Maintaining Information Preservation and Management Vigilance in an Age of Apparent Reduced Law Enforcement

July 2025 |

Corporate legal departments are busy. They face new privacy regulations, ever-shifting trade policies, developments in artificial intelligence, and an unending stream of breaking news. It is difficult to keep up, and lately, in-house counsel must also monitor potentially significant changes to government enforcement priorities by the second Trump administration in the United States.

Since January 2025, the new administration has set a clear trend away from the enforcement of federal anti-corruption and certain other laws. Yet, this article cautions in-house counsel, notwithstanding any recent pronouncements, not to curtail corporate policies regarding whistleblower protections, document preservation, and other requirements imposed by government enforcers in recent years. Even if further announcements by the new administration say that recent changes in U.S. enforcement policies are permanent, there are substantial reasons for corporate counsel to stay the course – especially with respect to information governance and evidence preservation policies and programs.

Prior Administration

In 2024, key law enforcement agencies, including the United States Department of Justice (“DOJ”), the Securities and Exchange Commission (“SEC”), and the Federal Trade Commission (“FTC”), issued orders, guidance, and policy statements regarding whistleblower protections and corporate document preservation requirements. Many of these polices are still “on the books” and have not been rescinded as part of the trend away from enforcement. For example:

In August 2024, the DOJ Criminal Division announced its Corporate Whistleblower Awards Pilot Program^[1] and a revised Corporate Enforcement and Voluntary Self-Disclosure Policy (“CEP”), which offers guidance to businesses seeking cooperation credit from investigators. Under the revised CEP, a company remains eligible for a presumption of declination if it self-discloses allegations of misconduct received from a whistleblower within 120 days of receiving that whistleblower’s report. Accordingly, improperly handling whistleblower reports could, in certain circumstances, jeopardize a company’s ability to make a timely self-disclosure and qualify for a declination. Under these guidelines, companies in receipt of a whistleblower complaint must treat each whistleblower report as a priority, conduct a prompt investigation, preserve documents related to the report, and act in a timely fashion to determine whether voluntary self-disclosure is warranted. Even if a company concludes that self-disclosure to the U.S. government is not currently warranted, it might still consider whether internal remedial steps should be undertaken for the sake of good corporate governance.
Throughout 2024, the SEC continued bringing enforcement actions against companies that failed to preserve off-channel communications. It obtained more than $390 million in settlements with 26 firms that failed to preserve records in August 2024^[2] and more than $88 million in settlements with 11 firms in September 2024 over similar allegations.^[3] Under the SEC’s Whistleblower Program, individuals who report such recordkeeping failures can receive monetary awards, which are tied to the penalties collected in a successful enforcement action. As former Director of the Enforcement Division, Gurbir Grewal explained, the penalties for recordkeeping violations – and therefore the awards that serve as an incentive for whistleblowers to report – would increase moving forward since companies had been warned to expect “more severe fines and penalties” if they failed to update their recordkeeping policies.^[4] The SEC’s authority to bring future enforcement actions has not been curtailed.
In January 2024, the FTC and DOJ issued combined guidance regarding the preservation obligations for collaboration tools and ephemeral messaging.^[5] As part of that guidance, the FTC and DOJ each updated their respective “standard preservation letters and specifications for all second requests, voluntary access letters, and compulsory legal process, including grand jury subpoenas, to address the increased use of collaboration tools and ephemeral messaging platforms.”^[6] Neither the FTC nor the DOJ has rescinded this guidance, and all indicators suggest that the agencies continue to demand extensive productions in connection with their investigations.
In March 2023^[7] and in September 2024, the DOJ’s Criminal Division announced updates to its Evaluation of Corporate Compliance Programs (“ECCP”). The ECCP helps prosecutors evaluate the effectiveness of a corporation’s compliance program in connection with charging decisions, monetary penalties, and post-resolution compliance obligations.^[8] As revised, the ECCP explains that the evaluation of “the adequacy and effectiveness of the corporation’s compliance program” includes an evaluation of the company’s document preservation policies, focusing on the company’s (a) communication channels, (b) policy environment, and (c) risk management with respect to messaging platforms.^[9] Then-Assistant Attorney General Kenneth A. Polite, Jr. explained that the way a company answers, or fails to answer, questions about its communications policies and whether it was able to preserve and produce communications, “may very well affect the offer it receives to resolve criminal liability.”^[10] For example, in September 2024, then-Principal Deputy Assistant Attorney General Nicole Argentieri explained that the amount of cooperation credit given to a company was “limited because the company failed to preserve and produce certain evidence in a timely manner during early phases of the investigation,” among other reasons.^[11]

Put simply, enforcement officials in the prior administration emphasized promoting corporate cooperation, encouraging whistleblowers, and ensuring that companies preserved documents, including mobile device messages.

What Has Really Changed?

The Trump administration has undoubtedly changed enforcement priorities with respect to certain laws. On February 10, 2025, a new Executive Order explained that future enforcement of the Foreign Corrupt Practices Act would be paused for 180 days, subject to further extensions as deemed appropriate by the Attorney General.^[12] At the SEC, the new administration established a Crypto Task Force, which was tasked with providing “clarity on the application of the federal securities laws to the crypto asset market.”^[13] Shortly thereafter, the SEC moved to drop enforcement actions^[14]and investigations against large cryptocurrency companies.^[15]The Consumer Financial Protection Bureau has also largely shuttered its operations, including dropping a series of lawsuits,^[16] terminating personnel,^[17] and rescinding previously issued guidance.^[18] Likewise, the new administration limited charges that could be brought under the Foreign Agents Registration Act and disbanded the Foreign Influence Task Force, which reduced enforcement efforts related to foreign influence campaigns and lobbying.^[^19]

These changes, and many others, suggest that the law enforcement priorities of the last administration may no longer be in effect, or may be on the chopping block soon. That said, every day brings new surprises. For instance, on July 8, 2025, the Department of Justice announced a partnership with the United States Postal Service to create the Whistleblower Rewards Program.^[20] According to the DOJ’s press release, the program “incentivizes individuals to report postal-related antitrust crimes that undermine the competitive process or market competition across industries.”

Even if the overall trendline of reduced enforcement activity remains steady, the next question is whether the policies that require corporations to protect whistleblowers and preserve their information and insist upon the preservation of ephemeral data, collaboration tools, as well as many other corporate documents, are still in place. While the administration has not specifically focused on those requirements, it has not retracted or walked them back. Accordingly, those policies remain in effect or serve as guidance for: (1) enforcement by this administration; (2) selective enforcement by this administration; (3) enforcement by other domestic or foreign governmental entities; and (4) enforcement by a future administration. Indeed, earlier this year, Senator Grassley introduced the bipartisan AI Whistleblower Protection Act, which is intended to “shield communications of current and former AI employees who make disclosures” either internally or to the federal government.^[21]Moreover, as we show in the last section, even if these polices are “officially” rescinded, staying the course makes sense for the sake of good corporate governance.

First, the administration could simply decide to prioritize law enforcement in the future. Presidential transitions in the United States often begin with a period of uncertainty. For example, the first Trump administration got off to a slow start but eventually adopted a robust law enforcement policy. During the first months, the current administration’s priorities have largely been focused on the Department of Government Efficiency, trade policy, and immigration. If the administration decides to reprioritize regulation in the coming months, companies that decided to de-prioritize compliance programs would need to quickly revert.

Second, if the government chooses, it could bring enforcement actions selectively against certain companies or industries. For example, industries with large overseas manufacturing bases, a company with a history of political contributions, or a retailer that passed tariff costs onto consumers could all become subject to enforcement with little notice. If those instances come to bear, a company that altered its compliance programs would be an easier target.

Third, a company that changes its compliance priorities may face consequences from other enforcement authorities, domestic and foreign, that pursue their own law enforcement programs. For example:

In April 2025, California Attorney General Rob Bonta issued a legal alert reminding businesses operating in California that notwithstanding the federal government’s pause on FCPA enforcement, the bribery of foreign officials would “remain actionable under California’s Unfair Competition Law” and “businesses should continue to ensure that they and their agents do not offer or pay anything of value to foreign officials to obtain or retain business.”^[22]
Likewise, companies should anticipate that foreign governments will beef up their own enforcement efforts. For example, the UK Serious Fraud Office (“SFO”) announced its own guidance on Corporate Co-Operation and Enforcement on April 24, 2025. The SFO’s guidance mirrors many aspects of what was previously issued by U.S. enforcers, including consideration of document preservation as a key factor for receiving cooperation credit.^[23]

Finally, as long as the policies remain in effect, they are subject to enforcement by the current administration as well as successive administrations. Companies that change their compliance programs because of enforcement policies that were not enforced - but not repealed – may find themselves at risk for increased penalties in a new enforcement environment.

Corporate Governance Issues

Separate from any legal obligations, businesses have strong incentives to maintain high ethical standards, carefully manage whistleblowers, and preserve documents when wrongdoing may have occurred. In today’s world, consumer trust is a company’s best asset, effectively serving as its “license” to do business. It is axiomatic that an investigation or enforcement action can disrupt operations, negatively impacting the bottom line. However, at least one study asserts that internal dishonesty harms a company operationally by reducing productivity on its own, even absent any government action.^[24] Another study contends that misconduct within a company has a distributive and almost “contagious” effect on other employees.^[25] Even without the imminent threat of federal enforcement, companies should remain vigilant to safeguard their reputation. In essence, ethical behavior isn’t just the right thing to do – it is likely financially rewarding.

There are several immediate actions that a company may consider to foster ethical behavior.

Companies should foster a culture of compliance. Employees should also be encouraged to speak up (i.e., “if you see something, say something”). Companies should foster a strong compliance culture that reaches both vertically through the organization chart and horizontally across departments.^[26]
In-house counsel should closely monitor employee conduct, attitude, and complaints. Complaints from employees should not be viewed as an inconvenience or a problem for human resources, but rather as a potential signal of larger issues. “Raising concerns internally is often the first way that employees report misconduct or serious potential violations of law.”^[27] Employee complaints are a window into what is going on in the business and sometimes provide visibility that is otherwise difficult for lawyers to obtain. For instance, an increased volume of employee complaints from one organization could indicate problematic conduct with a manager. Similarly, several complaints from individuals working on the same project might lead to an inference that unethical conduct may be occurring.
Counsel should also consider creating or maintaining a structured system for logging and addressing complaints and whistleblower reports. Defensible preservation practices and records retention policies are essential components of a robust system for handling these issues. Such programs are necessary for capturing conduct or responding to warnings regarding behavior that may be harmful to the company and addressing them before they become crises. A company can best serve its vital interests by dealing with incipient issues in a defensible way that allows for success in the future.

Conclusion

Corporations and their counsel should be cautious about deemphasizing compliance programs without clarity on what comes next. Just because the new administration has seemingly reduced enforcement in certain areas does not mean this administration or the next one will not reprioritize enforcement of existing guidance in the future. By maintaining, or even improving on, their document preservation efforts and information governance policies and practices that support compliance programs, companies can not only improve their chances of success if the government comes calling, but they can also maintain high ethical standards and build a reputation of trust with their customers and the public at large.

The views expressed in this article are those of the authors and do not necessarily represent the views of the Firm or any of its clients.

[1] U.S. Dep’t of Just., Department of Justice Corporate Whistleblower Awards Pilot Program, (Aug. 1, 2024), https://www.justice.gov/criminal/media/1362321/dl.

[2] Press Release, SEC, Twenty-Six Firms to Pay More Than $390 Million Combined to Settle SEC’s Charges for Widespread Recordkeeping Failures, (Aug. 14, 2024), available at https://www.sec.gov/newsroom/press-releases/2024-98 (collecting settled orders).

[3] Press Release, SEC, Eleven Firms to Pay More Than $88 Million Combined to Settle SEC’s Charges for Widespread Recordkeeping Failures, (Sept. 24, 2024), available at https://www.sec.gov/newsroom/press-releases/2024-144 (collecting settled orders).

[4] Mengqi Sun, SEC Top Enforcer Says Tougher Penalties Are Working, Wall St. J. (Dec. 29, 2023), https://www.wsj.com/articles/sec-top-enforcer-says-tougher-penalties-are-working-e78a7567.

[5] Press Release, F.T.C., FTC and DOJ Update Guidance That Reinforces Parties’ Preservation Obligations for Collaboration Tools and Ephemeral Messaging, (Jan. 26, 2024), https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-doj-update-guidance-reinforces-parties-preservation-obligations-collaboration-tools-ephemeral; Press Release, U.S. Dep’t of Just. Office of Public Affairs, Justice Department and the FTC Update Guidance that Reinforces Parties’ Preservation Obligations for Collaboration Tools and Ephemeral Messages, (Jan. 26, 2024) https://www.justice.gov/archives/opa/pr/justice-department-and-ftc-update-guidance-reinforces-parties-preservation-obligations.

[6] Id.

[7] U.S. Dep’t of Just., Crim. Div., Evaluation of Corporate Compliance Programs, (Updated Mar. 2023), available at https://www.justice.gov/archives/opa/speech/file/1571911/dl

[8] U.S. Dep’t of Just., Crim. Div., Evaluation of Corporate Compliance Programs, (Updated Sept. 2024), available at https://www.justice.gov/criminal/criminal-fraud/page/file/937501/dl?inline=

[9] Id.

[10] Archives, U.S. Dep’t of Just., Assistant Attorney General Kenneth A. Polite, Jr. Delivers Keynote at the ABA’s 38^th Annual National Institute on White Collar Crime, (Mar. 3, 2023), https://www.justice.gov/archives/opa/speech/assistant-attorney-general-kenneth-polite-jr-delivers-keynote-aba-s-38th-annual-national.

[11] Archives, U.S. Dep’t of Just., Principal Deputy Assistant Attorney General Nicole M. Argentieri Delivers Remarks at the Society of Corporate Compliance and Ethics 23rd Annual Compliance & Ethics Institute, (Sept. 23, 2024), https://www.justice.gov/archives/opa/speech/principal-deputy-assistant-attorney-general-nicole-m-argentieri-delivers-remarks-society

[12] President Donald J. Trump, Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security, (Feb. 10, 2025), https://www.whitehouse.gov/presidential-actions/2025/02/pausing-foreign-corrupt-practices-act-enforcement-to-further-american-economic-and-national-security/

[13] SEC, Crypto Task Force, Communicate with the Crypto Task Force, https://www.sec.gov/about/crypto-task-force (last visited May 23, 2025).

[14] Joint Stipulation and Dismiss, and Releases, SEC v. Coinbase, Inc., et al., No. 1:23-cv-04738 (S.D.N.Y. Feb. 27, 2025), available at https://www.sec.gov/files/litigation/complaints/2025/stipulation-pr2025-47.pdf; Joint Stipulation to Dismiss and Releases, SEC v. Payward, Inc., et al., No. 3:23-cv-6003 (N.D. Ca. Mar. 27, 2025), available at https://www.sec.gov/files/litigation/litreleases/2025/lr-26278-joint-stipulation.pdf

[15] SEC Closes Investigation Into Robinhood Crypto with No Action, Robinhood (Feb. 24, 2025), https://newsroom.aboutrobinhood.com/sec-closes-investigation-into-robinhood-crypto-with-no-action/; see also SEC Closes Crypto.com Investigation with No Action, Crypto.com (Mar. 27, 2025), https://crypto.com/en/company-news/sec-closes-crypto-com-investigation-with-no-action

[16] Stacy Cowley, Consumer Bureau Drops Lawsuit Against Capital One, N.Y. Times, Feb. 27, 2025, available at https://www.nytimes.com/2025/02/27/business/cfpb-capital-one-lawsuit.html; Stacey Cowley, Lawsuit Over Zelle Scams Is Dropped by Consumer Bureau, N.Y. Times, Mar. 4, 2025, available at https://www.nytimes.com/2025/03/04/business/zelle-scams-cfpb-lawsuit.html.

[17] Stacy Cowley, Mass Layoffs Hit Consumer Financial Protection Bureau, N.Y. Times, Apr. 17, 2025, available at https://www.nytimes.com/2025/04/17/us/politics/consumer-financial-protection-bureau-layoffs.html.

[18] Interpretive Rules, Policy Statements, and Advisory Opinions; Withdrawal, 90 Fed. Reg. 20084 (May 12, 2025) (to be codified at 12 C.F.R. Ch. X) available at https://www.govinfo.gov/content/pkg/FR-2025-05-12/pdf/2025-08286.pdf.

[19] Memorandum from the Off. of the Att’y Gen on General Policy Regarding Charging, Plea Negotiations, and Sentencing (Feb. 5, 2025), available at https://www.justice.gov/ag/media/1388541/dl.

[20] https://www.justice.gov/opa/pr/justice-departments-antitrust-division-announces-whistleblower-rewards-program.

[21] News Release, U.S. Senate Committee on the Judiciary, May 15, 2025, https://www.judiciary.senate.gov/press/rep/releases/grassley-introduces-ai-whistleblower-protection-act.

[22] Press Release, Ca. Dep’t of Just., Attorney General Bonta Alerts Businesses: It Remains Illegal to Bribe Foreign-Government Officials, (Apr. 2, 2025), https://oag.ca.gov/news/press-releases/attorney-general-bonta-alerts-businesses-it-remains-illegal-bribe-foreign; see also Legal Advisory, Ca. Dep’t of Just., Alert to Businesses on Violations of the Foreign Corrupt Practices Act, available at https://oag.ca.gov/system/files/attachments/press-docs/FCPA%20Legal%20Alert.pdf.

[23] Serious Fraud Office, SFO External Guidance on Corporate Co-Operation and Enforcement in relation to Corporate Criminal Offending (Apr. 24, 2025), https://www.gov.uk/government/publications/sfo-corporate-guidance/sfo-corporate-guidance.

[24] Petia K. Petrova, Noah J. Goldstein, Robert B. Cialdini, The Hidden Cost of Organizational Dishonesty, MIT Sloan Management Review, 2004, at 45.

[25] Stephen Dimmock & William C. Gerken, Research: How One Bad Employee Can Corrupt a Whole Team, Harv. Bus. Rev. (Mar. 5, 2018), https://hbr.org/2018/03/research-how-one-bad-employee-can-corrupt-a-whole-team.

[26] See Stephen M. Kohn and Sophie Luskin, “The AI Whistleblower Protection Act is Critical for Enhancing Corporate Compliance”, July 10, 2025, https://wp.nyu.edu/compliance_enforcement/2025/07/10/the-ai-whistleblower-protection-act-is-critical-for-enhancing-corporate-compliance/.

[27] Id.