The Rethink Compliance team noted the Feb 6th announcement by Pam Bondi regarding the DOJ’s plan to scale back enforcement priorities related to white-collar misconduct, including under the FCPA and FARA.

This got us thinking about why compliance programs matter. What purpose do they serve? Do strong compliance programs have their own fundamental value in today’s business environment? If so, what is the positive case for compliance beyond enforcement risk? 

First, let’s address the enforcement question. Regardless of enforcement priorities in 2025, these laws still exist. Further, U.S. regulators aren’t the only players shaping corporate conduct. The past two decades have seen countries worldwide adopt and vigorously enforce standards around anti-corruption, market fairness, privacy, and corporate behavior, to name just a few. Companies operating internationally face oversight from multiple jurisdictions, each with its own standards and expectations. History shows us that when the U.S. steps back, other countries sometimes lean forward to fill the gap.

But there’s a more compelling reason why scaling back compliance programs would be shortsighted. Yes, compliance is and remains a shield against enforcement actions. But like the early compliance training mindset that prioritized an audit trail over audience impact, this defensive position misses the fundamental purpose of these programs: protecting business value.

After all, not all consequences for business misconduct stem solely from prosecution. Well-known cautionary tales include:

  • Wells Fargo: When an aggressive sales culture led to millions of fake accounts, the $3 billion in regulatory fines were just the beginning. The bank lost customers, saw its stock price plummet, and suffered reputational damage that persists years later. Most critically, it eroded the trust essential to banking relationships, leading to years of decreased new account openings and customer acquisition.
  • Volkswagen: Yes, the emissions scandal resulted in billions in fines, but the market reaction brought other costs. Beyond recalls and legal settlements, VW faced a 25% drop in U.S. sales, billions in lost market value, and permanent damage to its “clean diesel” technology investment. Years of engineering resources were diverted to fixes rather than innovation, while talented employees fled, unwilling to have the scandal on their resumes.
  • Boeing: The Boeing 737 MAX crisis demonstrates how pressure to circumvent safety compliance cascaded through the entire aerospace industry. Beyond $20 billion in direct costs, Boeing faced damaged relationships with the flying public, airlines, and other business partners, a culture of fear that suppressed internal reporting, and an exodus of engineering talent. In an industry where safety trust is paramount, these impacts (along with the perception of continued missteps) continue to affect Boeing’s competitive position.

Even smaller-scale misconduct carries hidden costs. When Zenefits circumvented insurance licensing requirements, it didn't just face regulatory penalties. The scandal:

  • Damaged relationships with insurance carriers
  • Forced a complete leadership change, including CEO resignation and board restructuring
  • Slashed their valuation more than 50% (from $4.5B to $2B), severely affecting their ability to raise capital
  • Led to significant layoffs

As these examples demonstrate, misconduct’s true cost extends far beyond legal penalties to impact talent retention, customer trust, operational efficiency, and competitive position. Strong compliance programs protect these vital business assets by educating employees on their legal and ethical responsibilities. They guide choices by making it clear employees are expected to know and do what is right.

A final point: The laws, regulations, and standards that inform our compliance programs exist because they protect vital business and societal interests.

Without insider trading regulations, public markets would lose the trust essential to their function. Anti-collusion laws prevent price manipulation that harms both consumers and honest competitors. Sexual harassment policies reflect evolved workplace standards that no company can afford to ignore. Even anti-corruption measures protect companies from the operational and reputational risks of employees entering murky waters of influence peddling. 

Put another way: Even if your company was guaranteed to escape prosecution, do you really want your employees navigating a world where payoffs, kickbacks, and inappropriate inducements are suddenly okay?

When speaking with CEOs eyeing compliance budgets, I think we can all agree: Your program doesn’t just defend against enforcement actions – it protects the company’s ability to operate effectively in modern markets. A strong compliance program is akin to like insurance against not just legal risk, but operational, reputational, and strategic risks that can cripple business performance.

What’s more, enforcement priorities are cyclical. Today’s enforcement choices do not guarantee a release from future scrutiny. And building and maintaining a strong compliance infrastructure continues to be far cheaper than reconstructing it under pressure when priorities shift again.

The question isn’t whether your company can afford a strong compliance program. It’s whether you can afford the compounding costs of weak compliance in a world where trust is your most valuable asset.

Note: I collaborated with Claude AI to articulate and challenge my thoughts as well as to rapidly produce a first draft, which I edited and fact-checked.