RSS Feed
Friday, June 12, 2026
Iratxe Gurpegui

DOJ FCPA priorities in 2025: what to expect in 2026

If you support a France or Spain headquartered group with any US touchpoints (US investors, US subsidiaries, USD payments, US-listed securities, or business routed through the US financial system), the US Department of Justice (DOJ) still matters for your anti-corruption program,

Friday, June 12, 2026
Iratxe Gurpegui

7 blind spots to avoid if you want to build a risk-based anti-bribery program

Most bribery risk maps fail in a predictable way: they look complete, but they do not explain how bribery could realistically happen in your workflows, and they do not produce evidence that your controls actually operate.

Friday, June 12, 2026
Iratxe Gurpegui

Loi Sapin II control evidence: What AFA expects to see

The AFA doesn't want your policy. It wants your evidence. The email lands on a Tuesday at 5:43 PM. "Please provide evidence of your internal control plan and its execution." You have a code of conduct. A risk map. A polished slide deck.

Friday, June 12, 2026
Iratxe Gurpegui

Loi Sapin II risk mapping that actually survives an AFA audit

The first time the AFA asks, "how did you score this risk?", the room goes quiet. Not because the team did nothing. Because the risk map was built like a workshop deliverable, not like an auditable decision.

Monday, June 1, 2026
Iratxe Gurpegui

Compliance automation without losing control

The worst moment to discover your compliance automation is out of control is during an audit, when someone asks why a third-party approval was cleared and nobody can explain the path. I have seen this movie. A workflow exists. Reminders were sent. A dashboard is green.