Introduction[1]

Many jurisdictions have passed laws promoting and protecting whistleblower reporting, particularly with respect to potential violations of law by companies and their executives, while certain law enforcement authorities have introduced monetary awards programs to provide incentives to report potential violations of law.[2] These previous efforts to encourage whistleblower reporting generally continued in the past year. In this three-part series, we first discuss the outlook for whistleblower programs in the United States under the new administration. Second, we review initiatives relating to whistleblower reports in other jurisdictions over the past year. Third, we address emerging issues and considerations for companies in relation to whistleblower reports.

Continue Reading Whistleblowing in Focus: Recent Developments, Emerging Issues, and Considerations for Companies

The U.S. Securities and Exchange Commission (“SEC”) Division of Examinations (the “Division”) released its 2026 examination priorities on November 17, 2025 (the “2026 Priorities”). As expected from the new leadership, the 2026 Priorities signal less (but still present) focus on private fund advisers and more focus on retail advisers and emerging technologies such as AI and algorithmic advice. Overall, the extremely high overlap in priorities from prior years is notable, leading our main takeaway from the 2026 Priorities to be whether and how the Division Staff will emphasize public messages such as Risk Alerts and Exam Observations compared to private actions like detailed deficiencies and numerous referrals to the Enforcement Division.

Continue Reading SEC Exam Priorities 2026 Priorities Largely Consistent: Will Approach to Deficiencies and Enforcement Referrals Change?

As of July 8, the U.S. Department of Justice (“DOJ”) is scheduled to begin full enforcement of its Data Security Program (“DSP”) and the recently issued Bulk Data Rule after its 90-day limited enforcement policy expires, ushering in “full compliance” requirements for U.S. companies and individuals.[1] 

Continue Reading Enforcement Countdown: Is DOJ Ready for the Bulk Data Rule “Grace Period” to End?

On June 16, 2025, the Department of Justice’s National Security Division (“NSD”) and the U.S. Attorney’s Office for the Southern District of Texas announced a landmark declination to prosecute private equity firm White Deer Management LLC following its voluntary self-disclosure of sanctions violations committed by an acquired company.[1]  This marks the first application of the safe harbor provisions for voluntary self-disclosure in connection with mergers and acquisitions—a policy put in place during the previous administration—and demonstrates the benefits of NSD’s enforcement policies while highlighting continued enforcement priorities across administrations.

Continue Reading DOJ National Security Division Issues First Declination Under Merger-Related Safe Harbor Provisions

On May 12, 2025, the Criminal Division of the Department of Justice (“DOJ”) announced several policy changes related to its approach to white collar criminal enforcement.  Matthew R. Galeotti, the current head of the Criminal Division, noted that DOJ would be “turning a new page on white-collar and corporate enforcement” and emphasizing the principles of “focus, fairness and efficiency” in its investigations and prosecutions.  As part of this policy roll-out, DOJ issued a new White Collar Enforcement Plan (the “Enforcement Plan”) and key revisions to the Corporate Enforcement and Voluntary Self-Disclosure Policy (“CEP”), Monitor Selection Policy, and Whistleblower Awards Pilot Program.[1] 

Continue Reading DOJ Criminal Division Announces White Collar Enforcement Plan and Revisions to Three Key Policies

On April 11, 2025, the U.S. Department of Justice, National Security Division (“DOJ”) issued a compliance guide (“Compliance Guide”), a set of frequently asked questions (“FAQs”), and a 90-day limited enforcement policy (“Enforcement Policy”) relating to implementation of the Data Security Program, codified at 28 C.F.R. Part 202 (“DSP”).  The DSP is a regulatory program designed to prevent certain countries of concern—China, Cuba, Iran, North Korea, Russia, and Venezuela—and covered persons from having access to Americans’ bulk sensitive personal data and U.S. government-related data.  The DSP largely went into effect on April 8, 2025. 

Continue Reading DOJ Issues Additional Guidance as Data Security Program Enters into Effect; Limits Enforcement for First 90 Days

Earlier this month, the U.S. Department of Commerce (Commerce), Bureau of Industry and Security (BIS) held its annual Update Conference on Export Controls and Policy (the Conference).  During the Conference, key government officials signaled an intent to ramp up enforcement of the Export Administration Regulations (EAR) going forward.  For example, in opening remarks to Conference attendees, U.S. Secretary of Commerce Howard Lutnick said there would be a “dramatic” increase in enforcement by BIS under the Trump administration, including increased fines and penalties for parties that violate the EAR.

Continue Reading U.S. Government Signals Intent to Increase Enforcement of U.S. Export Controls

On March 20, 2025, the United Kingdom’s Serious Fraud Office (“SFO”), France’s Parquet National Financier (“PNF”), and Switzerland’s Office of the Attorney General (“OAG”) signed a founding statement to establish a new International Anti-Corruption Prosecutorial Taskforce.[1]  The new taskforce will include a Leadership Group to exchange insight and strategy, as well as a Working Group focused on strengthening collaboration and cooperation in anti-corruption cases.[2]

Continue Reading New Anti-Corruption Taskforce Announced by Authorities in the UK, France, and Switzerland

As discussed in our last Corporate Transparent Act (CTA) update, the U.S. Treasury Department announced on March 2 that it planned to issue an interim rule excluding U.S. companies and citizens from CTA reporting obligations. The Financial Crimes Enforcement Network (FinCEN) has now done so, limiting the scope of the CTA to non-U.S. parties. This will dramatically reduce the operational burdens and costs of the CTA for registered investment advisers.

Continue Reading FinCEN Eliminates CTA Requirements for All U.S. Companies and U.S. Individuals

On Wednesday evening, the SEC Staff published two new FAQs relating to the presentation of gross and net performance under the Investment Advisers Act Marketing Rule, the sweeping 2022 overhaul of the advertising and endorsement restrictions applicable to registered investment advisers (“RIAs”).  Both FAQs provide significant relief from prior Staff interpretations of the Marketing Rule and will dramatically reduce compliance burdens for RIAs in the areas of performance of individual investments and certain performance “characteristics” of portfolios and investments.  The limited open questions raised by new FAQs pale in comparison to the issues RIAs faced with the prior interpretations.

Continue Reading SEC Staff Reverses Some “Gross/Net” Marketing Rule Guidance