The 2026 Compliance Landscape (Part 1 of 3)

Half of all FCPA investigations were closed in 2025.

Enforcement got easier, right?

Not quite.

2026 is shaping up to be one of the most complex years for banking and compliance I've seen. Not because the rules got harder. In some places, they got softer. But because they got 𝗱𝗶𝗳𝗳𝗲𝗿𝗲𝗻𝘁. Everywhere. All at once.

Here's what's shifting:

𝟭. 𝗙𝗔𝗧𝗙'𝘀 𝟱𝘁𝗵 𝗥𝗼𝘂𝗻𝗱: 𝗧𝗵𝗲 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗦𝗵𝗶𝗳𝘁

The February 2025 FATF Standards update replaces "commensurate" with "proportionate." This is more than semantics.

Previously, the "commensurate" standard often led to a "zero-failure" mindset — high-friction controls applied broadly to avoid regulatory criticism.

The new standard mandates 𝗽𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆. Controls must fit the 𝘯𝘢𝘵𝘶𝘳𝘦 of the risk, not just the 𝘮𝘢𝘨𝘯𝘪𝘵𝘶𝘥𝘦.

The implication? Applying high-level scrutiny to low-risk clients is no longer "playing it safe." It's now a 𝘁𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗳𝗮𝗶𝗹𝘂𝗿𝗲 — because it wastes resources that should be fighting actual financial crime.

𝗧𝗵𝗲 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗰 𝗢𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝘆:

→ 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝗢𝗻𝗯𝗼𝗮𝗿𝗱𝗶𝗻𝗴 𝗩𝗲𝗹𝗼𝗰𝗶𝘁𝘆: Implement Simplified Due Diligence for low-risk segments to reduce onboarding time and abandonment rates.

→ 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲 𝗥𝗲𝗮𝗹𝗹𝗼𝗰𝗮𝘁𝗶𝗼𝗻: Automate low-risk monitoring, redeploy experienced analysts to complex investigations.

→ 𝗙𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗜𝗻𝗰𝗹𝘂𝘀𝗶𝗼𝗻 𝗮𝘀 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆: The mandate explicitly protects against de-risking. Serve segments previously deemed "too costly to comply" with fit-for-purpose controls.

𝗧𝗵𝗲 𝗥𝗶𝘀𝗸𝘀 𝘁𝗼 𝗠𝗮𝗻𝗮𝗴𝗲:

→ 𝗧𝗵𝗲 𝟯-𝗬𝗲𝗮𝗿 "𝗖𝗹𝗶𝗳𝗳": If your jurisdiction has gaps, only three years to fix them before public escalation.

→ 𝗦𝗲𝗰𝘁𝗼𝗿-𝗦𝗽𝗲𝗰𝗶𝗳𝗶𝗰 𝗦𝗰𝗿𝘂𝘁𝗶𝗻𝘆: DNFBPs (lawyers, accountants, real estate) are now assessed independently. Enhance your third-party risk management!

→ 𝗕𝗲𝗻𝗲𝗳𝗶𝗰𝗶𝗮𝗹 𝗢𝘄𝗻𝗲𝗿𝘀𝗵𝗶𝗽 "𝗔𝗰𝗰𝘂𝗿𝗮𝗰𝘆" 𝗧𝗲𝘀𝘁: Move beyond collecting data to 𝘷𝘦𝘳𝘪𝘧𝘺𝘪𝘯𝘨 it. Systems must detect discrepancies, not just record them.

𝟮. 𝗔𝗻𝘁𝗶-𝗖𝗼𝗿𝗿𝘂𝗽𝘁𝗶𝗼𝗻 𝗘𝗻𝗳𝗼𝗿𝗰𝗲𝗺𝗲𝗻𝘁: 𝗔 𝗙𝗿𝗮𝗴𝗺𝗲𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲

In the United States, the Trump administration paused FCPA enforcement in February 2025, resuming in June with significantly narrowed priorities. The DOJ now focuses on cases directly harming "US national interests." Roughly half of existing investigations were closed.

Meanwhile, the UK is moving in the opposite direction. The "failure to prevent fraud" offence came into force in September 2025, expanding corporate liability for economic crimes.

𝗖𝗹𝗼𝘀𝗲𝗿 𝘁𝗼 𝗛𝗼𝗺𝗲: 𝗠𝗮𝗹𝗮𝘆𝘀𝗶𝗮'𝘀 𝗠𝗔𝗖𝗖 𝗟𝗲𝗮𝗻𝘀 𝗜𝗻

While the US pulls back, Malaysia is demonstrating what aggressive anti-corruption enforcement looks like in APAC.

2025 was a landmark year for the Malaysian Anti-Corruption Commission (MACC):

→ 𝗥𝗠𝟴.𝟰 𝗯𝗶𝗹𝗹𝗶𝗼𝗻 in assets seized, frozen and forfeited as of November 2025

→ 𝟭,𝟭𝟮𝟴 𝗮𝗿𝗿𝗲𝘀𝘁𝘀, 445 charges filed, 189 convictions secured

→ High-profile operations targeting banking (Ops Tiger — 49 bank officers charged), immigration (Ops Rentas — 27 arrests including 18 enforcement officers), and military procurement (Smuggling and Procurement Probe)

→ Former PM Ismail Sabri under investigation — RM169 million in cash and 16kg of gold bars seized and forfeited

The message from MACC Chief Commissioner Tan Sri Azam Baki is clear: "No one is above the law." The agency's 2026 strategy will focus on enforcement, procurement, and grand corruption — with increased use of AI and data analytics to detect patterns and financial flows.

For organisations operating in Malaysia, this isn't theoretical. It's operational.

𝗧𝗵𝗲 𝗕𝗼𝘁𝘁𝗼𝗺 𝗟𝗶𝗻𝗲

The rules haven't disappeared. They've scattered.

And in the gaps between enforcement regimes, corruption finds room to breathe. The question isn't whether your organisation is compliant with one jurisdiction — it's whether your framework is resilient enough to withstand the complexity of all of them.

The 5th Round is intolerant of "tick-box" compliance. It rewards 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗻𝗲𝘀𝘀.

By embracing proportionality, organisations move from a defensive compliance posture to a dynamic one — reducing friction where risk is low, intensifying focus where risk is real.

This isn't just about passing the next evaluation. It's about building compliance frameworks that are both robust AND inclusive. Frameworks that protect the financial system while expanding access to it.

That's the opportunity. The question is whether your organisation is positioned to seize it.

What shifts are you seeing in your jurisdiction?

-----

𝗡𝗲𝘅𝘁: Part 2 - The Liability Revolution: who pays when fraud succeeds, stablecoin regulation, and ESG chaos.

-----

JFourth works at the intersection of compliance, technology, and financial inclusion, helping organisations harness innovation responsibly while protecting the people the financial system is meant to serve.

Get in touch to learn more.