The world of compliance took a surprising turn this February with the Executive Order issued by the President suspending FCPA investigation and enforcement. This was followed in short order by the dismissal, after six years of prosecution, of the two ex-Cognizant Technology executives charged with paying or authorizing the payment of bribes in that case. It now appears that both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA units will be eviscerated and even shut down by the Administration. These significant legal rollbacks have ignited a series of conversations about the very essence and future of the compliance profession. As compliance professionals, many of us are left pondering, where exactly does compliance go from here?
I recently discussed this topic on the Compliance into the Weeds podcast with Matt Kelly, reflecting on his insights from a compliance event held in Boston he wrote about in a blog post in Radical Compliance. Matt highlighted a prevalent unease among compliance officers, underpinned by two primary concerns: the potential redundancy of compliance roles due to relaxed regulatory scrutiny and the impact of advancing technology, particularly AI, on compliance functions.
First, tackle the issue of regulatory rollback. The Trump administration has shown a clear inclination toward scaling back certain regulatory requirements, warranted or not. But there is a critical takeaway. It is not 2010, at the modern beginnings of compliance; it is 2025, and compliance is fundamentally different from what it was 15 years ago. Compliance practices and ethics programs have become deeply integrated into business operations, creating intrinsic value that transcends mere regulatory requirements. These practices have proven essential not only for managing regulatory risk but also for effectively managing broader business risks, operational efficiency, and corporate reputation.
Yet, despite the embedded nature of compliance in modern corporations, there’s a troubling scenario Matt outlined based on a keen observation from Kristy Grant-Hart. Could compliance functions gradually be absorbed by other departments? Could compliance tasks like hotline management drift toward HR, regulatory compliance fall into the hands of the legal department, and privacy compliance become the responsibility of IT security? Unfortunately, this scenario is not entirely implausible. Some short-sighted organizations might indeed take this fragmented route, viewing it as an opportunity to reduce headcount and costs.
Both Matt and I agree this is a dangerous and ultimately costly path. Fragmenting compliance capabilities across departments risks creating silos, precisely what compliance professionals have spent years fighting against. Silos impede effective communication and cloud transparency and hinder the swift, coordinated responses necessary to manage risk in today’s complex business environments. In short, this fragmentation threatens operational integrity, compliance effectiveness, and, ultimately, corporate profitability.
Instead of retrenching, compliance professionals must seize this uncertain moment as an opportunity. This is a time to demonstrate conclusively how compliance adds tangible business value beyond regulatory mandates. Hui Chen beautifully articulated this sentiment in her insightful blog post, urging compliance leaders to elevate their roles proactively. Chen recommends re-evaluating and broadening our compliance messaging, enhancing engagement with leadership, and demonstrating the clear business value compliance delivers to the organization.
Now, when we look at technology, particularly AI, there is palpable excitement and understandable anxiety within our compliance community. AI presents both extraordinary potential and a perceived threat. The crux of the concern is straightforward: could AI replace human compliance professionals?
AI undoubtedly enhances compliance capabilities significantly; it empowers us to manage larger, more complex data sets, swiftly identifies risks, automates repetitive compliance tasks, and enriches our analytical capabilities. But here’s the fundamental truth: AI requires a “human in the loop.” Human oversight, nuanced judgment, ethical considerations, and strategic thinking cannot, and should not, be outsourced entirely to algorithms.
Moreover, AI is not a threat but a tool that amplifies the effectiveness of compliance officers. Compliance professionals should proactively harness AI to enhance third-party risk management, improve whistleblower and speak-up programs, conduct more nuanced behavioral analytics, and streamline compliance training and communication. AI is here to augment, not eliminate, the vital role of the compliance officer.
Short-sighted individuals will always view AI as a cost-cutting opportunity. These individuals might attempt to unravel compliance functions, dispersing responsibilities across various departments supported by AI, thereby undermining the coherent strategic value a centralized compliance function provides.
Our response as compliance professionals should be unequivocal; robust compliance management and risk assessment capabilities are more critical now than ever. Compliance functions must remain centralized and strategic, leveraging technology to enhance rather than dilute their impact. We must clearly demonstrate to senior management how a strong, unified compliance function, bolstered by advanced technologies like AI, not only ensures regulatory compliance but actively strengthens operational resilience, business efficiency, and profitability.
In closing, Matt and I both agree these are indeed challenging and uncertain times for the compliance profession. However, they also represent a profound opportunity for growth and innovation and demonstrate the indispensable value compliance brings to businesses. Compliance professionals must rise to this challenge, proactively shaping the future rather than passively waiting for it to unfold.
As Matt aptly concluded, and I echo wholeheartedly, “I would bet on the durability of the ethics and compliance profession every day of the week.” I would only add that now is unquestionably the moment for compliance to step forward confidently, embracing innovation and clearly demonstrating its value as a strategic partner in business success.
Philip Rohlik is counsel in Debevoise & Plimpton LLP’s Shanghai office. He is a member of the firm’s White Collar & Regulatory Defense and International Dispute Resolution Groups, and his practice focuses on international investigations, securities law, and dispute resolution. He is recognized by “The Legal 500 Asia Pacific—Greater China” (2024-2025) for his anti-corruption and compliance practice and has been described as “very thorough, “hands-on,” and “excellent investigation lawyer.”
Tom Fox is based in West Texas and is a prominent member of the compliance community and one of the most well-known legal practitioners regarding the FCPA. Over the past 15 years, he has been a general counsel and chief compliance officer. He is now an independent consultant, assisting companies with anti-corruption, anti-bribery compliance, and international transaction issues.
Malcolm Nance is based in upstate New York. He is a 20-year veteran of the US Navy, where he was an intelligence officer, cryptographer, and Russian and Arab language specialist. As a master chief, he was responsible for discipline throughout the ranks.
