For boards and audit committees, culture should be viewed not as an abstract value but as a core internal control—often the most effective one. Traditional controls are necessary but limited. Policies cannot anticipate every scenario. Monitoring systems detect only what they are designed to see. Audits are retrospective. Culture, by contrast, governs behavior when controls are weakest: in gray areas, under pressure, and in decentralized...

Ethics and integrity are often framed as compliance values—important, necessary, but ultimately subordinate to financial performance. That framing misunderstands the role culture plays in sustainable value creation. A strong culture of ethics and integrity is not a cost center or a regulatory hedge; it is a strategic asset that directly influences long-term financial performance, risk stability, and organizational resilience. Organizations with well-developed ethical cultures benefit...

The Commerce Department’s Bureau of Industry and Security (BIS) has sent an unmistakable message to the semiconductor industry: creative interpretations of the Export Administration Regulations (EAR) will not shield companies from significant enforcement risk. Recently. BIS imposed a $252 million penalty against Applied Materials — the second-largest fine in the agency’s history — for illegally exporting semiconductor manufacturing equipment to China’s Semiconductor Manufacturing International Corp....

FINRA’s recent $10 million enforcement action against First Trust Portfolios L.P. sends a clear and unmistakable message to financial services firms: hospitality and gifts remain a high-risk compliance area, particularly when they are excessive, repetitive, poorly tracked, or—most critically—linked to sales performance. The case reflects FINRA’s renewed focus on non-cash compensation practices and demonstrates how seemingly routine entertainment can evolve into a systemic compliance failure...

The most dangerous compliance mistake in 2025 is assuming that fewer enforcement actions mean less exposure. FCPA risk is driven by business operations and control weaknesses, not enforcement statistics. The 2025 enforcement landscape underscores why compliance programs must remain vigilant—even in a slower year. Third parties remain the dominant risk Agents, distributors, consultants, and local intermediaries continue to generate the majority of FCPA exposure. Declinations...

FCPA enforcement in 2025 was defined by what did not happen as much as what did. Compared to prior years, the number of publicly announced cases declined sharply, corporate resolutions were fewer, and the overall enforcement posture appeared more restrained. This slowdown, however, reflects a policy recalibration—not a dismantling—of the FCPA enforcement regime. Early in the year, DOJ paused FCPA enforcement activity while it reviewed...