almart has agreed to a $100 million judgment to settle allegations by the Federal Trade Commission and 11 states that the company caused delivery drivers to lose earnings, by deceiving them about the base pay, incentive pay, and tips they could earn. The FTC estimates that Walmart delivery drivers lost tens of millions of dollars in earnings due to the deception.

The proposed order also imposes significant changes to Walmart’s business practices to ensure that Walmart “never engages in such behavior again.” The injunction prohibits Walmart from modifying offers after a driver has accepted the offer, unless one of six exceptions applies. It also prohibits Walmart from making or assisting others in making similar misrepresentations to drivers or customers in the future.

Joined by Arizona, California, Colorado, Illinois, Michigan, North Carolina, Oklahoma, Pennsylvania, South Carolina, Utah, and Wisconsin, the FTC alleged in its complaint that Walmart lured drivers into its Spark Driver delivery program with inflated base pay and tip prospects. The complaint claims Walmart deceived customers by falsely proposing that 100 percent of customer tips would go to drivers.

“Labor markets cannot function efficiently without truthful and non-misleading information about earnings and other material terms,” said Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection. “Today’s settlement reflects the Trump-Vance FTC’s focus on ensuring a healthy labor market for American workers, which is critical to the nation’s success.”

The FTC says the enforcement action against Walmart  is a result of it’s Joint Labor Task Force which was created by the cross-agency Labor Task Force to “root out and prosecute deceptive, unfair, and anticompetitive labor-market practices that harm American workers.” It also said the it’s dual consumer-protection and competition mandate makes the agency uniquely well-suited to address these worker harms. “Chairman Ferguson’s Labor Task Force harnesses expertise from the agency’s Bureau of Consumer Protection, Bureau of Competition, Bureau of Economics, and Office of Policy Planning.”

Walmart uses its Spark Driver service to deliver goods to customers using gig workers via the Spark Driver app, similar to Door Dash or Uber Eats. Those workers decide whether to accept “offers” to deliver orders, based on Walmart’s statements about the base pay and tips that a driver can expect to receive if they complete the work.

Details of allegations against Walmart.

The complaint alleges that Walmart engaged in several deceptive practices related to its Spark Driver service, including:

• Deceiving drivers about the number of tips they will receive from an order— the company failed to notify drivers that, unlike the payment for the goods being delivered, the payment for the advertised tip amount had not been preauthorized, and therefore drivers would not receive that amount if the customer was unable to cover the cost of the tip or if the charge otherwise failed. The company also failed to inform drivers that it would split tips when a customer’s delivery was split across multiple drivers.
• Deceiving drivers about the amount of base pay and tips they will receive when Walmart modifies “batched” offers— the company failed to inform drivers that it will reduce their base pay and/or tips when it removes orders from “batched orders,” which involve delivering goods to multiple customers during one trip. In many instances, Walmart either failed to notify drivers at all about the change in base pay and tips or only notified them of the change in their earnings after they completed the delivery.
• Misrepresenting the incentive pay drivers can earn in exchange for completing certain tasks— the company failed to disclose all the conditions that must be met to earn the promised incentive pay for completing certain tasks and denied the promised earnings on the basis that drivers failed to meet all the conditions.
• Deceiving consumers that “100% of tips go to the driver.” — despite this promise, Walmart, on multiple occasions, failed to provide collected tips to drivers as promised and did not refund the tip to customers either.

The FTC alleges that these practices violated the FTC Act and the Gramm-Leach-Bliley Act—by obtaining drivers’ bank and other financial information while deceiving them about the amount base pay and tips they will earn from Spark Driver deliveries—as well as laws of the agency’s state partners.

As part of the proposed order, Walmart is:

• Required to implement an earnings verification program to ensure drivers are paid the promised earnings and tips.
• Prohibited from modifying an offer for base and incentive pay or tips after the initial offer except under limited circumstances such as when the driver fails to provide the required service or the customer cancels an order.
• Banned from misrepresenting the earnings and other information included in the delivery offers it makes to Spark drivers.

If Walmart fails to obey this injunction, the Commission can return to Court in contempt proceedings. 

The post Walmart to Pay $100 Million to Settle FTC Deception Charges on Delivery Service appeared first on Compliance Chief 360.

axful, an online virtual currency trading platform, will pay a criminal penalty of $4 million after pleading guilty to violating the Bank Secrecy Act, promoting illegal prostitution, and knowingly transmitting funds derived from criminal offenses.

From 2015 to 2019, Artur Schaback, the operator of Paxful, allowed customers to open accounts and trade cryptocurrencies without having sufficient know-your-customer (KYC) information. He also presented fake anti-money laundering policies to third parties that were never implemented, and failed to file a suspicious activity report, despite knowing that Paxful customers were using this platform for criminal activity. According to the Justice Department, Paxful became a hub for romance scams, money laundering, human trafficking, sanctions violations, and other illegal activity.

“Paxful profited from moving money for criminals that it attracted by touting its lack of anti-money laundering controls and failure to comply with applicable money-laundering laws, all while knowing that these criminals were engaged in fraud, extortion, prostitution, and commercial sex trafficking,” said assistant attorney general A. Tysen Duva of the Justice Department’s Criminal Division. “Crimes like this are a high priority for the Criminal Division because criminal money transmitters facilitate so many other crimes like money laundering, prostitution, fraud, romance scams, extortion and human trafficking. This sentence shows that companies will be held accountable when they create safe havens for criminal activity.”

Paxful knowingly transferred virtual currency on behalf of its customers, including Backpage, an online advertising platform for illicit prostitution and similar sites. In various criminal proceedings, Backpage and its owners and operators admitted that Backpage advertised and profited from illegal prostitution, including illegal sex work depicting minors. Paxful’s founders boasted about the “Backpage Effect,” which enabled the business to grow.

“By putting profit over compliance, the company enabled money laundering and other crimes. This sentence sends a clear message: companies that turn a blind eye to criminal activity on their platforms will face serious consequences under U.S. law. The U.S. Attorney’s Office will continue to protect victims and ensure that the cryptocurrency ecosystem is not exploited by criminals,” said U.S. Attorney Eric Grant for the Eastern District of California.

“Paxful’s deliberate disregard for anti-money laundering requirements and its role in promoting illegal prostitution and other criminal schemes enabled the movement of illicit funds at scale. This case sends a clear message: platforms that choose profit over compliance will face serious consequences and be brought to justice,” said Special Agent in Charge Linda Nguyen of the IRS-CI Oakland Field Office.

Considering how Paxful was marketed, Paxful knew its platform was used as a vehicle for prostitution, fraud, romance scams, and extortion schemes enforcement agencies stated. Paxful pleaded guilty to conspiring to violate the Travel Act; conspiring to operate an unlicensed MTB; and conspiring to violate the Bank Secrecy Act’s (BSA) anti-money laundering (AML) program requirement.

The Justice Department reached its resolution with Paxful based on several factors, including the nature and seriousness of the offenses, which involved Paxful’s processing of millions of dollars of illicit transactions and allowing its platform to be used for criminal activity. 

The post Online Trading Platform to Pay $4 Million for Promoting Criminal Activity appeared first on Compliance Chief 360.

he California Attorney General’s office has announced a settlement with the Walt Disney Co., resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to answer consumers’ requests to opt-out of the sale or sharing of their data across all devices and streaming services associated with consumers’ Disney accounts. Under the settlement, Disney must pay $2.75 million in civil penalties and must implement opt-out methods that fully stop Disney’s sale or sharing of consumers’ personal information.

The California Department of Justice’s investigation into Disney stems from a January 2024 investigative sweep of streaming services for potential CCPA violations. Effective opt-out is one of the requirements of complying with CCPA. The investigation found that Disney’s opt-out processes did not allow a consumer to completely opt-out of and stop all sale or sharing of their data, in violation of the CCPA.

“Consumers shouldn’t have to go to infinity and beyond to assert their privacy rights. Today, my office secured the largest settlement to date under the CCPA over Disney’s failure to stop selling and sharing the data of consumers that explicitly asked it to,” said Attorney General Bonta. “California’s nation-leading privacy law is clear: A consumer’s opt-out right applies wherever and however a business sells data — businesses can’t force people to go device-by-device or service-by-service. In California, asking a business to stop selling your data should not be complicated or cumbersome.”

The investigation found that each of the methods Disney provided had gaps that allowed Disney to continue to sell and share consumers’ data, including:

Opt-Out Toggles: If a user requested to opt-out of the sale or sharing of their data via an opt-out toggle in Disney’s websites and apps, Disney only applied the request to the specific streaming service the user was watching, and often only the specific device the consumer was using. This meant that in most instances, using the toggle would not stop selling or sharing from other devices or services connected to the consumer’s account.

Webform: If a user opted out using Disney’s webform, Disney only stopped the sharing of personal data through the company’s own advertising platform and offerings. However, Disney continued to sell and share consumer data with specific third-party ad-tech companies whose code Disney embedded in its websites and apps. Disney also failed to provide an in-app, opt-out method in many of its connected TV streaming apps, instead directing consumers to its webform, effectively leaving consumers with no way to stop Disney’s selling and sharing from these apps.

The Global Privacy Control: For consumers who opted out via the Global Privacy Control (GPC), Disney limited the request to the specific device the consumer was using, even when the consumer was logged into their account. The GPC is an easy-to-use ‘stop selling or sharing my data switch’ that is available on some internet browsers or as a browser extension.

About the California Consumer Protection Act

The CCPA has opened up a whole new world of privacy protection and increased privacy rights for California consumers, such as the right to know how businesses collect, share, and disclose their personal information. The CCPA vests California consumers with control over the personal information that businesses collect about them, including the right to request that businesses stop selling or sharing their personal information.

Today’s settlement represents the seventh enforcement action under the CCPA. The Attorney General’s office has also announced settlements with Sephora and DoorDash as well as mobile app gaming company, Jam City; streaming service, Sling TV; website publisher, Healthline.com; and entertainment company, Tilting Point Media. In order to monitor the businesses’ compliance with the CCPA, Attorney General Bonta has conducted investigative sweeps related to location data, streaming apps and devices, employee information, and surveillance pricing. 

Joseph McCafferty is editor & publisher of Compliance Chief 360.

The post Disney Settles ‘Opt-Out’ Privacy Case with California for $2.75 Million appeared first on Compliance Chief 360.

n today’s fast-paced business environment, regulatory compliance has become both more critical and more complex. Organizations are expected to maintain rigorous internal controls, ensure transparency, and respond swiftly to audits all while managing sprawling IT ecosystems and evolving risk landscapes.

Regulations like the Sarbanes-Oxley Act (SOX) demand companies adhere to strict financial reporting, information security, and auditing requirements. Yet many businesses still rely on manual processes and fragmented systems to meet these requirements. This approach is not only inefficient but also increases the risk of errors, omissions, and non-compliance.

As digital transformation accelerates, compliance teams are being asked to do more with less and the result is a widening gap between compliance obligations and operational capacity.

AI and Automation: Driving a Transformation

Artificial intelligence and automation technologies are emerging as powerful allies in the quest for smarter, more scalable compliance. These tools can streamline routine tasks while enhancing accuracy and provide real-time insights into control effectiveness.

Automation is particularly effective in handling repetitive, rules-based activities such as data collection and report generation. By reducing manual effort, it frees up compliance professionals to focus on strategic oversight and risk mitigation.

AI, on the other hand, brings intelligence into the equation. Machine learning algorithms can analyze vast datasets to detect anomalies, flag potential risks, and even predict future compliance issues. Natural language processing can extract insights from unstructured data, such as emails or policy documents, enabling more comprehensive monitoring.

Together, AI and automation are transforming compliance from a reactive, checklist-driven function into a proactive, intelligence-led discipline.

Continuous Compliance and Adaptive Controls

One of the most transformative shifts enabled by AI and automation is the move toward continuous compliance. Rather than relying on periodic audits or static control reviews, organizations can now monitor their control environments in real time.

This approach allows for faster detection of issues, quicker remediation, and more reliable assurance for stakeholders. It also aligns better with the dynamic nature of modern business, where risks can emerge and evolve rapidly.

Adaptive controls, powered by AI, take this a step further. These controls can adjust dynamically based on context, user behavior, or risk signals. For instance, if a user accesses sensitive financial data from an unfamiliar location, the system might require multi-factor authentication or temporarily restrict access until the activity is verified.

Such intelligent controls enhance security while maintaining operational flexibility, helping organizations strike the right balance between risk management and business agility.

Implementation Challenges and Considerations

While the benefits of AI and automation are clear, successful implementation requires thoughtful planning and execution. Organizations must ensure that these technologies are properly integrated into existing systems and workflows, and that they align with broader compliance strategies.

Data quality is a critical factor. AI models rely heavily on accurate, comprehensive inputs to deliver meaningful insights. Poor data hygiene can lead to false positives, missed risks, or misleading recommendations.

Regulatory alignment is another key consideration. As AI becomes more embedded in compliance processes, regulators are beginning to scrutinize its use. Companies must ensure that their AI-driven practices are transparent, explainable, and auditable. This includes documenting how models are trained, how decisions are made, and how outputs are validated.

Cultural change is also essential. Compliance teams may need to develop new skills as they adopt new tools and embrace new ways of working. Collaboration—with IT, cybersecurity, and business units—is vital to ensure that AI and automation initiatives are successful and sustainable.

Solutions for Cybersecurity and Compliance Leaders

To navigate this transformation effectively, organizations should focus on a few foundational strategies:

• Adopt AI-Integrated Platforms. Start with tools that work seamlessly with your ERP and IT systems to automate tasks and track regulatory change
• Automate Repetitive Tasks. Free up your compliance team by automating routine activities like data entry and control testing
• Stay Ahead of Regulatory Shifts. Use AI to anticipate changes and adjust your compliance strategies before an issue arises
• Build Transparent Audit Trails. Leverage AI to document compliance activities clearly, making audits smoother and more defensible
• Centralize Data for Collaboration. Ensure all departments work from the same source of truth to improve coordination and decision-making.

Cybersecurity vendors have a unique opportunity to support these efforts by offering solutions that combine automation, AI, and robust control frameworks. By helping clients modernize their compliance environments, vendors can deliver measurable value while strengthening trust and resilience.

AI is a Business Imperative

AI and automation are no longer emerging trends, they are strategic imperatives for organizations seeking to modernize compliance and internal control management. These technologies offer a path to greater efficiency, accuracy, and agility, enabling companies to meet regulatory demands while staying ahead of risk.

For cybersecurity companies, the opportunity lies in guiding clients through this transformation with scalable, transparent, and vendor-neutral solutions. By doing so, they can help build a future where compliance is not just a requirement, but a competitive advantage. 

Chris Radkowski is an SAP GRC expert at Pathlock, an identity security and governance platform. A recognized leader in access governance with over 20 years of experience driving innovation in enterprise security and compliance solutions, he brings deep expertise in application access governance, risk management and regulatory compliance.

The post Modernizing Compliance: How AI and Automation Are Reshaping Internal Controls appeared first on Compliance Chief 360.

his year, the compliance landscape is shifting on multiple fronts. Seven new U.S. state-level privacy laws are taking effect, the U.S. Department of Health and Human Services is proposing major changes to HIPAA—the most significant since 2013, and the EU AI Act is introducing sweeping new governance requirements for high-risk systems. For IT leaders, the pressure to prove compliance, not just claim it, has never been greater.

Yet, when asked about their organization’s compliance posture, most IT leaders respond with confidence. In The State of Business Email 2025 global study, 93 percent of respondents said they were confident in their compliance readiness. That’s the good news. The same study, however, found that fewer than half said they were very confident. That nuance matters, and it reveals a growing gap between perception and reality.

This widening gap is more than a confidence issue—it’s a structural risk. As regulations expand and new technologies like AI reshape how data is created and shared, IT teams must move beyond perceived security and toward enforceable, auditable control.

The Compliance Illusion

Modern IT environments are sprawling. Communication stacks are multiplying, data flows are increasingly decentralized, and AI-generated content is only adding to the complexity. It’s easy to conflate compliance with security and think that ticking the boxes for SOC 2, GDPR, HIPAA, and other compliance frameworks means a system is both compliant and secure. Yet good compliance doesn’t equal good security.

True security goes beyond compliance frameworks. It demands daily discipline: the ability to monitor and manage security controls across every tool, team, and touchpoint. Take the rise of generative AI, for example. It’s now easier than ever for staff to generate and send business-critical messages using nonstandard language, formats, or channels. Without clear oversight, even compliant systems can be undermined by how they’re used on a day-to-day basis.

Auditability is the New Baseline

In highly regulated sectors like finance, healthcare, and energy, auditability isn’t optional—it’s table stakes. That’s one reason email continues to play a vital role in compliance strategy. Unlike many instant messaging or project collaboration tools, email provides a structured, traceable, and universally adopted communication format.

According to The State of Business Email 2025 report, 82 percent of IT leaders say email remains the most important channel for communicating with external stakeholders, including clients, regulators, and partners. This isn’t just habit; it’s strategic. Email allows for retention, monitoring, and legal discovery at scale. But auditability doesn’t start and stop at the inbox. It must extend across the entire communication ecosystem, including how content is branded, archived, and governed—especially when teams operate across multiple tools and locations.

Automation Doesn’t Equal Control, Unless It’s Strategic

Many organizations are investing heavily in automation to streamline compliance tasks. That’s a good start. But automation without governance is like cruise control on a long road: helpful until the unexpected hits. True control means automating with intent—centralizing visibility, enforcing standardization, and eliminating shadow IT.

For example, IT leaders can deploy centralized, automated email signature platforms that not only unify branding but also ensure that legal disclaimers, footers, and regulatory notices are applied consistently, without relying on individual employees or departments. This kind of behind-the-scenes control reduces risk while lightening the manual workload on IT teams.

Bridging the Confidence Gap

So how do we move from email confidence to ensuring email trust control? First, we need to shift our mindset. Compliance isn’t a project; it’s a living discipline. It requires clarity around ownership, tools in use, and where data is stored and accessed.

Second, IT leaders must adopt a more rigorous approach to measurement. Instead of asking, “Are we compliant?” ask, “Can we prove the trustworthiness of our email compliance today?” That distinction is crucial when facing an audit, breach, or regulatory review.

Finally, prioritize solutions that provide both visibility, accountability and trustworthiness. Confidence alone does not guarantee security or compliance. Technologies that unify communication policies, monitor usage, and log changes in real time can transform compliance from a check-box exercise into a source of strategic strength to ensure all email communications adheres to compliance standards.

The Stakes Are Higher than Ever

In 2025, the stakes for compliance are higher than ever—financially, operationally, and reputationally. Feeling secure isn’t the same as being secure. To close the gap between confidence and control, IT leaders must rethink how compliance is measured, enforced, and maintained. The organizations that succeed won’t just stay out of trouble—they’ll be better equipped to adapt to whatever the next wave of regulation, innovation, or disruption brings. 

Cary Vidal is VP of IT at Exclaimer. Vidal has a proven track record of implementing robust security measures and safeguarding critical systems for organizations. He is passionate about ensuring data privacy and protecting against cyber threats.

The post Compliance Confidence vs. Control: Feeling Secure Isn’t Being Secure appeared first on Compliance Chief 360.

e have previously written about the impact of the pause in enforcement of the FCPA implemented by the Trump Administration on non-American companies.[1] Although the 180-day review period the Executive Order provided to the Department of Justice (“DOJ”) to develop new guidance for FCPA enforcement has not yet elapsed, several recent developments in the global anti-bribery and anti-corruption (“ABAC”) enforcement space warrant an update.

Updates from the United States

U.S. enforcement agencies have given mixed signals about their intentions for future FCPA enforcement.

Several recent decisions by the DOJ suggest that it does not intend to continue pursuing FCPA enforcement in the same way or to the same extent as it has historically. In addition to dropping the long-running bribery case against two former Cognizant executives in New Jersey,[2] the DOJ has closed its corruption investigation into Norwegian oil and gas company PetroNor,[3] dropped its inquiry into American medical device company Stryker relating to potential FCPA violations,[4] and moved to dismiss FCPA charges against American waste management company Stericycle several months before the expiration of its deferred prosecution agreement.[5] The DOJ has also terminated the two monitorships it imposed on Swiss commodity trading and mining company Glencore (one of which relates to Glencore’s conspiracy to violate the FCPA) in May 2022, [6] and ended a FCPA-related non-prosecution agreement with American chemicals manufacturing company Albermarle,[7] all more than a year earlier than they were set to conclude. Although the Executive Order pausing enforcement of the FCPA discussed “eliminating excessive barriers to American commerce abroad,” and stated a desire to reduce “overexpansive and unpredictable FCPA enforcement against American citizens and businesses,”[8] PetroNor and Glencore are not American companies. Closing the PetroNor investigation and ending Glencore’s FCPA monitorship early could suggest a more general intention to limit FCPA enforcement instead of focusing on enforcement against non-American companies as the wording of the Executive Order suggested may be possible.

In addition to dropping existing cases and monitorships, the DOJ is also considering budget cuts that could affect investigations involving foreign defendants, witnesses, and evidence – as many FCPA cases do. In a recent memo, Deputy Attorney General Todd Blanche suggested that there would be personnel cuts at the Office of International Affairs (“OIA”).[9] OIA is responsible for international extraditions and mutual legal assistance, services relied upon by the FCPA Unit to build and prosecute its cases.

While these moves tend to suggest that the DOJ’s focus on foreign bribery will be more limited moving forward, the DOJ has also indicated that it intends to proceed with several other, already-filed cases. As a result, it is premature to conclude that the DOJ is retreating from FCPA enforcement entirely. Relatedly, it is also difficult to discern any definitive common threads that distinguish the cases the DOJ is continuing to pursue from those it has dropped, making it difficult to predict the strategy for FCPA enforcement going forward. The cases moving forward are against both American and non-American individuals and they include:

• A case against two executives of UK-based voting machine company Smartmatic and a Philippines election official. The DOJ alleges that the Smartmatic executives conspired to pay more than $1 million in bribes to the election official in exchange for contracts for Smartmatic to supply voting machines and services for the Philippines’ 2016 elections.[10]
• A case against a former Corsa Coal executive, who the DOJ accuses of participating in a scheme to bribe Egyptian officials to win coal contracts worth $143 million between 2016 and 2020.[11]
• A case against three individuals for allegedly bribing government officials in exchange for contracts to provide uniforms and other goods to the Honduran National Police.[12]

On May 12, 2025, the DOJ’s Criminal Division published a memorandum setting out its white-collar enforcement priorities and announcing changes to its approach to investigations and prosecutions (the “Galeotti Memo”).[13]  The Galeotti Memo provides further clues about the future of potential FCPA investigations and enforcement in the Trump Administration. Specifically, the Galeotti Memo states that the DOJ will prioritize investigating and prosecuting bribery and related money laundering that “impact U.S. national interests, undermine U.S. national security, harm the competitiveness of U.S. businesses, and enrich foreign corrupt officials.” Though it acknowledges that conducting cross-border investigations (as most bribery investigations are) is time-intensive, the Galeotti Memo emphasizes the need for “efficient” investigations, with the DOJ now requiring prosecutors to investigate and make charging decisions expeditiously. Additionally, moving forward, independent compliance monitors – often imposed in the past in resolutions of FCPA enforcement – will be imposed only when truly necessary for a company to implement a compliance program or prevent a recurrence of misconduct. To the extent monitors are imposed going forward, their scope will be narrowly tailored.[14]

On the Securities and Exchange Commission (“SEC”) side, the Chief and Deputy Chief of the SEC’s FCPA Unit have recently retired,[15] and the SEC has informed multiple defense counsel that it has paused FCPA investigations until further guidance is issued by the Trump Administration pursuant to the Executive Order. These developments come on the heels of then-Acting Deputy Director of the SEC’s Enforcement Division Antonia Apps’s comment at a recent speaking engagement that the SEC was “obviously going to follow the lead of the DOJ” with respect to FCPA enforcement.[16] At the same time, Apps noted that the SEC intends to decline to bring cases more frequently where companies have self-reported, cooperated, and/or remediated their compliance programs.

While these updates and statements seem to suggest a reduction in FCPA enforcement by the SEC going forward, it has not entirely backed away from the FCPA. On April 10, 2025, the SEC filed a motion to reopen a civil FCPA case against two former Cognizant executives (despite the DOJ having earlier decided to drop criminal charges) and issue a stay to allow the parties to “explore a potential resolution.”[17]

The Trump Administration’s approach to FCPA enforcement therefore remains unclear. DOJ’s review of FCPA enforcement is ongoing, and its outcome, which is presently unknown, will determine whether and how the statute will be enforced during the Trump Administration. However, absent an actual repeal of the law, future administrations could reverse enforcement policy decisions the Trump Administration makes and aggressively investigate FCPA violations, including conduct occurring that occurred during the Trump Administration that falls within the five-year statute of limitations. Notably, enforcement at the state level also remains a risk for parties engaged in foreign bribery: California’s Attorney General has announced his intention to prosecute bribery under state law and Manhattan’s District Attorney has indicated that he is considering how his office can step into the void created by the DOJ’s retreat from certain enforcement areas, including FCPA.[18]

Updates in the United Kingdom and Europe

Outside the U.S., the wind is blowing in a clearer direction. On 20 March 2025, enforcement authorities in the UK, France, and Switzerland announced the creation of a new International Anti-Corruption Prosecutorial Taskforce (the “Taskforce”) to strengthen collaboration between these countries.[19] The Taskforce consists of the UK’s Serious Fraud Office (“SFO”), France’s National Financial Prosecutor’s Office (“PNF”), and the Office of the Attorney General of Switzerland (“OAG”). These agencies are no strangers to collaboration, both amongst themselves and with the U.S. For example, as noted by PNF director Jean-François Bohnert, the PNF has assisted the OAG with 89 requests for mutual legal assistance in criminal matters since the agency was created in 2014.[20] Further, both the SFO and OAG were credited with assisting the U.S. with its bribery investigation into Glencore.[21] The Taskforce’s creation represents the SFO’s, PNF’s, and OAG’s intention to continue coordinating, with or without the U.S.

The Taskforce’s Founding Statement acknowledges “the significant threat of bribery and corruption and the severe harm that it causes” and promises that the members will “stand firm in our commitment to tackle this threat within the national and international legal frameworks.”[22] The Taskforce will deliver a “Leaders’ Group focused on the regular exchange of insight and strategy,” a “Working Group, for the purpose of devising proposals for co-operation on cases,” and increased “best practice” intelligence sharing between the three agencies to fully utilize the expertise of each. The Taskforce also intends to invite “other like-minded agencies” to join it,[23] with Bohnert recently stating that the DOJ, as well as other agencies in Europe, Latin America and the Western hemisphere more generally, would be welcome to join.[24] Despite the timing of the announcement and the somewhat pointed language in its Founding Statement, the Taskforce’s creation was, according to SFO Director Nick Ephgrave, “in no way a reaction to” the Trump Administration’s FCPA enforcement pause.[25] Nevertheless, the enforcement vacuum caused by the abrupt cessation of DOJ investigations undeniably creates an opportunity for jurisdictions like the UK, France, and Switzerland to drive global ABAC enforcement going forward. Indeed, Ephgrave has noted that the SFO is currently evaluating the long-term impact of the enforcement pause on the agency, and “actively seeing if there are opportunities where we can pick up investigations in this country,”[26] while the PNF recently added to its credentials a successful prosecution against two SPIE Group companies and two senior managers for bribing an Indonesian public official.[27]

Speaking ahead of the Taskforce’s public announcement, Ephgrave reiterated that the potential use of financial payments to reward whistleblowers (first stated as an SFO policy aim in February 2024) would continue to be on the UK’s agenda, and the recently published SFO Annual Business Plan for 2025-26 (the “ABP”) explicitly references “whistleblower incentive reform.”[28] Ephgrave once again credited the U.S.’s “really well-established system of [whistleblower] incentivisation” as one of the reasons for the U.S.’s historic success in international bribery and corruption intelligence gathering, asserting that 700 UK whistleblowers have gone to the U.S. with tip-offs in the last decade.[29] Speaking at a recent event in London, Ephgrave highlighted whistleblower incentivization as the key reform he wants to implement during his tenure, calling it a “game changer for [UK] intelligence.”[30] This reform looks increasingly likely, with the UK Home Office commissioning an independent report which will consider “incentives for criminal fraud networks informants and whistleblowers”.[31] By introducing financial incentives and stronger channels for whistleblower reports, the UK could generate significantly more leads regarding potential breaches of the UK Bribery Act to investigate. The U.S. has a number of whistleblower incentive programs which have yielded success in recent years. For example, the SEC’s Whistleblower Program received 557 FCPA-related reports during the 2024 financial year, up from 237 in the previous year.[32] The Swiss Attorney General Stefan Blättler has also expressed an appetite for increasing whistleblowing, announcing that he would discuss whistleblower incentivization with both the Swiss parliament and public.[33]

As foreshadowed in the ABP, the SFO has also launched new corporate cooperation guidance (the “Guidance”),[34] to reverse what Ephgrave characterizes as a “slight drop off” in the number of companies self-reporting wrongdoing.[35] The Guidance emphasizes that the SFO will seek to negotiate deferred prosecution agreements with (and not prosecute) companies which promptly self-report wrongdoing to, and cooperate fully with, the SFO “unless exceptional circumstances apply”.[36] Ephgrave hopes that the Guidance, along with strengthened covert surveillance capabilities (another priority set out in the ABP), will give the SFO more control over its referral pipeline and “invigorate or provoke” more self-reports from companies.[37] The SFO also recently announced that it had signed a memorandum of understanding with Indonesia’s Corruption Eradication Commission in an attempt to “refresh [its] relationship” with the country’s main anti-corruption enforcer.[38]

In addition to these moves by the SFO, the UK’s National Crime Agency (“NCA”) intends to increase its foreign bribery caseload, according to NCA senior manager David Liebscher.[39] The NCA currently has seven foreign bribery cases before the UK courts,[40] and has had success in this space in recent years, having achieved the conviction of the former chief of staff to the president of Madagascar for bribery in February 2024.[41] In remarks that chimed with Ephgrave’s commentary and efforts around increasing reports to law enforcement, Liebscher also suggested that the UK’s current corruption reporting framework, with 39 possible channels, is overly complex and a “barrier” to reporting misconduct.[42] Liebscher’s statements, taken together with the developments at the SFO,  indicate a renewed interest in proactive Bribery Act enforcement in the UK.

In the EU, trilogue negotiations between the European Commission, the European Council, and the European Parliament commenced in February 2025 to finalize the EU’s proposed Directive on combatting corruption (the “Directive,” initially unveiled in May 2023). The Directive aims to harmonize corruption offences and sanctions across the EU. Currently, all 27 EU Member States are signatories to the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, which requires acceding states to implement “such measures as may be necessary” to establish the various offenses it sets out (i.e., in relation to the bribery of foreign public officials).[43] However, each Member State has typically adopted its own set of laws to combat corruption, creating a series of fragmented standards that can be easily exploited, with it being reported that the EU loses approximately EUR 990 billion to corruption each year.[44] If adopted in its current form,[45] the Directive will require Member States to introduce a number of specified corruption offences (including domestic and foreign bribery, misappropriation, trading in influence, abuse of functions and obstruction of justice) into their national laws. The Directive will also introduce corporate criminal liability, which will apply where a lack of supervision by a person in a leadership position results in the commission of an offence set out in the Directive.[46] Ultimately, the Directive will allow for greater cross-border cooperation between Member States in investigating and prosecuting corruption.

Looking Ahead

Though the future of U.S. FCPA enforcement, at least for the remainder of the Trump Administration, remains uncertain, the consensus on the other side of the Atlantic is clear: ABAC enforcement remains a priority, and European and British enforcement agencies see the opportunity to lead the charge as the U.S. deprioritizes FCPA enforcement.  

Authored by several attorneys from the law firm King & Spalding in the United States and Europe.

FOOTNOTES:

[1] Brandt Leibe, Aaron Stephens, Grant Nichols, and Margaret Nettesheim, “How does the Trump FCPA pause change the landscape for non-American companies?”, Global Investigations Review (Feb. 28, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/how-does-the-trump-fcpa-pause-change-the-landscape-non-american-companies.

[2] Motion to Dismiss, United States v. Gordon Cobum and Steven Schwartz Case No. 2:19-cr-00120 (MEF) (Apr. 1, 2025), https://files.lbr.cloud/public/202504/1034%20Cognizant%20motion%20to%20dismiss.pdf?VersionId=9oS.IXOYr7X69W5FEHrNOOYdNmxUZMRb.

[3] Press Release, PetroNor E&P ASA, The U.S. Department of Justice closes its investigation (Apr. 1, 2025), https://petronorep.com/media/jcwltjui/20250402-pnor-investigation-update.pdf.

[4] Stryker Corporation, Form 10-Q (May 2, 2025), https://files.lbr.cloud/public/2025-05/20250502%20-%2010Q%20-%20SYK%20-%20Quarterly%20Report%20-%2028%20pages.pdf?VersionId=cdAGcFWYekWHgT.5u9US2elj0XQcCoM6.

[5] Motion to Dismiss, United States v. Stericycle, Inc. Case No. 22-CR-20156-MOORE (Apr. 21, 2025), https://files.lbr.cloud/public/202504/21%20%20DOJ%20motion%20to%20dismiss%20Stericycle%20DPA%2021%20April%202025.pdf?VersionId=AqQp5fCVxd6Kw7MHh1EnfwQVQaR.G3BP.

[6] Consent Motion to Modify Conditions of Probation, United States v. Glencore International A.G. Case No. 1:22-cr-00297 (LGS) (Mar. 20, 2025), https://assets.law360news.com/2314000/2314349/new%20york%20memo.pdf;  Government’s Notice Concerning Defendant’s Monitor, United States v. Glencore Ltd. Case No. 3:22-cr-00071 (SVN), https://assets.law360news.com/2314000/2314349/connecticut%20notice.pdf.

[7] Albemarle Corporation Form 10-Q (Apr. 30, 2025), https://d6jxgaftxvagq.cloudfront.net/Uploads/u/y/z/albemarle10q_166543.pdf.

[8] Exec. Order, Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security (Feb. 10, 2025), https://www.whitehouse.gov/presidential-actions/2025/02/pausing-foreign-corrupt-practices-act-enforcement-to-further-american-economic-and-national-security/.

[9] See Gaspard Le Dem, “Cuts to DOJ’s international affairs office would slow cases ‘across the board’”, Global Investigations Review (Mar. 31, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/cuts-dojs-international-affairs-office-would-slow-cases-across-the-board.

[10] Notice of Authorization to Proceed, Untied States v. Juan Andres Donato Bautista, Roger Alejandro Pinate Martinez, Jorge Miguel Vasquez and Ellie Moreno Case No. 24-CR-20343-WILLIAMS (Apr. 9, 2025), https://files.lbr.cloud/public/2025-04/S.D.%20Fla.%2024-cr-20343%20dckt%20000135_000%20filed%202025-04-09.pdf?VersionId=1MOPwxhmwNPB2rcfDa_Fm3S.xmAhq4eV.

[11] Government’s Notice of Authorization to Proceed, United States v. Charles Hunter Hobson Case No. 2:22-CR-86 (Apr. 11, 2025), https://files.lbr.cloud/public/2025-04/US%20v%20Charles%20Hunter%20Hobson%20Govt%20motion%20to%20proceed%2011%20April%202025.pdf?VersionId=HswogHlEFABzL56Wp2sAsFHJYIzRPpxE.

[12] Government’s Notice of Authorization to Proceed, United States v. Carl Alan Zaglin, Aldo Nestor Marchena and Francisco Roberto Cosenza Centeno Case No. 23-20454-CR-BECERRA (Apr. 11, 2025), https://files.lbr.cloud/public/2025-04/US%20v%20Zaglin%20et%20al%20Govt%20motion%20to%20proceed%2011%20April%202025.pdf?VersionId=TaFwJajV1LUAvSBPqmkBMx7SSOSIqWEf.

[13] DOJ Criminal Division, “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime” (May 12, 2025), https://www.justice.gov/criminal/media/1400046/dl?inline.

[14] The DOJ has separately issued a new monitor selection memorandum clarifying the factors that prosecutors must consider when determining whether a monitor is appropriate. DOJ Criminal Division, “Memorandum on Selection of Monitors in Criminal Division Matters” (May 12, 2025), https://www.justice.gov/criminal/media/1400036/dl?inline.

[15] See Gaspard Le Dem, “SEC’s FCPA chief, top deputy retire”, Global Investigations Review (Apr. 1, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/secs-fcpa-chief-top-deputy-retire.

[16] See Gaspard Le Dem, “SEC will ‘follow the lead’ of DOJ on FCPA enforcement, official says”, Global Investigations Review (Mar. 5, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/sec-will-follow-the-lead-of-doj-fcpa-enforcement-official-says.

[17] Motion to Restore Case, S.E.C. v. Coburn, et al., Civil No. 2:19-cv-05820-MCA-MAH (Apr. 10, 2025), https://files.lbr.cloud/public/2025-04/76%20-%20SEC%20asks%20to%20reopen%20Cognizant%20docket.pdf?VersionId=8A..7PjQ88Akv2tvAEarIVkJvt5n8CEO.

[18] Press Release, California Attorney General Rob Bonta, Attorney General Bonta Alerts Businesses: It Remains Illegal to Bribe Foreign-Government Officials (Apr. 2, 2025), https://oag.ca.gov/news/press-releases/attorney-general-bonta-alerts-businesses-it-remains-illegal-bribe-foreign; Estelle Atkinson, “Manhattan state prosecutor looking to fill enforcement void left by DOJ”, Global Investigations Review (Apr. 15, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/manhattan-state-prosecutor-looking-fill-enforcement-void-left-doj.

[19] International Anti-Corruption Prosecutorial Taskforce Founding Statement (Mar. 20, 2025), https://assets.publishing.service.gov.uk/media/67dc0bb3931ea30d1b7ee33d/International_Anti-Corruption_Prosecutorial_Taskforce.pdf.

[20] See Ana de Liz, “UK, French, Swiss agencies set up new anti-corruption task force”, Global Investigations Review (Mar. 20, 2025), https://globalinvestigationsreview.com/article/uk-french-swiss-white-collar-agencies-set-new-anti-corruption-task-force.

[21] Press Release, U.S. Department of Justice, Glencore Entered Guilty Pleas to Foreign Bribery and Market Manipulation Schemes (May 24, 2022), https://www.justice.gov/archives/opa/pr/glencore-entered-guilty-pleas-foreign-bribery-and-market-manipulation-schemes.

[22] International Anti-Corruption Prosecutorial Taskforce Founding Statement (Mar. 20, 2025), https://assets.publishing.service.gov.uk/media/67dc0bb3931ea30d1b7ee33d/International_Anti-Corruption_Prosecutorial_Taskforce.pdf.

[23] Id.

[24] See Austin Cope, “PNF director: international anti-corruption task force will treat companies equally”, Global Investigations Review (May 7, 2025), https://globalinvestigationsreview.com/just-anti-corruption/article/pnf-director-international-anti-corruption-task-force-will-treat-companies-equally.

[25] See Ana de Liz, “UK, French, Swiss agencies set up new anti-corruption task force”, Global Investigations Review (Mar. 20, 2025), https://globalinvestigationsreview.com/article/uk-french-swiss-white-collar-agencies-set-new-anti-corruption-task-force.

[26] See Malavika Devaya, “’Look at me as the Mikhail Gorbachev of the SFO’: Nick Ephgrave”, Global Investigations Review (Apr. 24, 2025), https://globalinvestigationsreview.com/article/look-me-the-mikhail-gorbachev-of-the-sfo-nick-ephgrave.

[27] See Grace Propheta, “SPIE fined, executives handed prison time over Indonesia police bribes”, Global Investigations Review (May 13, 2025), https://globalinvestigationsreview.com/article/spie-fined-executives-handed-prison-time-over-indonesia-police-bribes?utm_source=SPIE%2Bfined%252C%2Bexecutives%2Bhanded%2Bprison%2Btime%2Bover%2BIndonesia%2Bpolice%2Bbribes&utm_medium=email&utm_campaign=GIR%2BAlerts.

[28] SFO Business Plan 2025-26, https://assets.publishing.service.gov.uk/media/67ee4e86199d1cd55b48c6e8/SFO_2025-26__Business_Plan.pdf.

[29] See Ana de Liz, “UK, French, Swiss agencies set up new anti-corruption task force”, Global Investigations Review (Mar. 20, 2025), https://globalinvestigationsreview.com/article/uk-french-swiss-white-collar-agencies-set-new-anti-corruption-task-force.

[30] Daisy Eastlake, “Whistleblowers could reap rewards for exposing fraud”, The Times (Apr. 25, 2025).

[31] Id.

[32] SEC Annual Report to Congress for Fiscal Year 2024, https://www.sec.gov/files/fy24-annual-whistleblower-report.pdf.

[33] See Ana de Liz, “UK, French, Swiss agencies set up new anti-corruption task force”, Global Investigations Review (Mar. 20, 2025), https://globalinvestigationsreview.com/article/uk-french-swiss-white-collar-agencies-set-new-anti-corruption-task-force.

[34] SFO Corporate Guidance (Apr. 24, 2025), https://www.gov.uk/government/publications/sfo-corporate-guidance/sfo-corporate-guidance.

[35] See Ana de Liz, “SFO announces new five-year plan”, Global Investigations Review (Apr. 18, 2025) https://globalinvestigationsreview.com/article/sfo-aims-revive-corporate-cooperation?utm_source=SFO%2Baims%2Bto%2Brevive%2Bcorporate%2Bcooperation&utm_medium=email&utm_campaign=GIR%2BAlerts.

[36] SFO Corporate Guidance (Apr. 24, 2025), https://www.gov.uk/government/publications/sfo-corporate-guidance/sfo-corporate-guidance.

[37] Id.

[38] Id.

[39] See Ana de Liz, “NCA wants to bulk up foreign bribery caseload”, Global Investigations Review (Apr. 24, 2025), https://globalinvestigationsreview.com/article/nca-wants-bulk-foreign-bribery-caseload?utm_source=%25E2%2580%259CLook%2Bat%2Bme%2Bas%2Bthe%2BMikhail%2BGorbachev%2Bof%2Bthe%2BSFO%25E2%2580%259D%253A%2BNick%2BEphgrave&utm_medium=email&utm_campaign=GIR%2BAlerts.

[40] Id.

[41] See Ana de Liz, “Former Madagascar chief of staff found guilty of bribery”, Global Investigations Review (Feb. 20, 2024), https://globalinvestigationsreview.com/article/former-madagascar-chief-of-staff-found-guilty-of-bribery.

[42] See Ana de Liz, “NCA wants to bulk up foreign bribery caseload”, Global Investigations Review (Apr. 24, 2025), https://globalinvestigationsreview.com/article/nca-wants-bulk-foreign-bribery-caseload?utm_source=%25E2%2580%259CLook%2Bat%2Bme%2Bas%2Bthe%2BMikhail%2BGorbachev%2Bof%2Bthe%2BSFO%25E2%2580%259D%253A%2BNick%2BEphgrave&utm_medium=email&utm_campaign=GIR%2BAlerts.

[43] OECD, Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, OECD/LEGAL/0293, https://legalinstruments.oecd.org/public/doc/205/205.en.pdf.

[44] European Commission, High-risk areas of corruption in the EU: A mapping and in-depth analysis (Nov. 4, 2024) at page 9, https://op.europa.eu/fr/publication-detail/-/publication/5c0730b2-9769-11ef-a130-01aa75ed71a1/language-en.

[45] Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on combating corruption, replacing Council Framework Decision 2003/568/JHA and the Convention on the fight against corruption involving officials of the European Communities or officials of Member States of the European Union and amending Directive (EU) 2017/1371 of the European Parliament and of the Council (May 3, 2023), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2023:234:FIN.

[46] Id.

The post Anti-Bribery and Anti-Corruption Enforcement post-FCPA Pause appeared first on Compliance Chief 360.

magine driving on a constantly changing highway: the speed limits and lane directions are shifting and updating, the exit ramps and destinations rerouting, all while you are mid-journey. How do you, the driver, stay on course? You rely on an up-to-the-minute navigation system. You watch for new road signs. And you drive defensively to avoid collisions.

Today’s regulatory landscape shifts frequently, seemingly on an almost daily basis. This dynamic environment is characterized by unprecedented velocity and complexity as new legislation emerges, enforcement priorities pivot like sudden detours, and technological advancements create novel risks of unexpected road hazards.

Compliance leaders are the vigilant drivers on this ever-changing highway, actively seeking counsel, staying abreast of new regulations, and engaging in preemptive risk management. This demanding, unpredictable terrain requires more than a periodic compliance tune-up; compliance programs must receive constant attention to operate at peak performance in this dynamic environment.

Mapping the Original Routes: The Advent of U.S. Regulation

Business regulation in the United States has been around since nearly the dawn of the country, of course, but its scope, focus, and intensity have evolved significantly since then.

The first major regulatory agency, the Interstate Commerce Commission (ICC), dates back to 1887 amid the rise of large industries and concerns about monopolies and safety. Economic regulation was the focus then, and the ICC was created primarily to regulate the railroad industry. President Franklin D. Roosevelt vastly expanded the federal regulatory apparatus in the wake of the Great Depression. New agencies were created to oversee banking (FDIC), securities (SEC), labor relations (NLRB), and communications (FCC), effectively paving new regulatory roads. The rapid growth of federal agencies during the New Deal led to the Administrative Procedure Act of 1946, which was enacted to bring order, uniformity, fairness, and accountability to the burgeoning federal administrative state, establishing standardized road rules for regulators.

The Wave of Social and Safety Regulations. The 1960s and 1970s gave rise to a new wave of agencies, like the Environmental Protection Agency (EPA), the Occupational Safety and Health Administration (OSHA), and the Consumer Product Safety Commission (CPSC), which focused on broader societal goals. These agencies often set standards for business operations, moving beyond purely economic controls and adding new types of safety lanes and environmental considerations to the compliance map.

Navigating Regulatory Cycles: From Cruise Control to Heavy Traffic. The regulatory environment has oscillated since the 1980s. Major financial crises and corporate scandals tend to trigger periods of heavier regulation—imagine sudden traffic jams and new toll booths—often followed by periods of deregulation and burden reduction driven by inefficiency concerns. This cyclical pattern has become more pronounced and faster in recent decades.

Today’s High-Speed, Multi-Lane Mayhem

Today’s regulatory landscape is unique and characterized by unprecedented complexity, stemming from interconnected factors.

The Global Expressway and Tech-Driven Detours. Regulation was once primarily national and driven by industrialization and economic crises. Now it is intensely global, interconnected, and touches on broader societal issues. Rapid technological advancements, particularly in artificial intelligence, data analytics, and digital finance, create novel risks and ethical considerations that necessitate new rules of the road for privacy, cybersecurity, and market conduct. Regulators struggle to keep pace, leading to reactive rulemaking, which results in poorly marked lanes, sudden regulatory potholes, or regulations that quickly become outdated before the asphalt even dries.

Geopolitical Junctions and ESG Overpasses. Geopolitical events like conflicts, trade disputes, or shifting alliances trigger immediate regulatory responses, particularly concerning sanctions, tariffs, and export controls, forcing abrupt rerouting. Mounting societal and investor pressure, especially concerning Environmental, Social, and Governance (ESG) criteria, drives demand for greater corporate transparency and accountability. This adds new lanes and destinations to the compliance map beyond traditional financial and operational rules.

Exiting to Variable-Speed State Routes. Increasingly, states are implementing their own regulations in areas like data privacy and environmental standards. This creates a complex patchwork of requirements, like navigating a series of local roads with differing speed limits after exiting the federal highway. These regulations can vary significantly across state lines, complicating compliance for companies operating nationwide and requiring drivers to adjust their speed and awareness.

The Whiplash Effect. Heightened political volatility is responsible for the pace and volume of change. Major regulatory shifts historically occurred over decades. Today, significant changes can happen rapidly, driven by executive actions, geopolitical events, or swift legislative responses. Political changes bring new enforcement priorities and legislative agendas. Rules implemented by one administration may be quickly frozen, reviewed, or repealed by the next. This “regulatory whiplash” created by frequent and intense policy reversals creates a far more uncertain operating environment that forces companies to constantly slam on the brakes or accelerate unexpectedly, making smooth navigation nearly impossible.

The Breakdown Lane: Why Periodic Inspections Aren’t Enough

How can companies avoid breakdowns while driving through this demanding, unpredictable terrain? They must adopt a continuous evaluation mindset rather than conducting backward-looking, periodic assessments of compliance programs.

A reactive approach to compliance is insufficient. Periodic reviews often focus on identifying past failures or existing gaps. They are not designed to proactively identify and mitigate emerging threats before they materialize into significant compliance issues.

Furthermore, concentrating evaluation efforts into discrete periods can create significant resource demands, potentially pulling focus from day-to-day compliance operations. And while accurate for a specific point in time, the findings can quickly become outdated. By the time a periodic review is completed, the risks it assessed may have evolved, or new, more pressing risks may have emerged. This can lead to a false sense of security for businesses. A “clean” report from a periodic review might mask underlying vulnerabilities that have developed since the review period or were outside its specific scope. Business leaders must therefore proactively identify and mitigate emerging threats before they materialize into significant compliance issues.

Think of your vehicle’s engine again. An annual inspection might confirm it met standards last year, but it won’t detect a slow leak that started last month or predict a component failure likely to occur next week due to recent heavy usage on rough roads.

The High-Performance Engine: Embracing Continuous Compliance Monitoring

Continuous evaluation moves beyond the static snapshot. It involves embedding monitoring, feedback, and adaptation into the compliance program’s daily fabric. This approach treats the compliance program not as a fixed structure to be occasionally inspected but as a living system that must constantly adapt to its environment, much like a modern vehicle with adaptive cruise control and lane-keep assist.

Adopting a continuous evaluation mindset yields significant advantages:

• Early Hazard Detection: Compliance professionals can identify potential issues and emerging risks much sooner, allowing for timely intervention and mitigation before they escalate into major accidents.
• Enhanced Agility: It enhances adaptability and enables the compliance program to flex and adjust rapidly to regulatory or business environment changes, like smoothly changing lanes in shifting traffic.
• Optimized Resource Allocation: It allows for a more consistent and targeted allocation of compliance resources towards the most pressing current risks, rather than cyclical surges of reactive maintenance.
• Demonstrable Diligence: It provides ongoing evidence to regulators, auditors, and government investigators that the compliance program is actively managed, responsive, and effective in mitigating risk, like having a clean driving record and well-maintained vehicle logs.
• Fostering a Proactive Culture: It promotes a culture where compliance awareness and feedback are ongoing processes, not just annual events, making every employee a co-pilot in vigilance.

Upgrading Your Compliance Vehicle: Implementing Continuous Evaluation

 Implementing a continuous evaluation framework requires a shift in mindset and potentially investment in technology and skills. It necessitates moving away from purely reactive, audit-driven checks towards proactive, data-informed monitoring. Key steps include:

• Leadership Buy-in: Secure commitment from senior management, emphasizing the strategic value of proactive compliance risk management as an essential vehicle safety feature, not just a cost.
• Technology Enablement: Identify and leverage appropriate tools for data aggregation, analytics, monitoring, and regulatory intelligence gathering. This means investing in an advanced “cockpit” with real-time “dashboard telemetry” (data analytics platforms) and a constantly updating “GPS” (AI-powered horizon scanners and regulatory update services) to see around the next bend and anticipate merging traffic or road closures.
• Data Integration: Break down silos to ensure relevant data from across the organization feeds into the compliance monitoring process, like ensuring all vehicle sensors report to the central computer.
• Skill Development: Train and equip compliance teams with the skills needed for data analysis, trend spotting, and interpreting diverse feedback sources, turning them into expert navigators.
• Phased Implementation: Start by focusing on high-risk areas and gradually expand the continuous monitoring approach across the program, like mastering local routes before embarking on a cross-country journey.

Driving Towards a Resilient Future: The Road Ahead

The pace of regulatory change shows no signs of slowing down or becoming less complex. For compliance programs to remain effective guardians of organizational integrity and value, they must evolve beyond periodic check-ups. Like maintaining a high-performance engine for a demanding journey, continuous monitoring, regular feedback, and agile adjustments are essential. By embracing a continuous evaluation model, compliance professionals can move from simply reacting to the past to proactively navigating the complexities of the present and preparing for the uncertainties of the future, ensuring their programs are not just compliant on paper but resilient in practice, ready for any road, any condition.  

Kristin B. Johnson (kristin.johnson@woodsrogers.com) is an attorney in the Government & Special Investigations Practice at the Virginia law firm Woods Rogers.

The post Maintenance Checks Required: Navigating the Chaotic Compliance Highway appeared first on Compliance Chief 360.

This announcement comes weeks after Commissioners Summer Mersinger and Christy Goldsmith Romero announced that they intend to leave the agency by the end of the month. As a result of these announcements and the departure of former Chairman Rostin Behnam earlier this year, only acting Chair Caroline Pham remains.

While Pham remains at the CFTC, she does not intend to do so for too much longer, either. Pham has made it known that once Trump’s nominee for CFTC chair, Brian Quintenz, is confirmed, she will immediately leave the agency.

As a result of the CFTC’s significant vacancies, many expect and are preparing for disorder. Sharon Bowen, an ex-CFTC commissioner stated that when she departed the agency in 2017, it was mostly due to her experience under a two-member commission. “Having just two commissioners makes routine business difficult, but makes important policy decisions almost impossible,” Bowen said. “Without a full complement of commissioners to consider the far-reaching implications of our decisions, we are frozen in place while the markets we regulate are moving faster every day.”

However, CFTC spokesperson, Taylor Foy, said in a statement that the agency can still operate and function effectively regardless of its commissioner vacancies. “Vacancies do not impact the commission’s ability to vote on agency matters or the day-to-day work of CFTC divisions,” Foy said, per the report.

 Johnson was most notably nominated during the Biden administration. Now that she has completed her three-year term as commissioner at the CFTC, Johnson believes it is time to step away from the role and pursue new opportunities yet to be specified.

With only Commissioner Pham remaining, there are some legal contentions that may be implicated in a situation in which the CFTC is comprised of one member. Many believe that having one member to set forth an agenda can pose issues under the government’s checks and balances system. However, with Pham’s inevitable departure incoming, it is difficult to see if such contentions will be brought.  

The post CFTC’s Johnson to Depart, Leaving Just One Commissioner appeared first on Compliance Chief 360.

Atkins published a few initial potential questions to be raised at the roundtable in determining whether the CEO compensation rules are not only cost-effective but also necessary for the purpose of providing information that will enable investors to make informed investment decisions.

“While it is undisputed that these requirements, and the resulting disclosure, have become increasingly complex and lengthy, it is less clear if the increased complexity and length have provided investors with additional information that is material to their investment and voting decisions,” Atkins said in a statement.

Among Atkins proposed questions, was the chair’s inquiry into the “pay-versus-performance” and “bonus claw back” rules that were recently adopted by the SEC in 2022. The “pay-versus-performance” rule ultimately requires public companies to disclose in a clear manner the relationship between the executive compensation actually paid by the company and the financial performance of the company itself. Meanwhile, the “bonus claw back” rules originally require companies to adopt policies that require executive officers to pay back incentive-based compensation that they were awarded erroneously.

This announcement comes at a time when the agency has demonstrated a shift toward reducing regulatory enforcement, in line with the priorities set by the Trump administration “The SEC, in its regulatory capacity, is tasked to balance investor protection with promoting capital formation and market efficiency,” according to Atkins. “In years past, the commission has unfortunately demonstrated a tendency to prioritize regulatory expansion over meticulous economic analysis, potentially jeopardizing this delicate balance.”

Since President Trump took office, the SEC has largely ceased pursuing high-profile cases against companies within its jurisdiction and has released staff-level statements suggesting that meme coins and certain crypto mining activities fall outside its regulatory scope.

Regulatory Rollbacks Draw Criticism

While many are in support of deregulation, many have expressed their opposition to it. SEC Commissioner, Caroline Crenshaw, believes that such deregulation may pave a path for a crisis similar to the financial crisis that occurred in 2008. It feels all too familiar to those of us who have lived through 2008,” Crenshaw warned, quoting a report from an independent commission that found that the 2008 crisis was preventable and that “the public stewards of our financial system ignored warnings and failed to question, understand, and manage evolving risks.”

“After a crisis happens, the first thing people ask is, ‘How could this have happened?’ And, more specifically, ‘Where were the regulators?” Crenshaw said. “But before a crisis happens, everyone demands that regulators get out of their way. I don’t want us to suffer the same fate.”

While Atkins has yet to respond to such comments, it is almost certain the agency will address such issues at its incoming roundtable meeting. The roundtable will be open to the public and held at the SEC’s headquarters. The discussion will be streamed live on the SEC website and a recording will be posted at a later date.

The post SEC to Revisit Executive Pay Disclosure Rules appeared first on Compliance Chief 360.

According to the parties’ joint status report, the CFPB renounced an order that initially directed the agency to oversee Google’s payment division. The status report additionally included that Google Payment agreed to drop its lawsuit against the CFPB that originally challenged the order.

The initial order was issued by the CFPB under the former CFPB Director, Rohit Chopra. It represented the agency’s broader effort in exerting pressure on larger tech companies by supervising their consumer financial activities. Such efforts were a priority of the Biden Administration, especially in regulating non-bank financial institutions such as digital wallets and payment application such as Venmo and Zelle.

However, the Trump administration has taken a different stance on such regulation efforts. Since President Trump took office in January, the CFPB has dropped numerous cases against payment application companies and other financial companies. In February, the agency dropped a lawsuit against Rocket Homes that alleged the company of offering kickbacks to brokers who referred customers to Rocket Mortgage. In March, the agency dropped a lawsuit against Zelle, Wells Fargo, and other major banks that alleged the companies of failing to protect consumers from widespread fraud.

Under the leadership of the now acting Director of the CFPB, Russell Vought, the CFPB retracted the Google Payment order on the basis that “extending Bureau supervision to GPC would be an unwarranted use of the Bureau’s powers and resources,” according to the Withdrawal Notice.

The agency continues to display its opposition to payment application regulations and enforcement actions in line with the Trump administration’s agenda. This latest dismissal could lead to additional challenges against regulations aimed at oversight of tech companies.

The post CFPB Ends Oversight of Google Payment Amid Regulatory Shift appeared first on Compliance Chief 360.