Tagged: due diligence

Five Lessons for Third-Party Distributor Risk Management from Microsoft FCPA Settlement (Part III of III)

The Microsoft FCPA settlement, while not significant in the total penalty of approximately $25 million, provides some important instructions concerning distributor and re-seller risks and mitigation strategies.  Here are five important lessons learned:  Discount Controls and Customer/End User Pricing: Microsoft agreed to provide significant discounts based on false justifications.  Microsoft failed to confirm the justification for the discounts that permitted the bad actors to create...

NAVEX Global Releases 2018 Third-Party Risk Benchmark Report

NAVEX Global has issued its Third-PartyBenchmark Report.  (HERE). The NAVEX Global Report contains important insights and data concerning ethics and compliance programs and third-party risk management strategies.  I was pleased to assist NAVEX Global in preparing the 2018 Benchmark Report. Knowing how to appropriately define, screen and monitor your third parties is essential to minimizing risk. New industry benchmarks, along with the expert guidance provided in...

Kinross Gold Mining FCPA Settlement: SEC Continues Internal Controls Focus

The SEC continues to exercise its powerful enforcement tool – internal controls violations – in FCPA enforcement actions against public companies.  Kinross Gold Corporation is the latest company to enter into an FCPA settlement. Kinross agreed to pay $950,000 for inadequate internal controls and books and records violations centered on the activities of two mining companies Kinross acquired.  The SEC cited no evidence of any...

Episode 28 — Due Diligence and Third Party Risk Management (Part I of III)

Companies continue to face significant risks from their third parties.  In response, companies are implementing sophisticated due diligence and third party risk management systems.  FCPA enforcement risks are only one of several risks created by a company’s third parties.  Companies have to screen and review their third parties for corruption, sanctions, money laundering, antitrust, human trafficking, child labor and reputational risks. In this three-part series,...

Update on The Volkov Law Group

The Volkov Law Group continues to offer innovative legal services focused on ethics and compliance programs, enforcement defense, and internal investigations. See Firm website here. The Volkov Law Group team includes talented professionals: Lauren Connell, Managing Associate; Jacqui Martin (formerly Merrill), Senior Associate; Susan Simpson, Associate; Matt Stankiewicz, Associate; and Vincent Ruiz, Counsel. See Firm profiles here. The Volkov Law Group believes that every company...

ISO 37001: Risk Assessments, Employees, and Due Diligence Requirements (Part IV of V)

In Part IV of my series on ISO 37001, I examine requirements relating to risk assessments, design of policies and procedures, and due diligence requirements. Section 4.5 sets out requirements for conducting risk assessments. ISO 37001 requires companies to conduct regular risk assessments in order to identify the bribery risks the company might reasonably anticipate; analyze, assess and prioritize the identified bribery risks; and evaluate...

ISO 37001: The Good, The Bad and the Ugly (Part II of V)

In Part II of my continuing series, I identify in broad strokes some of the more significant positive and negative aspects of ISO 37001. While it is easy to second-guess the ISO 37001 authors, there are some interesting issues that are addressed and some missed opportunities to advance ethics and compliance systems. On the positive side, ISO 37001 is keyed to a valuable concept of...

The Objective of Due Diligence: To Protect Your Culture

There has been so much attention paid to due diligence. We have reams and reams of articles highlighting the importance of due diligence. In addition, numerous vendors of due diligence services and technologies fill the marketplace with whitepapers, articles and information underscoring the importance of due diligence and advising on how to conduct effective due diligence. There is nothing wrong with the attention paid to...

Retaining a “Risky” Third-Party

Every company has done it. Chief Compliance Officers have had to hold their respective noses and push forward with due diligence to retain a risky third party. Rather than reject the third party, a CCO convinces him or herself that the company can mitigate the risks by contract representations and warranties, annual certifications, and a plan to monitor and audit the third party in the...

Welcome to New Sponsor: Exiger, a Global Governance, Risk and Compliance Leader

I am proud to announce a new sponsor, Exiger, a well-known leader in governance, risk management and compliance services. Exiger assists organizations worldwide with practical advice and technology solutions to prevent compliance breaches, respond to risk, remediate major issues and monitor ongoing business activities. Exiger’s unique blend of industry expertise in financial crime compliance, diligence, and investigations uniquely positions Exiger to help organizations with actionable...