What won’t change in the 2026 regulatory landscape?
While regulatory turbulence is always a challenge, 2026 may represent an especially notable year given political changes in key international markets. Although compliance programs will need to prepare and adapt to changing winds, the fundamentals of building an effective program remain the same.
This article addresses the major global shifts driving a changing landscape for compliance programs, some factors that are likely to change in 2026, and the fundamental aspects of an effective compliance program that will not change.
Changing landscape
With every new United States administration, there are shifts in priorities, including in corporate and regulatory enforcement. This past year is no exception, there have been several significant policy changes and priority shifts.
For example, in June of 2025, the U.S. Department of Justice (DOJ) announced new guidance regarding enforcement of the Foreign Corrupt Practices Act (FCPA) in response to President Trump’s executive order pausing FCPA enforcement pending the release of this new guidance. The guidance sets out four non-exhaustive areas of focus for FCPA investigations or enforcement actions where bribery negatively impacts U.S. interests:
- Cases involving cartels and transnational criminal organizations (TCOs), even if indirectly or tangentially
- Bribes paid in connection with a bid involving a U.S. company (regardless of whether the bribe-paying company is American)
- Cases involving U.S. national security interests, including corruption in sectors such as defense, intelligence and critical infrastructure
- Alleged misconduct that bears strong indicia of corrupt intent, rather than conduct that involves routine business practices or low-dollar, generally accepted business courtesies
While the new administration is narrowing the focus of FCPA enforcement, it is expanding into areas that were not priorities in the last administration, including trade and customs fraud (including tariff evasion), immigration, diversity, equity and inclusion programs, and the elimination of cartels and TCOs. Other areas of enforcement, such as antitrust, healthcare fraud and sanctions, remain priorities across administrations.
More broadly, DOJ has announced new enforcement policies intended to encourage companies to voluntarily disclose misconduct and cooperate with DOJ investigations. Among the most important policy changes, DOJ simplified and amended its Corporate Enforcement Policy (CEP), a policy that was initially formalized in the first Trump administration, to further encourage self-disclosure of corporate misconduct.
The revisions to the CEP highlight the benefits of self-disclosure, building on incentives established by prior iterations of the CEP, including those revised under prior administrations. Whereas DOJ’s prior policy created a presumption of a declination for companies that voluntarily self-disclose misconduct, fully cooperate and make timely and appropriate remediations, in the absence of aggravating circumstances, the new policy requires a declination in those circumstances.
In addition, during the last administration, DOJ created burdensome requirements to achieve a declination when aggravating circumstances (such as participation by senior executives) were present. In such cases, the company was required to disclose “immediately,” provide “extraordinary” cooperation and remediation, and have had an effective preexisting compliance program at the time of the misconduct. This high standard was difficult to meet, left considerable discretion to prosecutors, and seemed to create a disincentive for companies to voluntarily disclose misconduct. The new policy revisions in June of 2025 eliminated these requirements, and made clear that, in the face of aggravating circumstances, “prosecutors retain the discretion to nonetheless recommend a CEP declination based on weighing the severity of those circumstances and the company’s cooperation and remediation.”
Another notable revision establishes a specific approach for “near miss” voluntary self-disclosures, for example where DOJ was already aware of the misconduct when the company disclosed, but the company otherwise meets the CEP requirements. In such circumstances, the Criminal Division shall resolve through a non-prosecution agreement (NPA), shall not impose a monitor, shall provide a 75% reduction of the fine, and can limit the term of the NPA to less than the standard three years.
DOJ also indicated that it would use independent compliance monitors in fewer cases, and would ensure monitors that are imposed stay within their mandate and cost less. DOJ outlined several examples, including a cap on the monitor’s hourly rates, budgets for all monitor workplans, which the monitor may not exceed without DOJ permission, and at least biannual meetings between DOJ, the monitor, and the company.
For its part, the U.S. Securities and Exchange Commission (SEC) has trumpeted a more traditional approach to enforcement, turning its focus away from novel theories of liability and an acute focus on cryptocurrency, and instead focusing on more traditional violations of the securities laws, including fraud on investors.
Taken together, these policy announcements are likely to create a much more favorable environment for corporations to voluntarily disclose misconduct and to achieve more lenient results based on good corporate behavior.
DOJ and SEC, however, are also continuing to pursue methods of identifying corporate misconduct, thereby emphasizing the “stick” side of the equation in addition to the “carrot.” While the SEC’s whistleblower program has been in place for well over a decade now, DOJ only began a whistleblower pilot program in August of 2024. Yet the new administration seems intent on maintaining it. In fact, DOJ updated the program to make whistleblowers eligible for an award if they report misconduct in four new areas that align with its priorities:
- Procurement and federal program fraud
- Trade, tariff, and customs fraud
- Violations of federal immigration law
- Violations involving sanctions, material support of foreign terrorist organizations, or those that facilitate cartels and TCOs, including money laundering, narcotics, and Controlled Substances Act violations
Top 10 Compliance Trends: Preparing for 2026’s New Rules of Risk
Explore expert predictions for the year ahead in compliance. This NAVEX webinar covers AI regulation, enforcement updates, and emerging global standards shaping the next era of ethics and risk …
Looking ahead to 2026
We should begin to see how DOJ will implement the new version of the CEP, and how companies that have voluntarily disclosed misconduct will be treated. These will all have significant impacts on corporate decision-making in the face of allegations of misconduct.
For example, if DOJ exercises its discretion to award companies CEP declinations even in the face of aggravating circumstances (such as executive-level involvement), and that such determinations are made within a short period of time (e.g., 6-12 months as opposed to 3-4 years), companies will be much more willing to voluntarily self-disclose misconduct when they identify it. We will also begin to see whether coordination and cooperation with foreign governments – something that has been a hallmark of corporate enforcement over the past several administrations – will continue apace or begin to slow. This would have a significant impact on corporate investigations and prosecutions, and in turn on corporations facing regulatory scrutiny.
Fundamental and unchanging aspects of a compliance program
Although there have been significant changes to the enforcement landscape, an effective compliance program remains a critical way to address the changing environment. With the evolving policies and priorities, now would be a good time to conduct a risk assessment to ensure the compliance program is designed to address some of the newer priorities, including risks posed by trade/customs fraud, diversity, equity and inclusion programs, and cartels and TCOs.
As has been the case across administrations, it is also critical to ensure companies have sufficient controls around third-party interactions, including risk-based due diligence and monitoring and auditing of payments and activity. To the extent that a company is exposed to trade/customs fraud or cartel and TCO risks, it is likely third-party relationships are where that risk exists (or at least is the highest).
Finally, although the priorities are shifting, it is also important not to ignore areas that pose risks to a particular company, even if those risks are not priorities of the administration. For example, even though FCPA enforcement appears not to be a high priority for the administration, companies would be wise not to de-emphasize anti-corruption compliance. As an initial matter, the new FCPA guidance suggests that DOJ and SEC will still remain active in this space. Moreover, corruption may violate laws in other countries that do remain active. France, the U.K. and Switzerland have announced a joint task force to investigate and prosecute foreign bribery. Finally, the statute of limitations for FCPA violations are five years for anti-bribery violations and six years for accounting violations, and DOJ has methods of extending the statute of limitations for several years.
2026 prediction
While this past year made clear what the administration’s regulatory and enforcement priorities would be, 2026 should demonstrate how the government intends to carry out those priorities. As DOJ’s and SEC’s policies become clear, enforcers are then able to turn to carrying out the day-to-day job of investigating and prosecuting violations of law that are clear priorities.
This article is part of our 2026 Top 10 Risk & Compliance eBook. Check out the full eBook for more expert predictions for the year ahead.
Top 10 Risk & Compliance Trends for 2026
Stay ahead of AI regulation, cultural pressure, and global governance change with insights that prepare you for what’s next.
