Dramatic changes President-elect Donald Trump seems set to make to DOJ leadership signal potentially major disruptions ahead. While campaign promises of bureaucratic overhaul could reshape enforcement priorities, compliance professionals face immediate decisions about maintaining current standards. Keith Rosen of law firm Norton Rose Fulbright examines how to approach compliance amid deep unpredictability.
A change in presidential administration always brings some measure of uncertainty. A new administration’s approach to regulation in different economic sectors and its allocation of enforcement resources are key variables for C-suite leaders both domestically and internationally. For compliance professionals, uncertainty about the enforcement priorities of a new administration bears directly on the job of assessing the company’s risk profile and ensuring that the compliance function is meeting the moment.
The re-election of President Donald Trump brings with it an even greater degree of uncertainty. The Trump campaign’s focus on fundamental changes to the executive branch in general, and the DOJ in particular, raises legitimate questions about whether the DOJ’s approach to ethics and compliance will change significantly and whether expectations of corporate compliance functions will change in kind.
Many observers are predicting that deregulation will be a central theme in the next Trump administration, particularly in areas like digital assets and cryptocurrency but possibly across the financial sector more broadly. However, weakened oversight in those areas may not translate into wholesale changes in corporate compliance expectations from the DOJ, the SEC or other regulatory enforcement agencies.
What Will Trump 2.0 Mean for Compliance & Ethics?
Corporate compliance, risk and governance teams face a potential sea change as Donald Trump reclaims the White House. From enforcement priorities to ESG programs, major shifts loom for regulated industries. Here's what compliance professionals should watch as the transition unfolds.
Read moreDetailsDramatic changes seem unlikely … maybe
For much of the past two decades, the DOJ has made increasing efforts to press its view of the proper role and importance of compliance functions in corporations here and abroad. While the first Trump Administration and the current Biden Administration have expressed very different views about regulation and the role of government generally, their respective approaches to corporate enforcement and compliance expectations have been more similar than different. That history provides good reason to believe that the approach of the second Trump DOJ toward corporate compliance may not involve a dramatic change in the short term, even if the Trump DOJ takes a radically different approach to other law enforcement programs (such as immigration enforcement).
This is for two principal reasons. To start, a review of the first Trump DOJ shows consistency with the current administration on the importance and function of corporate compliance. To recap, it was in 2019, during the first Trump Administration, that the DOJ issued the consolidated guidance on the evaluation of corporate compliance programs that is still in effect today. The speeches of Trump DOJ officials in 2018-19 repeatedly emphasized that administration’s view on the importance of corporate compliance, the DOJ’s commitment to incentivize and reward companies that implement effective compliance programs and the need to hold individuals accountable for corporate misconduct. While a Trump DOJ may not be as singularly minded on incentivizing rapid self-disclosures as the current administration, it is likely that corporate compliance functions will still need to operate under the current paradigm where early detection, remediation and reporting of ethical misconduct is paramount.
The DOJ’s focus on the effectiveness of a company’s compliance program when determining whether and how to bring a corporate enforcement case was as central then as it has been during the Biden presidency. More generally, these public statements reflected a consistent theme that compliance must be “fully integrated into corporate culture” and “not treated as separate and distinct from other business goals.”
As a number of commentators have noted, the prior Trump Administration placed a significant focus on export controls, sanctions and related national security cases. While there could be a change in focus of priority areas to China and Iran, enforcement in this area should stay active and an emphasis on sanctions and trade compliance should remain a key part of the compliance and risk assessment functions for companies operating across borders.
Second, if the new administration does change priorities on corporate enforcement, it will take some time for those changes to proliferate. New policies would be developed, and it is less likely that changes to corporate enforcement will be at the top of the enforcement priority list, even if the new administration takes a more supportive approach to particular industry sectors. As a result, the recent changes to the DOJ’s “Evaluation of Corporate Compliance Programs” (ECCP) are not likely to be reversed in the short term.
This means that corporate compliance functions will still need to grapple with the DOJ’s recently enacted updates to the ECCP on AI during the transition period. For example, in March, the DOJ announced that prosecutors will assess how companies mitigate the risk of misusing AI and other disruptive technologies. Corporate compliance functions are now expected to analyze how their business functions are using AI and assess whether the company has taken sufficient steps to mitigate the risks associated with that technology. Regular compliance risk assessments need to identify whether the company’s use of AI is consistent with the company’s code of conduct and put monitoring processes in place to test whether the AI technology is functioning as intended. It is unlikely that these expectations will change in the near term.
Similarly, the updated ECCP puts a point of emphasis on whether companies are encouraging employees to speak up and report misconduct or whether the company’s practices are having the opposite effect. In a September speech, the current principal deputy assistant attorney general, Nicole M. Argentieri, cited the current administration’s view that corporate compliance departments play an important role in implementing robust policies that protect employees who report misconduct and train employees on those expectations. In a November speech, the SEC’s acting director of the enforcement division similarly touted that agency’s focus on whistleblower protection. While the current administration may be placing emphasis on speak-up channels and promoting whistleblower protection to a greater degree than the former Trump DOJ, these concepts existed in the prior administration and should continue to be a part of the next Trump DOJ policy on corporate compliance.
… a big maybe
Even with all that history pointing to more or less status quo for compliance, Trump is nothing if not unpredictable. On Nov. 14, it was reported that the president-elect intends to nominate former Rep. Matt Gaetz to be the next attorney general. This indeed calls into question whether the incoming DOJ will look anything like the prior Trump DOJ. Gaetz, in speeches, and the Trump campaign have both made clear that he will prioritize an attack on the so-called “deep state.” This would mean more time and resources in the DOJ would be focused on bureaucratic resistance within government and less time and resources on traditional corporate enforcement and compliance. Whether Gaetz is ultimately confirmed, his nomination suggests that uncertainty over DOJ policy in the second Trump DOJ is more likely to be the rule rather than the exception.
Whether that translates into a new approach to evaluating corporate compliance will take time to become clear. Gaetz has, for example, been relatively pro-legalization of cannabis during his time in Congress. This could result in weakened compliance demands on banks and other financial institutions that serve cannabis businesses that are permitted under state laws. Ultimately, it is likely that the current standards for what constitutes an effective compliance program will continue in the near-term. Even during a transition of marked uncertainty, companies should continue to dedicate resources and technology into their compliance functions and benchmark against the DOJ’s current policy guidance.
Keith Rosen is the head of Norton Rose Fulbright’s U.S. risk advisory practice and a partner in the firm’s office in Washington, D.C. He is an experienced trial and appellate advocate whose practice focuses on white collar criminal defense, internal corporate investigations, Congressional investigations, and Foreign Corrupt Practices Act (FCPA) compliance. He also defends companies and their executives in connection with False Claims Act investigations and litigation. 
