The SEC continues to exercise its powerful enforcement tool – internal controls violations – in FCPA enforcement actions against public companies.  Kinross Gold Corporation is the latest company to enter into an FCPA settlement. Kinross agreed to pay $950,000 for inadequate internal controls and books and records violations centered on the activities of two mining companies Kinross acquired.  The SEC cited no evidence of any...

Companies continue to face significant risks from their third parties.  In response, companies are implementing sophisticated due diligence and third party risk management systems.  FCPA enforcement risks are only one of several risks created by a company’s third parties.  Companies have to screen and review their third parties for corruption, sanctions, money laundering, antitrust, human trafficking, child labor and reputational risks. In this three-part series,...

The Volkov Law Group continues to offer innovative legal services focused on ethics and compliance programs, enforcement defense, and internal investigations. See Firm website here. The Volkov Law Group team includes talented professionals: Lauren Connell, Managing Associate; Jacqui Martin (formerly Merrill), Senior Associate; Susan Simpson, Associate; Matt Stankiewicz, Associate; and Vincent Ruiz, Counsel. See Firm profiles here. The Volkov Law Group believes that every company...

In Part IV of my series on ISO 37001, I examine requirements relating to risk assessments, design of policies and procedures, and due diligence requirements. Section 4.5 sets out requirements for conducting risk assessments. ISO 37001 requires companies to conduct regular risk assessments in order to identify the bribery risks the company might reasonably anticipate; analyze, assess and prioritize the identified bribery risks; and evaluate...

In Part II of my continuing series, I identify in broad strokes some of the more significant positive and negative aspects of ISO 37001. While it is easy to second-guess the ISO 37001 authors, there are some interesting issues that are addressed and some missed opportunities to advance ethics and compliance systems. On the positive side, ISO 37001 is keyed to a valuable concept of...

There has been so much attention paid to due diligence. We have reams and reams of articles highlighting the importance of due diligence. In addition, numerous vendors of due diligence services and technologies fill the marketplace with whitepapers, articles and information underscoring the importance of due diligence and advising on how to conduct effective due diligence. There is nothing wrong with the attention paid to...

Every company has done it. Chief Compliance Officers have had to hold their respective noses and push forward with due diligence to retain a risky third party. Rather than reject the third party, a CCO convinces him or herself that the company can mitigate the risks by contract representations and warranties, annual certifications, and a plan to monitor and audit the third party in the...

I am proud to announce a new sponsor, Exiger, a well-known leader in governance, risk management and compliance services. Exiger assists organizations worldwide with practical advice and technology solutions to prevent compliance breaches, respond to risk, remediate major issues and monitor ongoing business activities. Exiger’s unique blend of industry expertise in financial crime compliance, diligence, and investigations uniquely positions Exiger to help organizations with actionable...

To design and implement an effective ethics and compliance program, companies have to conduct a risk assessment and tailor its policies and programs to its risk profile. DOJ’s Compliance Evaluation reinforces this framework for a compliance program. Risk Assessment At the outset, a company has adopt a specific methodology for its risk assessment, the types of information it will collect and analyze, and the metrics...