Regulation has always been part of the financial landscape, but it can no longer be treated as background noise in the bigger strategic picture. Now, regulation shapes capital flows, influences strategy, and defines what “risk” even means. Markets are reacting as much to quarterly earnings as they are to signals coming out of agencies, enforcement divisions, and policy rhetoric. In the new administration, the centre of gravity has shifted.
That shift was discussed at length at Compliance Connect - FundApps’ annual gathering with industry leaders, clients, and partners - where experts from law firms, institutional asset managers, and hedge funds spoke not just about rules and filings, but about posture, too. How regulators are thinking, how that mindset translates into enforcement, and how firms should read these signals as early warnings.
The conversation wasn’t about memorising compliance obligations. It was about situational awareness. A recognition that enforcement tone, political oversight of agencies, systemic risk narratives, and ESG boundaries are now part of the same strategic conversation. And for those responsible for governance and disclosure, that realisation changes everything.
Enforcement Focus: From technicalities to fraud
The SEC is entering a new chapter under Judge Margaret Ryan, who is steering the Division of Enforcement away from penalising small, technical violations and toward targeting substantive misconduct.
Now, the focus is shifting, with more substantial breaches and misconduct like fraud, manipulation, fiduciary breaches, and misuse of assets becoming the near sole priority moving forward. This is especially visible in the crypto market, where previous enforcement has sometimes been criticised as inconsistent or reactive and the SEC has now walked back from key cases. Going forward, expect investigations to zero in on clear, provable misconduct rather than regulatory grey areas.
For investment managers, this is both a warning and an opportunity. Right now, it means that the era of “broken windows” enforcement, where regulators kept a close eye on technical infractions to emphasise discipline, is ending. Tick-the-box adherence won’t cut it anymore, and the Executive branch is playing a much more direct role in policing markets going forward. Instead, organisations must ensure their disclosures, valuation processes, and fiduciary responsibilities are substantive and defensible. Compliance leaders who recognise this shift and align programmes with substantive protections will be better positioned for scrutiny.
“Enforcement is going to be much more intentional around conduct ... fraud, manipulation, misuse of assets... rather than the small technical violations that used to fall under the ‘broken windows’ approach. In the crypto space, the focus will move away from regulation by enforcement and toward actual fraudulent activity. We’ll also see more attention on fiduciary duty, conflicts of interest, misuse of assets, and valuation issues.”
The 13D/13G shift: Redefining investor influence
Environmental, social, and governance (ESG) investing has become one of the most visible and contentious issues in global markets. Large asset managers face pressure from investors, policymakers, and the public to either engage or disengage with companies on ESG priorities. But the SEC’s recent amendments to Schedules 13D and 13G have complicated the landscape.
Traditionally, passive investors could disclose their holdings without facing the same requirements as active investors. But under the new SEC interpretation, pushing companies to take specific governance or ESG actions could push firms into “active” territory - triggering stricter disclosure requirements.
This forces asset managers to walk a fine line. They must remain transparent and engaged while avoiding the perception that they are directing corporate strategy. Many firms are now reassessing engagement strategies, carefully calibrating shareholder votes and ESG communications to avoid crossing regulatory boundaries.
“Schedules 13D and 13G are supposed to separate passive investors from active ones. But the recent interpretation made clear that context matters. If you propose a company take specific governance or ESG actions, and then use your vote to pressure them, regulators may decide you’re no longer passive. That’s why some large institutions actually paused their engagement meetings - they had to reassess what to tell people internally to avoid running afoul of the new interpretation.”
Regulation may lag, but enforcement won't
Political influence inevitably shapes the regulatory environment, and the Trump administration is no different. Agencies like the SEC and CFTC face pressure to slow or halt sweeping new rules, and attend to new ideas like the proposal to change issuer reporting deadlines from quarterly to every six months. Resource limitations and approval bottlenecks make the process even more sluggish. As a result, firms might assume the regulatory burden is easing.
But enforcement tells a different story. Investigations, especially those with clear visibility and investor protection implications, will continue at full speed. Regulators don’t need sweeping new rules to pursue misconduct.
For compliance teams, this means the risks have not diminished. Firms must resist the temptation to downshift compliance efforts just because new regulations are taking longer to appear. Enforcement activity remains alive and well, and the reputational consequences of being caught off guard remain severe.
“The SEC will take a long time to pass very drastic regulations. They just don’t have the resourcing, and the bureaucracy is heavy right now. But that doesn’t mean enforcement goes away. Quite the opposite: there will be a lot of enforcement investigations, they’ll prioritise them more narrowly, and those cases will keep moving even while rulemaking slows.”
The limits of one-size-fits-all regulation
Earlier this year, SEC chair Paul Atkins claimed that, “non-bank financial institutions don’t pose systemic risk to our markets.” Our panel disagreed.
As non-banking financial institutions grow in scale and influence, they’re being scrutinised by regulators as well. And it's a flawed comparison, too, the brunt of which comes down on compliance teams assessing risk. The reality is that asset managers do not behave like banks, and their risk profiles cannot be explained using bank-centric metrics. Treating them as interchangeable not only leads to inaccurate reporting but can also signal to regulators that a firm has not taken the time to evaluate and articulate its true risk exposure.
Compliance leaders will need to be prepared to go beyond templated responses. That means clearly defining how their business model functions, how risks actually materialise in their operations, and where traditional systemic risk categories fail to apply. Anything less risks being misread, misclassified, or misunderstood by regulators.
“If you try to regulate asset managers the same way you regulate banks, you’re going to get distorted results. It’s a different business model. Banks take risks on their balance sheets; asset managers are working with client assets. When regulators ask for systemic risk data, the responses come back inconsistent because the assumptions across firms are so different - it becomes apples and oranges.”
Future-proofing compliance programmes
Compliance is often seen as reactive - responding to new rules, adapting to enforcement trends, and adjusting to political shifts. But our panel made it clear: in today’s environment, compliance must be designed to endure beyond the immediate regulatory cycle.
Disclosures that are accurate and consistent are critical, not just for the present but for the future. Regulators have a long memory, and what is deemed compliant today may be judged differently down the line, which makes “future-proofing” compliance essential. It’s not enough to satisfy today’s regulators; firms must be ready for tomorrow’s priorities, even if they take a different shape.
“Don’t become lax just because there’s a perception that fewer rules are coming... diligence matters under any administration. Your disclosures need to show what you’re actually doing, not just what looks good on paper. And remember, what you’re doing today can be reviewed in the future when enforcement priorities change. So a robust compliance programme isn’t optional.”
Compliance under the SEC's new outlook
The SEC’s recent actions show that expectations for the industry are changing. Compliance teams are no longer seen as responders who act only once rules are finalised. They are expected to pay attention to the direction politicians and regulators are heading, to understand why certain cases and regulatory agendas are being pursued, and adjust early.
The focus is shifting away from basic checklists and toward behavior, especially around issues like fraud, conflicts of interest, valuation, and ESG influence. This means what a firm says in its disclosures and how it communicates with companies and investors matters more than before, because it shapes how regulators judge intent.
In this kind of environment, compliance cannot just follow procedures after the fact. It needs to operate like a forward-looking function that reads signals, understands risk as it forms, and helps the firm prepare before pressure arrives. Teams that do this will not only avoid problems but will also be better positioned than those who wait for perfect clarity.
