Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Karen Gray: How consistency can make or break a compliance program

Business philosopher Jim Rohn said: “Success is neither magical nor mysterious. Success is the natural consequence of consistently applying basic fundamentals.”

A recent OFAC enforcement action illustrated the importance of consistency.

AIG  settled 555 “apparent violations” of trade sanctions against Iran, Sudan, and Cuba or blocked persons. The violations occurred over a six-year period despite AIG’s OFAC compliance program in place.

In announcing the settlement, the U.S. Treasury Department said AIG’s voluntarily disclosure of the violations and its compliance program were mitigating circumstances. But it also noted that the violations might have been avoided had AIG consistently included exclusionary clauses for sanctioned countries and blocked persons in the insurance policies it issued.

Unfortunately, not all policies included those exclusionary clauses or, OFAC said, the clauses were “too narrow in their scope and application to be effective.”

Ultimately, AIG’s compliance program, self-disclosure of violations and subsequent cooperation resulted in a reduced civil penalty of $149,000 — a better outcome than AIG might have faced under less positive circumstances.

On the other hand, enforcement agencies have shown a willingness to forgo enforcement actions entirely when a company diligently follows a robust compliance program and still finds itself in a compromising position.

For example, Harris Corporation avoided prosecution in spite of apparent violations of the FCPA by a newly-acquired subsidiary, CareFx Corporation.

The company received word from the DOJ during the second quarter of fiscal 2017 prosecutors had determined not to take any action against Harris for the CareFx matter.

Before that, the SEC said in September 2016: “Although only able to perform limited pre-acquisition due diligence on the subsidiary, Harris took immediate and significant steps after the acquisition to train staff in China and integrate the subsidiary into Harris’s system of internal accounting controls.”

The SEC also said, “As a result of Harris’s post-acquisition measures, including the implementation of an anonymous complaint hotline, Harris discovered the misconduct at the subsidiary within five months of the acquisition.”

The Harris declination was a landmark case for the DOJ Pilot Program, in part because the CEO of the Chinese subsidiary CareFx China was charged by the SEC for causing books and records violations of the FCPA, while the company itself was able to avoid an enforcement action because of the strength and consistent implementation of its compliance program.

Declinations are a good reminder that compliance programs, consistenty applied, matter.


Karen Gray is a Senior Entity Due Diligence and Monitoring specialist for LexisNexis. She serves as an expert and central point person for all due diligence and third-party monitoring solutions. She is a resource for Benchmarking, Market Intelligence, Strategic Category Management, and Vendor Selection, and focuses on efforts to improve profitability and cash flow, risk mitigation and operational efficiencies with regard to vendor selection and monitoring.

Share this post


Comments are closed for this article!