The US has a massive export enforcement problem. It’s likely that over 100,000 export-controlled AI chips were smuggled into China in 2024. To give a sense of scale, the xAI Colossus cluster in Memphis, Tennessee, comprised first 100,000 and later 200,000 AI chips. That’s roughly an xAI Colossus cluster being smuggled to China each year. The main reason we know this is that smugglers are so unafraid that they’re willing to talk about their operations to journalists; this has happened repeatedly during the past year and a half.

AI chip smuggling is far from the only enforcement problem. In 2024, Huawei got TSMC to illegally fabricate over two million of its AI chip dies through front companies, despite sanctions. That is a far larger quantity than the number of Huawei AI chips fabricated domestically in China that year. We’ve also seen likely violations related to high bandwidth memory and semiconductor manufacturing equipment, which help China make its own AI chips to compete against NVIDIA.

What if you could pay insiders many millions of dollars to inform US authorities about such violations, at almost no cost to the US government? That would likely surface a large number of high quality tips about important violations, which would greatly aid US authorities in detecting, punishing and deterring such violations.

This idea may sound outlandish, but it’s actually possible. In fact, there is a law being discussed in Congress that would accomplish exactly this! But before we get there, let’s take a brief detour to the Securities and Exchange Commission (SEC) and the 2008 financial crisis.

The SEC whistleblower program

In 2008, the US economy was reeling from the housing and mortgage crisis. Late that year, Bernie Madoff sat down with his two sons and admitted to them that the investment business he’d been running for two decades was a giant fraud, a Ponzi scheme to end all Ponzi schemes. Because of these two crises, there was a desire among policymakers to strengthen financial regulation and oversight.

Related to the Madoff scandal in particular, the SEC was under criticism for failing to properly investigate several credible reports about it. An employee at a rival investment firm, Harry Markopolos, had been asked by his employers to figure out how Madoff could post such consistently excellent returns, and soon realized that the returns were impossible with Madoff’s claimed strategy. Markopolos later said in an interview: “I read his strategy statement, and it was so poorly put together. His strategy as depicted would have trouble beating a zero return, and his performance chart went up at a 45-degree line: that line doesn’t exist in finance, it only exists in geometry classes.”

Markopolos sent reports to the SEC detailing Madoff’s fraudulent activities on multiple occasions before the 2008 financial crisis. However, the SEC failed to properly investigate these reports, leaving Madoff free to continue defrauding investors until the financial crisis made its collapse imminent. Lawmakers realized that reports of wrongdoing from the general public could be a valuable tool for detecting and deterring securities laws violations.

One result of this, signed into law in 2010 as part of the Dodd-Frank Act, was the SEC whistleblower program.1

The SEC whistleblower program works like this. First and most importantly, whistleblowers get 10-30% of any penalty resulting from their report. This can be many millions of dollars—the largest reward to date, paid out in 2023, was nearly $280 million. This monetary incentive is paired with protections against retaliation from their employers, confidentiality guarantees, and the ability to make reports to the SEC anonymously through an attorney. To pay out whistleblower rewards, the Dodd-Frank Act also sets up an Investor Protection Fund, which receives penalties from securities violations (previously these would go to the Treasury).

The SEC whistleblower program is widely considered to have been an enormous success. It’s now one of the key ways that securities law is enforced in the US. It has helped generate $7.3 billion to $22 billion in penalties since its inception in 20112, and has received reports from at least 130 countries. Quantitative evaluations are rarer, but existing research suggests it has reduced financial reporting fraud, deterred insider trading, and caused companies to strengthen compliance programs.

The Stop Stealing Our Chips Act

Now the question is, could you adopt the SEC whistleblower program model for the Bureau of Industry and Security (BIS) and export violations? The Stop Stealing Our Chips Act—introduced into the Senate in April 2025 by Senators Rounds (R-SD) and Warner (D-VA) and into the House a couple of weeks ago by Representatives Kean (R-NJ) and Johnson (D-TX)—would do exactly this.

The Stop Stealing Our Chips Act (henceforth, SSOCA) is closely modeled on the SEC whistleblower program, with some changes to adapt it for the export enforcement situation. It too offers whistleblowers 10-30% of any resulting penalty along with whistleblower protections, including the possibility of making anonymous reports to BIS.

The first thing to note here is the financial incentive. As economists always tell us, financial incentives are incredibly powerful, and the fines for these violations can be enormous:

• There have been several news reports of operations involving on the order of 10,000 smuggled AI chips, meaning roughly $400 million worth. BIS can fine up to twice the value of the related transaction, so that could be a penalty of $800 million, for just one smuggler who spoke to the news media. If a whistleblower reports on that, they could get up to 30% or $240 million (leaving $560 million for the US government).

• The massive TSMC-Huawei violation—which was only detected when an independent organization did a teardown of a Huawei chip—could reportedly result in a $1 billion fine. This would have been up to $300 million for an informant.

Beyond catching violations, a well-publicized program could have significant deterrent effects. If everyone in a supply chain—sales reps, warehouse workers, freight forwarders, accountants—knows that reporting can yield millions, violators face a much riskier environment. This effect could be realized even before the whistleblower program comes into effect, as the law would allow whistleblowers to report on violations that occurred before it was signed into law.

Would the BIS program actually surface any tips?

All right, hundreds of millions of dollars is a strong incentive. But, you may ask, are there actually people with information about these violations who would be willing to step up and blow the whistle? Why, yes there are!

Take AI chip smuggling operations: these involve lots of people who could potentially file reports, in other words people who have relevant information and would like to get millions of dollars. This includes, for example, people working in sales at exporters with questionable compliance practices; employees at local resellers, freight forwarders, logistics companies, warehouses, or data centers where the chips are temporarily housed; and accountants and lawyers.

In March 2025, Singaporean authorities arrested three people for smuggling $390 million worth of AI servers. These arrests were the result of an “anonymous tip-off”, in other words a whistleblower report! It seems likely that the recent Operation Gatekeeper arrests of an AI chip smuggling ring operating out of Texas and New York were also the result of an insider tip.

The story is similar for the TSMC-Huawei violation, where there were likely many TSMC employees who could’ve known about this problem and informed the US government. The only reason the US ultimately found out about this violation was because an independent party—TechInsights—did a teardown of a Huawei AI chip, and noticed it was TSMC-fabricated. A BIS whistleblower program would likewise incentivize such actors to look for evidence of violations and report those to the US government. This type of information is hugely valuable; it makes no sense to sit around and wait for people to offer it out of the goodness of their hearts.

As with the SEC program, the SSOCA makes foreign nationals eligible for rewards. This is important because many export violations happen in third countries, where goods are diverted via reexport or transshipment. (The SSOCA does however wisely make some exceptions for known terrorists and sanctioned persons, who are not eligible for rewards.) This is similar to how the intelligence community pays foreign informants, who provide the US government with information that benefits US national security.

Would BIS be able to run the program?

At this point, the wise reader will ask, “Isn’t BIS extremely resource constrained? If so, how is it supposed to process and investigate a bunch of incoming tips, determine awards, and carry out outreach on the program?” After all, BIS’s budget for enforcement has been essentially flat when accounting for inflation for at least the past five years (see figure), despite BIS receiving a vastly increased scope of responsibilities due to the AI chip export controls introduced in October 2022 and the Russian invasion of Ukraine and all the diversion related to that conflict.

Good question! The answer is that these activities—investigating whistleblower reports, determining awards, and carrying out outreach—would also be financed through incoming penalties. This is one of the most notable differences between the SSOCA and the SEC program. The SSOCA authorizes BIS to use money from penalties for a few additional purposes and not only for paying out rewards to whistleblowers. (As currently written, the SSOCA would only allow BIS to receive money from penalties that stem from whistleblower reports, but I think this should be expanded to cover all penalties for BIS-related violations.)

Today, any fine levied by BIS goes straight to the Treasury, or in rare cases it is earmarked for some specific fund, such as the Crime Victims Fund. What the SSOCA would do is redirect these to an Export Compliance Accountability Fund. This Fund would be used to pay rewards to whistleblowers; any money left over would go first to core functions of the BIS whistleblower program, and then to export enforcement activities more broadly.

There is a separate but related question of how the program would be funded initially, if it’s mainly intended to be funded through penalties. However, BIS already has a fairly steady stream of enforcement actions, including from likely insider tips, without any whistleblower incentive program (see figure). BIS may also be able to direct some of its appropriated resources to the program in the first one or two years, in order to get it up and running.

It seems likely that this program would pay for itself if implemented. That’s because the program would likely help BIS detect more violations and therefore levy more penalties than it would without the program. It could well end up both reducing the number of violations and also generating additional revenue for the federal government by making it much more likely that violations are detected and enforced. The losers here would be the smugglers and other bad actors who wake up every day trying to figure out ways of harming US national security.

BIS’s entire budget for fiscal year 2025 was about $191 million, likely far smaller than the collective profits of AI chip smugglers alone, which may well have exceeded $1 billion. A single successful enforcement action against a major smuggling operation could pay for BIS’s entire annual budget—for example, last month US authorities arrested three individuals accused of smuggling AI chips worth $160 million to China, which could result in a penalty of $320 million. There are likely dozens of such cases remaining to be discovered. A BIS whistleblower program like the one described in the SSOCA could create a virtuous cycle where more tips and better enforcement lead to more penalties and rewards, which in turn leads both to more tips by publicizing the program and also more resources for enforcement.