n today’s fast-paced business environment, regulatory compliance has become both more critical and more complex. Organizations are expected to maintain rigorous internal controls, ensure transparency, and respond swiftly to audits all while managing sprawling IT ecosystems and evolving risk landscapes.

Regulations like the Sarbanes-Oxley Act (SOX) demand companies adhere to strict financial reporting, information security, and auditing requirements. Yet many businesses still rely on manual processes and fragmented systems to meet these requirements. This approach is not only inefficient but also increases the risk of errors, omissions, and non-compliance.

As digital transformation accelerates, compliance teams are being asked to do more with less and the result is a widening gap between compliance obligations and operational capacity.

AI and Automation: Driving a Transformation

Artificial intelligence and automation technologies are emerging as powerful allies in the quest for smarter, more scalable compliance. These tools can streamline routine tasks while enhancing accuracy and provide real-time insights into control effectiveness.

Automation is particularly effective in handling repetitive, rules-based activities such as data collection and report generation. By reducing manual effort, it frees up compliance professionals to focus on strategic oversight and risk mitigation.

AI, on the other hand, brings intelligence into the equation. Machine learning algorithms can analyze vast datasets to detect anomalies, flag potential risks, and even predict future compliance issues. Natural language processing can extract insights from unstructured data, such as emails or policy documents, enabling more comprehensive monitoring.

Together, AI and automation are transforming compliance from a reactive, checklist-driven function into a proactive, intelligence-led discipline.

Continuous Compliance and Adaptive Controls

One of the most transformative shifts enabled by AI and automation is the move toward continuous compliance. Rather than relying on periodic audits or static control reviews, organizations can now monitor their control environments in real time.

This approach allows for faster detection of issues, quicker remediation, and more reliable assurance for stakeholders. It also aligns better with the dynamic nature of modern business, where risks can emerge and evolve rapidly.

Adaptive controls, powered by AI, take this a step further. These controls can adjust dynamically based on context, user behavior, or risk signals. For instance, if a user accesses sensitive financial data from an unfamiliar location, the system might require multi-factor authentication or temporarily restrict access until the activity is verified.

Such intelligent controls enhance security while maintaining operational flexibility, helping organizations strike the right balance between risk management and business agility.

Implementation Challenges and Considerations

While the benefits of AI and automation are clear, successful implementation requires thoughtful planning and execution. Organizations must ensure that these technologies are properly integrated into existing systems and workflows, and that they align with broader compliance strategies.

Data quality is a critical factor. AI models rely heavily on accurate, comprehensive inputs to deliver meaningful insights. Poor data hygiene can lead to false positives, missed risks, or misleading recommendations.

Regulatory alignment is another key consideration. As AI becomes more embedded in compliance processes, regulators are beginning to scrutinize its use. Companies must ensure that their AI-driven practices are transparent, explainable, and auditable. This includes documenting how models are trained, how decisions are made, and how outputs are validated.

Cultural change is also essential. Compliance teams may need to develop new skills as they adopt new tools and embrace new ways of working. Collaboration—with IT, cybersecurity, and business units—is vital to ensure that AI and automation initiatives are successful and sustainable.

Solutions for Cybersecurity and Compliance Leaders

To navigate this transformation effectively, organizations should focus on a few foundational strategies:

• Adopt AI-Integrated Platforms. Start with tools that work seamlessly with your ERP and IT systems to automate tasks and track regulatory change
• Automate Repetitive Tasks. Free up your compliance team by automating routine activities like data entry and control testing
• Stay Ahead of Regulatory Shifts. Use AI to anticipate changes and adjust your compliance strategies before an issue arises
• Build Transparent Audit Trails. Leverage AI to document compliance activities clearly, making audits smoother and more defensible
• Centralize Data for Collaboration. Ensure all departments work from the same source of truth to improve coordination and decision-making.

Cybersecurity vendors have a unique opportunity to support these efforts by offering solutions that combine automation, AI, and robust control frameworks. By helping clients modernize their compliance environments, vendors can deliver measurable value while strengthening trust and resilience.

AI is a Business Imperative

AI and automation are no longer emerging trends, they are strategic imperatives for organizations seeking to modernize compliance and internal control management. These technologies offer a path to greater efficiency, accuracy, and agility, enabling companies to meet regulatory demands while staying ahead of risk.

For cybersecurity companies, the opportunity lies in guiding clients through this transformation with scalable, transparent, and vendor-neutral solutions. By doing so, they can help build a future where compliance is not just a requirement, but a competitive advantage. 

Chris Radkowski is an SAP GRC expert at Pathlock, an identity security and governance platform. A recognized leader in access governance with over 20 years of experience driving innovation in enterprise security and compliance solutions, he brings deep expertise in application access governance, risk management and regulatory compliance.

The post Modernizing Compliance: How AI and Automation Are Reshaping Internal Controls appeared first on Compliance Chief 360.

The OCC initially charged Bank of America based on violations and unsafe practices relating to these programs, including a failure to timely file suspicious activity reports and failure to correct a previously identified deficiency related to its Customer Due Diligence processes. The order also identifies deficiencies in the internal controls, governance, independent testing, and training components of the bank’s BSA compliance program.

The order requires the bank to take corrective actions to enhance its BSA/anti—money laundering (“AML”) and sanctions compliance programs, including the hiring of an independent consultant to assess the bank’s BSA/AML and sanctions compliance programs and conduct reviews to ensure all suspicious activity was appropriately reported.

The OCC found that Bank of America “had a breakdown in its policies, procedures, and processes to identify, evaluate, and report suspicious activity, including the Bank’s systemic failure to ensure that it transaction monitoring system had appropriate thresholds for determining when transaction alerts should trigger a case investigation” and that it “failed to make acceptable substantial progress towards correcting a deficiency related to the Bank’s Customer Due Diligence processes that was previously reported to the Bank by the OCC.”

This settlement should not come as a surprise to investors as Bank of America disclosed in its October filing that it has been in contact with regulators about its compliance programs and could foresee potential enforcement actions charged against the bank.

This settlement represents the OCC’s effort in combatting deficient BSA/AML compliance programs. The OCC recently imposed a $450 million fine against TD Bank for its failure to develop and maintain a BSA/AML program reasonably designed to assure and monitor compliance with the BSA. As a result of the bank’s failure, may criminal groups such as drug cartels used it to launder more than $650 million in drug money.  

The post Bank of America Settles OCC Cease-and-Desist Order Over Compliance Deficiencies appeared first on Compliance Chief 360.

According to the SEC’s complaint, Silvergate, Lane, and Fraher misled investors in stating that Silvergate had an effective BSA/AML compliance program and conducted ongoing monitoring of its high-risk crypto customers, including FTX, in part to deny public rumors that FTX had used its accounts at Silvergate to enable FTX’s misconduct. In reality, Silvergate’s automated transaction monitoring system failed to monitor more than $1 trillion of transactions by its customers on the bank’s payments platform, the Silvergate Exchange Network.

“At all times, but especially during moments of crises, public companies and their officers must speak truthfully to the investing public. Here, we allege that Silvergate, Lane and Fraher fell not only woefully, but also fraudulently, short in that regard,” said Gurbir Grewal, Director of the SEC’s Division of Enforcement. “Rather than coming clean to investors about serious deficiencies in its compliance programs in the wake of the collapse of FTX, one of Silvergate’s largest banking customers, they doubled down in a way that misled investors about the soundness of the programs. In fact, because of those deficiencies, Silvergate allegedly failed to detect nearly $9 billion in suspicious transfers among FTX and its related entities. Silvergate’s stock eventually cratered, wiping out billions in market value for investors.”

SEC Alleges Silvergate Misrepresented Its Financial Condition

The SEC’s complaint also alleges that Silvergate and Martino misrepresented the company’s bleak financial condition during a liquidity crisis and bank run following FTX’s collapse. The complaint alleges that Silvergate and Martino, in an earnings release and earnings call, understated Silvergate’s losses from expected security sales and misrepresented that it remained well-capitalized as of December 31, 2022. In March 2023, Silvergate announced it would wind down its banking operations, and its stock eventually plummeted to near $0.

The SEC charged Martino with violating certain of the antifraud and books-and-records provisions of the federal securities laws, and with aiding and abetting certain of Silvergate’s violations. The complaint also charges Silvergate, Lane, and Fraher with fraud and charges Silvergate with violating certain reporting, internal accounting controls, and books-and-records provisions.

Without admitting or denying the allegations, Silvergate agreed to a settlement ordering it to pay a $50 million civil penalty and imposing a permanent injunction to settle the charges. Lane and Fraher also settled the charges without admitting or denying the allegations, agreeing to permanent injunctions, five-year officer-and-director bars, and fines of $1 million and $250,000 respectively.

All the settlements require court approval, and Silvergate’s payment may be offset by penalties paid to the Board of Governors of the Federal Reserve System (FRB) and/or the California Department of Financial Protection and Innovation (DFPI). In parallel actions, FRB and DFPI today announced settled charges against Silvergate.  

Jacob Horowitz is a contributing editor at Compliance Chief 360° 

The post Silvergate Settles SEC Charges for Compliance Failures appeared first on Compliance Chief 360.

“Bank Secrecy Act and Anti-Money Laundering laws and regulations are critical national security protections, safeguarding financial markets and consumers from bad actors,” said Superintendent of Financial Services, Adrienne Harris. “Regulated institutions must be held accountable for failing to adhere to New York’s rigorous legal and regulatory standards.”

The Consent Order resolves the Department’s investigation into ICBC’s compliance failures, including multiple deficiencies in the New York branch’s BSA/AML compliance program from 2018 through 2022 including the Bank’s failure to maintain books and records, its failure to submit a report to the Superintendent upon discovering the occurrence of “embezzlement, misapplication, larceny, forgery, fraud, dishonesty, making of false entries and omission of true entries, or other misconduct.”

The investigation also concluded that a former New York branch employee, under the order of a branch employee, backdated several compliance documents and that ICBC failed to report this misconduct to the Department in a timely fashion. Finally, the investigation concluded that ICBC unlawfully disclosed confidential supervisory information to an overseas regulator.

Required ICBC Compliance Improvements

As part of its agreement with the Department, in addition to paying a $30 million penalty to New York State, ICBC will be required to create a written plan, acceptable to the Department, outlining improvements to compliance policies and procedures, corporate governance and management oversight, customer due diligence requirements, and the handling of confidential supervisory information. According to the Consent Order the Bank’s  plan is required to include updates on the following:

• A system of internal controls reasonably designed to ensure compliance with BSA/AML requirements and relevant state laws and regulations;
• Controls reasonably designed to ensure compliance with all requirements relating to correspondent accounts for foreign financial institutions;
• A comprehensive BSA/AML risk assessment that identifies and considers all products and services of the New York Branch, customer types, geographic locations, and transaction volumes, as appropriate, in determining inherent and residual risks;
• Management of the New York Branch’s BSA/AML compliance program by a qualified compliance officer, who is given full autonomy, independence, and responsibility for implementing and maintaining an effective BSA/AML compliance program that is commensurate with the New York Branch’s size and risk profile, and is supported by adequate staffing levels and resources;
• Identification of management information systems used to achieve compliance with BSA/AML requirements and relevant state laws and regulations, and a timeline to review key systems to ensure they are configured to mitigate BSA/AML risks;
• Comprehensive and timely independent testing for the New York Branch’s compliance with applicable BSA/AML requirements and relevant state laws and regulations; and
• Effective training for all appropriate New York Branch personnel and appropriate ICBC personnel that perform BSA/AML compliance-related functions for the New York Branch in all aspects of BSA/AML requirements, relevant state laws and regulations, and relevant internal policies and procedures.  

The post China Bank AML Settlement Comes with Several Compliance Requirements appeared first on Compliance Chief 360.

These companies further admitted to negotiating with and paying armed groups and terrorists, negotiating revenue-sharing agreements with ISIS to seek economic advantage, and concealing their payments, falsified records, and backdated contracts. Under the terms of the resolution with the Department of Justice, Lafarge and LCS will pay a financial penalty, including criminal fines and forfeiture, of $777.78 million.

In remarks announcing the guilty plea, DoJ authorities said the historic resolution marks the first time ever the United States has charged a company with providing material support and resources to terrorist organizations. It also marks the first time ever a company has pleaded guilty to supporting terrorist organizations.

“Never before has a corporation been charged with providing material support and resources to foreign terrorist organizations,” said U.S. Attorney Breon Peace for the Eastern District of New York. “This unprecedented charge and resolution reflect the extraordinary crimes committed and demonstrates that corporations that take actions in contravention of our national security interests in violation of the law will be held to account.”

The scheme
According to court documents, from approximately May 2010 to September 2014, Lafarge, through LCS, constructed and operated a cement plant in the Jalabiyeh region of Northern Syria (the Jalabiyeh Cement Plant).

After the Syrian Civil War began in 2011, LCS executives purchased raw materials needed to manufacture cement from ISIS-controlled suppliers and paid monthly “donations” to armed groups, including ISIS and ANF, so that employees, customers, and suppliers could traverse checkpoints controlled by the armed groups on roads around the Jalabiyeh Cement Plant.

Lafarge and LCS executives “intentionally structured their agreements with ISIS to compensate the terrorist organization based on the amount of cement that LCS was able to sell—effectively, a revenue-sharing agreement—to incentivize the terrorist group to act in LCS’s economic interest,” the DoJ said.

As a condition of entering into this revenue-sharing agreement, Lafarge and LCS executives conspired with ISIS to act against its competitors, “either by stopping the sale of competing imported Turkish cement in the areas under ISIS’s control or by imposing taxes on competing cement that would allow LCS to raise the prices at which it sold cement,” the DoJ said.

From August 2013 through October 2014, Lafarge and LCS paid ISIS and ANF, through intermediaries, approximately $5.92 million in fixed monthly “donation” payments to ISIS and ANF, payments to ISIS-controlled suppliers to purchase raw materials, and variable payments based on the amount of cement LCS sold. The third-party intermediaries who negotiated with and made payments to ISIS and ANF on Lafarge’s and LCS’s behalf were paid approximately $1.11 million.

Moreover, in furtherance of the conspiracy, when LCS evacuated the Jalabiyeh Cement Plant in September 2014, ISIS took the cement LCS had produced and sold it, yielding ISIS approximately $3.21 million.

Over this period, from August 2013 through 2014, LCS obtained approximately $70.30 million in total sales revenue. Total gains to LCS, the intermediaries, and the terrorist groups, was approximately $80.54 million.

Concealing the scheme
Lafarge and LCS executives actively concealed their scheme in the following ways:

• Required intermediaries to create business entities with names not obviously linked to the intermediaries and created invoices with false descriptions of services rendered for an intermediary to submit to LCS;
• Structured the revenue-sharing payments to ISIS so that LCS’s customers would pay ISIS the amounts owed under LCS’s agreement with ISIS, while LCS discounted the prices it charged to the customers to reimburse them;
• Required ISIS not to include the name “Lafarge” on the documents memorializing and implementing their agreements; and
• Used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.

In October 2014, as a condition of paying an intermediary for having negotiated with ISIS and other armed groups, Lafarge and LCS executives required the intermediary to sign an agreement terminating his agreement to provide services to LCS.

“Critically, the Lafarge and LCS executives backdated the termination agreement to Aug. 18, 2014, a date shortly after the United Nations Security Council had issued a resolution calling on member states to prohibit doing business with ISIS and ANF, to falsely suggest that he had not been negotiating with ISIS on behalf of LCS after the U.N. resolution,” the DoJ said.

Compliance lessons
In July 2015, Holcim acquired Lafarge. However, Lafarge executives did not disclose LCS’s payments to ISIS and ANF to this successor company during pre-acquisition diligence meetings. Nor did Holcim conduct pre- or post-acquisition due diligence of LCS’s Syrian operation, the DoJ said.

“Here, [Holcim] did not perform due diligence of Lafarge’s operations in Syria, despite the clear compliance risks posed by operations in the region, and it did nothing to investigate or address Lafarge’s illegal activities until they were publicly exposed,” Deputy Attorney General Lisa Monaco said in her remarks announcing the guilty plea.

Lafarge, LCS, and the successor company also did not self-report the conduct or fully cooperate in the investigation, she noted.

“This case sends the clear message to all companies, but especially those operating in high-risk environments, to invest in robust compliance programs, pay vigilant attention to national security compliance risks, and conduct careful due diligence in mergers and acquisitions,” Monaco said.

Lafarge and Holcim respond
In a statement, Lafarge said it now has effective compliance and risk management controls and functions in place to detect and prevent any similar potential misconduct and, thus, “the DoJ determined that the appointment of an independent compliance monitor is not necessary,” the company said.

“None of the conduct involved Lafarge operations or employees in the United States, and none of the executives who were involved in the conduct are with Lafarge or any affiliated entities today,” the company added.

Lafarge said it is cooperating with French authorities in their investigation of the misconduct.

Holcim also issued a statement: “None of the conduct involved Holcim, which has never operated in Syria, or any Lafarge operations or employees in the United States, and it is in stark contrast with everything that Holcim stands for.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post French Conglomerate Admits to Supporting Terrorists; Gets Massive Fine appeared first on Compliance Chief 360.

According to the FCA’s Oct. 12 decision notice, between June 2014 and July 2017, Gatehouse “failed to conduct sufficient checks on its customers in countries with a higher risk of money laundering and terrorist financing” and “failed to undertake the correct checks when some of the customers were classed as Politically Exposed Persons (PEPs).”

The FCA also said in its decision notice that Gatehouse’s compliance function was under-resourced and, “although Gatehouse had adopted a three-lines-of-defense model, this did not operate effectively, meaning that frontline relationship managers did not appropriately screen customers, and an overburdened compliance function was left to remedy deficiencies in the quality of due diligence information collected.”

In one instance, Gatehouse opened an account for a company based in Kuwait to pool the customers of this company’s funds for a prospective real estate investment. However, Gatehouse relied on the Kuwait company to carry out customer due diligence of the investors, “a large number of whom were high risk, high-net worth customers,” according to the FCA notice.

“Gatehouse took inadequate measures to confirm the quality of this company’s AML checks and did not require it to collect information about customers’ source of wealth and source of funds,” the FCA said. Consequently, for two years, Gatehouse accepted $62 million into the account without properly vetting the funds for financial crime risks, according to the FCA notice.

“Gatehouse Bank’s failures exposed itself to the risk that it might be used as part of a laundering process for illegal funds,” said Mark Steward, Executive Director of Enforcement and Market Oversight. “While not deliberate, there can be no excuse for failures as serious as this. The FCA will continue to hold firms to account for poor anti-money laundering systems and controls.”

In deciding the civil penalty, the FCA said it considered Gatehouse’s remedial measures in fixing the deficiencies in its AML controls. “In particular, between June 2014 and August 2016, Gatehouse undertook a compliance review to remediate customer files” and “invested in improving its AML systems and controls, including engaging external consultants to assist it and to advise on the overhaul of its AML systems and controls,” the FCA said in the notice.

Additionally, the FCA noted, “from mid-2016 to mid-2017, Gatehouse established and implemented a new suite of AML and financial crime related policies and procedures which addressed the deficiencies.”

Because Gatehouse cooperated and settled at an early stage of the investigation, it qualified for a 10 percent reduction off the original penalty of £2.26 million ($2.6 million). 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post U.K. Financial Conduct Authority Fines Gatehouse $1.8M for AML Lapses appeared first on Compliance Chief 360.

According to the SEC order, from at least 2014 through 2019, employees of Oracle subsidiaries in India, Turkey, and the United Arab Emirates (UAE) “used discount schemes and sham marketing reimbursement payments to finance slush funds held at Oracle’s channel partners in those markets.”

The SEC’s order further stated that employees of Oracle’s subsidiary in Turkey routinely used the slush funds to pay for the travel and accommodation expenses of foreign officials to attend technology conferences in Turkey and the United States. In some instances, employees of the Turkey subsidiary used these funds for the foreign officials’ families to accompany them on international conferences or take side trips to California, the SEC order stated.

“Oracle Turkey’s management, including the country leader, knew of and condoned the practice,” the SEC order stated. “Given how these schemes were implemented, Oracle lacks records regarding the full size and scope of how these off-book slush funds were used.”

Repeat Offender
This is the second time Oracle has been sanctioned by the SEC concerning creation of slush funds. In 2012, Oracle paid a $2 million penalty to resolve SEC charges for FCPA violations for failing to prevent Oracle India from secretly setting aside money off the company’s books that was eventually used to make unauthorized payments to phony vendors in India.

“The creation of off-book slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle’s Turkey, UAE, and India subsidiaries,” said Charles Cain, the SEC’s FCPA Unit Chief. “This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company’s operations.”

Without admitting or denying the SEC’s findings, Oracle agreed to cease and desist from committing violations of the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and to pay approximately $8 million in disgorgement and a $15 million penalty. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post Oracle to Pay $23 Million to Settle FCPA Charges … Again! appeared first on Compliance Chief 360.

Last week, Deputy Attorney General Lisa Monaco announced several policy changes intended to clarify how the agency prioritizes and prosecutes corporate crime. At a high level, the policy changes address four key areas: individual accountability and what information or documents companies must produce to show individual culpability; corporate recidivism; the benefits of voluntary self-disclosure and cooperation; and what considerations prosecutors will give in deciding whether a compliance monitor is required.

In follow-up remarks made at the University of Texas Law School on Sept. 16, Assistant Attorney General Kenneth Polite shared two new issues the Criminal Division is currently reconsidering in its prosecution of corporate wrongdoing, and what impact those changes are expected to have on companies moving forward. Those two isses are:

Personal devices and third-party messaging apps: The first area of enforcement focus is on the use of personal devices and third-party messaging applications by executives. Specifically, Polite said the Criminal Division will examine whether additional guidance is necessary regarding best practices for companies on the use of personal devices and third-party messaging apps, including ephemeral messaging, such as Snapchat.

“We have seen a rise in companies and individuals using these types of messaging systems, and companies must ensure that they can monitor and retain these communications as appropriate,” he warned. Until the agency issues additional guidance, however, the use of personal devices and third-party apps remains a heightened enforcement risk.

Compensation clawback policies: A second focus area for the Criminal Division, Polite said, will be to examine “whether, in some cases, we may be able to shift the burden of corporate financial penalties away from shareholders—who in many cases do not have a role in misconduct—onto those more directly responsible.” One potential option still being weighed, he said, is “how prosecutors will consider and reward corporations that develop and apply compensation clawback policies.” This is another area where more guidance may be forthcoming.

Voluntary self-disclosure
In addition to the two areas being examined by the Criminal Division, Polite provided further details about some of the major policy changes announced by Monaco, including relating to voluntary self-disclosure. In this regard, DoJ officials have noted that, even companies with a long history of prior misconduct may still benefit from voluntarily self-disclosing known misconduct.

“A history of misconduct will not necessarily mean an automatic guilty plea, unless aggravating factors—such as misconduct posing a national security threat, or deeply pervasive conduct—are present,” Polite said. How much comfort that actually brings to companies, however, remains to be seen.

Polite further shared what aggravating factors the Criminal Division will consider going forward that all companies should be aware of. These include, but are not limited to, “involvement by executive management of the company in the misconduct, significant profit to the company from the misconduct, or pervasive or egregious misconduct,” he said.

“Unless these factors are present, even a company with a history of misconduct has a powerful incentive to make a timely self-disclosure,” Polite added. “Why? Because it could make all the difference between a deferred prosecution agreement and a guilty plea resolution, assuming that the company has also cooperated, and timely and appropriately remediated the criminal conduct.”

CCO certifications
In March, Polite announced for the first time that, for all Criminal Division corporate resolutions—including guilty pleas, DPAs, and non-prosecution agreements—the agency would consider requiring both the chief executive officer and chief compliance officer (CCO) to sign a certification at the end of the term of the agreement certifying that the company’s compliance program is “reasonably designed, implemented to detect and prevent violations of the law, and is functioning effectively.”

In his Sept. 16 remarks, Polite restressed that the certifications are “designed to give compliance officers an additional tool that enables them to raise and address compliance issues within a company or directly with the Department early and clearly” and is “meant to guarantee a seat at the table that all compliance officers should have in an organization with a functioning compliance program.”

There have now been two cases in which the agency has used CCO certifications: the DoJ’s resolution with Glencore, and for the first time in a DPA reached with Brazil-based GOL Airlines related to violations of the Foreign Corrupt Practices Act.

“We did not impose a monitor in [GOL’s] case,” Polite explained, “because at the time of the resolution, the company had redesigned its entire anti-corruption compliance program, demonstrated through testing that the program was functioning effectively, and committed to continuing to enhance its compliance program and internal controls.”

The agency did, however, require that the CEO and CCO certify at the end of the DPA term that the “compliance program is reasonably designed to detect and prevent violations of the [FCPA] and other applicable anti-corruption laws throughout the company’s operations.”

“We will continue to use similar certifications in our corporate resolutions as appropriate for each case,” Polite stated.

As in his previous remarks, Polite, once again, tried to ease concerns within the compliance community about the certification process creating personal liability risk. “A corporate leader who ignores the emphasis we are placing on compliance does so at his or her own risk—but [compliance personnel] cannot shy away from this role,” he said. “You cannot run away from the responsibility. My call is that you embrace it, knowing full well that stronger, more empowered voices are exactly what we need.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post DoJ Details Policy Changes to Corporate Law Enforcement appeared first on Compliance Chief 360.