Deregulation has become a major regulatory theme, as heralded by President Trump’s Executive Order 14192, “Unleashing Prosperity Through Deregulation” and numerous actions from 2025:
The Securities and Exchange Commission eliminated all 10 regional director roles, and enforcement actions were down 27% from FY2024.
The Food and Drug Administration (FDA), along with the Department of Health and Human Safety, launched a Request for Information to develop further deregulatory plans. In addition, the FDA workforce remains cut by 14% following a 25% reduction at the start of 2025.
What does deregulation really mean?
Deregulation doesn’t mean you can “breathe easier”
Despite the federal government’s overt trend toward deregulation, Hackworth, former SEC Deputy Director of Enforcement and DOJ Associate Deputy Attorney General, has a more nuanced view on what’s occurring in Washington. Today’s regulatory approach may not be the same in the future:
People might be inclined to believe that they can breathe a little easier. I caution against that. You may still receive an inquiry at any time because the work continues, and this is only one period of time. Who knows what we’re going to be talking about in 18 months, 36 months, or eight years from now?
Deregulation actually means “assessing and reallocating resources”
Deregulation, in effect, means increased coordination within and between regulatory and law enforcement agencies and the implementation of strategies to ensure that enforcement resources align with agency priorities. Hackworth cautions organizations not to misread “deregulation” as a sign that agencies are seeking to limit enforcement, as agencies are still focused on protecting investors and markets from unlawful activity such as fraud and market manipulation. “Deregulation” is better thought of as these agencies reprioritizing and adjusting their approach.
For example, task forces are being formed to share investigative resources within and across agencies. Cooperation programs are being broadened to encourage companies and individuals to self-report misconduct. The approach has changed; the priorities have not.
Three risks compliance teams may not be tracking closely enough
Whistleblowers
The DOJ’s Corporate White Collar Crime Whistleblower Program expands a model that has driven billions in False Claims Act recoveries in healthcare and life sciences to other heavily regulated industries such as financial services. Whistleblower reports and whistleblower-led lawsuits front-load the investigative work onto the whistleblower or their legal team, extending enforcement reach that resource-constrained agencies couldn’t otherwise afford.
Regulators and law enforcement officials realize they can’t be everywhere at once. But who can see it? Your colleagues.
In a deregulatory environment, agencies are looking for partners that reduce their investigative burden. For compliance teams, that means the DOJ’s updated Corporate Enforcement Policy offers a real opportunity: organizations that self-disclose early and demonstrate proactive compliance can qualify for declination. Those that don’t disclose, or disclose late, may face steeper penalties as a result.
Third-party vendors
A breach doesn’t need to originate at your organization to become your problem. If a government subpoena targeting one company traces a problem to a third-party vendor, that inquiry may expand to every other customer of that vendor.
If it turns out [a threat actor] entered through a third party’s domain, now that subpoena comes to the third party and everybody is on the hook.
An investigation can reach your organization before a breach is even reported. The degree of control organizations believe they have over third-party relationships may not hold up under scrutiny. Due diligence into a vendor’s security posture, and potential use of fourth-party vendors, becomes even more crucial in this environment.
Geopolitics
The pace of change in the current environment—active conflicts, shifting trade relationships, sanctions volatility—has outrun most traditional regulatory intelligence functions. Hackworth recommends supplementing those functions with non-traditional expertise.
Your typical experts might not be enough. If I were in a compliance seat right now, I would love to have a former Department of Defense (DoD) official who can help me assess… when are these wars going to end? Based on where they are now, is there a chance they may expand geographically? How does that impact my operations?
