Corruption Crime & Compliance

Have you heard of the recent controversies around Boeing 737 MAX and its safety? Have you wondered what is being done about the concerns around it? In this episode of Corruption, Crime, and Compliance, Michael Volkov delves into the latest developments in the Boeing 737 MAX case, highlighting the recent plea agreement proposed by the Department of Justice (DOJ). The Boeing 737 MAX case took another dramatic turn. On July 24, 2024, the Department of Justice filed with the United States District Court for the Northern District of Texas a proposed plea agreement with Boeing. Under the Plea Agreement, Boeing will plead guilty to the original Information filed in 2021 with the Deferred Prosecution Agreement ("DPA"). The discussion focuses on Boeing's alleged failure to implement adequate compliance measures, leading to significant risks and violations, and the ongoing legal and ethical implications of the case. Tune in to hear a detailed analysis of the complexities and legal ramifications of Boeing’s recent plea agreement and what it means for corporate compliance and accountability.You’ll hear him talk about:Certification Issues: Boeing failed to ensure its 737 MAX certifications were accurate, risking false certifications to the FAA.DOJ Plea Deal: Boeing agreed to plead guilty to conspiracy to defraud the U.S., facing opposition from victims' families who find the resolution insufficient. The plea agreement, which has been filed under Federal Rule Criminal Procedure 11(c)(1)(C), requires the Court to approve and accept the deal. The Court can reject the plea deal and require the parties to renegotiate the terms.Victims’ Rights: The proposed resolution has been controversial because of the opposition of the families of the victims, who have opposed the plea agreement and general disposition of DOJ's investigation and prior resolutions as insufficient to vindicate the public interest and their rights as victims of Boeing's malfeasanceCompliance Failures: Boeing breached its DPA by not implementing effective compliance controls, particularly in safety and quality processes.Independent Monitor: Boeing will be monitored for three years and must invest $455 million in compliance and safety improvements.Ongoing Challenges: Boeing’s anti-fraud measures still have gaps, with broader implications for industries where safety is critical.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How does the SEC's recent settlement with R.R. Donnelly & Sons Company impact internal controls for cybersecurity incidents? In this episode of Corruption, Crime, and Compliance, Michael Volkow discusses a significant decision by the SEC involving a $2.1 million settlement with RR Donnelly & Sons Company (RRD) related to a 2021 ransomware attack. The SEC's decision marks the first time it applied its internal controls enforcement authority to cover cybersecurity policies and procedures, representing a substantial expansion of its enforcement reach.The SEC criticized RRD for failing to prioritize the review of security alerts and implement an effective workflow for escalating such reports. This oversight led to delayed detection and response to the cyber attack, during which hackers exfiltrated 70 gigabytes of data, including personal and financial information tied to 29 clients.You’ll hear him talk about:The importance of robust internal controls to ensure prompt investigation and escalation of potential cybersecurity incidents.The need for companies to allocate sufficient resources and personnel to monitor and respond to third-party security alerts.The SEC's critique of RRD's internal incident response policies, particularly the lack of clear lines of responsibility and efficient workflows.The dissenting opinions within the SEC regarding the broad application of internal controls to cybersecurity, highlighting the need for specific guidance on reasonable cybersecurity controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupSEC settlement

Is your HR department rolling their eyes at compliance? Does your company have a non-retaliation policy? The report, based on over 1,000 global responses, reveals growing maturity in compliance programs but notable gaps, such as only 61% having a hotline and 55% having a non-retaliation policy. Join us on this week’s Corruption Crime and Compliance to learn how cross-functional relationships are strong with data privacy and risk but weak with HR and finance. Michael Volkow highlights NavX's report, showing compliance's high engagement in processes like reputational harm and data breaches but often being involved late in mergers and acquisitions. Learn that common compliance issues include privacy, cybersecurity, and regulatory demands. The report also covers ESG programs and the need for better third-party risk management - tune in to hear more!You’ll hear him talk about:How compliance is often brought in late during mergers and acquisitions, with 20% of respondents noting no engagement in these processes.Notable gaps that include only 61% of organizations having a hotline or whistleblower internal reporting channel and only 55% having a non-retaliation policy.How the report shows progress in the maturity of compliance programs, with half of the respondents rating their programs in the top two tiers of maturity.Compliance having strong relationships with data privacy and risk functions, but experiencing significant resistance from HR and finance departments.Half of the organizations experiencing at least one compliance issue in the past three years, with privacy and cybersecurity being the most common issues.Two-thirds of boards receiving periodic compliance reports, but one-third do not, highlighting a need for improved board engagement in compliance matters.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupNavex State of Risk and Compliance Report

Is the progress itself enough to consider the battle won? Are the ongoing scandals casting a shadow over the hard work against corruption? Despite challenges (such as limited resources due to the ongoing war) and recent scandals (such as overpriced eggs for the military), Ukraine maintains multiple institutions committed to transparency and integrity, crucially supported by international partnerships aimed at enhancing its anti-corruption infrastructure.Listen to this conversation between Michael Volkov and Halyna Senyk in which they focus on Ukraine's anti-corruption efforts amidst the backdrop of its ongoing war with Russia. Halyna Senyk, an expert from the CEELI Institute, details Ukraine's progress since 2014, highlighting the establishment of key anti-corruption agencies and reforms and how, over 10 years, it moved from 144 to 104 place in the Transparency International Corruption Perception Index.You can listen to how, despite these advancements, Senyk acknowledges persistent challenges, including recent setbacks and scandals that have tested the country's resolve.You’ll hear them discuss:Historically pervasive and deeply rooted corruption at various levels of government and the reality of society that remains a critical challenge. Despite reforms and the establishment of anti-corruption agencies, the implementation and effectiveness of these measures are often undermined by systemic issues.The conflict with Russia that started in 2014 leading to military, economic, and social destabilization. This conflict has strained Ukraine's resources and governance capabilities, posing obstacles to effective governance and reform efforts.The volatile political landscape in Ukraine is characterized by frequent changes in leadership and political alliances that hamper consistent policy implementation and reform progress.The ongoing conflict and systemic corruption and how they contribute to economic challenges, including reduced investor confidence, economic uncertainty, and financial strain on public institutions.Ukraine's geopolitical position and how relations with neighboring countries and international allies, particularly with regard to Russia and the European Union, influence its ability to implement reforms and receive international support effectively.ResourcesHalyna Senyk on LinkedInEmail: Halyna.Senyk@ceeli.euCEELI Institute (Central and Eastern European Law Initiative)Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

Bryn Sedlacek, Vice President and Product Manager at Aravo, joins us on the podcast to discuss third-party risk management focusing on holistic risks and unified visibility. In a wide-ranging discussion, Mike Volkov and Bryn Sedlacek discuss the challenges in implementing a third-party risk management program that captures holistic risks and maintains a consistent, unified line of sight across the organization's risk profile. They focus on sanctions, capturing the source and ultimate destination of products/services and including those in screening, leveraging how to handle conflict minerals as a model, and how data intelligence providers can help. Additionally, Bryn discusses unified visibility, which provides comprehensive visibility to executives and decision-makers across risk domains and performance. Finally, they discuss InfoSec risk with third parties, where to start, and the future of risk - technology and alternative risk strategies. Join Michael and Bryn as they navigate the complexities of compliance in today's corporate landscape.Bryn discusses how crucial it is to start with a realistic approach to building a compliance program and continually improve compliance programs to mitigate risks effectively.Having a platform like Arvao’s is valuable for companies as it is highly configurable and tailored to meet the unique needs of each client’s business structure and risk management requirements.The partnership between IT and cyber security in a compliance program is vital for addressing cybersecurity risks effectively within organizations. It is a growing trend for IT and cyber security to focus on collaboration and meeting the unique needs of each department.Unified visibility across different risk domains and third-party activities is essential for making informed decisions and managing risks effectively. Continuous monitoring and auditing are crucial in compliance programs, with a risk-based approach to optimize resources and ensure proactive risk management.Sanctions compliance is a growing area of focus, requiring proactive monitoring, risk-based approaches, and continuous updates to mitigate risks effectively.ResourcesBryn Sedlaceck on the WebEmail: bsedlacek@arvavo.comMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Explore the intricate world of sanctions compliance, focusing on the crucial legal obligations for companies. Learn about how strict liability and aggravating factors can impact sanctions violations. The discussion highlights the significance of understanding third-party liability within supply chains and the risks of civil penalties for companies. Additionally, navigate the complexities of U.S. sanctions and export controls, including the implications for non-U.S. entities and the importance of documentation to avoid enforcement scrutiny.

LRN has issued another important report. In its latest report, The 2024 Benchmark of Ethical Culture Report, LRN has focused on the critical issue of corporate culture. LRN is a pacesetter and the leader in reliable studies on complex ethics and compliance issues. If not properly promoted or maintained, a defective culture can lead to serious misconduct, government investigation, reputational damage, and collateral harm. On the other hand, a positive and effective culture is a company's most valuable intangible asset, as it is tied directly to increased financial performance and sustainable growth. Over the past few years, business leaders have embraced what compliance and governance professionals already knew: companies with strong ethical cultures outperform other companies with weaker cultures. Employees at ethical companies are more productive, more satisfied, less likely to seek a new job, and more committed to the company's mission.Hear Michael discuss:LRN's 2024 Benchmark of Ethical Culture Report underscores the importance of ethical culture in driving financial performance and reducing misconduct rates.Generation Z shows a higher tolerance for unethical conduct, with nearly a quarter admitting to engaging in such behavior to get the job done.Hybrid workers who alternate between working from home and the office exhibit lower rates of misconduct and are more likely to report observed misconduct due to increased job satisfaction.Organizations with strong ethical cultures outperform those with moderate to weak cultures by at least 50% across various business performance measures.Employees at companies with strong ethical cultures are 1.5 times more likely to report observed misconduct, emphasizing the value of a positive work environment.Senior leaders often have more favorable perceptions of their organization's culture than middle management and frontline workers, highlighting the need for consistent messaging.LRN's research shows that nearly 70% of the variance in business performance is linked to an organization's ethical culture, emphasizing the critical role of culture in success.ResourcesLRN’s 2024 Benchmark of Ethical Culture ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Dottie Schindlinger is Executive Director of Diligent Institute, the global corporate governance research arm of Diligent - the largest SaaS software company in the Governance, Risk, Compliance (GRC), and ESG space. She co-authored the book Governance in the Digital Age: A Guide for the Modern Corporate Board Director, co-hosts “The Corporate Director Podcast,” and co-created Diligent Institute’s Certification programs for directors and executives, including AI Ethics & Board Oversight. Dottie was a founding team member of the tech start-up BoardEffect, acquired by Diligent in 2016. She graduated from the University of Pennsylvania and is a Fellow of the Salzburg Global Seminar Corporate Governance Forum. Diligent and Bitsight recently issued an important report on corporate board oversight of cybersecurity risks. Dottie Schindlinger, Executive Director of Diligent Institute, joins Michael Volkov to discuss the important findings of Diligent's report.You'll hear Dottie and Michael discuss:Companies with advanced security ratings create nearly four times the amount of value for shareholders as companies with basic security ratings. On average, the Total Shareholders’ Return (TSR) over three and five years for companies in the advanced security performance range is approximately 372% and 91% higher, respectively, than their peers in the basic security performance range.Companies with a specialized risk or audit committee had higher security performance ratings on average. Companies falling within these two categories have an average security rating of 710, whereas companies lacking both committees have an average security rating of 650.The findings also suggest that the distribution of security ratings among companies with specialized risk and audit committees tends to skew towards the advanced security performance range, whereas companies lacking either of these committees tend to skew toward the basic security performance range.Having a cybersecurity expert on the board is not enough. Integrating a cybersecurity expert into the board committee tasked with cybersecurity risk oversight makes a significant difference in an organization’s performance.Merely having a cybersecurity expert on the board does not correlate to having a higher security performance rating. Highly regulated industries tend to outperform other industries in terms of cybersecurity performance. Of the companies with advanced-level security performance ratings, a full third (33%) came from the financial services sector – with an average rating of 720. The sector with the highest average rating overall was healthcare at 730. Nearly a quarter (24%) of companies with basic security performance ratings came from the industrial sector. ResourcesDottie Schindlinger on LinkedInDiligent Institute | Diligent | Board EffectThe Report can be downloaded at: Cybersecurity, Audit and the Board ReportMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

Artificial intelligence is rapidly evolving, creating a new landscape for compliance. Financial institutions are leading the charge in AI adoption, particularly in fraud detection. As excitement builds around AI's potential, there's a cautionary note about the difference between hype and reality. Corporate leaders must stay alert and adapt quickly to the changes in compliance demands. The discussion emphasizes that ethics and compliance frameworks can effectively address AI-related risks, ensuring businesses can harness AI's promise without being overwhelmed.

Explore the evolving landscape of third-party risks in sanctions compliance as legal standards tighten. Discover how companies like Epsilon Electronics and ELF Cosmetics faced hefty penalties due to failures in due diligence. Learn about the importance of proactive risk assessment and effective strategies to navigate the complexities of compliance. With real-world examples, this discussion highlights that ignoring supply chain responsibilities can lead to costly repercussions. Stay informed to mitigate risks and ensure compliance in a challenging regulatory environment.