Steele Webinar: Top 6 Due Diligence Best Practices Third-Party Risk Management April 16, 2020, 11 AM EST Sign Up HERE Faced with complex, global third-party networks, it’s more critical than ever for companies to have an effective strategy for evaluating and monitoring third-party risk. Without continuous monitoring and a strong anti-bribery anti-corruption (ABAC) program, companies can find themselves the target of multiple enforcement actions for...

The Microsoft FCPA settlement, while not significant in the total penalty of approximately $25 million, provides some important instructions concerning distributor and re-seller risks and mitigation strategies.  Here are five important lessons learned:  Discount Controls and Customer/End User Pricing: Microsoft agreed to provide significant discounts based on false justifications.  Microsoft failed to confirm the justification for the discounts that permitted the bad actors to create...

NAVEX Global has issued its Third-PartyBenchmark Report.  (HERE). The NAVEX Global Report contains important insights and data concerning ethics and compliance programs and third-party risk management strategies.  I was pleased to assist NAVEX Global in preparing the 2018 Benchmark Report. Knowing how to appropriately define, screen and monitor your third parties is essential to minimizing risk. New industry benchmarks, along with the expert guidance provided in...

The SEC continues to exercise its powerful enforcement tool – internal controls violations – in FCPA enforcement actions against public companies.  Kinross Gold Corporation is the latest company to enter into an FCPA settlement. Kinross agreed to pay $950,000 for inadequate internal controls and books and records violations centered on the activities of two mining companies Kinross acquired.  The SEC cited no evidence of any...

Companies continue to face significant risks from their third parties.  In response, companies are implementing sophisticated due diligence and third party risk management systems.  FCPA enforcement risks are only one of several risks created by a company’s third parties.  Companies have to screen and review their third parties for corruption, sanctions, money laundering, antitrust, human trafficking, child labor and reputational risks. In this three-part series,...

The Volkov Law Group continues to offer innovative legal services focused on ethics and compliance programs, enforcement defense, and internal investigations. See Firm website here. The Volkov Law Group team includes talented professionals: Lauren Connell, Managing Associate; Jacqui Martin (formerly Merrill), Senior Associate; Susan Simpson, Associate; Matt Stankiewicz, Associate; and Vincent Ruiz, Counsel. See Firm profiles here. The Volkov Law Group believes that every company...

In Part IV of my series on ISO 37001, I examine requirements relating to risk assessments, design of policies and procedures, and due diligence requirements. Section 4.5 sets out requirements for conducting risk assessments. ISO 37001 requires companies to conduct regular risk assessments in order to identify the bribery risks the company might reasonably anticipate; analyze, assess and prioritize the identified bribery risks; and evaluate...

In Part II of my continuing series, I identify in broad strokes some of the more significant positive and negative aspects of ISO 37001. While it is easy to second-guess the ISO 37001 authors, there are some interesting issues that are addressed and some missed opportunities to advance ethics and compliance systems. On the positive side, ISO 37001 is keyed to a valuable concept of...

There has been so much attention paid to due diligence. We have reams and reams of articles highlighting the importance of due diligence. In addition, numerous vendors of due diligence services and technologies fill the marketplace with whitepapers, articles and information underscoring the importance of due diligence and advising on how to conduct effective due diligence. There is nothing wrong with the attention paid to...

Every company has done it. Chief Compliance Officers have had to hold their respective noses and push forward with due diligence to retain a risky third party. Rather than reject the third party, a CCO convinces him or herself that the company can mitigate the risks by contract representations and warranties, annual certifications, and a plan to monitor and audit the third party in the...