The most important aspect of DOJ’s revised Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy may be its unmistakable message to compliance professionals: a compliance program will be judged not by what it says on paper, but by whether it can drive fast, credible, and measurable action when misconduct is uncovered. This is where the unified policy has real day-to-day significance for companies. For years,...

The Department of Justice has now unified and revised its approach to corporate enforcement in a way that deserves close attention from corporate boards, general counsel, compliance officers, and white collar defense counsel. With its issuance of the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy, DOJ has attempted to bring greater transparency and consistency to a subject that has too often depended on discretionary,...

Maintaining regulatory compliance has never been easy. Today, it is becoming even harder. Financial institutions and other regulated businesses are facing a steady wave of new laws, guidance, enforcement priorities, and supervisory expectations. The challenge is no longer limited to digesting a few major rule changes each year. Instead, compliance teams are being forced to manage a continuous stream of smaller, interconnected updates arriving from...

The final quarter of 2025 produced a modest resurgence in Foreign Corrupt Practices Act (FCPA) activity following the administration’s June 2025 FCPA guidelines. Whether that uptick signals a sustained enforcement trend remains uncertain. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continue to balance FCPA enforcement against other national priorities, and senior officials have issued at times inconsistent public statements regarding enforcement...

Each year, LRN’s Ethics & Compliance Program Effectiveness Report provides one of the most useful snapshots of the global compliance profession. The 2026 report—“The Next Leap: Technology, Trust, and the Transformation of Compliance”—again offers valuable insight into how corporate ethics and compliance programs are evolving amid rapid technological change, new regulatory expectations, and shifting workplace culture Based on surveys of more than 2,500 compliance professionals...

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has imposed a $374,474 civil penalty against California-based satellite technology supplier Vizocom for unlawfully exporting controlled technical data related to military antennas to a Chinese manufacturer. Although framed as a single Export Administration Regulations (EAR) violation, the enforcement action carries outsized compliance lessons — particularly for defense contractors navigating cost pressures, supply chain decisions,...

Third-party risk management is undergoing a fundamental shift. For years, companies built their programs around familiar categories—corruption risk, sanctions exposure, data privacy, financial stability, legal compliance, and reputational concerns. Those risks still matter. But they are no longer enough. Today, any serious third-party risk management program has to integrate artificial intelligence risk, cybersecurity risk, and broader technology risk into its core framework. This is no...

For years, I have consistently pushed organizations and compliance professionals to embrace technology and automated solutions as a core component of an effective ethics and compliance program. That message is even more urgent today. Let me put it bluntly: if your compliance program is not automated in key areas, you do not have an effective compliance program—by definition. The compliance environment has changed dramatically. Companies...

The U.S. government has issued significant new guidance clarifying how sanctions and export controls apply to certain oil-related transactions involving Cuba. In coordinated actions, the Office of Foreign Assets Control (OFAC) announced a new “favorable licensing policy” for specific resales of Venezuelan oil to Cuba, while the Bureau of Industry and Security (BIS) issued interpretive guidance regarding the availability of license exceptions under the Export...

As 2026 unfolds, the global cyber threat landscape is rapidly evolving — driven by accelerating attacker sophistication, geopolitical pressures, and, above all, the rise of artificial intelligence as both a tool and a target. The recently released 2026 CrowdStrike Global Threat Report highlights a stark shift: adversaries are no longer only exploiting technical vulnerabilities. They are leveraging AI to supercharge attacks, compress response windows, and...