Featured Articles:

Regulators Want Proof It Works

If your third-party risk management program uses annual questionnaires and spreadsheets, your program is already obsolete. The third-party risk environment has fundamentally changed. It used to focus on financial stability, insurance, and basic due diligence. Today, your vendors create exposures to AI risks, cybersecurity threats, sanctions violations, privacy failures, supply chain disruptions, and regulatory enforcement. Regulators are no longer asking whether you have a third-party...

Corruption’s Invisible Tax: How Government Rot Drains the Economy and Destroys Ordinary Lives (Part I of III)

Corruption is not a victimless crime. It is not an abstraction confined to bad actors in distant governments or kleptocratic regimes we read about in Foreign Affairs. It is a pernicious, systemic force that imposes a brutal and largely invisible tax on every citizen — on the price of medicine, the quality of roads, the fairness of a business license application, and the prospects of...

Webinar: Internal Investigations in the Age of AI: New Tools, New Risks, New DOJ Expectations

Tuesday, September 8, 2026 12 noon EST Sign Up HERE Artificial intelligence is rewriting the internal investigation playbook — and the Justice Department is watching. DOJ’s Evaluation of Corporate Compliance Programs directs prosecutors to ask how companies assess AI risks, whether compliance functions have real access to data and analytics resources, and what controls exist to prevent the “deliberate or reckless misuse” of new technologies....

Episode 432 — OFAC and OFSI Send a Clear Message: Global Sanctions Compliance Has Entered a New Era

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the UK’s Office of Financial Sanctions Implementation (OFSI) recently issued joint guidance comparing their respective sanctions regimes. While the document provides a useful overview of similarities and differences, it also sends a much broader message: international sanctions enforcement is becoming increasingly coordinated. In this episode, Michael Volkov examines why multinational companies should move beyond...

The Devil Is in the Details: Five Critical Differences Between OFAC and OFSI Regulations

“It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” — Mark Twain One of the biggest mistakes multinational companies make is assuming that U.S. and UK sanctions compliance are essentially the same. They’re not. Last week’s joint guidance issued by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the UK’s...

Your Vendors Have Vendors

Many companies carefully review each and every vendor. Almost none review their vendor’s vendor. This creates one of the biggest blind spots in modern risk management. Your payroll vendor may use a third-party AI provider. Your software company may rely on multiple subcontractors. Your logistics provider may depend on dozens of suppliers across the globe. Every one of these relationships creates additional risk. Cybercriminals are...

OFAC and OFSI Send a Clear Message: The Atlantic Ocean Is No Longer an Enforcement Barrier

“However beautiful the strategy, you should occasionally look at the results.” — Winston Churchill For years, multinational companies have been hyper-focused on OFAC sanctions compliance. The UK sanctions regime was relatively quiet in impact until the global Russian sanctions hit. Now, the world has changed in many respects in the sanctions arena. Last week, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and...

Episode 431 — Bosch Pays $43 Million for Illegal Huawei Exports

Bosch agreed to pay more than $43 million in penalties and disgorgement for illegally exporting products and software to Huawei in violation of U.S. export control laws, while simultaneously receiving the first declination issued under DOJ’s revised National Security Division Corporate Enforcement Policy. In this episode, Michael Volkov examines the enforcement action, the compliance failures that led Bosch to misunderstand and misapply the Foreign Direct...

Happy Fourth of July: Celebrating America’s 250th Birthday

This Fourth of July is unlike any other. Two hundred and fifty years ago, a group of determined individuals gathered in Philadelphia and declared their independence, committing to a set of ideals that continue to define our nation: liberty, equality, and justice under the rule of law. As we celebrate America’s Semiquincentennial, it is worth pausing to reflect on what this milestone represents. Our nation’s...

Who Owns Third-Party AI Risk?

When it comes to third-party vendors, what you don’t know is hurting you. Third parties rely on AI for customer service, recruiting, compliance screening, marketing, and decision-making. But when a third party uses AI, your organization is on the hook for legal, regulatory, contractual, and reputational risks. Organizations need to understand which third parties use AI, what tools they use, what data is being shared,...