Global Workforce Risk & Culture Assessment Program
Finding what your compliance program can’t see. A relationship-based intelligence program for surfacing FCPA, fraud, and culture risk in the operations where your hotline goes quiet.
What this program is.
The Global Workforce Risk & Culture Assessment Program is a sustained intelligence layer built on top of your existing compliance infrastructure. Where hotlines and culture surveys measure what employees choose to submit, this program reaches what they know but haven’t said — through structured, long-term relationships with trusted regional sources.
The practice is led by Kevin R. Brenner, a former federal prosecutor with two decades of investigative leadership experience, and sits within FCPA & Anti-Corruption and Investigations. Engagements are scoped to the company’s operational footprint, regulatory exposure, and existing compliance posture.
FCPA penalties — recent resolutions.
U.S. government penalties alone, before disgorgement, monitorship costs, civil exposure, and the reputational damage that compounds for years after.
What this program reaches that your existing one can’t.
Four structural gaps that turn well-designed compliance programs into late-detection programs. Each pair shows the gap your current infrastructure leaves and the corresponding intelligence capability this program adds.
Five regions, year after year.
Stanford FCPA Clearinghouse data shows enforcement actions clustered in the same jurisdictions — the jurisdictions you already operate in.
India
Complex licensing regimes, multi-layer intermediary networks, and persistent pressure to facilitate permits through unofficial channels.
China
State-owned enterprise counterparties, opaque government decision-making, and party-affiliated officials embedded in supplier chains.
Latin America
Public contract bribery, customs and inspection official payments, and deep reliance on local agents whose government ties are rarely disclosed.
Middle East
Mandatory local partner structures, opaque beneficial ownership, and normalized facilitation expectations across energy and procurement.
Africa
Energy and extractive corruption. Nigeria, Gabon, and Angola rank in the top 15 globally by FCPA enforcement count.
Issues rarely come out of nowhere.
Three observations that explain why even strong programs miss what they miss — and why the answer isn’t more reporting infrastructure.
The accumulation precedes the event.
Misconduct accumulates over months or years before reaching a hotline, an auditor, or a regulator. The problem existed long before anyone formally found out.
People know before they report.
Field employees — managers, intermediaries, local staff — usually have direct knowledge of pressure and misconduct long before it surfaces formally. They carry it quietly, and rationally.
Silence is the signal.
Regions with low hotline reporting and strong culture survey scores are frequently not clean. They are quiet. The two are not the same, and confusing them is expensive.
Structural barriers that persist in well-designed programs.
Fear of retaliation.
Employees in high-risk regions rarely trust that reporting will be confidential. The perceived risk of speaking up routinely outweighs any likely benefit.
Distrust in the channel.
Hotlines and ethics portals are read as corporate surveillance. When employees don’t trust the channel, they don’t use it. Zero reports can mean zero trust.
Cultural normalization.
In many markets, payments to officials or informal facilitation are treated as ordinary business costs. Employees don’t report what they don’t recognize as wrongdoing.
People tell the truth where trust exists. We build that trust before problems start.
Book a Discovery Call →A structured, relationship-based intelligence layer.
Three components, sustained over months rather than weeks, designed to reach the people who know but have not said.
Trusted sources, not org-chart contacts.
Working with regional leadership, we identify individuals whose peers already trust them — across functions, levels, and locations. Credibility is the starting point, not seniority.
Sustained relationships, over months.
Not single interviews. Over time we develop genuine familiarity with each source, establishing the safety and trust honest disclosure requires. The relationship is the instrument.
Structured intelligence conversations.
Not audits, not investigations. Designed to surface early signals: pressure, anomalies, behavioral changes, and silence where there should be noise.
Intelligence that does not exist elsewhere in your program.
Pressure signals.
Employees facing implicit or explicit pressure to participate in misconduct — before it becomes misconduct. The moment a compliance program can actually prevent something.
Hidden patterns.
Conduct that is known internally but undisclosed through fear, normalization, or distrust of channels. The gap between what happened and what the program saw.
Predictive conditions.
Leadership behaviors, regional norms, and silence patterns that reliably precede problems. Early data on where the next issue is likely to originate — and when.
Culture surveys measure what employees will say. Trust determines what they will disclose.
The gap between the two is where problems accumulate. Most conventional programs cannot look there.
Strong scores. Zero reports. Leaders confident.
This is where issues accumulate — and where conventional programs structurally cannot look.
High culture, high trust. Issues surface naturally.
Your existing program works here. These regions take care of themselves.
Low culture, low trust. Active misconduct likely.
Signals are detectable, but only with focused intervention. Hotlines will continue to be silent.
Lower culture, but employees still speak up.
Problems tend to surface through normal channels and are addressable through existing program infrastructure.
A program that looked clean. It wasn’t.
Strong compliance metrics. Few hotline reports across Southeast Asian subsidiaries over eighteen months. Annual culture survey rated the region 4.2 out of 5.0. The program showed nothing unusual.
Trust scores told a different story. Through embedded relationship conversations, practitioners identified a pattern: systematic payments to customs officials, known to regional management, treated as a normal cost of operations — and never reported.
The company self-reported under the DOJ FCPA pilot program. Criminal prosecution avoided. Remediation implemented with board oversight. Estimated avoided liability: $30M–$50M.
The bar has moved. The exposure has not.
DOJ now evaluates whether a compliance program actually detects things — not whether policies exist and training was completed. Four shifts reshaping the cost of standing still.
DOJ’s compliance bar has shifted.
Regulators now evaluate whether a program actually detects things — not whether policies exist and training was completed. A program that produces clean survey scores but never surfaces anything no longer passes that test.
FCPA enforcement continues — regardless of administration.
A change in administration is not the same as a change in enforcement. Foreign regulators — UK SFO, European authorities — operate independently of U.S. political cycles. Companies that have quietly lowered their guard are taking on real, unpriced exposure.
The risk is where you already operate.
India, China, Latin America, the Middle East, Africa. The same regions in the Stanford FCPA data are the regions you are already in. You have the exposure. The question is whether you find it, or the government does.
This program generates the evidence a DOJ review asks for.
The updated ECCP guidance asks whether your program is “adequately resourced and empowered to function effectively.” Documented relationship networks, structured intelligence conversations, and early detection records answer that question directly. Hotline logs alone do not.
Getting to the truth earlier.
Before it becomes a real problem.
We’d welcome the chance to walk through what this looks like for your specific operations and risk profile.
- kbrenner@globallinklaw.com
- +1 (215) 770-6828
-
326 West Lancaster Ave #301
Ardmore, PA 19003 USA
Strategic Legal Counsel for Healthcare & Health Technology
Your organization faces legal and regulatory complexity that demands more than outside counsel — it demands a partner who has sat on your side of the table.
From government investigations and FCPA matters to healthcare M&A and payer contracting, we’ve handled it from the inside and from the courtroom.
Whether you need fractional leadership, transactional support, or a defensible compliance framework, we deliver counsel built around what the business actually needs. What sets us apart is real-world in-house experience — our partners have served in senior legal roles within large and publicly traded companies, giving them a direct understanding of what business leaders and boards actually need from legal counsel.