by Todd Haugh and Suneal Bedi
Left to right: Todd Haugh and Suneal Bedi (photos courtesy of the authors)
The Trump administration—Trump 2.0, as some are calling it—is moving at unprecedented speeds to remake how government regulates business. In the administration’s first 100 days alone budgets and personnel have been downsized at the IRS, EPA, CFPB, and FTC, among other agencies. Enforcement of the FCPA has been paused, more than a dozen inspector generals have been removed from their posts, and the newly confirmed Attorney General and FBI Director are expected to work in tandem to drastically refocus civil and criminal enforcement.
One law firm alert dryly stated that this “marks a policy change from the approach of the prior administration and is a broader effort than the regulatory reforms of the first Trump administration.” Others have suggested that a “tripwire” has been triggered indicating the country is in “serious trouble.”
Whether one is excited by the Trump 2.0 approach or exacerbated by it, there can be no doubt that the current regulatory environment is uncertain. In fact, that may be the only certainty.
Nowhere is this felt more than in corporate compliance—the heart of governance in most companies and the place where laws, regulations, and rules (even those in flux) have to be operationalized so that employees can best perform their jobs.
In the wake of this uncertainty, companies might intuitively want to cut back on compliance, taking a “wait and see” approach until the administration’s priorities are more settled. After all, for most companies, compliance hinges on decreasing the enforcement risk that stems from regulators. If corporate leaders don’t have a clear sense of where enforcement risk lies, they may be tempted to curtail compliance efforts.
While that intuition is understandable, it would be a mistake.
In a new article titled “Retheorizing Corporate Compliance,” we argue that most corporate leaders such as chief compliance officers and general counsels—and even compliance scholars—view compliance too narrowly. That is, compliance is viewed primary as a way to prevent companies from being sued or fined; thus, compliance’s return on investment is directly tied to legal liability avoidance. Under this framing, compliance is a defensive shield against regulatory enforcement.
It’s true that compliance can benefit companies this way under certain circumstances. An Organizational Sentencing Guidelines-based compliance program that is cognizant of legal risks and faithfully funded and executed does offer companies some assurance that legal liability will be lessened. But that only works when there is a clear set of regulatory rules and norms that companies can understand and assess. Put simply, companies need a stable regulatory environment from which to defend. Trump 2.0 offers no such thing.
This, however, doesn’t mean companies should throw up their hands. Or sit on them.
We argue that in times of uncertainty, compliance expenditures should actually be increased, not curtailed. Why? Because compliance is more than just a shield—it’s a sword too. In addition to offering a defense against legal liability, compliance can also be used offensively, benefiting companies no matter the regulatory landscape.
Using compliance offensively means implementing it strategically so that a company can gain market share from its competitors. Rather than seeing compliance’s ROI as being only about cost savings, corporate leaders need to see it as a way to increase revenue. By investing in compliance efforts like customer privacy, anticorruption, occupational health and safety, and other efforts to increase business integrity, companies can increase their revenue and market position regardless of regulation.
And we don’t mean this in a vague, we’re making the “business case for compliance” way it’s been discussed previously.
Instead, we explore a set of concrete strategies that have been long-appreciated in business scholarship but ignored by most legal scholars: non-market strategies. Non-market strategies are business actions that utilize formal and informal public institutions (e.g., courts, regulators, laws, social norms) to gain strategic advantage. These strategies go beyond simple private business transactions that characterize most of what businesses do; instead, they tap into law, courts, agencies, and broader societal ethical norms.
Take for example a company that creates a leading AI ethics and compliance program. By employing such a program, the company puts itself at the forefront of companies using AI in a way that protects customers, employees, and third-parties. To be sure, this program will help insulate the company from future legal action. If it turns out that a new administration cracks down on irresponsible AI usage, the company will be in a position to protect itself, thereby saving money by avoiding liability. However, if that crackdown never comes, corporate leaders might wonder why so much money was spent avoiding liability that never materialized? And the compliance department will have lost some if its status by overestimating risk. Therefore, it’s often easier for a compliance leader to play it safe in uncertain environments. This embodies the traditional, defensive view of the value of compliance.
But understanding this issue through the lens of a non-market strategy gives the company new incentives to invest in AI compliance. For example, by marketing its commitment to having a robust AI program, the company can make itself more visible in the marketplace and more attractive to customers who care about AI governance. This leads to market share gains compared to competitors, which in turn leads to higher sales, lower costs of capital, larger R&D budgets, etc. This kind of compliance marketing is a classic form of an “additive” non-market strategy, because the company is seeking to add an elevated AI standard to existing business norms.
Such an AI compliance program might also allow the company to push regulators to pass standards in line with the policy. In an uncertain regulatory environment—like companies are facing now—setting a high standard of corporate compliance can send a message to regulators on what ought to be the legal standard. If regulators agree that the company’s standard should set the bar, then the company has already gained a strategic advantage. While competitors are trying to catch up by investing in their own AI programs, our compliance first-mover can allocate funds to other productive business activities. This is a type of “transformative” non-market strategy.
In times of uncertainty, companies often want to pull back until the risks are clear. This has been the pattern in compliance when regulatory and enforcement priorities are in flux. We understand that instinct and its antecedents—a view that compliance is mostly about avoiding legal liability. But that thinking misses strategic opportunities that a non-market strategies approach to compliance offers. By understanding compliance as an offensive tool, not only as a defensive shield, forward thinking companies can vault ahead of their competitors.
That’s good for those companies, the compliance functions in them (and the managers leading them), and ultimately larger society. And it’s a strategy that works no matter what administration is in charge or how fast it’s moving.
Todd Haugh and Suneal Bedi are Associate Professors of Business Law and Ethics at Indiana University’s Kelley School of Business.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).