Lessons in Cardiac Company Fraud Settlement


A medical device company based in Oregon has agreed to pay $12.95 million to settle charges that it ran a sham training program as a vehicle to pay kickbacks to doctors, in a case that offers compliance professionals plenty of lessons about internal controls and third-party risk. The company is Biotronik, a maker of defibrillators,…

Read More

Log4j: We Have to Talk About This


By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…

Read More

Foster Wheeler’s FCPA Lessons

We have our first FCPA enforcement action of the Biden Administration: a $177 million punch against engineering firm Amec Foster Wheeler, for bribery involving overseas agents to win a contract with Brazilian state-owned oil giant Petrobras. The settlement was announced Friday by U.S. regulators and the parent company of Foster Wheeler, John Wood Group. Wood…

Read More

Steel Firm’s Lessons on Sanctions Risk


Sometimes that third-party risk is a party mighty close to you. Such was the case with an Oklahoma steel manufacturer, which just paid $435,000 to settle charges that its chief engineer sub-contracted design work to an Iranian engineering company owned by the man’s brother. The company, Alliance Steel, agreed to pay the fine to the…

Read More

The Cracks in Third-Party Risk Management

Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…

Read More

ComEd Pays $200M on Domestic Bribery


Commonwealth Edison, a subsidiary of energy giant Exelon Corp. and the largest utility in the state of Illinois, agreed Friday to pay $200 million to settle federal corruption charges that also involve one of the state’s most powerful politicians. The case is a reminder to compliance officers that FCPA-like misconduct can happen right here within…

Read More

Wynn, Part II: Third-Party Oversight


Today we revisit Wynn Resorts and the report its compliance monitor released last month. As you might recall, that report is a sweeping review of how Wynn has tried to rectify its operations after a sexual harassment scandal forced the departure of its founder and long-time CEO, Steve Wynn.  Last month we took a deep…

Read More

Some Good Guidance on Third-Party Risk


One of the nation’s top banking regulators just dropped some fresh guidance about third-party risk management, well worth any compliance professional’s time if you’re looking for advice on regulatory compliance or just good insight on third-party risk generally. The Office of the Comptroller of the Currency, regulator for the country’s community banks, published the guidance…

Read More

DOJ on FCPA and Agent Liability


The Justice Department’s top criminal prosecutor talked FCPA compliance at conference in Washington this week, raising a few points to consider about oversight of third parties and the importance of compliance program. Let’s get into them.  Assistant attorney general Brian Benczkowski, head of the Criminal Division, made his remarks at the annual FCPA Conference happening…

Read More

Dealers, Drugs, and FCPA Insight


I always welcome questions from compliance and audit professionals, and the following came to me last week: “What type of third party falls under ‘dealer’ for FCPA purposes?” The compliance officer who posed this question works at a company under settlement with the Justice Department for overseas bribery. He’s building up the company’s third-party oversight…

Read More