I recently had the pleasure of moderating a roundtable forum in New York on supply chain compliance, and the debate turned to a theme I often hear at these discussions: How far should your compliance program go to please government regulators?
On one side were the realists, arguing that no compliance program can stop all misconduct, so you simply need to demonstrate that your program makes a competent and good faith effort. Then there were the cynics, arguing that government regulators will use any incident of non-compliance they find to wring some sort of concession out of you, so you need to catch them all.
