Bryn Sedlacek, Vice President at Aravo, on Holistic Third-Party Risk Management and Unitary Visibility

How does a respected financial institution turn into a criminal operation? In this episode of Corruption, Crime, and Compliance, host Michael Volkov dives into the record-breaking $3 billion settlement between TD Bank and the Department of Justice over pervasive violations of the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) laws. Highlighting TD Bank's systemic failures, Michael explores how the bank's compliance and oversight lapses led to criminal conduct within its operations, making it a case study on the dangers of prioritizing growth over legal compliance. From failed AML programs to enabling money laundering on a massive scale, this episode sheds light on the regulatory crackdown TD Bank now faces.Hear him discuss: TD Bank’s $3 billion penalty sets a new high for banking compliance cases. In yet another reminder of the scope of Justice Department enforcement powers, and an important demonstration of the risks of non-compliance, the Justice Department and relevant banking agencies announced a $3 billion settlement with TD Bank companies to resolve systemic and pervasive Bank Secrecy Act ("BSA") and money laundering violations.TD Bank’s internal culture sidelined AML compliance, leading to massive oversights, including unmonitored transactions worth $18.3 trillion from 2018 to 2024. TD Bank enforced a “flat-cost paradigm,” restricting the compliance budget, which prevented updates and adaptations needed to meet new risk levels.TDBUSH pleaded guilty to causing TDBNA to fail to maintain an AML program that complies with the BSA and to fail to file accurate Currency Transaction Reports ("CTRs").Despite multiple warnings from internal audits and third-party consultants, the bank maintained its flawed AML protocols without significant action.TD Bank earned the ignominious record: TD Bank is the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures, and the first US bank in history to plead guilty to conspiracy to commit money laundering.   With this settlement, TD Bank joins a list of high-profile compliance failures alongside companies like Wells Fargo and Wirecard, furthering the call for financial institutions to prioritize ethical compliance in their growth models.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How can companies ensure that their compliance programs are robust enough to handle today’s complex ethical challenges? In this episode, Michael Volkov dives into the critical components of conducting an internal compliance site visit and review. He highlights the significance of these visits in understanding operational risks and compliance culture. With real-world examples, Michael emphasizes the need for a proactive approach to compliance, ensuring that organizations are not only following regulations but also fostering an ethical environment.Listen in as Michael talks about:Conducting personal interviews with key staff to assess the compliance culture and operational challenges.Reviewing and testing transactions across various vendor categories to ensure compliance with protocols.Evaluating the effectiveness of training programs and employee understanding of ethical standards and compliance awareness.Verifying compliance with internal policies and conduct due diligence on charitable contributions.Assessing the compliance processes surrounding sponsorships and their alignment with company policies.Implementing thorough due diligence practices for third-party vendors to mitigate risks.Reviewing employee expense reports to ensure proper documentation and compliance with gift, meals, entertainment, and hospitality policies.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

What happens when a single company dominates a crucial segment of the financial market? In this episode, Michael Volkov explores the Justice Department's recent antitrust lawsuit against Visa, highlighting allegations of monopolization and exclusionary practices in the debit card market. With Visa controlling over 60% of debit transactions in the U.S., the DOJ aims to restore competition and prevent further stifling of innovation in this vital financial sector. Tune in as Michael breaks down the case details, Visa’s strategic responses, and the implications for the broader financial landscape.Listen in as Michael discusses:The DOJ has charged Visa with monopolization and exclusionary conduct under Sections 1 and 2 of the Sherman Act.Visa holds over 60% of the U.S. debit transaction market, with MasterCard as its closest competitor at 25%.The complaint alleges Visa engages in exclusionary agreements that penalize banks and merchants for using alternative debit networks.The 2010 Durbin Amendment aimed to increase competition but has had minimal effect on Visa’s dominance, leading to ongoing scrutiny.Visa's strategies include partnering with potential competitors while leveraging significant market power to suppress competition.Following successes in technology sector enforcement, the DOJ is now expanding its scrutiny into financial markets, indicating a potential shift in antitrust enforcement dynamics.ResourcesMichael Volkov on LinkedIn | TwitterThe Volkov Law Group

How prepared is your company to handle the evolving risks of artificial intelligence and other emerging technologies in its compliance program? In this episode of Corruption, Crime and Compliance, Michael Volkov delves into the Department of Justice's 2024 updates to its evaluation of corporate compliance programs. As the DOJ continues to set global standards, Michael discusses key updates related to risk management, especially around AI and other technologies. He also covers important shifts in training, whistleblower protections, third-party management, and data analytics, offering a comprehensive overview of what businesses need to consider for effective compliance.You’ll hear him discuss:The DOJ raises the bar for corporate compliance, including technology risk management through their updated Compliance Guidance (2024).Companies must evaluate AI in both business and compliance contexts, ensuring controls for trustworthiness and legal alignment.Firms need to incorporate lessons from other companies and adapt policies and procedures to reflect emerging tech.Employee training must now be interactive, tailored, and measured for effectiveness.With their focus on whistleblower protection, the DOJ emphasizes tracking employee comfort in reporting issues and ensuring protection from retaliation.Companies are encouraged to continuously monitor third-party relationships beyond the onboarding phase.Stronger processes are needed for compliance audits and integration after mergers.DOJ pushes for the use of data analytics tools in compliance and better coordination between HR and compliance teams.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupDOJ Evaluation of Corporate Compliance Programs

How prepared is your organization to handle the evolving landscape of sanctions compliance? In this episode of Corruption, Crime and Compliance, Michael Volkov dives into critical sanctions compliance cases and their implications for global companies. He discusses four significant cases that underscore the necessity of robust compliance programs, particularly in light of increased DOJ enforcement actions. Through these examples, he breaks down the consequences of third-party liability, supply chain risks, and the dangers of inadequate compliance measures, offering valuable insights into how companies can proactively avoid similar pitfalls.Cases discussed:British American Tobacco (BAT): The company faced a staggering $629 million settlement for circumventing North Korean trade sanctions. This case illustrates how corporate prosecutions are evolving to resemble Foreign Corrupt Practices Act (FCPA) cases, emphasizing the growing scrutiny on multinational corporations.Epsilon Electronics: This case clarifies the liabilities companies face when third-party distributors divert products to prohibited countries, such as Iran. Even if the company had no direct involvement in the diversion, it still bears responsibility, underscoring the importance of diligent monitoring of distribution channels.ELF Cosmetics: The company received a $1 million fine for importing goods containing materials sourced from North Korea. This case underscores the critical importance of conducting thorough supply chain due diligence to ensure compliance with international sanctions.Murad LLC: This case focuses on post-acquisition compliance failures, demonstrating the urgent need for thorough pre- and post-acquisition audits. These audits are essential to uncover potential sanctions violations and ensure that newly acquired companies adhere to compliance standards.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupLinks to the four cases: British American Tobacco I Epsilon Electronics I Elf Cosmetics I Murad LLCA Framework for OFAC Compliance Commitments (May 2019)

The SEC's recent settlement with Deere & Company for $9.9 million for FCPA violations is another textbook example of bribery schemes, which revealed the absence of a culture of compliance, and the circumvention of basic entertainment, hospitality and travel expense controls. In this episode of Corruption, Crime, and Compliance, Michael Volkov breaks down the SEC’s $9.9 million settlement with Deere & Company following widespread FCPA violations by its subsidiary, Wirtgen Thailand. Michael discusses how the bribery schemes, involving government officials in Thailand, reveal significant failures in compliance oversight and corporate governance, while also highlighting the critical lessons for businesses aiming to avoid similar pitfalls.Key Insights:Deere’s subsidiary, Wirtgen Thailand, secured government tenders through cash bribes, entertainment at massage parlors, and lavish trips for officials from the Royal Thai Air Force (RTAF), Department of Highways (DOH), and Department of Rural Roads (DRR).Wirtgen disguised entertainment and bribe payments in expense reports with vague descriptions and round-number amounts, which were improperly approved by regional managers.Wirtgen organized extravagant trips disguised as factory visits for Thai officials, which included sightseeing and luxury hotels in Europe. These trips were arranged to win government tenders but involved no legitimate business activities.Bribes were also funneled through a third-party consultant via sham commission agreements. This consultant acted as a middleman, facilitating bribe payments to government officials to secure high-value tenders.Deere's failure to fully integrate Wirtgen into its compliance program after acquisition allowed the bribery schemes to continue. This highlights the risks of not harmonizing compliance protocols in newly acquired subsidiaries.In response to the SEC investigation, Deere terminated employees involved in the misconduct, revamped its compliance program, and introduced initiatives like a bi-monthly compliance newsletter and enhanced anti-bribery training.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How can companies build trust and drive growth in a region as politically and economically volatile as Latin America? In this episode, Nicolas Garcia - Vice President, Legal, Regional and Compliance Manager for LATAM and Orica - joins Michael Volkov to discuss the complexities of navigating compliance and leadership in LATAM. The conversation highlights how regional dynamics, such as the crisis in Venezuela, influence business operations and how cultural shifts are changing the role of compliance officers. Nicolas provides valuable insights on the evolving compliance landscape, emphasizing the importance of trust, leadership, and a strong compliance culture in driving business success in challenging environments.Listen in as Nicolas and Michael discuss:The ongoing political and economic crisis in Venezuela has led to massive immigration into neighboring countries like Colombia, Chile, and Brazil, creating both economic challenges and opportunities in the region.Guyana is experiencing rapid growth due to foreign investment, particularly in the oil and gas sectors, standing in stark contrast to Venezuela’s decline.Nicholas emphasizes the shift from compliance officers being seen as enforcers to becoming strategic business partners. This transition helps companies not only meet regulatory requirements but also drive success.Establishing a trust-based relationship between compliance officers and leadership is essential. When compliance is integrated into the business strategy, it becomes a tool for enabling growth rather than a barrier.Trust in reporting systems is growing in Latin America, though fear of retaliation remains a concern. Anonymous reporting is on the rise, and substantiation rates are increasing as employees gain confidence in the system’s integrity.Ensuring that investigations follow due process is critical to maintaining credibility in compliance programs. It also helps improve trust and the success rate in legal outcomes.Resources:Nicolas Garcia on LinkedInNicolas Garcia on Email: [email protected] Volkov on LinkedIn | TwitterThe Volkov Law Group

What’s the real cost of keeping corporate misconduct hidden? In this episode of Corruption, Crime and Compliance, Michael Volkov explores how the DOJ's recent declinations highlight the risks and rewards of voluntary self-disclosure. By examining two key cases, Michael illustrates how companies can avoid prosecution through cooperation but still face significant penalties, like disgorgement. The episode underscores the importance of transparency and robust compliance programs in navigating DOJ enforcement strategies.Key Points Covered:Declinations Explained: While DOJ declinations allow companies to avoid criminal charges, they require disgorgement of illegal profits.Boston Consulting Group Case: BCG reported bribery violations related to securing contracts in Angola. The company earned a declination by cooperating with DOJ, firing involved employees, and enhancing compliance. Total disgorgement: $14.4 million.Hitachi Cable (Proterial) Case: Hitachi Cable disclosed fraudulent safety violations in its motorcycle brake hoses. The company’s proactive disclosure and internal reforms led to a declination. Disgorgement: $15.1 million, with partial credit for prior payments.The Risk of Concealment:  Companies that hide misconduct face higher penalties. Voluntary disclosure offers the potential for leniency through declinations.DOJ’s Corporate Compliance Focus: DOJ continues to push for transparency and proactive corporate compliance, using declinations as a tool to incentivize self-reporting and improve internal controls.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group

How will the DOJ's new corporate whistleblower pilot program reshape the enforcement of corporate criminal conduct? In this episode of Corruption, Crime, and Compliance, Michael Volkov explores the Department of Justice's (DOJ) new corporate whistleblower pilot program, highlighting its potential impact on corporate criminal enforcement. The program, which mirrors aspects of the SEC’s whistleblower program, is designed to incentivize individuals to report misconduct by offering financial rewards. The program is significant for privately held companies and financial institutions not covered by the SEC, marking a notable shift in DOJ's approach to corporate compliance and enforcement.You’ll hear him discuss:DOJ’s Whistleblower Pilot Program: The DOJ introduced a three-year whistleblower pilot program that offers financial rewards to individuals who provide original information leading to significant criminal or civil forfeitures. This program, effective from August 1, 2024, mirrors aspects of the SEC’s program but is specifically tailored to corporate criminal enforcement.Non-Appealable Rewards: Unlike the SEC’s program, decisions made under the DOJ’s whistleblower program are not appealable, minimizing litigation risks for the DOJ.Focus on Privately Held Companies: The program significantly impacts privately held companies and non-public financial institutions, areas previously not covered by the SEC’s whistleblower program. This shift increases risks for these entities, particularly in cases involving foreign bribery, money laundering, and healthcare fraud related to private insurers.Incentives for Internal Reporting: The program introduces a 120-day window for companies to act on internal reports of misconduct. If companies fail to take action within this period, whistleblowers can report directly to the DOJ, potentially earning financial rewards, while companies risk losing potential non-prosecution agreements.Implications for Corporate Compliance: The new whistleblower program pressures companies to enhance their ethics and compliance programs. Companies must now navigate the risks associated with delayed reporting and the potential for whistleblowers to bypass internal controls in favor of DOJ reporting.Impact on DOJ Enforcement: The program is expected to bolster DOJ’s corporate enforcement actions by encouraging more reports of misconduct, particularly in areas not previously covered by similar programs. However, the adequacy of the reward fund to incentivize significant whistleblower reporting remains uncertain.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law GroupWhistleblower Awards Pilot Program

A New York federal district judge handed down a significant decision dismissing much of the SEC's securities fraud enforcement action against SolarWinds arising from its claims relating to SolarWinds' cybersecurity policies and disclosure of a significant cyberattack against the SolarWinds' network. In this episode of Corruption, Crime, and Compliance, Michael Volkov discusses the significant dismissal of most of the SEC's securities fraud claims against SolarWinds by a New York federal district court. The case highlights the ongoing challenges in balancing cybersecurity disclosures with regulatory requirements, and the implications this ruling might have for future SEC enforcement actions.You’ll hear him discuss:Judge's Decision: The court ruled that the SEC's claims were overly reliant on hindsight and speculation, particularly regarding SolarWinds’ early-stage disclosure during the investigation of cyber incidents.Pre- and Post-Sunburst Disclosures: While the court upheld charges related to SolarWinds' pre-Sunburst cybersecurity statements, it dismissed the SEC’s claims about the company’s post-Sunburst disclosures, finding them not misleading under the circumstances.Internal Controls vs. Cybersecurity: The court rejected the SEC's attempt to apply internal accounting controls provisions to cybersecurity policies, marking a significant limitation on the SEC's enforcement scope.Implications for SEC's Approach: This decision contradicts the SEC's previous stance in cases like R.R. Donnelly, potentially influencing future SEC actions regarding cybersecurity and internal controls.Broader Impact: The ruling may affect how cybersecurity risks are reported and how companies manage their disclosure obligations, particularly in light of potential appeals and further litigation by the SEC.Resources:Michael Volkov on LinkedIn | TwitterThe Volkov Law Group