- Evolving laws and enforcement priorities: The landscape of financial crime laws continues to evolve across multiple jurisdictions. Countries are introducing or amending laws related to bribery, money laundering, fraud, tax evasion, sanctions, and other financial crimes. Multinational companies must navigate the complexities of cross-border investigations and enforcement actions. Regulatory bodies are increasingly cooperating across borders, sharing information, and conducting joint investigations. Be prepared for coordinated enforcement actions and ensure that compliance programs are robust across all relevant jurisdictions. Read more on ensuring compliance programs keep up with new corporate criminal offences.
- Geopolitical forces: Understanding the geopolitical backdrop to new laws and regulation will help when deciding how to conduct an investigation or respond to the authorities. Decisions by the authorities may have a national security context. Deep local knowledge will be crucial in conducting risk assessments and navigating what can often be conflicting requirements. The second Trump administration may bring some significant shifts in U.S. foreign and national security policy. China’s broad view of national security continues to impact business operations of foreign companies operating in China. Read more on navigating conflicting laws driven by national security and geopolitics.
- Whistleblowing: New whistleblowing regulations provide greater protections for whistleblowers and impose complex obligations on companies. With many authorities keen to incentivise external reporting (direct to the authorities) it is even more important now to ensure that the business has effective whistleblowing policies and procedures in place, and that employees are trained on these policies. In addition, in the virtual and digital workplace, a notable trend is the increasing incidence of employees using their personal devices to surreptitiously record whistleblowing conversations, disciplinary meetings, and investigations. A sensible approach would be to assume that all conversations are recorded. Read more about how to ensure whistleblower programs are fit for 2025.
- Environmental, Social, and Governance (ESG): ESG issues are a major focus for regulators and stakeholders. Companies are facing increased scrutiny over their environmental and social impact, with new reporting and disclosure standards being introduced. Ensure that ESG claims and disclosures are accurate and supported by evidence to avoid regulatory, shareholder or activist claims for misleading or deceptive conduct or supply chain issues. Read more about risks associated with tightened ESG reporting requirements, supply chains and illicit labor practices.
- Use of AI and other innovative technologies: Ensure that companies’ AI claims and disclosures are accurate. Authorities are beginning to clamp down on deceptive AI claims and schemes or ‘AI washing’. Compliance programs will be scrutinised to test a company’s ability to assess the impact of new technologies such as AI, and the governance structures in place to manage these risks. Read our comparative assessment of AI regulation and enforcement in the U.S., UK and EU.
- Use of data analytics in compliance programs: Authorities’ expectations in this regard are increasing. Compliance teams should consider whether they use data effectively to: (i) monitor third parties, using real-time data, throughout the lifecycle of the business relationship; (ii) save time and costs; (iii) inform the design, implementation and effectiveness of compliance programs; and (iv) report on concerns or key trends to senior management.
- Internal investigations and legal privilege: The conduct of internal investigations is under intense scrutiny, with increasing rules and guidance aimed at independence, fairness and robustness of internal investigations. There continue to be challenges to privilege claims over documents created during an internal investigation. Carefully structure and document internal investigations to maximise the availability of available privileges. Read more about rules and expectations about internal investigations.
- Cybersecurity: New laws and regulations focusing on cybersecurity and operational resilience are either coming into force or are likely to see enforcement activity for the first time. Management accountability for cyber risk is a notable trend. U.S. authorities are using fraud laws to challenge misleading cybersecurity statements. There are steps that organisations can take now, both to avoid enforcement action and avoid or mitigate the worst effects of business-critical incidents. Read more on cybersecurity and operational resilience.
- Data privacy: Keep abreast of the shifting landscape of data protection rules. Individual liability for data breaches may emerge, and organizations should prioritize revisiting compliance programs, considering regulatory priorities set out by local regulators, and addressing cybersecurity and data governance intersections. Read more about ‘navigating the evolving landscape of data protection. There are also complex data privacy issues that can arise in internal investigations.
- Tax evasion, public procurement fraud and corruption: Governments in many jurisdictions are keen to recoup losses from tax evasion, public procurement fraud and corruption in public office, all of which are very costly for the public purse. Businesses that contract with public authorities should ensure that those representing the business receive financial crime compliance training.
A&O Shearman’s market-leading white-collar defense and global investigations practice takes a holistic, coordinated approach to navigating clients through criminal, regulatory and internal investigations, and can advise on managing all these challenges. Please contact the authors of this article or your normal A&O Shearman contact.
This article is part of the A&O Shearman Cross-border White-Collar Crime and Investigations Review 2025.
