Are your employees whispering corporate secrets into the greedy ears of public-facing AI?

Many organizations have no visibility into how their employees are using AI.

The solution is not to ban AI.

The solution is AI governance.

Organizations need approved AI tools, acceptable use policies, employee training, and ongoing monitoring.

The question is no longer whether your employees are using AI.

The question is whether you know how they are using it.

AI risk is no longer a future issue. It is a governance challenge happening right now.

The Ethics and Compliance Q and A show is produced by One Stone Creative.

Michael Volkov examines OFAC's new Venezuela general license framework—including General License 52, General License 46B, and the newly effective General License 51B covering Venezuelan-origin minerals—analyzing how these authorizations create conditional pathways for otherwise-prohibited energy and minerals transactions while preserving the underlying blocking regime applicable to PdVSA and the Government of Venezuela. Michael explains the established U.S. entity eligibility requirement, the mandatory contractual conditions requiring U.S. governing law and U.S. dispute resolution in agreements with Venezuelan governmental counterparties, and the critical jurisdictional restrictions excluding transactions with Russia, Iran, Cuba, North Korea, and China-connected entities. The episode provides a detailed operational breakdown of the Foreign Government Deposit Fund payment mechanism established under Executive Order 14373—including the [email protected] submission process and documentary requirements—and concludes with an analysis of the multi-agency reporting obligations triggered under each applicable authorization.

If AI were a real employee and made mistakes, would you fire it?

AI is transforming business operations, but organizations often overlook one fundamental problem.

They hallucinate.

AI can generate fake information, fake legal citations, inaccurate regulatory interpretations, incorrect sanctions screening results, and fabricated facts.

The danger is not that AI makes mistakes.

The danger is that it makes mistakes confidently.

Employees frequently assume AI-generated information is accurate because it sounds authoritative and professional.

That's why every organization needs clear governance controls.

Require human review, validate critical outputs, and document your procedures for high-risk decisions.

AI can improve efficiency, but without oversight, AI errors can quickly become a compliance disaster.

The Ethics and Compliance Q and A show is produced by One Stone Creative.

Michael Volkov examines USTR's unprecedented Section 301 forced labor tariff proposal, analyzing how the Trump Administration is leveraging a decades-old trade statute to rebuild broad tariff coverage following the Supreme Court's invalidation of IEEPA emergency tariffs in Learning Resources, Inc. v. Trump. Covering economies that account for an estimated 99.4% of U.S. imports, the proposal would impose 10% duties on 14 economies with partial forced labor import regimes—including Canada, Mexico, the EU, and the UK—and 12.5% duties on 46 economies with no meaningful forced labor prohibition, including China, Japan, Brazil, and South Korea, with all new duties stacked on top of existing tariffs. Michael details the critical July 6, 2026 comment deadline, outlines the compliance action items companies must execute now—supply chain exposure mapping, HTS-level Annex A exclusion analysis, UFLPA interaction assessment, and tariff stacking modeling—and explains why this proceeding represents both a trade enforcement initiative and a deliberate legal architecture strategy designed to produce the robust administrative record that emergency tariff authority lacked.

Michael Volkov analyzes the Commerce Department Bureau of Industry and Security's June 12, 2026 export control directive ordering Anthropic to suspend all access to its Fable 5 and Mythos 5 AI models for any foreign national—a directive that, because Anthropic cannot segment its global user base by nationality in real time, resulted in a complete worldwide shutoff of both models for every customer. Michael places the directive in its full context: the months-long conflict between Anthropic and the Trump Administration stemming from the Pentagon's demand that Anthropic waive its contractual restrictions on the use of Claude for mass domestic surveillance and autonomous weapons, the unprecedented supply chain risk designation applied to Anthropic in March 2026, the active federal litigation challenging that designation in two courts, and the government's stated rationale that a third-party company had reported a jailbreak of Mythos. Michael examines the contested legal authority underlying the BIS directive, the compliance implications for enterprise AI users—including third-party AI operational risk, foreign-national access control requirements, and the inadequacy of existing SLA frameworks—and the fundamental AI governance gap that Friday's action exposed: the absence of a comprehensive statutory framework governing government authority to restrict commercial AI model access on national security grounds.

Compliance isn't a cost, it's a business advantage.

Compliance officers often make one critical mistake, they sell compliance as a legal requirement instead of a business advantage.

Executive support grows when compliance leaders connect ethics to operational resilience, revenue protection, and enhancement, reputation, employee retention, and strategic growth.

Successful compliance leaders use data, demonstrate value, communicate clearly, and align with business priorities.

Employees then support the program when they see fairness, consistency, responsiveness, and leadership commitment.

The best compliance programs are not built through fear, they are built through credibility.

Ethics and compliance succeeds when leadership sees it as essential to business performance, not separate from it.

The Ethics and Compliance Q and A show is produced by One Stone Creative.

As artificial intelligence becomes embedded in third-party business operations, companies face a new and largely unexamined compliance challenge: when does a vendor's use of AI become your legal or reputational problem? In this episode, Michael Volkov unpacks the critical agency principle distinction at the heart of third-party AI risk — explaining how acting third parties who deploy AI on a company's behalf can create direct legal liability for the principal, drawing on the same legal framework that governs FCPA third-party liability, while incidental service providers who supply goods or services without acting on the company's behalf present a different but equally serious reputational risk. Michael also examines what robust AI-focused third-party due diligence must include, how to build a risk-tiered compliance framework that allocates resources proportionately, and why reduced legal liability is never the same as reduced risk in an environment where vendor AI controversies generate brand association damage regardless of legal culpability.

If you want to give your compliance team superpowers, then give them the power of automation.

If your compliance program is still operating primarily through spreadsheets, emails, and manual tracking, regulators already view your program as ineffective.

Modern compliance risks move too fast for manual systems.

You need to have sanction screening, third-party monitoring, transaction testing, hotline analytics, policy certifications, and training program metrics.

The Justice Department evaluates whether compliance programs have access to data, testing capability, and real-time monitoring.

Manual systems create blind spots, delayed escalation, inconsistent oversight. And weak documentation.

Automation does not replace human judgment, it enhances it.

The Ethics and Compliance Q and A show is produced by One Stone Creative.

On May 18, 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) announced that Adani Enterprises Limited (AEL), an India-based multinational, agreed to pay $275 million to settle 32 apparent violations of Iran-related sanctions — specifically for causing U.S. financial institutions to process approximately $192 million in payments for liquified petroleum gas (LPG) that originated from Iran, not from Oman or Iraq as represented by AEL's Dubai-based supplier. OFAC found the violations egregious and non-voluntarily disclosed, citing multiple red flags that AEL either missed or dismissed without adequate investigation: third-party warnings about Iranian-origin cargo, vessels routinely engaging in AIS manipulation and suspicious routing, certificates of origin bearing signs of falsification, and prices so far below market that they could only be commercially explained by Iranian sourcing. The case stands as a landmark reminder that sanctions compliance is not a box-checking exercise — companies must proactively investigate, formally document, and genuinely resolve red flags rather than accept supplier assurances at face value, and that failure to do so carries nine-figure consequences.

The biggest cases of corruption and fraud often have their roots in the soil of conflicts of interest.

Many major corruption cases begin with something companies initially dismiss as just a conflicts issue.

Conflicts of interest though are early warning signs for fraud, bribery, procurement manipulation, favoritism, and self-dealing.

Weak disclosure systems allow undisclosed relationships, hidden ownership interests, and vendor manipulation.

Effective programs require annual certifications, ongoing disclosure obligations, manager accountability, and independent review processes.

A conflict of interest program is not about policing relationships. It's about protecting integrity.

The Ethics and Compliance Q and A show is produced by One Stone Creative.