From 2024 to 2025: Key regulatory insights for compliance leaders

The end of the year is a natural time to reflect on key developments and plan for what’s ahead. In that spirit, we’ve rounded up some of 2024’s most notable regulatory compliance highlights and shared a preview of what’s on the horizon for 2025.

2024: A year of regulatory shifts

AI legislation gains momentum

AI regulation picked up around the world in 2024, reflecting the exponential development of the technology itself. The standout development was the EU AI Act, which became law in July. As the most comprehensive legal framework around AI to date, it follows a risk-based approach that will shape organizations’ use of AI in the EU and beyond. The Act entered into force in August, and it will follow a rolling timeline of specific provisions taking effect and related enforcement from 2025 into 2030.

Cybersecurity risks exposed

The CrowdStrike cybersecurity failure in July sent shockwaves through industries, highlighting the risks of overreliance on a single vendor. This incident served as a powerful reminder of the need for robust contingency planning and diversified cybersecurity strategies to maintain operational continuity.

Regulatory pauses create uncertainty

In the US, new regulatory requirements hit a few roadblocks:

• The FinCEN beneficial ownership information (BOI) reporting requirements under the Corporate Transparency Act (CTA) were paused, leaving organizations unsure of when and how to comply. Companies should continue preparing, as these requirements are expected to return.
• The FTC’s proposed ban on noncompete agreements appears unlikely to move forward, but businesses must remain alert to further developments.

SEC cracks down on off-channel communications

The SEC intensified enforcement against off-channel communications—business communications made on personal devices, social media, or unapproved messaging apps. These actions resulted in significant fines, underscoring the importance of implementing and enforcing robust communication policies to ensure compliance with legal recordkeeping requirements. Notably, organizations that self-reported received lower penalties, highlighting the benefits of proactively identifying issues and self-reporting to minimize consequences.

2025: What’s ahead for compliance

Shifting US regulatory priorities

A new presidential administration often brings changes to regulatory enforcement priorities. While specific focuses may shift, history shows enforcement rarely disappears altogether. Noncompliance remains costly, so organizations with strong compliance programs who prioritize ethical practices will be best positioned to adapt and maintain their reputations.

Evolving DEIB and ESG Expectations

Attention to Diversity, Equity, Inclusion, and Belonging (DEIB) and Environmental, Social, and Governance (ESG) initiatives will remain critical on the global stage. International markets, investors, and regulatory bodies will continue to demand measurable commitments. Organizations that proactively align with evolving global ESG standards will not only mitigate risks but also position themselves to meet stakeholder expectations and seize new opportunities.

Operational resilience takes center stage

Global regulators are placing a stronger emphasis on operational resilience:

• In Canada, the Office of the Superintendent of Financial Institutions (OSFI) introduced new resilience standards, with adherence to Section 4 expected by September 2025 and full adherence expected by September 2026.
• In the EU, the Digital Operational Resilience Act (DORA) will come into force in January, enhancing cybersecurity and operational standards for financial entities.

Financial institutions in these regions must act now to meet these new standards, and organizations in other sectors should pay attention to similar trends.

AI regulation expands globally

Following the EU AI Act, other regions are expected to introduce or begin developing their own AI regulatory frameworks in 2025. Companies leveraging AI will need to monitor these developments closely, ensuring compliance while maintaining growth and innovation.

Final thoughts

As we reflect on 2024 and prepare for 2025, it’s clear the regulatory landscape will continue to evolve at a rapid pace. Staying ahead of these changes requires vigilance, adaptability, and a strong commitment to doing the right thing.

We wish you all a wonderful holiday season and a successful, compliance-ready start to the new year!