An effective third-party risk management program has to include robust monitoring and auditing strategies. This episode is a companion to Episode 129 on creating a third-party risk profile. In this episode, Michael Volkov outlines strategies for monitoring and auditing your third-party population.
In this global pandemic crisis, every company is being tested. No matter how much time was put into emergency planning it is difficult to imagine that anyone could have foreseen the scope and nature of the current crisis. But we are about to experience and witness an important test. Companies have to recognize the nature of the crisis, the impact on their operations, prepare consumers,...
Compliance professionals face extraordinary risks – not just for the enterprise but personal risks. CCOs should not panic or overreact when the government brings an enforcement action against a compliance officer for a company’s compliance failure. The lesson for compliance officers who work in regulated industries is fairly straightforward – when faced with real compliance problems, compliance professionals have to document efforts to address the...
We all know that economic incentives are critical to promoting performance. Going back to the days of Adam Smith, the U.S. economic growth is the result of a basic motivation – hard work can result in significant revenues/profits. Companies create incentives for their employees as well – sales performance is linked to salary, bonuses and promotions. We have observed skewed sales incentives, such as the...
The Justice Department’s Antitrust Division announced a major guilty plea with Sandoz, Inc., in its expanding criminal investigation of the generic pharmaceutical industry. DOJ has been pursuing this investigation for several years with some progress, but the Sandoz guilty plea is a major accomplishment in the investigation. Sandoz agreed to pay $195 million in exchange for a three-year deferred purchase agreement (“DPA”). DOJ filed a...
The Treasury Department’s Office of Foreign Asset Control (“OFAC”) is aggressively enforcing OFAC sanctions rules. Last year, OFAC issued its Framework for Sanctions Compliance Programs, which includes a specific requirement for companies to conduct a “holistic” risk assessment. In this episode, Michael Volkov outlines practical strategies for conducting a sanctions risk assessment.
OFAC continues to aggressively enforce its sanctions programs. In its latest enforcement action, OFAC agreed with Société Internationale de Télécommunications Aéronautiques SCRL (“SITA”), a Swiss telecom company, to an approximately $7.8 million civil penalty for 9,256 violations of the Global Terrorism Sanctions Regulations (“GTSR”). SITA provides telecommunications services to companies in the civilian air transport industry. Membership in SITA is open to industry operators worldwide...
Cardinal Health (“Cardinal”) agreed to pay the SEC $8.8 million for FCPA violations in China relating to its internal controls and books and records. (SEC Order Here). Cardinal acknowledged facts relating to internal controls deficiencies and its handling of marketing accounts that it supervised for its distributors. In particular, while Cardinal mitigated its corruption risks by terminating many of these accounts, Cardinal inaccurately assessed the...
Chief compliance officers are heroes. They labor every day to advance a company’s ethics and compliance program without much recognition, with few resources, and with well-known gaps in their programs. CCOs live by a credo – they risk-rank and prioritize all their activities (hopefully) on an ongoing basis. It is a job similar to our cats and dogs chasing their own tails – they will...
Companies continue to refine their third-party risk management programs. As an initial step, companies have to create a third-party risk profile for its population. To accomplish this task, companies have to classify and stratify their third parties. In this episode, Michael Volkov discusses how to review your third-party population and create a risk profile.
