FCPA Enforcement: Where We Are, The 2026 Landscape, & How to Future-Proof

If your compliance team has felt whiplash on Foreign Corrupt Practices Act (FCPA) priorities lately, you’re not imagining it. The current administration publicly reset the government’s posture, first by pausing new FCPA investigations/enforcement and then by issuing new DOJ guidelines that narrow what rises to the top—especially where U.S. interests, national security, and competitiveness are in play.

But here’s the important part: even if enforcement emphasis tightens or loosens from one administration to the next, the core expectations for a credible anti-corruption compliance program don’t disappear—and the companies that treat compliance like a durable operating system (not a political weather vane) are the ones best positioned to survive the next shift.

Let’s break down what’s happening now—and the best practices that keep you covered under future administrations.

The current state of FCPA enforcement under the current administration

1) The enforcement “pause” was real—and it shaped the pipeline

On February 10, 2025, the White House issued an executive action titled Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security. It directed DOJ to pause initiating new FCPA investigations/enforcement for a review period and to develop revised guidance.

Just as important as the headline: multiple reports described internal effects during the review period, including a reduction in the DOJ team focused on foreign bribery matters and a broader shift of resources toward other priorities.

2) DOJ “restarted” enforcement with a narrower set of priorities

On June 9, 2025, DOJ issued formal Guidelines for Investigations and Enforcement of the FCPA. The memo explicitly references the February 2025 executive action and lays out an approach aimed at focusing FCPA matters on categories DOJ views as more directly connected to U.S. national interests.

Public reporting on the memo described DOJ as resuming enforcement but “scaled back,” emphasizing priorities such as harms to U.S. competitiveness, connections to critical infrastructure, and links to cartels or transnational crime.

3) A “focused” approach doesn’t mean “no risk”

Even in a reduced-volume environment, the risk profile for companies doesn’t go away—it changes shape. When enforcement is more selective, the cases that do get chosen tend to be the ones prosecutors view as cleanly provable, serious, and aligned to stated priorities. The practical takeaway is that lower enforcement “noise” can actually increase the signal on egregious fact patterns and on programs that don’t work in real life.

And separate from administration-specific guidance, DOJ’s long-standing lens for judging compliance programs remains highly durable: whether the program is well designed, applied in good faith, and works in practice. That evaluation framework is laid out in DOJ’s Evaluation of Corporate Compliance Programs guidance.

What future administrations tend to change (and what they don’t)

Administration changes often affect where DOJ points its flashlight. They typically do not change the basic expectations that a company can show (1) clear policies and controls, (2) real third-party governance, (3) credible internal reporting and investigations, and (4) measurable remediation.

Those expectations also show up in DOJ’s Corporate Enforcement and Voluntary Self-Disclosure Policy (often abbreviated “CEP”), which describes how DOJ evaluates voluntary self-disclosure, cooperation, remediation, and aggravating factors in corporate criminal matters.

The other “future-proofing” reality: the overall anti-corruption ecosystem is broader than the FCPA alone. For example, Congress enacted the Foreign Extortion Prevention Technical Corrections Act in 2024 (commonly discussed as strengthening/clarifying FEPA), which targets the demand side of bribery (foreign officials soliciting/receiving bribes) in certain circumstances.

Best practices to future-proof your anti-corruption program

Future-proofing isn’t about guessing politics. It’s about building a program that remains defensible no matter how the government’s attention shifts. Here’s what holds up across administrations.

Build your program around “proof,” not paperwork

A future prosecutor (or regulator, auditor, buyer, or board) won’t be persuaded by a beautifully formatted policy binder if the business can route around controls. DOJ’s compliance-program guidance repeatedly emphasizes whether controls are actually implemented, resourced, and tested to detect/prevent similar misconduct.

That means you should be able to answer questions like: Do approvers actually reject problematic requests? Do you test controls and document results? Do you remediate control failures and verify the fix? If the answer is “we think so,” you’re not future-proofed yet.

Treat third parties as your highest-leverage risk surface

Across enforcement cycles, third parties remain one of the most common corruption exposure points: agents, consultants, distributors, customs brokers, freight forwarders, and “local fixers” who live close to government touchpoints.

The future-proof approach is risk-tiered governance: calibrate diligence to the actual risk; require a documented business rationale and a clear scope of work; benchmark compensation; include audit/termination/compliance clauses; and monitor after onboarding instead of treating due diligence as a one-time gate.

Make internal reporting fast, safe, and credible—because incentives are real

DOJ’s Corporate Whistleblower Awards Pilot Program is explicitly designed to encourage reporting of corporate crime by offering potential awards for original information that leads to successful forfeiture.

Whether or not a given tip ends up in DOJ’s hands, the program reinforces a broader truth: if employees don’t trust internal reporting, they will go around it. So the most “administration-proof” design choice you can make is to build internal reporting and triage that employees actually use—paired with visible anti-retaliation enforcement and predictable, timely investigations.

Pre-wire your response playbook to DOJ’s cooperation framework

Most organizations lose the most value in the first 72 hours of a corruption allegation—confusion about ownership, messy preservation, inconsistent messaging, or slow escalation. You can future-proof this by predefining an investigations protocol (legal/HR/compliance roles, data preservation steps, third-party outreach rules, interview order, and escalation thresholds).

This also puts you in a stronger position if voluntary self-disclosure becomes relevant, because DOJ’s CEP is fundamentally about how promptly and credibly you disclose, cooperate, and remediate.

A practical “do this next” plan for Q1 2026

If you want a short, concrete plan that doesn’t depend on who is in power next year, do these five things.

First, refresh your corruption risk assessment using real business inputs: where you sell, who you sell to, which transactions touch government actors, and which third parties operate in high-risk corridors. Document why each risk is rated the way it is, and map each top risk to a control that you can test. DOJ’s evaluation guidance is clear that design and effectiveness both matter.

Second, inventory every third party that can touch government decision-makers or payments, tier them by risk, and make sure contracts and approvals match the tier.

Third, stress-test your hotline and investigations pipeline with a tabletop exercise: take a realistic allegation, run it through intake → triage → preservation → investigation plan → escalation. Time how long it takes to reach a defensible interim conclusion.

Fourth, test internal controls around high-risk payments and expense types (gifts, travel, entertainment, charitable contributions, discounts/rebates, consulting fees, and anything routed through intermediaries). The goal isn’t “no findings”—it’s proof you can detect issues and fix them.

Finally, align board reporting with outcomes, not activity. Trainings completed are fine, but boards care about whether reporting increased, response times improved, third-party populations are under control, and control testing shows fewer repeat failures.

A “2026-ready” checklist you can implement this quarter

1. Update your FCPA risk assessment with a rapid re-score model (so you can pivot if priorities shift again).
2. Inventory all third parties and tier them; fix contracts for audit/termination/certification where missing.
3. Run a whistleblower tabletop: intake → triage → escalation → potential self-report decision inside 30/60/90 days.
4. Test internal controls on high-risk payments and document results + remediation.
5. Refresh training for high-risk roles with scenario-based modules (sales, procurement, logistics, customs, JV management).
6. Board/Audit Committee reporting: add cycle-time metrics and top risk trendlines (not just “number of trainings completed”).

Bottom line

The current administration made FCPA enforcement more explicitly policy-driven—there was a pause, a reissued set of DOJ guidelines, and widespread reporting that the government is prioritizing fewer, higher-impact cases tied to U.S. interests.

But the way you future-proof is surprisingly apolitical: build a program you can prove works, govern third parties with discipline, respond fast to internal allegations, and be ready to remediate and demonstrate improvement. Those are the things that hold up no matter who’s in the White House.

Informational only; not legal advice.