Corporate compliance officers might feel like they’ve been put through the whirlwind lately, with the Trump Administration issuing one sweeping announcement about corporate enforcement after another.
Except, remember what a whirlwind does. It spins you round and round, makes you feel dizzy and confused… and then leaves you pretty much right where you were before.
The more we ponder the Administration’s moves on corporate compliance, the more that metaphor fits.
Consider the announcements themselves. Most notably, President Trump issued an executive order on February 10 that paused all enforcement of the Foreign Corrupt Practices Act for at least six months and directed Attorney General Pam Bondi to issue new guidelines on all future FCPA enforcement – guidelines that presumably will take a much lighter approach than what we’ve seen for the last twenty years.
Another example comes from the financial services industry. On February 9, the Administration essentially stopped all activity at the Consumer Financial Protection Bureau: no new investigations, supervisory examinations of financial firms, or issuance of new guidance. All employees were sent home for at least a week, presumably as a prelude to staff cuts at the agency.
Those are startling moves, to be sure. We’ll probably see more of them from other agencies in the future. But what does all that tumult mean for corporate compliance programs?
Perhaps not all that much.
First, the compliance risks are still there
Let’s start with the Justice Department. Yes, it has paused all enforcement of the FCPA – but that doesn’t erase the Foreign Corrupt Practices Act from the books. It’s still a statute that companies are legally required to obey. A company could take this executive order as a green light to engage in bribery and dismantle its corporate compliance program – but that company would be breaking the law and racking up potential future enforcement actions.
Would your company want to take that gamble? The statute of limitations for FCPA violations is five years, extending beyond the end of Trump’s term in 2029. If a new administration revives vigorous FCPA enforcement in the future, a decision today to ignore ethics and compliance will look terrible in hindsight.
The gamble is even bigger for the Consumer Financial Protection Bureau because while the agency might be in an enforcement deep freeze, state attorneys general and banking regulators have the right to bring their own enforcement actions under the agency’s enabling legislation, the Consumer Financial Protection Act.
Companies are going to see that dynamic repeatedly. Your risk of enforcement from federal regulators might be low right now, but a lack of enforcement does not erase your company’s underlying compliance obligations. You’ll still have enforcement risk from other sources, such as U.S. states or foreign governments.
In fact, businesses may now find themselves facing even greater scrutiny from international regulators. The UK’s Serious Fraud Office (SFO) and France’s Parquet National Financier (PNF), which have been increasingly active in corruption enforcement, could step into the void left by the DOJ’s retreat. Recent remarks from SFO Director Nick Ephgrave indicate a desire to take a “bolder, more proactive” approach to enforcement. At the same time, the PNF has secured more than 20 deferred prosecution agreements (CJIPs) related to bribery in just the past several years.
European regulators may view this shift as an opportunity to establish themselves as the primary global enforcers of anti-corruption laws, particularly under the UK Bribery Act and France’s Sapin II law. For companies operating internationally, this means that while the risk of immediate FCPA enforcement from U.S. regulators may be lower, exposure to investigations and penalties from foreign jurisdictions could rise.
A global compliance perspective is more important than ever. U.S. companies accustomed to negotiating with the DOJ may need to shift their approach if they come under scrutiny by the SFO, PNF, or other European regulators. These agencies have their own standards for cooperation, voluntary disclosure, and settlement. Compliance teams should be prepared to adapt quickly and ensure that anti-corruption controls align with international expectations, not just U.S. ones.
For more insight on how UK and European regulators may step up their enforcement efforts, check out this analysis from Latham & Watkins: President Trump Pauses FCPA Enforcement – Will UK and European Prosecutors Step In?
Now, let’s pivot back to the FCPA. Sure, enforcement against corporate bribery and corruption will be lower – but will large companies suddenly want to engage in bribery and corruption? Of course not.
As we just mentioned, global enforcement of anti-corruption laws will remain in force. Contracts secured through bribery can also be voided in court. Corruption also brings more costs to your business, as corrupt government officials will feel more emboldened to hit up your business for a bribe.
In many ways, today’s lack of enforcement doesn’t change the underlying dynamics that global businesses face. You still need to address those inherent compliance risks somehow
You still need strong compliance capabilities
This all means you still need a set of capabilities to address those compliance and risk fundamentals that remain in place, regardless of the latest executive order or agency pause. You still need a compliance program.
For example, you’re not going to dismantle your internal hotline, because employees still use that to report so many other possible compliance violations. You’re not going to end your third-party due diligence, because there are 1,000 other ways a third party might bring risk to your organization, and management needs to know that. Risk assessment, control testing, audits – the need for all those things will remain.
Indeed, it’s even possible that a retreat on enforcement will leave compliance officers with more to do. For example, the pause on FCPA enforcement might lead some of your employees and third parties to engage in corruption. That could lead to more employees reporting those violations via the internal hotline, and you’ll need to investigate those reports to at least some degree. Even if your company decides not to self-report the violation, any self-respecting management team will still want you to clean up the mess.
If compliance officers should do anything right now, it’s this: engage with your board and management team. Remind them that a pause on enforcement does not equal a reduction in compliance obligations or risk. Businesses will still need all the capabilities that a strong compliance program brings, and those capabilities are just as useful for operational risks as they are for compliance risks.
So, what will the next four years bring for corporate compliance? Nobody knows, but then again, perhaps demonstrates the point. A strong ethics and compliance program helps a company be ready for anything.
NAVEX is here to help your organization build a risk and compliance program that will last and enable a culture of ethics and compliance.
Check out our resources below for more information about how NAVEX helps you achieve FCPA compliance.
