Corruption Crime & Compliance Michael Volkov

A new compliance cottage industry surrounds artificial intelligence. We are at such an early stage of AI development, and companies are still figuring out how they can employ the technology. However, some industries, such as financial institutions, have been using AI for fraud detection and other issues. These early adopters will likely set the tone for AI compliance practices. There is no question that AI holds terrific promise. The hype surrounding AI is just that -- hype. Until there is more certainty surrounding AI technology, we will witness a lot of bloviating. But this aside, corporate boards, senior executives, and business developers need to pay attention until the dust settles. The AI industry is moving so fast that the sooner we start to focus, the nimbler our response will be.

Luckily, ethics and compliance principles are easily adaptable to AI risks. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses how the compliance profession is more than capable of building effective compliance programs around AI operations.


Financial institutions have been using AI for fraud detection and other issues. They are at the forefront of developing compliance practices around AI.Companies need to embrace AI's promise and not get overwhelmed by all the hype. Corporate boards, senior executives, and business developers must pay attention until the dust settles.The AI industry is moving fast, and companies need to focus on what’s happening. Compliance has to be nimble and quick, just like the technology.Like every aspect of a business, any new technology presents risks, and AI certainly presents risks that need to be mitigated. This, in turn, leads to the necessary question: How should a company structure its AI risk and compliance program?AI can be a very productive tool. It can easily end up reducing costs and increasing efficiency. More efficient companies can help the economy expand and create new opportunities for growth.Financial institutions, tech companies, pharmaceutical, medical device and transportation logistics industries are likely to be significant users of AI technology.Generative AI use may increase the risk of fraud and will need to incorporate risk mitigation costs and capabilities.Compliance professionals have the intelligence, professional capabilities, and integrity to rise to the challenge of AI technology and onboard a third party.
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group

With the beginning of the “New FCPA” era coined by DOJ’s Deputy Attorney General Lisa Monaco, we now need to focus on third-party risk and sanctions enforcement. The law, the practice, and the risks are important and not just the same as FCPA legal requirements. As we embark on a new criminal enforcement era surrounding sanctions violations, companies have to address this issue and do it correctly. 

In this episode, Michael Volkov takes a comprehensive look at third-party risks from the distribution and supply sides and outlines appropriate strategies to manage these risks.

Epsilon Electronics serves as a stark reminder of the financial consequences of non-compliance. The company faced an OFAC enforcement action due to a shipment to Iran, resulting in a staggering penalty of over $4 million.Apollo Aviation Group settled with OFAC for $210,600 for leasing aircraft engines which ultimately ended up being placed in to aircraft of a prohibited entity, Sudan Airways, violating sanctions regulations.ELF Cosmetics settled with OFAC for $996,000 for importing false eyelash kits containing materials sourced from North Korea, highlighting supply chain due diligence failures.The ELF Cosmetics case underscores the crucial role of supply chain due diligence in preventing sanctions violations. Instead of sticking their heads in the sand, companies must undertake basic supply chain due diligence when sourcing products from regions close to high-risk countries or regions.“Reason to know” is now the key phrase guiding the New FCPA era. OFAC does not need to prove goods ultimately end up in a sanctioned country. When you see red flags, you must resolve them or they could be considered a “reason to know” in OFAC’s eyes.Seven essential elements to boost your compliance program and effectively mitigate third-party sanctions risks include risk assessment, varying levels of due diligence, end-user documentation, monitoring, training, and red flag identification.
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group

Carlos Villagrán is the Director of Compliance at CMPC, a 100-year-old Chilean-based holding company, one of the worldwide leading pulp, paper, packaging, personal care, and other forest products manufacturers. With more than 20,000 employees, CMPC has industrial operations in 9 countries (LatAm and the US) and commercial offices in the US, Europe, and China, selling and distributing its products to more than 45 countries around the world. Carlos joined CMPC to remediate and rebuild CMPC's culture and compliance program after a devastating scandal -- CMPC was prosecuted for its involvement in a decade-long conspiracy to fix prices in Peru and Chile for consumer paper products. Carlos discusses the challenges he faced in rebuilding CMPA's culture and commitment to compliance. His story is an inspiration to all legal and compliance professionals and provides important instructive lessons to corporate leaders and compliance professionals.

You'll hear Michael and Carlos discuss:

The importance of rebuilding and rediscovering the values and purpose of CMPC after a major corporate crisis.The effects on market share quotas and sales prices when CMPC faced an investigation and found to be the leader of a cartel in Chile and Peru.How the crisis significantly impacted CMPC's reputation, leading to public protests and consumer backlash in Chile and Peru.CMPC’s compliance team addressed the company’s complex nature because of its diverse workforce, including data analytics experts, IT professionals, and engineers.How the compliance program at CMPC shifted from a traditional approach to a more cultural and system-thinking perspective, aligning with the company's values and operations.Success for the compliance program at CMPC is defined by the number of critical tables the team is seated on, indicating their value and integration within the business operations.
Resources
Carlos Villagran on the Web | LinkedIn
Email: carlos.villagran@cmpc.cl or cfvillagran@gmail.com

Michael Volkov on LinkedIn | Twitter
The Volkov Law Group

Over the last ten years, we have seen a marked shift from the Delaware Chancery Court chipping away at corporate board member liability claims. In a number of seminal cases involving Boeing airplane crashes (In re the Boeing Co. Derivative Litig., No. 2019-0907 (Del. Ch. Sept 7, 2021)), and deadly listeria outbreaks from tainted ice cream (Marchand v. Barnhill, 212 A.3d 805 (Del. 2019)), Delaware Courts have upheld plaintiffs' cases against claims of failing to adequately plead violations of the standards set forth in Caremark, 698 A.2d 959 (Del. Ch. 1996), (establishing basic pleading requirements to withstand motions to dismiss). 

In this episode, Mike Volkov provides a comprehensive update on the recent Caremark decisions issued by the Delaware Chancery Court, underscoring their importance for accountability and governance in the corporate world.

Caremark oversight duties stem from the well-established duty of loyalty and its subsidiary duty of good faith. To plead a Caremark claim, a plaintiff is required to put forth adequate facts from which a factfinder can make a reasonable inference that the fiduciary acted in bad faith. Under Caremark, bad faith can be established when a fiduciary: “(1) utterly fail[s] to implement any reporting or information system or controls," or (2) having implemented such a system or controls, consciously fail to monitor or oversee its operations, which results in a failure to act or attend to a risk or problem requiring their attention or response. Last year, the Chancery Court made a groundbreaking decision, extending the so-called Caremark oversight obligations and governance requirements to senior management in the McDonald's case. In re McDonald’s Corp. S’holder Derivative Litig., 289 A.3d 343 (Del. Ch. 2023). This ruling is one of the most significant developments in recent years, advocating for increased accountability for oversight and governance failures.Recent cases, such as the Boeing 737 MAX crashes and the Listeria outbreak from tainted Blue Bell ice cream, have highlighted failures in proper board governance and oversight responsibilities.In a case involving Segway, the Chancery Court dismissed a motion against an officer for failing to detect financial discrepancies, emphasizing the need to demonstrate a lack of good faith in monitoring central compliance risks.The trend in Delaware Chancery Court decisions is moving towards holding directors and officers accountable for failures to act in response to indications of potential illegal conduct, with a focus on bad faith actions.The Boeing case exemplifies the consequences of board members ignoring safety concerns and focusing solely on the bottom line, leading to tragic outcomes that could have been prevented with proper oversight and accountability.
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group

Directive 2019/1937 of the European Parliament and Council dated 23 October 2019 on the “protection of persons who report breaches of Union law” (the “Directive”) is currently being implemented by EU Member States. The directive has broad applicability to organizations operating in the EU internal market and applies to both public and private sector organizations alike. Whistleblowers are guaranteed legal protection to the extent: (1) they have reasonable grounds to believe that the information reported was true at the time of the report; and (2) the whistleblower reported either internally to the organization, externally to a competent authority, or publicly. Private sector organizations with 50 or more workers are legally required to establish channels and procedures for internal reporting of EU law breaches and conduct appropriate follow-up. 

In this episode, Mike Volkov is joined by Daniela Melendez and Alex Cotoia from the Volkov Law Group, who bring their expertise to the table as they delve into the EU Directive and its implementation by several member states. Listen to this discussion to understand and navigate the complexities of the EU Whistleblowing Directive.

The EU Whistleblower Directive shifts the burden of proof on retaliatory actions to the person taking the detrimental action, requiring them to demonstrate it was not linked to reporting concerns.Global companies are taking a proactive stance by increasingly focusing on robust ethics and compliance programs. This strategic move is aimed at mitigating risks and promoting positive corporate citizenship in today's economy, where adherence to legal and ethical standards is paramount.France signed the EU Directive into law on March 21, 2022, outlining protocols for gathering and handling whistleblower reports, including a two-month deadline for imposing disciplinary sanctions.Germany enacted the EU Directive on May 12, 2023, allowing anonymous reports and setting a three-month investigation deadline after receiving the report.Spain addressed the EU Directive on February 2023 by covering additional topics like occupational health and safety breaches. The directive established a three-month deadline for investigations and allowed anonymous reports.Italy transposed the EU Directive on August 4, 2022, including administrative, financial, civil, and criminal offenses not covered by the Directive, with a 30-day deadline to conduct investigations upon receipt of reports.Companies are advised to make resources available to conduct investigations quickly due to the short timeframes set by various countries' whistleblower protection laws.
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group
Alex Cotoia on LinkedIn 
Email: acotoia@volkovlaw.com
Daniela Melendez on LinkedIn
Email: dmelendez@volkovlaw.com

NAVEX continues to produce high-quality compliance reports, many of which are a must-read in the compliance industry. Its annual Whistleblower Report is of particular note -- NAVEX is the leading provider of hotline services in the world, and its data is invaluable as a source of trends in this industry. This year --2024 -- is no exception. NAVEX combed through the data from 3784 organizations for 2023. Its headline conclusion -- 2023 was a busy year, with a record level of use and the substantiation rate reaching an eleven-year high. More reports came in, and more were found to be true. 

Listen in as Michael discusses the findings of these reports and why the increase is a good sign, not a bad sign. It means that employees trust their respective hotline reporting systems to produce results.

NAVX's 2024 Whistleblower Report revealed a record level of use and an 11-year high substantiation rate, indicating increased trust in employee reporting systems.Accounting-related reports, comprising approximately 4.3% of all reports in 2023, had a significant impact. With a median substantiation rate of 50%, these reports often led to employment separation events, underscoring the seriousness of the issues raised.Third-party reports were more likely to focus on business integrity and financial misconduct issues, accounting for 50% of reports compared to employees' 17%.Reports of imminent threats had a high substantiation rate in 2023, with nearly 9 out of 10 reports proven to be substantiated, highlighting the seriousness of such issues.Workplace civility complaints increased to 18% of reported cases, reflecting a growing concern within organizations about maintaining a respectful work environment and culture.HR issues, a significant portion of all reports in 2023, accounted for 55% of the total. This underscores the importance of addressing internal workplace issues, such as workplace discord, discrimination, harassment, and retaliation, to maintain a healthy and productive work environment.Clear Channel's extensive cooperation with the investigation, prompt sharing of facts, document production, and employee interviews demonstrated a commitment to transparency and accountability in addressing compliance issues.
Resources
Michael Volkov on LinkedIn | Twitter
The Volkov Law Group