The US Department of Justice (DOJ) has unveiled significant changes to its corporate enforcement policies, signalling a clear pivot in priorities under the second Trump administration. For compliance professionals, the new guidance and direction of travel outlined by the DOJ suggests a renewed focus on self-disclosure and a notable reduction in the use of compliance monitors.
A new enforcement landscape
Matthew Galeotti, the acting head of the DOJ’s Criminal Division, outlined the revised approach during a May 12 speech at the SIFMA AML conference. His central message was clear: excessive and unfocused enforcement efforts hamper innovation and economic efficiency. As such, the department will now refocus its efforts on what Galeotti described as “key threats to America,” including fraud against US citizens, tariff violations, immigration-related offences, and financial crimes linked to sanctions evasion or terrorist financing.
Central to Galeotti’s announcement was a refined philosophy: reward those who do the right thing and reserve prosecution for those who don’t. The new DOJ corporate enforcement plan is grounded in three principles: focus, fairness, and efficiency. Enforcement will now zero in on the most egregious actors and the most serious economic threats, while providing clarity and certainty for businesses seeking to comply.
Galeotti’s message to compliance professionals was direct: “You are on the front lines.” He underscored that most corporations want to play by the rules, and that strong compliance programmes are an essential national security asset. Despite mixed messages from the White House such as the FCPA pause, for those that break the law or look the other way, the DOJ will still act decisively.
This signals a reallocation of DOJ resources away from broad white-collar enforcement and toward politically prioritised areas such as border security and transnational criminal threats.
Streamlined self-disclosure policy: A “clear path to declination”
At the core of the DOJ’s revised corporate enforcement strategy is an updated self-disclosure framework. Under this new policy, companies that:
- Voluntarily self-disclose wrongdoing,
- Fully cooperate with DOJ investigations, and
- Timely and appropriately remediate the misconduct,
will receive a declination. The DOJ will decline to prosecute.
This departs from the previous “presumption of declination” standard, replacing it with a guaranteed path to non-prosecution for companies that meet all three criteria.
Notably, even companies that face aggravating circumstances (such as executive involvement or prior misconduct) may still be eligible for significant benefits:
- At minimum, a non-prosecution agreement (NPA)
- No compliance monitor imposed
- Up to 75% reduction in corporate penalties
- In some cases, a full declination, depending on the severity and response
The DOJ also acknowledged scenarios where whistleblowers disclose misconduct before the company does. Even in these cases, self-disclosing entities can still benefit from the enforcement policy, provided their cooperation and remediation efforts are robust.
Whistleblower tips: New priority areas
The DOJ has reaffirmed its commitment to incentivising whistleblowers under a three-year pilot programme launched in 2023. The initiative offers potentially million-dollar rewards to individuals who provide actionable intelligence on corporate wrongdoing.
Galeotti announced that the DOJ’s whistleblower programme will now focus on tips related to:
- Tariff fraud
- Violations of US immigration law
- Sanctions breaches
- Material support to foreign terrorist organisations
- Facilitation of cartel or transnational organised crime activity
These focus areas are closely aligned with current federal enforcement priorities and reflect a shift in DOJ’s view of what constitutes critical corporate risk. Given the administration’s relabelling of various cartels as terrorist entities and the potential for rapid changes in sanctions against Iran, Russia and Syria, companies must ensure their procedures in these areas are water-tight. Last year OFAC doubled the statute of limitations for sanctions violations, as well as extending the record-keeping requirement. Coupled with the DOJ’s enforcement priorities, sanctions compliance must be one of the highest priority compliance areas.
Fewer corporate monitorships, stricter controls
One of the most significant departures from prior policy is the DOJ’s decision to dramatically scale back the use of corporate monitors. These have come thick and fast since the inauguration of the second Trump administration. Galeotti described the value of monitorships as often being “outweighed by the costs they impose,” a view that echoes longstanding concerns among business leaders. However in cases where a monitor might still be required, the DOJ will consider four key factors:
Nature and seriousness of the conduct, especially if harm to American interests is involved.
Availability of alternative oversight, such as industry regulators.
Effectiveness of the compliance programme at the time of resolution.
Maturity of internal controls and ability to sustain compliance improvements.
Where monitors are deemed necessary, DOJ will impose:
- Strict cost controls, including capped fees
- DOJ approval of all workplans and budgets
- Biannual meetings between the DOJ, the company, and the monitor
This reflects a move toward “right-sized” and proportionate monitorships, rather than blanket impositions.
What’s missing: compliance programme guidance
Perhaps the most notable omission from Galeotti’s announcement was any new guidance on evaluating corporate compliance programmes. While DOJ officials regularly emphasise the importance of compliance teams, the actual mechanics of programme evaluation under the new policy remain vague.
Currently, “timely and appropriate remediation” remains one of the three required prongs for a declination. This includes implementation of an effective compliance programme, based on criteria from the US Sentencing Guidelines. But it remains unclear how the DOJ will assess programme quality if companies are no longer formally entering into criminal resolutions, which traditionally trigger these assessments.
Key questions remain:
- Who within the DOJ will evaluate the compliance programme?
- At what stage in the process will that assessment occur?
- How will resourcing constraints affect the DOJ’s ability to meaningfully review compliance frameworks?
Without clarity, the risk is that companies may focus solely on disclosure and cooperation, while underinvesting in long-term compliance infrastructure, potentially undermining the DOJ’s own goals of deterrence and cultural reform. It remains incumbent on compliance teams to develop rigorous, market-leading compliance programmes that are fit for purpose, not just develop good communications with the DOJ.
Key takeaways for compliance teams
To fully benefit from the DOJ’s revised enforcement policy, organisations must invest in robust internal detection mechanisms, particularly in high risk areas like gifts and hospitality tracking, conflicts of interest disclosures, sanctions compliance and whistleblowing systems. The new framework offers a clear path to declination for companies that self-disclose misconduct early, cooperate, and remediate effectively. But none of those steps are possible without first detecting the issue internally.
This means compliance teams must be equipped with tools that allow them to identify red flags in real time, escalate concerns swiftly, and demonstrate a clear audit trail of internal controls. A gifts and hospitality solution, for example, not only reduces the risk of bribery and corruption but also provides tangible evidence that the company is proactively managing compliance risks. In a regulatory environment that now rewards speed, transparency, and accountability, companies that fail to detect and act on misconduct internally risk losing access to the significant benefits on offer under the DOJ’s new approach.
Self-disclosure is now more valuable than ever: A guaranteed declination is on the table for companies that act quickly and responsibly.
Compliance programmes still matter: Remediation, including compliance improvements, remains a core pillar of the enforcement framework — even if evaluation methods are less clear.
Whistleblowers could shape enforcement: With DOJ prioritising whistleblower tips in sensitive areas, organisations must ensure internal reporting mechanisms are well-publicised, confidential, and trusted.
Fewer monitors, more responsibility: Companies are less likely to be burdened with external oversight, but this means they must build stronger internal capabilities.
Watch for further updates: Galeotti hinted that all declinations will be made public. This may provide new insights into what the DOJ expects from compliance teams in the future.
