Featured Articles:

Enforceability of Clawback and Compensation Penalty Provisions (Part II of II)

We often read about lucrative bonus payments made to CEOs and other senior executives. With refinements in corporate governance structures, shareholders and investors are raising concerns over executive bonuses. To bring balance to the equation, companies have to punish executives through clawbacks for misconduct. The Wells Fargo scandal is an example of how clawbacks can be effectively used to punish wrongdoing. In the aftermath of...

How to Build a Compliance Compensation System (Part I of II)

The Justice Department’s recent revisions to its Corporate Enforcement Program and its Evaluation of Corporate Compliance Programs stressed the importance of compensations systems and consequence management.  The theoretical underpinning of DOJ’s expanded focus is to increase the consequences to individuals who engage in misconduct or supervisors who turn a blind eye to misconduct.  Individuals already face potential criminal prosecution for engaging in misconduct but the...

Episode 282 — The Evolving Partnership: Compliance and Cybersecurity

If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy.  The rapid elevation of this risk is reflected in weekly headlines announcing ransomware, cyber-attacks and data breaches. Companies that have experienced a cyber-attack are forever changed.  The board and senior executive team quickly...

Navigating Recent BIS Changes to the EAR: A Practical Primer for the Medical Device and Product Industry

Alex Cotoia, Regulatory Manager and Senior Consultant at The Volkov Law Group, rejoins us for a posting on recent Bureau of Industry and Security’s export control restrictions and the impact on the medical device industry.  Alex can be reached at [email protected]. Among other things, on May 19, 2023, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a sweeping new set of...

Third-Party Risk Management: A Critical Task for Cybersecurity and Breach Prevention

We are all familiar with the mantra on the importance of managing third-party risk to prevent anti-corruption, sanctions, money laundering and associated risks.  Over the last ten years, however, we have observed a new and important addition to the third-party risk plate – cybersecurity and data breach.  And of course we have a posterchild for this risk – the 2013 attack on Target’s financial and...

Bank of America Hit with $250 Million in Penalties for Account Abuse Practices

Bank of America joined the club of consumer abusers – Wells Fargo had been the well-established leader of this club and the poster-child for abusive consumer practices.  For years, Bank of America avoided federal enforcement for abuses and could distinguish itself from the poster-child, Wells Fargo.  Bank of America’s conduct is inexplicable. In response to the Wells Fargo scandal, you would have expected that Bank...

Episode 281 — NAVEX’s 2023 State of Risk and Compliance Report

NAVEX’s annual report on the state of risk and compliance is a must read.  Each year NAVEX supplies helpful insights that compliance professionals, corporate managers and board members can use to benchmark their respective risk management and compliance strategies. This year’s survey reflects submissions from over 1300 respondents around the globe. In this Episode, Michael Volkov reviews NAVEX’s 2023 State of Risk and Compliance Report.

Technical Elements of a Cybersecurity Compliance Program (IV of IV)

The term cybersecurity is thrown about because it covers so many risks.  There is no common definition of cybersecurity and the technical elements included in the term.  From a technical standpoint, cybersecurity covers multiple types and layers of protection for technology. A company needs to identify and understand elements of its Information Technology infrastructure, including specific types of devices and uses.  The goal is to...

The Cyber Compliance Imperative: Bringing Employees Together with Technology (Part III of IV)

It is easy to get lost in the technology world of cyber security – the information technology business relies on lots of acronyms, techno-speak and function-specific terminology.  In responding to a cyber and data security risk profile, laypersons expect to hear a lot about technology-driven solutions.  In fact, a lot of time is spent reviewing, assessing and selecting specific solutions to incorporate into an overall...

Maintaining Focus on Cyber Risks (Part II of IV)

If you read about the world of hackers and cyber threats, you will quickly become numb to the creativity and variety of techniques that may threaten your organization.  Like all risks, however, the key is to consider practically the real and significant threats to your organization.  If you attempt to address each and every possible threat, you will drive yourself crazy.  It is important to...