Overview
Executive Summary
The Department of Justice's new Corporate Enforcement and Voluntary Self-Disclosure Policy[1] strengthens incentives to disclose, but it does not resolve the central question companies actually face: whether immediate disclosure is economically and strategically rational in their specific enforcement context. DOJ emphasizes leniency outcomes, all of which remain discretionary and therefore inherently uncertain, yet largely omits two decisive variables—the true cost of disclosure and the likelihood that the government would have discovered the conduct absent self‑reporting.
In practice, internal investigations regularly cost millions of dollars; companies often feel compelled to cooperate before the scope of exposure is known; and such investigations can trigger collateral consequences—particularly in sanctions and export‑control matters—that exceed the penalty itself. Detection risk, meanwhile, is highly uneven. It is near‑certain in False Claims Act (FCA) matters, historically much lower in Foreign Corrupt Practices Act (FCPA) cases, and intermediate in national security enforcement. That asymmetry, however, is shrinking. Artificial intelligence is rapidly expanding regulators' and whistleblowers' ability to identify misconduct retrospectively across financial, trade, and transactional data sets. As a result, delay no longer preserves optionality: it steadily increases the risk that historical conduct will surface under less favorable conditions.
The voluntary disclosure decision therefore turns not on DOJ's incentives alone, but on a candid assessment of investigation costs, context‑specific detection probability, and how quickly that probability is changing. Steptoe regularly advises companies navigating these decisions and evaluating the risks and benefits of voluntary self‑disclosure under evolving enforcement frameworks.
I. The Conventional Wisdom and Its Limits
The DOJ has spent the better part of a decade constructing incentives designed to make voluntary self-disclosure feel like an obvious business decision, as reflected in the Yates and Monaco Memoranda.[2] That effort took a significant step forward earlier this month with the release of DOJ's first‑ever Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy.[3] On March 30, DOJ's National Security Division affirmed that the new policy applies to violations of US national security laws, including export controls, sanctions, and related regimes.[4] DOJ's message has been consistent across administrations: disclose, cooperate, and remediate, and you will be rewarded; remain silent, and you will face consequences severe enough to have made disclosure the rational choice all along.
The DOJ's framing, however, is not always consistent with views that are frequently voiced in the boardroom. The benefits of voluntary disclosure, in many cases, are real and well-documented. Companies that have, in the eyes of the prosecutor, self-reported, cooperated fully, and remediated misconduct have secured declinations, avoided monitors, and received substantial reductions in what otherwise would have been crushing penalty exposure. Of course, the discretion remains entirely with the DOJ as to whether any company has adequately satisfied the three components that warrant leniency. The first resolution under the new Department-wide policy—a declination for French medical device company Balt SAS in connection with FCPA violations[5]—arrived almost immediately, signaling that DOJ intends to make good on its promises.
But while DOJ describes the benefits of disclosure with considerable specificity, it understates considerations that should be central to any decision whether to self-disclose. First, it fails to account for the costs of undertaking a voluntary disclosure. And second, it gives an incomplete picture of the likelihood that the government would have independently uncovered the underlying conduct, which varies significantly across FCPA, FCA, and national security violations. Understanding the interaction between these two factors—and the ways in which that interaction is increasingly shaped by artificial intelligence—is essential for any company genuinely trying to assess whether disclosure, in fact, makes sense.
II. The True Costs of Voluntary Disclosure
The DOJ's voluntary disclosure framework reflects an obvious asymmetry in how it presents costs and benefits. The benefits are enumerated clearly: a presumption of declination, a non-prosecution agreement (NPA) rather than a guilty plea for near-miss cases, reductions of 50% to 75% off the low end of the Sentencing Guidelines fine range, and no independent compliance monitor.[6] But these benefits exist only at the Department's discretion—an uncertainty that itself imposes a significant and under‑acknowledged cost. By contrast, the costs of achieving those benefits are mentioned only in passing.[7]
In practice, those costs are substantial. Empirical data from Stanford Law School's FCPA Clearinghouse indicates that the average publicly disclosed FCPA investigation spans approximately 39 months and reflects reported costs of nearly $1.6 million per month.[8] That translates into approximately $62 million in disclosed expenses before any penalty is paid. In more complex matters, such as those involving multiple jurisdictions, parallel regulatory proceedings, or large volumes of electronically stored information, the total cost can be significantly higher.
A complete accounting of cost must also include, at minimum: the fees of outside counsel managing the internal investigation; forensic accounting costs for reconstructing financial flows and calculating disgorgement; e-discovery costs; the internal management time diverted from business operations; loss of business; reputational costs that may not materialize as a stock price movement but affect customer and counterparty relationships; and the ongoing compliance obligations—monitoring, reporting, and audits—that frequently accompany resolutions, even when a formal monitor is not imposed.
Beyond direct expenditure, voluntary disclosure carries a structural cost that is less frequently acknowledged and even more difficult to quantify. The disclosing company may need to provide information well before the full scope of the misconduct and the full universe of implicated individuals is known. A company that discloses prior to completing its internal investigation—a course effectively incentivized by DOJ's emphasis on timeliness and reinforced by the 120-day whistleblower window introduced in 2024[9]—commits itself to providing DOJ with facts it does not yet possess. This risk is amplified in the national security context. Sanctions programs and civil export‑control regimes often treat each prohibited transaction as a separate violation, allowing a single systemic control failure to expand into multiple chargeable events. National security resolutions can also carry collateral consequences that can be more operationally disruptive than fines themselves, including the denial, suspension, or conditioning of export licenses, temporary or permanent loss of export privileges, and constraints on government‑contracting eligibility or access to regulated markets. In this posture, the obligation to disclose runs ahead of institutional knowledge, creating a gap that generates legal and strategic risk that cannot be precisely managed, let alone reliably priced.
These costs must be weighed not only against the prospect of leniency, but against a critical baseline comparison: the expected outcome for the company if DOJ were to discover the misconduct independently. Defense bar practitioners have made this comparison consistently, and the empirical record supports their skepticism. In multiple documented cases, the costs of internal investigation and disclosure preparation exceeded the expected penalty absent voluntary disclosure. Where the probability of independent government detection is low, the rational calculus favors, at a minimum, caution and deliberateness before disclosure, particularly while a company works in good faith to establish the relevant facts, assess legal exposure, and implement remediation.
The DOJ recognizes this reality, most obviously in its recent continuation and expansion of its Corporate Whistleblower Awards Pilot Program, which financially incentivizes individuals to report information relating to foreign corruption (including FCPA violations), financial institution crimes, domestic bribery, and private‑insurer health care fraud.[10] This recognition is also implicit in the steady escalation of incentives through successive revisions of the Corporate Enforcement Policy, reflecting DOJ's awareness that disclosure must be made continuously more attractive to overcome rational corporate resistance.
A decision not to pursue immediate voluntary self‑disclosure is not obstruction, but rather an assessment of costs and risks that DOJ's public framing has largely declined to confront directly.
III. The Detection Probability Variable: DOJ's Track Record Is Not Uniform
The second variable in the disclosure calculus—the probability that the government will independently discover the underlying conduct—is consistently omitted from DOJ's public presentation of the disclosure decision. This omission is not accidental. An enforcement agency has an obvious institutional interest in overstating its detection capabilities, because the rational case for voluntary disclosure depends on companies believing that silence offers, at best, only a temporary reprieve.
The historical record tells a more complicated story. DOJ's capacity to identify corporate misconduct through its own investigative activity varies substantially across different categories of conduct, and appreciating that variation is essential to any candid cost-benefit analysis.
The FCA in the healthcare context is DOJ's strongest detection environment. The government's capacity to identify FCA violations in healthcare billing is formidable by any reasonable measure. Medicare and Medicaid claims data create a near-complete digital record of billing conduct: every claim, every provider, every code, every reimbursement amount. The government has direct access to this data, has invested heavily in analytics tools designed to interrogate it, and has developed sophisticated statistical methods for identifying billing patterns inconsistent with legitimate medical practice. The data infrastructure functions, in effect, as a continuous audit.
More importantly, the qui tam provisions of the FCA operate as a dense network of internal informants. Relators—who are statutorily entitled to share in any recovery—have powerful financial incentives to identify and report misconduct, and they do so at scale. In fiscal year 2023, DOJ recovered more than $2.6 billion through FCA settlements and judgments, of which the majority was attributable to qui tam actions.[11] In this environment, DOJ need not independently generate most healthcare fraud cases; the relator mechanism initiates them regularly.
The combination of comprehensive billing data, sophisticated analytics, and financially motivated relators creates a detection regime that approaches certainty for systematic billing misconduct. A healthcare company that identifies a pattern of improper billing and concludes that silence is strategically preferable is, in most cases, miscalculating the odds. In that context, the anticipated probability of independent detection is sufficiently high that the expected value of voluntary disclosure—despite its costs—almost always dominates.
The FCPA context is markedly different. FCPA enforcement mainly targets bribery of foreign government officials, a category of conduct that, by its nature, occurs in jurisdictions where DOJ has limited investigative reach, involves foreign counterparties with independent motivations, and generates documentary evidence that is often in languages other than English and subject to foreign data-protection regimes. In addition, many key witnesses may not speak English and, by virtue of being outside of the United States, are not subject to DOJ's grand jury subpoena power. And while DOJ has, in limited cases, used data analytics to assist FCPA investigations, those tools remain far less developed and far more nascent than in FCA enforcement (particularly with respect to Health Care Fraud enforcement), which can leverage centralized, comprehensive datasets to identify misconduct at scale.
The historical pattern of FCPA enforcement reflects these structural constraints. The government's ability to develop FCPA cases independently has depended on three secondary mechanisms: (1) voluntary disclosures by the companies themselves; (2) cooperation from foreign governments, particularly in the wake of the global anti-corruption convergence following the OECD Anti-Bribery Convention; and, increasingly, (3) reliance on SEC whistleblower tips. Each of these pathways is frequently complemented—and sometimes catalyzed—by investigative journalism and insider reporting that surfaces information otherwise inaccessible to US authorities.
DOJ has acknowledged this dynamic explicitly. In response to the decline in FCPA cases in 2015, a DOJ spokesperson stated that the agency's lower corporate enforcement activity was attributable, in part, to the slowdown in self-reported cases.[12] When companies stop disclosing, FCPA enforcement slows—a candid acknowledgment of the degree to which FCPA enforcement depends on information generated outside the government. Consistent with this pattern, Stanford's FCPA Clearinghouse data indicate that approximately 41% of companies involved in FCPA matters self‑reported the underlying misconduct, underscoring the central role voluntary disclosure plays in sustaining enforcement activity.[13]
This asymmetry has direct implications for the disclosure calculus. For a company with potential FCA exposure in a heavily data-monitored sector, the probability of independent government detection is high, and the case for timely voluntary disclosure is correspondingly strong. For a company grappling with potential FCPA exposure that has not generated a whistleblower tip and does not involve a jurisdiction where local authorities are actively investigating, the calculus has historically been far less certain. The rational analysis in those two scenarios is fundamentally different, and any compliance framework that treats them identically is providing flawed advice in at least one case.
National security violations occupy a middle ground. Unlike FCPA enforcement, the government's independent detection capacity in sanctions and export‑control cases is meaningfully supported by the extensive data that financial institutions are required to collect and report. Banks must screen relevant transactions against OFAC lists in real time, block or reject prohibited transactions, and report blocked or rejected payments directly to OFAC, creating a continuous record of sanctions‑related activity. Financial institutions must also file Suspicious Activity Reports with FinCEN, many of which relate to sanctions evasion, opaque ownership structures, or transaction structuring and may later inform OFAC and DOJ enforcement. Although DOJ has at times pointed to the use of similar financial intelligence in the FCPA context, the sanctions reporting infrastructure provides far more consistent, systematic visibility into covered conduct than the government typically has in FCPA matters.
At the same time, detection in the national security context is uneven and less centralized. High transaction volumes can overwhelm screening systems, and layered ownership structures and opaque intermediaries can further dilute detection. Geographic exposure also plays a substantial role, with transactions touching heavily scrutinized corridors (i.e., Russia, Iran) drawing more attention than activity routed through less monitored jurisdictions. Institutionally, enforcement authority is spread across multiple agencies with overlapping but non‑identical mandates, and whistleblower incentives in the national security space are comparatively weaker than in the FCA context. As a result, many violations—particularly indirect sanctions exposure through intermediaries or historical export‑control failures—were unlikely to come to the government's attention unless a company itself surfaced them. That dynamic does not excuse noncompliance or concealment; it instead underscores the difficulty of making irreversible disclosure decisions before a company understands the operational, licensing, and collateral consequences that may flow from them.
IV. Artificial Intelligence Is Rewriting the Detection Environment
The detection probability variable that has worked in favor of silence in some enforcement contexts is changing. The primary driver of that change is artificial intelligence, and the effect is clear: it is steadily expanding the government's capacity to identify misconduct without corporate voluntary self-disclosure.
The underlying mechanism is not mysterious. AI systems—particularly large language models, pattern-recognition tools, and automated entity-resolution systems—dramatically reduce the cost of synthesizing large, heterogeneous data sets into actionable investigative leads. Tasks that previously required teams of experienced human analysts working for months can increasingly be accomplished in days or hours by automated systems at a fraction of the human capital cost.
For enforcement agencies, this represents an acceleration of capabilities that were already developing. SEC enforcement, which has previously used quantitative screening tools to identify insider trading and accounting fraud,[14] has been explicit about expanding its use of AI-assisted analysis to surface violations across broader categories of securities law.[15] The DOJ's own enforcement components have begun investing in data analytics infrastructure. Equally important, the private bar—qui tam relators, whistleblower attorneys, and plaintiff-side firms—is investing in AI tools to identify potential violations at scale, with the expectation that automated analysis can generate credible enforcement referrals more efficiently than traditional document-by-document review.
The implications for FCPA enforcement are particularly significant. The historical weakness of government detection capacity in the FCPA context has reflected the practical difficulty of synthesizing payment flows, contract awards, and political relationships across multiple foreign jurisdictions and languages. AI tools are reducing that difficulty. Automated translation, entity-resolution across multilingual data sets, pattern-recognition in financial flows, and network analysis of corporate and governmental relationships are all becoming faster, cheaper, and more reliable. The investigative capacity that the government lacked in 2010 is being built today, though it is not yet uniformly accessible across the enforcement arms of government agencies.
AI tools are likely to have a similar effect in the national security context. Sanctions and export‑control violations often leave structured digital traces—payment records, trade documentation, and compliance screening data—that AI tools can increasingly synthesize and analyze. These tools make it easier to connect intermediaries, identify anomalous transaction patterns, and surface conduct that previously blended into routine commercial activity.
In heavily data-monitored sectors such as healthcare, AI primarily accelerates enforcement that was already likely. In contexts where detection probability was already high, AI makes it faster and broader in scope. By contrast, for the broader universe of corporate misconduct—financial fraud, sanctions violations, procurement fraud, antitrust violations—the more consequential development is the potential for AI to enable government detection in contexts where independent detection was previously unlikely.
Companies should not treat this trajectory as a distant or speculative concern. Many of the systems being deployed today will generate enforcement referrals in the near term, and the data on which those systems will operate already largely exists. Sanctions violations that occurred in 2020, procurement fraud embedded in transactions during 2021, or accounting irregularities buried in financial statements in 2022 represent precisely the types of historical conduct most susceptible to AI-assisted retrospective analysis. As a result, misconduct that previously appeared unlikely to be independently detected may be increasingly recoverable—not prospectively, but backward-looking, and at scale.
V. A More Honest Analytical Framework
Nothing in this analysis suggests that companies should evade detection, conceal violations, or disregard compliance obligations; rather, it addresses how responsible organizations evaluate the timing and scope of voluntary disclosure under uncertainty. Companies facing potential disclosure decisions should approach the analysis with a framework that honestly accounts for three factors that DOJ's standard presentation tends to undervalue.
The first is a realistic assessment of investigation costs. This is not an argument against voluntary disclosure; it is an argument for understanding what disclosure actually entails before committing to it. Any company contemplating disclosure should first undertake a realistic analysis of the full cost, including investigation, outside counsel, forensic accounting, e-discovery, remediation, cooperation obligations, and potential business losses or disruption. At the same time, a company that decides not to disclose without honestly pricing the cost of a government-initiated investigation that it may be forced to cooperate with at a later stage—and under less favorable circumstances—is equally uninformed. The relevant comparison is not disclosure costs versus zero. It is disclosure costs, coupled with available leniency benefits, against the expected costs of a government-initiated investigation, discounted by the probability of detection.
The second is a realistic, category-specific assessment of detection probability. This variable, which is the single most important factor in the disclosure calculus, varies enormously across enforcement contexts. Companies with potential exposure under the FCA—particularly healthcare billing, government contracting, and pharmaceutical pricing—are operating in a high-detection environment and should weight leniency benefits accordingly. Companies confronting potential FCPA exposure have historically faced a lower baseline detection probability, though that probability is steadily increasing. Sanctions violations occupy a middle position: detection risk is meaningfully elevated by the extensive data that financial institutions are required to collect and report, but remains sensitive to transaction volume, counterparty sophistication, and geographic exposure.
The third and newly urgent factor is a forward-looking assessment of how AI is changing the detection environment for the company's specific category of exposure. A company that made a disclosure decision in 2018 based on a reasonable assessment of government detection capacity and is revisiting that decision now should not assume that the same probabilities apply today. The enforcement infrastructure being built today will render visible categories of historical misconduct that were not meaningfully susceptible to detection when they occurred.
None of this analysis leads to the conclusion that voluntary disclosure is always right or always wrong. What it promotes instead is a recognition that the decision is complex and unique to each company. Moreover, it makes clear that DOJ's public framing systematically understates the costs involved, overstates the certainty and uniformity of leniency outcomes, and gives inadequate attention to the detection‑probability variable—the linchpin of the entire calculation—which itself is undergoing structural change. That change, over time, increases the expected value of disclosure, but it does so unevenly.
VI. Conclusion
DOJ has spent the last decade trying to solve a coordination problem. It knows that voluntary disclosure produces better enforcement outcomes—more complete fact-finding, faster resolution, and more comprehensive remediation—than investigations developed through independent government action. It has constructed increasingly generous and explicit incentive structures to overcome rational corporate resistance. The new Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy, and the recent update extending that policy to national security cases, represent the culmination of that effort: a unified framework that, for the first time, extends a presumptive declination to qualifying companies across all DOJ components.
The framework is real, the benefits are meaningful, and DOJ's policy direction is clear. But the decision to disclose remains complex, and the difficulty is not reducible to compliance threats or irrational risk aversion, particularly where the benefits remain subject to DOJ's discretion and thus inherently uncertain. The costs of disclosure are large, uncertain, and often more substantial than the government's leniency calculus accounts for. The probability of independent detection varies by enforcement context in ways that are systematic and analyzable. Moreover, the AI-driven evolution of investigative capacity is shifting the detection probability variable—slowly in some contexts, rapidly in others—in a direction that increases the expected value of proactive disclosure.
Against this backdrop, the most important contribution a legal advisor can make to the disclosure decision is not merely to reassure clients that DOJ's framework is clear and the benefits are real, although both propositions are largely true. Rather, it is to insist on an honest accounting of the costs, a rigorous assessment of the detection risk tailored to the client's actual exposure, and a forward-looking assessment of how quickly that probability is likely to change. In a world in which artificial intelligence is steadily increasing the government's ability to detect past misconduct, a company that delays a disclosure decision is not preserving optionality; it is allowing it to erode.
The new policy clarifies DOJ's enforcement posture, but it does not eliminate the difficult judgment calls that companies must still make. Businesses confronting potential exposure must weigh investigation costs, evolving detection risk, collateral consequences, and timing constraints unique to their operations and regulatory footprint. Steptoe's Investigations, White Collar, and Compliance team regularly advises companies on whether, when, and how to engage with DOJ and other regulators on potential disclosures and brings unique insight into how advances in artificial intelligence, particularly as applied to investigations, impact this critical calculus.
[1] US Dep't of Justice, Department‑Wide Corporate Enforcement and Voluntary Self‑Disclosure Policy (Mar. 10, 2026), https://www.justice.gov/dag/media/1430731/dl?inline
[2] Yates, Sally. Individual Accountability for Corporate Wrongdoing, US Dep't of Justice (Sept. 9, 2015), https://www.justice.gov/dag/file/769036/download; Monaco, Lisa. Further Revisions to Corporate Enforcement Policies Following Discussion with Corporate Crime Advisory Group, US Dep't of Justice (Sept. 15, 2022), https://www.justice.gov/d9/pages/attachments/2022/09/15/2022.09.15_ccag_memo.pdf
[3] US Dep't of Justice, Department‑Wide Corporate Enforcement and Voluntary Self‑Disclosure Policy (Mar. 10, 2026), https://www.justice.gov/dag/media/1430731/dl?inline
[4] US Dep't of Justice, Reporting Voluntary Self‑Disclosures of Violations of National Security Laws Under the Department‑Wide Corporate Enforcement Policy (Mar. 30, 2026), https://www.justice.gov/opa/pr/reporting-voluntary-self-disclosures-violations-national-security-laws-under-department-wide
[5] US Dep't of Justice, Justice Department Resolves Foreign Bribery Investigation with Balt SAS; Healthcare Executive and Sales Consultant Indicted in Alleged Years‑Long Foreign Bribery Scheme (Mar. 19, 2026), https://www.justice.gov/opa/pr/justice-department-resolves-foreign-bribery-investigation-balt-sas-healthcare-executive-and
[6] US Dep't of Justice, Department‑Wide Corporate Enforcement and Voluntary Self‑Disclosure Policy (Mar. 10, 2026), https://www.justice.gov/dag/media/1430731/dl?inline
[7] Id.
[8] The Stanford Law School FCPA Clearinghouse calculates average investigation length and monthly cost figures based on cost information voluntarily disclosed by a limited subset of companies in publicly available sources, including SEC filings, DOJ and SEC resolutions, press releases, and related materials. As Stanford explains, these disclosures are often incomplete and may aggregate internal investigation expenses with broader compliance reviews, remediation efforts, and, in some cases, costs associated with parallel civil litigation. External legal fees are generally not publicly itemized, and sealed or otherwise non‑public information is excluded from the dataset. See Stanford Law School, About the FCPA Clearinghouse: Methodology, https://fcpa.stanford.edu/about-the-fcpac.html#methodology; Corporate Crime Reporter, Kristen Savelle on the FCPA Clearinghouse at Stanford Law School (Dec. 7, 2020), https://www.corporatecrimereporter.com/news/200/kristen-savelle-on-the-fcpa-clearinghouse-at-stanford-law-school/
[9] U.S. Department of Justice, Criminal Division Launches Corporate Whistleblower Awards Pilot Program, Office of Public Affairs (Aug. 1, 2023; implemented and operationalized in 2024), https://www.justice.gov/opa/pr/criminal-division-launches-corporate-whistleblower-awards-pilot-program
[10] US Dep't of Justice, Criminal Division Announces Corporate Whistleblower Awards Pilot Program (Aug. 1, 2024),
https://www.justice.gov/criminal/criminal-division-corporate-whistleblower-awards-pilot-program
[11] U.S. Department of Justice, False Claims Act Settlements and Judgments Exceed $2.68 Billion in Fiscal Year 2023, Office of Public Affairs (Feb. 22, 2024), https://www.justice.gov/archives/opa/pr/false-claims-act-settlements-and-judgments-exceed-268-billion-fiscal-year-2023 (reporting more than $2.68 billion in FCA settlements and judgments in FY 2023, with over $2.3 billion—nearly 86 percent—attributable to qui tam actions)
[12] Dockery, Stephen. DOJ Says Pursuing ‘Higher-Impact' Bribery Cases, The Wall Street Journal (Oct. 5, 2015), http://blogs.wsj.com/riskandcompliance/2015/10/05/doj-says-pursuing-higher-impact-bribery-cases/
[13] Stanford Law School, Foreign Corrupt Practices Act Clearinghouse: Enforcement Trends and Statistics, Stanford Law School, https://fcpa.stanford.edu/statistics-keys.html
[14] Gurbir S. Grewal, Director, Division of Enforcement, Statement on Insider Trading Enforcement Actions Announced on June 29, 2023, U.S. Securities and Exchange Commission (June 29, 2023), https://www.sec.gov/newsroom/speeches-statements/20230629 (stating that the SEC is “leveraging all the tools at our disposal, including our data analytics initiatives,” in insider‑trading enforcement); U.S. Securities and Exchange Commission, Division of Enforcement—Annual Results for Fiscal Year 2024, https://www.sec.gov/files/enforcement-annual-report-2024.pdf.
(discussing the Division's use of “advanced data analytics and technology” to identify potential violations and bring enforcement actions.)
[15] See, e.g., U.S. Securities and Exchange Commission, SEC Creates Task Force to Tap Artificial Intelligence for Enhanced Innovation and Efficiency Across the Agency, Press Release No. 2025‑103 (Aug. 1, 2025), https://www.sec.gov/newsroom/press-releases/2025-103-sec-creates-task-force-tap-artificial-intelligence-enhanced-innovation-efficiency-across-agency (announcing agency‑wide adoption of AI‑enabled tools to enhance enforcement and other regulatory functions).
