A Busy Month at the SEC: What Compliance Teams Need to Do Now
Over the past month the SEC overhauled its enforcement manual for the first time in nearly ten years, announced the resignation of its enforcement chief, and signed a memorandum of understanding with the CFTC. It also hinted at a rule change that could make quarterly earnings reports optional, shifting to semi‑annual filing. The updated manual introduces concrete Wells process timelines, mandatory document‑retention guidance for messaging apps, and a new “engagement” value, prompting compliance teams to revisit investigation, disclosure, and internal policies. Experts advise firms to read the manual, adjust protocols, and prepare for the upcoming reporting rule debate.
Measles Is on the Rise. Have You Reviewed Your Vaccine Policies Since Covid?
Measles cases in the United States are climbing sharply, with 2025 recording over 2,200 infections—the highest in two decades—and 2026 already reporting nearly 1,500 cases across 27 states. The CDC has identified 14 new outbreaks this year, and the nation...
Uh-Oh, You Built a Compliance Automation Tool & Everybody Hates It
The article highlights a trust gap in compliance automation where control owners and auditors distrust system‑generated evidence, leading to parallel manual processes. Even though technology works, resistance stems from loss of professional identity and lack of auditor‑friendly documentation. Successful programs...
US Regulatory Fines Plummet in 2025
US federal regulatory penalties plunged 83% in 2025, falling to $654 million in the second half after a $4 billion first‑half peak, while the number of violations stayed roughly steady. Wolters Kluwer warns that weaker deterrence shifts risk toward fragmented state enforcement and...
Are Your Anonymous Reporting Channels Hiding a Bigger Problem?
The column examines the paradox of anonymous reporting channels, highlighting their essential role in protecting whistleblowers while exposing their vulnerability to incomplete or malicious claims. It uses a real‑world dilemma—an employee receiving an anonymous allegation against a trusted colleague—to illustrate...
EU Data Act: Time for a Reality Check
The EU Data Act obliges manufacturers of IoT devices and SaaS providers to make user‑generated data readily accessible and transferable by design. Articles 3 and 4 require that data be supplied in a structured, machine‑readable format, often forcing back‑end redesign...
Warranty Language Might Be Your Biggest Right-to-Repair Liability
The FTC is zeroing in on warranty language as the most tangible right‑to‑repair liability for manufacturers. By tying warranty voiding clauses to third‑party repairs, the agency has leveraged the Magnuson‑Moss Warranty Act and antitrust tools, as seen in recent orders...
FCPA Enforcement Isn’t Dead; a Former Coal Executive Found Out the Hard Way
A federal jury in Pennsylvania convicted former Corsa Coal vice‑president Charles Hunter Hobson on two FCPA counts, conspiracy, money‑laundering and wire‑fraud charges, despite the 2025 Trump‑era pause on FCPA enforcement. The DOJ completed its review and proceeded, emphasizing that bribery...
ProcessUnity Research Finds Third-Party Risk Management Confidence Outpaces Breach Reality
ProcessUnity’s State of Third‑Party Risk Assessments 2026, conducted with the Ponemon Institute, surveyed 1,465 risk leaders and found a stark disconnect between confidence in TPRM programs and actual breach outcomes. Respondents report an average of 12 third‑party breaches per year...
Reimagining KYC
Capgemini released a whitepaper outlining perpetual KYC, a shift from periodic, manual reviews to near‑real‑time, event‑driven monitoring. Early adopters report 20‑40% fewer false positives, 40‑60% faster onboarding, and 50‑70% reduction in case backlogs. The proposed pKYC triad blends data modernization,...
The Rising Tide of AI-Washing Cases in Securities Fraud Litigation
Public companies are increasingly inflating AI capabilities to attract investors, a practice dubbed AI‑washing that has sparked a surge in securities fraud litigation. Recent cases such as Opendoor and Upstart illustrate how exaggerated AI claims led to false statements, stock...
Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)
Jim DeLoach’s article revisits 14 timeless risk‑oversight principles, urging leaders to refresh them with today’s digital capabilities. He stresses that avoiding risk is itself a risk, and that AI, machine learning, and real‑time data can dramatically improve early‑warning systems. The...
US Companies Increasingly Face Investor Pushback on M&A Deals
Activist investors intensified pressure on U.S. companies, with push‑to‑sell campaigns rising 29% in 2025, reaching a five‑year high. More than 30 firms encountered shareholder resistance to M&A deals, while overall activist activity modestly declined to 579 targets. Concurrently, private‑equity firms...
A Year After Designation of Cartels as Terrorists, What Is the Risk Landscape for Multinationals Operating in Mexico?
In February 2025 the U.S. designated six Mexican drug cartels as foreign terrorist organizations, extending material‑support statutes and national‑security enforcement to any company dealing with them. The DOJ’s new guidelines prioritize terrorism‑finance violations, while FinCEN’s geographic targeting orders have already...
Your Foreign AI Vendor’s Black Box Is an Ethics Problem, Not a Technical One
Boards and senior leaders are confronting a growing dilemma: critical AI systems supplied by foreign vendors operate as opaque black boxes, delivering efficiency while limiting auditability. Ethicists Vera Cherepanova and Brian Haman argue this is fundamentally an ethical issue of...
Sphinx Raises $7M Seed Round for AI Compliance Agents
Sphinx announced a $7 million seed round, led by Cherry Ventures with participation from Y Combinator, Rebel Fund, Deel Ventures and Singularity Capital. The San Francisco‑based startup builds browser‑native AI agents that embed directly into existing case‑management systems, third‑party portals and internal dashboards...
EU Companies Face Double Workload on AML Before 2027 Harmonization Arrives
The EU will introduce a unified anti‑money‑laundering regulation (AMLR) and the sixth AML directive on July 10 2027, replacing the patchwork of national transpositions of the fifth directive. Until then, companies must continue to meet divergent local UBO reporting and due‑diligence rules...
Internal Controls: The Quiet Infrastructure Behind Financial Trust
Recent SEC enforcement actions have spotlighted ineffective internal controls over financial reporting, emphasizing approval workflow and reconciliation gaps. Experts argue that robust control environments, paired with knowledgeable teams, shift compliance from a reactive task to a predictable process. As organizations...
FCPA Priorities Whitepaper
Ground Truth Intelligence released a whitepaper outlining the Department of Justice’s refreshed FCPA enforcement agenda after a 180‑day pause and June 2025 guidance. The DOJ is shifting resources toward corruption that threatens U.S. national security, economic competitiveness, and organized‑crime links,...
2026 E&C Program Effectiveness Report
LRN’s 2026 Ethics & Compliance Program Effectiveness Report, based on more than 2,500 respondents across 26 industries, reveals a widening gap between high‑impact and average programs. While AI and data‑analytics adoption is expanding, many firms lack the governance and measurement...
Q&A: How to Prepare for AI-Powered Investigations While Managing Your Own AI Risk
The Department of Justice (DOJ) is openly deploying AI tools—such as cryptocurrency tracing, financial anomaly detection, travel‑pattern analysis, and intake triage—to boost white‑collar investigations. At the same time, the DOJ’s enforcement agenda warns that companies must govern their own AI...
