Microsoft’s bribery and controls violations reflect significant risks facing companies that rely on distributor and reseller networks to sell their products.  Companies often enter and operate in emerging markets through complex networks of third parties.  Such distribution systems create significant anti-corruption risks that have to be managed and mitigated. It is worth taking the time to examine the precise outlines of the conduct at issue...

Microsoft finally resolved its FCPA enforcement action with a whimper.  Notwithstanding prior suggestions that Microsoft’s investigation uncovered global conduct, Microsoft’s liability focused primarily on Microsoft’s conduct in Hungary.  Even with the tailored settlement agreement,  DOJ and the SEC reiterated robust expectations surrounding third-party distributor networks, particularly in the software industry. To resolve a lengthy six and one-half year investigation, Microsoft entered into a non-prosecution agreement...

As compliance strategies evolve and improve, more attention is being paid to data and measurement of a compliance program.  Like every task associated with compliance, professionals have to be smart when it comes to this issue.  A compliance program generates (or has access to) a vast amount of data and it is easy to get lost in the morass of data without any appreciable benefit....

Chief compliance officers have a hard job.  CCOs know that fact and them fully embrace the challenges of their positions.  At the same time, CCOs have extraordinary expectations placed on their shoulders – they are rarely complemented about their programs while the company avoids any major controversies, but they are one of the first to be questioned when a compliance breakdown occurs.  CCOs are always...

Based on its aggressive enforcement program and its recently issued Framework for Sanctions Compliance Programs, OFAC has established a new era in sanctions compliance.  Trade compliance is often siloed into its own operation, sometimes in, and other times outside of, the compliance function.  Over the next five years, we will witness a sea-change in sanctions compliance programs (or at least we better witness such a...

I tend to repeat myself and when it comes to corporate cultured and ethics, I admit it.  A company without an ethical culture, or at least a commitment to an ethical culture, will be unable to achieve an effective ethics and compliance program. NAVEX Global’s recent benchmarking report was an important confirmation that successful compliance programs often have two strong characteristics – senior level buy...

As part of its new corporate compliance credit program, the Justice Department’ Antitrust Division issued, for the first time in its history, guidance to assist prosecutors in the evaluation of compliance programs at the charging and sentencing stages of investigations.  (Here).  The Antitrust Division’s new guidance joins DOJ’s Criminal Division Guidance (Here) and the Treasury Department’s Office of Foreign Asset Control’s (OFAC) Framework for Sanctions...

NAVEX Global and the Volkov Law Group have issued a new Vendor Risk Management Toolkit: Best Practices for Vendor Risk Profiling — the new toolkit is available HERE. Managing third parties can be tricky, and mistakes costly. But with hundreds – perhaps even thousands – of vendors, where do you begin? Our three-part toolkit provides expert advice on profiling your third party vendors using factors...

In yet another major compliance development, the Justice Department announced the adoption of a new policy to credit effective compliance programs in resolving criminal cartel prosecutions against corporations.  Since the 1990s, the Antitrust Division’s policy regarding corporate compliance programs was generally fixed given the ability of companies to seek benefits under the leniency program.  In this respect, the first reporting company would earn immunity and...

It is easy to get swept up into compliance trends, prognosticators of the future, and future compliance terms such as “artificial intelligence,” or “blockchain.”  Do not get me wrong, these are the terms for the future and eventually they will be part of common compliance conversations. But sometimes we need to get back to basics.  In some cases, Chief Compliance Officers need to remind themselves...