In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures.  The settlement represents the SEC’s first application of its internal controls enforcement authority to include cybersecurity policies and procedures.  The SEC’s interpretation represents a significant expansion of its enforcement authority.  In...

NAVEX delivers quality studies and important insights on ethics and compliance topics.  In its 2024 State of Risk & Compliance, NAVEX provides a comprehensive report on current trends and practices involving risk and compliance management. The Report reflects the survey results from over 1,000 respondents global who influence or manage their organization’s risk and compliance programs. Over half of the respondents came from the United...

Halyna Senyk, a Senior Program advisor from the CEELI Institute, joins us to discuss anti-corruption progress and challenges in the Ukraine.  Halyna is responsible for managing the CEELI Institute’s anti-corruption portfolio.  Based in Prague, the CEELI Institute focuses on promoting the rule of law through professional training programs for judges, law enforcement, lawyers, prosecutors, civil society representatives and investigative journalists. While its main activities are...

Bryn Sedlacek, Vice President, Product Management at Aravo, joins us on the podcast to discuss third-party risk management with a focus on holistic risks and unitary visibility. In a wide-ranging discussion, Mike Volkov and Bryn Sedlacek discuss the challenges in implementing a third-party risk management program that captures holistic risks and maintains a consistent, unified line of sight across the organization’s risk profile. As part...

In this new era of aggressive sanctions enforcement, companies have to understand the red lines that define where criminal and civil enforcement risk increase.  In contrast to the history of FCPA enforcement, DOJ and OFAC have provided helpful guidance to alert companies where risks are likely to increase. Sanctions enforcement involves an off mix of civil and criminal line drawing.  On the civil side, OFAC...

LRN has issued another important report — in its latest report, The 2024 Benchmark of Ethical Culture Report, LRN has focused on the critical issue of corporate culture.  LRN is a pacesetter and the leader in reliable studies on complex ethics and compliance issues.  If not properly promoted or maintained, a defective culture can lead to serious misconduct, government investigation, reputational damage and collateral harm. ...

Diligent recently released an important report — Cybersecurity, audit, and the board: How does board oversight impact cybersecurity performance? Diligent’s Report includes several key findings on the importance of Board oversight and its importance to cybersecurity performance. Dottie Schindlinger, Executive Director of Diligent Institute, the global corporate governance research arm of Diligent – joins us to discuss the report and its key findings. https://audio-delivery.cohostpodcasting.com/audio/433377ff-16d7-421e-867c-0a97a76cc861/episodes/0848361f-ac8a-4bae-94c9-ce35daa4e211/episode.mp3

The new compliance cottage industry surrounds artificial intelligence.  We are at such an early stage of AI development — companies are still figuring out how they can employ the technology.  Some industries, such as financial institutions, however, have been using AI for fraud detection and other issues.  I expect financial institutions will set the tone for much of compliance practices around AI. There is no...

With the beginning of the era of the “New FCPA,” as coined by DOJ’s Deputy Attorney General Lisa Monaco, we now need to focus on third-party risk and sanctions enforcement.  The law, the practice and the risks are important and not just the same as FCPA legal requirements.  As we embark on a new criminal enforcement era surrounding sanctions violations, companies have to address this...

Carlos Villagrán is the Director of Compliance at CMPC, a 100 years’ old Chilean-based holding company, one of the worldwide leading manufacturers of pulp, paper, packaging, personal care and other forest products. Carlos discusses the challenges he faced in joining CMPC after a significant crisis — CMPC’s prosecution for antitrust cartel violations in Chile and Peru. With more than 20,000 employees, CMPC has industrial operations...