has to insert compliance considerations into business meetings.  Persistence and consistency in messaging are critical for credibility and influence as a compliance officer. Strong yet flexible personalities tend to thrive compared to introverts.Compliance has to focus on finding creative solutions to enable opportunities: frame compliance as a competitive advantage and performance multiplier.Tactics Bobby used to persuade executives include tying bonuses to compliance training completion, positioning compliance in sales materials and constant insertion into business meetings.The compliance skill set has grown into a dedicated career path with specialized education channels, not just a secondary legal role. Bobby sees government enforcements continuing to increase given complex technologies and geopolitics.KEY QUOTES“...we have to find ways for the business to grow. We've got to be sitting there at the table with them thinking of solutions. The more brain power you put at problem solving and doing it in a compliant way, that's how you build trust with people.” - Bobby Butler“And every day that goes by, when there's not a compliance issue and you can certify that controls have passed and the elements are there and you have outside counsel come in and do an assessment of your program and you continuously improve and each day goes by and you don't have an issue. Well, there's another positive impact to the investment and the return on shareholder value and more importantly, the company brand.” - Bobby Butler“...we're out there preaching the good news that compliance can be a good thing. Because at the end of the day, when the company does get in trouble, compliance sets policy, sets voluntary boundaries where the law sets mandatory boundaries.” - Bobby ButlerResourcesBobby Butler on LinkedIn

Ephemeral messaging applications like Snapchat, WhatsApp, and Telegram have presented a complex challenge for compliance professionals and legal counsel. On one hand, these technologies can reduce data storage and preservation costs, minimize breach exposure, and allow prioritization of communications data. On the other hand, they can create blind spots by deleting communications records and seriously obstruct internal investigations. How can companies balance the benefits of ephemeral messaging against the risks of compliance program undermining? In this week's episode of Corruption, Crime and Compliance, Michael Volkov discusses recent DOJ guidance regarding ephemeral messaging risks and outlines practical steps organizations can take to strike the right balance. You’ll hear him discuss:Ephemeral messaging can reduce data storage and preservation costs, which can be significant for companies facing litigation or investigations. It also reduces potential breach exposure by deleting data.However, ephemeral messaging can obstruct internal investigations and create corporate blind spots by deleting communications records before they can be reviewed. This undermines compliance programs.DOJ's guidance outlines several steps companies can take to allow ephemeral messaging while mitigating risks:Understand how the apps delete data and what types of data are stored;Tailor policies on use to your specific risk profile and business needs;Clearly communicate policies to employees and ensure regular enforcement;Examine how policies impact the ability to conduct investigations and respond to subpoenas;Evaluate the overall reasonableness of the risk mitigation strategy.Practical steps to make ephemeral messaging safer include:Restricting use to specific authorized purposes like scheduling;Requiring employees to maintain deletion settings;Conducting periodic audits of devices;Requiring preservation and company access to work communications,Coordinating ephemeral messaging policies with broader data preservation policies.If a company provides devices to employees, it has more control and ability to restrict apps and access data, but even then, steps need to be taken to mitigate risks.BYOD policies are more complex since consent and privacy restrictions may limit what companies can do. However, a BYOD policy still needs to address comprehensively:  Preserving data  Allowing corporate audits and access  Segregating work data where possible  Outlining consequences for violations  Respecting local privacy laws  Getting employee consentWith the right policy framework, BYOD can potentially allow ephemeral messaging while protecting data availability.KEY QUOTES“Companies have a vested interest in preserving their internal communications for a variety of reasons, to hold internal actors accountable, or even outside actors sometimes, and to protect the organization from potential private and government claims or investigations that may have serious direct or collateral consequences.” - Michael Volkov“If the government issues a grand jury subpoena as part of a criminal investigation and the company fails to preserve data generated by use of an ephemeral messaging system, a company could be held liable for failing to preserve data relevant to the criminal investigation. Such consequences can be significant...” - Michael Volkov“While a company may have limited access to employees' personal devices when it supplies devices to its employees, the company should regularly secure certifications by its employees that has not used its personal device for work-related purposes, with emergency exceptions, of course. Similarly, companies have to develop testing protocols for its BYOD policy and secure employee consent to examine the personal device limited solely to business data.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Is your company's compliance program truly effective, or is it just ticking boxes? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives deep into LRN's PEI survey with Susan Divers. Susan sheds light on the global nature of ethics and compliance programs, challenging the misconception that they are solely US-centric. They discuss the power of values, the shift from a cop to a coach approach, and the revolutionary trends in employee-centric training, especially in the age of remote work. Susan Divers is the Director of Thought, Leadership, and Best Practices at LRN. She has a wealth of experience as a former Chief Compliance Officer, and her emphasis on values over rules in compliance programs has made her a trailblazer in the industry. You’ll hear Michael and Susan discuss:The LRN PEI survey challenges the perception that ethics and compliance are US-centric; many programs worldwide share common features such as codes of conduct, training policies, and audits.Examining a decade of data, the report delves into how ethics and compliance programs responded to the disruptions caused by the pandemic.LRN's data reinforces the idea that ethics and compliance programs relying on values and ethical cultures are more effective than those solely based on rules. Shifting from a cop approach to a coach approach enhances program effectiveness.Ethical companies experience lower employee misconduct rates, higher employee satisfaction and productivity, and achieve greater sustainable financial performance.The pandemic prompted a shift in focus from content-driven training to employee-centric, relevant, and mobile-friendly modules. Shorter modules, just-in-time training, and tailored approaches are emerging as best practices.Ensuring accessibility through web-based policies and procedures, coupled with interactive capabilities and data analytics, becomes crucial in bridging the gap between remote workers and compliance initiatives.Gathering data on employee interactions provides insights into the effectiveness of compliance programs. Metrics such as completion times, pass rates, and group performance allow for targeted efforts to enhance the program's impact.Michael emphasizes the challenge for compliance officers in handling the plethora of available data. Choosing the right metrics, setting standards, and ensuring the usability of metrics over time are crucial considerations.The report highlights that high-performing ethics and compliance programs are integral to the decision-making processes of companies. 70% of respondents reported modifying or abandoning a business initiative due to an ethics and compliance risk assessment.Susan introduces the concept of embedding a short Ethical Culture survey at the end of training courses. This real-time survey, known as the Ethical Pulse Culture survey, serves as a powerful tool to gauge and improve the ethical culture within organizations.The Ethical Pulse Culture survey becomes a game-changer, operationalizing compliance by offering a moving average of data insights. This survey, incorporated into scorecards, provides business managers with valuable insights into their business unit's ethical culture over time.ResourcesSusan Divers on LinkedIn | EmailLRN

Clear Channel, a San Antonio based advertising company, is settling with the SEC for $26 million, for bribery violations committed by its former Chinese subsidiary, Clear Media. In this episode of Corruption, Crime and Compliance, Michael Volkov explores the details of this case, from covert cash funds to internal audit challenges, shedding light on the issues that led to this notable settlement. You’ll hear him discuss:The charges stemmed from bribery violations committed by Clear Channel’s former Chinese subsidiary, Clear Media. The bribes included expensive gifts, entertainment and travel, given to influence contract renewal negotiations with Chinese government officials.Clear Media engaged in deceptive practices, falsely documenting payments to cleaning and maintenance companies to fund illegal payments. They cautioned employees to omit gift recipients and disguised payments through oral agreements. False invoices and tax records were created to justify cash payments to shell company intermediaries that provided no actual services.Internal audits from 2012 to 2017 highlighted deficiencies, red flags, and indicators of bribery. Despite this, Clear Channel failed to pursue aggressive remedial actions. Internal auditors faced resistance from Clear Media and even reported false information provided by them. The lack of diligence and follow-up allowed the issues to persist.Clear Channel, however, cooperated extensively with the investigation. They promptly shared facts, produced relevant documents, and facilitated interviews with current and former employees. Remediation efforts included disposing of Clear Media, enhancing anti-corruption compliance policies, and increasing resources for compliance.The settlement serves as a cautionary tale, emphasizing the importance of robust internal audits and proactive remediation.KEY QUOTES:“Clear Channel received credit for its cooperation and remediation. Its cooperation included promptly sharing facts, proactively producing relevant documents, producing in real time documentation of audits of Clear Media's internal controls during the course of the investigation...” - Michael Volkov“So from 2012 to 2017, Clear Channel auditors regularly cited Clear Media's deficiencies, red flags, indicators of bribery, and inadequate internal controls. The auditors cited numerous remedial measures, but Clear Channel failed to ensure that appropriate remedial steps were taken.” - Michael Vokov“But given the level of resistance and the failure of the internal audit function to operate properly and to follow up specifically on the issues that they were uncovering, the resolution has to be viewed in a positive light and was only counterbalanced by the fact that what Clear Channel did was cooperate and provide extensive remediation and ultimately sold its Chinese subsidiary...” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Albemarle, a prominent specialty chemicals company, recently settled a case for $218 million, unraveling a web of bribery payments across Vietnam, Indonesia, and India. The repercussions of this case extend beyond the financial penalty, encompassing a three-year non-prosecution agreement and the application of the Compensation, Incentives, and Clawbacks pilot program. In this episode of Corruption, Crime and Compliance, Michael Volkov shares details of Albemarle’s FCPA settlement with the DOJ and SEC, exploring Albemarle’s voluntary disclosure, extensive remediation efforts, and a transformative shift in its business model.You’ll hear Michael talk about:Albemarle agreed to pay over $218 million to settle investigations conducted by the DOJ and the SEC. This substantial financial penalty is a consequence of alleged bribery payments made by the company in multiple countries.The investigations focused on bribery payments related to various business transactions and dealings made by Albemarle in Vietnam, Indonesia, and India. As part of the settlement, Albemarle entered into a three-year non-prosecution agreement. While the company acknowledges certain wrongdoing, it avoids facing formal prosecution during the specified period if it complies with the agreed-upon terms and conditions.The settlement includes the application of the Compensation, Incentives, and Clawbacks pilot program. This program outlines mechanisms to ensure that executives and employees involved in wrongdoing face appropriate consequences, including clawing back certain incentives and compensation. Albemarle voluntarily disclosed information related to the potential FCPA violations. This proactive step is often a mitigating factor in settlements and reflects a willingness to cooperate with authorities.Albemarle undertook extensive remediation efforts in response to the allegations. This included disciplining employees involved in the wrongdoing, strengthening its anti-corruption program, and making significant changes to its business model and risk management processes.The investigations highlighted Albemarle's use of sales agents in Vietnam, Indonesia, and India. Control deficiencies with third parties in China and the United Arab Emirates (UAE) were also noted, raising concerns about the oversight and due diligence processes related to these external entities.Michael shares details about specific bribery schemes involving state-owned entities such as Petro Vietnam in Vietnam, Pertamina in Indonesia, and IOCL in India. These schemes included practices like modifying tender requirements, providing nonpublic information, and directing agents not to include details in invoices concerning tips to foreign officials.The case underscores the risks of relying on third-party agents to secure contracts, particularly through the example of Albemarle's failure to conduct due diligence on an agent in the UAE. The agent's close ties to the UAE government and royal family contradicted representations made during the due diligence process.KEY QUOTES“And in this case, they rewarded Albemarle with an NPA as opposed to a deferred prosecution agreement. So it's a three-year non-prosecution agreement, and doesn't get filed with the court. There's no information that's filed. And they agreed to pay a penalty of approximately $98.2 million and an administrative forfeiture of $98.5 million. Also, this is the first FCPA settlement where  we applied the Compensation, Incentives, and Clawbacks pilot program, which the DOJ had announced in March of 2023.” - Michael Volkov“With respect to remediation efforts, the DOJ cited Albemarle's extensive remedial measures, including that they started the remediation prior to the beginning of the DOJ's investigation. In other words, they started to remediate quickly upon starting their own internal investigation.”  - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

3M faced a dual settlement, first with the SEC and then with OFAC, over alleged Iranian sanctions violations stemming from misconceptions and oversights in a license plate deal with a German intermediary. Despite the gravity of the case, 3M took proactive remedial actions, including voluntary disclosure and internal changes. Similarly, Emigrant Bank maintained a CD account for two Iranian residents for over two decades without proper screening, leading to a $31,000 settlement. In this episode of Corruption, Crime and Compliance, Michael Volkov shares details of both cases, underscoring the complexities of navigating sanctions regulations, the consequences of compliance failures, and the pivotal role of voluntary disclosure and proactive remediation in mitigating penalties.You’ll hear Michael talk about:3M settled with the Securities and Exchange Commission (SEC) for $6.5 million and with the Office of Foreign Assets Control (OFAC) for $9.6 million over alleged violations of Iranian sanctions. 3M's Dubai-based subsidiary entered into a deal to manufacture reflective license plate sheeting for a German company, but it misunderstood the end user, believing it was a reseller when it was actually Iran. Between 2016 and 2018, 3M sent 43 shipments to the German intermediary, who resold them to Iran, violating OFAC regulations. This led to 54 violations of the Iran sanctions program. 3M's compliance team approved the deal without realizing the true end user was in Iran. Suggestions to review the deal were ignored, and steps were taken to conceal its true nature. 3M took remedial steps, including voluntary disclosure, termination or discipline of involved employees, leadership changes, revamped sanctions compliance training, and discontinuation of business with the German reseller.In another case, Emigrant Bank maintained a certificate of deposit (CD) account for two Iranian residents from 1995 until 2021 without properly screening it for sanctions issues. In 2016, when the account holders requested a wire transfer, Emigrant became aware of potential sanctions issues but still approved the transfer. In 2019, Emigrant's upgraded screening software flagged the account, but the compliance team overrode the alert based on erroneous guidance from the 2016 wire transfer. Emigrant recognized the account's status in 2021, closed it, and took steps to remediate compliance program shortcomings.Emigrant settled the matter for $31,000, significantly lower than the maximum penalty applicable ($9.9 million), with voluntary disclosure and proactive remediation efforts considered mitigating factors by OFAC.KEY QUOTES“In the course of setting up this agreement, numerous managers at 3M suggested that trade compliance reviewed the deal. But these 60 suggestions were ignored by the deal's proponents. Even worse, a 3M subsidiary received an outside due diligence report, flagging the connection to Iranian law enforcement, and closed the matter without further investigation.” - Michael Volkov“On September 21 of this year, OFAC announced that Emigrant agreed to pay $31,867 to resolve 30 violations of the Iran Sanctions Program. The violations all relate to a single CD account that Emigrant maintained for two Iranian residents from 1995 until it closed the account in 2021.”  - Michael Volkov“In 2019, Emigrant upgraded its screening software, sanctioned screening, and the new program flagged the account as problematic due to the account holder's Iranian residency. However, software is only effective as its operator. Upon review, Emigrant's compliance team overrode the alert, basing their decision on erroneous guidance from the 2016 wire transfer. Now, Emigrant finally recognized the account status in 2021 and took steps to remediate its compliance program shortcomings.” - Michael VolkovResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group