Subject to Inquiry

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS

Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims, Government Contracts

GSA AI Procurement Rules Would Introduce New Disclosure and Use-Rights Requirements for Federal Contractors

By Jason M. Vespoli, Edwin O. Childs, Andrew Konia, Abram J. Pafford, John Sullivan and Sophie Marsh

The General Services Administration (GSA) Federal Acquisition Service has released draft contract terms and conditions related to artificial intelligence (AI)-related procurements through a new proposed GSAR clause 552.239-7001, “Basic Safeguarding of Artificial Intelligence Systems (FEB 2026) (GSAR Deviation), that would impose material new requirements on contractors and service providers supplying artificial intelligence capabilities to the federal government. If adopted, the clause would be inserted into all solicitations and contracts for AI capabilities and would govern data rights, disclosure obligations, security protocols, and performance standards for AI systems used in federal operations. Federal contractors, technology vendors, and their in-house operations and counsel teams should closely review the proposed terms, as they represent one of the most comprehensive efforts to date to regulate the procurement and use of AI systems across the federal enterprise.

Continue Reading

Anti-Bribery and Corruption

Old Wine, New Bottles? FinCEN Proposes to Codify AML/CFT Program Standards for Financial Institutions

By Elissa Baur, John Adams, Jeffrey M. Hanna, Jeffrey P. Ehrlich, Garen S. Marshall, Justin Givens and Lauren Mann

On April 7, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a Notice of Proposed Rulemaking (“NPRM”) that would formalize and, in certain respects, update the requirements for financial institutions’ anti-money laundering and countering the financing of terrorism (“AML/CFT”) programs under the Bank Secrecy Act (“BSA”).  While FinCEN has characterized the proposed rule as the centerpiece of Treasury’s broader effort to modernize the U.S. AML/CFT regulatory and supervisory framework, many of its core elements reflect longstanding statutory requirements and supervisory expectations.  The proposed rule fully supersedes a prior proposed rule FinCEN published on July 3, 2024, which the agency is withdrawing.  Concurrently, the Office of the Comptroller of the Currency (“OCC”), the Federal Deposit Insurance Corporation (“FDIC”), and the National Credit Union Administration (“NCUA”) (collectively, the “Agencies”) issued their own joint NPRM proposing substantially aligned amendments to their respective AML/CFT program rules for banks they supervise.  Public comments are due 60 days after publication in the Federal Register.

This alert summarizes the key provisions of both proposals, describes the proposed changes to bank supervision and enforcement, and identifies practical implications for financial institutions and compliance professionals.  As discussed below, many of the proposed requirements may be familiar to institutions with mature, risk-based AML/CFT programs. 

Continue Reading

Fraud, Deception and False Claims

Ninth Circuit Ruling in FCA Case Predicated on 340B Pricing Violations Has Significant Implications for Pharma Manufacturers 

By Craig B. Bleifer, Michael J. Podberesky and Jessica L. Vaughn, Ph.D.

On March 17, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant opinion in United States ex rel. Adventist Health System of West v. AbbVie Inc., reversing the district court’s dismissal of a qui tam complaint brought under the False Claims Act (FCA) against four major drug manufacturers. The Ninth Circuit held that the FCA provides an independent mechanism for relators to bring claims alleging fraudulent drug pricing in violation of the Public Health Service Act’s Section 340B Program, even though Section 340B does not provide a private right of action.

Read on to learn more about the ruling and its important implications for pharmaceutical manufacturers participating in the Section 340B Program.

Enforcement and Prosecution Policy and Trends

SEC Enforcement Speaks in 2026: Enforcement Division Moves “Full Steam Ahead” with Focus on Quality over Quantity, Procedural Fairness, and Targeted Pursuit of Non-Fraud Violations

By E. Andrew Southerling, Gary Leung, David Aladdin Mollenkamp, James Hornsby and Louis D. Greenstein

SEC Acting Enforcement Director Sam Waldon declared recently that his division is moving “full steam ahead” against those who “lie, cheat, and steal” but also is focusing on quality over quantity. He rejected traditional metrics — case counts, penalty totals and aggregate dollar amounts — as effective measures of the SEC’s enforcement program.

At the 2026 SEC Speaks Conference held last month in Washington, D.C., Waldon and senior enforcement leaders emphasized the division’s commitment to transparency and procedural fairness, as embodied by recent revisions to its Enforcement Manual. The more prominent revisions are intended to foster robust two-way engagement with defense counsel during the Wells process and articulate clearer guideposts for the staff’s assessment of public company cooperation under the Seaboard factors and corporate penalties under the Commission’s 2006 Penalty Statement. Waldon also confirmed that the division will continue to bring non-fraud cases in the right circumstances — with a more thoughtful approach. He said his division aims to distinguish between an entity that makes “an honest mistake, recognizes the mistake, fixes the mistake, takes steps to remediate and improves internal controls” and one that “engages in multiple mistakes, doesn’t think it’s a mistake, covers up the mistake, [and] didn’t take steps to remediate.”

Read on to learn more about Waldon’s remarks and what companies should take away from them.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims, Government Contracts

New Executive Order Targets DEI Practices by Federal Contractors, Imposes Mandatory Contract Clause and FCA Liability

By Edwin O. Childs, Abram J. Pafford, Jack White, John Adams, Elissa Baur, James Dougherty, Brett Barnett, Michael J. Podberesky, David Greenspan, John E. Thomas, Jr., WIlliam Doyle, Elena Marcuss, Michael R. Phillips, Jason M. Vespoli, John Sullivan and Sophie Marsh

Continuing his Administration’s efforts to eliminate diversity, equity, and inclusion (DEI) activities, President Donald Trump signed an executive order, “Addressing DEI Discrimination by Federal Contractors,” on March 26, 2026 that directs all executive departments and agencies to include a new clause in all federal contracts and subcontracts prohibiting what the order defines as “racially discriminatory DEI activities.” The order represents another escalation of the Administration’s efforts to restrict DEI programs in the federal contracting space — building on Executive Order 14173 and the Department of Justice’s May 2025 Civil Rights Fraud Initiative — and carries substantial enforcement implications, including potential liability under the False Claims Act (FCA).

This alert summarizes the key provisions of the new executive order, analyzes the practical implications for federal contractors and subcontractors, and outlines recommended steps for compliance.

Continue Reading

Anti-Bribery and Corruption

$300 Million Reasons to Talk: FinCEN Proposes a Whistleblower Reward Program for AML and Sanctions Violations

By Lauren Mann, Garen S. Marshall and Justin Givens

On March 30, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) submitted a Notice of Proposed Rulemaking (“NPRM”) for publication in the Federal Register that would, for the first time, establish a comprehensive framework for paying monetary awards to individuals who report violations of the Bank Secrecy Act (“BSA”), U.S. sanctions programs administered by the Office of Foreign Assets Control (“OFAC”), and several other laws critical to safeguarding the financial system and national security.  The proposed rule is the culmination of a multi-year legislative effort to create financial incentives and protections comparable to the longstanding whistleblower programs administered by the U.S. Securities and Exchange Commission (“SEC”), U.S. Commodity Futures Trading Commission (“CFTC”), Internal Revenue Service (“IRS”), and other agencies.  Although FinCEN has accepted tips since launching a dedicated whistleblower portal in February 2026, the NPRM, if adopted as a final rule, would allow for the payment of substantial monetary awards from a $300 million revolving fund.  This alert summarizes the proposal’s key provisions, compares the proposed program to its federal counterparts, and identifies practical implications for financial institutions, compliance professionals, and potential whistleblowers.

Key Takeaways

  • Financial institutions subject to BSA/anti-money laundering (“AML”) and sanctions obligations should be aware that the NPRM would create a financial incentive for insiders and outsiders alike to report compliance failures directly to the government.
  • Unlike the SEC’s whistleblower program, FinCEN’s proposed framework would not impose the same eligibility restrictions on compliance officers and internal auditors.  AML and sanctions compliance personnel may qualify for awards more broadly, meaning the employees tasked with managing a firm’s compliance program could theoretically report deficiencies to FinCEN rather than escalate them internally.  While the NPRM does exclude individuals convicted of a criminal violation related to the covered action, the absence of broader culpability-based restrictions, at least as reported to date, is notable and differs from the approach taken by several other federal whistleblower programs.  Because the rule remains a proposal, additional restrictions could be introduced during the comment period or in the final rule.
  • The NPRM arrives against the backdrop of record-setting whistleblower activity across all federal programs, including more than $2.2 billion in SEC whistleblower awards since 2011, approximately $390 million in CFTC awards since 2014, and more than $1.3 billion in IRS awards since 2007.  
  • Financial institutions and other entities should treat the NPRM as a catalyst for reassessing internal whistleblower and compliance infrastructure, with a particular focus on ensuring that internal reporting channels are accessible, credible, and responsive, so that employees are more likely to raise concerns internally before turning to a financially incentivized federal program.

The Proposed Framework

The NPRM would implement the whistleblower provisions codified at 31 U.S.C. § 5323 by establishing: (1) procedures for submitting tips, including through the whistleblower portal FinCEN launched in February 2026; (2) eligibility criteria, including the requirement that the whistleblower’s information lead to a successful enforcement action resulting in monetary penalties exceeding $1 million; (3) awards of 10 to 30 percent of collected penalties; and (4) whistleblower protections, including confidentiality safeguards and anti-retaliation remedies such as reinstatement and back pay.

Covered conduct spans violations (or conspiracies to commit violations) of the BSA, the International Emergency Economic Powers Act (“IEEPA”), the Trading with the Enemy Act (“TWEA”), and the Foreign Narcotics Kingpin Designation Act.  In practice, this sweeps in BSA/AML compliance failures, inadequate suspicious activity report (“SAR”) filings, deficient customer due diligence, sanctions evasion, and fraud schemes involving virtual assets or cross-border transactions.  FinCEN has flagged specific priority areas including fraud schemes involving virtual currency or “pig butchering” scams (long-term, relationship-based investment fraud schemes in which bad actors cultivate trust with victims before inducing them to transfer funds to fraudulent platforms), falsified trade documentation concealing sanctions-related ties, and inadequate controls to detect structuring, smurfing, or other evasion tactics.

Eligibility, at least at the outset, is expansive.  For example, both U.S. and non-U.S. residents may submit tips, employees are not required to report internally first, and, as noted, compliance officers and other AML/sanctions professionals are eligible for awards.  Anonymous submissions are permitted through counsel, provided the whistleblower’s identity is disclosed before any award is paid.  However, individuals convicted of criminal violations related to the covered judicial or administrative action for which the whistleblower could otherwise receive an award are ineligible.

Awards would be paid from the Financial Integrity Fund, a $300 million revolving fund financed by monetary penalties collected under the BSA and IEEPA.

The public comment period will remain open for 60 days following the NPRM’s publication in the Federal Register.

The Federal Whistleblower Landscape

FinCEN’s proposed rule does not exist in isolation.  It enters a federal enforcement landscape in which whistleblower programs have become an established and increasingly utilized tool for reporting alleged misconduct across virtually every regulated industry.  A review of the track records of existing programs underscores the enforcement potential that FinCEN’s proposal is designed to unlock.  Similar agency programs that have expanded in recent years include:

  • SEC Whistleblower Program. Established in 2011 under the Dodd-Frank Act, the SEC’s program is the most established federal whistleblower incentive framework.  Since inception, the SEC has awarded more than $2.2 billion to 444 individual whistleblowers, with annual payouts reaching significant levels, including approximately $600 million in FY 2023, driven by a single $279 million award—the program’s largest to date.  In FY 2024, the SEC awarded a total of $255 million to 47 whistleblowers, which included a single award of approximately $98 million split between two whistleblowers.  In FY 2025, the SEC awarded a total of more than $60 million to 48 individual whistleblowers, and 82 preliminary determinations were made recommending awards.  The SEC now receives nearly 27,000 tips per year, though it has noted that a significant portion of recent tips are attributable to a small number of individuals. 
  • CFTC Whistleblower Program.  The CFTC’s program, also created under the Dodd-Frank Act, has awarded approximately $390 million since 2014, headlined by individual awards of $200 million (2021), $15 million (2023), and $42 million (2024).  In FY 2025, the program produced approximately $4.6 million in awards despite more than 1,600 tips, largely because a statutory cap on the Customer Protection Fund has required repeated emergency congressional fixes.  
  • IRS Whistleblower Program.  The IRS program has paid more than $1.3 billion in awards since 2007, generating approximately $7.4 billion in collections from noncompliant taxpayers, approximately a 6:1 return on investment.  In FY 2024, the IRS paid whistleblower awards totaling $123.5 million.  FY 2025 data is not yet available.
  • DOJ Corporate Whistleblower Awards Pilot Program.  DOJ’s Criminal Division launched its own whistleblower pilot in August 2024, and expanded it in May 2025 to cover sanctions offenses, trade and customs fraud, and material support of terrorism.  The program has attracted significant interest, receiving more than 1,100 submissions since its launch.  DOJ’s Antitrust Division followed suit, announcing its own program in July 2025 and issuing its first $1 million award in January 2026.  

Practical Implications and Recommendations

The NPRM carries significant strategic implications for financial institutions, their boards and senior management, compliance professionals, and individuals considering whether to report potential violations.  Companies should be evaluating the following areas now, rather than waiting for a final rule.

  • Strengthen internal reporting channels.  The NPRM would broadly permit AML officers, sanctions compliance staff, and financial crime investigators to receive awards between 10 to 30 percent of collected penalties, giving insiders with the deepest visibility into compliance deficiencies a direct financial incentive to report externally.  The most effective counterweight is an internal reporting program that is accessible, protective of anonymity, backed by anti-retaliation policies, and, critically, demonstrably responsive to escalated concerns.
  • Pressure-test AML and sanctions controls.  With the NPRM arriving just weeks after a record $80 million BSA penalty on a broker-dealer, compliance gaps may be more likely to reach regulators via financially motivated whistleblowers before firms can self-remediate.  Companies should review AML controls, surveillance parameters, and staffing levels now.
  • Prepare for multi-agency parallel risk.  FinCEN would share tips with OFAC, DOJ, and other enforcement agencies, meaning a single disclosure could trigger parallel investigations by agencies with independent penalty authority.  Incident response protocols should be calibrated accordingly.

Conclusion

FinCEN’s proposed whistleblower rule marks a significant expansion of the federal government’s approach in identifying alleged financial crime.  The proposal draws on a model that has generated billions of dollars in enforcement recoveries across existing federal programs, and financially incentivized whistleblower programs have expanded across multiple regulators in recent years.  Companies should treat this NPRM as an occasion to: (1) strengthen internal reporting channels, particularly for compliance personnel now eligible for substantial awards; (2) pressure-test AML and sanctions controls before a whistleblower exposes gaps; and (3) calibrate incident response protocols for multi-agency parallel risk.

McGuireWoods will continue to monitor developments related to FinCEN’s whistleblower program, including the comment period, the issuance of a final rule, and the program’s interaction with ongoing enforcement trends at the SEC, CFTC, IRS, and DOJ.  For questions about AML and sanctions compliance program design, whistleblower risk mitigation strategies, internal investigation protocols, or regulatory enforcement response, please contact the authors of this article or another McGuireWoods attorney with whom you work.

Enforcement and Prosecution Policy and Trends

White House Releases AI Legislative Recommendations—Congress Has the Blueprint, but Questions Remain

By Anthony Q. Le, Aaron R. Marienthal, Garen S. Marshall, Janet P. Peyton and David Hirsch

On March 20, 2026, the White House unveiled its National Policy Framework for Artificial Intelligence, providing a blueprint on legislative recommendations and urging Congress to act. It recommends that Congress create a unified federal standard to reduce the regulatory friction of competing state AI regimes, promote AI innovation and develop an AI-ready workforce, while ensuring the protection of children, consumers and intellectual property rights.

The framework is a serious, if incomplete, attempt to bring coherence to an enforcement landscape that has been improvising. Congress has been handed a blueprint, but whether it is able to enact comprehensive federal legislation is another matter.

Read on to learn more about the framework and how companies using AI should prepare.

Fraud, Deception and False Claims, Government Contracts

New GSA Proposal Could Expose Federally Funded Institutions With Programs Perceived as DEI-Related

By Brandi G. Howard, Farnaz Farkish Thompson, Jack White, Sarah Wake, Michael J. Podberesky, Edwin O. Childs, Maricris Prendingue and John Sullivan

The General Services Administration has proposed requiring all federal funding recipients to certify that they do not maintain diversity, equity, inclusion and accessibility programs. Recipients also would also need to certify they are not knowingly hiring or recruiting undocumented staff.

The GSA estimates the proposal would impact approximately 222,760 entities — including colleges and universities. If enacted, the certification requirements would expose grant recipients to potential liability under the False Claims Act. The deadline for public comments is March 30, 2026.

Read on to learn more about the GSA proposal and its potential impacts on federally funded institutions.

Anti-Bribery and Corruption

SEC and FinCEN Hit Broker-Dealer for Sweeping AML Compliance Failures

By Lauren Mann, Garen S. Marshall and Justin Givens

On March 6, 2026, the SEC and FinCEN announced parallel enforcement actions against a New York-based registered broker-dealer for systemic anti-money laundering (“AML”) failures, imposing combined penalties of $80 million – the largest ever imposed against a broker-dealer for BSA violations. FinCEN’s $80 million headline penalty includes credits of $20 million each to the SEC and FINRA, with $35 million payable directly to the Treasury; the SEC separately imposed a $20 million penalty and a censure. This alert summarizes the key findings, penalties, and practical takeaways for broker-dealers and other financial institutions.

Key Takeaways

  • Broker-dealers in higher-risk markets (i.e., over-the-counter (“OTC”), microcap, and penny stocks) face steep consequences for underinvesting in AML surveillance.
  • Unreviewed surveillance reports can constitute willful BSA and Exchange Act violations.
  • Customer due diligence (“CDD”) must be individualized and risk-based, not simply a box-checking exercise.
  • Firms that acknowledge AML deficiencies to regulators – whether in examination responses, corrective action plans, or consent agreements – but fail to follow through with meaningful remediation can expect regulators to treat those unaddressed findings as evidence of willfulness and an aggravating factor in penalty calculations.
  • Facially adequate AML infrastructure – such as collecting onboarding documents, generating surveillance reports, and cataloguing exception data – may be treated as no controls at all absent meaningful analysis, effective critical review, and timely follow-up on flagged activity.

Key Regulatory Findings

Inadequate AML Program

Both actions center on the broker-dealer’s underinvestment in AML controls relative to the risks of its OTC business. Key surveillance reports were not reviewed, reports that were reviewed relied on arbitrary filters and unreasonable thresholds that rendered them ineffective, and just four employees – none with AML experience or formal training – were responsible for over 100 unique surveillance reports.

Customer Due Diligence Failures

The firm risk-rated account types rather than individual customers, treated CDD as a document-collection exercise rather than an analytical tool, and failed to verify beneficial ownership or resolve obvious inconsistencies.  

Failure to File Suspicious Activity Reports

These failures resulted in at least 160 unfiled SARs across dozens of OTC securities and thousands of suspicious transactions.

Sanctions and Remedial Measures

FinCEN imposed an $80 million penalty ($5 million suspended pending a SAR Lookback), with $20 million each credited to the SEC and FINRA, leaving $35 million payable directly to Treasury.  The SEC separately ordered a $20 million penalty and a censure.

The FinCEN order requires the firm to complete a SAR Lookback Review by an independent consultant, deliver a report to FinCEN within 180 days, and file SARs on all covered transactions within 90 days after that. The firm must also cooperate with regulators on an ongoing basis and retain all relevant records for six years.

The SEC credited several remedial steps: additional AML compliance staffing, updated exception reports, revised SAR processes, retention of third-party consultants, new supervision and review protocols, and new trade surveillance tools. FinCEN, however, noted that most of these measures came late and their effectiveness remains unproven.

Practical Implications and Recommendations

Broker-dealers and other financial institutions – particularly those in higher-risk product areas – should be confident the following controls are both in place and followed:

  • Conduct a holistic review of AML controls. Firms should assess whether surveillance reports use risk-based parameters, staffing and expertise match the complexity of surveillance obligations, and quality control programs can catch gaps before regulators do. As this action illustrates, the mere existence of surveillance reports and exception-tracking systems is insufficient; regulators will expect firms to demonstrate that flagged activity is subject to meaningful analysis, timely investigation, and appropriate escalation.
  • Strengthen CDD processes. CDD programs must go beyond document collection to include individualized, risk-based assessments at onboarding and on an ongoing basis. This includes verifying beneficial ownership, investigating red flags, and updating customer risk profiles when anomalies arise.
  • Remediate regulatory findings promptly. Regulators will treat a history of acknowledged-but-un-remediated deficiencies as evidence of willfulness and an aggravating factor in penalty determinations.

Conclusion

With $80 million in combined penalties, these parallel actions rank among the most significant AML enforcement actions against a broker-dealer in recent years. The message is clear: regulators will hold firms accountable for prolonged underinvestment in AML infrastructure, and the cost of inaction far exceeds the cost of compliance.  Notably, these actions also underscore that merely having the basic infrastructure in place (i.e., collecting onboarding documents, generating surveillance reports, cataloguing exception data) is not enough; without meaningful analysis, effective critical review, and timely follow-up, those facially adequate controls may be treated as no controls at all. Firms should treat this as an occasion to pressure-test their own programs and to remediate gaps before regulators find them.

McGuireWoods will continue to monitor developments in AML enforcement involving broker-dealers, including any further actions stemming from the SEC and FinCEN’s parallel proceedings, related regulatory guidance on surveillance staffing and CDD expectations, and broader BSA compliance trends affecting firms in the OTC, microcap, and penny stock markets. For questions about AML program design and governance, SAR filing obligations, customer due diligence processes, or regulatory examination and enforcement response strategies, please contact the authors of this article or another McGuireWoods attorney with whom you work.

Fraud, Deception and False Claims

DAAG Provides Views on FCA Enforcement Focus: Targeting Discrimination, Not DEI Programs Per Se

By Edwin O. Childs, Brett Barnett, John Adams, Jack White, Brandi G. Howard, Elissa Baur, John S. Moran, Michael J. Podberesky, Jason M. Vespoli, Sophie Marsh, John Sullivan and McGuireWoods LLP

At the Federal Bar Association’s 2026 Qui Tam Conference on February 19, 2026, Brenna Jenny, Deputy Assistant Attorney General (DAAG) in the U.S. Department of Justice’s (DOJ) Commercial Litigation Branch, delivered a keynote speech on enforcement priorities under the False Claims Act (FCA) with respect to diversity, equity, and inclusion (DEI) programs.  Jenny’s reported remarks provided insight into DOJ’s enforcement priorities and viewpoints on FCA enforcement.  A key takeaway from Jenny’s presentation is that, from her perspective, DOJ is not investigating federal contractors and grant recipients for having DEI programs, but rather for potentially engaging in discrimination through their implementation of those programs.  She emphasized that companies can engage in discrimination with or without DEI programs and can also operate DEI programs without engaging in discrimination.

Continue Reading

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.

Agree