Admin Log In Let's Talk

Quarterly Compliance Round-up: September 2025

  • Photo of Susan Divers
    Susan Divers

Staying on top of global ethics and compliance updates is no small task. From shifting U.S. anti-boycott regulations and heightened export control enforcement to the UK’s new fraud prevention requirements and renewed FCPA activity, recent developments highlight how quickly the compliance landscape can change. We’ve rounded up the latest headlines, enforcement actions, and practical tips to help your organization stay informed and prepared.

Compliance with U.S. Anti-Boycott Regulations

The imposition of new boycotts of goods from Israel by European countries, driven by the BDS (boycott, divestment, and sanctions) movement, increases U.S. companies’ risk of violating federal and state anti-boycott laws and regulations.

In July, Slovenia became the first European country to ban the import of certain Israeli-origin goods. Ireland is on track to implement a similar boycott, the Israeli Settlements (Prohibition of Importation of Goods) Bill 2025.

These prohibitions may not apply directly to the import operations of U.S. companies, but federal and state laws prohibit both compliance with and cooperation in boycotts of countries friendly to the U.S., such as Israel.

Quick refresher on U.S. anti-boycott regulations:

  • Any U.S. person or entity that receives a boycott-related request must report it to the Department of Commerce, regardless of whether they comply.
  • “U.S. persons” are defined broadly and generally include foreign subsidiaries and controlled joint ventures.
  • Typical requests that must be reported include agreements not to do business in a particular country or to discriminate against its businesses or persons based on race, sex, national origin, or nationality.
  • U.S. companies do not violate the regulations if they choose, for bona fide business reasons such as safety or security, not to do business in a boycotted country.
  • The regulations are at “Restrictive Trade Practices or Boycotts, 15 CFR Part 760.” Violations can trigger civil and criminal penalties.
  • The Internal Revenue Code also requires taxpayers to report whether they—or any member of their controlled group—have participated in or cooperated with a boycott at any time during the taxable year (26 USC § 999(a)(2)).

Ethena tip: Now is a good time to make sure your compliance policies, procedures, and training give employees the knowledge and tools to comply with any anti-boycott requirements they may encounter. Remember that all boycott-related requests must be disclosed to the Department of Commerce, even if you do not comply.

Export Control Violations Lead to Calls for Intel CEO to Resign

As noted in our previous regulatory updates, the Justice Department is actively prosecuting civil and criminal export control violations, particularly concerning Chinese access to advanced technologies. One recent example shows how reputational damage from such violations can impact not just the company but also its leadership:

In July 2025, Cadence Design Systems, a California software company that provides tools for integrated circuits, chips, and other technologies, agreed to pay $140 million in civil and criminal penalties for export control violations. Cadence shipped technology and software to one of China’s defense universities listed on a U.S. government–prohibited entity list for its role in developing nuclear weapons.

Cadence’s violations were particularly egregious, as the employees involved knew the U.S. government had prohibited exports to the Chinese university and took steps to hide the sales from Cadence’s compliance team.

Cadence’s CEO at the time of the violations, Lip-Bu Tan, became the CEO of Intel in March. Mr. Tan has been singled out personally by members of Congress and the President for sharp criticism—including calls for his resignation—because of the Cadence export control violations and other business dealings in China.

Ethena tip: Educating your CEO and top management on the risks involved in technology transfers is prudent to ensure your organization remains compliant. Make sure your sales and marketing teams take export control training if you operate in the high-tech or defense sectors, particularly with respect to business in China.

Sample Training: Export Controls

UK Steps Up Enforcement

As we mentioned in our December update, a new “failure to prevent fraud” offence came into force in the UK on September 1. Large organizations can be criminally liable if they lack “reasonable” fraud prevention measures when a violation occurs. The overall intent is to encourage proactive compliance and sound internal controls.

In July, the UK Financial Conduct Authority imposed a record £21 million fine on Monzo, one of the UK’s best-known digital banks, for compliance failures. The bank allowed customers to open accounts using addresses such as Buckingham Palace and 10 Downing Street. Monzo’s customer base grew from 600,000 users in 2018 to nearly 6 million in 2025.

Also in July, Vocalink, a UK financial infrastructure firm involved in the payments system, was fined ÂŁ11.9 million by the Bank of England. Vocalink failed to effectively implement risk management controls required by regulators to be completed by 2022.

Ethena tip: The moral of these stories is the same: start-ups need to establish and grow their ethics and compliance programs alongside their business operations. Click here to see a short Ethena podcast on how to start an ethics program from scratch.

FCPA Enforcement Resumes

As we outlined in our June update, the Deputy Attorney General has issued guidance on investigations and enforcement of the FCPA. The guidance outlines how the Administration will pursue FCPA cases going forward, with particular emphasis on national security, competitiveness, and cases involving cartels, transnational criminal organizations, and critical sectors.

On August 12, the DOJ announced the first unsealed FCPA prosecution initiated since Trump took office: two Mexican businessmen residing in the U.S. were indicted for bribing officials at Mexico’s state-owned oil company, PEMEX. The indictment includes allegations of bid-rigging, consistent with the guidance’s emphasis on critical sectors and competitiveness.

Also in August, the DOJ announced that Liberty Mutual will forfeit $4.7 million in profits to settle a U.S. criminal bribery probe into an Indian subsidiary—a relatively modest amount compared to historic fines. The DOJ said the settlement reflected Liberty’s acceptance of responsibility, cooperation (including disclosure of the misconduct), and compliance upgrades.

Ethena tip: Although DOJ enforcement of the FCPA has shifted, these cases are a reminder that the Act is still being enforced. Companies are well advised to continue their compliance efforts, particularly in light of the expansion of the DOJ’s new whistleblower hotline mentioned in our June update.

Articles

View All
Articles

Are AI Notetakers Safe for Investigations? Untangling AI Privilege and Privacy Risks

AI is influencing how organizations handle some of the most legally sensitive information they hold: privileged communications. Under pressure to leverage AI for efficiency, Legal and HR teams are using...

4 min read
Articles

AI in Hiring: 4 Employment Laws Every HR Team Should Know

AI is everywhere in the workplace—from resume screening to performance reviews. But as these tools become more common, so do the rules that govern them. In the past few years,...

6 min read
Articles

Build Training in Seconds: Meet Ethena’s AI Training Builder

Build Training in Seconds: Meet Ethena’s AI Training Builder Let’s be honest: turning policies into training is a slog. It usually takes days of writing, design back-and-forth, and formatting headaches...

2 min read
Articles

Old Risks, New Tools: Addressing AI’s Role in Workplace Harassment

AI Harassment Risks Aren’t New, But They’re Now Easier Than Ever When we think about workplace harassment, AI might not be the first thing that comes to mind. Sure, you’ve...

4 min read