Corruption Crime & Compliance

Your company uncovers a massive criminal scheme.

Are you gonna go down with the ship or are you gonna grab onto the lifeboat that the Justice Department has sent your way?

The era of big corporate fines is over, and you have to make sure that you get your company through this without a big fine.

What do you do?

The Justice Department's corporate enforcement policy has been revised, and it makes it very clear you have to:

So approximately 10-20% of your third parties are going to present serious AI risks. How do you mitigate those risks? Here's what you do.

One, you assess your needs and identify the risk calculation for each of your third parties, and then you seek two fundamental solutions.

Two, contractual provisions are critical, and there's 6 of them that you need. You have to restrict data use so that it's in accordance with:

In this episode of Corruption, Crime, and Compliance, Michael Volkov interviews Kilby Macfadden, J.D., CCEP, Managing Director and Associate General Counsel at KPMG LLP, where she serves as Head of Investigations overseeing complex ethics, compliance, and enterprise risk matters. Drawing on her extensive experience in government enforcement and corporate compliance, Kilby discusses the growing importance of organizational justice, building employee trust in internal reporting systems, and creating fair, transparent, and consistent investigation processes. The conversation explores evolving expectations from the U.S. Department of Justice regarding speak-up cultures, investigative independence, and accountability, while also examining practical strategies for...

In this episode, we examine how organizational justice and effective internal investigation systems sit at the core of the U.S. Department of Justice evaluation of corporate compliance programs. Drawing on benchmarking data from NAVEX Global and research from George Washington University, we explain why strong speak-up cultures generate more internal reports, detect misconduct earlier, and reduce enforcement risk. We also outline DOJ expectations for timely, independent, and consistent investigations, and provide practical guidance on building oversight, discipline frameworks, and monitoring systems that reinforce trust, fairness, and accountability across the organization.

Everyone is using AI, including your third parties. Could that land you into legal trouble? Absolutely.

So what are your third party AI risks?

These include the standard list, data privacy risks, lack of transparency, bias and discrimination, IP and content, and of course regulatory risks.

So, what can your third party do that gets you into the hot water?

Well, they could be a SAS provider who integrates generative AI into their platform.

...

In this episode, Michael Volkov analyzes the May 1 executive order signed by Donald Trump expanding U.S. sanctions targeting Cuba. The discussion highlights the order’s broad scope, including new authorities to sanction actors involved in key economic sectors, corruption, and human rights abuses, as well as its extension of secondary sanctions risk to foreign financial institutions. With increasing convergence between sanctions, anti-corruption, and human rights enforcement, the episode outlines key compliance challenges and practical steps companies must take to manage heightened global risk exposure.

When it comes to trade compliance, don't let the Justice Department make an example out of you and your company.

Build an effective trade compliance program. Here are the steps.

Step 1, get the buy-in from leadership. That means your board of directors and your senior executives.

Number 2, always do a risk assessment and update it. Look at your export and import risks, identify those that are significant.

And adopt and rebuild your policies and procedures. That's number 3.

<...

In this episode of the Corruption, Crime & Compliance podcast, Michael Volkov explores the growing risks associated with third-party use of artificial intelligence and why companies must update their vendor due diligence and onboarding processes. As AI becomes embedded in SaaS platforms, analytics tools, and service providers, organizations are increasingly exposed to risks they may not fully understand or control—including data leakage, lack of transparency, bias, regulatory liability, and intellectual property concerns. Volkov outlines practical steps to address these challenges, including enhancing due diligence with AI-specific inquiries, strengthening contractual protections, and implementing ongoing monitoring of vendor AI use. The ke...

Is your trade compliance program low hanging fruit for the Department of Justice and the regulatory agencies?

The Justice Department and regulators are focused on enforcement.

Civil and criminal penalties are increasing on the import side, tariffs are now a regulatory focus and also a Justice Department focus with regard to the False Claims Act.

Criminal and civil penalties are coming.

On the export side, traditional regulatory requirements from OLFAC from BIS are now fertile ground for criminal cases...

In this episode of the Corruption, Crime & Compliance podcast, Michael Volkov examines how companies can design and implement a best-in-class AI Use Policy to manage the rapidly evolving risks associated with artificial intelligence. As organizations deploy AI tools across business functions, Volkov explains why traditional governance approaches fall short and outlines a practical framework for effective oversight, including risk-based classification of AI use cases, strict data protection controls, human accountability, and safeguards against bias and discrimination. He emphasizes the importance of cross-functional governance, employee training, and continuous monitoring, highlighting that AI policies must be operational, not theoretical. The episode’s...

It's tempting to cut ethics and compliance in this time. But that would be a mistake.

Ethics and compliance provide important fundamental values that in the end make a company more profitable.

They promote employee well-being, employee engagement, and makes sure that employees have a vested interest in their company.

This is not the time to start jeopardizing those important values.

So keep the message going - ethics and compliance are positive to the revenue bottom line.

<...

FinCEN’s April 2026 proposed rule marks a major shift in AML/CFT compliance by redefining how programs are evaluated, enforced, and managed under the Bank Secrecy Act. In this episode, Michael Volkov breaks down the proposal’s most significant changes, including the new two-pronged framework distinguishing program design from implementation, a higher threshold for enforcement focused on systemic failures, and expanded expectations for risk-based compliance and governance. The rule also encourages the use of innovative technologies like artificial intelligence while requiring stronger board oversight and U.S.-based compliance leadership. With a 12-month implementation timeline and a clear push towa...

Your board thinks compliance is a cost center. Here's the research that proves them wrong and how to make sure they know it.

Want help making the case for compliance at the top? Visit volkovlaw.com

Here are 3 more reasons you may think twice about letting ChatGPT run your compliance program.

First, content monitoring.

The content that you generate through ChatGPT or any AI service can raise real risks with regard to improper intellectual property, data privacy risks where you name certain individuals or name certain identifiers, and most importantly, remember your third-party risks.

When it comes to AI, you're using vendors, and those vendors have their own AI policies, and you need to analyze and mitigate those risks as...

Artificial intelligence is rapidly transforming business operations—but it is also introducing a new generation of legal, ethical, and compliance risks. In this episode, we explore how AI risk is accelerating across organizations, from data leakage and bias to over-reliance on flawed outputs and hidden third-party exposure. Drawing on real enforcement trends and practical examples, we explain why AI risk is fundamentally a human and governance issue—not just a technology challenge—and why companies must adopt a risk-based approach that distinguishes between high- and low-risk AI use cases. This episode outlines the core elements of an effective AI compli...

Are you actually thinking of turning over your compliance program to ChatGPT? If so, you need to listen to this.

AI has to be implemented in a methodical way, a step-by-step program. So let's talk about those steps.

First, you need a governance structure, meaning you have to have an organization responsible across the entire organization for all your uses of AI.

Second, like every issue that we deal with in ethics and compliance, you need a risk assessment. And you need to look...

In this episode, we examine the Department of Justice’s declination in the Balt Medical case—a textbook example of how DOJ is applying its Corporate Enforcement Policy in practice. Despite a multi-year foreign bribery scheme involving payments to a physician at a state-owned hospital, DOJ declined to prosecute the company based on its timely self-disclosure, full cooperation, and effective remediation. But the real story lies in DOJ’s simultaneous prosecution of two individuals who allegedly orchestrated the scheme, highlighting the central role of individual accountability in earning cooperation credit. This episode unpacks how companies must now “connect the dots” fo...

In this episode, we break down the sweeping shift in U.S. sanctions policy toward Venezuela following the 2026 political transition and the issuance of multiple new general licenses by the Office of Foreign Assets Control. While the U.S. has opened the door to significant commercial activity—particularly in oil, gas, and minerals—this is not a full lifting of sanctions but a highly conditional framework with strict compliance guardrails. Companies can now engage in transactions involving Venezuelan energy and infrastructure, but must navigate complex restrictions, reporting obligations, and geopolitical limitations, including prohibitions involving Russia, Iran, and China-linked entities. This...

The final quarter of 2025 produced a modest resurgence in Foreign Corrupt Practices Act (FCPA) activity following the administration’s June 2025 FCPA guidelines. Whether that uptick signals a sustained enforcement trend remains uncertain.

But one theme remains clear: individual FCPA enforcement is alive and well.

While corporate resolutions may benefit from evolving DOJ policy and a renewed emphasis on negotiated dispositions, individuals continue to face indictment, trial, sentencing, forfeiture, and reputational destruction

In this episode of Corruption, Crime and Compliance, Michael Volkov sits down with entrepreneur and innovator Paul Allen, founder of Ancestry.com and Soar.com, to explore the evolving intersection of artificial intelligence, governance, and public trust. Paul shares insights from his latest venture, CitizenPortal.ai, an AI-powered civic intelligence platform aimed at making government activity more transparent, accessible, and accountable to everyday citizens. The conversation moves beyond hype, focusing on how AI can strengthen—not replace—democratic institutions through constrained, verifiable systems that enhance understanding and engagement. With a thoughtful and pragmatic lens, Paul discusses the risks, opportunities, and...

The U.S Department of Commerce announced two settlements recently involving export control enforcement actions.

First, the Department of Commerce’s Bureau of Industry and Security (BIS) imposed a $374,474 civil penalty against California-based satellite technology supplier Vizocom for unlawfully exporting controlled technical data related to military antennas to a Chinese manufacturer.

Second, (BIS) imposed a $1 million civil penalty against Teledyne FLIR, a U.S. manufacturer of thermal imaging cameras, for multiple violations of the Export Administration Regulations (EAR) involving exports to China and Hong Kong. The enforcement action highlights a...

In this episode, I sit down with Matthew Campbell, whose decades-long effort to seek answers about the death of his brother in the World Trade Center has now reached the doorstep of the Supreme Court of the United Kingdom.

This is not a case about liability for the September 11 attacks. Instead, it raises a fundamental constitutional question: can the UK government refuse to reopen an inquest—without meaningful judicial oversight? After the Attorney General denied Campbell’s request for a fresh inquest based on what he argues is new evidence, UK courts largely closed the...

Vera is a Chartered Accountant, Certified Internal Auditor, and award-winning Ethics and Compliance expert who writes and speaks about philosophy, business ethics, compliance, risk, and governance.

She is the Executive Director of Boards of the Future™, a non-profit that works with corporate boards globally to advocate for stronger ethics, risk, and compliance backgrounds.

She spends time between Milan and Los Angeles and serves as a Chair, director, and ethics advisor for global professional bodies, corporations, and international nonprofits.

Anik A. Shah is Director & Sr. Legal Counsel, Anti-Bribery and Anti-Corruption, at Sandisk, a global semiconductor manufacturer. Anik has more than 15 years of compliance, investigations, regulatory, and law enforcement experience.

Anik started his career at the U.S. Securities and Exchange Commission (SEC), where he investigated anti-fraud, anti-bribery, and other violations by multi-national financial institutions and technology companies and their executives.

At the SEC, Anik routinely partnered with law enforcement and regulatory authorities throughout the U.S. and in Europe, Africa, and Asia on multi-jurisdictional investigations and enforcement. He...

Each year, LRN’s Ethics & Compliance Program Effectiveness Report provides one of the most useful snapshots of the global compliance profession. The 2026 report—“The Next Leap: Technology, Trust, and the Transformation of Compliance”—again offers valuable insight into how corporate ethics and compliance programs are evolving amid rapid technological change, new regulatory expectations, and shifting workplace culture.

Based on surveys of more than 2,500 compliance professionals and employees worldwide, the report paints a picture of a profession that is progressing—but unevenly. Compliance programs are becoming more sophisticated and technologically enabled, yet many organizations are still strugg...

The Commerce Department’s Bureau of Industry and Security (BIS) has sent an unmistakable message to the semiconductor industry: creative interpretations of the Export Administration Regulations (EAR) will not shield companies from significant enforcement risk.

BIS imposed a $252 million penalty against Applied Materials — the second-largest fine in the agency’s history — for illegally exporting semiconductor manufacturing equipment to China’s Semiconductor Manufacturing International Corp. (SMIC), an Entity List company since 2020. The size of the penalty alone warrants attention. But the facts and legal analysis underlying the case provide even more important compliance lessons.

Episode 395 of Corruption, Crime and Compliance features an in-depth conversation with Bob Lemmond, the new CEO of LRN, on the evolving role of ethics and compliance in today’s risk environment. In this episode, Bob discusses how organizations can move beyond “check-the-box” compliance to embed a culture of integrity that drives performance, mitigates misconduct risk, and strengthens stakeholder trust. He shares his perspective on the growing complexity of global regulatory expectations, the importance of leadership tone and middle-management engagement, the integration of technology and data analytics into compliance programs, and the measurable business value of ethical culture. The discussion offers...

FCPA enforcement in 2025 was defined by what did not happen as much as what did. Compared to prior years, the number of publicly announced cases declined sharply, corporate resolutions were fewer, and the overall enforcement posture appeared more restrained. This slowdown, however, reflects a policy recalibration—not a dismantling—of the FCPA enforcement regime.

Early in the year, DOJ paused FCPA enforcement activity while it reviewed policy priorities. That pause, followed by the issuance of revised enforcement guidance mid-year, produced a measurable decline in announced actions. Several investigations slowed, at least one long-running prosecution was...

Earlier this year, the Securities and Exchange Commission (SEC) charged Archer-Daniels-Midland Company (ADM) and three of its former executives with accounting and disclosure fraud, in what has become one of the most significant financial reporting enforcement actions of 2026. The case underscores a fundamental compliance truth: strong internal controls and transparent disclosures are not optional — they are core risk mitigants that protect investors, markets, and corporate reputations.

At its core, the ADM matter highlights how breakdowns in accounting controls and disclosure practices — even when aimed at projecting performance — can quickly spiral into regulatory enforcement, civil penalties, and individual liabil...

Conflicts of interest are not abstract compliance niceties. They are serious risks to integrity that, if left unidentified or unmitigated, can erode employee trust, compromise decision-making, and expose organizations to regulatory enforcement, litigation, and reputational harm. Recent high-profile scandals involving relationships between supervisors and subordinates have underscored how personal conflicts can quickly morph into enterprise-wide compliance failures when controls, oversight, and ethical culture are weak.

A conflict of interest program, when thoughtfully designed and actively managed, is far more than a static policy on a shelf. It is a risk identification and mitigation engine...

The Justice Department has increased False Claims Act prosecutions, reflecting a continued focus on healthcare fraud and a new initiative on trade fraud. DOJ announced the largest annual recovery figure in the FCA's history -- $6.8 billion in settlements and recoveries. 

FCA whistleblowers filed a record number of new cases -- 1,297 lawsuits and the government initiated 401 investigations. Since 1986, DOJ has recovered a total in excess of $85 billion.

DOJ is taking full advantage of the power provisions of the FCA that include treble damages, broad liability coverage, and favorable amendments adopted to increase gover...

From my perspective, hopefully a reasonable one, there is a little too much AI-Risk Hype. Not to belittle the experts or ignore potential risk concerns but this is getting a little carried away. 

The compliance industry appears to be taken over by AI-this and AI-that. Third party risk bleeds into major AI risks, corporate governance needs to incorporate AI risks, and policies and procedures have to incorporate AI risks, while of course no risk assessment is worth its sale unless there is a discussion of dramatic AI risks.

My first response is wh...

The most significant compliance and enforcement issue remains trade enforcement -- sanctions and export controls. In the second posting, I want to focus on the new and interesting development in this area: the use of the False Claims Act to capture violations of tariffs and customs duties.

With all the hype on the trade compliance front, when you calculate the numbers relating to criminal enforcement, 2025 was a slower year than 2024. That is understandable since there is always a hiccup or delay when a new Administration takes power. 

From the administrative standpoint, howev...

Scott Greytak, Transparency International, and Nate Sibley, Hudson Institute, join Michael Volkov for a review of anti-corruption issues and a look forward to the next year.

Tom Fox joins Michael Volkov to discuss ethics and compliance issues for the year 2025. Tom and Mike focus on the importance of ethics, conflict of interest, trade compliance, organizational justice and other issues.

This is Part 2 of a 2-Part Episode.

Tom Fox joins Michael Volkov to discuss ethics and compliance issues for the year 2025. Tom and Mike focus on the importance of ethics, conflict of interest, trade compliance, organizational justice and other issues.

This is Part 1 of a 2-Part episode.

What do you do when the headlines shift faster than your risk matrix can keep up? In this episode, Michael Volkov dives into the challenge of adapting compliance programs in the face of volatile and fast-changing global risks—from tariffs and trade controls to supply chain disruptions and third-party exposures. While the pressure to react is constant, the real key is staying anchored in your company’s values while making smart, timely adjustments.



Legal and compliance officers are used to adjustments and continuous improvement of their compliance programs. Building and maintaining an effective ethics and compli...

With the beginning of the “New FCPA” era coined by DOJ’s Deputy Attorney General Lisa Monaco, we now need to focus on third-party risk and sanctions enforcement. The law, the practice, and the risks are important and not just the same as FCPA legal requirements. As we embark on a new criminal enforcement era surrounding sanctions violations, companies have to address this issue and do it correctly. 

In this episode, Michael Volkov takes a comprehensive look at third-party risks from the distribution and supply sides and outlines appropriate strategies to manage these risks.

Is the DOJ really changing its playbook on FCPA enforcement, or is it business as usual under a new administration? In this episode, Michael digs into two headline developments that say a lot about where things are headed - the first FCPA declination under the Trump Administration and the first indictment. Both shed light on how DOJ is applying its policies in practice, what companies should expect, and why individuals are squarely in the crosshairs. Taken together, these cases remind listeners that while priorities may shift, the fundamentals of disclosure, cooperation, and accountability remain very much alive.

<...

AI promises efficiency, innovation, and new opportunities - but are companies moving too fast in the rush to adopt it? The risks are very real, from false content to flawed decision-making, and the global regulatory patchwork is only getting more complex. The challenge now is building governance and compliance frameworks that keep pace without stifling progress.



In this episode of Corruption, Crime, and Compliance, Michael Volkov explains why an AI compliance program is essential to corporate governance today.

You’ll hear him discuss: