Investigations, Enforcement, & Compliance Alerts

On Tuesday, March 10, 2026, the United States Department of Justice (DOJ or the Department) released its first Department-wide corporate enforcement policy (CEP) for all corporate criminal matters, which aims to promote “uniformity, predictability, and fairness in how [DOJ] pursues white-collar cases.”^[1]

Marking the first comprehensive update in eight years, the SEC’s Division of Enforcement (the Division) released a revised edition of its Enforcement Manual (the 2026 Manual). SEC Chairman Paul Atkins called the update a “long-overdue step,” and Division Director Margaret Ryan said the changes are intended to “ensure greater uniformity” and “reflect the Division’s best practices.” Although the 2026 Manual has many changes from the previous version, some will have a greater impact. In this article, we highlight the most significant revisions and discuss their practical implications.

On February 24, 2026, several media outlets reported that the Trump administration is internally considering requiring banks to collect citizenship information from customers as a condition to opening or maintaining a bank account.

On January 27, 2026, the Trump administration announced what it called “a historic expansion” of the Mexico City Policy, a longstanding U.S. rule restricting foreign aid funding related to abortion. The expansion extends the policy beyond abortion to include activities related to diversity, equity, and inclusion (DEI) and gender‑affirming care. Effective February 26, 2026, the change represents the most significant revision to the policy in its 40‑year history and could substantially reshape the distribution of U.S. foreign assistance worldwide.

In this episode of Cari’s Legal Exchange, Cari speaks with Damien Diggs, who shares practical insights on evolving ICE workplace enforcement, including how employers can prepare for inspections or raids, respond during enforcement actions, and what obligations and best practices apply after an inspection.

The General Services Administration (GSA) recently announced changes to procedural guidance that may affect contractor eligibility for GSA contracts. GSA issued the IT Security Procedural Guide: Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations Process CIO-IT Security-21-112, which set out a cybersecurity framework for protecting CUI that is similar to the Cybersecurity Maturity Model Certification (CMMC) for DoD contracts. 

In a move that would mark a significant departure from longstanding practice separating Department of Justice operations from direct White House control, the White House announced on January 8, 2026, a plan to create and directly supervise a new Department of Justice (DOJ) division for national fraud enforcement. The division would be led by a Senate-confirmed assistant attorney general (AAG). According to Vice President Vance, the new AAG will have “nationwide jurisdiction over the issue of fraud” and will be supervised by President Trump and Vice President Vance, rather than by DOJ leadership.  

On November 7, 2025, the U.S. Department of Defense announced a comprehensive overhaul of its procurement strategy named the “Acquisition Transformation Strategy” (ATS). The ATS envisions a wartime-oriented process that aims to prioritize rapid fielding to get equipment into the hands of warfighters, industrial-base expansion, and tighter coupling of requirements, resourcing, and acquisition execution. The accompanying directives signal a consequential restructuring of U.S. defense acquisition, requirements, and security cooperation processes as the Department aims to disestablish legacy joint requirements governance in favor of an integrated, budget-aligned model that is focused on speed, accountability, and mission outcomes. The new “Warfighting Acquisition System” will replace the existing “Joint Capabilities Integration and Development System,” creating both new opportunities and risks for federal contractors as they navigate shifting compliance expectations and material risk exposures in all aspects of the defense acquisitions process, including budget overruns, timely performance, and exportability of next-generation platforms. 

On October 15, 2025, the United States District Court for the District of Nebraska (the Court) dismissed Pharos Capital Group and its related investment funds (Pharos Capital) from a qui tam or whistleblower suit brought under the antiretaliation provision of the False Claims Act (31 U.S.C. § 3730(h)) (the FCA), against Pharos Capital and Charter Health Care Group (Charter), a portfolio company of Pharos Capital.

On September 10, 2025, the Department of Defense (DoD) published its long-awaited final DFARS rule on the Cybersecurity Maturity Model Certification (CMMC) Program.

DOJ False Claims Act (FCA) settlements related to cybersecurity typically have focused on false representations by a government contractor of its compliance with cybersecurity requirements. A recently announced settlement shows that private equity owners are not immune from potential FCA liability.

The long-anticipated guidance released by the U.S. Department of Justice (DOJ) on June 9, 2025 (the Guidelines) reorients Foreign Corrupt Practices Act (FCPA) enforcement, shifting the DOJ’s focus to more centrally controlled, national-interest-driven anti-corruption misconduct. Below is an overview of the background and salient shifts driven by the Guidelines.

On May 22, 2025, the Supreme Court issued its opinion in Kousisis v. United States, holding that the government need not prove an intent to cause economic loss, let alone actual economic loss, in order to sustain a conviction for wire fraud under 18 U.S.C. § 1343. 

Given the recent changes the Trump Administration has made at the Department of Justice (DOJ),many people have wondered when a formal change to the DOJ’s white-collar prosecution policies, particularly the corporate self-disclosure policy, might come. During remarks at a Financial Crimes Conference on May 12, Matthew Galeotti, the new Head of the DOJ’s Criminal Division, announced some of the changes to the DOJ’s policies, starting with the new commitment to be less “heavy-handed with the stick, and [less] stingy with the carrot.”  

The annual False Claims Act (FCA) recovery statistics issued by the U.S. Department of Justice for Fiscal Year 2024, coupled with the Trump administration’s focus on the elimination of waste, fraud, and abuse in government spending and apparent intentions to rely on the FCA to pursue other administration priorities, signal a likely increase in FCA investigations and actions throughout 2025 and beyond.

On April 15, 2025, President Trump issued two Executive Orders directed at streamlining government procurement.

Cybersecurity requirements for contractors doing business with the U.S. federal government are nothing new. 

On March 14, 2025, in a late Friday decision, a panel of judges from the U.S. Court of Appeals for the Fourth Circuit ruled that, for the time being, the Trump Administration is permitted to enforce Executive Orders (EOs) 14151 (Ending Radical and Wasteful Government DEI Programs and Preferencing) and 14173 (Ending Illegal Discrimination and Restoring Merit-Based Opportunity), which prohibit Diversity, Equity, and Inclusion (DEI) (also referred to as Diversity, Equity, Inclusion, and Accessibility, or DEIA in the EOs) efforts within the federal government and by federal contractors, respectively.

On February 15, 2025, the acting administrator of the United States General Services Administration (GSA), Stephen Ehikian, announced on X (formerly Twitter) that the GSA issued several new deviations from the Federal Acquisition Regulation (FAR) intended to implement key Trump Executive Orders that aim to end illegal discrimination, restore merit-based opportunity, and eliminate the forced use of paper straws in procurement.

On February 5, 2025, U.S. Attorney General Pam Bondi issued two memoranda to all Department of Justice (DOJ) employees outlining the DOJ’s new policies and directives concerning diversity, equity, inclusion, and accessibility (DEI) initiatives. The recent directives come just two weeks after President Trump issued Executive Order 14173 (Ending Illegal Discrimination and Restoring Merit-Based Opportunity) (DEI EO), which reflect the new administration’s broader efforts to curtail DEI policies and initiatives within both the public and private sectors.