Skip to content
The recent Ethixbase360 webinar, Reputational Risk and Third-Party Exposure: Compliance Lessons from the Epstein Files, explored what one of the most high-profile reputational scandals in recent history can reveal about modern compliance, due diligence, and third-party risk management.
Moderated by Virna Di Palma, Head of Global Content and Brand at Ethixbase360, the discussion featured Dan Seltzer, Partner at Frost LLP and Matt Kelly, Editor & CEO of Radical Compliance. Together, they examined how reputational risk moves through networks, why obvious red flags are often ignored, and what compliance leaders should be doing differently.
One of the clearest themes from the discussion was that reputational risk rarely sits neatly within contracts or formal vendor relationships.
“Risk lives in relationships, not just contracts,” said Di Palma during the webinar. “If your due diligence framework only covers entities you pay, or who pay you, it is likely missing a significant portion of your organization’s actual exposure.”
The panelists emphasized that the Epstein case was not primarily a failure of information gathering. Much of the relevant information was already public and widely known. The challenge was how organizations interpreted, minimized, or failed to escalate those risks.
“The problem wasn’t that nobody knew,” said Kelly. “It was that people rationalized obvious red flags because the relationships involved powerful individuals.”
The discussion also highlighted how expectations around due diligence and continuous monitoring have evolved. Organizations are increasingly expected not only to screen third parties at onboarding, but to continuously reassess relationships as public information, influence, and risk exposure change over time.
“Due diligence is no longer a one-time exercise,” said Seltzer. “Relationships evolve, and organizations need monitoring frameworks that can identify when the nature of a relationship — or the risk attached to it — has materially changed.”
Another major focus was the growing gap between formal ownership analysis and the reality of influence-based risk. The speakers noted that many of today’s reputational and sanctions-related risks sit not within clear legal ownership structures, but within informal networks, influence relationships, and access.
“Ownership thresholds alone are not enough,” Di Palma noted. “Organizations increasingly need visibility into influence, control, and networks that sit outside formal structures.”
Finally, the webinar addressed one of the most difficult issues for compliance leaders: how to handle reputational risk involving senior executives or board members.
“If employees believe there’s a privileged class within the organization that the rules don’t apply to, your ethical culture is done,” said Kelly. “That’s the risk companies need to think about most seriously.”
Seltzer added that escalation mechanisms and governance structures must be designed before a crisis emerges. “You need protocols that allow concerns involving senior leadership to be raised and addressed independently and consistently,” he said.
The discussion reinforced that while organizations cannot eliminate all reputational risk, they can build more defensible compliance frameworks through stronger escalation processes, continuous monitoring, broader definitions of third-party exposure, and a culture where ethical standards apply consistently at every level of the organization.
To learn more, watch the on-demand recording, and also look out for our upcoming article in Ethisphere later this month, where we’ll dive deeper into additional compliance and due diligence takeaways from the webinar.