As companies accelerate adoption of artificial intelligence tools across business functions, one reality is becoming increasingly clear: AI risk is not theoretical—it is operational, immediate, and enterprise-wide. From generative AI tools used in marketing and legal functions to machine learning embedded in products and decision-making systems, organizations face a rapidly evolving risk landscape that cuts across privacy, cybersecurity, intellectual property, employment law, and regulatory compliance....

The Treasury Department, through a coordinated rulemaking effort involving OFAC and FinCEN, has taken a significant step toward formalizing anti-money laundering and sanctions compliance expectations for a rapidly evolving segment of the financial services industry—permitted payment stablecoin issuers. The recently issued Notice of Proposed Rulemaking reflects a deliberate attempt to bring these entities squarely within the ambit of the Bank Secrecy Act framework, while at...

The Department of Justice’s recent declination in the Balt Medical matter provides another important data point in understanding how DOJ is applying its updated Corporate Enforcement and Voluntary Self-Disclosure Policy in practice. While declinations are always fact-specific, this letter offers a textbook example of how a company can navigate a significant FCPA issue and still avoid criminal prosecution. The declination letter, issued to Balt SAS,...

On April 7, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) unveiled a sweeping proposed rule aimed at modernizing anti-money laundering and countering the financing of terrorism (AML/CFT) compliance obligations under the Bank Secrecy Act (BSA). The proposal, developed in coordination with federal banking regulators, reflects a significant evolution in how regulators evaluate compliance programs, enforce obligations, and encourage innovation. At...

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued an Order resolving an administrative enforcement action involving Coastal PVA Technology, Inc., a California-based manufacturer of polyvinyl alcohol (“PVA”) brushes used in semiconductor manufacturing processes. The action arises under the Export Administration Regulations (“EAR”) and follows the issuance of a Proposed Charging Letter alleging multiple violations stemming from exports to restricted parties in...

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”), through its Office of Antiboycott Compliance, recently issued an Order resolving an administrative enforcement action involving Thales Defense & Security, Inc. arising under the antiboycott provisions of the Export Administration Regulations (“EAR”). The matter stems from conduct occurring in 2019 in connection with a transaction involving the United Arab Emirates and resulted in the...

On March 27, 2026, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued an Order resolving an administrative enforcement matter involving Solventum Corporation of St. Paul, Minnesota, arising under the Export Administration Regulations (“EAR”). BIS had previously notified Solventum of its intent to initiate administrative proceedings through the issuance of a Proposed Charging Letter alleging two violations of the Regulations. The matter...

For years, the Department of Justice has tried to sharpen a simple message: companies that voluntarily disclose misconduct, cooperate fully, remediate effectively—and identify responsible individuals—can earn significant credit, including declinations. The recent Balt matter is one of the clearest examples yet of that policy in action. On the one hand, DOJ issued a declination to Balt, a medical device company, despite a multi-year bribery scheme...

For years, compliance programs have operated like rearview mirrors. They looked backward, reviewed what already happened, and responded after risks had materialized. That approach is now obsolete. In today’s environment, where regulatory change moves quickly, business operations span multiple jurisdictions, and risk signals emerge from massive volumes of data, reactive compliance is a losing strategy. Companies need compliance programs that can anticipate, prioritize, and respond...

Artificial intelligence is no longer a future concept or a side experiment. It is here, and companies across every sector are racing to deploy AI tools in compliance, legal, finance, HR, procurement, cybersecurity, customer service, and operations. That creates opportunity, but it also creates risk. Too many organizations are approaching AI adoption with a mix of excitement, pressure, and improvisation. That is a mistake. AI...