As organizations rapidly adopt artificial intelligence, many are overlooking a critical exposure point: third-party AI risk. Companies are not just deploying AI internally—they are increasingly relying on vendors, platforms, and service providers that embed AI into their offerings. From SaaS providers using generative AI to analytics vendors deploying machine learning models, AI risk is now embedded across the third-party ecosystem. This creates a fundamental shift...

The U.S. State Department’s Directorate of Defense Trade Controls (DDTC) recently imposed a $36 million penalty on General Electric (GE) for widespread violations of the International Traffic in Arms Regulations (ITAR). The enforcement action highlights persistent compliance failures across multiple dimensions — including technical data exports, licensing errors, and internal control breakdowns — and serves as a critical reminder of the risks companies face in...

As companies accelerate adoption of artificial intelligence tools across business functions, one reality is becoming increasingly clear: AI risk is not theoretical—it is operational, immediate, and enterprise-wide. From generative AI tools used in marketing and legal functions to machine learning embedded in products and decision-making systems, organizations face a rapidly evolving risk landscape that cuts across privacy, cybersecurity, intellectual property, employment law, and regulatory compliance....

The Treasury Department, through a coordinated rulemaking effort involving OFAC and FinCEN, has taken a significant step toward formalizing anti-money laundering and sanctions compliance expectations for a rapidly evolving segment of the financial services industry—permitted payment stablecoin issuers. The recently issued Notice of Proposed Rulemaking reflects a deliberate attempt to bring these entities squarely within the ambit of the Bank Secrecy Act framework, while at...

The Department of Justice’s recent declination in the Balt Medical matter provides another important data point in understanding how DOJ is applying its updated Corporate Enforcement and Voluntary Self-Disclosure Policy in practice. While declinations are always fact-specific, this letter offers a textbook example of how a company can navigate a significant FCPA issue and still avoid criminal prosecution. The declination letter, issued to Balt SAS,...

On April 7, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) unveiled a sweeping proposed rule aimed at modernizing anti-money laundering and countering the financing of terrorism (AML/CFT) compliance obligations under the Bank Secrecy Act (BSA). The proposal, developed in coordination with federal banking regulators, reflects a significant evolution in how regulators evaluate compliance programs, enforce obligations, and encourage innovation. At...