Insights
In February 2025, the Trump administration directed a significant shift in the US Department of Justice’s (DOJ) enforcement priorities by announcing a 180-day suspension of new actions under the Foreign Corrupt Practices Act (FCPA). This unprecedented pause, framed as a move to restore US competitiveness and safeguard national interests, coincided with a broader pivot toward trying to dismantle cartels and transnational criminal organizations (TCOs), the majority of which are prevalent in Latin America and the Caribbean. Despite the DOJ's pause on FCPA enforcement, state attorneys-general (AG) may fill the enforcement void left by federal authorities (for instance, the state of California has indicated it will continue to pursue FCPA matters under state laws). The California Attorney-General's recent legal advisory emphasizes that violations of the FCPA remain actionable under California's Unfair Competition Law (UCL), ensuring that improper payments to foreign officials for business purposes are still illegal and subject to state-level enforcement.
However, while the DOJ may be pulling back, enforcement continues elsewhere. Some countries across Latin America and Europe are stepping up anti-corruption efforts, introducing stricter regulations, and increasing investigative cooperation. This means that multinational companies operating across borders now face a more fragmented yet demanding global compliance landscape.
We examine how companies can adapt their compliance strategies to remain effective in this shifting regulatory environment. This is not a call to scale back compliance efforts, but to reprioritize them. Companies must continue to anticipate enforcement risks, strengthen controls, and build programs that are not only resilient today but future-proof.
President Donald Trump's Executive Order argues that FCPA enforcement had become “overexpansive and unpredictable” allegedly impeding US foreign policy and harming American companies’ global competitiveness. Concurrently, the DOJ refocused its efforts toward other crimes, especially targeting drug cartels and TCOs. In a directive titled “Total Elimination of Cartels and TCOs,” US Attorney-General Pam Bondi ordered that the DOJ’s FCPA Unit prioritize only bribery cases with clear links to cartel or TCO activity.
The US Securities and Exchange Commission (SEC), which enforces the FCPA’s civil provisions, is not directly bound by the DOJ’s pause. The White House’s directives did not explicitly restrict SEC action, and the SEC retains independent authority over corporate books-and-records and internal controls violations. Still, it is anticipated the SEC will slow-roll new FCPA investigations and coordinate with DOJ’s reprioritization, focusing its enforcement on other areas. That said, companies should remember the SEC can still pursue accounting violations stemming from bribery (e.g. false books or inadequate controls), even if the DOJ is less active.
These US shifts are unfolding against a backdrop of intensified anti-corruption efforts globally. The pause in DOJ’s FCPA enforcement is unique, most other jurisdictions continue to ramp up anti-bribery enforcement and expect companies to comply with high standards. Latin America in particular has seen a wave of reforms. Over the past years, countries like Brazil, Argentina, Mexico, Peru, Chile, and Colombia have enacted tougher anti-bribery statutes and corporate liability regimes and have collaborated with US investigators on landmark cases. Latin American prosecutors and regulators also are stepping up. For example, Colombia now requires by law business ethics programs and compliance officers to prevent risks of corruption, money laundering and financing of terrorism. Peru offers huge reductions in penalties to companies with compliance programs, and other countries reward robust compliance programs by mitigating or even exempting corporate penalties. In short, while the US temporarily eases off anti-corruption enforcement, foreign authorities are increasing it.
Therefore, multinational companies should not be complacent about the DOJ's pause on the FCPA. The pause does not decriminalize bribery, the FCPA remains in force and has a statute of limitations of five years from the date of the alleged offense. Any illicit conduct during this window could be prosecuted years later (by a future DOJ or by the SEC or foreign regulators). Moreover, the pause is explicitly temporary, DOJ could resume enforcement with revised (possibly more selective) guidelines.
Meanwhile, the pivot to cartel and TCO crime means companies face new risks of enforcement in those domains. For instance, a company that previously might have been investigated under the FCPA for paying bribes in Latin America could now instead face an investigation for “material support” of a terrorist organization if those payments aided a cartel designated as a Foreign Terrorist Organization (FTO).
That said, a presumptive drop in US prosecutions does not equal a decrease of risk. Companies that respond by relaxing controls would be shortsighted; the smarter approach is to treat this period as an opportunity to reinforce compliance efforts, address lingering red flags, and prepare for the eventual resumption of aggressive enforcement.
In today’s evolving risk landscape, it is critical for companies, especially those operating in Latin America and other high-risk jurisdictions, to implement preventive compliance measures.
Integrity due diligence and comprehensive risk assessments are two outstanding tools to help companies proactively identify who they are dealing with, where their exposures lie, and how to mitigate potential risks before problems arise.
Integrity due diligence involves thoroughly vetting business partners, third-party intermediaries, acquisition targets, and any other affiliates for any integrity-related red flags. This process aims to uncover links to corruption, criminal organizations, sanctioned entities, or other ethical risks that could impact the company. Under the current regulatory landscape, verifying a partner’s actual beneficial owners is essential, including checking for any politically exposed persons among their ranks and investigating any history of bribery, fraud, money laundering, or litigation.
In high-risk regions, like, for example, Mexico, due to the presence of multiple and fragmented cartels, integrity due diligence can explore connections to cartels, their members, terrorist financiers, or organized crime groups. Conducting local intelligence-gathering activities, such as searching local language media and conducting discreet inquiries, may be necessary, as public records in some countries may be limited. For instance, corporate registries might not disclose actual owners in certain parts of Latin America, and adverse news reports can be unreliable. Therefore, leveraging investigative resources and local expertise is often essential to fully understand a third party’s integrity.
In the current context, leading multinational companies are strengthening their due diligence programs. Some of the best practices for adequate due diligence include:
Traditional compliance frameworks are no longer sufficient to manage the rapidly evolving risks. In response to the DOJ’s shift in enforcement focus, particularly toward disrupting money laundering channels and support to designated FTOs, data analytics has become indispensable for corporate compliance.
One area where analytics can be a game-changer is in combating money laundering and terrorist financing, which are often intertwined with corruption and organized crime. Sophisticated criminal networks funnel bribe payments or illicit proceeds through complex transactions, but these often leave digital traces. By employing modern data analysis techniques, companies can spot anomalies indicative of wrongdoing. For example:
Adopting these data-driven approaches significantly enhances the effectiveness and efficiency of compliance. It allows a shift from reactive to proactive oversight, empowering organizations to detect red flags early, reduce regulatory exposure, and maintain operational integrity, even in high-risk jurisdictions. When implemented well, data analytics can act as a force multiplier for compliance teams, enabling them to supervise sprawling global operations with greater confidence. In an era where illicit transactions can be complex and transnational, and there is increased global scrutiny, data-driven compliance isn’t optional, it’s a strategic necessity.
To address these evolving risks and enforcement changes, companies should fortify their internal controls and compliance infrastructure. Below is a checklist of key corporate controls to enhance their capabilities, along with notes on effective implementation:
Each of these control enhancements should be implemented with tangible commitment and oversight. It’s not enough to have a paper checklist – effective implementation is key. Companies may consider engaging external experts or auditors to test their controls’ effectiveness periodically. An external compliance review can provide assurance that the checklist measures aren’t just in theory but are working in practice. By systematically enhancing these corporate controls, companies create a robust shield against both current and future risks.
The final piece of the puzzle is ensuring that a company’s risk management and compliance strategy is built to last, resilient against the flow of political leadership and enforcement priorities. History shows that DOJ and SEC focus areas can shift with each administration. Today it’s cartels; tomorrow it could swing back to corporate fraud or sanctions or a new threat altogether. To navigate this uncertainty, companies should adopt a long-term, principles-based approach to compliance that doesn’t rely solely on the priorities of the moment.
First and foremost, continue investing in compliance as a long-term asset. Companies that maintained strong compliance programs through past lax enforcement periods have consistently fared better when crackdowns resume. Conversely, if a company were to disband parts of its compliance program during the FCPA pause, it would find itself scrambling (and exposed) later. A long-term view accepts that enforcement is cyclical, and the cost of rebuilding compliance (or the legal fallout of compliance failures) far outweighs the cost of maintaining it steadily.
On the other hand, develop a holistic risk management strategy that encompasses not just anti-bribery, but adjacent risk areas like sanctions, AML, fraud, and human rights. This integrated approach is increasingly necessary, for example, a bribe may trigger accounting fraud (books and records violations) and money laundering issues simultaneously. If your program covers all these bases, it will remain robust no matter which law enforcers decide to target. The current US focus on TCOs illustrates this, a company might avoid FCPA trouble but still get hit for sanctions or AML violations if it isn’t monitoring those risks. A unified compliance framework breaks down silos and allows the company to respond cohesively to any form of misconduct. Many leading companies are moving in this direction, aligning their anti-corruption, AML, and even Environmental, Social, and Governance (ESG) efforts under a common risk governance model. This also future proofs the organization for emerging regulatory trends.
Another key strategy is staying informed and agile regarding legal developments worldwide. Companies should actively monitor not only US policy changes but also enforcement news and legislative reforms in the countries where they operate. As we see, Latin America is strengthening its own enforcement and compliance expectations. Europe, Asia, and Africa likewise have evolving anti-corruption regimes. By keeping a finger on the pulse of these changes, a company can anticipate shifts. An agile compliance function will update policies and training quickly in response to new laws or risks.
It is crucial to embed a strong ethical culture and internal accountability that transcends specific laws. A workforce that is committed to integrity because it’s the right thing to do, not just out of fear of enforcement – will carry that ethos through regardless of external changes. If employees see that the company truly cares about ethical conduct in good times and bad, they will be less likely to cut corners even if they perceive enforcement is lax. Culture is often cited by enforcement agencies when deciding whether to bring charges or give credit. A demonstrably strong culture can be a company’s best defense.
Finally, consider that effective risk management in uncertain times may benefit from external perspectives. Engaging independent monitors or advisors periodically to review your program can provide assurance that you haven’t developed blind spots. Peer benchmarking within your industry is also useful. For instance, some companies might share strategies on handling increased solicitation for bribes by local officials in the absence of US enforcement. Learning from each other can be invaluable.
While the Trump administration’s enforcement priorities mark a significant shift, they are by no means a signal for multinationals to relax their guard. If anything, the complexity of the current environment (US reprioritization versus global ramp-up) demands a more nuanced and resilient compliance approach. Companies should take a broad, long-term view: doubling down on ethical practices now will keep them on solid footing regardless of whether the next few years bring a continued lull or a resurgence of anti-corruption enforcement. By implementing rigorous preventive measures, leveraging technology, fortifying internal controls, and fostering an enduring culture of compliance, organizations will not only weather the present storm of change but emerge stronger and better prepared for whatever comes next.
The DOJ’s pause on FCPA enforcement and its sharpened focus on cartels and transnational crime mark a critical inflection point for global businesses. As discussed throughout this article, while US enforcement may appear to recede temporarily, the risks associated with corruption, financial crime, and regulatory scrutiny remain high, and in many cases, are shifting jurisdictions rather than disappearing.
In this evolving context, companies must remain proactive and strategic. Strengthening compliance programs, enhancing internal controls, leveraging data analytics, and fostering an enduring culture of ethics are all essential actions. The FCPA pause should not be seen as a relaxation of accountability, but rather as an opportunity to prepare for a likely return to enforcement.
External consultants can help companies stay ahead of regulatory changes and mitigate risk effectively through the following:
The goal is not to retreat; it’s to move forward strategically.
We would like to thank Karyl Van Tassel, Mariano de Alba, Anne Walton, Ken Feinstein, and Carlos Mahecha for their insights and expertise that greatly assisted this research.
Karyl Van Tassel is a Senior Managing Director in J.S. Held's Global Investigations practice. Karyl is based in Houston, Texas and has more than 30 years of experience providing investigative services, including global anti-corruption and bribery, Ponzi schemes, financial statement fraud, and asset misappropriations. She applies her knowledge to assist clients in establishing compliance programs related to fraud, anti-corruption, and export controls, including active/continuous monitoring systems. Karyl is also well established as an expert witness, working with clients to address accounting issues, financial damages, forensic accounting, economic, and valuation challenges they face in a wide variety of litigation matters, including securities, intellectual property, breach of contract, antitrust, lender liability, fraud, and oil and gas matters. Karyl is a certified public accountant in Texas and a Certified Fraud Examiner.
Karyl can be reached at [email protected] or +1 713-504-8778.
Mariano de Alba is a Director in J.S. Held’s Global Investigations practice. Based in J.S. Held’s London office, Mariano is a Venezuelan lawyer who specializes in political risk, international law and foreign affairs. He has more than a decade of experience advising multinational companies, investors, governments, and international organizations on how to operate and deal with issues in Latin America.
Mariano can be reached at [email protected] or +44 7510 645 684.
Anne Walton is a Senior Director providing Anti-Money Laundering services under J.S. Held’s Global Investigations practice. Based in Bingham Farms, Michigan, Anne specializes in building and monitoring anti-money laundering (AML) and sanctions compliance programs. Her prior investigative and risk management experience involved evaluating financial crimes compliance (AML / BSA / OFAC) cyber and physical security policies and programs. Anne’s past clients include financial institutions in APAC, Europe, and the Middle East; Fortune 500 companies; Fintech; banks serving crypto firms; non-governmental organizations; and local, state, and federal government.
Her expertise also includes Know Your Customer (KYC) evaluations and file reviews and testing; due diligence investigations of entities and high-profile and high-net-worth individuals, physical security risk assessments of critical infrastructure, Department of Homeland Security (DHS) cybersecurity tabletop exercises, and training law enforcement and intelligence analysts via the DHS Advanced Analytic Technique Workshop.
Anne can be reached at [email protected] or +1 248 564 2301.
Ken Feinstein is a Senior Managing Director in the Digital Investigations and Discovery service line within the Global Investigations practice at J.S. Held. Based in J.S. Held’s New York City office, Ken specializes in investigative data analytics and provides investigations, regulatory risk and litigation support solutions spanning multiple sectors, including retail and consumer products, life sciences, technology, financial services, industrial products, and government agencies. His clients include law firms and Fortune 500 legal and compliance teams for whom he delivers large scale, complex investigations, regulatory response matters, proactive anti-fraud efforts, and compliance programs. He is a member of the American Institute of Certified Public Accountants and the Association of Certified Fraud Examiners.
Ken can be reached at [email protected] or +1 917 277 7868.
This article examines a more efficient approach to complex investigations, through the use of Generative AI....
This article examines the risks to Fintechs and how to create an AML and sanctions program that complies with regulatory requirements....
This article focuses on three steps to effective due diligence in AML compliance. The strategy is based on years of experience conducting investigations, building teams, and advising global banks through complex, high-pressure situations with regulators. ...