Geopolitics and the interconnectedness of compliance risks


What chances are you’ll research on this podcast episode

On this episode of the Principled Podcast, host Susan Divers continues her dialog from Episode 11 with Tom Fox, the founding father of the Compliance Podcast Group, on the altering geopolitical panorama and its affect on E&C. Hear in as the two discuss how anti-corruption is a key aspect of ESG, the implications of compliance in cybersecurity, and the rising interconnectedness of risks. You presumably can be all ears to Episode 11 proper right here. 

To review additional, acquire a reproduction of Tom Fox’s white paper Not at all the Related: 5 Key Areas in Which Enterprise Will Not at all Be the Related After the Russian Invasion. 

The place to stream

You will wish to subscribe to the Principled Podcast wherever you get your podcasts.

Listen on Spotify Listen on Audible Listen on Google Podcasts_@2x Listen on TuneIn

Listen on Amazon Music Listen on iHeart Radio Listen on Podyssey Listen on Listen notes Listen on PlayerFM


Customer: Tom Fox


Tom Fox is definitely the person who wrote the e-book on compliance with the worldwide compliance best-seller The Compliance Handbook, third model, which was launched by LexisNexis in May 2022. Tom has authored 23 totally different books on enterprise administration, compliance and ethics, and firm governance, along with the worldwide best-sellers Courses Found on Compliance and Ethics and Best Practices Beneath the FCPA and Bribery Act, along with his award-winning sequence “Fox on Compliance.”

Tom leads the social media dialogue on compliance alongside along with his award-winning weblog, and is the Voice of Compliance, having primarily based the award-winning Compliance Podcast Group and web internet hosting or producing a lot of award-winning podcasts. He is an govt chief on the C-Suite Group, the world’s most trusted group of C-Suite leaders. He might be reached at

Host: Susan Divers


Susan Divers is the director of thought administration and best practices with LRN Firm. She brings 30+ years’ accomplishments and experience throughout the ethics and compliance space to LRN buyers and colleagues. This expertise incorporates developing state-of-the-art compliance purposes infused with values, designing user-friendly strategy of partaking and informing employees, fostering an embedded custom of compliance, and sharing substantial topic materials expertise in anti-corruption, export controls, sanctions, and totally different key areas of compliance.

Earlier to changing into a member of LRN, Mrs. Divers served as AECOM’s Assistant Frequent for Worldwide Ethics & Compliance and Chief Ethics & Compliance Officer. Beneath her administration, AECOM’s ethics and compliance program garnered six exterior awards in recognition of its effectiveness and Mrs. Divers’ thought administration throughout the ethics self-discipline. In 2011, Mrs. Divers obtained the AECOM CEO Award of Excellence, which acknowledged her work in advancing the company’s ethics and compliance program.

Sooner than changing into a member of AECOM, she labored at SAIC and Lockheed Martin throughout the worldwide compliance area. Earlier to that, she was a affiliate with the DC office of Sonnenschein, Nath & Rosenthal. She moreover spent 4 years in London and is licensed as a Solicitor to the Extreme Court docket docket of England and Wales, working in the direction of in the worldwide space with the regulation corporations of Theodore Goddard & Co. and Herbert Smith & Co. She moreover served as an authorized skilled throughout the Office of the Licensed Advisor on the Division of State and was a member of the U.S. delegation to the UN engaged on the first anti-corruption multilateral treaty initiative. 

Mrs. Divers is a member of the DC Bar and a graduate of Trinity School, Washington D.C. and of the Nationwide Regulation Coronary heart of George Washington School. In 2011, 2012, 2013 and 2014 Ethisphere Journal listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers School Coronary heart for Ethical Habits and served as a member of the Board of Directors for the Institute for Wise Teaching from 2005-2008. She resides in Northern Virginia and is a frequent speaker, creator and commentator on ethics and compliance issues. 


Principled Podcast transcription


Welcome to the Principled Podcast, dropped at you by LRN. The Principled Podcast brings collectively the collective information on ethics, enterprise and compliance, transformative tales of administration, and upsetting workplace custom. Hear in to seek out invaluable strategies from our neighborhood of enterprise leaders and workplace change makers.

Susan Divers:

Hello there and welcome to a distinct episode of LRN’s Principled Podcast. I’m your host, Susan Divers, Director of Thought Administration and Best Practices at LRN. Instantly, I’m persevering with my dialog from episode 11 with Tom Fox on the altering geopolitical panorama and its affect on ethics and compliance. When you’ve got not listened to that episode however, we extraordinarily encourage you to take motion. Tom is the founding father of the Compliance Podcast Group and the author of the award-Profitable FCPA Compliance and Ethics Weblog, along with the Full Compliance Handbook, which is in its third model. Tom, welcome once more to Principled Podcast.

Tom Fox:

Thanks, Susan.

Susan Divers:

Tom, in our closing episode, we talked in regards to the affect of the battle throughout the Ukraine on compliance and ethics. And notably on the challenges that’s imposed or dropped on the fore for firms and notably for his or her compliance teams who hopefully have an precise seat on the desk by means of dealing with these challenges and mitigating these risks. Nonetheless one in every of many issues that underlies what we had been talking about is that of conducting your company in a great, clear, and sustainable technique. And I’m truly struck by a lot of the stuff you had been saying in regards to the ought to be clear and the need to walk the stroll and communicate the communicate. Because of do you have to fail to take motion, we dwell in an age of radical transparency and straightforward accessibility to social media, and moreover, it’s the finest issue to do.

So with that as a result of the background, anti-corruption has prolonged been a highlight for regulators. I indicate, it’s perhaps outlined yours and my careers in loads of regards. Nonetheless solely simply these days have some people started talking about it, and in addition you are one and I’m one, as a critical aspect of ESG. May you make clear for our listeners how that works and the place of anti-corruption in ESG?

Tom Fox:

Constructive. So ESG, in my ideas, Susan, the ability of ESG is that it has launched collectively disparate strands which have existed in every firm for some extended time interval. Nonetheless launched them collectively in a way that anyone is having a look at them holistically. So, I’m going to decide on on E on account of that possibly is the very best. As a compliance officer, I under no circumstances checked out environmental factors in our agency. That was any individual else’s accountability.

Susan Divers:

Me each. Correct.

Tom Fox:

Didn’t indicate there wasn’t environmental compliance, however it meant that I wasn’t having a look at that from the compliance perspective. Now, whether or not or not it’s the Chief Sustainability Officer, whether or not or not it’s the Board of Directors, whether or not or not there’s a Board ESG Committee, any individual’s connecting compliance to environmental. And so that in and of itself is, to me, primarily essentially the most extremely efficient motive to have a robust ESG program. Nonetheless anti-corruption in ESG, for my part, Susan, I’ve on a regular basis seen it instantly throughout the G.

Susan Divers:

Me too.

Tom Fox:

Main, it’s a good governance topic. Amount two, it is a Board of Director’s topic. Amount three, it’s illegal and regulatory topic.

Nonetheless now Susan, I’m beginning to see it and have tried to articulate, that I see it throughout the S aspect along with sustainability. Part of it is spherical one in every of many issues we touched on our closing podcast of radical transparency, that ought to you do enterprise ethically and in compliance, and if there’s a question raised a few supplier, a purchaser, a distributor, a anyone you’ve got bought completed enterprise with in proper this second’s interval of up to date social media, that you’d be capable to reply to that in a way that won’t injury your company from most people notion perspective. Leaving totally aside the regulatory perspective. So, I see ABC or anti-corruption compliance now, Susan, as instantly all through the S of ESG as properly. And I moreover see it throughout the E. So to me, it kind of bleeds all through all aspects of ESG and is a key aspect of a best practices ESG program.

Susan Divers:

Yeah, and I’m glad you articulated it so clearly for folk, on account of I consider there’s a tendency possibly, to silo ethics and compliance and sustainability. They normally truly are half and parcel of the an identical issue. And I will quote out of your newest white paper in help of that. “As a fundamental menace to the rule of regulation, corruption hollows out institutions, corrodes public perception, and fuels well-liked cynicism in course of environment friendly accountable governance.” And that’s, I consider, a quote from the U.S. Approach on Countering Corruption. Can you communicate for us and hyperlink collectively how anti-corruption, anti-money laundering, and sanctions all are half and parcel of the an identical issue and relate to ESG? I consider that’d be helpful for our listeners?

Tom Fox:

So Susan, the assertion you study pursuits me for a couple of causes. That bought right here out of the U.S. Approach on Countering Corruption, and it was geared towards nationwide governments, so nationwide governance. And I consider it’s fully applicable that corruption, money laundering, all gasoline cynicisms in course of environment friendly, accountable nationwide governance. Nonetheless Susan, as you had been finding out that, it struck me, that is equally true about firm governance, or the G in ESG. Because of violations of the rule of regulation, corruption, money laundering, all of them corroded perception in our corporations, and definitely gasoline cynicism in course of environment friendly accountable firm governance.

The United Nations estimates that $3 trillion is misplaced to the worldwide monetary system yearly as a result of bribery and corruption. The US Division of Treasury estimates that $2 trillion is misplaced yearly as a result of money laundry. That’s $5 trillion taken out of the worldwide monetary system that is likely to be used for all types of various strategies, causes to help worldwide areas and individuals who’s not accessible to them.

So having an environment friendly anti-corruption and anti-money laundering approach along with commerce sanctions, I consider, are instantly a part of ESG. They’re undoubtedly all throughout the G. We’ve got talked about how they relate to sustainability. Nonetheless money laundering and commerce sanctions are as invidious, in my ideas, as corruption is.

After 9/11, we seen a spike inside the very first spike in FCPA cases starting kind of circa ’04. And it was acknowledged that corruption led to crime, which led to terrorism. And there was truly a notion that corruption had a direct line to the terrorism that impacted the US instantly on 9/11.

And now we see how corruption leads to erosion of perception in governance. Nonetheless governance just isn’t solely firm governance, it’s democratic governance and democratic institutions. And undoubtedly the Russian invasion of Ukraine put one different exclamation mark on that. Irrespective of Russia is, it is not a democracy. And it is, for those who want to see proof of the invidiousness of corruption, you solely need to take a look at a Russian army, their failures in Ukraine, how they’ve dealt with the parents of Ukraine all wrapped up in an anti-democratic type. And that each one speaks to the G. And for those who study that line or that quote from my white paper, it struck me, that truly works on a lot of ranges of governance.

Susan Divers:

Successfully, and in addition you improve an excellent stage too, that it’s throughout the firm governance area on account of do you have to… I’ve acknowledged this so many events, however it is value repeating. In case you’ve got a code of conduct and you have got teaching and you have got insurance coverage insurance policies, and you have got an E&C workforce, that doesn’t indicate you should have an ethical agency, notably in case your administration is partaking in sexual harassment or they’re dealing with individuals who discover themselves banned on account of they’re beneath sanction or they’re violating anti-money laundering controls on account of it’s a large account and they also want the charge. That merely implies that your program is principally window dressing.

So for corporations and for E&C professionals, it seems to me that guaranteeing that you just’re doing enterprise in an ethical, compliant technique is part of and parcel of being sustainable. And part of demonstrating that perception that is necessary, if you’ll do enterprise efficiently, as we’ve talked about. We talked closing time considerably bit about how the Biden administration has principally shifted the view of anti-corruption enforcement. And I consider that bears reemphasizing, ‘set off I believed that was such an fascinating stage that you just raised about that throughout the closing podcast. Do you ideas repeating that?

Tom Fox:

Constructive. So in December, 2021, the Biden administration launch our U.S. Approach on Countering Corruption. As quickly as as soon as extra, this did not come about as a result of Russian invasion of Ukraine, however it occurred all through the run as a lot because it. And it’s one in every of many points that I consider the Russian invasion have put an exclamation stage on as to why enterprise will not ever be the an identical in certain areas.

You and I have been throughout the anti-corruption self-discipline for a really very long time. As of December, 2021, our wrestle is now a nationwide security wrestle. They normally elevated anti-corruption and the wrestle in the direction of corruption to a nationwide security topic. When one factor turns right into a nationwide security topic of the US, which means sources are made accessible for that wrestle.

The approach launched by the Biden administration was the internal U.S. Authorities Approach. It didn’t affect our former employers or us proper this second instantly. Nonetheless what it did was say, “The U.S. goes to bolster the worldwide wrestle in the direction of corruption. They will work with worldwide companions, worldwide prosecutors, worldwide departments of justice or ministries of justice to hold to justice people who work together in bribery and corruption, people work together in money laundering in a way they haven’t completed sooner than.”

Apparently, there was a bit on journalists and the fourth state and a selected acknowledgement that exposes, enterprise exposes by journalists all the easiest way from blood money of the story of Theranos to the Paradise Papers, to the Panama Papers, to the Paradise Papers, all uncovered bribery and corruption, all uncovered money laundering, all uncovered sham corporations, all uncovered fraud. And for the first time, now we’ve the U.S. Authorities saying, “We’ll work to aim to encourage good journalism to help expose these, on account of we is not going to do all of this on our private.” And newspapers have a major place to play, and reporters have a major place to play. So, now we’ve the fourth property now being overtly talked about by the US.

We have got authorities companies that had under no circumstances concerned themselves with anti-corruption, now being tasked with anti corruption. And I would stage you to NATO. NATO’s been spherical most of our lives. No, properly, I suppose all of our lives.

Susan Divers:


Tom Fox:

It’s a key aspect of what I see as U.S. Security pursuits. Nonetheless I’ve under no circumstances heard NATO and anti-corruption within the an identical breath sooner than. Successfully, now NATO is charged with implementing anti-corruption statutes for its suppliers. It’s suppliers is not going to be all U.S. companies. NATO’s a 23 member, I consider, group. So any nation can have suppliers to NATO. Successfully, now they need to regulate to U.S. anti-corruption authorized pointers perhaps inside the kind of the FCPA.

So, now we’ve the next scope, the next attain, now we’ve larger sources inside the kind of prosecutors or investigators. Nonetheless the U.S. is acknowledging and saying, “That is part of our normal wrestle.” And partly thought of one in every of our episodes, Susan and I talked in regards to the Division of Treasury saying that U.S. corporations are a part of the wrestle in the direction of money laundering. Successfully, I consider the Division of Justice has come pretty close to saying that U.S. corporations are a part of the wrestle in the direction of bribery and corruption. And since it’s a nationwide security topic, we want you to return again to us. We’re going to incentivize you to return again in and self-disclose, as quickly as as soon as extra, even when it’s inside your group.

I consider that this suggests additional funds, a wider remit for presidency companies that have not had this remit sooner than. And for those who start talking in regards to the press as a key half or a key whistleblower all through the context of normal whistle blowing purposes, I consider that’s an acknowledgement that is prolonged overdue.

Susan Divers:

I fully agree with you. And I consider it moreover kind of ups the ante, on account of for those who couple that with DOJ’s newest re-emphasis and added emphasis on non-public accountability and obligation for misconduct, it’s in a means saying, “In case you exit and in addition you bribe in any other case you violate anti-money laundering in any other case you do enterprise with people on the sanctioned report, in any other case you help oligarchs switch their yachts, you aren’t merely committing an monetary crime. You’re doing one factor that violates the U.S. Nationwide Security pursuits.” And I consider that’s one factor for boards and executives to primarily take into accounts, notably in gentle of the newest fully horrible Lafarge cement case the place they’d been bribing ISIS with a goal to carry their Syrian cement manufacturing facility open.

It’s an fascinating dynamic. Let’s depart that and let’s discuss cybersecurity, on account of that’s one different important hazard area for firms. And it instantly performs into the realm of sanctions in AML along with others. What are you seeing in that home due to the battle throughout the Ukraine and the risks that’s created?

Tom Fox:

In order quickly as as soon as extra, Susan, cybersecurity, cyber assaults, cyber hacks have been with us for a while interval. I consider Purpose was perhaps the first one which obtained the attention of most of us throughout the compliance neighborhood. Nonetheless undoubtedly all through the cyber neighborhood, this was well-known. Nonetheless what the Russian invasion of Ukraine has completed is, proper right here I’ve to cite to Brandon Daniels, CEO of Exiger who acknowledged, “We are literally beneath eternal non-kinetic warfare.”, which suggests we’re fully beneath assault by our enemies throughout the our on-line world. Every agency is matter to assault. It might be a state actor or it is likely to be rogue groups. It is likely to be felony groups. So, that’s kind of stage one. We’re all beneath assault now and now we’ve to harden our defenses.

Nonetheless stage amount two is that what you kind of improve on the end, Susan, you’re attacked, you’re hacked. You want to get the necessary factor so chances are you’ll unlock your paperwork. You make a charge. Who’re you making that charge to? They’re perhaps not going to say, “My establish is Thomas Robert Fox. My checking account at Chase is…” They will offer you a false establish and some kind of drop account that you simply have no idea, or you may not know who the highest individual is. Successfully, in 18 months or 24 months, for those who get considerably knock on the door from the Division of Treasury, which says, “You’ve merely paid ISIS.” Or, “You’ve merely paid Russia. We might want to ask you some questions beneath oath.” The aim being that for those who have no idea who you’re paying, you may be paying anyone who’s on the sanctions report. Likelihood is you may be paying rogue brokers or brokers comparatively from Cuba, from North Korea. Likelihood is you may be paying brokers from China.

And so, cybersecurity is tied to money laundering and commerce sanctions as a result of potential funds. As a enterprise, you’re in a really powerful place on account of you may haven’t had hardened defenses. And you may be at risk for dropping your information or having it put out on the darkish web. And that’s not going to be an easy choice. Nonetheless do you have to make a charge and it’s to anyone on the sanction report, the U.S. authorities has made clear, you may be punished for violations of those U.S. authorized pointers.

And this fall, it is not environment friendly however, environment friendly March, 2023, Lloyd’s of London has launched that they will not honor cyber insurance coverage protection obligations the place the assault was made by a state actor. And normally what companies will do after they’re hacked and they also should announce publicly is, they will say, “Successfully, we had been a hacked by the Russian authorities and there’s nothing we’re in a position to do for it on account of it was a major military hacking unit in Russia. And regardless of defenses we had in place, we couldn’t defend us.” Successfully, do you have to say that trying to cowl your backside, you’ve got bought merely misplaced your insurance coverage protection safety. And do you have to make funds, you aren’t going to have the power to get indemnity and that money once more. So, it’s worthwhile to be very cautious about what you publicly say now, if you need full cyber insurance coverage protection.

It’s, proper right here I’m a lot much less certain in regards to the reply, Susan. I merely know that the questions have grow to be far more important, far more powerful. Nonetheless you must have these conversations in your organization. You must observe hack drill. It’s akin to you and I did fireplace drills or bomb drills in elementary faculty. You must have a drill, you must have a plan in place. You must be ready, do you have to’re hacked. You must have specialists who chances are you’ll title, trusted advisors, whether or not or not they be approved, whether or not or not it is technical, whether or not or not they be compliance, whether or not or not they be cyber, to return again in and allow you to get by way of such an assault.

Nonetheless we’re beneath… make no illusions that this Russian invasion has unleashed firm assaults in a way now we’ve under no circumstances seen sooner than. It’s proper right here to stay. And likewise you as a U.S. firm and U.S. compliance practitioner are going to should handle it.

Susan Divers:

Successfully, and what you’re saying too is a perfect illustration of the interconnectedness, which I don’t suppose we thought in these phrases an extreme quantity of to this point. We had FCPA compliance and we had sanctions compliance and commerce compliance and AML. We didn’t truly, a minimal of, I didn’t, to confess, kind of give it some thought as all associated. Nonetheless do you have to’re principally being held to ransom and it’s a Russian or an ISIS hacker, then not solely would possibly you violate the sanctions authorized pointers, nevertheless you may violate anti-bribery authorized pointers too, inadvertently. To utilize an incredible expression, it’s kind of a canine’s breakfast in some strategies, what compliance officers are confronted with.

So, what’s your advice, on account of it’s a new hazard ambiance and the risks are literally large? They’re nationwide security risks, they aren’t merely good governance and good enterprise risks. What should compliance officers do? Let’s end on a wise phrase of, how do you actually handle the state of affairs going forward?

Tom Fox:

No, I ponder if I should open my door, carry my three canines once more in, and say, “Hey guys, what do you do as soon as I put a canine’s breakfast down in entrance of you?” They normally lookup at me and say, “Successfully, we eat it, Tom.” It’s proper right here to stay. And which means it’s worthwhile to handle it. All of it goes once more to hazard. What are your risks? Assess your risks. Certain, I understand you should have a robust cyber safety protocol. You’ve got a program, you should have examined that program, you’ve got bought run drills on that program.

Now, have you ever ever completed that exact same collectively together with your prime supplier? Have you ever ever completed that collectively together with your Tom Fox vendor who has entry to the vendor invoice system so that I can enter my invoice into your system for work I do? Have you ever ever checked all the way in which all the way down to that diploma to make sure that my defenses are hardened, anyone using my system can’t get in? It is advisable endure the an identical prepare you do from a corruption compliance, any money laundering compliance, commerce administration, and commerce sanction compliance.

Assess your hazard. How do you assess your hazard? The place are you doing enterprise? Who’re you doing enterprise with? How are you doing enterprise? In all of those manners, are there any gaps in your defenses in these three areas? In case you assess these risks after which do you have to uncover gaps, weaknesses, supplies deficiencies, regardless of you choose to call them, remediate these. It is a course of it’s worthwhile to endure. You presumably cannot do it… I’m going to take a look at our cyber defenses in our third get collectively present chain this afternoon. You presumably cannot do that. It is a course of and you’ll should put work into it.

Nonetheless that’s the place you get the true outcomes. Because of as quickly as as soon as extra, as we found, I consider throughout the present chain dialogue we had, Susan, while you check out these sub-suppliers, who you’re doing enterprise with, the place they’re doing enterprise, and the way in which you’re doing enterprise, you may uncover inefficiencies from the enterprise operations perspective. And chances are you’ll applicable or improve these enterprise efficiencies and make your group additional surroundings pleasant, and hopefully on the end of the day, additional worthwhile, for those who began as a program to guage hazard primarily based upon a DOJ pronouncement or a DOT pronouncement. But it surely certainly all begins with recognizing what your risks are. And solely chances are you’ll assess your risks.

Susan Divers:

And I like too, the easiest way you’ve got bought mapped it out, on account of it truly, as soon as extra, comes full circle once more to sustainability, that the easiest way you do enterprise is just as important as what enterprise you do. And do you have to actually stick with it prime of your risks and truly reinvigorate the prospect carry out, that should be, as you’ve got bought recognized, a dialogue with the board and with the best administration. It shouldn’t be a dialogue that compliance and audit and approved are having on account of it entails the strategic course of the company. And it moreover entails the easiest way the company is dominated.

So with that takeaway, I consider this generally is a dialog we is likely to be having for at least one different hour, if no extra. Nonetheless we’re out of time. And so Tom, thanks quite a bit for changing into a member of us. And your concepts are so invaluable, on account of I consider it’s easy throughout the ethics and compliance self-discipline to get fixated on, “How am my rolling out the teaching? What’s my curriculum, what variety of hotline calls have I gotten?” And it’s far more about, how will we actually dwell on this world? And the way in which will we in reality, conduct enterprise in a way that’s ethical, compliant, and sustainable? So you’ve got bought truly taken us to that perspective. And I’m very grateful to you for doing that.

Tom Fox:

Susan, thanks, and I stay up for persevering with this dialog.

Susan Divers:

Thanks, Tom. My establish is Susan Divers and I want to thanks all for tuning into the Principled Podcast at LRN.


We hope you really liked this episode. The Principled Podcast is delivered to you by LRN. At LRN, our mission is to encourage principled effectivity in world organizations by serving to them foster worthwhile ethical cultures rooted in sustainable values. Please go to us at to check additional. And do you have to beloved this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcast, or wherever you hear. And keep in mind to go away us a overview.


You will wish to subscribe to the Principled Podcast wherever you get your podcasts.

Listen on Apple Pocasts Listen on Spotify Listen on Stitcher Listen on Audible Listen on Google Podcasts Listen on TuneIn

Listen on Amazon Music Listen on iHeart Radio Listen on Podyssey Listen on Listen notes Listen on PlayerFM