Deregulation has become a major regulatory theme, as heralded by President Trump’s Executive Order 14192, “Unleashing Prosperity Through Deregulation” and numerous actions from 2025:
The Securities and Exchange Commission eliminated all 10 regional director roles, and enforcement actions were down 27% from FY2024.
The Food and Drug Administration (FDA), along with the Department of Health and Human Safety, launched a Request for Information to develop further deregulatory plans. In addition, the FDA workforce remains cut by 14% following a 25% reduction at the start of 2025.
What does deregulation really mean?
Deregulation doesn’t mean you can “breathe easier”
Despite the federal government’s overt trend toward deregulation, Hackworth, former SEC Deputy Director of Enforcement and DOJ Associate Deputy Attorney General, has a more nuanced view on what’s occurring in Washington. Today’s regulatory approach may not be the same in the future:
“People might be inclined to believe that they can breathe a little easier. I caution against that. You may still receive an inquiry at any time because the work continues, and this is only one period of time. Who knows what we’re going to be talking about in 18 months, 36 months, or eight years from now?”
Deregulation actually means “regulation by enforcement”
Deregulation, in effect, means increased coordination between regulatory bodies and the implementation of strategies to reduce the investigative workload and focus instead on enforcement. Hackworth cautions organizations not to misread “deregulation” as a sign that agencies are seeking to limit enforcement. They’re only reprioritizing and adjusting their approach.
“Enforcement priorities have not changed: fraud, market manipulation, insider trading… anything that can win back money for the government.”
Agencies are trading active monitoring for reactive, tip-driven prosecution. Regional offices are being consolidated. Joint task forces are being formed to share investigative resources across agencies. The approach has changed; the priorities have not.
Three risks compliance teams may not be tracking closely enough
Whistleblowers
The DOJ’s Corporate White Collar Crime Whistleblower Program expands a model that has driven billions in False Claims Act recoveries in healthcare and life sciences to other heavily regulated industries such as financial services. Whistleblower-led suits front-load the investigative work onto the whistleblower’s own legal team, extending enforcement reach that resource-constrained agencies couldn’t otherwise afford.
“Regulators and law enforcement officials realize they can’t be everywhere at once. But who can see it? Your colleagues.”
In a deregulatory environment, agencies are looking for partners that reduce their investigative burden. For compliance teams, that means the DOJ’s updated Corporate Enforcement Policy offers a real opportunity: organizations that self-disclose early and demonstrate proactive compliance can qualify for declination. Those that don’t disclose, or disclose late, may face steeper penalties as a result.
Third-party vendors
A vendor breach doesn’t need to originate at your firm to become your problem. If a government subpoena targeting one company traces the source to a third-party vendor, that inquiry expands to every other customer of that vendor.
“If it turns out [a threat actor] entered through a third party’s domain, now that subpoena comes to the third party and everybody is on the hook.”
An investigation can reach your organization before a breach is even reported. The degree of control organizations believe they have over third-party relationships may not hold up under scrutiny. Due diligence into a vendor’s security posture, and potential use of fourth-party vendors, becomes even more crucial in this environment.
Geopolitics
The pace of change in the current environment—active conflicts, shifting trade relationships, sanctions volatility—has outrun most traditional regulatory intelligence functions. Hackworth recommends supplementing those functions with non-traditional expertise.
“Your typical experts might not be enough. If I were in a compliance seat right now, I would love to have a former Department of Defense (DoD) official who can help me assess… when are these wars going to end? Based on where they are now, is there a chance they may expand geographically? How does that impact my operations?”
